Featured image not showing up when using Cloudflare

None of the social media pulls out featured images when I use Cloudflare.
Tested: pause proxying traffic (then it works).
What settings cause this issue?
The website is powered by WordPress if that matters.

did you “enable” Hot Link Protection?

Nope,this function is disabled

Anyone can point me right direction?


Thank you for asking.

If you suspect Cloudflare is blocking this, kindly I’d suggest you to take a look for Firewall Events by navigating to the Firewall → Overview at Cloudflare Dashboard for your domain name.

Try to copy-paste your URL address into Facebook Sharing Debug Tool:

Then wait for a minute or two and refresh it.
Check for any blocked or challenged request, look for “action taken” and “service”.

Otherwise, you might be using some custom Firewall Rules to block some contrueis, or AS numbers, or IP ranges, or user-agents? :thinking:

Are images pulled from some CDN or bucket like Backblaze B2 or Amazon? :thinking:
There might be, if so, issue with the CORS rule.

Else, your featured image might be too large in filesize (MB) or resolution (pixels width x pixels height).

Can you share an example of the URL?

Are all the OpenGraph meta tags specified?

Are you sure you have image as OpenGraph meta tag?
Is it loading over HTTPS or HTTP?

Kindly, could you please re-check and make sure you have the following meta tags at your webpage:

    <html dir="ltr" lang="en" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#">
    <meta charset="utf-8">
    <title>Your Webpage title here</title>
    <meta property="og:title" content='YOUR_WEBPAGE_TITLE'>
    <meta property="og:site_name" content='WEBSITE_NAME'>
    <meta property="og:url" content="YOUR_WEBPAGE_URL">
    <meta property="og:description" content='YOUR_WEBPAGE_DESCRIPTION'>
    <meta property="og:image" content="YOUR_WEBPAGE_IMAGE_URL">
    <meta property="og:image:secure_url" content="YOUR_WEBPAGE_IMAGE_URL">
    <meta property="og:image:type" content="image/jpeg"> <!-- recommend type -->
    <meta property="og:image:alt" content='YOUR_WEBPAGE_DESC_OR_ALT_OF_IMAGE'>
    <meta property="og:image:width" content="1200"> <!-- recommend size -->
    <meta property="og:image:height" content="675"> <!-- recommend size -->
    <meta property="og:type" content="website">
    <meta property="og:locale" content="en_US">

Due to the fact if some of already shared links (being cached or an older version of your website or link to a webpage), re-check and add the upper OpenGraph tags.

Upon changes, try to run “Debug” and then “Fetch new” at the Facebook Debug Tool here (you need to be logged-in):

1 Like

Open graph meta tags are on my website
I’m using twitter card validator to check if image is pulled here: https://cards-dev.twitter.com/validator
Connection only from https with force redirect
All images hosted on the server
Yes there are some firewall rules blocking countries
URL of my website for the sake of example: Thrive leads review

See if any blocked requests at Firewall tab in Cloudflare dashboard, if so.

Nevertheless, I can see something different while trying to debug this link:

Check Facebook community guidelines and troubleshoot with them.

Your picture is good, no issues.

I could suggest you to temporary enable the “Pause Cloudflare for this site” option, wait for 10-15 minutes, then try again to re-check the same or other URL.
If the same error, I am afraid this has nothing to do with Cloudflare.

1 Like

I don’t actually care specifically about Facebook, because there are more social media networks.
The fact is that image is not pulled.

If I pause Cloudflare, then it works and you say it has nothing to do with Cloudflare?- I don’t understand…

You need to make sure these rules have exceptions for Twitter, Facebook and other social networks, as well as their ad bots, as their cloud-based crawlers can come from pretty much any country. Using the Known Bots field may not be enough, as these crawlers are not necessarily on Cloudflare’s rather limited Known Bots list.

Even the FB Community Guidelines issue pointed by @fritex can sometimes be the result of URLs being blocked by your firewall, as FB (or any other social network with similar precautions) can not give your website an OK without being able to see its contents.

1 Like

LinkedIn, Twitter, Discus, Telegram, Facebook … all use the same OpenGraph meta tags.

Okay, if it works, can you share some feedback information or screenshot when you Pause Cloudflare it works? :thinking:

When I test, I got 503 returned either due to the:

  1. JS Challenge / Challenge
  2. Firewall Rules
  3. I am under an attack mode
  4. Bot Fight Mode
  5. Hotlink protection
  6. Browser Integrity Check?

And was redirected to https://www.peakminute.com/404testpage4525d2fdc.

I’d suggest to try and clear cache at your hosting provider:

  1. x-turbo-charged-by: LiteSpeed

And also use “Purge Everything” option from Cloudflare dashboard → Caching → Configuration.

You have got duplicated closed noscript tag:

			<iframe data-lazyloaded="1" src="about:blank" data-src="https://www.googletagmanager.com/ns.html?id=GTM-MRM8P4G" height="0" width="0" style="display:none;visibility:hidden"></iframe><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MRM8P4G" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>

Please check your CORS rule as it might be issue to block something for fetching your website resource.

You should really troubleshoot this due to Facebook guidelines? :thinking:

Screenshot 2022-02-20 at 18-19-30 Facebook

Otherwise, again, might be Facebook is challenged (try disabling Bot Fight Mode) and as far as there wer post when people scanned their website with some online scanners, it showed as a “SPAM” dueo to the Bot Fight Mode / JS Challenge.

Lately one, here:

1 Like

Based on the error message from Linkedin as shown in your video, it seems to be a SSL/TLS error.

Throwing Please check that the site is using a prime size that is compatible with java 8 on Google results in a few SO topics where users facing the same issue were able to solve it by either changing their minimum TLS version to 1.2 or re-issuing the certificate at the origin.



This is the solution, I’ve just changed the minimum TLS version to 1.2 and it is working as it should.
Thank you @cbrandt

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.