diff --git a/CHANGES/3613.bugfix b/CHANGES/3613.bugfix
new file mode 100644
index 00000000000..912339fdef8
--- /dev/null
+++ b/CHANGES/3613.bugfix
@@ -0,0 +1 @@
+Use sanitized URL as Location header in redirects
diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt
index 5b7d89b81d5..71febf02340 100644
--- a/CONTRIBUTORS.txt
+++ b/CONTRIBUTORS.txt
@@ -152,6 +152,7 @@ Mathias Fröjdman
 Matthieu Hauglustaine
 Matthieu Rigal
 Michael Ihnatenko
+Mikhail Burshteyn
 Mikhail Kashkin
 Mikhail Lukyanchenko
 Mikhail Nacharov
diff --git a/aiohttp/web_exceptions.py b/aiohttp/web_exceptions.py
index 77a45217444..64486ef9785 100644
--- a/aiohttp/web_exceptions.py
+++ b/aiohttp/web_exceptions.py
@@ -203,8 +203,8 @@ def __init__(self,
             raise ValueError("HTTP redirects need a location to redirect to.")
         super().__init__(headers=headers, reason=reason,
                          text=text, content_type=content_type)
-        self.headers['Location'] = str(location)
         self._location = URL(location)
+        self.headers['Location'] = str(self.location)
 
     @property
     def location(self) -> URL:
diff --git a/tests/test_web_exceptions.py b/tests/test_web_exceptions.py
index cebb1f1362f..b5240cb05a8 100644
--- a/tests/test_web_exceptions.py
+++ b/tests/test_web_exceptions.py
@@ -133,6 +133,11 @@ def test_HTTPFound_empty_location() -> None:
         web.HTTPFound(location=None)
 
 
+def test_HTTPFound_location_CRLF() -> None:
+    exc = web.HTTPFound(location='/redirect\r\n')
+    assert '\r\n' not in exc.headers['Location']
+
+
 async def test_HTTPMethodNotAllowed() -> None:
     exc = web.HTTPMethodNotAllowed('GET', ['POST', 'PUT'])
     assert 'GET' == exc.method