diff --git a/api/conf/settings/security.py b/api/conf/settings/security.py
index 657f522edb9..cf78fda3891 100644
--- a/api/conf/settings/security.py
+++ b/api/conf/settings/security.py
@@ -46,7 +46,14 @@
 if middleware not in MIDDLEWARE:
     MIDDLEWARE.insert(0, middleware)
 
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_ALL_ORIGINS = True
+# https://github.com/adamchainz/django-cors-headers?tab=readme-ov-file#cors_expose_headers-sequencestr
+# These headers are required for search response time analytics
+CORS_EXPOSE_HEADERS = [
+    "cf-cache-status",
+    "cf-ray",
+    "date",
+]
 
 # Proxy handling, for production
 if config("IS_PROXIED", default=True, cast=bool):