diff --git a/config/http/middleware/handlers/cors.json b/config/http/middleware/handlers/cors.json
index 4f4d90911..25d31d4fa 100644
--- a/config/http/middleware/handlers/cors.json
+++ b/config/http/middleware/handlers/cors.json
@@ -26,7 +26,8 @@
         "Link",
         "Location",
         "Updates-Via",
-        "WAC-Allow"
+        "WAC-Allow",
+        "Www-Authenticate"
       ]
     }
   ]
diff --git a/test/integration/Middleware.test.ts b/test/integration/Middleware.test.ts
index 5e58d7cef..d4a257b0c 100644
--- a/test/integration/Middleware.test.ts
+++ b/test/integration/Middleware.test.ts
@@ -133,6 +133,12 @@ describe('An http server with middleware', (): void => {
     expect(splitCommaSeparated(exposed)).toContain('Updates-Via');
   });
 
+  it('exposes the Www-Authenticate header via CORS.', async(): Promise<void> => {
+    const res = await request(server).get('/').expect(200);
+    const exposed = res.header['access-control-expose-headers'];
+    expect(splitCommaSeparated(exposed)).toContain('Www-Authenticate');
+  });
+
   it('sends incoming requests to the handler.', async(): Promise<void> => {
     const response = request(server).get('/').set('Host', 'test.com');
     expect(response).toBeDefined();