diff --git a/djangoldp/views.py b/djangoldp/views.py
index 8889220f557fe22240e3e56cd4658a4a2aea0511..16153b9f9fdc35f4ddb80458377e617ce3d895f4 100644
--- a/djangoldp/views.py
+++ b/djangoldp/views.py
@@ -228,7 +228,7 @@ class LDPViewSet(LDPViewSetGenerator):
         response["Access-Control-Allow-Origin"] = request.META.get('HTTP_ORIGIN')
         response["Access-Control-Allow-Methods"] = "GET,POST,PUT,PATCH,DELETE"
         response["Access-Control-Allow-Headers"] = "authorization, Content-Type, if-match, accept"
-        response["Access-Control-Expose-Headers"] = "Location"
+        response["Access-Control-Expose-Headers"] = "Location, User"
         response["Access-Control-Allow-Credentials"] = 'true'
         response["Accept-Post"] = "application/ld+json"
         if response.status_code in [201, 200] and '@id' in response.data: