diff --git a/crates/s3/src/client.rs b/crates/s3/src/client.rs
index 75f0db5..94330f9 100644
--- a/crates/s3/src/client.rs
+++ b/crates/s3/src/client.rs
@@ -3104,6 +3104,50 @@ mod tests {
         ));
     }
 
+    #[tokio::test]
+    async fn get_bucket_cors_missing_configuration_returns_empty_rules() {
+        let response = http::Response::builder()
+            .status(404)
+            .header("x-amz-error-code", "NoSuchCORSConfiguration")
+            .body(SdkBody::from(
+                r#"<?xml version="1.0" encoding="UTF-8"?>
+<Error>
+  <Code>NoSuchCORSConfiguration</Code>
+  <Message>The CORS configuration does not exist</Message>
+</Error>"#,
+            ))
+            .expect("build missing cors response");
+        let (client, _) = test_s3_client(Some(response));
+
+        let rules = client
+            .get_bucket_cors("bucket")
+            .await
+            .expect("missing cors config should be treated as empty");
+
+        assert!(rules.is_empty());
+    }
+
+    #[tokio::test]
+    async fn delete_bucket_cors_missing_configuration_is_successful() {
+        let response = http::Response::builder()
+            .status(404)
+            .header("x-amz-error-code", "NoSuchCORSConfiguration")
+            .body(SdkBody::from(
+                r#"<?xml version="1.0" encoding="UTF-8"?>
+<Error>
+  <Code>NoSuchCORSConfiguration</Code>
+  <Message>The CORS configuration does not exist</Message>
+</Error>"#,
+            ))
+            .expect("build missing cors response");
+        let (client, _) = test_s3_client(Some(response));
+
+        client
+            .delete_bucket_cors("bucket")
+            .await
+            .expect("missing cors config should be treated as successful delete");
+    }
+
     #[tokio::test]
     async fn reqwest_connector_insecure_without_ca_bundle_succeeds() {
         // When insecure is true and no CA bundle is provided, the connector should be created.