diff --git a/src/core/headers.ml b/src/core/headers.ml
index 89c4d8d2..1c1d8f87 100644
--- a/src/core/headers.ml
+++ b/src/core/headers.ml
@@ -50,7 +50,10 @@ let parse_ ~(buf : Buf.t) (bs : IO.Input.t) : t =
   let rec loop acc =
     match IO.Input.read_line_using_opt ~buf bs with
     | None -> raise End_of_file
+    | Some "" -> assert false
     | Some "\r" -> acc
+    | Some line when line.[String.length line - 1] <> '\r' ->
+      bad_reqf 400 "bad header line, not ended in CRLF"
     | Some line ->
       let k, v =
         try
diff --git a/src/core/request.ml b/src/core/request.ml
index 800949e3..45f3bff2 100644
--- a/src/core/request.ml
+++ b/src/core/request.ml
@@ -110,6 +110,9 @@ let parse_req_start ~client_addr ~get_time_s ~buf (bs : IO.Input.t) :
   try
     let line = IO.Input.read_line_using ~buf bs in
     Log.debug (fun k -> k "parse request line: %S" line);
+
+    if line <> "" && line.[String.length line - 1] <> '\r' then
+      bad_reqf 400 "invalid status line, not ending in CRLF";
     let start_time = get_time_s () in
     let meth, path, version =
       try