Looking at the screenshot and seeing for the first time the HTTP header Tiger-protect-security, wonder if the origin host security has something to do about it 
Have you tried reaching out to your hosting/service provider in the meantime?
Does it work fine over HTTPS when Cloudflare is temporarly paused?
- Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
- The link is in the lower right corner of that page.
Kindly, see post below with an idea for finding a solution: