Type
Product improvement
Description
Include the origin’s response or at least the original response headers and SSL handshake information in the Trace results.
Benefit
Some systems are secured in a way so that they block any requests not coming from Cloudflare, for example by blocking non-CF IPs or using mutual TLS.
Debugging issues on these can be very frustrating, as it is hard to determine whether something is caused by the origin or Cloudflare without making significant changes to the origin configuration, which might invalidate the test results.
In these situations, it would really help if Trace would show the response as served by the Origin, or at least the headers.
Additionally, information about the SSL handshake, especially failed handshakes would be really helpful.
Right now, the standard response to any 525/526 related topics here on the forum is basically Please disable the proxy so we can have a look.
This is not ideal, as it exposes the users IP address.
It would help immensely if the Trace included the certificate presented by the server, maybe even stuff like TLS version, Ciphers etc.