Third party tools cannot access my websites

Hi Cloudflare Community,

I’m trying to test the responsiveness of my website with some online tools but I’m getting nothing back. intcultcom.com and intcultcom.fr when tested on responsiveness tools like responsinator and AmIResponsive are coming back with empty screens that say “intcultcom.fr refused to connect”.

I’m guessing this is a Cloudflare thing. We recently converted these sites to HSTS, thereby moving the SSL from being provided by our cPanel to being provided by Cloudflare.

Could that have anything to do with it? Any help would be much appreciated!

Thanks Community!

That is an issue, you still need the certificate on your server as well.

That should be an issue with that particular service. Your site is working and loads here as well → sitemeer.com/#https://intcultcom.fr

Respectively, that service seems to simply use a frame to display your site and your site does not allow that, but that’s not Cloudflare related.

But you really need to make sure you have the certificate properly in place on your server, otherwise you have no encryption.

Thanks for the input Sandro.

Yes, I have tested and know that the site is up and running, as I tested on downforeveryoneorjustme.

And I have tested the SSL cert, and it’s fine.

The question I’m trying to answer is, “Why is it not showing up on those other tools.”

If you have any insight as to why THAT’S happening. I’d love to hear it.

That’s the proxy certificate, you said you “moved SSL”. Do you still have a valid certificate on your server?

@stephen.revere

I think its not because of this.

Are you using SSL Full Strict with origin certificate? I’m curious to know if that’s the similar case.

Yes, that’s where I’m confused. If the site is open, up and has a working SSL cert (which it does as I linked to the test above), then why would it not be showing up in those 3rd party tests.

With all do respect, if you don’t know why it is, then it’s hard to rule out Cloudflare proxy blocking it, no? I’m still betting that’s where the issue lies.

Hi Neiljay!

No, I’m not using the Full Strict. It’s set to flexible.

Thanks!

Best,
Steve

@stephen.revere

Thank you for the feedback. I tested with some of the sites I manage. I found the sites that are in Flexible mode (Not recommended) were able reflect in the third party tools you mentioned as well as others while that which was set in Full Strict failed having other similar settings.

As sandro tried to explain, your site does not allow itself to be loaded in frames by other sites. Specifically, your server is returning this header

X-Frame-Options: SAMEORIGIN

The first site you linked tries to do that, and that’s why it doesn’t work for you. The second one, I can’t get to work with any site.

2 Likes

@i40west

Got it. That’s interesting.

1 Like

It’s an HTTP response header. You can view the headers with curl -I or curl --include or look at the Network tab in your browser’s dev tools.

1 Like

@i40west , you absolutely rock.

@neiljay , in my case as it’s a WordPress website it was in my .htaccess file. I removed it, used the tools I needed and then put it back in again.

Thanks so much!

1 Like

With Flexible you have an insecure site to begin with and need to change that to Full Strict. And yes, the frame thing is a particular issue with these services, as I mentioned before. And if you had read my response you would have known that, so your reply was a bit inappropriate. And a bit more appreciation would be nice, not only for mentioning your issue but also for pointing out that you have no security.