diff --git a/handlers/csrf.go b/handlers/csrf.go
index 5d94b31..a821fd8 100644
--- a/handlers/csrf.go
+++ b/handlers/csrf.go
@@ -5,9 +5,15 @@ import (
 	"net/http"
 )
 
+const (
+	AccessControlExposeHeaders = "Access-Control-Expose-Headers"
+	XCsrfToken                 = "X-CSRF-Token"
+)
+
 // CSRFToken issues a CSRF token by relying on the CSRFMiddleware
 // to set the token in the response header and cookie on GET requests.
 func CSRFToken(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set(AccessControlExposeHeaders, XCsrfToken)
 	helper.RespondWithJSON(w, http.StatusOK, map[string]string{
 		"message": "CSRF token set",
 	})