Cookie “cf_use_ob” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts.
Thanks for investigating; much appreciated that someone else is taking a look at this.
That output only shows the response from the Cloudflare server, I am not sure I understand how that conveys any information about the problem between Cloudflare and the target site.
Moreover, the message in Firefox console is just a warning - you can see the cookie being provided in subsequent requests, so it is set. The linked MDN doc is also a bit confusing: it states that SameSite is optional and I did not see that this is subject to change (“soon”, according to the message).
Cloudflare returns a Cloudflare-branded HTTP 502 or 504 error when your origin web server responds with a standard HTTP 502 bad gateway or 504 gateway timeout error: