diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb
index 257456af0..e45665dbd 100644
--- a/app/controllers/users/confirmations_controller.rb
+++ b/app/controllers/users/confirmations_controller.rb
@@ -13,9 +13,19 @@ class Users::ConfirmationsController < Devise::ConfirmationsController
   # end
 
   # GET /resource/confirmation?confirmation_token=abcdef
-  # def show
-  #   super
-  # end
+  def show
+    super do
+      # When email was already confirmed, default is to render :new with a specific error.
+      # Because our :new is customized with the email and a form to resend a confirmation,
+      # we redirect to after confirmation page instead.
+      if resource.errors.of_kind?(:email, :already_confirmed)
+        respond_with_navigational(resource) do
+          flash.notice = t('.email_already_confirmed')
+          redirect_to after_confirmation_path_for(resource_name, resource) and return
+        end
+      end
+    end
+  end
 
   # protected
 
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
index fc8ec6613..251bb78d0 100644
--- a/config/locales/devise.en.yml
+++ b/config/locales/devise.en.yml
@@ -6,3 +6,7 @@ en:
     sessions:
       signed_in_multiple_profile: "You are connected ! You can switch between your multiple profiles : %{roles}."
       signed_out: You are now disconnected.
+  users:
+    confirmations:
+      show:
+        email_already_confirmed: 'Your account has already been activated.'
diff --git a/config/locales/devise.fr.yml b/config/locales/devise.fr.yml
index f45a603b4..c3a7bcb4e 100644
--- a/config/locales/devise.fr.yml
+++ b/config/locales/devise.fr.yml
@@ -6,3 +6,7 @@ fr:
     sessions:
       signed_in_multiple_profile: "Vous êtes connecté(e) ! Vous pouvez à tout moment alterner entre vos différents profils : %{roles}."
       signed_out: Vous êtes maintenant déconnecté(e).
+  users:
+    confirmations:
+      show:
+        email_already_confirmed: 'Votre compte a déjà été activé.'
diff --git a/public/robots.txt b/public/robots.txt
index cd5d19951..da8572b44 100644
--- a/public/robots.txt
+++ b/public/robots.txt
@@ -5,3 +5,11 @@ User-agent: *
 Disallow: /commencer*
 Disallow: /rails/
 Disallow: /super_admins/
+Disallow: /manager/
+Disallow: /users/
+Allow: /users/sign_in
+Allow: /users/sign_up
+Disallow: /connexion-par-jeton/
+Disallow: */reset-link-sent*
+Disallow: /lien-envoye
+Disallow: /france_connect/
diff --git a/spec/controllers/users/confirmations_controller_spec.rb b/spec/controllers/users/confirmations_controller_spec.rb
index 758cde53f..58f6157d8 100644
--- a/spec/controllers/users/confirmations_controller_spec.rb
+++ b/spec/controllers/users/confirmations_controller_spec.rb
@@ -51,5 +51,21 @@ describe Users::ConfirmationsController, type: :controller do
         expect(subject).to redirect_to(new_user_session_path)
       end
     end
+
+    context 'when account was already confirmed long time ago' do
+      let!(:user) { create(:user, confirmed_at: 3.hours.ago, confirmation_sent_at: 4.hours.ago, confirmation_token: "mytoken") }
+      render_views
+
+      subject do
+        get :show, params: { confirmation_token: confirmation_token }
+      end
+
+      it 'redirect and does not expose the email' do
+        expect(user).to be_confirmed
+        expect(subject).to redirect_to(new_user_session_path)
+        expect(subject.body).not_to include(user.email)
+        expect(flash.notice).to include("Votre compte a déjà été activé")
+      end
+    end
   end
 end