From 96c03798ab054bf5c0d553292ada857af7dd21dd Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Fri, 20 Dec 2024 13:41:53 +0100
Subject: [PATCH] Update 4xx-client-error.mdx

---
 .../http-status-codes/4xx-client-error.mdx                | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx b/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx
index 32ff65784abb76..56e3736f6995e0 100644
--- a/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx
+++ b/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx
@@ -41,15 +41,23 @@ If you're seeing a 403 error without Cloudflare branding, this is always retur
 2. Mod\_security rules
 3. IP deny rules. You need to make sure that [Cloudflare's IP ranges](https://www.cloudflare.com/ips) aren't being blocked
 
+### Cloudflare-specific information
+
 Cloudflare will serve 403 responses if the request violated either a default WAF managed rule enabled for all orange-clouded Cloudflare domains or a WAF managed rule enabled for that particular zone. Read more at [WAF Managed Rules](/waf/managed-rules/).
 
 If you're seeing a 403 response that contains Cloudflare branding in the response body, this is the HTTP response code returned along with many of our security features:
 
 * [WAF Custom or Managed Rules](/waf/) with the challenge or block action
 * [Security Level](/waf/tools/security-level/), that is set to Medium by default
+* [DDoS Protection](/ddos-protection/), that is enabled by default on zones onboarded to Cloudflare, IP applications onboarded to Spectrum, and IP Prefixes onboarded to Magic Transit
 * Most [1xxx Cloudflare error codes](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/)
 * The [Browser Integrity Check](/waf/tools/browser-integrity-check/)
 
+Cloudflare will also served blank 403 error pages in the following 2 cases. There errors are not logged as they occur early in Cloudflare's infrastructure before the configuration for domains has been loaded.
+
+* [SNI](https://www.cloudflare.com/learning/ssl/what-is-sni/) mismatch: an error 403 is returned if there is a mismatch caused by the client sending a different host to the SNI
+* [Validation Checks](/waf/analytics/security-events/additional-information/) 
+
 ## **404 Not Found ([RFC7231](https://tools.ietf.org/html/rfc7231))**
 
 Origin server was unable or unwilling to find the resource requested. This usually means the host server could not find the resource. To serve a more permanent version of this error one should use a 410 error code.