diff --git a/src/routes/profile.js b/src/routes/profile.js
index 059cbab1a..5f0916721 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -39,7 +39,7 @@ function get(req, res, next) {
         twoFactorAuthenticationEnabled: req.user.twoFactorAuthenticationEnabled,
         admin: req.user.admin,
         source: req.user.source,
-        avatarUrl: fs.existsSync(path.join(paths.PROFILE_ICONS_DIR, req.user.id)) ? `${settings.adminOrigin()}/api/v1/profile/avatar/${req.user.id}` : `https://www.gravatar.com/avatar/${emailHash}.jpg?s=128&d=mm`
+        avatarUrl: fs.existsSync(path.join(paths.PROFILE_ICONS_DIR, req.user.id)) ? `${settings.adminOrigin()}/api/v1/profile/avatar/${req.user.id}` : `https://www.gravatar.com/avatar/${emailHash}.jpg`
     }));
 }
 
diff --git a/src/server.js b/src/server.js
index ad3c89fd6..97b009033 100644
--- a/src/server.js
+++ b/src/server.js
@@ -184,7 +184,7 @@ function initializeExpressSync() {
     // working off the user behind the provided token
     router.get ('/api/v1/profile', profileScope, routes.profile.get);
     router.post('/api/v1/profile', profileScope, routes.profile.update);
-    router.get ('/api/v1/profile/avatar/:identifier', routes.profile.getAvatar);
+    router.get ('/api/v1/profile/avatar/:identifier', routes.profile.getAvatar); // this is not scoped so it can used directly in img tag
     router.post('/api/v1/profile/avatar', profileScope, multipart, routes.profile.setAvatar);
     router.del ('/api/v1/profile/avatar', profileScope, routes.profile.clearAvatar);
     router.post('/api/v1/profile/password', profileScope, routes.users.verifyPassword, routes.profile.changePassword);