When implementing Server Push with Cloudflare, if origin requires authentication for assets, requests may hit ERR_HTTP2_CLIENT_REFUSED_STREAM.
Cloudflare supports HTTP/2 Server Push via the Link header. To make use of Server Push, most applications will need to change their code to include a Link header with any requests that have pushable assets.
Link: </css/style.css>; rel=preload;
However, with authentication at origin, Cloudflare’s request to the asset will see HTTP 401.
Remove the required authentication for the assets from the origin server.