diff --git a/app/webrtc/handler_test.go b/app/webrtc/handler_test.go
index b36dfd6..1d19a08 100644
--- a/app/webrtc/handler_test.go
+++ b/app/webrtc/handler_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/labstack/echo/v4"
 
 	"github.com/datarhei/core/v16/config"
+	corewebrtc "github.com/datarhei/core/v16/core/webrtc"
 )
 
 func newTestSubsystem(t *testing.T) *Subsystem {
@@ -89,3 +90,51 @@ func TestHandler_Unsubscribe_204WhenUnknown(t *testing.T) {
 		t.Fatalf("expected 204, got %d", rec.Code)
 	}
 }
+
+// TestSubsystem_ICEServerURIs_ReturnsConfiguredURIs verifies that
+// ICEServerURIs() surfaces the URIs from the core config — the same
+// values Pion uses when building its PeerConnection. A default-config
+// subsystem must return at least the two bundled STUN servers.
+func TestSubsystem_ICEServerURIs_ReturnsConfiguredURIs(t *testing.T) {
+	sub := newTestSubsystem(t)
+	uris := sub.ICEServerURIs()
+
+	defaultURIs := corewebrtc.DefaultConfig().ICEServers
+	if len(uris) != len(defaultURIs) {
+		t.Fatalf("expected %d ICE server URIs, got %d", len(defaultURIs), len(uris))
+	}
+	for i, want := range defaultURIs {
+		if uris[i] != want {
+			t.Errorf("ICEServerURIs[%d]: want %q, got %q", i, want, uris[i])
+		}
+	}
+}
+
+// TestAddCORS_ExposesLinkHeader verifies that CORS preflight responses
+// include "Link" in Access-Control-Expose-Headers so browsers can read
+// the RFC 9429 §4.3 Link headers returned on the 201 Subscribe response.
+func TestAddCORS_ExposesLinkHeader(t *testing.T) {
+	h := NewHandler(newTestSubsystem(t), 0)
+
+	e := echo.New()
+	req := httptest.NewRequest(http.MethodOptions, "/whep/any", nil)
+	rec := httptest.NewRecorder()
+	c := e.NewContext(req, rec)
+	c.SetParamNames("id")
+	c.SetParamValues("any")
+
+	if err := h.preflight(c); err != nil {
+		t.Fatalf("preflight returned error: %v", err)
+	}
+
+	expose := rec.Header().Get("Access-Control-Expose-Headers")
+	if !strings.Contains(expose, "Link") {
+		t.Errorf("Access-Control-Expose-Headers %q does not contain 'Link'", expose)
+	}
+	if !strings.Contains(expose, "Location") {
+		t.Errorf("Access-Control-Expose-Headers %q does not contain 'Location'", expose)
+	}
+	if !strings.Contains(expose, "ETag") {
+		t.Errorf("Access-Control-Expose-Headers %q does not contain 'ETag'", expose)
+	}
+}