Diagnostic Center Showing HTTPS Errors

I ran the test from the Cloudflare Diagnostic Center and the test returned green ‘Looks good’ for everything, except 2 things.
It’s showing errors for ‘Check the site for mixed content’ - The site’s web server responded with a status code that isn’t 200 (OK) - and ‘Check the HTTPS status’ - No, your request failed with a response status of 400 or above. - but the site works.
When doing a curl via terminal on the website, both name & www. at the beginning, it’s returning a 301 Moved Permanently, but if doing the same curl on the terminal with https included, it’s returning 200 OK.
Would this be the reason why it’s showing those 2 errors for my domain?
Also, if trying to access my website via http, automatically it’s redirecting me with https, as expected.

Down below are the screenshots with the results returned.

Thank you!

Ran the test again and it’s showing all good now for the website. Maybe it was something from Cloudflare? Not sure.
The domain is on Cloudflare.

Hey @kappa-skating0u ,

I am getting the same error reported by the Diagnostic Centre, can you explain how you managed to solve it, please?

I’m stuck on it since a week without having success so, your help is really appreciated.

Thanks in advance

1 Like


Thank you for asking.

I wonder, maybe you’re blocking something or some requests might be blocked by the Cloudflare WAF or Firewall Rules? :thinking:

Or, maybe it’s some “stale” and “old” cached result since before if you were using this tool?

Seems like you’re loading some HTTP resources over HTTPS.

You might want to check for 2 options:

  1. Always Use HTTPS → https://developers.cloudflare.com/ssl/edge-certificates/additional-options/always-use-https/
  2. Automatic HTTPS Rewrites → https://developers.cloudflare.com/ssl/edge-certificates/additional-options/automatic-https-rewrites/

Furthermore, before moving to Cloudflare, was your Website working over HTTPS connection? :thinking:

1 Like

Hello, I made a web page and I want people to see that my page has SSL, for that I put the direct link to the diagnosis, but when they enter the page, it performs all the scanning, there is a way to directly show the SSL/TLS section (which is together with HTTP and speed) thanks!

Greetings @fritex and thanks for your kind answer.

On Cloudflare WAF I added 3 Firewall rules to block common bot and some countries.

I purged all the cache and, almost since the beginning, I set “Always Use HTTPS” and " Automatic HTTPS Rewrites" on.

Currently my website is just a simple page with nothing on, except a text: “website under maintenance”.
I have some other website, made on WordPress, installed in a subfolder of my domain, and as described in the mixed content link, I installed the “SSL Insecure Content Fixer” plugin to properly redirect all the links contained in each of them.

Thank you for sharing that link and for all your suggestions.
I did again the test but I’m having the same result