Cloudflare Developers•2mo ago

Receiving HTTP/2 403 with specific user agent

I use Firefox and have a hard time trying to load the Jotform website. It would return "403" as the body and nothing else. Copying the request as cURL, I narrowed it down to the user agent. If I change the user agent, I get a normal response. In the browser, if I change the user agent, reload the page to get the response and cookies, and then change the user agent back to the "problem" user agent, it works. It seems to happen only for fresh requests (i.e. no cookies) with the Firefox 128.0. Changing the version works. This is not specific to any particular IP. Is this a Cloudflare issue or site issue? Other sites work so I don't think CF is blocking Firefox. In case it's not clear, I am not the site owner. I'm a lowly user trying to troubleshoot a very specific problem.

$ curl --head 'https://www.jotform.com/' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0'
HTTP/2 403
date: Fri, 31 Jan 2025 21:46:21 GMT
content-type: text/plain
content-length: 3
server: cloudflare
cf-ray: 90ace4da4cd81359-ATL

$ curl --head 'https://www.jotform.com/' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0'
HTTP/2 403
date: Fri, 31 Jan 2025 21:46:21 GMT
content-type: text/plain
content-length: 3
server: cloudflare
cf-ray: 90ace4da4cd81359-ATL

$ curl --head 'https://www.jotform.com/' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0'
HTTP/2 200
date: Fri, 31 Jan 2025 21:50:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Fri, 31 Jan 2025 21:50:45 GMT
cache-control: no-cache
pragma: no-cache
jf-trace-id: ccb8607fb6ce54b4
strict-transport-security: max-age=31536000;
set-cookie: guest=guest_c8c4847f6942c3e1; expires=Mon, 03 Mar 2025 21:50:45 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 90aceb4b5f39bd41-ATL

$ curl --head 'https://www.jotform.com/' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0'
HTTP/2 200
date: Fri, 31 Jan 2025 21:50:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Fri, 31 Jan 2025 21:50:45 GMT
cache-control: no-cache
pragma: no-cache
jf-trace-id: ccb8607fb6ce54b4
strict-transport-security: max-age=31536000;
set-cookie: guest=guest_c8c4847f6942c3e1; expires=Mon, 03 Mar 2025 21:50:45 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 90aceb4b5f39bd41-ATL

7 Replies

NiceGuyIT - NCOP•4w ago

Wow. Not even a "Hey, this is the wrong forum. You need to go here..." reply.

Erisa•4w ago

youll want to check the body of the response to understand what it is, the headers alone dont really say anything that site works for me in firefox firefox 128 is pretty old though, they probably block old browsers (which is silly of them because 128 is supported by ESR, but i dont imagine they really care)

NiceGuyIT - NCOP•4w ago

Nobody replied to a polite post. A few people including yourself replied to a sarcastic post. The current state of social media is sad. @Erisa , @Leo When you say "they", are you referring to Cloudflare or the site? I ask because other sites behind Cloudflare work with the same user agent. I'm using ESR because I need a stable browser on multiple devices without the constant nag of updating.

Idle•4w ago

a nice guy indeed 😆 I'd guess so too, usually cloudflare 403s don't have plaintext content types, no? or can that be configured

Erisa•4w ago

if you have pro plan or higher, content type and body can be customised

Idle•4w ago

ah, gotcha

NiceGuyIT - NCOP•4w ago

Thanks for the feedback everyone. Now I know it's the site's configuration in Cloudflare.

Gaming

Programming

Receiving HTTP/2 403 with specific user agent

Did you find this page helpful?