diff --git a/trac/web/wsgi.py b/trac/web/wsgi.py
index cc5f9a1c2b..ade7857563 100644
--- a/trac/web/wsgi.py
+++ b/trac/web/wsgi.py
@@ -16,6 +16,7 @@
 
 from abc import ABCMeta, abstractmethod
 import errno
+import re
 import sys
 from http.server import HTTPServer, BaseHTTPRequestHandler
 from socketserver import ThreadingMixIn
@@ -140,6 +141,23 @@ def _start_response(self, status, headers, exc_info=None):
         else:
             assert not self.headers_set, 'Response already started'
 
+        def check_header(item, label):
+            if not isinstance(item, str):
+                raise TypeError('Expected str instance in %s' % label)
+            try:
+                item.encode('iso-8859-1')
+            except UnicodeEncodeError:
+                raise ValueError('Non latin-1 characters are used in %s' %
+                                 label) from None
+            if control_re.search(item):
+                raise ValueError('Control characters are used in %s' % label)
+
+        control_re = re.compile(r'[\x00-\x1f\x7f]')
+        check_header(status, 'status')
+        for name, value in headers:
+            check_header(name, 'headers')
+            check_header(value, 'headers')
+
         self.headers_set = [status, headers]
         return self._write