Cloudflare legitimately challenges suspicious activity on a site and bases this on a number of factors:
https://developers.cloudflare.com/waf/reference/cloudflare-challenges/
Would be worth capturing the request and speaking to Optimizely support to see if they can identify the cause.
I have seen cloudflare timeout issues before with a large payload, nothing that has returned unauthorized though.
It should be possible to ask Optimizely to let certain endpoints through.
A common thingie for commerce sites that use Klarna for payments is to open up the the callback url that is made to the site, since the post [from Klarna] contains script/markup code that Cloudflare otherwise find suspicious.
We've also had similar experiences with inriver, where sometimes product data posted to Optimizely would be challenged by Cloudflare.
The POST request of the site gets challenged by cloudflare and returns an unathorized response.
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/
The payload contains two base64 images and text content. When the content does not have links, it seems to get through, but when it has multiple lines and a link, then it gets blocked.
Anyone else faced a similar issue ?