diff --git a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
index 264b8fd3..85748d3b 100644
--- a/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
+++ b/src/main/java/org/gaul/s3proxy/CrossOriginResourceSharing.java
@@ -41,6 +41,7 @@ public final class CrossOriginResourceSharing {
     private static final String ALLOW_ANY_ORIGIN = "*";
     private static final String ALLOW_ANY_HEADER = "*";
     private static final String ALLOW_CREDENTIALS = "true";
+    private static final String EXPOSED_HEADERS = "ETag";
 
     private static final Logger logger = LoggerFactory.getLogger(
             CrossOriginResourceSharing.class);
@@ -103,6 +104,10 @@ public CrossOriginResourceSharing(Collection<String> allowedOrigins,
         logger.info("CORS allow credentials: {}", allowCredentials);
     }
 
+    public String getExposedHeaders() {
+        return EXPOSED_HEADERS;
+    }
+
     public String getAllowedMethods() {
         return this.allowedMethodsRaw;
     }
diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index b1ad3d3a..7b76e0e2 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -3012,6 +3012,8 @@ private void addCorsResponseHeader(HttpServletRequest request,
                 corsRules.isOriginAllowed(corsOrigin)) {
             response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN,
                     corsRules.getAllowedOrigin(corsOrigin));
+            response.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS,
+                    corsRules.getExposedHeaders());
             response.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS,
                     corsRules.getAllowedMethods());
             if (corsRules.isAllowCredentials()) {
diff --git a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java
index 62d78720..2ff6297c 100644
--- a/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java
+++ b/src/test/java/org/gaul/s3proxy/CrossOriginResourceSharingAllowAllResponseTest.java
@@ -179,6 +179,9 @@ public void testCorsActual() throws Exception {
         assertThat(response.getFirstHeader(
                 HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS).getValue())
                     .isEqualTo("GET, HEAD, PUT, POST, DELETE");
+        assertThat(response.getFirstHeader(
+                HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).getValue())
+                    .isEqualTo("ETag");
     }
 
     @Test