← All Status Codes
429
Too Many Requests
⚠️ Client Error High Risk

📖 What Is HTTP 429?

The user has sent too many requests in a given time period. Rate limiting is being enforced. The response should include a Retry-After header.

🛡️ Security Implications

Rate limiting defense against brute force, credential stuffing, and API abuse. Essential for login endpoints and API keys.

🔍 Common Causes

Exceeded API rate limit, too many login attempts, automated scraping detected, DDoS mitigation triggered.

🔧 How to Fix

Wait for the Retry-After period. Implement exponential backoff in your client. Use API keys with higher rate limits if available.

🖥️ How to Check

curl -I -o /dev/null -w "%{http_code}" https://example.com

🔗 Related Client Error Codes

400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
405
Method Not Allowed
406
Not Acceptable
407
Proxy Auth Required
408
Request Timeout
📚 Learn Web Security — Free Course