Gravatar
Gravatar is a service for providing globally unique avatars.
Websites Using Gravatar
No websites detected yet. Analyze a website to contribute data.
What Is Gravatar?
Gravatar, short for Globally Recognized Avatar, is a free service that links a profile image (and a basic public profile) to an email address, so the same avatar follows a person across any website that supports it. The short answer for anyone asking what Gravatar is: it is the avatar service, operated by Automattic (the company behind WordPress.com), that lets sites display a user's profile picture based purely on their email address, which is why the same little avatar appears next to your name on countless WordPress blogs, comment threads, and developer tools.
Gravatar works on a beautifully simple premise. A user uploads an image once and associates it with one or more email addresses on Gravatar's site. Any participating website can then display that image by taking a visitor's email address, hashing it, and requesting the corresponding avatar from Gravatar's servers. Because the lookup is based on the email hash rather than any site-specific account, the avatar is portable: set it up once, and it shows up everywhere that supports the service without any further effort from the user.
Gravatar's reach is closely tied to WordPress. Because WordPress is the world's most widely used content management system and it integrates Gravatar for comment and author avatars out of the box, the service is embedded across a very large portion of the web. A precise current usage figure is hard to state with confidence, since detection methodologies vary and Gravatar requests are often generated dynamically, but detection sources such as Wappalyzer and BuiltWith consistently report Gravatar as extremely common, particularly on WordPress sites, comment systems, forums, and developer platforms. Beyond WordPress, many comment services, issue trackers, and Git hosting tools have historically used Gravatar to show user avatars.
How Gravatar Works
Gravatar works by mapping a hash of an email address to an avatar image. The flow is the same wherever it is used, and understanding it is also the key to detecting it.
First, a user registers an email address with Gravatar and uploads an image. Gravatar stores the association between that email and the image. When a website wants to show the user's avatar, it does not send the raw email to Gravatar. Instead, it normalizes the email (trimming whitespace and lowercasing it), computes a cryptographic hash of it, and builds an image URL that includes that hash. Historically Gravatar used an MD5 hash of the email; the service has since also supported SHA-256 hashes, but the long-standing and still very common pattern is an MD5 hex string in the URL.
The resulting URL looks like this:
- Core form:
https://www.gravatar.com/avatar/HASH, whereHASHis the hex hash of the normalized email. - Secure subdomain:
https://secure.gravatar.com/avatar/HASH, frequently seen on HTTPS pages. - With parameters: query parameters control behavior, most commonly
?s=or?size=for the pixel size,?d=or?default=for the fallback image when no avatar exists (options includempfor a generic silhouette,identicon,monsterid,retro,robohash, and others), and?r=for a content rating.
When Gravatar receives the request, it looks up the hash. If an avatar exists for that email, it returns the image at the requested size; if not, it returns the specified default, such as a generated identicon or a generic silhouette. The image is served from Gravatar's CDN with caching headers, so avatars load quickly and repeatedly across pages.
Gravatar also exposes a profile alongside the avatar. The same hash can be used to fetch a public profile (for example as JSON), which may include a display name, bio, links, and verified accounts that the user chose to make public. WordPress and other platforms sometimes use this to enrich author or commenter information.
A typical lifecycle on a WordPress comment thread looks like this: a visitor leaves a comment with their email address, WordPress hashes that email, builds a gravatar.com/avatar/HASH image URL at the configured size with a default fallback, and the browser requests that image, which Gravatar serves from its CDN, either the user's uploaded avatar or the chosen default.
How to Tell if a Website Uses Gravatar
Gravatar leaves a clear, recognizable fingerprint because its image URLs are distinctive and visible directly in page HTML. Here are the signals to look for and the tools that surface them.
