Error 1015 means the visitor has exceeded the rate limit configured by the site owner using Cloudflare's Rate Limiting feature. The site owner defines thresholds (e.g., 100 requests per minute to a specific URL pattern) and when a visitor exceeds that threshold, Cloudflare blocks subsequent requests for a configurable timeout period. This is a deliberate protection mechanism against abuse, brute-force attacks, and API overuse.
The visitor (or their application/script) sent more requests than the site owner's rate limit allows within the defined time window.
A scraper, crawler, or automated tool is making rapid requests that exceed the rate limit threshold.
When multiple users share the same IP (e.g., corporate NAT, mobile carrier), their combined requests may exceed the rate limit even though each individual user's traffic is reasonable.
Rate limits typically have a timeout period (e.g., 60 seconds). Wait for the timeout to expire and then resume normal browsing at a slower pace.
If running an automated tool, add delays between requests to stay below the rate limit. Implement exponential backoff when receiving 429 responses.
If you are on a corporate or shared network, the combined traffic from all users may be triggering the limit.
Check Your IPCheck Security > WAF > Rate Limiting Rules in the Cloudflare dashboard. Ensure thresholds are appropriate and not blocking legitimate traffic.
The request was blocked by a Cloudflare WAF or firewall rule configured by the site owner.
Access was denied based on the visitor's activity being flagged as malicious by Cloudflare.
The site owner has blocked the visitor's IP address using Cloudflare's firewall tools.