Firefox Broken When Using Cloudflare
FF 133.0.3 (64bit) OSX 13.6 Ventura
Am having trouble reliably accessing any site that uses Cloudflare.
No extensions are installed, no UA switching.
Have tried:
- Default settings as well as purposefully turning various settings "off", both with existing and brand new profiles.
- Disabling "Enhanced tracking protection", but it does appears to be hard-coded "on" as it appears as "Enabled" when any new site is visited, even even though about:protections clearly states "Enhanced Tracking Protection: OFF".
- Multiple DNS providers (Google -> 8.8.8.8, 8.8.4.4), (OpenDNS -> 208.67.222.222, 208.67.220.220), (Cloudflare -> 1.1.1.1, 1.0.0.1)
The issue with Cloudflare is getting past its endless "Verify you are human" turnstyle checkbox. As stated above ETP is supposedly "off". Even went ahead and added "https://cloudflare.com" and "https://challenges.cloudflare.com" to the ETP exceptions list (which should be unneccesary as ETP is supposedly "off").
Though this ticket was a few years old, followed all steps from https://support.mozilla.org/bm/questions/1273784 to no effect.
Double-checked:
Settings -> Privacy and Security: ETP -> Custom -> ALL unchecked (cookies, Tracking Content, Cryptominers, Known fingerprinters, Suspected fingerprinters) DNS over HTTPS -> Off
about:config: network.cookie.cookieBehavior -> 0 privacy.socialtracking.block_cookies.enabled => false privacy.trackingprotection.enabled privacy.trackingprotection.pbmode.enabled privacy.trackingprotection.cryptomining.enabled privacy.trackingprotection.fingerprinting.enabled
Going to any site and clicking the protection "Heart" icon still shows enhanced tracking protection to be "Enabled" (though it should not be). On any Cloudflare site, selecting "Disabled" immediately brings up the "Verify you are human" checkbox ad infinitum.
Just for fun, inspected a page a couple of times (the new serenity.ai search engine), clearing cookies & cache each time, noting the network tab via inspect. The only thing that appeared to change was the value of a cookie, and cloudflare's Ray ID. Two responses were in error, a 403 and a 401:
Request Headers (403): GET /search/new?q=pending&newFrontendContextUUID=4f32d4c2-d660-4ff0-9887-2a3aae266a9b HTTP/2 Host: www.perplexity.ai User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Referer: https://www.perplexity.ai/ Connection: keep-alive Cookie: __cf_bm=DNF1kEWfzAVxab2PKJWFLyU0IXE4b5LNz.PIeoJOkOM-1734448407-1.0.1.1-cS8gMWSRlFpgYv_.cZdM9mQ9DGzIsHM9wFfeFHhXwA0zY1vtZPh0rn4dDiC63I.z.w93j4IcSXrQnpjOuNyM1w; AWSALB=lTKv0yx38yEkkWzEYB967kh1SykONJgcXE9Ge6jOe93Ty6rjgkH/Z3fBTxkSNUqRnXDgFFI+KYesnIBGiZH490IN/2pXP88ymp9yPPEyygVgD81friGNeJZgn45BTyocfNyYmsqEskUA+rHB0ltxa1YhhpxrUABoqY/udkHGsyL4vlSvuzYJ4MOWwWlS4g==; AWSALBCORS=lTKv0yx38yEkkWzEYB967kh1SykONJgcXE9Ge6jOe93Ty6rjgkH/Z3fBTxkSNUqRnXDgFFI+KYesnIBGiZH490IN/2pXP88ymp9yPPEyygVgD81friGNeJZgn45BTyocfNyYmsqEskUA+rHB0ltxa1YhhpxrUABoqY/udkHGsyL4vlSvuzYJ4MOWwWlS4g==; pplx.visitor-id=4bc3f08b-020e-439e-8e93-15f8b6af0f83; __cflb=02DiuDyvFMmK5p9jVbVnMNSKYZhUL9aGkVUmJ5FqcYiD2; _dd_s=rum=0&expire=1734449360079; cf_clearance=UZ9n6kS.QQutYN0gn.BNstdZs_YZ764L76SAZVNJPjk-1734448407-1.2.1.1-u9UM_ZNPiKyD4aznyWVe1SJiRAquh36ZYaCGE7Np4pK_beiYl.c4oV23VoufQ8xzQ72Z_Enav6x.H37HHoRduCFPk_BCdFRrpPi1qYVJmHbUmgqEcash1cfl9bMUkoimji9AgONyabWAOng7o4fvRcjRyf.HdQVDXij2eVr_zzxm1Yt484iGVG6cyelIgm.xkIAaHpnmiBlnJElUdeaH5ptdBjdprkgL6S9LmMq6cQSz1xYmef2gH7yyC.kkIcZypX7uazKwOnrpe3QJnJTN3YNG_8NddGw3UOdrU.3AWSTyVv7_TjskqV3GrvUImEISakVICmxuRDZ7v9xi5DdMwJ__ocBaSEghOpbpPAoYANE; next-auth.csrf-token=772ac4d1fe8dfdfc70db3336892bafe3e7738102b83aa8269663e3444d1a1aa6%7Cd4206f57d899feb21c14f1aff27d0ce596dfb06c928c52d7cda16f3dc9a52eec; next-auth.callback-url=https%3A%2F%2Fwww.perplexity.ai; __stripe_mid=d89f9abf-fdd8-4910-b012-9a0a1da2b3405fa7e8; __stripe_sid=b520bbae-1a2d-4363-9e2e-3f058998c945eff199; pplx.metadata={%22qc%22:1%2C%22qcu%22:0%2C%22qcm%22:0%2C%22qcc%22:0%2C%22qcd%22:0%2C%22hli%22:false%2C%22hcga%22:false%2C%22hcds%22:false%2C%22hso%22:false%2C%22hfo%22:false} Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=0, i TE: trailers
