diff --git a/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js b/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
index 705fa21312..234d3e836a 100644
--- a/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
+++ b/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
@@ -291,7 +291,7 @@ const TokenAccessHandler = {
     let hashPrefixStatus
 
     if (tokenHashPrefix) {
-      tokenHashPrefix = tokenHashPrefix.replace('#', '')
+      tokenHashPrefix = tokenHashPrefix.replace('#', '').replace('%23', '')
     }
 
     if (!tokenHashPrefix) {
diff --git a/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js b/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js
index ad9633b874..3d8d681a18 100644
--- a/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js
+++ b/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js
@@ -719,5 +719,23 @@ describe('TokenAccessHandler', function () {
         }
       )
     })
+    it('it handles encoded hashtags', function () {
+      const token = 'zxpxjrwdtsgd'
+      const prefix = this.TokenAccessHandler.createTokenHashPrefix(token)
+
+      this.TokenAccessHandler.checkTokenHashPrefix(
+        token,
+        `%23${prefix}`,
+        'readOnly'
+      )
+
+      expect(this.Metrics.inc).to.have.been.calledWith(
+        'link-sharing.hash-check',
+        {
+          path: 'readOnly',
+          status: 'match',
+        }
+      )
+    })
   })
 })