.../Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php    | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php b/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
index cc43936..9e3de7d 100644
--- a/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
+++ b/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
@@ -39,10 +39,17 @@ public function testCrossSiteRequest() {
     $this->setContainerParameter('cors.config', $cors_config);
     $this->rebuildContainer();
 
+
+    // Fire off a request without 'Origin' request header.
+    $this->drupalGet('/test-page');
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
+    $this->assertNull($this->getSession()->getResponseHeader('Access-Control-Allow-Origin'));
+
     // Fire off a request.
     $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
     $this->assertSession()->statusCodeEquals(200);
-    $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
+    $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
     $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
 
     // Fire the same exact request. This time it should be cached.