When Option Limit Rate is enabled, it does not include Retry-After header in 429 or 503 response found in RFC7231.

[suchislife801]

Information

https://www.whatismybrowser.com/w/CSS2S8F

Help request

Problem

When Option Limit Rate is enabled, it does not include Retry-After header in 429 or 503 response found in RFC7231.

Solution

There is variable $status that holds response status value. You could use map directive to define another variable that holds retry delay and use add_header directive.

add_header Retry-After $retry_after always;

add_header will not send header if value (second argument) is empty. And we need always flag, otherwise it will not set header for 429 status code.

Full example:

limit_req_zone $binary_remote_addr zone=ip:10m rate=5r/s;
limit_req_status 429;
limit_conn_status 429;

map $status $retry_after {
    default '';
    429 '120';
}

server {
    listen 80;
    location /api {
        limit_req zone=ip burst=12 nodelay;
        proxy_pass http://website;
        add_header Retry-After $retry_after always;
    }
}

Source

Stackoverflow - NGINX add Retry-After header to ONLY 429 Responses

[MrJmpl3]

Question, Can be a global header or only is acceptable per domain?