Cloudflare Error 530

Quick reference

Code	530
Category	Cloudflare Edge Error
Standard HTTP?	No
Always paired with	A 1xxx sub-error code
Vendor reference	Cloudflare docs

What 530 means

Cloudflare 530 is never returned alone. It is always a wrapper for a 1xxx sub-error that contains the actual diagnostic information. When you see a 530, look at the page body for the 1xxx code — that code is what you need to act on.

530 indicates an issue within the Cloudflare network itself, not with the origin server. The problem is on Cloudflare's side of the connection: a configuration error in Cloudflare settings, a DNS problem within Cloudflare's infrastructure, a Cloudflare Worker runtime error, or a Cloudflare zone configuration issue.

Unlike 520 through 527, which all describe problems between Cloudflare and the origin server, 530 describes problems that prevent Cloudflare from even attempting to reach the origin.

Common 1xxx sub-errors and their fixes

Error 1000 — DNS points to prohibited IP: The DNS A record in Cloudflare points to a Cloudflare IP address (creating a loop) or to a reserved/private IP. Fix: update the DNS A record to point to the actual origin server IP. Check that the origin IP is not in the 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or 127.0.0.0/8 private ranges unless using Cloudflare Tunnel.

Error 1001 — DNS resolution error: Cloudflare could not resolve the origin hostname. This occurs when using a CNAME origin and the CNAME target has no A record, or when the origin hostname is a domain that does not exist in DNS. Fix: verify the origin hostname or CNAME chain resolves correctly.

dig CNAME your-origin.example.com dig A your-origin.example.com # Ensure the chain resolves to a real IP

Error 1002 — DNS points to prohibited IP / Self-referential redirect: Similar to 1000. The DNS record creates a circular reference. Also fires when a Cloudflare Page Rule or Redirect Rule creates an infinite redirect loop. Fix: remove circular redirects in Cloudflare Page Rules, check for redirect chains that loop back to the origin domain.

Error 1006 / 1007 / 1008 — IP access rule blocked: The visitor's IP, ASN, or country has been blocked by a Cloudflare IP access rule or firewall rule. Fix: review Cloudflare Security → WAF → IP Access Rules and remove or adjust rules that are blocking legitimate traffic.

Error 1010 — Owner banned resource: The resource owner has been banned from Cloudflare for terms of service violations. This requires contacting Cloudflare support.

Error 1014 — CNAME cross-user banned: A CNAME points to another Cloudflare user's domain which is not permitted. Fix: update the CNAME to point to your own origin hostname, not to another Cloudflare-proxied domain unless that domain explicitly allows CNAME targeting.

Error 1016 — Origin DNS error: The origin hostname specified in Cloudflare DNS settings has no A or AAAA record. Fix: add an A record for the origin hostname, or use a direct IP address instead of a hostname as the origin.

Error 1018 — Zone deactivated: The Cloudflare zone (domain) has been deactivated, usually due to a billing issue or terms of service violation. Fix: log into Cloudflare dashboard, check zone status, and resolve any billing or compliance issues.

Error 1101 / 1102 — Worker runtime error: A Cloudflare Worker threw an unhandled exception or exceeded its CPU time limit. Fix: check Worker logs in the Cloudflare dashboard under Workers → your-worker → Logs. Add error handling in the Worker code:

export default { async fetch(request) { try { return await handleRequest(request); } catch (err) { return new Response('Internal Worker Error: ' + err.message, { status: 500 }); } } };

Where to find the 1xxx code

The 1xxx code appears in the browser's error page body when a 530 is returned. In automated contexts (API calls, curl), it appears in the HTML response body. The Cloudflare dashboard's Security Events and Workers logs also surface these codes with additional context including the Ray ID, visitor IP, and the rule or configuration that triggered the error.

curl -si https://yourdomain.com | head -20 # Look for: HTTP/1.1 530 and the HTML body containing "Error 10xx"

530 vs other Cloudflare errors

Code	Problem location	Meaning
530 + 1xxx	Cloudflare internal	DNS, access rules, Workers, zone config
520	Origin response	Origin sent unparseable response
521	Origin TCP	Origin refused connection
522	Origin TCP	TCP connection timed out
523	Origin routing	Origin unreachable at IP layer

Frequently asked questions

Can 530 be caused by the origin server?

No. 530 and its 1xxx sub-errors are generated by Cloudflare's internal systems before any request reaches the origin. DNS misconfiguration, access rules, and Worker errors are all Cloudflare-side conditions. Check the Cloudflare dashboard, not origin server logs, when diagnosing 530.

How do I find my 530 Ray ID?

The Ray ID appears at the bottom of the Cloudflare error page shown to visitors. It is also in the CF-Ray response header: curl -sI https://yourdomain.com | grep CF-Ray. Use the Ray ID in the Cloudflare dashboard under Security Events to find the specific rule or condition that triggered the error.

Does 530 mean my site is down?

It means requests through Cloudflare are failing. The origin server itself may be healthy. If the cause is a DNS misconfiguration or access rule, fixing the Cloudflare setting will restore service without touching the origin.

Can I bypass Cloudflare temporarily to check origin?

Yes. In Cloudflare DNS, switch the A record from orange-cloud (proxied) to grey-cloud (DNS only). This routes traffic directly to the origin IP, bypassing Cloudflare entirely. Remember to switch back after diagnosing.

Server Errors Hub · All Guides · Home