Persistent HTTP 429 Rate Limiting on *.githubusercontent.com Triggered by Accept-Language: zh-CN Header

[Aoang]

Select Topic Area

General

Body

Hi GitHub Community and Staff,

I've recently encountered a persistent issue where accessing static assets hosted on githubusercontent.com subdomains results in an HTTP 429 "Too Many Requests" error. The error page displays the following message:

Access has been restricted
You have triggered a rate limit.

Please wait a few minutes before you try again;
in some cases this may take up to an hour.

Affected Domains

Through testing, this issue seems specific to certain subdomains under githubusercontent.com, including:

• raw.githubusercontent.com
• gist.githubusercontent.com
• camo.githubusercontent.com

Interestingly, requests to avatars.githubusercontent.com appear to be working normally without triggering this rate limit.

Key Finding: Accept-Language Header

Based on my own testing and reports from other users in the community, this rate limiting appears to be directly correlated with the Accept-Language header in the HTTP request. Specifically, if the request includes zh-CN, the 429 error is triggered. When I modify the request header to use a different language code (e.g., en-US, en), the same resources load successfully without any rate limiting.

Concerns

1. Persistence: Despite the error message suggesting waiting, this rate limit does not seem to resolve itself over time (even after hours or days) as long as the Accept-Language: zh-CN header is present. This indicates it might not be a standard, temporary rate limit based on request volume from an IP, but rather a more targeted restriction.

2. Rationality of Language-Based Limiting: Implementing access restrictions based on the browser's preferred language setting seems unusual and potentially problematic. A user's language preference doesn't necessarily correlate with malicious activity or excessive resource consumption. This restriction negatively impacts legitimate users whose systems or browsers are configured to use Chinese.

Suggestion

If rate limiting is indeed necessary for certain traffic patterns or regions, wouldn't using GeoIP data be a more appropriate and effective method? Targeting restrictions based on the source IP address's geographical location seems more logical for managing regional load or mitigating region-specific abuse, rather than relying on a user's language setting.

---

Could the GitHub team please investigate this behavior?

• Is this Accept-Language based rate limiting intentional?
• If so, could the reasoning behind it be shared?
• Would GitHub consider refining the rate-limiting mechanism, potentially using GeoIP or other methods that don't inadvertently block users based on their language preference?

Thank you for your time and consideration.

[TC999]

logined too

登录了也一样

[gamerbugreporter]

not *.githubusercontent.com

raw.githubusercontent.com will be restricted

user-images.githubusercontent.com and private-user-images.githubusercontent.com 's images will be displayed normally.

avatars.githubusercontent.com Some user avatars can be displayed, while others cannot.

camo.githubusercontent.comSome can be displayed, some can't be displayed. Some can be displayed sometimes and sometimes can't be displayed, it's quite random.

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[stasmas]

same issue

[akFace]

Same problem.

[liuyuhe666]

I also encountered the same problem.

[jhqwqmc]

[51mydao]

[51mydao]

I turn to jsDelivr instead

[51mydao]

https://www.nodeseek.com/post-325942-1

[fangshengren]

same problem, i cannot solve it

[smallprogram]

same problem

[acheong08]

Not only triggered by Accept-Language - https://github.com/acheong08/invidious-companion/actions/runs/14742025964/job/41382008664

I'm getting the error in GitHub Actions! Why in the world is GitHub rate limiting their own services?

[Mundi-Xu]

same

[hwdef]

Same problem. My avatar cannot be displayed.

[hwdef]

It's back to normal now.

[hwdef]

broke again.

[liasece]

same

[jwu114]

Just saw a solution in another discussion, and it worked for me: https://github.com/orgs/community/discussions/157851#discussioncomment-12987612

[panchiniak]

+1

[k0ste]

The same issue for builds

[anton-matosov]

I am experience the same issue in CI in recent days. Building docker containers that fetch some public GH files have started to randomly and frequently fail.
https://github.com/Dr-QP/Dr.QP/actions/runs/15079495052/job/42393669419#step:4:4762

[ElementRef]

I have set the env.GH_TOKEN

- name: Build with Node
  run: |
    node conf/generate.blackmatrix7.mjs
    node conf/generate.blocklist.mjs
    node conf/generate.esbuild.mjs
    node conf/generate.filter.mjs
  env:
    GH_TOKEN: ${{ github.token }}

Use env.GH_TOKEN by process.env.GH_TOKEN

const res = await fetch(src, {
  method: 'GET',
  cache: 'no-cache',
  credentials: 'omit',
  headers: {
    Authorization: `Bearer ${process.env.GH_TOKEN}`,
    'Content-Type': 'text/plain'
  }
});

I dose not work

[ElementRef]

429 should not happen in GitHub Actions Env
https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/

[ElementRef]

Same issue with

credentials: 'include',

[ItsBrank]

Not sure why github thought making the limit as low as they did was a good idea, this breaks thousands if not tens of thousands of repos that have automatic install scripts for users; that run commands and download from github. I keep encountering this myself every couple minutes and its making it almost impossible to test or debug stuff without changing ips constantly.

[dgreensp]

I am suddenly getting 429s from a GitHub Action that is actually using an auth token. It broke our deployment workflow.

[memcap]

I am suddenly getting 429s from a GitHub API access that is actually using an auth token. It broke our deployment workflow.

Same here—seeing 429s on a GitHub API access that’s using an auth token. Broke our deployment flow as well. Not sure if this warrants a new thread or if others are seeing the same thing.

[lyind]

This breaks CI features for us. If it continues I will have to disable certain CI checks/tests, possibly move some things off GitHub.

[nagelfargithub]

I am suddenly getting 429s from a GitHub API access that is actually using an auth token. It broke our deployment workflow.

Same here—seeing 429s on a GitHub API access that’s using an auth token. Broke our deployment flow as well. Not sure if this warrants a new thread or if others are seeing the same thing.

We were seeing the same thing. You can switch to using the REST API.

[martinstadelmann]

Thanks for pointing this out, it is possible for patches (i.e. patch-diff.githubusercontent.com) using:

curl -L \
  -H "Accept: application/vnd.github.v3.diff" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/pulls/PULL_NUMBER

[nagelfargithub]

So, instead of 429 we are now receiving 403 errors, authenticated.

[sterliakov]

This doesn't seem related to Accept-Language header? This problem broke Sublime Text's Package Control, sublimehq/package_control#1699, and their crawler certainly does not attempt to fetch repository info in Chinese. They started receiving 429s in bulk from raw.githubusercontent.com in a workflow that was working for years (authenticated requests, of course).

[jarofgreen]

Does anyone know how to actually authenticate to raw.githubusercontent.com? I posted a discussion at https://github.com/orgs/community/discussions/160828 about this.

[fernandoseguim]

Sad! This happens here too 😩

[GrayJacketStudios]

happening too to obsidianmd plugins and themes workflow...

[rushiiMachine]

We've been encountering this all day for Aliucord, with users getting 404s and 429s at random. Not sure what's been going on.

[vini2003]

Getting this today, too. Viewing Raw Gists is not working, 429.

[glpuga]

Happening now too.

Totally broke ROS package dependencies installation through the rosdep tool, which gets index files from githubusercontent, and thus also development container building. Right now any work that depends on rebuilding a docker is fundamentally stopped unless the dependencies are installed one by one by hand.

When this happened in April you could still get them to build after retrying, now it just fails everytime.

[glpuga]

For the people like me arriving here due to the issues in the last few days, check https://github.com/orgs/community/discussions/177971