But, I thought in your case you did know something was wrong: client complained and you saw 503 errors?

> no way

you can (and should) put monitors on the outside of your infrastructure as well as inside. I've multiples hitting the login page and robots file where I work, and never got an unaccounted 503

Like I wrote, for some integrations it is not possible to gather all the logs. Also how will you know that a client accessing your website in a browser gets 503 instead of your web page?

You don't, but your monitors will show the 503 happening, how often, on which endpoint operation and in which regions; that will give you a pretty good picture of whether is actually your CDN layer or something else triggering the 503

What if it's a specific browser with a specific TLS stack, or something weird?

what if it's green lizard man chewing cables?

one has to start somewhere reasonable and realistic first.