diff --git a/api/src/main/java/be/darkkraft/transferproxy/api/util/CookieUtil.java b/api/src/main/java/be/darkkraft/transferproxy/api/util/CookieUtil.java
index c1c414e..63597f3 100644
--- a/api/src/main/java/be/darkkraft/transferproxy/api/util/CookieUtil.java
+++ b/api/src/main/java/be/darkkraft/transferproxy/api/util/CookieUtil.java
@@ -24,6 +24,9 @@
 
 package be.darkkraft.transferproxy.api.util;
 
+import static net.kyori.adventure.key.Key.checkNamespace;
+import static net.kyori.adventure.key.Key.checkValue;
+
 public final class CookieUtil {
 
     private static final int MAX_COOKIE_SIZE = 5120; // 5 kiB
@@ -36,9 +39,16 @@ public static void ensureCookieFormat(final String cookieKey) {
         if (cookieKey == null) {
             throw new IllegalArgumentException("Cookie key must not be null");
         }
-        if (cookieKey.indexOf(':') < 0) {
+        final int index = cookieKey.indexOf(':');
+        if (index < 1) {
             throw new IllegalArgumentException("Cookie key format must be: namespace:key");
         }
+        if (checkNamespace(cookieKey.substring(0, index)).isPresent()) {
+            throw new IllegalArgumentException("Invalid characters in cookie namespace: " + cookieKey);
+        }
+        if (checkValue(cookieKey.substring(index + 1)).isPresent()) {
+            throw new IllegalArgumentException("Invalid characters in cookie value: " + cookieKey);
+        }
     }
 
     public static int getMaxCookieSize() { // Maybe that changes in future versions?
diff --git a/api/src/test/java/be/darkkraft/transferproxy/api/util/CookieUtilTest.java b/api/src/test/java/be/darkkraft/transferproxy/api/util/CookieUtilTest.java
index aac3148..b36c0cd 100644
--- a/api/src/test/java/be/darkkraft/transferproxy/api/util/CookieUtilTest.java
+++ b/api/src/test/java/be/darkkraft/transferproxy/api/util/CookieUtilTest.java
@@ -25,18 +25,29 @@
 package be.darkkraft.transferproxy.api.util;
 
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 class CookieUtilTest {
 
+    @ParameterizedTest
+    @ValueSource(strings = {"namespace:key", "minecraft:cookie", "minecraft:cookie_part"})
+    void testValidCookieFormat(final String key) {
+        assertDoesNotThrow(() -> CookieUtil.ensureCookieFormat(key));
+    }
+
     @Test
-    void testCookieFormat() {
+    void testCookieFormatWithNullValue() {
         assertThrows(IllegalArgumentException.class, () -> CookieUtil.ensureCookieFormat(null));
-        assertThrows(IllegalArgumentException.class, () -> CookieUtil.ensureCookieFormat("key"));
-        assertDoesNotThrow(() -> CookieUtil.ensureCookieFormat("namespace:key"));
-        assertDoesNotThrow(() -> CookieUtil.ensureCookieFormat("minecraft:cookie"));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {"", "key", ":key", "namespace:ke@y", "n@mespace:key"})
+    void testInvalidCookieFormat(final String key) {
+        assertThrows(IllegalArgumentException.class, () -> CookieUtil.ensureCookieFormat(key));
     }
 
 }
\ No newline at end of file