X-WS-RateLimit-Limit
WordPress.com applies rate limiting to API and web requests, and the X-WS-RateLimit-Limit unofficial response header reports the maximum number of requests allowed in the current window.
Note
The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated and needs to be transitioned to the formal naming convention for HTTP headers.
Usage
WordPress.com and sites running on Automattic's infrastructure apply rate limiting to API and web requests. The X-WS-RateLimit-Limit header reports the ceiling for the current window: the total number of requests a client is permitted to make before the server begins refusing or throttling additional requests.
The header appears alongside X-WS-RateLimit-Remaining, which shows how many requests remain before the limit is reached. Together, these two headers give API clients a clear view of their current consumption relative to the allowed maximum.
This header follows the same pattern as the widely
adopted X-RateLimit-Limit,
but with the WS- prefix scoping the header to
WordPress.com's specific infrastructure. The "WS"
prefix relates to WordPress.com infrastructure.
Values
Numeric request ceiling
The value is a positive integer representing the
maximum requests permitted in a single rate limit
window. WordPress.com commonly sets this to 1000
for standard API consumers.
Example
A response from a WordPress.com endpoint shows the rate limit ceiling. This value means the client is permitted 1,000 requests within the current window.
X-WS-RateLimit-Limit: 1000
In practice, both rate limit headers appear together so API clients receive a complete picture of their current standing.
X-WS-RateLimit-Limit: 1000
X-WS-RateLimit-Remaining: 993