Browser Integrity Check broken

So, Cloudflare only accepts browsers who support all the standards and drafts big companies like Google throws into the wild.

Browsers who are not supporting them or only parts of them are not allowed to pass the Cloudflare check.

This is outright criminal and highly disgusting as nobody - not even Cloudflare - has the right to decide that you have to support ALL webstandards to enter Cloudflare protected pages.

What in all purgatories is wrong with this company?

1 Like

That might be the case in the future as Managed Challenges (which include a ‘interaction’ slow path) become more popular & used across Cloudflare’s suite.

Those challenges include, but are not limited to, proof-of-work, proof-of-space, probing for web APIs, and various challenges for detecting browser-quirks and human behavior.

I’ll echo what’s already been said several times before in this thread since people can’t seem to understand how to be reasonable & seem to want to get their own thread to fix their own issue locked again.

As an aside, maybe the rest of the ‘Pale Moon’ forum should take note as well since coming here and posting messages that serve no purpose but to call Cloudflare ‘criminal’ or ‘malicious’ will get it locked for brigading. That isn’t going to help your cause, is it?

Provide constructive feedback, say what does and doesn’t work, not baseless claims about ‘web standards’ and ‘monoculture’ which you have absolutely no idea about other than the fact your browser gets stuck on a single challenge page.

The only useful post has actually come from the developer, the rest of you are just trying to throw fuel to the fire making random, arbitrary claims.

Here’s the Cloudflare Community FAQ which includes the community guidelines: FAQ - Cloudflare Community

You’re on a community forum, one that is provided to you for free and is also where the vast majority of free plan users who wouldn’t typically get access to Cloudflare support can have their issue resolved by other members of the community or, beyond what their plan entitles them to, even have their closed tickets re-opened & escalated into a special queue.

You are not owed support, you are not owed a direct contact to someone at Cloudflare and you should be going through the standard support flow to report issues with users accessing your site.

Do you think that anyone from Cloudflare is going to go out of their way to offer you assistance when more than half of this post is ranting ‘at best’ and calling their livelihoods criminal & disgusting ‘at worse’?

If you’re having a genuine issue that’s impacting lots of users, it’s in everyone’s best interest to resolve it - and you’ve done nothing to help that, you’re only trying to get it closed before anyone can look into it.

1 Like

Sorry to say but it is malicious behavior - Cloudflare DOES Feature detection for all the modern web standards and drafts and DOES discriminate against browsers who are not supporting them or have limited support for them. That is clearly wrong and as stupid as discriminating against certain user agents.

The fact that it does not matter which user agent you use in Pale Moon shows clearly that my comment is fully valid. Cloudflare rejects browsers which are not supporting most standards or drafts which are considered recent.

But this should not be the job of Cloudflare which only is an in-between security layer - this should be done by the webpages in question directly.

And the fact that Cloudflare shows such anti competitive behavior which only favors and supports recent Chrome, Firefox or Safari browsers is highly shady at least and criminal at most.

At least there should be a fall-back layer…

For browsers which are unable to support most modern drafts and standards perhaps in the form of an oldskool captcha which does not require feature detection - something Pale Moon cant satisfy as it is a small browser with a small developer team which which has a hard time to implement Chrome or Firechrome(fox) optimized web-standards and drafts - so they are also able to pass the Cloudflare security layer without getting straight forward refused to view the webpages in question.

Fails BIC:
Pale Moon 29.4.6 (April 2022)
Firefox 54.0 (June 2017)

Passes BIC:
Fiefox 78.0.1 (July 2020)
Opera 63.0.3368.107 (October 2019)
Chrome 77.0.3834.0 (June 2019)
Vivaldi 1.12.955.36 (September 2017)
iOS 12.3 (November 2018)

Considering Firefox’s 2017 version doesn’t work but Vivaldi’s 2017 version does, I don’t particularly understand the narrative around this whole ‘only the top 3’ or ‘latest web standards’.

Three browsers have been out-of-date for nearing 3 years or more seem to pass it fine - you’d think that if Cloudflare were enforcing ‘all’ web standards then these wouldn’t work.

The internet can’t continue to cater to ancient browsers - regardless of your qualms with Cloudflare, hCaptcha isn’t going to support you even if Cloudflare did serve you with a captcha. Frequently Asked Questions | hCaptcha

3 Likes