LocalHost.Co
Home / Articles / http error 520
error-codes

http error 520

Explore the causes of HTTP Error 520 Web Server Returned an Unknown Error. Learn how Cloudflare handles abnormal origin responses and how admins can troubleshoot them.

22 Mar 2026

The http error 520, designated by Cloudflare as "Web Server Returned an Unknown Error," acts as a catch-all status code for unpredictable or abnormal behavior from a backend server. When Cloudflare proxies a request to your origin hosting server, it expects a standard HTTP response. If the origin server responds with something that violates the HTTP protocol, abruptly drops the connection, or sends completely empty data, Cloudflare cannot serve the request and instead throws a 520 error.

Understanding the 520 Catch-All Error

Unlike specific errors that point to exact problems (like a 504 Gateway Timeout or a 525 SSL Handshake Failure), a 520 error is intentionally vague. It essentially means: "The origin server did something so strange or unexpected that Cloudflare's proxy does not know how to translate it into a standard error code."

This makes the 520 error notoriously difficult to troubleshoot because the root cause could lie anywhere within the origin server's application code, its web server software (Apache, Nginx), its TCP stack, or its local firewall.

Common Causes of an HTTP 520 Error

Despite being a catch-all, system administrators and developers have identified several frequent culprits that reliably trigger a 520 response from Cloudflare.

1. Empty Responses

If the origin server successfully accepts the connection but immediately closes it without sending any HTTP headers or body data, Cloudflare interprets this as an unknown error. This often happens if a backend application (like a PHP script or a Node.js process) crashes fatally midway through execution without outputting an error trace.

2. Connection Reset by Peer (TCP Reset)

Sometimes, the origin server's operating system or a local security module (like an overly aggressive firewall) forcefully sends a TCP RST (Reset) packet to Cloudflare immediately after the request is received. Since the connection was aborted unceremoniously, Cloudflare throws a 520.

3. Excessive Header Size

Cloudflare imposes strict limits on the size of HTTP headers returned by the origin server (typically around 8KB). If your application sends back massive headers—such as an enormous amount of tracking cookies or bloated authentication tokens—Cloudflare will refuse the response and issue a 520 error.

4. Malformed HTTP Headers

If the origin server's software contains a bug and formats the HTTP response headers incorrectly (e.g., missing carriage returns, invalid characters, or violating HTTP/1.1 syntax), Cloudflare's parser will reject the response as invalid.

How to Troubleshoot and Fix a 520 Error

Because the error is triggered by anomalous behavior, you must dive deep into your origin server's logs to find the culprit.

Step 1: Check Application and Web Server Logs

Start with your web server error logs (e.g., `/var/log/nginx/error.log` or `/var/log/apache2/error.log`). Look for segmentation faults, worker process crashes, or out-of-memory (OOM) killer events. If Nginx or Apache crashes while processing the request, it will result in an empty response to Cloudflare.

Step 2: Analyze Response Headers

Bypass Cloudflare and test your origin server directly using cURL: `curl -I -H "Host: yourdomain.com" http://your_origin_ip/`. Inspect the size and formatting of the headers returned. If you see dozens of `Set-Cookie` directives or massive custom headers, you need to optimize your application to send less metadata.

Step 3: Review Firewall and Security Modules

If you use security software like Fail2Ban, iptables, or ModSecurity on your origin server, check their logs. They might be interpreting Cloudflare's proxy traffic as malicious and abruptly resetting the TCP connection. Ensure all Cloudflare IP ranges are explicitly whitelisted.

Step 4: Use Packet Sniffing (Advanced)

If the logs show nothing, the connection might be dropping at the TCP layer. Use a tool like `tcpdump` or Wireshark on the origin server to capture traffic coming from Cloudflare. Look for RST packets originating from your server. This can pinpoint whether the OS, the firewall, or the web application is killing the connection.

Frequently Asked Questions

Why does the 520 error only happen on specific pages?

If only one page throws a 520, the issue is almost certainly within the application code running that page. That specific script might be encountering a fatal error, creating an infinite loop that crashes the worker, or generating headers that are too large.

Can a DDoS attack cause a 520 error?

Yes. If your origin server is overwhelmed by an attack (either bypassing Cloudflare or a sophisticated Layer 7 attack), the server's resources may exhaust so severely that it starts dropping connections ungracefully, resulting in intermittent 520 errors.

Is a 520 error the same as a 500 Internal Server Error?

No. A 500 error means the origin server gracefully caught an internal error and generated a properly formatted HTTP 500 response message. A 520 means the server failed so badly it couldn't even format a proper error response.

How can I get more detail from Cloudflare about the 520 error?

Cloudflare provides Ray IDs at the bottom of the error page. You can contact Cloudflare support with this Ray ID, and they can check their internal edge logs to tell you exactly why their proxy rejected the origin's response (e.g., "header too large" or "connection reset").

Reviews

No approved reviews yet.

Name, review, and a 5-star rating.
Showing approved comments for this article and language.

Related Articles

  • err_ssl_protocol_error

    Learn how to fix the err_ssl_protocol_error in your browser. This comprehensive guide covers common causes like date/time issues, cached data, and antivirus settings.

  • err_http2_protocol_error

    Encountering the err_http2_protocol_error? Discover the root causes behind this HTTP/2 connection failure and follow our detailed solutions to restore access.

  • err_quic_protocol_error

    Resolve the err_quic_protocol_error quickly with our step-by-step troubleshooting guide. Fix connection issues by disabling QUIC, resetting flags, or checking extensions.

  • ssl_error_bad_cert_domain

    Fix the ssl_error_bad_cert_domain warning by understanding why a website's SSL certificate domain doesn't match the URL you visited and how to bypass it safely.

  • ssl_error_no_cypher_overlap

    The ssl_error_no_cypher_overlap occurs when the client and server share no common encryption ciphers. Find out how to update protocols and bypass this barrier safely.

  • ssl_error_rx_record_too_long

    Struggling with ssl_error_rx_record_too_long? Learn how to fix this Firefox-specific secure connection error caused by server misconfigurations or port conflicts.

  • whea_uncorrectable_error

    A whea_uncorrectable_error is a serious hardware BSOD in Windows. Read our guide to diagnose CPU, RAM, or voltage issues and restore system stability permanently.

  • dxgi_error_device_removed

    Fix the dxgi_error_device_removed crash. Find out why your system thinks the graphics card was physically removed and how to resolve driver and power supply issues.