One or more headers in the response that you want customers to be able to access from their
applications (for example, from a JavaScript XMLHttpRequest object).

You add one ExposeHeader in the rule for each header.