How did you figure out passive origin monitoring only acts on 521? That’s great information. Much appreciated. Seems to me it should only act on 522 or both, but certainly should not be set up to ignore error 522. Looks like Cloudflare’s mistake to me.