diff --git a/doc/manual/change-authors.yml b/doc/manual/change-authors.yml
index d5e23ba04..348dfd06f 100644
--- a/doc/manual/change-authors.yml
+++ b/doc/manual/change-authors.yml
@@ -78,6 +78,9 @@ jade:
   forgejo: jade
   github: lf-
 
+kiara:
+  github: KiaraGrouwstra
+
 kjeremy:
   github: kjeremy
 
diff --git a/doc/manual/rl-next/x-github-api-header.md b/doc/manual/rl-next/x-github-api-header.md
new file mode 100644
index 000000000..3c9e8d0db
--- /dev/null
+++ b/doc/manual/rl-next/x-github-api-header.md
@@ -0,0 +1,23 @@
+---
+synopsis: "Set `X-GitHub-Api-Version` header"
+issues: [fj#255]
+cls: [1925]
+category: Development
+credits: kiara
+---
+
+Sets the `X-GitHub-Api-Version` header to `2022-11-28` for calls to the
+GitHub API.
+This follows the later version as per
+https://docs.github.com/en/rest/about-the-rest-api/api-versions?apiVersion=2022-11-28.
+
+This affected the check on whether to use the API versus unauthenticated
+calls as well, given the headers would no longer be empty if the
+authentication token were missing.
+The workaround to this used here is to use a check similar to an existing
+check for the token.
+
+In the current implementation, headers are (still) similarly sent to
+non-authenticated as well as GitHub on-prem calls.
+For what it's worth, manual curl calls with such a header seemed to
+break nor unauthenticated calls nor ones to the github.com API.
diff --git a/src/libfetchers/github.cc b/src/libfetchers/github.cc
index 32032258a..2ae127bc5 100644
--- a/src/libfetchers/github.cc
+++ b/src/libfetchers/github.cc
@@ -289,10 +289,10 @@ struct GitHubInputScheme : GitArchiveInputScheme
         // urls so we do not run into rate limits.
         const auto urlFmt =
             host != "github.com"
-            ? "https://%s/api/v3/repos/%s/%s/tarball/%s"
-            : headers.empty()
-            ? "https://%s/%s/%s/archive/%s.tar.gz"
-            : "https://api.%s/repos/%s/%s/tarball/%s";
+                ? "https://%s/api/v3/repos/%s/%s/tarball/%s"
+                : !getAccessToken(host)
+                    ? "https://%s/%s/%s/archive/%s.tar.gz"
+                    : "https://api.%s/repos/%s/%s/tarball/%s";
 
         const auto url = fmt(urlFmt, host, getOwner(input), getRepo(input),
             input.getRev()->to_string(Base::Base16, false));
@@ -308,6 +308,13 @@ struct GitHubInputScheme : GitArchiveInputScheme
             .applyOverrides(input.getRef(), input.getRev())
             .clone(destDir);
     }
+
+    Headers makeHeadersWithAuthTokens(const std::string & host) const
+    {
+        Headers headers = GitArchiveInputScheme::makeHeadersWithAuthTokens(host);
+        headers.emplace_back("X-GitHub-Api-Version", "2022-11-28");
+        return headers;
+    }
 };
 
 struct GitLabInputScheme : GitArchiveInputScheme