Then it's fortunate his script is communicating using CGI (not HTTP) with a web server (not a browser).
While the header CGI is defined as being an HTTP header, web servers have a long history of accepting "\n" as a CGI header line seperator. The CGI spec even mentions it allows the CGI header to be seperated from the CGI body by LF or by CRLF. It's up to the server to construct a valid HTTP response from that de-facto valid CGI request.
Or if you're referring to the unusual text case, CGI/HTTP field names are case-insensitive (RFC2616 S4.2). Incidentally, so are media types and subtypes (RFC2616 S3.7).
While using print $cgi->header(); is a great idea seeing as CGI is already in play, what his script does is by no means invalid.