diff --git a/test/unit/request_test.js b/test/unit/request_test.js
index f292e2b..fe3c136 100644
--- a/test/unit/request_test.js
+++ b/test/unit/request_test.js
@@ -127,6 +127,22 @@ describe('Request', function() {
     request.custom2.should.eql(originalRequest.custom2);
   });
 
+  it('should not allow overwriting methods on the Request prototype via custom properties', () => {
+    const request = new Request({
+      query: {},
+      method: 'GET',
+      headers: {
+        'content-type': 'application/json'
+      },
+      get() {
+        // malicious attempt to override the 'get' method
+        return 'text/html';
+      }
+    });
+
+    request.get('content-type').should.equal('application/json');
+  });
+
   it('should allow getting of headers using `request.get`', function() {
     const originalRequest = generateBaseRequest();
 
diff --git a/test/unit/response_test.js b/test/unit/response_test.js
index 8d4897c..af505ba 100644
--- a/test/unit/response_test.js
+++ b/test/unit/response_test.js
@@ -83,6 +83,20 @@ describe('Request', function() {
     response.custom2.should.eql(originalResponse.custom2);
   });
 
+  it('should not allow overwriting methods on the Response prototype via custom properties', () => {
+    const response = new Response({
+      headers: {
+        'content-type': 'application/json'
+      },
+      get() {
+        // malicious attempt to override the 'get' method
+        return 'text/html';
+      }
+    });
+
+    response.get('content-type').should.equal('application/json');
+  });
+
   it('should allow getting of headers using `response.get`', function() {
     const originalResponse = generateBaseResponse();