Can't Open the signin page. It keeps showing: Checking your browser before accessing

I went to and clicked on login. Now I am stuck on a page showing the message: "Checking your browser before accessing
This process is automatic. Your browser will redirect to your requested content shortly.

Please allow up to 5 seconds…"
I have been stuck on this page. I left the PC Overnight but no change. I tried clearing my cookies and restarting the PC, but no change. My entire workflow is stuck due to this, and the boss is yelling:(. Please help. I have already tried disabling the firewall. And the website is working on my phone, so I think its not a DDOS attack on the server. Hope you can help

What browsers have you tried? Was the phone on the same network as your computer or via mobile network? Try different browsers on your computer to see what happens. Maybe even in the browser you have issues with, open a incognito tab and try here so that we can rule out any browser extensions causing issues.

I have just tried and was able to login. Chances are it’s a routing problem, you could use one of the free VPN services, and connect from your computer, choosing for example a different location to where you are. If it works, then it means the problem is not your computer but routing issues from your ISP to the gitlab servers. Since your phone works, like it works for me, it means gitlab is fine.


Thanks for the help. I isolated it to an anti-tracker extension which was running on both of my browsers. On Disabling it, the site is now working as expected. I have now added to its exclusion list and its now working. Thanks for the help @iwalker You are a lifesaver :smile: !!


This issue is back. Can’t log in with Firefox. I’ve blocked lots of shady behaviour like canvas fingerprinting, which I suspect is one of the things the login page “needs” to do to log me in.

1 Like

This is what happens when people go to the extreme of blocking things and sites stop working. Like noscript for example can break pages. I suggest you undo whatever it is you did until it starts working again.

1 Like

Nothing changed in my browser, javascript is allowed for Gitlab, tracking protection is off for gitlab, and still, login is not possible. After the reload, returns 503 service unavailable with “Cookie “cf_chl_seq_xxx” has been rejected because it is already expired” warning in the DOM. The only way was to use Chrome to login.
Do you think it is not OK if people don’t want to be tracked by Google while checking their codebase for personal projects?

I have advanced tracking enabled in Firefox but haven’t changed any of their default settings - works perfectly fine for me on my own Gitlab server as well as I wouldn’t use Chrome, that’s even worse for tracking. Not surprising since it comes from Google…

If issues are occuring, then it’s obviously due to some plugins or settings that have messed around with it all.

Go to about:config in firefox and search for privacy.resistFingerprinting. If it’s set to true, then setting it to false should make gitlab login work. Cloudflare’s anti-privacy, overly intrusive ddos prevention system - which gitlab is now using - requires browser fingerprinting.


I am having the exact same issue (also getting a 503 + cookie denied in the console). Can’t log in with firefox.
I had to log in with github to be able to reply.

Was going to teach students how to use GitLab and GitHub, but due to this protection, it is no way to login, perhaps we will keep using GitHub only. This way of blocking normal users is over the head.

jcheatum solution by setting privacy.resistFingerprinting false, does work, but it leaves additional vulnerability.


I try, but I couldn’t stand to not give you a reply

“I have advanced tracking enabled in Firefox but haven’t changed any of their default settings - works perfectly fine for me on my own Gitlab server as well as I”

Cool story bro, I got something for you :
Before rejecting the problem on the author, you may wanna check this

[HTTP/2 503 Service Unavailable 24ms]

Service Unavailable
Transferred9.31 KB (8.49 KB size)

	private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
	text/html; charset=UTF-8
	Tue, 28 Sep 2021 01:06:44 GMT
	max-age=604800, report-uri=""
	Thu, 01 Jan 1970 00:00:01 GMT
	gzip, deflate, br
	_biz_uid=69a03e84e64d4fcad8506b6496fe3ffe; _biz_sid=491b97; _biz_nA=4; _biz_pendingA=%5B%5D; _biz_flagsA=%7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D; _gcl_au=1.1.2081847448.1632790449; cf_chl_2=754cddbc1688a86; cf_chl_prog=b; cf_chl_rc_ni=38; _gitlab_session=d80d792f961c2c86f3f227638c167fa0; _uetsid=73b0fa501ff711ecb40aa597581ffa3d; _uetvid=73b0ebd01ff711ecbe64499dbed9cbd8
	Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0

Don’t known if your work for gitlab or something, but the “security” they implement to get rid of any bot / spam is the problem, browser are not the one who should make their code or settings compatible to be able to load a website, but the website doing the right code to work on any browser (HTML5)

getting ride of a clear net spam of bot / ddos or whatever undesirable requests they are getting, and being compatible with major browser doesn’t require major skill or cost, if you think it is you may wanna check on the onion big community that are able to handle a spam bot from the tor network and without making the browser load the single javascript line… there you go, next time avoid misleading thanks

1 Like

Well, considering your error is a 503 error and all the posts from your google search are 422 make them irrelevant to the problem. Maybe you would prefer to google a bit better and provide something in your post more relevant to the problem you are experiencing?

I didn’t reject his problem, perhaps read the entire post properly and in context? Also people have had issues and solutions provided by me here in this thread have resolved their issues.

You then post showing the HTTP headers, but then you refuse to reflect and post exactly what you think the problem is and how it should be resolved. Instead you post just to be negative which doesn’t help anyone. Gitlab also have the right to have bot and DDoS protection, and if you are rejected because of your IP range or network, then perhaps you should be talking to the ISP that owns that block to clean up their act and stop letting bots/spammers abuse their networks. Assuming that is the problem you are hinting at? Or maybe you use TOR and this is why you have problems with connecting from time to time? In that instance, perhaps you should be talking to Cloudflare since they are the ones that are blocking it. Obviously they have their methods and reasons for it.

Not that it is relevant, but no I’m not a Gitlab employee. If I was, it would say under my name that I am a part of the team.

Maybe next time you post, you will be more positive and constructive. But yeah, whatever…

Pleased at least i can get in to the forum, this is a real problem for me does it look like there is a work around? i dont want to turn on fingerprinting of my browser, i really rate gitlab be a really annoying reason to stop using gitlab!

1 Like

My login also just sits at “checking your browser”.

I disabled uBlock and uMatrix specifically. No dice.

I disabled fingerprinting protection. No dice.

I whitelisted for fingerprinting protection. No dice.

I restarted Firefox in troubleshooting mode which disables all add-ons. No dice.

1 Like

I am in the same situation. I am not able to login at all. I have disabled everything I can find; plugins settings. I have added gitlab to exception list, fresh install of firefox, private tab, etc…

I have had no problems with gitlab until now. Blocking me out of my account is extreme.

I have install chromium for the sole purpose of moving all of my data out of here. I am sorry to have to leave.

This policy change should really be revisited.

I assume we need to whitelist cloudflare tracking instead of gitlab to solve this issue?
It shouldn’t be mandatory to be tracked by cloudflare to access gitlab. I can’t use its UI for last few weeks now because I refuse to use it in Chrome.

Same issue here. Haven’t been able to log in to GitLab on Firefox since yesterday (2021-10-08), no add-ons running. Like the people above, strongly considering leaving GitLab

Same thing here, a few days ago gitlab webui just started looping in clouflare protection like this, in my nice and tidy firefox work profile:

Just blocking access to gitlab from one day to the next with no indication on what the user should change, or what some idiot protection system doesn’t like, is bad UX.

Nothing works, not event the stupid privacy pass extension from cloudflare helps with this, because to get privacy passes you have to get past the same looping screen bug too, lol.

I dislike software in general. Now I dislike gitlab and cloudflare just a little bit more than before.


Same here (Fedora 34): Neither Firefox 93.0 nor Icecat 78.14.0esr allow logging in to GitLab anymore.

1 Like

I too don’t like this at all. Had to disable fingerprinting to login to gitlab. I think I might move back to github. There atleast I don’t have to enable spying for all websites.

1 Like