diff --git a/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php b/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
new file mode 100644
index 0000000000..c29324a013
--- /dev/null
+++ b/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace Drupal\FunctionalTests\HttpKernel;
+
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests CORS provided by Drupal.
+ *
+ * @see sites/default/default.services.yml
+ * @see \Asm89\Stack\Cors
+ * @see \Asm89\Stack\CorsService
+ *
+ * @group Http
+ */
+class CorsIntegrationTest extends BrowserTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = ['system', 'test_page_test', 'page_cache'];
+
+  public function testCrossSiteRequest() {
+    // Test default parameters.
+    $cors_config = $this->container->getParameter('cors.config');
+    $this->assertSame(FALSE, $cors_config['enabled']);
+    $this->assertSame([], $cors_config['allowedHeaders']);
+    $this->assertSame([], $cors_config['allowedMethods']);
+    $this->assertSame(['*'], $cors_config['allowedOrigins']);
+
+    $this->assertSame(FALSE, $cors_config['exposedHeaders']);
+    $this->assertSame(FALSE, $cors_config['maxAge']);
+    $this->assertSame(FALSE, $cors_config['supportsCredentials']);
+
+    // Enable CORS with the default options.
+    $cors_config['enabled'] = TRUE;
+
+    $this->setContainerParameter('cors.config', $cors_config);
+    $this->rebuildContainer();
+
+    // Fire off a request.
+    $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
+    $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
+
+    // Fire the same exact request. This time it should be cached.
+    $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
+    $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
+
+    // Fire a request for a different origin. Verify the CORS header.
+    $this->drupalGet('/test-page', [], ['Origin' => 'http://example.org']);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
+    $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.org');
+
+    // Configure the CORS stack to allow a specific set of origins.
+    $cors_config['allowedOrigins'] = ['http://example.com'];
+
+    $this->setContainerParameter('cors.config', $cors_config);
+    $this->rebuildContainer();
+
+    // Fire a request from an origin that isn't allowed.
+    /** @var \Symfony\Component\HttpFoundation\Response $response */
+    $this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']);
+    $this->assertSession()->statusCodeEquals(403);
+    $this->assertSession()->pageTextContains('Not allowed.');
+
+    // Specify a valid origin.
+    $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
+    $this->assertSession()->statusCodeEquals(200);
+    $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
+  }
+
+}
diff --git a/core/tests/Drupal/KernelTests/Core/HttpKernel/CorsIntegrationTest.php b/core/tests/Drupal/KernelTests/Core/HttpKernel/CorsIntegrationTest.php
deleted file mode 100644
index e73efa3b74..0000000000
--- a/core/tests/Drupal/KernelTests/Core/HttpKernel/CorsIntegrationTest.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-
-namespace Drupal\KernelTests\Core\HttpKernel;
-
-use Drupal\Core\DependencyInjection\ContainerBuilder;
-use Drupal\Core\DependencyInjection\ServiceModifierInterface;
-use Drupal\KernelTests\KernelTestBase;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-
-/**
- * Tests CORS provided by Drupal.
- *
- * @see sites/default/default.services.yml
- * @see \Asm89\Stack\Cors
- * @see \Asm89\Stack\CorsService
- *
- * @group Http
- */
-class CorsIntegrationTest extends KernelTestBase implements ServiceModifierInterface {
-
-  /**
-   * The cors container configuration.
-   *
-   * @var null|array
-   */
-  protected $corsConfig = NULL;
-
-  /**
-   * {@inheritdoc}
-   */
-  public static $modules = ['system', 'test_page_test'];
-
-  protected function setUp() {
-    parent::setUp();
-
-    $this->installSchema('system', 'router');
-    \Drupal::service('router.builder')->rebuild();
-  }
-
-  public function testCrossSiteRequest() {
-
-    // Test default parameters.
-    $cors_config = $this->container->getParameter('cors.config');
-    $this->assertSame(FALSE, $cors_config['enabled']);
-    $this->assertSame([], $cors_config['allowedHeaders']);
-    $this->assertSame([], $cors_config['allowedMethods']);
-    $this->assertSame(['*'], $cors_config['allowedOrigins']);
-
-    $this->assertSame(FALSE, $cors_config['exposedHeaders']);
-    $this->assertSame(FALSE, $cors_config['maxAge']);
-    $this->assertSame(FALSE, $cors_config['supportsCredentials']);
-
-    // Configure the CORS stack to allow a specific set of origins, but don't
-    // specify an origin header.
-    $request = Request::create('/test-page');
-    $request->headers->set('Origin', '');
-    $cors_config['enabled'] = TRUE;
-    $cors_config['allowedOrigins'] = ['http://example.com'];
-
-    $this->corsConfig = $cors_config;
-    $this->container->get('kernel')->rebuildContainer();
-
-    /** @var \Symfony\Component\HttpFoundation\Response $response */
-    $response = $this->container->get('http_kernel')->handle($request);
-    $this->assertEquals(Response::HTTP_FORBIDDEN, $response->getStatusCode());
-    $this->assertEquals('Not allowed.', $response->getContent());
-
-    // Specify a valid origin.
-    $request->headers->set('Origin', 'http://example.com');
-    $response = $this->container->get('http_kernel')->handle($request);
-    $this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function alter(ContainerBuilder $container) {
-    if (isset($this->corsConfig)) {
-      $container->setParameter('cors.config', $this->corsConfig);
-    }
-  }
-
-}