{"id":1387,"date":"2020-06-07T02:13:29","date_gmt":"2020-06-06T18:13:29","guid":{"rendered":"https:\/\/www.wesbytes.com\/guide\/?post_type=kb&#038;p=1387"},"modified":"2026-01-12T15:05:30","modified_gmt":"2026-01-12T07:05:30","slug":"error-520-web-server-is-returning-an-unknown-error","status":"publish","type":"kb","link":"https:\/\/www.servergigabit.com\/guide\/kb\/error-520-web-server-is-returning-an-unknown-error","title":{"rendered":"Error 520: Web server is returning an unknown error"},"content":{"rendered":"<h4><strong>Error 520: Web server is returning an unknown error<\/strong><\/h4>\n<p>Error 520 is essentially a catch-all response when something unexpected happens or when the origin server incorrectly interprets or does not tolerate a request due to a protocol violation or an empty response.<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/kinsta.com\/wp-content\/uploads\/2019\/10\/kinsta-error-520-example.png\" alt=\"Error 520\" width=\"1050\" height=\"500\" \/><\/p>\n<p>If\u00a0<em>Always Online<\/em>\u00a0is enabled on your site, this status code will trigger\u00a0an Always Online page\u00a0to be served.<\/p>\n<hr \/>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<h2 class=\"mkb-anchor__title\">Common causes<\/h2>\n<\/div>\n<p>While it can be triggered by unique or strange edge-case scenarios, Error 520 is commonly caused by:<\/p>\n<ul>\n<li>Connection resets after a successful TCP handshake<\/li>\n<li>Headers that exceed <a href=\"https:\/\/www.cloudflare.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Cloudflare<\/a>\u2019s header size limit (8kb)<\/li>\n<li>An empty response from the origin server<\/li>\n<li>An invalid HTTP response<\/li>\n<li>An HTTP response without response headers<\/li>\n<\/ul>\n<p>If you can confirm that any of the conditions above come from the origin web server hosting the site, we recommend consulting with the host provider or administrator for assistance with web server configuration to avoid further interruption and errors.<\/p>\n<p>This type of error generally occurs at the application layer (OSI layer 7). This means that it results from a bad response coming back from the application.<\/p>\n<p>Cloudflare Rate Limiting rules or other filtering requests (e.g., by connecting IP or volume\/frequency) may sometimes cause issues with your application. It is important to review and test these aspects of your overall configuration. Also, be sure to whitelist Cloudflare\u2019s IPs in the origin server. See a list of\u00a0Cloudflare IP ranges.<\/p>\n<hr \/>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<h2 class=\"mkb-anchor__title\">Troubleshoot Error 520<\/h2>\n<\/div>\n<p>Due to the nature of an Error 520 response, it is best to test against the origin web server. \u00a0You can use cURL and generate HTTP Archive files (HAR) as described below.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<h3 class=\"mkb-anchor__title\"><strong>Use a cURL command<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<\/div>\n<p>With cURL, you confirm if any of the conditions outlined above have triggered the error. This is especially true to determine if the origin server is returning an empty reply, invalid HTTP response, or extremely large response headers.<\/p>\n<p>Below is an example command used to force the\u00a0<strong>Host\u00a0<\/strong>HTTP header while sending the request to the source IP address where the domain is hosted. In this example, we are sending a request for a login page:<\/p>\n<pre>curl -vso \/dev\/null --user-agent \"Mozilla 5.0\" -H \"Host: example.com\"<\/pre>\n<p>Below is an example output where the origin response with an empty reply, which would normally trigger a 520 error if the request was proxied by Cloudflare:<\/p>\n<pre>* Hostname was NOT found in DNS cache\r\n* \u00a0\u00a0Trying 123.123.123.321...\r\n* Connected to 123.123.123.321 (123.123.123.321) port 80 (#0)\r\n&gt; GET \/login HTTP\/1.1\r\n&gt; User-Agent: Mozilla 5.0\r\n&gt; Accept: *\/*\r\n&gt; Host: example.com\r\n&gt;\r\n* Empty reply from server\r\n* Connection #0 to host 123.123.123.321 left intact<\/pre>\n<p>A successful response header might look something like this:<\/p>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<pre>* Hostname was NOT found in DNS cache\r\n* \u00a0\u00a0Trying 123.123.123.321...\r\n* Connected to 123.123.123.321 (123.123.123.321) port 80 (#0)\r\n&gt; GET \/login HTTP\/1.1\r\n&gt; User-Agent: Mozilla 5.0\r\n&gt; Accept: *\/*\r\n&gt; Host: example.com\r\n&gt;\r\n&lt; HTTP\/1.1 200 OK\r\n&lt; Content-Type: text\/html\r\n&lt; Date: Day, DD, Month Year Hour:Minute:Second Timezone\r\n{ [14240 bytes data]\r\n* Connection #0 to host 123.123.123.321 left intact<\/pre>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<h3 class=\"mkb-anchor__title\"><\/h3>\n<\/div>\n<\/div>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<h3 class=\"mkb-anchor__title\"><strong>Generate an HAR file<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<\/div>\n<p>Another troubleshooting task is to generate an HTTP Archive file (HAR) for a request going both direct to the origin web server and through Cloudflare. \u00a0See\u00a0How do I generate a HAR file?<\/p>\n<p>HAR files are useful for comparing the response headers coming from the origin server and from Cloudflare as the proxy; for example, to confirm if the response header is too large.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<div class=\"mkb-anchor mkb-clearfix mkb-back-to-top-inline\">\n<h2 class=\"mkb-anchor__title\">Need additional help?<\/h2>\n<p>&nbsp;<\/p>\n<\/div>\n<p>If the problem persists after following the troubleshooting advice above, you can file a support ticket and include the following information:<\/p>\n<ul>\n<li>The steps to reproduce the error<\/li>\n<li>HAR files for both direct origin and Cloudflare-proxied requests<\/li>\n<li>rayIDs from errors seen<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Error 520: Web server is returning an unknown error Error 520 is essentially a catch-all response when something unexpected happens or when the origin server incorrectly interprets or does not tolerate a request due to a protocol violation or an empty response. If\u00a0Always Online\u00a0is enabled on your site, this status code will trigger\u00a0an Always Online page\u00a0to be served. Common causes&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"kbtopic":[43],"kbtag":[1498],"class_list":["post-1387","kb","type-kb","status-publish","hentry","kbtopic-cloudflare","kbtag-error-520"],"_links":{"self":[{"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/kb\/1387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/comments?post=1387"}],"version-history":[{"count":3,"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/kb\/1387\/revisions"}],"predecessor-version":[{"id":6117,"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/kb\/1387\/revisions\/6117"}],"wp:attachment":[{"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/media?parent=1387"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=1387"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.servergigabit.com\/guide\/wp-json\/wp\/v2\/kbtag?post=1387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}