diff --git a/httpd/httpd_test.go b/httpd/httpd_test.go
index 82d9fc0b..ea13b899 100644
--- a/httpd/httpd_test.go
+++ b/httpd/httpd_test.go
@@ -3147,7 +3147,7 @@ func TestRateLimiter(t *testing.T) {
 	resp, err = client.Get(httpBaseURL + healthzPath)
 	assert.NoError(t, err)
 	assert.Equal(t, http.StatusTooManyRequests, resp.StatusCode)
-	assert.NotEmpty(t, resp.Header.Get("Retry-After"))
+	assert.Equal(t, "1", resp.Header.Get("Retry-After"))
 	assert.NotEmpty(t, resp.Header.Get("X-Retry-In"))
 	err = resp.Body.Close()
 	assert.NoError(t, err)
diff --git a/httpd/middleware.go b/httpd/middleware.go
index e6d50bef..00f4f80a 100644
--- a/httpd/middleware.go
+++ b/httpd/middleware.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"time"
 
 	"github.com/go-chi/jwtauth/v5"
 	"github.com/lestrrat-go/jwx/jwt"
@@ -147,6 +148,7 @@ func verifyCSRFHeader(next http.Handler) http.Handler {
 func rateLimiter(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if delay, err := common.LimitRate(common.ProtocolHTTP, utils.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
+			delay += 499999999 * time.Nanosecond
 			w.Header().Set("Retry-After", fmt.Sprintf("%.0f", delay.Seconds()))
 			w.Header().Set("X-Retry-In", delay.String())
 			sendAPIResponse(w, r, err, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests)
diff --git a/webdavd/server.go b/webdavd/server.go
index 2aca18f1..8334898c 100644
--- a/webdavd/server.go
+++ b/webdavd/server.go
@@ -160,6 +160,7 @@ func (s *webDavServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 	delay, err := common.LimitRate(common.ProtocolWebDAV, ipAddr)
 	if err != nil {
+		delay += 499999999 * time.Nanosecond
 		w.Header().Set("Retry-After", fmt.Sprintf("%.0f", delay.Seconds()))
 		w.Header().Set("X-Retry-In", delay.String())
 		http.Error(w, err.Error(), http.StatusTooManyRequests)