348

I noticed that I can only perform certain actions such as commenting a finite number of times in a given period of time. Obviously, rate limiting is in place to prevent accidental misuse or intentional abuse of certain features.

Where else is rate limiting applied on Stack Exchange sites, and what are the limits?

Return to FAQ index

2

1 Answer 1

341

Rate Limit Rationale

Loading pages

  • Undisclosed limit, applies to IP addresses
    • Applies to the entire network; if one makes too many requests on one or more sites, access to all network sites is restricted
    • Does not apply to non-load-balanced services not served from the same network as public Q&A (chat, the API, etc.)
    • Should not be triggered during normal browsing; if you get it, it either means you're sharing your IP with multiple users accessing the network, or your browser or an extension is hitting the site with one or more extra requests every time you load a page

Too many requests: This IP address has performed an unusual high number of requests and has been temporarily rate limited.

Comments

  • Voting & Flagging

    • Same amount of comment flags as one does post flags (default 10, may rise up to 100 based on flagging activity or reputation; see Flagging below)

      • Comment flag and post flag allowances are separate

    • 30 comment upvotes per day (automatic upvotes resulting from close votes do not count)

    • no minimum wait time between votes

      Comment voting - Daily vote limit reached; vote again in 3 hours

    • Can only flag one comment every 5 seconds

  • Deleting (treated like voting)

  • Creating

    Comment creation - You may add another comment in 24 seconds

  • Editing

    • comment can be edited every 5 seconds by its author or a diamond mod Comment editing - You may only edit a comment every 5 seconds
    • comments cannot be edited after 5 minutes (except by diamond moderators)

Searching

Asking

  • Users with < 125 rep on the current site, 40 minutes since their last question anywhere on the network (This applies to the user's IP address, not their account. If the user shares that IP with other users, they can be limited by the other user asking a question anywhere on the network; similarly, if the same user posts a question from a different IP address, they may not be limited.)

    Question limit - You can only post once every 40 minutes

    • Other per-site limits may apply; e.g. on Stack Overflow, new users can only ask once every 90 minutes. Some of these per-site limits do also check the account, not just the IP address.
    • While the limit is waived for users with 125+ reputation on a given site, questions posted on sites where one has 125+ reputation still count toward the rate limit for sites where one doesn't. For instance, if you ask a question on a site where you have 150 rep, you can't ask another question on a site where you have only 100 rep for the next 40 minutes; however, you can ask them in reverse order immediately (first on the 100-rep site, then on the 150-rep site).

  • Users limited by Anti-Recidivism System, one question per week

  • Users limited from asking questions for 1 – 7 days based on the performance of their previous questions

  • Users prevented from asking questions due to the quality filter: one question per 6 months

  • Users with < 10k rep trip CAPTCHA* if more than once per 60 seconds, or within 5 seconds of starting new post

  • Users with ≥ 10k rep trip CAPTCHA* if more than once per 30 seconds, or within 5 seconds of starting new post

  • On Stack Overflow, Super User, Server Fault and Mathematics (not active on all other sites)

    Sorry, you are only allowed to ask 50 questions in a 30 day period

  • Stack Exchange staff members are not subject to these rate limits on meta sites

Answering

Accepting

Editing

  • Edit at most 10 of one's own posts per day, plus 1 for every 2,000 reputation (e.g., a user with 7,000 rep would get 10 + floor(7,000/2,000) = 13 own posts edited per day).

    • Additional edits to the same post aren't counted
    • Edits made to posts scoring -1 or lower don't count
    • Edits to deleted posts don't count
    • Once the limit is hit, no more edits can be made to any of one's own posts, even if the edit would be exempt per the above criteria. Additionally, the check is based on the post's current score and deletion status, so if a negatively-scored post is upvoted to 0 or higher or a deleted post is undeleted, an edit to it will start counting toward the limit (or cease counting toward the limit if one of the opposite actions happen).
    • Edits to posts created on the same or previous UTC calendar day are always allowed
    • Does not apply to ♦ moderators or Stack Exchange staff members
    • The base threshold can be modified per site, but no site has modified it.
    • Rollbacks aren't considered edits for any of the above checks

    You have already edited 10 of your own posts today; further edits are not allowed until tomorrow

    (Source: What exactly is the rate limit for editing your own posts?)

  • At most 5 pending suggested edits per editor (20 on beta sites)

    • Limit is partially waived if submitting a tag wiki and excerpt suggested edit at the same time (which counts as two edits) - if the user only has space for one more pending edit, both edits will still be allowed, but they cannot submit another suggested edit until two of their pending edits are approved (i.e. they're no longer exceeding the limit)

  • Unregistered users can't suggest edits on posts < 10 minutes old

  • Users with < 10k rep trip CAPTCHA* if more than once per 30 seconds, or faster than 5 seconds after starting edit

  • Users with ≥ 10k rep trip CAPTCHA* if more than once per 10 seconds, or faster than 5 seconds after starting edit

  • You can only save a tag wiki edit once every 30 seconds, or once every 10 seconds if you have enough reputation (20k/4k on beta sites) to bypass the review queue. (Submitting a tag wiki edit along with a tag wiki excerpt edit at the same time for the same tag is not limited.)

* For all of the above thresholds for hitting CAPTCHA, if you have at least 200 reputation and have solved a CAPTCHA in the last 5 minutes, you will not have to solve one again.

Flagging

  • 10 flags per day by default

    • 1 bonus daily flag for every 10 net helpful flags in the user's flagging history (helpful minus declined, excluding other types such as disputed and aged away)
    • 1 bonus daily flag for every 2,000 reputation earned
    • A net negative helpful flag count can reduce a user's daily flag allowance to below 10
    • The number of daily flags is hard-capped at 100
    • On Server Fault, Super User, and Travel, all users have 100 flags per day, regardless of their flag history or reputation level

  • 5 seconds between flags (both flagging and retracting)

  • 3 seconds between opening the flag dialog

    You can only flag for moderator attention 48 times a day

    You may only flag a post every 5 seconds

    You may only load the flag dialog every 3 seconds

  • You can be banned from flagging when too many flags have been declined in a 7 day period; such a ban will automatically be lifted once the criteria no longer apply (after at most 7 days).

  • During some spam waves, staff temporarily raise the ceiling on total allowed daily flags, such as from 100 to 1000.

Reviewing

Thank you for reviewing 20 Close Votes today; come back tomorrow to continue reviewing.

Chat

  • 1 second between two messages, here's the true throttle curve

Chat Throttle Curve

  • There is a similar throttle for starring (details unknown)
  • There is a similar throttle for searching (details unknown)
  • Star limit is 20 stars per room, per day for each user.
  • 30 seconds between creating chat bookmarks

You can perform this action again in 21 seconds

Voting

  • 30 votes per day +10 for questions only (question-only votes can't be used once you've cast 25 votes on answers) (source)
    • To further elaborate: you get 10 Q-votes and 30 QA-votes per day. When you vote on a question, you'll use a Q-vote, and on an answer, you'll use a QA-vote. If you run out of Q-votes, you can continue voting on questions, but you'll be using QA-votes. However, once you have only 5 QA-votes left, you'll be blocked from using your Q-votes and all of your remaining voting for the day will use your QA-votes.
  • If one of the posts you vote on gets deleted the same day as you vote, your limit is recalculated as if you never cast that vote (i.e. in most cases, you can cast one more vote, but if you now have more than 5 unused QA-votes, your Q-votes will be unblocked, allowing you to vote more times).
  • If you vote and undo your vote 30 times, your vote gets locked in.

You have voted and undone your vote too many times. Your vote is now locked in

Logging in

  • 3 failed attempts within a minute before a CAPTCHA is displayed

Changing usernames

  • Last username change must be less than 15 minutes or more than 30 days ago. Does not apply to ♦ mods or accounts that are less than 2 days old.

Showing Upvote/Downvote totals

You may only fetch vote counts once every second

Expanding revision history from user activity

Closing

  • Can open close dialog once per 3 seconds
  • 50 close/reopen votes/day/user on Stack Overflow, Mathematics, Server Fault, Super User and Ask Ubuntu, 12 on Stack Apps, 24 on others. Source

You may only load the close dialog every 3 seconds

Deleting

  • Can only delete 5 of your own posts per day
    • Undeleting and re-deleting the same post on the same day won't count
    • Posts that were made on the same UTC calendar day or the previous UTC calendar day don't count
    • Posts that score -1 or lower don't count
    • Once the limit is reached, no more posts can be deleted, even if they'd be exempt per the above bullets. As with the editing rate limit, this is based on current score, so a post may cease to count or begin to count if its score changes (e.g., due to vote invalidations).
    • Doesn't apply to diamond moderators
  • 5 delete votes (at 10k) with an extra delete vote for every 1k rep above 10k, max of 30, per day
    • When a 10k+ user with delete votes remaining deletes one of their own posts, that deletion will deduct 1 from their delete votes for the day.
    • Other than that, the counts between self-deleted posts and delete votes for others' posts are kept separate: the number of self-deleted posts is limited to 5 per the above criteria, and if you've used all your delete votes but have not hit the above limit, you can still delete your own posts up until the limit (the counter will show as negative).
  • Question must be closed in order to be able to vote to delete it
  • A question can't be voted to delete until 2 days after closure, unless 20k+ and question score -3 or lower
  • Can only cast one delete vote and one undelete vote on the same post, except when you are the post owner or a moderator.
    • If you previously deleted or undeleted someone else's post as a moderator, you cannot vote to delete or undelete the post again if you later cease to be a moderator.

Deleting/destroying accounts

  • Moderators can delete/destroy only one account every 5 seconds.

Stack Exchange API

  • API request quotas
    • Request quotas are the maximum number of API requests in a rolling 24-hour period.
    • Maximum of 300 queries per 24 hours per IP address, if not using an API key value. Requests with an API key also count against this quota. It is not separate from the 10k quota, which means these 300 requests are likely to be consumed by applications using an API key.
    • Maximum of 10,000 queries per day per API key and IP address pair, if using a per-application API key, with some exceptions:
      • Some high-profile tools that actively help out with the Stack Exchange network receive special keys that grant them an extended limit (e.g., SmokeDetector has a limit of 100,000)
      • The now-deprecated iOS app used a special API key which granted a (theoretically) unlimited number of queries per day (up to 2,147,483,647, or 2^31-1 queries). The key is now read-only, but still exists and continues to have the unlimited limit.
      • The quota which is applied to the IP address is the same for all API requests made with a key value in the 24-hour period. The quota value which is used is the maximum quota assigned to any key which is used to make a request from that IP address within that 24 hour period (e.g., if a key with a 50k quota is used for a single request on the IP address, then all requests with a valid key value from that IP address in that 24 hour period have a 50k quota, regardless of what their normal quota would be).
    • Requests which use an access_token, in addition to a key, use a quota which is tied to the access_token. An access_token uniquely identifies an application + user pair. Each user has up to 5 additional 10,000 request quota pools which are allocated separately to the first 5 application + user pairs used for that user in a 24-hour period. Requests made with an access_token do not count against the IP based quotas.
  • A hard limit of 30 requests from any IP address per second. SE considers "> 30 request/sec per IP to be very abusive and thus cut the requests off very harshly." In normal operation, requests will almost always be throttled in other ways well before that hard limit.
  • Occasionally, queries can return a backoff value, to indicate how much time a given application needs to wait before it can perform another query. This value depends on the number and speed of the queries and the overall load on SE's servers, and can change based on various other factors. The exact criteria used for issuing a backoff are not disclosed.
  • SE uses multiple layers of rate limiting for the SE API. The criteria used for the rate limiting layers are not disclosed. Rate limiting is implemented both by the above mentioned backoff response and requests returning various errors, potentially with no additional information.
29
  • 3
    How are rate limits for non-humans implemented? Is a count of searches within a short period of time (lets say 5 seconds) calculated each time someone does a search? Commented Feb 19, 2013 at 8:41
  • 28
    Why are there even limits on the diamond mods? Commented May 31, 2013 at 15:52
  • @LanceRoberts What does "timer resets" mean, Sir? Commented Mar 9, 2014 at 13:08
  • 4
    @AveMaleficum, when you vote on a comment, a timer starts. Everytime you click on the vote or flag button instead of having a smaller amount of time left, the timer resets itself. So you end up trying to time things in your head waiting for it to expire, see here. Commented Mar 9, 2014 at 16:00
  • 2
    There's also a limit for page requests per IP address per time period which I think must have recently been tightened (saw it twice yesterday) but I don't know what the exact limit is. Commented Mar 9, 2014 at 17:44
  • 1
    Shouldn't per IP throttling occur only for anonymous users? IMO all API calls within the page should have a token associated with them and be throttled per user. Commented Mar 20, 2014 at 17:21
  • 1
    What is the point of throttling per action with respect to DoS as opposed to global rate-limiting? Commented Mar 20, 2014 at 17:36
  • 7
    ...yay, another 1 secondS. Why is it so hard to not fix all of these once and for all? Commented Mar 30, 2014 at 14:08
  • @Werner You linked to the tweet that answers your question. Commented Mar 30, 2014 at 21:07
  • 3
    @michaelb958: Sadly it doesn't answer it. It just gives Jeff's opinion about these things. There are so many quantifiers on this website and I wonder why nobody ever takes to time to consider the singular/plural issue from the start... It seems as simple as writing a function where you pass it the quantity and it will return either an "s" or nothing and append that to the quantifier. It seems so fundamentally straight-forward. Commented Mar 31, 2014 at 0:58
  • 3
    @Werner Jeff was the original CTO, and the pluralisation code was written under his watch (if not by him), so his opinion carries a little more weight. The current team could fix them now if it justified the resources, and if they weren't scared of the giant S. (They might be fixing them right now, and they just haven't told us yet so Jeff doesn't find out until that security upgrade's done.) Commented Mar 31, 2014 at 1:10
  • 3
    @LanceRoberts How should the chat throttle chart be interpreted? What's the data used to generate it? Commented Jul 28, 2014 at 9:27
  • @Shadow, any reference on the comment rate-limit changes? Commented Mar 11, 2015 at 14:24
  • 1
    @bad_coder What you wrote here is that editing other people's posts is limited based on reputation. The answer you linked, answer to: How many edits can a high-rep user have?, explicitly states there's no limit to editing other people's posts, but that there is a limit to editing your own posts. Commented Sep 14, 2021 at 4:55
  • 2
    Should not be triggered during normal browsing; if you get it, it either means you're sharing your IP with multiple users accessing the network I'm behind corporate network and there will be potentially hundreds of users accessing stackoverflow from the same IP address. We get the Loading pages rate limit fairly often with normal usage, is there any way to avoid this? Commented Mar 22, 2022 at 20:21

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.