It looks like Cloudflare Pages doesn’t properly handle the character
%0A in a URL and will respond with HTTP 500.
We were able to reproduce this issue on various static websites hosted on Pages that use different static engines (without functions). Interestingly, it doesn’t trigger on the Cloudflare-demo site, but maybe this one is fronted by a worker function that intercepts the URLs?
I understand that finding %0A (newline character) in URLs is unusual, but our security team discovered it when they ran their automated test suite.