Signals in the page and network
- Asset domain. The clearest signal is an
<img>whosesrcpoints atgravatar.com/avatar/orsecure.gravatar.com/avatar/. Any such image means the page is using Gravatar. - Hash in the URL path. Gravatar avatar URLs contain a long hexadecimal hash after
/avatar/, for examplegravatar.com/avatar/205e460b479e2e5b48aec07710c08d50. That hash (classically an MD5 of the email) is the signature pattern. - Query parameters. Look for
?s=or?size=(pixel size),?d=or?default=(fallback image such asmp,identicon, orretro), and?r=(rating). These commonly accompany Gravatar URLs. - WordPress association. Gravatar is built into WordPress, so seeing
gravatar.comavatars near/wp-content/paths, comment lists, or author bylines is a strong combined signal that the site runs WordPress. - Repeated avatars in comments. Multiple small avatar images in a comment section, all pointing at
gravatar.com/avatar/with different hashes, is a classic Gravatar pattern.
Tools to confirm it
| Tool | What you do | What it reveals |
|---|---|---|
| View Source | Open the page source in your browser | <img> tags with gravatar.com/avatar/HASH URLs and their parameters |
| DevTools Network | Open DevTools, reload, and filter requests by gravatar | Every avatar image loaded from Gravatar, with full URLs and headers |
| curl -I | Run curl -I "https://www.gravatar.com/avatar/HASH" | Response headers showing the image is served from Gravatar's CDN |
| Wappalyzer | Run the browser extension on the page | Flags Gravatar, and frequently WordPress alongside it |
| BuiltWith | Enter the domain on the BuiltWith site | Reports current and historical Gravatar detection |
Because Gravatar so often travels with WordPress, spotting it is also a useful clue about the underlying CMS. For broader context, see our guide on how to find out what technology a website uses and the walkthrough on how to tell if a website is built with WordPress. If you confirm WordPress, our profile of WordPress covers the wider stack that typically accompanies it.
Key Features
Gravatar's feature set centers on portable, email-based avatars that work the same way everywhere.
- Email-based portability. One avatar follows a user across every site that supports Gravatar, with no per-site upload.
- Hash-based privacy. Sites request avatars using a hash of the email rather than the raw address, so the plain email is not exposed in the image URL.
- Configurable size. A single query parameter requests any pixel size, so the same avatar serves thumbnails and larger images.
- Customizable fallbacks. When no avatar exists, sites choose a default, from a plain silhouette to generated identicons, monster, retro, or robot images.
- Public profiles. The same hash can return a public profile with a display name, bio, and verified links the user chose to share.
- CDN delivery. Avatars are served from a CDN with caching, keeping them fast across busy comment threads.
- Built-in WordPress support. Gravatar is integrated into WordPress out of the box, which is the main driver of its ubiquity.
A few of these deserve emphasis. The hash-based lookup is the conceptual heart of Gravatar: it lets any site display the right avatar from just an email address while keeping the raw email out of the public image URL. The customizable fallback images are a small but widely used feature, which is why so many comment sections show colorful generated identicons for users who never set up a Gravatar. And the deep WordPress integration is the single biggest reason Gravatar is so commonly detected, since every standard WordPress comment and author display can use it automatically.
Pros and Cons
Gravatar's trade-offs flow from its email-hash design and its role as a third-party avatar service.
Pros
- Truly portable avatars; set up once, recognized across many sites.
- Effortless for site owners, especially on WordPress where it works out of the box.
- Sensible, customizable fallback images for users without an avatar.
- Fast CDN delivery suited to pages with many avatars.
- Optional public profiles enrich author and commenter displays.
Cons
- Adds a third-party request to a domain outside the site's own infrastructure.
- Privacy considerations: although the email is hashed, an MD5 or SHA-256 hash of a known email can be matched, so the presence of a hashed email in a public page has been a point of privacy discussion.
- Dependent on Gravatar's availability; if the service is unreachable, avatars fall back to defaults or fail to load.
- Users must visit Gravatar separately to set or change their image, which some never do.
- For privacy-focused sites, any external avatar request may be undesirable compared with locally hosted images.
