[UPD ES] Filmaffinity 4.0

[Taino75]

Gracias por el esfuerzo. Cuesta, pero va funcionando. Lo que no consigo, es que me ponga el REPARTO, los actores. ¿Hago algo mal o es fallo del script?

* * * * * *

Thanks for the effort. It's hard, but it's working. What I can't seem to get is the CAST, the actors. Am I doing something wrong, or is it a script error?

[masterchipo]

Y seguí intentando, pero no hubo forma.
Agradezco a todos los implicados, pero no me funciona la ruta.
Probé con todo y todas las C D ,cree una carpeta de temporales en descarga y no me sale la información encuentra la película al apretar f6 pero no guarda la información en el lugar correcto.
Seguiré usando IMDB, hasta que se pueda solucionar esto

[silverluckyman]

Y seguí intentando, pero no hubo forma.
Agradezco a todos los implicados, pero no me funciona la ruta.
Probé con todo y todas las C D ,cree una carpeta de temporales en descarga y no me sale la información encuentra la película al apretar f6 pero no guarda la información en el lugar correcto.
Seguiré usando IMDB, hasta que se pueda solucionar esto

Pero cuando pones a buscar la película con el programa, la buscas por titulo o directamente con el link de filmaffinity?

A mi solo me funciona poniendo el link y re-escribes todo el tiempo sobre el mismo archivo de la carpeta de temporal (AMC_FilmAffinity.html)

Gracias por el esfuerzo. Cuesta, pero va funcionando. Lo que no consigo, es que me ponga el REPARTO, los actores. ¿Hago algo mal o es fallo del script?

* * * * * *

Thanks for the effort. It's hard, but it's working. What I can't seem to get is the CAST, the actors. Am I doing something wrong, or is it a script error?

No lo se, pero será que no tienes clicada esa opción y por eso no te lo añade?
Cuando te sale la info que te va a añadir, a la izda, tienes todas las opciones, mira si tienes la de interpretes sin clicar.

[raulsara01]

Hola he probado el nuevo script de Filmaffinity y va muy bien pero es para cuando quieres documentar pocas peliculas, en mi caso una vez al año meto varios cientos de pelis y no me es practico. Al final tiraré de IMDB, una vez con los datos de las pelis, lo exporto a CSV, con una función de excel traduzco Sinopsis y Comentarios y después lo vuelvo a importar. Va perfecto y tengo toda la info además de sinopsis y comentarios en castellano. Para la categoria y el pais que también esta en ingles, hago un replace en el excel (Por ejemplo Comedy por Comedia) y asi lo tengo todo en castellano. Es mas laborioso pero cuando hablamos de muchas pelis sale a cuenta. Lastima que no se haya encontrado ninguna solución para importar las pelis directamente de Filmaffinity.

Un saludo

[MrObama2022]

Mientras alguien encuentra una solución, yo para salir del paso, estoy utilizando el script de IMDB

[...]
Aquí dejo el script por si a alguien le interesa.
https://drive.proton.me/urls/PQ8DEY2VDM#E84yh8ktAp1e

Maybe it would be good to find a way to integrate your changes as options of the official script, as that one is still evolving it will be difficult to keep the two up to date separately.
Maybe check with MrObama2022 if he can include some of your changes?
viewtopic.php?p=92469#p92469

Alright, I'll check with him, thanks!

I released a new IMDB version using @Ertehe improvements, if you have requests or you want test and report bugs please use this thread

[MrObama2022]

I have an idea for fixing Filmaffinity (if you like it).

