403 status code when Cloudflare enabled

Hi, our website meditatieinstituut dot nl (can’t post link?) gives a 403 status when Cloudflare is activated.
When Cloudflare is disabled it gives a 200 response.

Any idea what can be the problem for this? I Googled a lot but can’t find the solution or the right clue.

The site is working fine but some tools tell me the site gives a 403 response. Also when I check the responses with httpstatus dot io.

For now, I disabled Cloudflare and now the response code is good.

I can see you’re using WordPress.

Therefore, may I ask if you’re also using Cloudflare APO for WordPress, at least by what I can say of looking into the HTTP headers of the request:

  • cf-edge-cache: cache,platform=wordpress

May I ask if the “Bot Fight Mode” feature enabled at Cloudflare? How about the “Browser Integrity Check”?

1 Like

Hi Fritex, Thank you for thinking with me. I just turned Cloudflare on, I think it’s easier for debugging :wink:
So some answers on your questions:

  • Yes APO is turned on.
  • I cannot find this feature. In Cloudflare help it’s saying it should be under Firewall > Settings, but I cannot find this. I also checked Security > WAF / Page Shield / Bots, maybe it’s there?
  • Yes, Browser Intergrity Check is turned on

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi, My website meditatieinstituut dot nl (I cannot write url’s) gives a normal 200 response code. But when I turn Cloudflare on, I receive a 403 response. I now have Cloudflare turned on. The website is working fine but when you check at for example httpstatus dot io you can see it gives a 403 response.

I have no clue what to do. Any suggestions are welcome.

Thank you!

Hello, I recommend digging a bit deeper by using the inspect mode to see what is getting 403 unauthenticated.


It works fine from my end.

Hi, I will do some more research. I’m wondering what Google thinks of this header response. For now I see no negative results luckily.

Hi, The website is working fine. But it gives a 403 header return. So for visiters is seems it looks fine, but for Google and other tools it gives warning. Check for example via httpstatus dot io


Its not for Google I assume. It’s internal 403 error posed by your login ajax script. Check it here:

Check this file:


You can check than & get fixed!

It happens only when the page loads at the first time.

Great! Thank you so much for pinpointing the cause of the error. I will see what I can do about that. Maybe some plugins are causing this error.

Hi, I have this problem for a few months already and have no idea how to fix this.
When Cloudflare is enabled, my website meditatieinstituut dot nl (I cannot add link) gives a 403 status response (you cannot see this when visiting the website, but you check it for example with httpstatus dot io).
At this moment I have turned Cloudflare off, since Cloudflare is suggesting it have to be on the side of my host. But when Cloudflare it paused, it gives a 200 status response.

I don’t understand why Cloudflare turns this into a 403 response when enabled.

In a previous topic I started (and is closed now), @ [neiljay] told me that the admin-ajax.php file is causing the 403 response.
But I cannot replicate this error. Maybe I don’t now how to, so if anyone can please tell me how to check this? I tried with the inspecter tool, but maybe I’m using this wrong…

I hope someone can help me with this problem that’s there for too long now :frowning:


@sandro This is the printscreen of the statuscode with httpstatus dot io.
This is when Cloudflare is turned on, but now it’s paused so than you don’t see this error.

On additon to this, you don’t see this error when visiting te website. So it’s only a server response. The website is working fine also when Cloudflare is turned on.

@neiljay can you please ones more also? Do you stil the 403 error on the admin-ajax.php file? I don’t know how to reproduce this. Thank you!

Not now. Seems, that issue is resolved.

Ah, ok. Hmmm… still Cloudflare is giving a 403 header status when enabled. Any idea where else I can check the cause of this? I have no clue anymore…