How does rate limiting really work?

It still makes a request to the server, but the server just returns 429.
so it would still eat up requests right?

I am wanting to be able to rate limit API Keys but idk how it would work out.

You can’t circumvent the rate limit by not responding to the requests it still gets counted. In order to prevent reaching the request limit you need to do something to prevent the requests from reaching the glitch project in the first time like adding some middleware with cloudflare or


ah yes i will hook up a domain soon, so i would have cloudflare stuff

hi @Cald-fan, rate limits are usually handled outside the application, in a different layer. In many setups, (including glitch’s i imagine) a request is handled by several other web servers with different jobs (proxies, load balancers etc.) before landing at the application and one of those is responsible for rate limiting as well.

If you want to look into how to implement one yourself, you can count the requests from each ip address in a time period and return your own 429 response when your own limit has been reached. you can look into LRU caches on how to implement that logic :slight_smile:


kinda off the question but is there a way if you know to know if the site came from glitch or came from my site? some programs allow you to change the orgin header, if not all.

you can always observe the headers in the request and try to come to a conclusion off that.

if you use http-only cookies and check their status, it might be enough for a simple case.

Epic! Thank you for your help