When using XHR requests, only certain default headers are approved for access. The 'Access-Control-Expose-Headers' cors header allows the XHR requests to read additional headers outside of this default list. It would be helpful to add support for this by adding the entire list of cors headers supplied in the configuration parameter to this response header.

mozilla/pdf.js#3150 (comment)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers