Cloudflare injects HTML browser detection page before redirecting to website

I noticed Cloudflare is injects a HTML page before redirecting to your website.

This risks to break many applications, like it did with ours.

That was probably the JavaScript challenge. And yes, that might break certain use cases, so you need to make sure the security layer does not apply in these cases.

Do you have an example?

Hi Sandro,
thanks for the feedback. It was breaking my login api. Now I disabled cloudflare caching, to make it work so I can not reproduce it. Below a screenshoot I made of the response I got.

How would you set the security layer to not apply in that cases?


You can use a page rule to disable security. However this will do exactly what it says and disable security :wink:

Or alternatively the “Security Level” to “Essentially off”.

Thank you Sandro.

Yes I think Security Level is exactly that html page that is injected

I think the other security features I can keep active?

If you disable security, as outlined, you wont have any other security features any longer.

This topic was automatically closed after 14 days. New replies are no longer allowed.