diff --git a/src/controllers/errors.js b/src/controllers/errors.js
index ba6e3842fd..4f10402f9a 100644
--- a/src/controllers/errors.js
+++ b/src/controllers/errors.js
@@ -69,7 +69,9 @@ exports.handleErrors = async function handleErrors(err, req, res, next) { // esl
 		// Display NodeBB error page
 		const status = parseInt(err.status, 10);
 		if ((status === 302 || status === 308) && err.path) {
-			return res.locals.isAPI ? res.set('X-Redirect', err.path).status(200).json(err.path) : res.redirect(nconf.get('relative_path') + err.path);
+			return res.locals.isAPI ?
+				res.set('X-Redirect', encodeURIComponent(err.path)).status(200).json(err.path) :
+				res.redirect(nconf.get('relative_path') + err.path);
 		}
 
 		const path = String(req.path || '');
diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js
index c0bffb20ea..494bae0e34 100644
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -168,7 +168,7 @@ helpers.redirect = function (res, url, permanent) {
 	if (url.hasOwnProperty('external')) {
 		const redirectUrl = prependRelativePath(url.external);
 		if (res.locals.isAPI) {
-			res.set('X-Redirect', redirectUrl).status(200).json({ external: redirectUrl });
+			res.set('X-Redirect', encodeURIComponent(redirectUrl)).status(200).json({ external: redirectUrl });
 		} else {
 			res.redirect(permanent ? 308 : 307, redirectUrl);
 		}
@@ -176,7 +176,7 @@ helpers.redirect = function (res, url, permanent) {
 	}
 
 	if (res.locals.isAPI) {
-		res.set('X-Redirect', url).status(200).json(url);
+		res.set('X-Redirect', encodeURIComponent(url)).status(200).json(url);
 	} else {
 		res.redirect(permanent ? 308 : 307, prependRelativePath(url));
 	}