diff --git a/api/user.go b/api/user.go
index 16ba45dc42..b905fb6391 100644
--- a/api/user.go
+++ b/api/user.go
@@ -2277,6 +2277,9 @@ func generateMfaQrCode(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+	w.Header().Set("Cache-Control", "no-cache")
+	w.Header().Set("Pragma", "no-cache")
+	w.Header().Set("Expires", "0")
 	w.Write(img)
 }
 
diff --git a/webapp/components/user_settings/user_settings_security.jsx b/webapp/components/user_settings/user_settings_security.jsx
index f28e341979..55a0a0e9a3 100644
--- a/webapp/components/user_settings/user_settings_security.jsx
+++ b/webapp/components/user_settings/user_settings_security.jsx
@@ -139,10 +139,9 @@ class SecurityTab extends React.Component {
         );
     }
     deactivateMfa() {
-        const data = {};
-        data.activate = false;
-
-        Client.updateMfa(data,
+        Client.updateMfa(
+            '',
+            false,
             () => {
                 this.props.updateSection('');
                 AsyncClient.getMe();