1010 policy auth_error ai_generated partial

Error 1010: The owner of this website has banned your access based on your browser's signature

ID: policy/cloudflare-1010-access-denied-browser-signature

Also available as: JSON · Markdown · 中文
85%Fix Rate
87%Confidence
1Evidence
2023-04-05First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Cloudflare WAF 2023-10-01 active
Cloudflare Browser Integrity Check active
curl 8.0.0 active
Python requests 2.31.0 active

Root Cause

Cloudflare's Browser Integrity Check or custom WAF rule blocks requests based on the browser's TLS fingerprint or User-Agent, often triggered by automated tools or outdated browsers.

generic

中文

Cloudflare的浏览器完整性检查或自定义WAF规则根据浏览器的TLS指纹或User-Agent阻止请求,通常由自动化工具或过时的浏览器触发。

Official Documentation

https://developers.cloudflare.com/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors/#error-1010-the-owner-of-this-website-has-banned-your-access-based-on-your-browsers-signature

Workarounds

  1. 85% success Update the browser or tool to a modern version with a common TLS fingerprint. For curl, use a modern version (7.88+) and mimic a real browser: curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" https://example.com 
    Update the browser or tool to a modern version with a common TLS fingerprint. For curl, use a modern version (7.88+) and mimic a real browser: curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" https://example.com
  2. 80% success If accessing programmatically, use a headless browser like Puppeteer with a realistic User-Agent and TLS settings: const browser = await puppeteer.launch({ args: ['--no-sandbox'] }); const page = await browser.newPage(); await page.setUserAgent('Mozilla/5.0...'); await page.goto('https://example.com'); 
    If accessing programmatically, use a headless browser like Puppeteer with a realistic User-Agent and TLS settings: const browser = await puppeteer.launch({ args: ['--no-sandbox'] }); const page = await browser.newPage(); await page.setUserAgent('Mozilla/5.0...'); await page.goto('https://example.com');
  3. 75% success Contact the website owner to have your IP or User-Agent whitelisted in Cloudflare's WAF, or ask them to disable Browser Integrity Check for specific paths. 
    Contact the website owner to have your IP or User-Agent whitelisted in Cloudflare's WAF, or ask them to disable Browser Integrity Check for specific paths.

中文步骤

  1. 将浏览器或工具更新到具有常见TLS指纹的现代版本。对于curl,使用现代版本(7.88+)并模拟真实浏览器:curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" https://example.com
  2. 如果以编程方式访问,使用Puppeteer等无头浏览器,设置真实的User-Agent和TLS设置:const browser = await puppeteer.launch({ args: ['--no-sandbox'] }); const page = await browser.newPage(); await page.setUserAgent('Mozilla/5.0...'); await page.goto('https://example.com');
  3. 联系网站所有者,在Cloudflare的WAF中将您的IP或User-Agent列入白名单,或要求他们为特定路径禁用浏览器完整性检查。

Dead Ends

Common approaches that don't work:

  1. 80% fail

    Browser Integrity Check often requires JavaScript to pass; disabling it may trigger additional blocks.

  2. 70% fail

    Error 1010 is based on browser signature, not IP; changing IP alone won't help unless the browser fingerprint also changes.

  3. 100% fail

    The block is deterministic; retrying with the same signature will always fail.