Error 1011 is triggered by Cloudflare's Hotlink Protection feature. Hotlink protection prevents other websites from embedding your images, videos, or other assets by checking the Referer header. If a request for a protected resource comes from a domain that is not the site itself (or an authorized domain), Cloudflare blocks it. This saves bandwidth and prevents content theft. The error appears when an external site tries to directly embed or link to protected resources.
Another website is using an <img> or <video> tag that points directly to a file on the protected domain, and Hotlink Protection is blocking it.
The request has no Referer header (common with direct URL access, privacy-focused browsers, or scripts) and Hotlink Protection treats this as unauthorized.
Email clients that load remote images may not send a Referer header, triggering the hotlink protection.
Navigate to the website itself rather than trying to access the resource from an external link or embedded context.
In the Cloudflare dashboard, go to Scrape Shield > Hotlink Protection. Review which file extensions are protected and whether the settings are too restrictive.
If certain external sites need to embed your resources (e.g., partner sites, CDNs), add them to the allowed referrers list or use Page Rules to disable hotlink protection for specific paths.
The request was blocked by a Cloudflare WAF or firewall rule configured by the site owner.
The site owner's Browser Integrity Check blocked the visitor based on their User-Agent or browser signature.
Access was denied based on the visitor's activity being flagged as malicious by Cloudflare.