Script added by cloudflare?

I am trying to add my Globalsign seal to the website but the image shows as transparent.
I have compared it the script for the code to the site here where the seal is working.

Everything seems the same except my code has the script below added.
Is this added by Cloudflare?
Any help appreciated.

!function(e,t,r,n,c,h,o){function a(e,t,r,n){for(r='',n='0x'+e.substr(t,2)|0,t+=2;t<e.length;t+=2)r+=String.fromCharCode('0x'+e.substr(t,2)^n);return r}try{for(c=e.getElementsByTagName('a'),o='/cdn-cgi/l/email-protection#',n=0;n<c.length;n++)try{(t=(h=c[n]).href.indexOf(o))>-1&&(h.href='mailto:'+a(h.href,t+o.length))}catch(e){}for(c=e.querySelectorAll('.__cf_email__'),n=0;n<c.length;n++)try{(h=c[n]).parentNode.replaceChild(e.createTextNode(a(h.getAttribute('data-cfemail'),0)),h)}catch(e){}}catch(e){}}(document);

That looks like email address obfuscation.

As for the Globalsign seal, if you’re using Cloudflare SSL (:orange:), visitors will be served using Cloudflare’s Comodo SSL certificate, unless you’re on a Business or Enterprise plan with your own certificate uploaded to Cloudflare.

I suspect Globalsign seals don’t show up on a non-Globalsign SSL site.

Thanks for the quick reply sdayman.

There is no email there anyway so I wonder why the obfuscation code has been added

I have also noticed that if I remove the www then the image shows but there there is no link tag around the image.

Would your non-www site happen to be :grey:?

I haven’t tried site seals, but I have a theory that the images they use are served from Globalsign, etc., and won’t work if the site isn’t using their SSL certificate.

If their site seals do work from sites that aren’t using their SSL Certificates, then what’s the point? Anybody can slap a seal on their site.

Yes we have paid for a certificate from Globalsign and are trying to use their seal. I have had lengthy discussions with their support and they have no idea why the image isn’t showing.

I am only looking at Cloudflare settings in cPanel on our hosting site btw but there is no listing for non-www.

Would you mind posting the URL?

As for my theory, as I look at site seals, like the one from your first post, there’s a fair amount of code that helps verify the certificate, as opposed to the code I found from Comodo here: ComodoCA Official Site | Trusted Site Seal | Comodo Secure Site Seal Benefits

Hi sdayman here is th url of the site:

Regarding the email address obfuscation, it looks like there’s an email address in some Facebook reference. It may be a false positive, but that may be the cause of the mystery script.

I’m hoping you have access to most Cloudflare features via cPanel so you can turn off the email address filter. Under Cloudflare’s Scrape Shield tab, turn off Email Address Obfuscation.

Turning obfuscation off did clear the script from the seal code and I purged Cloudflare.

Seal still not showing though so it doesn’t look like it was the added code that was stopping it.

Wonder what is stripping the “a” tags from around the image.

It looks like you’re running Autoptimize. Can you try disabling that and clearing your cache(s) again?

p.s. It still looks like the obfuscation code is still in there.

The code I see looks like you’re missing a period between investments and uk. And then it sticks an other .uk on the end.

The uk is ok it’s tagged on to the end of the name. Then
I turned the obfuscation back on but it’s off again now.

Automptomize is now deactivated. I thought that would be the culprit but it doesn’t seem so.

One last test, then I’m probably out of ideas. Do you have an option on cPanel to temporarily bypass Cloudflare? In the Cloudflare DNS tab, you can :grey: a DNS entry to send traffic directly to your site, which would then give visitors a pristine connection to your site.

I’m hoping for two things:

  1. The image shows up because the site will indeed be using your purchased certificate
  2. That Anchor tag you lost from the image reappears.

There’s a pause option for the cloud flare but I am a bit cautious about using that.

If the seal is displayed correctly then does that mean I can’t use cloud flare for this site?

You’ll be ok if you pause it just for a bit. Unpausing it will bring it back to exactly how it is right now.

If my theory is correct, then the seal won’t work if you’re using Cloudflare.

OK it’s paused and purged.

No change. I am thinking there must be an error somewhere on the page.

Give it 5 minutes for DNS to update. I’m looking at it and it’s still served by Cloudflare.

OK. How can you tell that?