Getting 1009? Here’s why it happens and the exact fix.
You are seeing Cloudflare 1009 because Cloudflare Browser Integrity Check (BIC) detected your request headers as non-browser. The fix: send a valid, current User-Agent and include standard browser headers.
Copy a User-Agent from your own browser (DevTools > Network tab > any request > User-Agent header).
Include Accept: text/html,application/xhtml+xml,*/*;q=0.8 and Accept-Language: en-US,en;q=0.9 at minimum.
Run curl with -H "User-Agent: ..." and your proxy to verify the fix before updating your code.
import requests
proxy = "http://USER:PASS@gw.knoxproxy.com:7000"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
"AppleWebKit/537.36 (KHTML, like Gecko) "
"Chrome/125.0.0.0 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,*/*;q=0.8",
"Accept-Language": "en-US,en;q=0.9",
}
r = requests.get("https://bic-site.example/", proxies={"https": proxy},
headers=headers)
print(r.status_code) # 200Test your setup with our proxy checker, then contact support if 1009 still won’t clear.
Error 1009 means Cloudflare Browser Integrity Check rejected your request. BIC inspects the User-Agent header and basic request characteristics to filter out obviously non-browser traffic. This is the lightest Cloudflare bot check -- it does not require JavaScript execution, just correct headers. If your User-Agent is missing, empty, or matches a known bot pattern, BIC blocks with 1009.
Set a realistic browser User-Agent string. Use a current Chrome or Firefox UA.
Use a User-Agent from a current browser version. Update it quarterly as browsers release new versions.
Include all standard browser headers: Accept, Accept-Language, Accept-Encoding, Connection.
Error 1009 is the lightest Cloudflare check. If it persists after adding correct headers, verify you are not accidentally overwriting headers elsewhere in your code. This should not require support escalation.
No. It is the easiest Cloudflare error to fix. Just send a valid, current User-Agent and standard browser headers. No TLS impersonation or JavaScript needed.
No. BIC checks headers only, not JavaScript execution. Correct headers fix 1009. You only need headless browsers for JavaScript challenge pages.
Quarterly. Chrome and Firefox release major versions every 4-6 weeks. A User-Agent that is 2+ major versions behind starts to look suspicious.
KnoxProxy comes pre-configured to avoid the most common errors. Start a free trial and fix 1009 for good.