How do I tell Cloudflare 520 from 524 quickly?

520 means origin response is malformed or unexpected, while 524 means origin is reachable but too slow to finish response in time. Compare direct-origin and proxied timings plus error logs.

Question

Cloudflare 520 vs 524: how to tell quickly

Teams often mix up these two and run the wrong checks. Use this quick split before changing infra settings.

One-line difference

520: origin response is invalid, malformed, or abruptly reset.
524: origin is reachable but takes too long to complete response.

Fast diagnosis matrix

Immediate fail with unusual header behavior: likely 520 path.
Slow request that eventually times out: likely 524 path.
Proxy path fails, direct path also unstable: inspect origin app/runtime first.

Command sequence

# Proxied response
time curl -sv https://yourdomain.com/your-endpoint -o /dev/null

# Direct origin response
time curl -sv --resolve yourdomain.com:443:ORIGIN_IP https://yourdomain.com/your-endpoint -o /dev/null

# Header and runtime logs
curl -sI --resolve yourdomain.com:443:ORIGIN_IP https://yourdomain.com/your-endpoint
sudo journalctl -u caddy --since '30 minutes ago' --no-pager | tail -n 120
sudo journalctl -u nginx --since '30 minutes ago' --no-pager | tail -n 120

What to fix first

If 520 pattern: fix invalid headers, cookie bloat, and reset-prone upstream behavior.
If 524 pattern: reduce synchronous workload and optimize slow endpoints.
Re-test through Cloudflare for 30-60 minutes before broader changes.

Need full runbooks? Open 520 troubleshooting and 524 troubleshooting.

Generate Cloudflare 52x checklist