Skip to content(if available)orjump to list(if available)

"Boobs check" – Technique to verify if sites behind CDN are hosted in Iran

"Boobs check" – Technique to verify if sites behind CDN are hosted in Iran

19 comments

·November 30, 2025

https://xcancel.com/hkashfi/status/1995109785679573167

Visit

shishcat

This behavior only works when the reverse proxy or CDN is configured like this:

Proxy/CDN: HTTPS (443) → Origin server: plain HTTP (80)

If the origin server uses any proper TLS configuration, even a self-signed certificate, this method stops working. It only succeeds when the upstream connection to the origin is unsecured.

If you want to test this on a random site without Cloudflare or reverse proxy in general on HTTP: curl http://www.digiboy.ir/boobs.jpg -v

Yokolos

I'm wondering for what purpose one would be interested in finding out if a site is hosted in Iran or not.

Aloisius

So presumably Iran has a reverse proxy in front of the entire internet for HTTP?

I really want to know what's on the webpage for the iframe.

KiranRao0

Does anyone have sample sites that return this?

lovegrenoble

Why not?

ThePowerOfFuet

https://xcancel.com/hkashfi/status/1995109785679573167

Boogie_Man

Thanks for posting this. I mostly gave up on viewing the one or two Twitter feeds that interest me after nitter stopped working. It wasn't ideological, I just wasn't able to reliably view and navigate without an account, and when I made an account it just kept showing me like "black HS football player bad sportsmanship".

Look like I've got about two years of James Cage White story arcs to check in on.

behnamoh

[flagged]

qbit42

I don't want to have to create an account to view the full context.

hypeatei

> XCancel is an instance of Nitter.

> Nitter is a free and open source alternative Twitter front-end focused on privacy and performance.

Where is the mission statement about wanting X gone?

https://xcancel.com/about

behnamoh

> No JavaScript or ads

I'd argue aiming to remove the main source of income of a website is operationally equivalent to wanting it gone. It's different than installing an extension that only removes the ads for you.

lexlambda

Like posting an archive.is link, others can actually read it. No login required for reading replays, no popups and signup nagss.

floodle

It's easier to view the tweet, to be fair

llimllib

some people don't want to give clicks to X, no we're not done with it. It doesn't harm you does it?

behnamoh

then I ask: what does X gain from your clicks?

dvngnt_

you can view replies without logging in