Introduction

Cloudflare 520 is a catch-all edge error for origin responses that are invalid, empty, or otherwise unexpected. It often appears when the server technically answers but does so in a malformed way that Cloudflare cannot turn into a normal HTTP transaction.

Symptoms

  • Cloudflare shows 520 Web Server Returned an Unknown Error
  • The issue is intermittent and harder to reproduce than a full outage
  • Direct origin tests may return empty responses, resets, or inconsistent status codes
  • The problem started after an app deploy or proxy configuration change
  • Large authenticated requests fail more often than simple page views

Common Causes

  • The upstream app crashes or resets the connection before sending a valid response
  • Response headers are malformed or too large
  • Cookies or application headers exceed practical proxy limits
  • A reverse proxy or plugin injects broken headers into the response path
  • Origin services behave differently under bot filtering, HTTP/2, or authenticated traffic

Step-by-Step Fix

  1. Check Cloudflare analytics and origin logs for the specific URLs, methods, and user patterns triggering the 520 responses.
  2. Test the failing route directly against the origin and inspect whether the server returns empty responses, resets, or malformed headers.
  3. Review recent application deploys, reverse proxy updates, and middleware changes that could alter response headers or connection handling.
  4. Inspect header size, cookie volume, and compression behavior on the affected routes, especially after login or cart flows.
  5. Look for app crashes, upstream timeouts, or worker restarts that happen before the response is fully written.
  6. Normalize or reduce oversized headers and remove broken custom header injections in app or proxy code.
  7. If the issue is route-specific, compare the failing endpoint with a working one served by the same stack.
  8. Re-test through Cloudflare after each fix and confirm the edge receives a stable valid HTTP response.
  9. Keep logs for edge errors and origin resets tied together so future 520 incidents are faster to diagnose.