520 Errors | Fix Unknown Origin Server Issues

What Are 520 Errors?

When your site runs through Cloudflare and visitors see a 520 error, the message comes from Cloudflare, not from your own web server. Cloudflare tried to fetch a page from the origin and received something it could not understand, such as an empty reply, broken headers, or a reset connection.

This status belongs to the 5xx family, which points to a server side issue. The browser did nothing wrong, and in most cases the visitor cannot fix anything on their own. The fault sits either on the origin hosting stack, between Cloudflare and the server, or in strict security rules that block Cloudflare requests.

Cloudflare labels this case as “web server is returning an unknown error”. That label describes the catch all nature of 520 errors: whenever the response from the origin does not fit a more specific code such as 502, 503, 504, or 522, Cloudflare falls back to 520.

Compared with standard 500 level codes issued directly by your server, a 520 error appears only when Cloudflare sits in front as a reverse proxy. Codes such as 500, 502, 503, or 504 come straight from the origin, while 520 shows that the proxy gave up because the reply looked empty, broken, or unfinished.

520 Error Messages On Cloudflare Sites

The basic browser view shows a plain error page with the 520 code, a short description, and some request details such as the Cloudflare Ray ID, the data center, and the visitor IP range. That information helps support teams track a request through Cloudflare logs and your own server logs.

From the visitor side, the pattern tends to look random. One page works, another page throws a 520 error, and a refresh may suddenly load the site again. That pattern points away from cached content and more toward live communication problems between proxy and origin.

On the server side, you usually see matching entries in error logs or access logs. These may show empty responses, early connection closes, PHP fatal errors, timeouts, or resource failures such as out of memory events. Joining Cloudflare request IDs with timestamps on your server is the fastest way to trace where a 520 began.

• Only Some Pages Fail — Users can open the home page but hit a 520 error on checkout, search, or admin paths.
• Errors Vary During The Day — Reports cluster around busy periods such as launches, sales, or email campaigns.
• One Region Sees More 520s — Traffic from certain countries or providers hits the 520 code more often than others.

Common Causes Behind A 520 Error

Hosting providers and Cloudflare both confirm that most 520 cases come down to a few recurring technical reasons. Some relate to server resources, some to network hiccups, and some to strict security layers that treat Cloudflare as suspicious traffic.

Some reasons leave clear fingerprints, while others only appear under load or on specific routes. Short bursts may point toward network trouble or rate limits, while steady 520 responses on the same path often trace back to application code or broken redirects.

The table below groups the main cause categories so you can match them with real behaviour on your site and pick the right path for deeper checks.

Each row describes a different failure path, yet all of them end with Cloudflare failing to parse what the origin sent back. The fix comes from narrowing that path down, then testing until responses become stable again.

If your host provides HTTP/2 or HTTP/3, protocol quirks can surface as a 520 error too. A partial handshake, misbehaving TLS offload, or outdated web server modules may cause the origin to drop connections in ways Cloudflare cannot classify under a standard code.

How To Fix A 520 Error Step By Step

Site owners often feel lost when they first see this code, because the message looks vague. A clear routine removes a lot of guesswork. Move through these steps in order and note what changes the behaviour, then you can dig deeper in that area.

Before you change settings, try to reproduce the 520 error in a controlled way. Note which URL fails, which browser you use, whether you are logged in, and how long the page takes to respond before the error appears. That context lets you repeat the same path after each tweak.

Start With Quick Client Side Checks

These first checks rule out short lived client issues so you do not chase a problem that already disappeared.

1. Refresh The Page — Ask the visitor to press reload once or twice, as a new request may bypass a one time hiccup.
2. Test From Another Network — Ask someone on a different connection or mobile data to visit the page and report whether the 520 error repeats.
3. Try Another Browser Or Device — Confirm that the problem is not linked to an extension or browser cache by loading the site from a clean device or private window.

Check Origin Server Health

Once you rule out a temporary client glitch, shift attention to the hosting stack. A 520 error points far more often to the origin than to Cloudflare itself.

• Open Your Hosting Panel — Log in to the provider dashboard and check CPU, memory, and process limits for spikes near the time of the 520 errors.
• Review Error Logs — Open raw web server error logs and application logs, then look for entries that match the minute and second of the Cloudflare Ray ID on the error page.
• Restart PHP Or Application Services — Use your hosting tools to restart PHP FPM, Apache, or Nginx so that stuck workers and crashed processes reset cleanly.
• Disable New Plugins Or Modules — If a 520 error began right after installing a plugin, theme, or server module, switch it off and test again before you dig into deeper layers.

Review Firewall And Security Layers

Many 520 errors come from well meaning security tools that block or throttle Cloudflare without showing a friendly message.

• Whitelist Cloudflare IP Ranges — Compare your firewall rules with the official Cloudflare IP list and add allow rules wherever the ranges are missing.
• Inspect ModSecurity Or WAF Logs — Look for blocked requests that match Cloudflare user agents or data center IPs, then relax false positive rules or add exclusions for safe traffic.
• Temporarily Disable Rate Limiting — Turn off aggressive rate limit or bot filters for a short test window to see whether the 520 error stops when those filters are relaxed.

Test Without Cloudflare As A Proxy

If the problem still appears, you need to decide whether the cause sits in Cloudflare, the origin, or the path between them. Testing direct connections gives a clear hint.

• Switch DNS Records To Grey Cloud — In the Cloudflare DNS tab, turn the orange proxy cloud off for the affected host so traffic goes straight to the origin.
• Load The Site By Direct IP — For a short test period, point a local hosts file entry or a curl request to the server IP and request the same page that triggered the 520 error.
• Compare HTTP Response Codes — If the origin returns a clean 200 or a clear 4xx or 5xx code while Cloudflare shows 520, capture those headers for support.

How To Prevent 520 Error Problems Returning

Once you tame the immediate fire, you can reduce the chance of new 520 errors with some habits and small adjustments. That way traffic remains stable even when load climbs or new features launch.

• Keep Server Resources In Headroom — Choose a hosting plan with enough RAM and CPU for peak hours and monitor usage trends so you can scale before limits hit.
• Monitor Error Rates Over Time — Use tools from your host or an external service to track 5xx codes and alert you when Cloudflare traffic begins to fail.
• Limit Heavy Or Experimental Plugins — On platforms such as WordPress, avoid stacking many complex plugins that hook every request and raise the risk of malformed responses.
• Test Changes In A Staging Environment — Apply big updates such as PHP version bumps, new security modules, or major theme changes on a staging site that also runs through Cloudflare.
• Review DNS And SSL Settings After Changes — Each time you move servers, switch ports, or replace certificates, double check the Cloudflare DNS panel and SSL mode so they still match the new setup.

Longer log retention on both the origin and Cloudflare helps later reviews. When you can scroll back through weeks of requests and responses, patterns behind a 520 error stand out much more clearly than during a tense outage.

When To Contact Hosting Or Cloudflare Support

Some 520 cases resolve quickly with the steps above. Others need access to logs and network layers that only your provider teams can see. At that point, clear information helps support engineers solve the case faster.

Before you open a ticket, gather simple facts about the outage window and the path a failing request followed. That timeline steers the first response away from generic advice and toward real root cause work.

• Collect Several Full Error Screens — Capture screenshots that show the complete Cloudflare 520 page with Ray IDs, timestamps, and data center names.
• Write Down Exact URLs And Times — List the affected paths and the time range when the 520 code appeared, including your own time zone and the visitor country where possible.
• Attach Matching Server Log Entries — Clip the section of your error log or application log that lines up with those Ray IDs so the host can connect client and server views.
• Explain Tests You Already Ran — Tell support which steps from this guide you tried, such as disabling a plugin or bypassing Cloudflare, so they can skip repeats.

When you send that bundle first to your hosting provider and then, if needed, to Cloudflare support, you give both teams the data they need to trace how this error passes through your stack. That cooperation shortens downtime and keeps repeat issues away.

Send us your feedbackTell us what you thought about this post

Name * Email *

Your comment *

Quick check — what is …? *

Send feedback