https://bugs.kde.org/show_bug.cgi?id=511426
--- Comment #3 from [email protected] --- After some investigation using an AI for the first time as a tool I got this: (Quote from AI, prettified by me): *********************************************************************************** Summary: Falkon blocked by Akamai Bot Manager on https://www.mobile.de *********************************************************************************** ************* Environment ************* OS: Linux Browser: Falkon (QtWebEngine-based) Comparison browsers: Firefox, Chromium (work) CDN / WAF: Akamai (AkamaiGHost) ******************* What Falkon sends ******************* Valid TLS 1.3 connection (TLS_AES_256_GCM_SHA384) HTTP/2 via ALPN Standard GET request to / Realistic browser headers (User-Agent spoofing tested) Cookies accepted and returned No TLS, certificate, or HTTP/2 errors observed. ************************ What mobile.de expects ************************ mobile.de uses Akamai Bot Manager with a JavaScript-based client verification: Initial GET request is accepted only conditionally Akamai sets bot-challenge cookies (bm_ss, bm_s, bm_so) Client is expected to: execute Akamai JavaScript pass browser fingerprinting (JS features, timing, APIs) re-request the page with a valid bot score Firefox and Chromium complete this flow successfully. ************************* Where the failure occurs ************************* Falkon receives HTTP/2 403 responses from Akamai Bot Manager cookies are set, but the challenge is not passed Repeated requests remain blocked User-Agent spoofing and disabling Client Hints do not change the outcome This indicates failure during Akamai’s JavaScript / fingerprint verification phase, not during transport or request setup. *********** Conclusion *********** The issue is not caused by TLS, HTTP version, or basic headers. Falkon fails at Akamai Bot Manager client verification, likely due to differences in JavaScript feature availability, timing, or fingerprinting compared to Chrome/Firefox. This results in a persistent server-side block on mobile.de. *********************************************************************************** I hope that this will be valuable information to some extent. -- You are receiving this mail because: You are watching all bug changes.
