RateLimit-Limit
The unofficial RateLimit-Limit response header indicates the maximum number of requests a client is allowed to make within the current rate limit window.
Usage
RateLimit-Limit is one of three separate rate limit HTTP headers introduced in earlier IETF drafts. Together with RateLimit-Remaining and RateLimit-Reset, these headers give clients a clear picture of their rate limit quota and current consumption.
The header uses HTTP Structured Fields syntax. The
simplest form is a bare integer representing the
request quota. A more detailed form appends a policy
with a window parameter (w) indicating the time
window in seconds. Multiple policies are separated by
commas when a server enforces more than one rate limit
simultaneously.
These headers replace the older, non-standard
X-RateLimit-Limit, X-RateLimit-Remaining, and
X-RateLimit-Reset headers. Services like GitLab,
CircleCI, and OKX already send this header.
Note
The IETF draft
(draft-ietf-httpapi-ratelimit-headers) expired
without publication as an RFC. The draft's final
direction moved toward a single RateLimit header
paired with RateLimit-Policy instead of three
separate headers. The RateLimit-Limit,
RateLimit-Remaining, and RateLimit-Reset names
remain widely deployed as de facto conventions
from earlier draft versions.
Values
quota
An integer representing the maximum number of requests allowed within the current window. Sent as a bare number when no additional policy details are needed.
quota with window policy
The quota followed by a policy parameter w specifying
the window duration in seconds. The format is
<quota>;w=<seconds>. A policy name is optionally
included as an additional parameter.
Example
A simple quota of 500 requests per rate limit window. GitLab sends this format across its API and web endpoints.
RateLimit-Limit: 500
An API returning a quota of 120 requests with an
explicit 60-second window. The w parameter defines
the window length in seconds.
RateLimit-Limit: 120;w=60
A server enforcing two separate policies at once. The first allows 100 requests per 60-second window, and the second allows 1000 requests per 3600-second window.
RateLimit-Limit: 100;w=60, 1000;w=3600
When all three rate limit headers appear together, a client sees the full picture of remaining quota and time until reset.
RateLimit-Limit: 500
RateLimit-Remaining: 359
RateLimit-Reset: 60
See also
- RateLimit Fields for HTTP (draft-ietf-httpapi-ratelimit-headers)
- RateLimit-Remaining
- RateLimit-Reset
- Retry-After
- 429
- HTTP headers