Note: Error analytics by colo is exclusive to the enterprise level of service.



Error Analytics has been designed to provide customers with a deeper insight into the distribution of errors that are occurring on their website per colo. A colo (short for colocation, also referred to as PoP or Point of Presence) is a data center facility where Cloudflare runs its servers that make up our edge network. You can find a list of all of our colo’s here.


HTTP status codes that we see in a response passing through our edge are displayed in analytics. These codes can be split into three groups: ‘edge network errors’, ‘origin errors’ and '52x errors'.


Errors that originate from our edge servers -such as 502, 503, and 504 with 'Cloudflare'- are not reported as part of the error analytics.

Users may see a 100x error, which are not reported. These will be displayed as either 403 or 409 (edge) errors.


Edge Network errors

  • 400 - Bad Request intercepted at the Cloudflare Edge (e.g. missing or bad HTTP header)
  • 403* - Security functionality (e.g. Web Application Firewall, Browser Integrity Check, CAPTCHAs, and most 1xxx error codes)
  • 409* - DNS errors typically in the form of 1000 or 1001 error code
  • 413 - File size upload exceeded the maximum size allowed (configured under the Speed app)
  • 444 - Used by Nginx to indicate that the server has returned no information to the client, and closed the connection. This error code is internal to Nginx and is not returned to the client.
  • 499 - Used by Nginx to indicate when a connection has been closed by the client while the server is still processing its request, making the server unable to send a status code back.


Origin errors

  • 400 - Origin rejected the request due to bad, or unsupported syntax sent by the application.
  • 404 - Only if the origin triggered a 404 response for a request.
  • 4xx
  • 50x


52x errors

  • 520 - This is essentially a "catch-all" response for when the origin server returns something unexpected, or something that is not tolerated/cannot be interpreted by our edge (i.e. protocol violation or empty response).
  • 522 - Our edge could not establish a TCP connection to the origin server.
  • 523 - Origin server is unreachable (e.g. the origin IP changed but DNS was not updated, or due to network issues between our edge and the origin).
  • 524 - Our edge established a TCP connection, but the origin did not reply with a HTTP response before the connection timed out.



Frequently Asked Questions


What information does the Tool Tip show?

  • The error code returned in the response
  • The time-stamp for the "bucket" you selected
  • The total count of that specific error code for that time-stamp
  • The % of total requests that serves that error
  • The top 5 colos (data-centers) where we served that error by count



Can I filter based on specific error(s)?


You can filter out specific error(s) by selecting one or more in the legend. Once you select an error it will be

greyed out in the drop down menu, and the error will no longer display as part of the graph.





In this example, by clicking on “404” in the legend we removed it from being displayed in the UI. 


Can I differentiate between errors coming from my origin vs Cloudflare?


In this version, we only count errors served from Cloudflare’s edge. However, errors such as 52x, can inform you about problems with your server.



What are the different sources for 503 errors?


We do count 503 errors from your origin that are passed as a response from the edge, though in this version 503 errors from the edge has multiple potential sources.

  • Your origin server had a 503.  We received this from the origin and the status code was in the response from the on the edge
  • Cloudflare detected malicious  Layer 7 traffic  and automatically issued a JS challenge that blocked the request
  • IUAM — This also logs every blocked request
  • Websocket rate-limit error