Rate Limit Headers

Configure the rate limit response headers sent with each request.

Default Headers

By default, hitlimit includes standard rate limit headers in all responses.

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1706284800

Header Descriptions

Header	Description
`X-RateLimit-Limit`	Maximum requests allowed in the window
`X-RateLimit-Remaining`	Number of requests remaining in the current window
`X-RateLimit-Reset`	Unix timestamp when the rate limit window resets
`Retry-After`	Seconds until the rate limit resets (only on 429 responses)

Disable Headers

Turn off rate limit headers entirely.

hitlimit({
  limit: 100,
  window: '1m',
  headers: false
})

Custom Header Names

Use custom header names for compatibility with your API standards.

hitlimit({
  limit: 100,
  window: '1m',
  headers: {
    limit: 'RateLimit-Limit',
    remaining: 'RateLimit-Remaining',
    reset: 'RateLimit-Reset'
  }
})

IETF Draft Specification

Use headers compliant with the IETF rate limit header draft specification.

hitlimit({
  limit: 100,
  window: '1m',
  headers: 'draft-7'
})

// Results in headers:
// RateLimit-Limit: 100
// RateLimit-Remaining: 95
// RateLimit-Reset: 60

Selective Headers

Include only specific headers by setting others to false.

hitlimit({
  limit: 100,
  window: '1m',
  headers: {
    limit: 'X-RateLimit-Limit',
    remaining: false,  // Don't expose remaining count
    reset: 'X-RateLimit-Reset'
  }
})