uBlock Origin and other adblockers have started to block requests to /cdn-cgi/ or /cdn-cgi/apps/head/ because people have released anti-adblock apps. This is a problem because that means everyone who has an adblocker won’t get any of my apps.
Is there a way to fix this? either through cloudflare settings or through nginx/apache configuration?
Is your adblock blocking that request?
Why not whitelisting your domain?
Usually, you use /cdn-cgi/trace to test your connection to the domain which uses Cloudflare.
What is your domain?
I can test it because I use Strict Privacy in Options in combination with extenstion AdBlock Plus, DuckDuck Privacy Protection and AdGuard for my Firefox web browser.
And also having Cloudflare 1.1.1.3 / 1.0.0.3 at router and as a resolver.
So malware and ads are blocked “by default”.
If I can access it, then I do not see a problem so far so good 
That’s a false positive by uBlock Origin. You’d have to contact them about this.
Why is it a false positive? uBlock Origin is correctly blocking an anti-adblock app (this is how I noticed it working, I installed it), it’s just being too broad with its regular expression. However, that is probably the compromise their users have decided to make in order to prevent those apps from working and preventing new apps from working.
I understand why they are blocking it if Cloudflare wants their apps not to be blocked by more and more users (as these plugins get more aggressive in their filters) then we need the ability to allow a dynamic path to app code that we can set ourselves and connect be detected by these adblockers.
I am not concerned about my own adblocking, I don’t want my users to miss the apps I just installed because they have an adblocker. Specifically, the google translate app. My site is http://www.imvu-e.com/ and you can confirm yourself that Brave browser blocks the google translate from running.
On a related note, I don’t want my users adblocking at all so I tried to install one of the anti-adblock apps and that is how I noticed that adblockers are blocking the apps
Ok, maybe it’s not a false positive. I can get /cdn-cgi/trace to load, so they are targeting trackers, like Google.
https://www.imvu-e.com/cdn-cgi/apps/head/ the result for me is:
// The specified zone was not found
// It may still be being initialized, or this may be an error.
And non blocked as far as I got. Or I am doing something wrong here to access it?
Okay, got it under console, sorry, my bad.
This blocked:
https://www.imvu-e.com/files/images/ads/ads.php
Also this:
GET https://www.imvu-e.com/cdn-cgi/apps/head/S-xMWQ4yUsHLH318KPSIqMH0Li8.js
Blocked By Extension
What happens when you add type="text/javascript" to that script tag …?
Interesting, why does it block that file if it does not contain “ads” in it.
Does it contain only Google Translate?
This URL by example also has Google Translate, which is not being blocked by AdBlock or AdGuard (having them enabled):
Can you try with this:
The HTML code at that URL is to place the box where needed:
<div id="google_translate_element"></div>
Before closing </body> put this (but change hr to “en” or some other language and add the alternative ones as needed):
<script type="text/javascript">function googleTranslateElementInit(){new google.translate.TranslateElement({pageLanguage: 'hr', includedLanguages: 'bg,bs,de,en,es,fr,hr,hu,it,ja,ko,mk,nl,ro,ru,sl,sq,sr,zh-CN', layout: google.translate.TranslateElement.InlineLayout.SIMPLE, gaTrack: true, gaId: 'UA-2473327-1'}, 'google_translate_element');}</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
Maybe, due to EasyList for AdBlock, you could check or report to https://forums.lanik.us/?
Obviously it triggers stuff like:
/cdn-cgi/apps/head/$first-party,script
/cdn-cgi/apps/head/*$script,first-party,domain=yourdomain.com
I am not sure if Cloudflare can and would change that /cdn-cgi/ for apps installed, or?
Will something change if you add async attribute to ?
So it would load it …, or using “preload” for that JS file like before calling the script to “force it” somehow?:
<link rel="preload" href="https://www.imvu-e.com/cdn-cgi/apps/head/S-xMWQ4yUsHLH318KPSIqMH0Li8.js" as="script">
Then call it:
<script type="text/javascript" async src="https://www.imvu-e.com/cdn-cgi/apps/head/S-xMWQ4yUsHLH318KPSIqMH0Li8.js"></script>
Or, hm … ye, issue 
This is my own anti-ad blocker. Many ad blockers block things with /ads/ in the URL so I utilize this to show/hide divs. You can ignore this and isn’t related to CF apps.
In terms of manually using the script, I don’t think CF wants you to do that because I suspect the script name is some type of hash that will change if content/versions change.
It seems I just have to accept that some CF apps will block be blocked unless CF decides to allow us to use dynamic paths such that adblockers can’t write rules for them (easyList is just one of hundreds people can have)