diff --git a/console/authentication/handlers.go b/console/authentication/handlers.go
index 9a13736a..d2246b6e 100644
--- a/console/authentication/handlers.go
+++ b/console/authentication/handlers.go
@@ -35,6 +35,14 @@ func (c *Component) UserAvatarHandlerFunc(gc *gin.Context) {
 	hash := fnv.New64()
 	hash.Write([]byte(info.Login))
 	randSource := rand.New(rand.NewSource(int64(hash.Sum64())))
+	etag := fmt.Sprintf(`"%x"`, hash.Sum64())
+
+	// Do we have a If-None-Match header?
+	if header := gc.GetHeader("If-None-Match"); header == etag {
+		gc.Header("ETag", etag)
+		gc.Status(http.StatusNotModified)
+		return
+	}
 
 	// Grab list of parts
 	parts := []string{}
@@ -86,8 +94,7 @@ func (c *Component) UserAvatarHandlerFunc(gc *gin.Context) {
 
 	// Serve the result
 	gc.Header("Content-Type", "image/png")
-	gc.Header("Cache-Control", "max-age=86400")
-	gc.Header("Vary", "Remote-User")
+	gc.Header("ETag", etag)
 	gc.Status(http.StatusOK)
 	png.Encode(gc.Writer, img)
 }
diff --git a/console/authentication/handlers_test.go b/console/authentication/handlers_test.go
index 90ce0c76..ff8625f0 100644
--- a/console/authentication/handlers_test.go
+++ b/console/authentication/handlers_test.go
@@ -87,6 +87,16 @@ func TestUserHandler(t *testing.T) {
 				}(),
 				ContentType: "image/png",
 				StatusCode:  200,
+			}, {
+				Description: "avatar, simple user, etag",
+				URL:         "/api/v0/console/user/avatar",
+				Header: func() netHTTP.Header {
+					headers := make(netHTTP.Header)
+					headers.Add("Remote-User", "alfred")
+					headers.Add("If-None-Match", `"b2e72a535032fa89"`)
+					return headers
+				}(),
+				StatusCode: 304,
 			},
 		})
 	})