Rate Limiting

Return a consistent response when a client exceeds their quota.

Tags:

Optional
Security

If your site requires some form of rate limiting, you must return a consistent response when a client exceeds their quota. This response must use the 429 status code defined in RFC 6585 Section 4, as well as the Retry-After header defined in RFC 7231 Section 7.1.3. The Retry-After header should be set to the time at which the client can retry the request, using the http-date type instead of the delta-seconds type.

For purpose of browser-level caching, the server may also include the Vary header.

HTTP/1.1 429 Too Many Requests
Retry-After: Mon, 01 Jan 2018 00:00:00 GMT
Vary: Origin, Authorization

Last modified 2024-12-13: Merge pull request #17 from krotscheck/topic/typos (f80800d)