diff --git a/tornado/test/web_test.py b/tornado/test/web_test.py
index a829657ab..5e7325444 100644
--- a/tornado/test/web_test.py
+++ b/tornado/test/web_test.py
@@ -700,11 +700,12 @@ def get(self):
             self.set_header("X-Foo", "foo\r\nX-Bar: baz")
             raise Exception("Didn't get expected exception")
         except ValueError as e:
-            if "Unsafe header value" in str(e):
-                self.finish(b"ok")
-            else:
+            if "Unsafe header value" not in str(e):
                 raise
 
+        self.set_header("X-Foo", "foo\tX-Bar: baz")
+        self.finish(b"ok")
+
 
 class GetArgumentHandler(RequestHandler):
     def prepare(self):
diff --git a/tornado/web.py b/tornado/web.py
index 357c5f1ae..acaae7ded 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -399,7 +399,7 @@ def clear_header(self, name: str) -> None:
         if name in self._headers:
             del self._headers[name]
 
-    _INVALID_HEADER_CHAR_RE = re.compile(r"[\x00-\x1f]")
+    _INVALID_HEADER_CHAR_RE = re.compile(r"[\x00-\x08\x0a-\x1f]")
 
     def _convert_header_value(self, value: _HeaderTypes) -> str:
         # Convert the input value to a str. This type check is a bit