GitHub Enterprise can show both avatars and identicons to visually identify users.

Avatars and identicons are disabled by default.

If you enable avatars, GitHub Enterprise will use the Gravatar API to fetch avatar images from an avatar host server. This is secure.gravatar.com by default, but there are many alternatives, including:

You can write and/or host your own avatar service, as well—it just needs to implement the Gravatar API.

GitHub Enterprise will ask its avatar host to use an identicon as the default image when the avatar host does not have an image associated with a user account's email address. That identicon will be served by either your GitHub Enterprise appliance or GitHub.com, a choice that you make when you enable avatars.

It's important to note that the Gravatar API requires the default image URL to be publicly accessible via HTTP or HTTPS (ports 80 and 443, respectively). Identicons will appear as broken images if your avatar host (e.g. Gravatar) is unable to access your identicon host (e.g. your appliance). In other words:

  • Don't use your GitHub Enterprise appliance as the fallback identicon host with an external avatar service (e.g. Gravatar) that cannot access it.
  • Don't use GitHub.com as the fallback identicon host with an internal avatar service (e.g. a server on your intranet) that cannot access it.

Also note that when you use any external avatar host (e.g. Gravatar) or any external identicon host (e.g. GitHub.com), you may inadvertently leak internal data (e.g. repository names) via referrer headers in the requests made to get the avatars and/or identicons.