diff --git a/src/app/avatar/route.js b/src/app/avatar/route.js
index 4f5954a..02df895 100644
--- a/src/app/avatar/route.js
+++ b/src/app/avatar/route.js
@@ -3,7 +3,8 @@ import { NextResponse } from 'next/server';
 export async function GET(request) {
   const { searchParams } = new URL(request.url);
   const query = searchParams.has('icon_url') ? searchParams.get('icon_url') : '';
-  const iconUrl = query || 'https://github.com/hugovk.png?size=80';
+  const allowedUrls = ['https://github.com/hugovk.png?size=80'];
+  const iconUrl = allowedUrls.includes(query) ? query : 'https://github.com/hugovk.png?size=80';
 
     // Fetch the image and convert it to a Base64-encoded string. Revalidate cache every 30days.
     const imageResponse = await fetch(iconUrl, { next: { revalidate: 2592000 } });
@@ -33,7 +34,6 @@ export async function GET(request) {
         </defs>
     </svg>`;
 
-
   const response = new NextResponse(svgContent);
   response.headers.set('Content-Type', 'image/svg+xml');
   return response;