diff --git a/lib/thin/headers.rb b/lib/thin/headers.rb
index a33f50b2..4f773b44 100644
--- a/lib/thin/headers.rb
+++ b/lib/thin/headers.rb
@@ -1,4 +1,8 @@
 module Thin
+  # Raised when an header is not valid
+  # and the server can not process it.
+  class InvalidHeader < StandardError; end
+
   # Store HTTP header name-value pairs direcly to a string
   # and allow duplicated entries on some names.
   class Headers
@@ -21,8 +25,10 @@ def []=(key, value)
         value = case value
                 when Time
                   value.httpdate
-                when NilClass, CR_OR_LF
+                when NilClass
                   return
+                when CR_OR_LF
+                  raise InvalidHeader, "Header contains CR or LF"
                 else
                   value.to_s
                 end
diff --git a/spec/headers_spec.rb b/spec/headers_spec.rb
index 6c2433d6..2ef0fe6e 100644
--- a/spec/headers_spec.rb
+++ b/spec/headers_spec.rb
@@ -44,17 +44,14 @@
   end
 
   it 'should not allow CRLF' do
-    @headers['Bad'] = "a\r\nSet-Cookie: injected=value"
-    expect(@headers.to_s).to be_empty
+    expect { @headers['Bad'] = "a\r\nSet-Cookie: injected=value" }.to raise_error(InvalidHeader)
   end
 
   it 'should not allow CR' do
-    @headers['Bad'] = "a\rSet-Cookie: injected=value"
-    expect(@headers.to_s).to be_empty
+    expect { @headers['Bad'] = "a\rSet-Cookie: injected=value" }.to raise_error(InvalidHeader)
   end
 
   it 'should not allow LF' do
-    @headers['Bad'] = "a\nSet-Cookie: injected=value"
-    expect(@headers.to_s).to be_empty
+    expect { @headers['Bad'] = "a\nSet-Cookie: injected=value" }.to raise_error(InvalidHeader)
   end
 end
\ No newline at end of file