diff --git a/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreviewRepository.java b/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreviewRepository.java
index b2d700787c..49ce86696b 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreviewRepository.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreviewRepository.java
@@ -38,6 +38,7 @@ import org.thoughtcrime.securesms.linkpreview.LinkPreviewUtil.OpenGraph;
 import org.thoughtcrime.securesms.mms.PushMediaConstraints;
 import org.thoughtcrime.securesms.net.CallRequestController;
 import org.thoughtcrime.securesms.net.CompositeRequestController;
+import org.thoughtcrime.securesms.net.LinkPreviewRedirectValidationInterceptor;
 import org.thoughtcrime.securesms.net.RequestController;
 import org.thoughtcrime.securesms.net.UserAgentInterceptor;
 import org.thoughtcrime.securesms.profiles.AvatarHelper;
@@ -93,6 +94,7 @@ public class LinkPreviewRepository {
     this.client = new OkHttpClient.Builder()
                                   .cache(null)
                                   .addInterceptor(new UserAgentInterceptor("WhatsApp/2"))
+                                  .addNetworkInterceptor(new LinkPreviewRedirectValidationInterceptor())
                                   .build();
   }
 
diff --git a/app/src/main/java/org/thoughtcrime/securesms/net/LinkPreviewRedirectValidationInterceptor.kt b/app/src/main/java/org/thoughtcrime/securesms/net/LinkPreviewRedirectValidationInterceptor.kt
new file mode 100644
index 0000000000..daa5c6ec1b
--- /dev/null
+++ b/app/src/main/java/org/thoughtcrime/securesms/net/LinkPreviewRedirectValidationInterceptor.kt
@@ -0,0 +1,31 @@
+package org.thoughtcrime.securesms.net
+
+import okhttp3.Interceptor
+import okhttp3.Response
+import org.signal.core.util.logging.Log
+import org.signal.core.util.logging.Log.tag
+import org.thoughtcrime.securesms.util.LinkUtil.isValidPreviewUrl
+import java.io.IOException
+
+/**
+ * Validates redirects for link preview requests to ensure they all meet the link criteria.
+ */
+class LinkPreviewRedirectValidationInterceptor : Interceptor {
+
+  companion object {
+    private val TAG = tag(LinkPreviewRedirectValidationInterceptor::class)
+  }
+
+  @Throws(IOException::class)
+  override fun intercept(chain: Interceptor.Chain): Response {
+    val url = chain.request().url.toString()
+
+    if (!isValidPreviewUrl(url)) {
+      Log.w(TAG, "Redirect target failed link preview URL validation.")
+      chain.call().cancel()
+      throw IOException("Redirect target is not a valid preview URL.")
+    }
+
+    return chain.proceed(chain.request())
+  }
+}