diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/http_test.py b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/http_test.py
new file mode 100644
index 00000000000..cf46219fc59
--- /dev/null
+++ b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/http_test.py
@@ -0,0 +1,22 @@
+from http.server import HTTPServer, BaseHTTPRequestHandler
+import urllib.parse
+
+class VulnerableHandler(BaseHTTPRequestHandler):
+    def do_GET(self):
+        parsed_path = urllib.parse.urlparse(self.path)
+        params = urllib.parse.parse_qs(parsed_path.query)
+        input_value = params.get("input", [""])[0]
+        # Unsafe: Directly including user input in headers
+        self.send_response(200)
+        try:
+            self.send_header("X-Info", input_value) # BAD
+        except Exception as e:
+            print(f"[!] Header injection failed: {e}")
+        self.end_headers()
+        self.wfile.write(b"Hello world!")
+
+
+# if __name__ == "__main__":
+#     print("Serving vulnerable app on http://127.0.0.1:8080")
+#     httpd = HTTPServer(("127.0.0.1", 8080), VulnerableHandler)
+#     httpd.serve_forever()