Users of alternative browsers once again find themselves grappling with widespread access restrictions when attempting to visit various websites protected by Cloudflare’s security system, reports The Register. Among the affected browsers are Pale Moon, Falkon, SeaMonkey, and Firefox 115 ESR—the final available version for users of Windows 7 and macOS 10.13.
Cloudflare, one of the largest companies specializing in website security and performance optimization, offers CDN services, filters botnet traffic, and protects against DDoS attacks. However, one of its security mechanisms—browser verification—frequently results in legitimate browser users being unjustly blocked.
A key method Cloudflare employs to identify potentially suspicious connections is analyzing a browser’s User-Agent string. If a browser is not recognized as “known,” access to a site may be denied. Consequently, users of less popular browsers often find themselves unable to access websites, even when using official software versions.
These issues with Cloudflare date back to 2015 and have recurred regularly ever since. Last year, The Register received reports of Cloudflare blocking users in March, followed by similar incidents in July 2024 and again in January of this year.
Websites rendered inaccessible to alternative browser users include science.org, steamdb.info, convertapi.com, and even Cloudflare’s own forum. Some users report that upon attempting to access these sites, their browsers become trapped in an endless verification loop, freeze, or unexpectedly crash.
The issue extends beyond the use of niche browsers. Discussions on Hacker News indicate that Cloudflare’s filtering mechanisms also block users who disable referrer headers—metadata that indicate the origin of a website visit. While this behavior may be flagged as “suspicious,” many individuals deliberately block referrer transmission for privacy reasons.
In effect, prioritizing data privacy can lead to Cloudflare-imposed restrictions. If a user has anti-tracking measures enabled and prevents the transmission of previously visited sites, Cloudflare may interpret them as an automated script rather than a human visitor.
Addressing the problem is further complicated by Cloudflare’s support model, which caters exclusively to paying enterprise clients. For regular users, the only recourse is the community forum, but judging by the volume of recurring complaints, the company appears to pay little attention to these grievances.
Developers of Pale Moon have repeatedly released updates attempting to circumvent Cloudflare’s blocks, though such measures remain temporary fixes rather than long-term solutions.
As of now, Cloudflare has not issued an official statement regarding the widespread access restrictions. The Register has reached out to the company for comment but has yet to receive a response. Should this trend persist, users of alternative browsers may be left with little choice but to seek workarounds or abandon access to certain websites altogether.
