diff --git a/conformance/tests/cors-allow-credentials-behavior.go b/conformance/tests/httproute-cors-allow-credentials-behavior.go
similarity index 76%
rename from conformance/tests/cors-allow-credentials-behavior.go
rename to conformance/tests/httproute-cors-allow-credentials-behavior.go
index 391b3cee80..c550dc0b7b 100644
--- a/conformance/tests/cors-allow-credentials-behavior.go
+++ b/conformance/tests/httproute-cors-allow-credentials-behavior.go
@@ -28,13 +28,13 @@ import (
 )
 
 func init() {
-	ConformanceTests = append(ConformanceTests, CORSAllowCredentialsBehavior)
+	ConformanceTests = append(ConformanceTests, HTTPRouteCORSAllowCredentialsBehavior)
 }
 
-var CORSAllowCredentialsBehavior = suite.ConformanceTest{
-	ShortName:   "CORSAllowCredentialsBehavior",
-	Description: "Validate ACA-Credentials responses",
-	Manifests:   []string{"tests/cors-allow-credentials-behavior.yaml"},
+var HTTPRouteCORSAllowCredentialsBehavior = suite.ConformanceTest{
+	ShortName:   "HTTPRouteCORSAllowCredentialsBehavior",
+	Description: "An HTTPRoute with CORS includes Access-Control-Allow-Credentials only when configured as 'true', and then only alongside a matching Access-Control-Allow-Origin.",
+	Manifests:   []string{"tests/httproute-cors-allow-credentials-behavior.yaml"},
 	Features: []features.FeatureName{
 		features.SupportGateway,
 		features.SupportHTTPRoute,
@@ -66,6 +66,22 @@ var CORSAllowCredentialsBehavior = suite.ConformanceTest{
 				},
 				Namespace: ns,
 			},
+			{
+				Request: http.Request{
+					Method: "GET",
+					Path:   "/cors-behavior-creds-true",
+					Headers: map[string]string{
+						"Origin":        "http://not-app.example",
+						"Cookie":        "sid=abc123",
+						"Authorization": "Bearer test",
+					},
+				},
+				Response: http.Response{
+					StatusCode:    200,
+					AbsentHeaders: []string{"Access-Control-Allow-Credentials"},
+				},
+				Namespace: ns,
+			},
 			{
 				Request: http.Request{
 					Method: "GET",
diff --git a/conformance/tests/cors-allow-credentials-behavior.yaml b/conformance/tests/httproute-cors-allow-credentials-behavior.yaml
similarity index 86%
rename from conformance/tests/cors-allow-credentials-behavior.yaml
rename to conformance/tests/httproute-cors-allow-credentials-behavior.yaml
index 13992e28f4..e4b5a39008 100644
--- a/conformance/tests/cors-allow-credentials-behavior.yaml
+++ b/conformance/tests/httproute-cors-allow-credentials-behavior.yaml
@@ -16,6 +16,8 @@ spec:
       port: 8080
     filters:
     - cors:
+        allowOrigins:
+        - https://app.example
         allowCredentials: false
       type: CORS
   - matches:
@@ -27,6 +29,8 @@ spec:
       port: 8080
     filters:
     - cors:
+        allowOrigins:
+        - https://app.example
         allowCredentials: true
       type: CORS