HTTP Errors

What Is a 520 Status Code (Cloudflare)?

What Is a 520 Status Code (Cloudflare)? — conceptual illustration
On this page

HTTP 520 is a non-standard Cloudflare status code meaning the origin server returned a response Cloudflare cannot interpret. Cloudflare is a service that sits in front of many websites and forwards traffic to the site's real server (the "origin"). A 520 means the origin answered, but the answer was broken: it may have closed the connection mid-response, returned malformed headers (the metadata at the top of an HTTP reply), sent an empty body where Cloudflare expected content, or crashed entirely. From a scraper's point of view it is a 5xx — a server-side problem, not a block — but the cause varies enough that diagnosing it takes care.

Quick facts

Status family5xx — server error (Cloudflare-specific)
MeaningOrigin returned empty, unknown, or invalid response to Cloudflare
Common causesOrigin crash, malformed headers, premature close, origin firewall blocking Cloudflare
Retry safe?Yes — with exponential backoff; transient in most cases
Distinguishes from521 (origin down), 522 (origin timeout), 523 (origin unreachable)

What 520 actually indicates

520 is Cloudflare's catch-all: it uses this code when an origin failure does not match any of its more specific 5xx codes. The origin replied, but the reply violated HTTP in some way — oversized headers, a connection reset before the response body finished, a malformed status line, or an empty body where a length was promised. It is not a block aimed at your scraper. Cloudflare returns 520 to all clients when the origin misbehaves.

How to handle 520 in a scraper

Retry with exponential backoff — wait a little longer before each attempt (1s, 2s, 4s, 8s, max 5 attempts). Most 520s clear within a minute as the origin recovers. If a specific URL returns 520 consistently for an hour, the origin is likely broken — log it, alert, and move on rather than wasting crawl budget. Do not rotate proxies on a 520; the issue is server-side, so a new IP changes nothing.

When 520 hides a block

Rare but real: a few sites configure their origin firewall to drop scraper traffic at the TCP level (the connection layer, below HTTP), which reaches Cloudflare as a 520 instead of a proper 403. The tell is that the 520s correlate with your traffic specifically — a real browser request from the same IP succeeds. In that case treat it as a soft block: improve your TLS fingerprint (the signature of your client's encrypted-connection setup) and headers, then retry.

Code example

python
import requests, time

def fetch_with_520_retry(url, max_attempts=5):
    for attempt in range(max_attempts):
        r = requests.get(url)
        if r.status_code != 520:
            return r
        time.sleep(2 ** attempt)  # 1s, 2s, 4s, 8s, 16s
    raise RuntimeError(f'520 persisted after {max_attempts} attempts')

Related terms

What Is the 503 Status Code (503 Service Unavailable Error)?
HTTP 503 Service Unavailable means the server can't handle your request right now — usually because it's overloaded, under maintenance, or d…
What Is the 429 Status Code (429 Error)?
HTTP 429 Too Many Requests is the status code a server returns when a client has sent more requests in a given window than the server's rate…
What Is Cloudflare Error 1015?
Cloudflare error 1015 "You are being rate limited" means a website is blocking you because you sent too many requests too quickly. The site …
What Is Cloudflare Bot Management?
Cloudflare Bot Management is the enterprise-tier ML scoring system Cloudflare runs on every request to a protected zone. In plain terms: it …
What Is a 402 Error?
HTTP 402 Payment Required is the status code a server sends to say: "I won't do this until a payment, billing, or quota problem is fixed." I…
What Is the 405 Status Code (405 Method Not Allowed)?
HTTP 405 Method Not Allowed means the page exists, but it won't accept the HTTP method (the verb, like GET or POST) you used to ask for it. …
What Is the 422 Status Code (422 Unprocessable Entity)?
HTTP 422 Unprocessable Entity means the server understood your request perfectly but refused to act on it because the data inside failed a v…

Concept map

How 520 Error connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections
You are here · HTTP Errors
Building map…

Tools & solutions for this topic

Frequently asked questions

Is 520 the same as 502 Bad Gateway?

Conceptually similar, but 520 is Cloudflare-specific. 502 is the standard code meaning "the upstream server returned an invalid response." 520 is what Cloudflare uses when the failure does not fit any of its more specific 5xx codes (521, 522, 523, 524, 525, 526).

How long should I retry a 520?

Five attempts with exponential backoff (each wait longer than the last) covers about 30 seconds of total wait. Beyond that, the origin is sustainably broken, and continuing to retry burns crawl budget without helping.

Does 520 mean my scraper triggered something?

Almost never. A 520 is origin-side and affects all clients equally. If only your scraper sees 520s while normal browser traffic succeeds, you are likely looking at a TCP-level block dressed up as a 520 — fix your fingerprint, not your retry logic.

Last updated: 2026-05-31