diff --git a/src/Instrumentation/Event.php b/src/Instrumentation/Event.php
index 2e728e46434..891d19810d9 100644
--- a/src/Instrumentation/Event.php
+++ b/src/Instrumentation/Event.php
@@ -96,6 +96,16 @@ public function add_properties( $properties ) {
 		}
 	}
 
+	/**
+	 * Sanitize key to use it for an HTTP header label (alphanumeric and dashes/underscores only).
+	 *
+	 * @param string $key Unsanitized key.
+	 * @return string Sanitized key.
+	 */
+	private function sanitize_key( $key ) {
+		return preg_replace( '/[^a-zA-Z0-9_-]+/', '_', $key );
+	}
+
 	/**
 	 * Get the server timing header string.
 	 *
@@ -108,19 +118,19 @@ public function get_header_string() {
 			if ( is_float( $value ) ) {
 				$property_strings[] = sprintf(
 					';%s="%.1f"',
-					addslashes( $property ),
+					$this->sanitize_key( $property ),
 					$value
 				);
 			} else {
 				$property_strings[] = sprintf(
 					';%s="%s"',
-					addslashes( $property ),
+					$this->sanitize_key( $property ),
 					addslashes( $value )
 				);
 			}
 		}
 
-		$event_string = addslashes( $this->get_name() );
+		$event_string = $this->sanitize_key( $this->get_name() );
 
 		$description = $this->get_description();
 		if ( ! empty( $description ) ) {
diff --git a/src/Instrumentation/ServerTiming.php b/src/Instrumentation/ServerTiming.php
index a67840eed95..bf626c17520 100644
--- a/src/Instrumentation/ServerTiming.php
+++ b/src/Instrumentation/ServerTiming.php
@@ -158,7 +158,7 @@ public function get_header_string() {
 		return implode(
 			',',
 			array_map(
-				static function ( $event ) {
+				static function ( Event $event ) {
 					return $event->get_header_string();
 				},
 				$this->events