diff --git a/lib/thin/headers.rb b/lib/thin/headers.rb
index be9b576b..a33f50b2 100644
--- a/lib/thin/headers.rb
+++ b/lib/thin/headers.rb
@@ -4,6 +4,7 @@ module Thin
   class Headers
     HEADER_FORMAT      = "%s: %s\r\n".freeze
     ALLOWED_DUPLICATES = %w(set-cookie set-cookie2 warning www-authenticate).freeze
+    CR_OR_LF           = /[\r\n]/.freeze
     
     def initialize
       @sent = {}
@@ -20,7 +21,7 @@ def []=(key, value)
         value = case value
                 when Time
                   value.httpdate
-                when NilClass
+                when NilClass, CR_OR_LF
                   return
                 else
                   value.to_s
diff --git a/spec/headers_spec.rb b/spec/headers_spec.rb
index 4a112dc2..6c2433d6 100644
--- a/spec/headers_spec.rb
+++ b/spec/headers_spec.rb
@@ -37,4 +37,24 @@
     @headers['Modified-At'] = time
     expect(@headers.to_s).to include("Modified-At: #{time.httpdate}")
   end
+
+  it 'should format Integer values correctly' do
+    @headers['X-Number'] = 32
+    expect(@headers.to_s).to include("X-Number: 32")
+  end
+
+  it 'should not allow CRLF' do
+    @headers['Bad'] = "a\r\nSet-Cookie: injected=value"
+    expect(@headers.to_s).to be_empty
+  end
+
+  it 'should not allow CR' do
+    @headers['Bad'] = "a\rSet-Cookie: injected=value"
+    expect(@headers.to_s).to be_empty
+  end
+
+  it 'should not allow LF' do
+    @headers['Bad'] = "a\nSet-Cookie: injected=value"
+    expect(@headers.to_s).to be_empty
+  end
 end
\ No newline at end of file