Question 1

What does Cloudflare error 520 mean?

Accepted Answer

Error 520 is a catch-all response that Cloudflare returns when the origin server sends something unexpected. The connection to the origin was established, but the response was either empty, malformed, had missing or incorrect headers, or was too large for Cloudflare to process. This error is unique to Cloudflare — you will not see it if clients connect directly to the origin, because it specifically represents Cloudflare's inability to interpret what the origin sent back.

Question 2

What causes Cloudflare error 520?

Accepted Answer

Origin server crashed or returned an empty response: The application on the origin server hit an unhandled exception, ran out of memory, or returned a response with no body and no headers. Cloudflare cannot forward an empty response, so it returns 520.

Response headers exceed Cloudflare's limits: Cloudflare has a 32 KB limit on response headers. If the origin sends excessively large headers (e.g., huge Set-Cookie values or custom headers), Cloudflare rejects the response.

Origin server is misconfigured or overwhelmed: The origin may be under heavy load and returning partial responses, or a reverse proxy (Nginx, Apache) in front of the application is misconfigured and sending malformed HTTP.

Cloudflare IP addresses are not whitelisted: If the origin firewall blocks some Cloudflare IPs, some requests succeed while others get dropped mid-response, producing intermittent 520 errors.

Question 3

How do I fix Cloudflare error 520?

Accepted Answer

Step 1: Check origin server logs — Look at your web server's error logs (Nginx error.log, Apache error_log, application logs) for crashes, timeouts, or 502/503 errors happening at the same time as the 520s.

Step 2: Test the origin directly — Bypass Cloudflare and connect to your origin IP directly to see what response it returns. If you get an empty response or connection reset, the problem is on the origin.

Step 3: Verify DNS records point to the correct origin — Ensure your A/AAAA records in Cloudflare point to the right origin server IP address.

Step 4: Check response header sizes — If your application sets large cookies or custom headers, reduce them below 32 KB total. Inspect response headers with curl.

Step 5: Whitelist all Cloudflare IP ranges — Ensure your origin firewall allows all Cloudflare IP ranges. Cloudflare publishes its IP list at cloudflare.com/ips.

Cloudflare Error 520: Web Server Returns an Unknown Error

Common Causes

Origin server crashed or returned an empty response

Response headers exceed Cloudflare's limits

Origin server is misconfigured or overwhelmed

Cloudflare IP addresses are not whitelisted

How to Fix It

Check origin server logs

Test the origin directly

Verify DNS records point to the correct origin

Check response header sizes

Whitelist all Cloudflare IP ranges

Quick Diagnostics

Related Error Codes

Web Server Is Down

Connection Timed Out

Origin Is Unreachable

Origin DNS Error

Frequently Asked Questions