HTTP Status and Error Codes Reference
Learning Focus
A glossary of Cloudflare-specific error codes and their common resolutions.
Cloudflare 5xx Errors (The 52x Series)
Unlike standard 500 errors, Cloudflare's 520-527 codes specifically identify issues in the connection between the Cloudflare Edge and your Origin Server.
| Error | Name | Quick Meaning | Fix |
|---|---|---|---|
| 520 | Unknown Error | Origin returned something Cloudflare didn't understand | Check for server crashes or header overflows |
| 521 | Web Server Is Down | Origin refused the connection | Ensure web server is running and port is open |
| 522 | Connection Timed Out | TCP handshake timed out (15s) | Whitelist Cloudflare IPs in firewall |
| 523 | Origin Is Unreachable | Origin IP is not routable or down | Update DNS record or check origin connectivity |
| 524 | A Timeout Occurred | Response took >100 seconds | Optimize slow queries/scripts |
| 525 | SSL Handshake Failed | SSL handshake between CF and Origin failed | Check origin SSL config and TLS version |
| 526 | Invalid SSL Certificate | Origin SSL cert is expired/invalid (Full Strict) | Install valid cert or use Origin CA |
| 527 | Railgun Error | Issue with the Railgun optimizer | (Legacy) Check Railgun listener |
Cloudflare 1xxx Errors
These errors occur when the request cannot be processed by the Cloudflare Edge itself.
| Error | Name | Meaning |
|---|---|---|
| 1000 | DNS Points to Prohibited IP | Record points to a private IP (e.g. 192.168.x.x) |
| 1001 | DNS Resolution Error | DNS record doesn't exist or is invalid |
| 1015 | Rate Limited | You hit a rate limit (WAF, Bot, or Global) |
| 1016 | Origin DNS Error | Cloudflare cannot resolve the IP of your CNAME origin |
| 1020 | Access Denied | Blocked by a WAF rule, Firewall rule, or IP access rule |
| 1101 | Worker Exception | JavaScript error in your Workers code |
| 1102 | Worker CPU Limit | Worker script used too much CPU time |
Standard HTTP Codes (As handled by Cloudflare)
| Code | Meaning | Cloudflare Behavior |
|---|---|---|
| 301 | Permanent Redirect | Cached by default. Followed by Cloudflare if origin sends it. |
| 403 | Forbidden | Cloudflare or Origin blocked access. Check Firewall logs. |
| 404 | Not Found | Not cached by default (unless Cache Rule specifies). |
| 429 | Too Many Requests | Cloudflare is rate limiting the user. |
| 503 | Service Unavailable | Origin is overloaded. |
Key Takeaways
- 521/522 are the most common and usually indicate a firewall issue.
- 524 is almost always a performance issue on the origin.
- 1101/1102 are exclusively Worker-related.
- For all 5xx errors, check the Data Center code at the bottom of the page to see if it's localized.
What's Next
- This concludes the Cloudflare Platform Documentation. See the Cloudflare Status Page for real-time network updates.