diff --git a/copyparty/__main__.py b/copyparty/__main__.py
index 3ed24a14..af282f0c 100644
--- a/copyparty/__main__.py
+++ b/copyparty/__main__.py
@@ -1557,6 +1557,7 @@ def add_safety(ap):
     ap2.add_argument("--no-robots", action="store_true", help="adds http and html headers asking search engines to not index anything (volflag=norobots)")
     ap2.add_argument("--logout", metavar="H", type=float, default=8086.0, help="logout clients after \033[33mH\033[0m hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
     ap2.add_argument("--dont-ban", metavar="TXT", type=u, default="no", help="anyone at this accesslevel or above will not get banned: [\033[32mav\033[0m]=admin-in-volume, [\033[32maa\033[0m]=has-admin-anywhere, [\033[32mrw\033[0m]=read-write, [\033[32mauth\033[0m]=authenticated, [\033[32many\033[0m]=disable-all-bans, [\033[32mno\033[0m]=anyone-can-get-banned")
+    ap2.add_argument("--banmsg", metavar="TXT", type=u, default="thank you for playing \u00a0 (see serverlog and readme)", help="the response to send to banned users; can be @ban.html to send the contents of ban.html")
     ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
     ap2.add_argument("--ban-pwc", metavar="N,W,B", type=u, default="5,60,1440", help="more than \033[33mN\033[0m password-changes in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
     ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="50,60,1440", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; only affects users who cannot see directory listings because their access is either g/G/h")
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 7b3fb67b..739e7ced 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -969,7 +969,7 @@ class HttpCli(object):
             return False
 
         self.log("banned for {:.0f} sec".format(rt), 6)
-        self.terse_reply(b"thank you for playing (see serverlog and readme)", 403)
+        self.terse_reply(self.args.banmsg_b, 403)
         return True
 
     def permit_caching(self) -> None:
@@ -1152,7 +1152,10 @@ class HttpCli(object):
         ]
 
         if body:
-            lines.append("Content-Length: " + unicode(len(body)))
+            lines.append(
+                "Content-Type: text/html; charset=utf-8\r\nContent-Length: "
+                + unicode(len(body))
+            )
 
         lines.append("\r\n")
         self.s.sendall("\r\n".join(lines).encode("utf-8") + body)
diff --git a/copyparty/svchub.py b/copyparty/svchub.py
index 9c954528..a414d750 100644
--- a/copyparty/svchub.py
+++ b/copyparty/svchub.py
@@ -1102,6 +1102,12 @@ class SvcHub(object):
             else:
                 setattr(al, k, re.compile("^" + vs + "$"))
 
+        if al.banmsg.startswith("@"):
+            with open(al.banmsg[1:], "rb") as f:
+                al.banmsg_b = f.read()
+        else:
+            al.banmsg_b = al.banmsg.encode("utf-8") + b"\n"
+
         if not al.sus_urls:
             al.ban_url = "no"
         elif al.ban_url == "no":