Cloudflare Error 1011: Access Denied: Hotlinking Denied
Error 1011 is triggered by Cloudflare's Hotlink Protection feature. Hotlink protection prevents other websites from embedding your images, videos, or other assets by checking the Referer header. If a request for a protected resource comes from a domain that is not the site itself (or an authorized domain), Cloudflare blocks it. This saves bandwidth and prevents content theft. The error appears when an external site tries to directly embed or link to protected resources.
Status
Error 1011: Access Denied: Hotlinking DeniedExample
GET /images/banner.jpg HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Referer: https://www.other-site.com/
Accept: image/webp,image/apng,*/*HTTP/1.1 403 Forbidden
Server: cloudflare
CF-RAY: 7b6c7d8e9f0a1234-CDG
Content-Type: text/html
<!doctype html>
<html>
<head>
<title>www.example.com | Error 1011</title>
</head>
<body>
<h1>Error 1011: Access denied: Hotlinking not allowed</h1>
<p>This website does not allow its images or files to be linked from external sites. Please visit the site directly.</p>
</body>
</html>How to Troubleshoot
Access the resource directly on the site
Navigate to the website itself rather than trying to access the resource from an external link or embedded context.
Site owner: Check Hotlink Protection settings
In the Cloudflare dashboard, go to Scrape Shield > Hotlink Protection. Review which file extensions are protected and whether the settings are too restrictive.
Site owner: Add exceptions
If certain external sites need to embed your resources (e.g., partner sites, CDNs), add them to the allowed referrers list or use Page Rules to disable hotlink protection for specific paths.
Common Causes
External site is embedding the resource
highAnother website is using an <img> or <video> tag that points directly to a file on the protected domain, and Hotlink Protection is blocking it.
Missing or incorrect Referer header
mediumThe request has no Referer header (common with direct URL access, privacy-focused browsers, or scripts) and Hotlink Protection treats this as unauthorized.
Email client loading images
lowEmail clients that load remote images may not send a Referer header, triggering the hotlink protection.
Related Error Codes
Access Denied by Firewall Rule
The request was blocked by a Cloudflare WAF or firewall rule configured by the site owner.
The Owner of This Website Has Banned Your Access Based on Your Browser's Signature
The site owner's Browser Integrity Check blocked the visitor based on their User-Agent or browser signature.
Access Denied
Access was denied based on the visitor's activity being flagged as malicious by Cloudflare.
Frequently Asked Questions
This reference was compiled from official RFCs, protocol specifications, and hands-on troubleshooting experience. AI tools were used primarily for formatting and organizing the content on the page.