No Retry-After header

Hi, I am attempting to run some queries against the REST API, and I’m getting the abuse detection mechanism trigger. However, the docs mention a Retry-After header, which is missing from my response. We’re just doing a simple query for finding files in repositories, not creating any content, so I believe it should appear.

This is the response I get:

HTTP/2 403
date: Thu, 10 Jun 2021 18:06:36 GMT
content-type: application/json; charset=utf-8
x-accepted-oauth-scopes: repo
x-github-media-type: github.v3; format=json
x-ratelimit-limit: 30
x-ratelimit-remaining: 28
x-ratelimit-reset: 1623348454
x-ratelimit-used: 2
x-ratelimit-resource: search
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
x-github-request-id: xxx
  "documentation_url": "",
  "message": "You have triggered an abuse detection mechanism. Please wait a few minutes before you try again."

As you can see there’s no Retry-After header. Is there something different I should be doing?

Hi @ajdranse and welcome to the GitHub Support Community! I’ll be happy to take a look at this for you. What endpoint are you calling?


We’re just making queries of the form: (finding repos with Package.swift files of a certain size).

Looking at historical queries, we used to get Retry-After headers, but around a week ago it stopped for some reason. Any idea why?

Hi @ajdranse - I’ve checked with the search engineering team, and the most likely explanation is that you’re hitting our secondary rate limits which don’t return this header, instead of the primary rate limits. Our article “Dealing with abuse rate limits” may help out here, but please let me know if you have any questions!

Hi @GalaxyAllie, the docs you referenced say:
When you have been limited, use the Retry-After response header to slow down. The value of the Retry-After header will always be an integer, representing the number of seconds you should wait before making requests again. For example, Retry-After: 30 means you should wait 30 seconds before sending more requests.

That header used to be returned with the 403 response, but no longer are. I guess my question is if something changed on your end. The only case called out in the docs where it wouldn’t be is if one is creating content (which we aren’t).

Hi @ajdranse - I’ve spoke with the search engineering team and we’ve confirmed there have been no changes to these abuse rate limits. We’ve also confirmed that they will return a 403 response without a Retry-After header in this case, and you can find a few more details under “Abuse rate limits.”

I hope this clarifies what you’re seeing, but please let me know if you have any questions.