diff --git a/server/middleware/packageURL.js b/server/middleware/packageURL.js
index 2e97fba..77dbc9c 100644
--- a/server/middleware/packageURL.js
+++ b/server/middleware/packageURL.js
@@ -46,13 +46,25 @@ function createSearch(query) {
  * Parse and validate the URL.
  */
 function packageURL(req, res, next) {
-  // Redirect /_meta/pkg to /pkg?meta.
+  // Redirect /_meta/path to /path?meta.
   if (req.path.match(/^\/_meta\//)) {
-    delete req.query.json
     req.query.meta = ''
     return res.redirect(req.path.substr(6) + createSearch(req.query))
   }
 
+  // Redirect /path?json => /path?meta
+  if (req.query.json != null) {
+    delete req.query.json
+    req.query.meta = ''
+    return res.redirect(req.path + createSearch(req.query))
+  }
+
+  // Redirect requests with unknown query params to their equivalents
+  // with only known params so they can be served from the cache. This
+  // prevents people using random query params designed to bust the cache.
+  if (!queryIsKnown(req.query))
+    return res.redirect(req.path + createSearch(sanitizeQuery(req.query)))
+
   const url = parsePackageURL(req.url)
 
   // Do not allow invalid URLs.
@@ -65,12 +77,6 @@ function packageURL(req, res, next) {
   if (nameErrors)
     return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)
 
-  // Redirect requests with unknown query params to their equivalents
-  // with only known params so they can be served from the cache. This
-  // prevents people using random query params designed to bust the cache.
-  if (!queryIsKnown(url.query))
-    return res.redirect(url.pathname + createSearch(sanitizeQuery(url.query)))
-
   req.packageName = url.packageName
   req.packageVersion = url.packageVersion
   req.packageSpec = `${req.packageName}@${req.packageVersion}`