HTTP/2 header fields which contain invalid characters must not be passed to an origin server via HTTP/1.1, and it must be treated as a protocol error.
10.3. Intermediary Encapsulation Attacks
The HTTP/2 header field encoding allows the expression of names that
are not valid field names in the Internet Message Syntax used by
HTTP/1.1. Requests or responses containing invalid header field
names MUST be treated as malformed (Section 22.214.171.124). An
intermediary therefore cannot translate an HTTP/2 request or response
containing an invalid field name into an HTTP/1.1 message.
Similarly, HTTP/2 allows header field values that are not valid.
While most of the values that can be encoded will not alter header
field parsing, carriage return (CR, ASCII 0xd), line feed (LF, ASCII
0xa), and the zero character (NUL, ASCII 0x0) might be exploited by
an attacker if they are translated verbatim. Any request or response
that contains a character not permitted in a header field value MUST
be treated as malformed (Section 126.96.36.199). Valid characters are
defined by the "field-content" ABNF rule in Section 3.2 of [RFC7230].