Connection limits

When HTTP/HTTPS traffic is proxied through Cloudflare, there are often two established TCP connections: the first is between the requesting client to Cloudflare and the second is between Cloudflare and the origin server. Each connection has their own set of TCP and HTTP limits, which are documented below.

Between client and Cloudflare

Type	Limit (seconds)	HTTP status code at limit	Configurable
Connection Keep-Alive HTTP/1.1	400	TCP connection closed	No
Connection Idle HTTP/2	400	TCP connection closed	No

Between Cloudflare and origin server

Type	Limit (seconds)	HTTP status code at limit	Configurable
Complete TCP Connection	19	522	No
TCP ACK Timeout	90	522	No
TCP Keep-Alive Interval	30	520	No
Proxy Idle Timeout	900	520	No
Proxy Read Timeout	100	524	Yes
Proxy Write Timeout	30	524	No
HTTP/2 Pings to Origin	Off	-	Yes
HTTP/2 Connection Idle	900	No	No

Configurable limits

Some TCP connections can be customized for Enterprise customers. Reach out to your account team for more details.

Keep-Alives

Cloudflare maintains keep-alive connections to improve performance and reduce cost of recurring TCP connects in the request transaction as Cloudflare proxies customer traffic from its global network to the site's origin server.

Ensure HTTP keep-alive connections are enabled on your origin. Cloudflare reuses open TCP connections up to the Proxy Idle Timeout limit after the last HTTP request. Origin web servers close TCP connections if too many are open. HTTP keep-alive helps avoid connection resets for requests proxied by Cloudflare.

Request limits

URLs have a limit of 16 KB. Request headers have a total limit of 32 KB, but each header is limited to 16 KB.

Response limits

Response headers observe a total limit of 32 KB, but each header is limited to 16 KB.

Cache limits

Refer to the Cache documentation for more details about the max upload size and the cacheable file size limits.

Was this helpful?

Community
X
Discord
YouTube
GitHub