dkduckkit.dev

X-RateLimit headers

Rate Limiting

The X-RateLimit-* header family is the de facto legacy standard for communicating rate limit state from server to client. While not standardised by any RFC, it became the informal standard through widespread adoption by GitHub, Twitter, and other major APIs. Common headers: X-RateLimit-Limit (quota), X-RateLimit-Remaining (requests remaining), X-RateLimit-Reset (unix epoch timestamp of next window reset), and X-RateLimit-Window (window duration in seconds).

Why it matters in practice

Despite being superseded by the IETF draft, X-RateLimit-* headers are still the majority format in production APIs. Most existing clients, SDKs, and monitoring tools are built to parse this format. New APIs should implement the IETF draft headers, but should consider also emitting X-RateLimit-* during a transition period to maintain compatibility with existing client code.

Common mistakes

  • Using the X-RateLimit-Reset unix timestamp without documenting the timezone — it should always be UTC epoch seconds.
  • Not including X-RateLimit-Remaining: 0 in 429 responses — some clients use this field to detect rate limiting, not the 429 status code itself.

Related Terms

RateLimit headers (IETF)

Standardized headers for communicating quota information.

HTTP 429 Too Many Requests

Standard status code for rate limiting responses.

Retry-After header

Specifies how long client should wait before retrying.

Try it in

Try in Rate Limit Calculator