diff --git a/internal/processing/processors/v2alpha1/test_builders_test.go b/internal/processing/processors/v2alpha1/test_builders_test.go
index 5dde91138..2ccf3e3a0 100644
--- a/internal/processing/processors/v2alpha1/test_builders_test.go
+++ b/internal/processing/processors/v2alpha1/test_builders_test.go
@@ -138,12 +138,23 @@ func newAPIRuleBuilder() *apiRuleBuilder {
 	}
 }
 
+// newAPIRuleBuilderWithDummyData returns an APIRuleBuilder pre-filled with placeholder data:
+//
+// Host: example-host.example.com
+//
+// Gateway: example-namespace/example-gateway
+//
+// Service: example-namespace/example-service:8080
+//
+// Rule: GET /
+//
+// Strategy: NoAuth
 func newAPIRuleBuilderWithDummyData() *apiRuleBuilder {
 	return newAPIRuleBuilder().
-		WithHost("dummy-host.dummy.com").
-		WithGateway("dummy-namespace/dummy-gateway").
-		WithService("dummy-service", "dummy-namespace", 8080).
-		WithRule(*newRuleBuilder().WithMethods(http.MethodGet).NoAuth().Build())
+		WithHost("example-host.example.com").
+		WithGateway("example-namespace/example-gateway").
+		WithService("example-service", "example-namespace", 8080).
+		WithRule(*newRuleBuilder().WithMethods(http.MethodGet).WithPath("/").NoAuth().Build())
 }
 
 type corsPolicyBuilder struct {
diff --git a/internal/processing/processors/v2alpha1/virtual_service_processor.go b/internal/processing/processors/v2alpha1/virtual_service_processor.go
index 635422551..a781e5498 100644
--- a/internal/processing/processors/v2alpha1/virtual_service_processor.go
+++ b/internal/processing/processors/v2alpha1/virtual_service_processor.go
@@ -138,7 +138,8 @@ func (r virtualServiceCreator) Create(api *gatewayv2alpha1.APIRule) (*networking
 
 		headersBuilder := builders.NewHttpRouteHeadersBuilder().
 			// For now, the X-Forwarded-Host header is set to the first host in the APIRule hosts list.
-			// This should be clarified how to resolve in the future.
+			// The status of this header is still under discussion in the following GitHub issue:
+			// https://github.com/kyma-project/api-gateway/issues/1159
 			SetHostHeader(default_domain.GetHostWithDomain(string(*api.Spec.Hosts[0]), r.defaultDomainName))
 
 		if api.Spec.CorsPolicy != nil {
diff --git a/internal/processing/processors/v2alpha1/virtual_service_processor_test.go b/internal/processing/processors/v2alpha1/virtual_service_processor_test.go
index e51174a89..7e55d4543 100644
--- a/internal/processing/processors/v2alpha1/virtual_service_processor_test.go
+++ b/internal/processing/processors/v2alpha1/virtual_service_processor_test.go
@@ -79,28 +79,36 @@ var _ = Describe("CORS", func() {
 				},
 			}, "create"),
 
-		Entry("should set CORS configuration in VirtualService CORSPolicy when CORS configuration is set in APIRule",
+		Entry("should apply all CORSPolicy headers correctly",
 			newAPIRuleBuilderWithDummyData().WithCORSPolicy(
 				newCorsPolicyBuilder().
-					WithAllowOrigins([]map[string]string{{"exact": "dummy.com"}}).
+					WithAllowOrigins([]map[string]string{{"exact": "example.com"}}).
+					WithAllowMethods([]string{"GET", "POST"}).
+					WithAllowHeaders([]string{"header1", "header2"}).
+					WithExposeHeaders([]string{"header3", "header4"}).
+					WithAllowCredentials(true).
+					WithMaxAge(600).
 					Build()).
 				Build(),
-			[]verifier{
-				func(vs *networkingv1beta1.VirtualService) {
-					Expect(vs.Spec.Http[0].CorsPolicy).NotTo(BeNil())
-					Expect(vs.Spec.Http[0].CorsPolicy.AllowOrigins).To(HaveLen(1))
-					Expect(vs.Spec.Http[0].CorsPolicy.AllowOrigins[0]).To(Equal(&istioapiv1beta1.StringMatch{MatchType: &istioapiv1beta1.StringMatch_Exact{Exact: "dummy.com"}}))
-
-					Expect(vs.Spec.Http[0].Headers.Response.Remove).To(ConsistOf([]string{
-						builders.ExposeHeadersName,
-						builders.MaxAgeName,
-						builders.AllowHeadersName,
-						builders.AllowCredentialsName,
-						builders.AllowMethodsName,
-						builders.AllowOriginName,
-					}))
-				},
-			}, "create"),
+			[]verifier{func(vs *networkingv1beta1.VirtualService) {
+				Expect(vs.Spec.Http[0].CorsPolicy).NotTo(BeNil())
+				Expect(vs.Spec.Http[0].CorsPolicy.AllowOrigins).To(HaveLen(1))
+				Expect(vs.Spec.Http[0].CorsPolicy.AllowOrigins[0]).To(Equal(&istioapiv1beta1.StringMatch{MatchType: &istioapiv1beta1.StringMatch_Exact{Exact: "example.com"}}))
+				Expect(vs.Spec.Http[0].CorsPolicy.AllowMethods).To(ConsistOf("GET", "POST"))
+				Expect(vs.Spec.Http[0].CorsPolicy.AllowHeaders).To(ConsistOf("header1", "header2"))
+				Expect(vs.Spec.Http[0].CorsPolicy.ExposeHeaders).To(ConsistOf("header3", "header4"))
+				Expect(vs.Spec.Http[0].CorsPolicy.AllowCredentials.GetValue()).To(BeTrue())
+				Expect(vs.Spec.Http[0].CorsPolicy.MaxAge.Seconds).To(Equal(int64(600)))
+
+				Expect(vs.Spec.Http[0].Headers.Response.Remove).To(ConsistOf([]string{
+					builders.ExposeHeadersName,
+					builders.MaxAgeName,
+					builders.AllowHeadersName,
+					builders.AllowCredentialsName,
+					builders.AllowMethodsName,
+					builders.AllowOriginName,
+				}))
+			}}, "create"),
 	)
 })