Question

Cloudflare 52x error differences

When teams mix up 52x codes, they spend hours checking the wrong layer. Use this quick map before changing settings.

Fast map

• 521: Origin refused connection.
• 522: Cloudflare timed out reaching origin.
• 523: Origin IP unreachable / routing problem.
• 524: Origin connected but too slow to respond in time.
• 525: TLS handshake failed between Cloudflare and origin.
• 526: Origin certificate invalid for strict validation.

Practical rule

For 521-524, check origin availability, routing, and latency first. For 525-526, check certificate, SNI, chain, and strict TLS compatibility.

Generate the checklist for your code