diff --git a/fakestorage/object.go b/fakestorage/object.go
index 6cf298f9e5..32c0b4fc1e 100644
--- a/fakestorage/object.go
+++ b/fakestorage/object.go
@@ -813,6 +813,7 @@ func (s *Server) downloadObject(w http.ResponseWriter, r *http.Request) {
 	for name, value := range obj.Metadata {
 		w.Header().Set("X-Goog-Meta-"+name, value)
 	}
+	w.Header().Set("Access-Control-Allow-Origin", "*")
 
 	if ranged && !satisfiable {
 		status = http.StatusRequestedRangeNotSatisfiable
diff --git a/fakestorage/server.go b/fakestorage/server.go
index cc95fe1383..7700991781 100644
--- a/fakestorage/server.go
+++ b/fakestorage/server.go
@@ -125,7 +125,7 @@ func NewServerWithOptions(options Options) (*Server, error) {
 		return nil, err
 	}
 
-	allowedHeaders := []string{"Content-Type", "Content-Encoding", "Range"}
+	allowedHeaders := []string{"Content-Type", "Content-Encoding", "Range", "Content-Range"}
 	allowedHeaders = append(allowedHeaders, options.AllowedCORSHeaders...)
 
 	cors := handlers.CORS(
@@ -140,6 +140,7 @@ func NewServerWithOptions(options Options) (*Server, error) {
 		handlers.AllowedHeaders(allowedHeaders),
 		handlers.AllowedOrigins([]string{"*"}),
 		handlers.AllowCredentials(),
+		handlers.ExposedHeaders([]string{"Location"}),
 	)
 
 	handler := cors(s.mux)