diff --git a/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsToGatewayResponses.java b/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsToGatewayResponses.java
index f1bac0e9a8a..b82e8642492 100644
--- a/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsToGatewayResponses.java
+++ b/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsToGatewayResponses.java
@@ -109,12 +109,17 @@ private Node updateGatewayResponses(
         }
 
         return gatewayResponses.getMembers().entrySet().stream()
-                .collect(ObjectNode.collect(
-                        Map.Entry::getKey,
-                        entry -> updateGatewayResponse(corsHeaders, entry.getValue().expectObjectNode())));
+                .collect(ObjectNode.collect(Map.Entry::getKey, entry -> {
+                    return updateGatewayResponse(context, trait, corsHeaders, entry.getValue().expectObjectNode());
+                }));
     }
 
-    private ObjectNode updateGatewayResponse(Map<CorsHeader, String> sharedHeaders, ObjectNode gatewayResponse) {
+    private ObjectNode updateGatewayResponse(
+            Context<? extends Trait> context,
+            CorsTrait trait,
+            Map<CorsHeader, String> sharedHeaders,
+            ObjectNode gatewayResponse
+    ) {
         ObjectNode responseParameters = gatewayResponse
                 .getObjectMember(RESPONSE_PARAMETERS_KEY)
                 .orElse(Node.objectNode());
@@ -122,9 +127,12 @@ private ObjectNode updateGatewayResponse(Map<CorsHeader, String> sharedHeaders,
         // Track all CORS headers of the gateway response.
         Map<CorsHeader, String> headers = new TreeMap<>(sharedHeaders);
 
+        // Add the modeled additional headers. These could potentially be added by an
+        // apigateway feature, so they need to be present.
+        Set<String> exposedHeaders = new TreeSet<>(trait.getAdditionalExposedHeaders());
+
         // Find all headers exposed already in the response. These need to be added to the
         // Access-Control-Expose-Headers header if any are found.
-        Set<String> exposedHeaders = new TreeSet<>();
         for (String key : responseParameters.getStringMap().keySet()) {
             if (key.startsWith(HEADER_PREFIX)) {
                 exposedHeaders.add(key.substring(HEADER_PREFIX.length()));
diff --git a/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-model.openapi.json b/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-model.openapi.json
index 7868cfaed73..52b4a9a621d 100644
--- a/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-model.openapi.json
+++ b/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-model.openapi.json
@@ -420,7 +420,8 @@
         "application/json": "{\"message\":$context.error.messageString}"
       },
       "responseParameters": {
-        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'"
+        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'",
+        "gatewayresponse.header.Access-Control-Expose-Headers": "'X-Service-Output-Metadata'"
       }
     },
     "DEFAULT_5XX": {
@@ -428,7 +429,8 @@
         "application/json": "{\"message\":$context.error.messageString}"
       },
       "responseParameters": {
-        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'"
+        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'",
+        "gatewayresponse.header.Access-Control-Expose-Headers": "'X-Service-Output-Metadata'"
       }
     }
   }
diff --git a/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-with-additional-headers.openapi.json b/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-with-additional-headers.openapi.json
index be903e48f57..715a1405e77 100644
--- a/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-with-additional-headers.openapi.json
+++ b/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/cors-with-additional-headers.openapi.json
@@ -420,7 +420,8 @@
         "application/json": "{\"message\":$context.error.messageString}"
       },
       "responseParameters": {
-        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'"
+        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'",
+        "gatewayresponse.header.Access-Control-Expose-Headers": "'X-Service-Output-Metadata'"
       }
     },
     "DEFAULT_5XX": {
@@ -428,7 +429,8 @@
         "application/json": "{\"message\":$context.error.messageString}"
       },
       "responseParameters": {
-        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'"
+        "gatewayresponse.header.Access-Control-Allow-Origin": "'https://www.example.com'",
+        "gatewayresponse.header.Access-Control-Expose-Headers": "'X-Service-Output-Metadata'"
       }
     }
   }