diff --git a/python/ql/lib/change-notes/2025-04-30-model-send-header.md b/python/ql/lib/change-notes/2025-04-30-model-send-header.md
new file mode 100644
index 000000000000..032e984bdf3a
--- /dev/null
+++ b/python/ql/lib/change-notes/2025-04-30-model-send-header.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added header write model for `send_header` in `http.server`.
\ No newline at end of file
diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
index 4ad671bb19aa..4a3c346fb016 100644
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -1963,6 +1963,21 @@ module StdlibPrivate {
     /** Gets a reference to an instance of the `BaseHttpRequestHandler` class or any subclass. */
     DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
 
+    /** A call to a method that writes to a response header. */
+    private class HeaderWriteCall extends Http::Server::ResponseHeaderWrite::Range,
+      DataFlow::MethodCallNode
+    {
+      HeaderWriteCall() { this.calls(instance(), "send_header") }
+
+      override DataFlow::Node getNameArg() { result = this.getArg(0) }
+
+      override DataFlow::Node getValueArg() { result = this.getArg(1) }
+
+      override predicate nameAllowsNewline() { any() }
+
+      override predicate valueAllowsNewline() { any() }
+    }
+
     private class AdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
       override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
         nodeFrom = instance() and
diff --git a/python/ql/test/library-tests/frameworks/stdlib/http_server.py b/python/ql/test/library-tests/frameworks/stdlib/http_server.py
index 9110aa6a26a9..8e9fd925c249 100644
--- a/python/ql/test/library-tests/frameworks/stdlib/http_server.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/http_server.py
@@ -83,7 +83,7 @@ def taint_sources(self):
     def do_GET(self): # $ requestHandler
         # send_response will log a line to stderr
         self.send_response(200)
-        self.send_header("Content-type", "text/plain; charset=utf-8")
+        self.send_header("Content-type", "text/plain; charset=utf-8") # $ headerWriteNameUnsanitized="Content-type" headerWriteValueUnsanitized="text/plain; charset=utf-8"
         self.end_headers()
         self.wfile.write(b"Hello BaseHTTPRequestHandler\n")
         self.wfile.writelines([b"1\n", b"2\n", b"3\n"])