Downloaded CSV is garbled when using custom hosts

What is the name of the domain?

What is the issue you’re encountering

Downloaded CSV is garbled when using custom hosts

What steps have you taken to resolve the issue?

We have tried csv output with multiple character encodings, but it did not resolve the problem.
We have confirmed that the problem occurs in multiple network environments and terminals when downloading csv.
When custom hosts were not used, the garbled characters did not appear.
If you use a custom host and download several times, the characters may not be garbled.

Screenshot of the error

This suddenly started occurring yesterday, 6/12.

As of June 25th, this incident is still occurring…

There is a system outage at Cloudflare. Why is there no response?

Could you maybe explain which CSV you tried to download and what kind of “custom hosts” you mean?

スクリーンショット 2025-06-25 17.44.061863×964 118 KB

“custom host” refers to the custom hostnames function as shown in the attached image.

When downloading a CSV file from a web application that uses custom hostnames, garbled characters will appear.

If I download the CSV file directly from the origin without going through custom hostnames using the same web application, garbled characters will not appear.

Do you have an example csv file that I can use, and maybe a link to where I can download a csv file that doesn’t work?

I’ve tried with a very simple csv file and didn’t have any problems on my own zone.

Upon further investigation, we found that this issue occurred when using the custom hostnames function, specifying SJIS-win as the character encoding, and outputting Japanese characters.

This issue did not occur when using the hostnames function, setting the character encoding to SJIS-win, and outputting without Japanese characters.

URL where you can check the CSV file with garbled characters
https://www.utage-promotion.com/cloudflare/download/csv/sjis/ja

Other URLs where you can check the custom hostname, character encoding, and language

#without custom hostname

https://utage-system.com/cloudflare/download/csv/utf8/en
https://utage-system.com/cloudflare/download/csv/utf8/ja
https://utage-system.com/cloudflare/download/csv/sjis/en
https://utage-system.com/cloudflare/download/csv/sjis/ja

Other URLs where you can check the custom hostname, character encoding, and language

#using custom hostname

https://www.utage-promotion.com/cloudflare/download/csv/utf8/en
https://www.utage-promotion.com/cloudflare/download/csv/utf8/ja
https://www.utage-promotion.com/cloudflare/download/csv/sjis/en

I’ve been able to reproduce this now.

The main problem I see is that you’re setting the wrong content-type/charset header (content-type: text/html; charset=UTF-8)

Your output:

curl -si https://www.utage-promotion.com/cloudflare/download/csv/sjis/ja
HTTP/2 200
date: Thu, 26 Jun 2025 16:11:54 GMT
content-type: text/html; charset=UTF-8
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cache-control: no-cache, private
content-disposition: attachment; filename=test_20250627011154.csv
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hqa0UAmdz1GsLOGXHtWXqIh%2BBiBEar1ZKA6xRrC7r3FiEp7YLYDeaoir7Pkpbd5IB14lpPkOYmLcOu4AY6YKmDEO2iSkb9M3hGtSsv82sIyzPcjAMamHWwHNdfYmmKV5"}]}
cf-cache-status: DYNAMIC
vary: accept-encoding
set-cookie: AWSALB=4l14Iz6SGtoBG96vPUjiak5lV8dGrGCoOH0RfOJAiAYPop76ktqVZCS647jIoB96Ihzrp1I0y229r96iBCK/x90Lxs0U+xEJ4s9Hv90PzF5BQK7m9tdvpR+pI6+z; Path=/; Expires=Thu, 03 Jul 2025 16:11:54 GMT
set-cookie: AWSALBCORS=4l14Iz6SGtoBG96vPUjiak5lV8dGrGCoOH0RfOJAiAYPop76ktqVZCS647jIoB96Ihzrp1I0y229r96iBCK/x90Lxs0U+xEJ4s9Hv90PzF5BQK7m9tdvpR+pI6+z; SameSite=None; Secure; Path=/; Expires=Thu, 03 Jul 2025 16:11:54 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6ImdUVlA3aVFwbHgvNFBaRGw5R2VKWVE9PSIsInZhbHVlIjoiTWRFdm9abDcvaHh3UjBBdkVJK3BzOEk4ZjBnVGxPSEZzbkRhTS9JMXpJUTJhV3Baank5TmNoL01BOWlxRGREbWluQlFRT3hwRTFGN1oxcFNoZEp5SVFSazN3djE5SnZ6SlIyM0VKZ0E0T1l4TFBrVDljbmN1RnY1U1NxL0pDeloiLCJtYWMiOiJiODA2MmFkNWNkOWUwZTM2YTE4Nzc4ZDA3NzY2NmJjMDM2NGMxYzFiN2UxNjgxY2ZmMTQ2NDczYjlhODFkNTg1In0%3D; SameSite=Lax; Secure; Path=/; Max-Age=7200; Expires=Thu, 26 Jun 2025 18:11:54 GMT
set-cookie: utage_session=eyJpdiI6IlNWTzlFNnBZT0ZTcXk1OHh2a3ZOK2c9PSIsInZhbHVlIjoiRkxrY3NVUmJnalNkaUt2UWZPTEZYOWtmcjlPMmdCWVZlSnFTMkNrdVk2b0xHcHBhSTcvZStrdXQvVUpsTWhmRjBTeEhwZUpmOWdpbTlwR25UTWUwM3RtVE00d2FCc204V1FBaldGVnJ6QmwvTkdidXNZQW9ha25rT2RyL29PUGYiLCJtYWMiOiJiNjM2N2ViN2YzMzIxOWViMjRjODgwYzE5NDM4OWNkYWZlNjlmZjVmMTY1Y2U2Zjk1YTRjMWQzMjVhMWM5YzczIn0%3D; HttpOnly; SameSite=Lax; Secure; Path=/; Max-Age=7200; Expires=Thu, 26 Jun 2025 18:11:54 GMT
cf-ray: 955dfbaad83dd97b-HEL

