Cloudflare Error 520: Unknown Error

When your origin server returns an incomprehensible response

Error 520 is a Cloudflare-specific status code that doesn't exist in the standard HTTP specification. It indicates that the origin server returned an empty, malformed, or unexpected response that Cloudflare cannot interpret or forward to the client.

This error is particularly frustrating because it's often intermittent and difficult to reproduce. The response from the origin server is technically received, but its content is invalid. Unlike 521 (server unreachable) or 522 (connection timeout), 520 indicates a communication problem at the HTTP protocol level.

For sites behind Cloudflare, monitoring 520 errors is essential. MoniTao detects these errors in real-time and alerts you before your users complain. Understanding the causes allows you to put the right preventions in place.

Common causes of error 520

Error 520 usually originates from the origin server, not from Cloudflare. Here are the most common causes.

  • Premature connection close: the origin server closes the TCP connection before sending a complete HTTP response. This can happen during a PHP crash, application timeout, or process kill.
  • Invalid HTTP headers: response headers are malformed, too large (>8KB), or contain invalid characters. Cloudflare cannot parse the response.
  • Empty response: the server returns an HTTP connection without a valid body or headers. This often happens with scripts that crash before generating content.
  • Misconfigured keepalive: the origin server closes keepalive connections before Cloudflare reuses them, causing truncated response errors.

Diagnosing error 520

To resolve a 520, you need to identify whether the problem comes from your application, web server, or network configuration.

  • Test without Cloudflare: modify your hosts file to point directly to your origin server IP. If the error disappears, the problem is specific to Cloudflare-origin communication.
  • Check server logs: review Apache/Nginx error logs and PHP/application logs. Look for fatal errors, segfaults, and timeouts.
  • Use the Ray ID: every Cloudflare error includes a Ray ID. Use it in the Cloudflare dashboard to see request details and received headers.
  • Monitor resources: check CPU usage, memory, and server processes. A saturated server can close connections randomly.

Solutions to fix error 520

Resolution depends on the identified cause. Here are the most common fixes.

  • Fix application errors: fix PHP bugs that cause crashes or fatal errors. Ensure your application always returns a valid HTTP response, even on errors.
  • Increase resources: if the server lacks memory or CPU, increase PHP limits (memory_limit, max_execution_time) or server resources.
  • Configure keepalive: ensure origin server keepalive timeouts are longer than Cloudflare's (typically 300 seconds minimum).
  • Validate headers: verify your application doesn't send overly long or badly encoded headers. Use curl -I to inspect raw headers.

Configuration to prevent 520 errors

Here are recommended configurations to avoid 520 errors:

# Nginx - /etc/nginx/nginx.conf
# Increase timeouts for Cloudflare
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;

# Keepalive with Cloudflare
keepalive_timeout 300;
keepalive_requests 10000;

# Larger headers if needed
large_client_header_buffers 4 16k;

# PHP - php.ini
memory_limit = 256M
max_execution_time = 30
output_buffering = 4096

# Error handling (never send empty response)
display_errors = Off
log_errors = On
error_log = /var/log/php-errors.log

These configurations ensure the server keeps connections open long enough for Cloudflare and that errors are logged rather than interrupting the response.

Preventing 520 errors

Here are best practices to minimize occurrences of this error.

  • Continuous monitoring: use MoniTao to detect 520s as soon as they appear. Configure alerts to react before the problem worsens.
  • Robust error handling: implement global try-catch in your application to always return a valid HTTP response, even on exceptions.
  • Regular testing: periodically test your site bypassing Cloudflare to detect problems specific to proxy communication.
  • Centralized logs: correlate Cloudflare logs with your server logs to quickly identify error causes.

520 diagnostic checklist

  • Direct test of origin server (bypass Cloudflare)
  • Web server error logs reviewed
  • PHP/application error logs checked
  • Server resources (CPU, RAM) monitored
  • Timeouts and keepalive correctly configured
  • Response headers validated with curl -I

Frequently asked questions

How do I test my site without going through Cloudflare?

Modify your machine's hosts file (C:\Windows\System32\drivers\etc\hosts or /etc/hosts) to point your domain directly to your origin server IP. You'll then see the real errors without Cloudflare intermediary.

Does error 520 come from Cloudflare or my server?

The 520 code is generated by Cloudflare, but the cause is almost always on your origin server. Cloudflare uses this code when it receives a response it cannot correctly interpret.

How do I use the Ray ID to diagnose?

The Ray ID appears on the error page. In the Cloudflare dashboard, go to Analytics > Traffic, filter by this Ray ID to see request details, sent and received headers.

Does MoniTao detect 520 errors?

Yes, MoniTao detects all 5xx codes, including Cloudflare-specific codes (520-527). You'll receive an alert as soon as the error is detected.

Why is error 520 intermittent?

Intermittent 520s are often related to load spikes that exhaust resources, race conditions in code, or keepalive issues. Monitor temporal patterns to identify the cause.

What's the difference between 520, 521, and 522?

520 indicates an invalid response, 521 that the server refuses connection (server down), and 522 that the connection timed out (network timeout). 520 is hardest to diagnose because the connection establishes but the response is incorrect.

Conclusion

Cloudflare error 520 is a signal that your origin server is returning invalid or truncated responses. While the code is generated by Cloudflare, the solution is almost always on your infrastructure: application errors, server configuration, or insufficient resources.

With MoniTao, detect 520 errors in real-time and act before your users are impacted. Proactive monitoring combined with good error handling and logging allows you to resolve these issues quickly.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing