How do you fix Cloudflare 520 unknown error?

Compare origin response directly with Cloudflare response, then fix malformed headers, oversized headers/cookies, or abrupt origin connection resets.

Question

How to fix Cloudflare 520 unknown error

Cloudflare 520 means Cloudflare reached your origin, but the origin returned an unexpected or invalid response.

What usually causes 520

Malformed or empty response headers from origin.
Oversized header/cookie payload (common with chained proxies).
Origin process resets connection before full response is sent.
WAF/plugin behavior that blocks Cloudflare edge in nonstandard ways.

Command flow that surfaces the issue quickly

# 1) Compare direct origin response with proxied response
curl -sv --resolve yourdomain.com:443:ORIGIN_IP https://yourdomain.com/ -o /dev/null
curl -sv https://yourdomain.com/ -o /dev/null

# 2) Inspect response headers size and structure
curl -sI --resolve yourdomain.com:443:ORIGIN_IP https://yourdomain.com/

# 3) Check service and recent errors
sudo systemctl status caddy --no-pager -n 30
sudo systemctl status nginx --no-pager -n 30
sudo journalctl -u caddy --since '30 minutes ago' --no-pager | tail -n 100
sudo tail -n 120 /var/log/nginx/error.log

Recovery order

Fix one concrete fault first: invalid headers, cookie bloat, or abrupt upstream reset. Then retest through Cloudflare before changing unrelated edge rules.

If the error is clearly a timeout, continue with Cloudflare 524 timeout occurred.

Generate a full Cloudflare diagnostics checklist