CloudFlare Error 1020 Access Denied: What is It and How to Fix It?

Cloudflare 1020 error (Access Denied) is typically encountered when users attempt to access certain websites from their browser. Most commonly, it occurs whenever a connection request appears to pose a threat to the website.

Cloudflare Error 1020

What is Cloudflare error 1020?

This particular Cloudflare error code almost exclusively happens on pages that use the Cloudflare CDN to optimize the website and facilitate more security.

So basically when the end-user sees the 1020 error, it’s because the IP address was blocked due to security concerns detected by the Cloudflare CDN. Although most of these concerns are typically warranted, there are situations where the IP address is blocked despite the fact that it doesn’t really represent any danger.  

After investigating this particular issue thoroughly and looking at various user reports, it turns out that there are several underlying causes that might trigger a false positive of this error code:

  • Firewall rule violation – If you’re experiencing this issue as a regular user attempting to visit a website, chances are you’re seeing the error code because the webserver is indicating that you’ve violated a firewall rule. In this case, you need to follow a series of troubleshooting steps to identify and resolve the problem.
  • IP Range is blocked – Another reason that might cause this error code is when the IP range that your computer is using when trying to access the webserver is marked in the internal settings of the CDN as a potential security risk and subsequently blocked.
  • Cloudflare Cookie conflict – Because Cloudflare uses cookies that are filed on the computer to store information about the communications with the page, you can expect some kind of conflicts regarding the use of these cookie files. Under certain circumstances, these might make access unavailable for the end-user. In this case, ensuring that cookie usage is enabled and clearing the cookie cache should be enough to fix the issue.

Note: Each of the scenarios presented above assumes a local occurrence on the visitor’s computer interferes with the Cloudflare CDN and triggers a false-positive 1020 error. Legitimate security concerns are not covered in this article.

Now that you are familiar with every scenario that might be responsible for triggering the 1020 error due to a local occurrence, here’s a series of fixes that other affected users have successfully used to get to the bottom of this issue:

Make Sure your Browser allows the use of Cookies

It’s important to understand that Cloudflare relies on cookies to customize certain security features on the sites that it’s enabled on. This allows the Cloudflare CDN service to provide visitors with a fast, personalized, and relevant experience.

It’s a great feature, as long as it doesn’t end up blocking access to the website for certain users that are using a browser that is actively blocking cookies.

In most cases, the use of cookies is blocked by 2 popular scenarios:

  1. Your browser is configured to disallow cookies
  2. You have installed an extension or add-on that is blocking certain cookies.

Depending on the situation that you find yourself in, the fix will vary exponentially. But to make matters easier for you, we’ve created two separate sub-guide that will help you deal with a cookie-related issue that is causing the 1020 error:

Enable Cookies on your browser

Since this scenario is almost exclusively encountered with Mozilla Firefox and Google Chrome (as well as every other Chromium-based browser), we’ve put together two sub-guides that will walk you through the process of enabling cookie & Cookie data on both browsers:

Enable Cookies on Google Chrome

  1. Open Google Chrome and click on the action button (in the top-right) corner of the screen.
  2. Next, from the context menu that just appeared, click on Settings.
    Accessing the Settings menu on Google Chrome
  3. Once you’re inside the Settings menu, click on the Privacy and Security tab from the vertical menu on the left-hand section of the screen.
  4. Next, under the Privacy and Security tab, click on Cookies and other site data.
    Click on Cookies and other site data in Chrome
  5. Once you’re inside the Cookies and other site data menu, check which toggle is enabled under General Settings.
  6. If the current configuration is set to Block third-party cookies or to Block all cookies, change the toggle to Allow all cookies.
    Allowing all cookies inside Google Chrome
  7. After the cookie configuration is changed, restart your browser and re-load the Cloudflare-protected page that was previously triggering the 1020 error to see if the problem is now fixed.

Enabling Cookies on Mozilla Firefox

  1. Open Mozilla Firefox and click on the action button in the top-right corner of the screen.
  2. Next, from the context menu that just appeared, click on Options.
    Accessing the Options menu
  3. Once you’re inside the Options menu, use the menu on the left-hand side to click on Privacy & Security.
    Accessing the Privacy & Security job
  4. Next, move over to the Browser Privacy tab and ensure that its associated toggle is set to Standard.
  5. Restart your browser and see if the problem is fixed the next time you launch your browser and access the same website that’s using Cloudflare.

