diff --git a/combo/apps/search/models.py b/combo/apps/search/models.py
index 3652dee8..37e8f7af 100644
--- a/combo/apps/search/models.py
+++ b/combo/apps/search/models.py
@@ -202,6 +202,9 @@ class SearchCell(CellBase):
         if not cell.is_visible(request) or not cell.page.is_visible(request.user):
             raise PermissionDenied
 
+        if 'q' not in request.GET:
+            return HttpResponseBadRequest('missing query parameter')
+
         query = request.GET.get('q')
         if '\x00' in query:  # nul byte
             return HttpResponseBadRequest('invalid query string')
diff --git a/tests/test_search.py b/tests/test_search.py
index 38f7cf58..80847f56 100644
--- a/tests/test_search.py
+++ b/tests/test_search.py
@@ -433,6 +433,9 @@ def test_search_api(app):
     # search nul byte
     resp = app.get('/ajax/search/%s/_text/?q=baz\x00' % cell.id, status=400)
 
+    # search no parameter
+    resp = app.get('/ajax/search/%s/_text/' % cell.id, status=400)
+
 
 def test_search_on_root_page_api(settings, app):
     settings.KNOWN_SERVICES = {}