diff --git a/src/www/vpn_ipsec.php b/src/www/vpn_ipsec.php
index be081ac99..c05f93547 100644
--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -92,7 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         ipsec_configure();
         filter_configure();
         clear_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     } elseif (!empty($_POST['act']) && $_POST['act'] == "delphase1" ) {
         $del_items = array();
@@ -119,7 +119,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     } elseif (!empty($_POST['act']) && $_POST['act'] == "delphase2" ) {
         if (isset($_POST['id']) && isset($config['ipsec']['phase2'][$_POST['id']])){
@@ -131,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         }
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     } elseif (!empty($_POST['act']) && $_POST['act'] == "movep1" ) {
         // move phase 1 records
@@ -146,7 +146,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         }
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     } elseif (!empty($_POST['act']) && $_POST['act'] == "movep2" ) {
         // move phase 2 records
@@ -161,7 +161,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         }
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     } elseif (!empty($_POST['act']) && $_POST['act'] == "togglep1" && isset($a_phase1[$_POST['id']]) ) {
         // toggle phase 1 record
@@ -172,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         }
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     } elseif (!empty($_POST['act']) && $_POST['act'] == "togglep2" && isset($a_phase2[$_POST['id']]) ) {
         // toggle phase 2 record
@@ -183,7 +183,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         }
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     }
 }
diff --git a/src/www/vpn_ipsec_keys.php b/src/www/vpn_ipsec_keys.php
index 835e4dee3..937fe74b0 100644
--- a/src/www/vpn_ipsec_keys.php
+++ b/src/www/vpn_ipsec_keys.php
@@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             unset($config['ipsec']['mobilekey'][$_POST['id']]);
             write_config('Deleted pre-shared IPsec key');
             mark_subsystem_dirty('ipsec');
-            header("Location: vpn_ipsec_keys.php");
+            header(url_safe('Location: vpn_ipsec_keys.php'));
             exit;
         }
     } elseif (isset($_POST['apply'])) {
@@ -62,7 +62,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         clear_subsystem_dirty('ipsec');
     } else {
       // nothing to post, redirect
-        header("Location: vpn_ipsec_keys.php");
+        header(url_safe('Location: vpn_ipsec_keys.php'));
         exit;
     }
 }
diff --git a/src/www/vpn_ipsec_keys_edit.php b/src/www/vpn_ipsec_keys_edit.php
index 3af9b8b7e..a25745e48 100644
--- a/src/www/vpn_ipsec_keys_edit.php
+++ b/src/www/vpn_ipsec_keys_edit.php
@@ -111,7 +111,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         write_config("{$config_write_text} IPsec Pre-Shared Keys");
         mark_subsystem_dirty('ipsec');
 
-        header("Location: vpn_ipsec_keys.php");
+        header(url_safe('Location: vpn_ipsec_keys.php'));
         exit;
     }
 }
diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php
index 2398a134f..5286cb09a 100644
--- a/src/www/vpn_ipsec_phase1.php
+++ b/src/www/vpn_ipsec_phase1.php
@@ -397,7 +397,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 
         write_config();
         mark_subsystem_dirty('ipsec');
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     }
 }
diff --git a/src/www/vpn_ipsec_phase2.php b/src/www/vpn_ipsec_phase2.php
index d4e4a05aa..cefad260e 100644
--- a/src/www/vpn_ipsec_phase2.php
+++ b/src/www/vpn_ipsec_phase2.php
@@ -445,7 +445,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         write_config();
         mark_subsystem_dirty('ipsec');
 
-        header("Location: vpn_ipsec.php");
+        header(url_safe('Location: vpn_ipsec.php'));
         exit;
     }
 }