diff --git a/routes/accounts.js b/routes/accounts.js
index 4b4aef6..336c2c0 100644
--- a/routes/accounts.js
+++ b/routes/accounts.js
@@ -126,6 +126,7 @@ function accountRoutes (server, options, next) {
       auth: false,
       validate: {
         headers: validations.sessionIdHeader,
+        query: validations.accountQuery,
         failAction: joiFailAction
       }
     },
diff --git a/tests/integration/routes/accounts/get-accounts-test.js b/tests/integration/routes/accounts/get-accounts-test.js
index 8a791c1..4f065d9 100644
--- a/tests/integration/routes/accounts/get-accounts-test.js
+++ b/tests/integration/routes/accounts/get-accounts-test.js
@@ -342,8 +342,16 @@ getServer(function (error, server) {
       })
     })
 
-    group.test('with ?include=foobar', {todo: true}, function (t) {
-      t.end()
+    group.test('with ?include=foobar', function (t) {
+      server.inject({
+        method: 'GET',
+        url: '/accounts/abc1234?include=foobar',
+        headers: headers
+      }, function (response) {
+        t.is(response.statusCode, 400, 'returns 400 status')
+        t.deepEqual(response.result.errors[0].detail, 'Allowed value for ?include is \'profile\'', 'returns error message')
+        t.end()
+      })
     })
 
     group.end()