Gravatar vs Alternatives
Gravatar competes with other ways of providing user avatars. The comparison below frames where it sits relative to common alternatives.
| Approach | How the image is chosen | Distinctive trait | Best for |
|---|---|---|---|
| Gravatar | Hash of the user's email | Portable across many sites, WordPress-native | Blogs, comments, broad cross-site avatars |
| Locally uploaded avatars | User uploads to the specific site | Full first-party control and privacy | Apps wanting self-contained avatars |
| Generated identicons | Deterministic image from a seed | No external service or upload needed | Default placeholders without dependencies |
| Social-login avatars | Pulled from a connected account | Reuses an existing profile picture | Sites using social sign-in |
The most instructive comparison is Gravatar versus locally hosted avatars. Gravatar's strength is portability and zero effort for site owners, especially on WordPress, where the same email automatically yields the same recognizable face across the web. The cost is a third-party dependency and the privacy nuance of placing a hashed email in a public page. Locally uploaded avatars keep everything first-party, giving the site full control and avoiding any external request, at the cost of requiring each user to upload an image on each site and the site to store and serve those files. Generated identicons sidestep both an external service and uploads by deterministically drawing an image from a seed, which is exactly what Gravatar itself offers as a fallback. In practice, many WordPress sites use Gravatar precisely because it combines portability with automatic identicon fallbacks, covering both users who have an avatar and those who do not.
Use Cases
Gravatar fits a recognizable set of scenarios centered on showing user avatars from email addresses.
- WordPress comments and authors. Displaying commenter and author avatars automatically, the most common use by far.
- Comment systems and forums. Third-party comment platforms and discussion tools showing avatars based on participants' emails.
- Developer tools and Git hosting. Issue trackers and code-hosting tools that have historically shown Gravatar avatars next to contributors.
- Membership and community sites. Platforms that want recognizable, portable profile pictures without building their own avatar upload flow.
- Email and CRM tools. Applications that enrich a contact list with avatars derived from email addresses.
For competitive research and lead generation, spotting Gravatar on a site is a strong indirect signal that the site runs WordPress, given how tightly the two are linked. The presence of gravatar.com/avatar/ URLs in comment sections or author bylines is one of the quicker ways to infer a WordPress-based stack while profiling a target.
Frequently Asked Questions
Does seeing Gravatar mean a website runs WordPress?
Not always, but it is a strong hint. Gravatar is built into WordPress and used by default for comment and author avatars, so its presence frequently indicates a WordPress site. However, Gravatar is also used by various comment systems, forums, and developer tools that are not WordPress, so it is best treated as a strong clue to be confirmed with other WordPress signals rather than absolute proof.
What is the hash in a Gravatar URL?
It is a cryptographic hash of the user's normalized (trimmed and lowercased) email address. Gravatar historically used an MD5 hash and has since also supported SHA-256, but the long-standing pattern you will most often see is an MD5 hex string after /avatar/. The hash lets a site request the right avatar without putting the raw email address in the public image URL.
Is Gravatar a privacy concern?
It involves a privacy nuance. The email itself is not shown, but a hash of a known email can be matched back to it, so placing a hashed email in a public page has been a topic of privacy discussion. Site owners who are especially privacy-conscious sometimes disable Gravatar or use locally hosted avatars instead, while many sites accept the trade-off for the convenience of portable avatars.
What happens if a user has not set up a Gravatar?
The site receives the fallback image it requested through the d (default) parameter. Options include a plain silhouette (mp), or generated images such as identicon, monsterid, retro, and robohash. This is why comment sections often show colorful geometric or cartoon avatars for users who never created a Gravatar account.
How can I confirm a site is loading avatars from Gravatar?
Open DevTools, go to the Network tab, reload the page, and filter by gravatar. You will see image requests to gravatar.com/avatar/HASH or secure.gravatar.com/avatar/HASH, typically with size and default parameters. You can also use View Source and search for gravatar.com to find the avatar <img> tags directly.
Want to identify the CMS, services, and full technology stack behind any website instantly? Try StackOptic at https://stackoptic.com.
Alternatives to Gravatar
Compare Gravatar
Analyze a Website
Check if any website uses Gravatar and discover its full technology stack.
Analyze Now