diff --git a/src/index.ts b/src/index.ts
index 64eab44..307395c 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -25,16 +25,14 @@ export default {
         break;
     }
 
-    if (response.ok) {
-      response.headers.set(
-        "Access-Control-Allow-Origin",
-        corsHeaders["Access-Control-Allow-Origin"],
-      );
-      response.headers.set(
-        "Access-Control-Allow-Methods",
-        corsHeaders["Access-Control-Allow-Methods"],
-      );
-    }
+    response.headers.set(
+      "Access-Control-Allow-Origin",
+      corsHeaders["Access-Control-Allow-Origin"],
+    );
+    response.headers.set(
+      "Access-Control-Allow-Methods",
+      corsHeaders["Access-Control-Allow-Methods"],
+    );
 
     return response;
   },
diff --git a/test/index.test.ts b/test/index.test.ts
index b8c3acf..85e16ed 100644
--- a/test/index.test.ts
+++ b/test/index.test.ts
@@ -4,7 +4,10 @@ import { test, expect } from "vitest";
 test("unknown URL path", async () => {
   const response = await SELF.fetch("https://example.com/unknown", {});
   expect(response.status).toBe(404);
-  expect(Object.fromEntries(response.headers.entries())).toStrictEqual({});
+  expect(Object.fromEntries(response.headers.entries())).toStrictEqual({
+    "access-control-allow-origin": "*",
+    "access-control-allow-methods": "GET,HEAD,POST,OPTIONS",
+  });
 });
 
 test("standard OPTIONS request", async () => {
diff --git a/test/select-zls-version.test.ts b/test/select-zls-version.test.ts
index c07f46c..228435f 100644
--- a/test/select-zls-version.test.ts
+++ b/test/select-zls-version.test.ts
@@ -338,8 +338,6 @@ describe("/v1/zls/select-version", () => {
       error: "method must be 'GET'",
     });
     expect(response.status).toBe(405);
-    expect(response.headers.has("Access-Control-Allow-Origin")).toBe(false);
-    expect(response.headers.has("Access-Control-Allow-Methods")).toBe(false);
   });
 
   test.each<unknown>([null, "", {}, []])(