encode,lang
SJIS-win,���{��

Check this here, correct content-type, correct output:

curl -si https://sarbot.laudian.de/ja_sjis.csv
HTTP/2 200
date: Thu, 26 Jun 2025 16:13:40 GMT
content-type: text/csv
content-length: 28
last-modified: Thu, 26 Jun 2025 16:03:58 GMT
etag: "1c-6387bb596c145"
accept-ranges: bytes
strict-transport-security: max-age=31536000
x-robots-tag: noindex
vary: Accept, accept-encoding
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FPrWhI4e3%2B6rRAsI1JV4LtgxZGzezjEFOHFoNjIj7cA2vPWE%2BmtPa%2F8iGeqMY9dlplI9U0rjxPIEITi7dDc2P3MIObvekThhEvLKe5zZHG5d9pXD3SmH6WhrYvlc"}]}
cf-ray: 955dfe465ce27dde-ARN
alt-svc: h3=":443"; ma=86400

encode,lang
SJIS-win,▒▒{▒▒

Wrong content-type, no charset, but still correct output:

curl -si https://sarbot.laudian.de/ja_sjis.csv
HTTP/2 200
date: Thu, 26 Jun 2025 16:15:33 GMT
content-type: text/html
last-modified: Thu, 26 Jun 2025 16:03:58 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=K6pPMu0670tJlN2%2F2BNFbYcbSND%2FP6VY0fnOz94NWJAY2I%2B%2BpZ92qLwEi8k%2BCfpT10%2FgbO5Ubmvn5Vky5%2FIOUscmRs3Dk54408a1hZg9on7tzXuik9J6E%2BTB3KBe"}]}
accept-ranges: bytes
strict-transport-security: max-age=31536000
x-robots-tag: noindex
vary: Accept, accept-encoding
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 955e010aee3f89c9-ARN
alt-svc: h3=":443"; ma=86400

encode,lang
SJIS-win,▒▒{▒▒

Wrong content-type, utf-8 charset, wrong output:

curl -si https://sarbot.laudian.de/ja_sjis.csv
HTTP/2 200
date: Thu, 26 Jun 2025 16:17:09 GMT
content-type: text/html; charset=UTF-8
last-modified: Thu, 26 Jun 2025 16:03:58 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9HHByEOT78nymVFRgAwOpu5nDkKsn719q7TwUcx8byVvD6m7TWRfG9RC103%2Fw79W%2BiEtWSKnViN%2FC%2BzEXRREFfNaH7B0L%2BTRlkayiYYnhtqnEeQVS1aWrqMRu3zG"}]}
accept-ranges: bytes
strict-transport-security: max-age=31536000
x-robots-tag: noindex
vary: Accept, accept-encoding
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 955e0360e99812b1-ARN
alt-svc: h3=":443"; ma=86400

encode,lang
SJIS-win,���{��

You are right that this only causes issues when accessed via a custom hostname.

Direct access, wrong content-type/charset, correct output:

curl -si https://test.laudian.de/ja_sjis.csv
HTTP/2 200
date: Thu, 26 Jun 2025 16:17:54 GMT
content-type: text/html; charset=UTF-8
cf-ray: 955e047c5da2d91a-HEL
last-modified: Thu, 26 Jun 2025 16:03:58 GMT
strict-transport-security: max-age=31536000
x-robots-tag: noindex
vary: Accept
cf-cache-status: MISS
accept-ranges: bytes
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare

encode,lang
SJIS-win,▒▒{▒▒

I don’t know why it only causes issues on custom hostnames, but you should just fix the content-type header on your server.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.