diff --git a/.github/qa-nginx-redirecting/nginx.conf b/.github/qa-nginx-redirecting/nginx.conf
new file mode 100644
index 0000000..0df9cb8
--- /dev/null
+++ b/.github/qa-nginx-redirecting/nginx.conf
@@ -0,0 +1,41 @@
+user nginx;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid       /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile on;
+
+    keepalive_timeout 65;
+
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen 8080;
+
+        location /health {
+            access_log off;
+            add_header 'Content-Type' 'text/plain';
+            return 200 "healthy\n";
+        }
+
+        location /clientRedirectToSonarBinaries/* {
+            access_log off;
+            return 301 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli";
+        }
+    }
+}
diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml
index d06fb58..09ddafe 100644
--- a/.github/workflows/qa.yml
+++ b/.github/workflows/qa.yml
@@ -376,6 +376,42 @@ jobs:
       - name: Assert failure of previous step
         if: steps.runTest.outcome == 'success'
         run: exit 1
+  curlPerformsRedirectAndUrlIsEscaped:
+    name: >
+      curl performs redirect when scannerBinariesUrl returns 3xx
+    runs-on: ubuntu-latest
+    services:
+      https-proxy:
+        image: nginx
+        ports:
+          - 8080:8080
+        volumes:
+          - ${{ github.workspace }}/.github/qa-nginx-redirecting/nginx.conf:/etc/nginx/nginx.conf:ro
+        options: >-
+          --health-cmd "curl --fail localhost:8080/health"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 20
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Remove wget
+        run: sudo apt-get remove -y wget
+      - name: Start nginx and SonarQube via Docker Compose
+        run: docker compose up -d --wait
+        working-directory: .github/qa-nginx-redirecting
+      - name: Run action with scannerBinariesUrl
+        id: runTest
+        uses: ./
+        with:
+          scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries
+        env:
+          SONAR_HOST_URL: http://not_actually_used
+          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output1.properties"}'
+      - name: Assert Sonar Scanner CLI was downloaded
+        run: |
+          ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
   useSslCertificate:
     name: >
       'SONAR_ROOT_CERT' is converted to truststore