Skip to content

Connection limits

When HTTP/HTTPS traffic is proxied through Cloudflare, there are often two established TCP connections: the first is between the requesting client to Cloudflare and the second is between Cloudflare and the origin server. Each connection has their own set of TCP and HTTP limits, which are documented below.

Between client and Cloudflare

TypeLimit (seconds)HTTP status code at limitConfigurable
Connection Keep-Alive HTTP/1.1400TCP connection closedNo
Connection Idle HTTP/2400TCP connection closedNo

Between Cloudflare and origin server

TypeLimit (seconds)HTTP status code at limitConfigurable
Complete TCP Connection15522No
TCP ACK Timeout90522No
TCP Keep-Alive Interval30520No
Proxy Idle Timeout900520No
Proxy Read Timeout100524Yes
Proxy Write Timeout30524No
HTTP/2 Pings to OriginOff-Yes
HTTP/2 Connection Idle900NoNo

Configurable limits

Some TCP connections can be customized for Enterprise customers. Reach out to your account team for more details.

Keep-Alives

Cloudflare maintains keep-alive connections to improve performance and reduce cost of recurring TCP connects in the request transaction as Cloudflare proxies customer traffic from its global network to the site's origin server.

Ensure HTTP keep-alive connections are enabled on your origin. Cloudflare reuses open TCP connections up to the Proxy Idle Timeout limit after the last HTTP request. Origin web servers close TCP connections if too many are open. HTTP keep-alive helps avoid connection resets for requests proxied by Cloudflare.