diff --git a/endpoints/web.py b/endpoints/web.py
index e297074ff..05fe65847 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -1,5 +1,4 @@
 import logging
-import os
 
 from flask import (abort, redirect, request, url_for, make_response, Response,
                    Blueprint, send_from_directory, jsonify)
@@ -19,6 +18,7 @@ from util.seo import render_snapshot
 from util.cache import no_cache
 from endpoints.common import common_login, render_page_template, route_show_if, param_required
 from endpoints.csrf import csrf_protect, generate_csrf_token
+from endpoints.registry import set_cache_headers
 from util.names import parse_repository_name
 from util.useremails import send_email_changed
 from auth import scopes
@@ -184,15 +184,17 @@ def status():
 
 
 @app.route("/avatar/<avatar_hash>")
-def render_avatar(avatar_hash):
+@set_cache_headers
+def render_avatar(avatar_hash, headers):
   try:
     size = int(request.args.get('size', 16))
   except ValueError:
     size = 16
 
   generated = Avatar.generate(size, avatar_hash)
-  headers = {'Content-Type': 'image/png'}
-  return make_response(generated, 200, headers)
+  resp = make_response(generated, 200, {'Content-Type': 'image/png'})
+  resp.headers.extend(headers)
+  return resp
 
 
 @web.route('/tos', methods=['GET'])
@@ -247,7 +249,7 @@ def receipt():
     invoice = stripe.Invoice.retrieve(invoice_id)
     if invoice:
       user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)
-      
+
       if user_or_org:
         if user_or_org.organization:
           admin_org = AdministerOrganizationPermission(user_or_org.username)
@@ -257,9 +259,9 @@ def receipt():
         else:
           if not user_or_org.username == current_user.db_user().username:
             abort(404)
-            return      
+            return
 
-      file_data = renderInvoiceToPdf(invoice, user_or_org)          
+      file_data = renderInvoiceToPdf(invoice, user_or_org)
       return Response(file_data,
                       mimetype="application/pdf",
                       headers={"Content-Disposition": "attachment;filename=receipt.pdf"})
@@ -276,7 +278,7 @@ def confirm_repo_email():
     record = model.confirm_email_authorization_for_repo(code)
   except model.DataModelException as ex:
     return render_page_template('confirmerror.html', error_message=ex.message)
-    
+
   message = """
   Your E-mail address has been authorized to receive notifications for repository
   <a href="%s://%s/repository/%s/%s">%s/%s</a>.
@@ -298,13 +300,13 @@ def confirm_email():
     user, new_email, old_email = model.confirm_user_email(code)
   except model.DataModelException as ex:
     return render_page_template('confirmerror.html', error_message=ex.message)
-    
+
   if new_email:
     send_email_changed(user.username, old_email, new_email)
 
   common_login(user)
 
-  return redirect(url_for('web.user', tab='email') 
+  return redirect(url_for('web.user', tab='email')
                   if new_email else url_for('web.index'))