Response Headers (403): HTTP/2 403 date: Tue, 17 Dec 2024 15:14:20 GMT content-type: text/html; charset=UTF-8 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-content-options: nosniff x-frame-options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: Gdpf2G2P84icaUc9eXBrWRoMXFniOcc94+Rt+ymiXoU/cQYKq8+xzyEgik2f0RThFUI4k5JP9g+7skl51OBeTGu39RBCR7yL/tmwF/QGgJBjDwK3EIC0tYjHpE5BW4phtvO78Z9jG2iIgdkLyHJdhw==$aGNrRFcXEu22z86D/jnmkA== cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT vary: Accept-Encoding server: cloudflare cf-ray: 8f37dcbbeae32e6a-DFW content-encoding: gzip X-Firefox-Spdy: h2
Fetch (403): await fetch("https://www.perplexity.ai/search/new?q=pending&newFrontendContextUUID=9d97fef3-8197-4a4a-841f-690468857281", {
"credentials": "include",
"headers": {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language": "en-US,en;q=0.5",
"Upgrade-Insecure-Requests": "1",
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-User": "?1",
"Priority": "u=0, i"
},
"referrer": "https://www.perplexity.ai/",
"method": "GET",
"mode": "cors"
});
Request Headers (401): GET /cdn-cgi/challenge-platform/h/b/pat/8f37dcbe4d1e2836/1734448460780/74c530203e547de34250ba4b3b0818fccad4eb8dceb870bebc84a25ac4424ca4/8ST9YViz3dffgoY HTTP/2 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d8tib/0x4AAAAAAADnPIDROrmt1Wwj/dark/fbE/normal/auto/ Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Priority: u=4 Cache-Control: max-age=0 TE: trailers
Response Headers (401): HTTP/2 401 date: Tue, 17 Dec 2024 15:14:20 GMT content-type: text/plain; charset=utf-8 content-length: 1 www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gdMUwID5UfeNCULpLOwgY_MrU643OuHC-vISiWsRCTKQAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIHTFMCA-VH3jQlC6SzsIGPzK1OuNzrhwvryEolrEQkykABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIHTFMCA-VH3jQlC6SzsIGPzK1OuNzrhwvryEolrEQkykABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAnjx4ES9FK_7HoOz2eOuAOLsLJohAAACh84h85AqhAgNOQHBXgzvaRlSVTWSxbxqMaM7_mzi_nXEX7uTPY4QjDPwxO1-MTMRr9MTdbId3v2KeXk7Utq2UL3Sqq1pUAFuYr5f3iNWvcUTPA2uQnM5rA2Y6y4ihqGeKzjo4Ws3RUng4UG_XpnH7TLtkaQT2lSlx1KW3HVmqe3s2nErL6VnmuSSy2fq44coBInPp7ynWCw8_3S_-dcI8a5go7lg2mavoCR40euH5CdnAunVSViDwmvWwAp-1utTaVRH5Js528pcl79qQZBn4JNqyILi_Ymqw1LSnr8eYgV1xj4dzW1hJqQIDAQAB", max-age=20 server: cloudflare cf-ray: 8f37dcc06f682836-DFW alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2
Fetch (401): await fetch("https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8f37e12ccc22e79a/1734448642308/b0f60510f953d7fa51138545e66632922718d191f21dd45996658b37e0dd46d0/BgNyxuJHfe5Ju1e", {
"credentials": "omit",
"headers": {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0",
"Accept": "*/*",
"Accept-Language": "en-US,en;q=0.5",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin",
"Priority": "u=4",
"Cache-Control": "max-age=0"
},
"referrer": "https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2iqu9/0x4AAAAAAADnPIDROrmt1Wwj/dark/fbE/normal/auto/",
"method": "GET",
"mode": "cors"
});
Had also reported this issue over at Cloudflare a while back; they were not very forthcoming as to why this behavior might be occurring. Often their own forum would get the endless turnstyle with FF.
Other browsers do not have this issue, and while I very much like Firefox, in recent releases it has become all but unusable where Cloudflare is concerned.
Please advise how to reliable get past Cloudflare's endless "Verify you are human" turnstyle.
Thanks!