Cloudflare blocking endpoint label rendering

[daquinteroflex]

Are you experiencing an issue with...

shields.io

🐞 Description

Hello. Everything was working well until recently. Suddenly our custom endpoint badge is not rendering. When I went to check the url, seems like cloudfare is blocking it as per below.

I tried to execute the badge online in your website https://shields.io/badges/endpoint-badge and it gives me this output.

<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>


<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->


</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> shields.io</h2>
      </div><!-- /.header -->

      <div class="cf-section cf-highlight">
        <div class="cf-wrapper">
          <div class="cf-screenshot-container cf-screenshot-full">
            
              <span class="cf-no-screenshot error"></span>
            
          </div>
        </div>
      </div><!-- /.captcha-container -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>

            <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>

            <p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
          </div>
        </div>
      </div><!-- /.section -->

      <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">9290e2f2cd3bcbe8</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
      Your IP:
      <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
      <span class="hidden" id="cf-footer-ip">213.27.229.66</span>
      <span class="cf-footer-separator sm:hidden">&bull;</span>
    </span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
    
  </p>
  <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->


    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->

  <script>
  window._cf_translation = {};
  
  
</script>

</body>
</html>

Community

    [GitHub](https://github.com/badges/shields)

[Open Collective](https://opencollective.com/shields)
[Discord](https://discord.gg/HjJCwm5)
[Awesome Badges](https://github.com/badges/awesome-badges)
Stats

    [Service Status (Upptime)](https://badges.github.io/uptime-monitoring/)

[Service Status (NodePing)](https://nodeping.com/reports/status/YBISBQB254)
[Metrics dashboard](https://metrics.shields.io/)
Policy

    [Privacy Policy](https://shields.io/privacy)

Copyright © 2025 Shields.io. Built with Docusaurus.

🔗 Link to the badge

https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/daquinteroflex/4702549574741e87deaadba436218ebd/raw/tidy3d_extension.json

💡 Possible Solution

Is there a cloudfare configuration causing this?

[github-actions]

Badge tested using npm run badge https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/daquinteroflex/4702549574741e87deaadba436218ebd/raw/tidy3d_extension.json
Output is available here

[Tyler-RCSD]

I have the same issue today from two different source IPs.

[chris48s]

Hi. As noted in #10981 (comment) and #10982 (comment) I've temporarily blocked most traffic to the endpoint badge. This is intended to be a temporary measure, but I can't completely unblock it until the abusive traffic is under control.

[chris48s]

The majority of legitimate requests to the endpoint badge should now be getting served.

I'm not going to disclose the precise details of what we are/aren't blocking at the moment as we are still blocking a lot of unwanted traffic and I don't want to make it public how to circumvent that, but the majority of legitimate requests should now be unblocked.

I'm going to close these issues but we will continue to monitor the situation.

[shawnalpay]

@chris48s FYI that our traffic against https://img.shields.io/badge/License-CC%20BY%204.0-lightgrey.svg is still being blocked.

[daquinteroflex]

Thanks, appreciate the help and support sorting this out! It's working for us at least.

[chris48s]

@shawnalpay there are no firewall blocking rules in place on that route. Only /endpoint. This sounds like a different issue.
If you're still having issues, can you post more details in a new issue/thread.