diff --git a/modules/image/image.module b/modules/image/image.module
index b7d6cdd..a3f36da 100644
--- a/modules/image/image.module
+++ b/modules/image/image.module
@@ -995,8 +995,15 @@ function image_style_url($style_name, $path) {
   $uri = image_style_path($style_name, $path);
   // The token query is added even if the 'image_allow_insecure_derivatives'
   // variable is TRUE, so that the emitted links remain valid if it is changed
-  // back to the default FALSE.
-  $token_query = array(IMAGE_DERIVATIVE_TOKEN => image_style_path_token($style_name, file_stream_wrapper_uri_normalize($path)));
+  // back to the default FALSE. However, sites which need to prevent the token
+  // query from being emitted at all can additionally set the
+  // 'image_suppress_itok_output' variable to TRUE to achieve that (if both are
+  // set, the security token will neither be emitted in the image derivative URL
+  // nor checked for in image_style_deliver()).
+  $token_query = array();
+  if (!variable_get('image_suppress_itok_output', FALSE)) {
+    $token_query = array(IMAGE_DERIVATIVE_TOKEN => image_style_path_token($style_name, file_stream_wrapper_uri_normalize($path)));
+  }
 
   // If not using clean URLs, the image derivative callback is only available
   // with the query string. If the file does not exist, use url() to ensure
@@ -1008,8 +1015,12 @@ function image_style_url($style_name, $path) {
   }
 
   $file_url = file_create_url($uri);
-  // Append the query string with the token.
-  return $file_url . (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
+  // Append the query string with the token, if necessary.
+  if ($token_query) {
+    $file_url .= (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
+  }
+
+  return $file_url;
 }
 
 /**
diff --git a/modules/image/image.test b/modules/image/image.test
index 0a3ab50..7826653 100644
--- a/modules/image/image.test
+++ b/modules/image/image.test
@@ -272,6 +272,7 @@ class ImageStylesPathAndUrlTestCase extends DrupalWebTestCase {
       $this->assertResponse(200, 'Existing image was accessible at the URL wih an invalid token.');
     }
 
+
     // Allow insecure image derivatives to be created for the remainder of this
     // test.
     variable_set('image_allow_insecure_derivatives', TRUE);
@@ -311,6 +312,15 @@ class ImageStylesPathAndUrlTestCase extends DrupalWebTestCase {
     $this->drupalGet($nested_url);
     $this->assertResponse(200, 'Image was accessible when a correct token was provided in the URL.');
 
+    // Suppress the security token in the URL, then get the URL of a file. Check
+    // that the security token is not present in the URL but that the image is
+    // still accessible.
+    variable_set('image_suppress_itok_output', TRUE);
+    $generate_url = image_style_url($this->style_name, $original_uri);
+    $this->assertIdentical(strpos($generate_url, IMAGE_DERIVATIVE_TOKEN . '='), FALSE, 'The security token does not appear in the image style URL.');
+    $this->drupalGet($generate_url);
+    $this->assertResponse(200, 'Image was accessible at the URL with a missing token.');
+
     // Check that requesting a nonexistent image does not create any new
     // directories in the file system.
     $directory = $scheme . '://styles/' . $this->style_name . '/' . $scheme . '/' . $this->randomName();