Health Checks Analytics
Once you have set up a standalone Health Check including notification emails, use Health Check Analytics to debug possible origin issues.
To access health check analytics:
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Traffic > Health Check Analytics.
You can evaluate origin uptime, latency, failure reason, and specific event logs:
- Health Checks By Uptime: Shows the percentage of uptime for individual origins over time.
- Health Checks By Failure Reason: Shows a breakdown of failures by the specific reason. See common error code causes and solutions below.
- Health Checks By Latency: Shows average latency – measured in round trip time — for individual origins over time.
- Event Log: Shows individual health check data.
- Select each record for additional details on Round trip time, the Failure Reason, the Average Waterfall (showing chronological data about request stages), Response status code, and more.
Set up alerts
Section titled “Set up alerts”You can configure alerts to notify you of any changes in your health check status.
Health Checks status notification
Who is it for?Customers who want to be warned about changes to server health as determined by health checks.
Other options / filtersAvailable filters include:
- You can search for and add health checks from your list of health checks.
- You can choose a trigger to fire the notification when your server becomes unhealthy, healthy, or either healthy or unhealthy.
Professional plans or higher.
What should you do if you receive one?Review your health check analytics.
Refer to Cloudflare Notifications for more information on how to set up an alert.
Common error codes
Section titled “Common error codes”TCP connection failed
Section titled “TCP connection failed”Health Checks failed to establish a TCP connection to your origin server.
Solution
Section titled “Solution”This typically occurs when there is a network failure between Cloudflare and your origin, and/or a firewall refuses to allow our connection. Ensure your network and firewall configurations are not interfering with traffic.
HTTP timeout occurred
Section titled “HTTP timeout occurred”The origin failed to return an HTTP response within the timeout configured. This happens if you have the timeout set to a low number. For example, one to two seconds.
Solution
Section titled “Solution”Cloudflare recommends increasing the HTTP response timeout to allow the origin server to respond.
Response code mismatch error
Section titled “Response code mismatch error”Cloudflare receives an HTTP status code that does not match the values defined in the expected_codes property of your Health Check configuration.
Solution
Section titled “Solution”Response codes must match the expected_codes. Confirm the values are correct by comparing the expected response codes and the status code received in the Event Log.
Alternate cause
Section titled “Alternate cause”You may also see this issue if you have a Health Check configured to use HTTP connections and your origin server is redirecting to HTTPS. In this case, the response code will often be 301, 302, or 303.
Solution
Section titled “Solution”Change your Cloudflare Health Check configuration to use HTTPS or set the value of follow_redirect to true so that Cloudflare can resolve the correct status code.
Response body mismatch error
Section titled “Response body mismatch error”The response body returns from your origin server and does not include the (case-insensitive) value of expected_body configured in your Health Check.
Solution
Section titled “Solution”Ensure the expected_body is in the first 10 KB of the response body.
TLS untrusted certificate error
Section titled “TLS untrusted certificate error”The certificate is not trusted by a public Certificate Authority (CA).
Solution
Section titled “Solution”If you’re using a self-signed certificate, Cloudflare recommends either using a publicly trusted certificate or setting the allow_insecure property on your Health Check to true.
TLS name mismatch error
Section titled “TLS name mismatch error”Our Health Check (client) was not able to match a name on the server certificate to the hostname of the request.
Solution
Section titled “Solution”Inspect your Health Check configuration to confirm that the header value set in the Cloudflare Health Check is correct.
TLS protocol error
Section titled “TLS protocol error”This error can occur if you are using an older version of TLS or your origin server is not configured for HTTPS.
Solution
Section titled “Solution”Ensure that your origin server supports TLS 1.2 or greater and is configured for HTTPS.
TLS unrecognized name error
Section titled “TLS unrecognized name error”The server did not recognize the name provided by the client. When a host header is set, this is set as the ServerName in the initial TLS handshake. If it is not set, Cloudflare will not provide a ServerName, which can cause this error.
Solution
Section titled “Solution”Set the host header in your Health Check object.
No route to host error
Section titled “No route to host error”The IP address cannot be reached from Cloudflare’s network. Common causes are ISP or hosting provider network issues (e.g. BGP level), or that the IP does not exist.
Solution
Section titled “Solution”Ensure IP is accurate, and check if there is an ISP or hosting provider network issue.
TCP Timeout
Section titled “TCP Timeout”Data transmission was not acknowledged and the retransmit of data did not succeed.
Solution
Section titled “Solution”Confirm whether the SYN-ACK for the handshake takes place at your origin and contact Cloudflare support.
Network Unreachable
Section titled “Network Unreachable”Cloudflare cannot connect to the origin web server due to network unavailability. This is usually caused by a network issue or incorrect origin IP.
Solution
Section titled “Solution”Check the IP entered for the origin in Cloudflare’s Health Checks configuration or the IP returned via DNS for the origin hostname.
HTTP Invalid Response
Section titled “HTTP Invalid Response”Usually caused by an HTTP 502 error or bad gateway.
Solution
Section titled “Solution”Ensure the origin web server responds to requests and that no applications have crashed or are under high load.
DNS Unknown Host
Section titled “DNS Unknown Host”The origin web server hostname does not exist.
Solution
Section titled “Solution”Confirm the origin web server resolves to an IP address.
Connection Reset by Peer
Section titled “Connection Reset by Peer”A network error occurred while the client received data from the origin web server.
Solution
Section titled “Solution”Confirm whether the origin web server is experiencing a high amount of traffic or an error.
Monitor Configuration Error
Section titled “Monitor Configuration Error”There was a configuration error in the Health Check and no checks were run against the origin.
Solution
Section titled “Solution”Review your Health Check configuration to ensure it matches an expected request to your origin.
DNS Internal
Section titled “DNS Internal”The origin web server’s hostname resolves to an internal or restricted address. No checks are run against this origin.
Solution
Section titled “Solution”Cloudflare does not allow use of an origin web server hostname that resolves to a Cloudflare IP.
Other Failure
Section titled “Other Failure”If the failure cannot be classified as any other type of failure mentioned above.
Solution
Section titled “Solution”Contact Cloudflare support.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark