diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php
index 37e8684bf0..426da57c39 100644
--- a/wp-includes/link-template.php
+++ b/wp-includes/link-template.php
@@ -4328,6 +4328,7 @@ function is_avatar_comment_type( $comment_type ) {
  * Retrieves default data about the avatar.
  *
  * @since 4.2.0
+ * @since 6.7.0 Gravatar URLs always use HTTPS.
  *
  * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
  *                           user email, WP_User object, WP_Post object, or WP_Comment object.
@@ -4358,6 +4359,9 @@ function is_avatar_comment_type( $comment_type ) {
  *                                  - 'X' (even more mature than above)
  *                                  Default is the value of the 'avatar_rating' option.
  *     @type string $scheme         URL scheme to use. See set_url_scheme() for accepted values.
+ *                                  For Gravatars this setting is ignored and HTTPS is used to avoid
+ *                                  unnecessary redirects. The setting is retained for systems using
+ *                                  the {@see 'pre_get_avatar_data'} filter to customize avatars.
  *                                  Default null.
  *     @type array  $processed_args When the function returns, the value will be the processed/sanitized $args
  *                                  plus a "found_avatar" guess. Pass as a reference. Default null.
@@ -4508,9 +4512,6 @@ function get_avatar_data( $id_or_email, $args = null ) {
 
 	if ( $email_hash ) {
 		$args['found_avatar'] = true;
-		$gravatar_server      = hexdec( $email_hash[0] ) % 3;
-	} else {
-		$gravatar_server = rand( 0, 2 );
 	}
 
 	$url_args = array(
@@ -4520,15 +4521,17 @@ function get_avatar_data( $id_or_email, $args = null ) {
 		'r' => $args['rating'],
 	);
 
-	if ( is_ssl() ) {
-		$url = 'https://secure.gravatar.com/avatar/' . $email_hash;
-	} else {
-		$url = sprintf( 'http://%d.gravatar.com/avatar/%s', $gravatar_server, $email_hash );
-	}
+	/*
+	 * Gravatars are always served over HTTPS.
+	 *
+	 * The Gravatar website redirects HTTP requests to HTTPS URLs so always
+	 * use the HTTPS scheme to avoid unnecessary redirects.
+	 */
+	$url = 'https://secure.gravatar.com/avatar/' . $email_hash;
 
 	$url = add_query_arg(
 		rawurlencode_deep( array_filter( $url_args ) ),
-		set_url_scheme( $url, $args['scheme'] )
+		$url
 	);
 
 	/**
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 07c4c0e46d..08c52e1110 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.7-alpha-58821';
+$wp_version = '6.7-alpha-58822';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.