Permissions changed.
I noticed in the response header the x-xss-protection: 1; mode = block: is that an issue?
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2016 17:41:41 GMT
Content-Type: image/jpeg
Content-Length: 42
Server: Apache/2
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 28 Sep 2016 17:41:39 GMT
Etag: "2a-53d94dfa00482"
Accept-Ranges: bytes, bytes
Cache-Control: max-age=2592000
Expires: Fri, 28 Oct 2016 17:41:41 GMT
x-xss-protection: 1; mode=block
Connection: Keep-Alive
Age: 0