Disable Cookie-blocking extensions

Even if your browser is configured to accept cookie content, it’s also possible to see a 3rd party extension or add-on blocking cookies that are considered intrusive – This is true for both Mozilla Firefox and Google Chrome.

Here’s a shortlist of Chrome extensions and Mozilla Firefox add-ons that might be blocking cookies and causing the 1020 error with Cloudflare:

  • uBlock Origin (Google Chrome, Mozilla Firefox)
  • Privacy Badger (Google Chrome, Mozilla Firefox)
  • Ghostery (Google Chrome, Mozilla Firefox)
  • Disconnect (Google Chrome)
  • Cookies Disable (Mozilla Firefox)
  • Cookie AutoDelete (Mozilla Firefox)
  • Cookiebro (Mozilla Firefox)
  • NoScript (Mozilla Firefox)

If you’re using any of the extensions/add-ons above on Mozilla Firefox or Google Chrome (or a similar add-on or extension), follow one of the sub-guides below to prevent it from causing the 1020 error with Cloudflare:

Disable the problematic extension on Google Chrome

  1. Start by opening your Google Chrome browser and ensure that it’s updated to the latest version available.
  2. Next, click on the action button that you see on the top-right section of the screen.
  3. Use the context menu that just appeared to navigate to More Tools > Extensions and open the extensions tab of Google Chrome.
    Accessing the extensions tab
  4. Once you’re inside the Extensions menu, scroll down through the list of installed extensions and locate the problematic extension that you suspect is causing the 1020 error with Cloudflare.
  5. When you find the extension that you suspect might be causing the issue, simply click on the toggle associated with the problematic extension to disable it.
    Remove the problematic extension

    Note: If you have no use for this extension, you can simply uninstall the extension altogether by clicking on the Remove button located to the left from the extension toggle.

  6. After the extension has been disabled, restart your Chrome browser, access the same website that was previously displaying the error 1020.

Disable the problematic extension on Mozilla Firefox

  1. Open Firefox and click on the action button in the top-right corner of the screen.
  2. From the menu that just appeared, click on Add-ons from the list of available options.
    Accessing the Add-ons menu
  3. Once you’re inside the Add-ons tab, click on Extensions from the left-hand side menu.
  4. Next, disable the toggle associate with the problematic add-on that might be preventing your browser from accepting any cookies.
    Accepting the problematic extension

    Note: You can also uninstall the add-on completely if you have no use for it by clicking on the action button near the disable toggle and clicking on Remove.

  5. Restart your Firefox browser accept the same Cloudflare-protected web page that was previously triggering the 1020 error.

If none of the potential fixes cookie-related fixes have been effective or applicable in your case, move down to the next potential fix below.

Clear your browser cache

Keep in mind that you can also see this error even in a situation where the webserver is no longer throwing the error – It’s possible to have a copy of this error locally cached (saved) and so your browser is retrieving every time you access it.

If you previously faced this error legitimately, it might help to access your browser settings and clear all your cache and cookie data.

However, the exact instructions for doing this will be different depending on the browser that you’re using. With some browsers, you will be able to selectively delete the data to only remove the website affected by the 1020 error.

To make things easier for you, we’ve put together a guide that will show you how to clear the cache and cookies on the most popular browsers.

Clearing the cache & cookies

If you already followed the instructions on clearing the cookies & cache related to the problematic website that’s showing the 1020 error, move down to the next method below.

Contact the site owner

If none of the methods above have allowed you to fix the issue and you’re encountering the issue with every browser that you try, the issue is most likely related to a firewall rule violation.

Now, this will be entirely specific to the website in question since the site owner most likely established custom firewall rules that are restricting you from visiting the website.

In this case, your only hope of getting past the 1020 error screen is to contact the web administrator and ask them to check the firewall logs and whitelist your IP. 

PRO TIP: You can typically find contact information by using the Contact us page – Most websites have one.

If that doesn’t work and you can’t contact the Contact page, you should do a Whois search in order to find the owner and contact info of the domain owner. You can use the WHOIS-DomainTools service to search for this information.


Kamil Anwar

Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.