diff --git a/library/Icinga/Web/Window.php b/library/Icinga/Web/Window.php
index 158483a06..76643f4c6 100644
--- a/library/Icinga/Web/Window.php
+++ b/library/Icinga/Web/Window.php
@@ -112,7 +112,7 @@ class Window
     {
         if (! isset(static::$window)) {
             $id = Icinga::app()->getRequest()->getHeader('X-Icinga-WindowId');
-            if (empty($id) || $id === static::UNDEFINED) {
+            if (empty($id) || $id === static::UNDEFINED || ! preg_match('/^\w+$/', $id)) {
                 Icinga::app()->getResponse()->setOverrideWindowId();
                 $id = static::generateId();
             }