521 vs 522 vs 524 Cloudflare Errors: What's the Difference?

When Cloudflare sits between your visitors and your server, Cloudflare-specific error codes tell you exactly where the failure occurred. The 521, 522, and 524 errors all indicate a problem with your origin server — not with Cloudflare itself — but each identifies a different type of failure.

Understanding which one you're seeing tells you exactly where to look.

The Quick Reference

521: Web Server Is Down

A 521 means Cloudflare tried to connect to your origin server and the connection was refused. Your server is reachable at the IP level, but nothing is listening on port 80 or 443.

What to check:

# Is Nginx running?
systemctl status nginx

# Is Apache running?
systemctl status apache2

# Is anything listening on port 80/443?
ss -tlnp | grep -E ':80|:443'

Common causes:

• Web server process crashed
• Web server never started after a server reboot
• A recent deployment broke the server config and nginx/apache refused to start
• Port 80/443 is blocked by a firewall (but the server is reachable on other ports)

Fix: Restart your web server. If it fails to restart, check the error log:

journalctl -u nginx -n 50
# or
journalctl -u apache2 -n 50

522: Connection Timed Out

A 522 means Cloudflare opened a TCP connection to your origin but the server never sent a response within the timeout period (usually 15 seconds for the initial connection).

What to check:

# Is the server under high load?
uptime
top

# Are there too many open connections?
ss -s

# Is port 80/443 accessible directly (bypassing Cloudflare)?
curl -I http://YOUR_ORIGIN_IP --header "Host: yourdomain.com" --max-time 10

Common causes:

• Server CPU pegged — accepting connections but too busy to respond
• Application hanging on database queries or external API calls
• Firewall accepting TCP connections but dropping packets (SYN accepted, no response)
• PHP-FPM, Gunicorn, or app server unresponsive while Nginx/Apache is still up

Fix: Identify and address the resource bottleneck. If it's recurring under load, you need scaling, query optimisation, or connection pooling.

524: A Timeout Occurred

A 524 means Cloudflare successfully connected to your origin and the origin accepted the request, but the response took too long. Cloudflare's default timeout is 100 seconds for most plans.

This is different from 522: the server responded, processed the request, and took too long — rather than not responding at all.

Common causes:

• A database query taking 90+ seconds
• A long-running background task being triggered via HTTP
• Waiting on a slow third-party API
• A report or export generating a large dataset synchronously

Fix options:

1. Optimise the slow operation — add indexes, cache results, paginate the response
2. Move to async — offload the long operation to a background job, return immediately with a job ID, poll for completion
3. Increase Cloudflare timeout — Enterprise plans allow custom timeouts; on Pro/Business, the Proxy Read Timeout is configurable in Cloudflare settings
4. Use a streaming response — send headers immediately and stream the body to prevent Cloudflare from timing out

All Three Mean Your Origin Is the Problem

The key thing 521, 522, and 524 have in common: Cloudflare is working correctly. These errors are Cloudflare telling you what your origin server is doing wrong. Resolving them requires fixing the origin.

If you're unsure whether the error is genuinely affecting users or is an isolated blip, checking your uptime monitor's logs will tell you — it connects from multiple locations and records every failure with timestamps.

Domain Monitor monitors your origin health alongside your main URL. When a 521, 522, or 524 occurs, you'll know immediately — not when your first support ticket arrives. Create a free account.

Related Troubleshooting

• ERR_CONNECTION_TIMED_OUT Fix for Website Owners
• Why Your Website Keeps Going Down at Night
• SSL_ERROR_RX_RECORD_TOO_LONG Fix Explained
• Why Your Website Loads for You but Not for Visitors