Open Windows prompt then try this:

curl "https://www.filmaffinity.com/es/film811435.html" -H "Accept: text/html, */*" -H "Accept-Language: it" -H "DNT: 1" -H "Priority: u=0, i" -H "Sec-Ch-Ua: \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Google Chrome\";v=\"138\"" -H "Sec-Ch-Ua-Mobile: ?0" -H "Sec-Ch-Ua-Platform: \"Windows\"" -H "Sec-Fetch-Dest: Document" -H "Sec-Fetch-Mode: Navigate" -H "Sec-Fetch-Site: None" -H "Sec-Fetch-User: ?1" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"

This works. So this is the idea: a simple powershell script that starts at windows login. The script monitor a directory. When AMC must visit filmaffinity it write the url in a txt file (requesthttp.txt) inside this directory. When the file is changed then the powershell script use curl to access that file and write the output in a result.txt file. The Filmaffinity script monitor the directory and when the result.txt is written it access to get the html.

I can simply all the steps for newbies and you will get a no-hassle working script. I hope so ... it's 6:36 am so I should have same rest now, but tell me if you like the idea and if you like to have a beta script to test on your pc.

[Taino75]

Y seguí intentando, pero no hubo forma.
Agradezco a todos los implicados, pero no me funciona la ruta.
Probé con todo y todas las C D ,cree una carpeta de temporales en descarga y no me sale la información encuentra la película al apretar f6 pero no guarda la información en el lugar correcto.
Seguiré usando IMDB, hasta que se pueda solucionar esto

Pero cuando pones a buscar la película con el programa, la buscas por titulo o directamente con el link de filmaffinity?

A mi solo me funciona poniendo el link y re-escribes todo el tiempo sobre el mismo archivo de la carpeta de temporal (AMC_FilmAffinity.html)

Gracias por el esfuerzo. Cuesta, pero va funcionando. Lo que no consigo, es que me ponga el REPARTO, los actores. ¿Hago algo mal o es fallo del script?

* * * * * *

Thanks for the effort. It's hard, but it's working. What I can't seem to get is the CAST, the actors. Am I doing something wrong, or is it a script error?

No lo se, pero será que no tienes clicada esa opción y por eso no te lo añade?
Cuando te sale la info que te va a añadir, a la izda, tienes todas las opciones, mira si tienes la de interpretes sin clicar.

Tengo marcada la opción Intérpretes, pero aún así, no me los añade. No sé el motivo.

[antp]

I have an idea for fixing Filmaffinity (if you like it).

The problem of making too-automatic solutions for FilmAffinity is that they could complain about AMC then, that gets their data without approval.
I guess it is OK if people make it on their side, but I won't include it officially (also the reason why I didn't put an option to change the user agent in AMC: so site owners can block it easily if they want).

[MrObama2022]

I have an idea for fixing Filmaffinity (if you like it).

The problem of making too-automatic solutions for FilmAffinity is that they could complain about AMC then, that gets their data without approval.
I guess it is OK if people make it on their side, but I won't include it officially (also the reason why I didn't put an option to change the user agent in AMC: so site owners can block it easily if they want).

Totally agree but it is ok for you if I release only in this forum CurlHandlerUnofficial.ifs and a filmAffinityUnofficial.ifs ? This ifs will not be updated in official script dir. By the way, I'm at 75% of this work but I don't know yet if it will work or not.

[MrObama2022]

Ok, I just finished. This works on my pc BUT PLEASE DON'T USE. THIS IS ONLY FOR STUDY, LOOK AT THE CODE BUT DON'T USE. I HAVE TO DO A LOT OF TEST. REPEAT: DON'T USE AND WAIT, THIS IS AN HIGHLY EXPERIMENTAL VERSION

ExternalCurlHandler.pas
FilmAffinity (ES).ifs unofficial 5.0 alpha 1

Here’s how it works. All the work is handled by an external library, ExternalCurlHandler.pas.
FilmAffinity (ES).ifs is based on the old version of the script and works as usual. Very little has changed:
now it uses ExternalCurlHandler.pas instead of StringUtils7552 (which is already called by ExternalCurlHandler.pas); it uses GetPage5Advanced() instead of GetPage(), and when starting, it performs a check to see if the PC setup is okay (if (not setupScript()) then exit;).
So far, everything is very simple. This approach allows any script to make use of ExternalCurlHandler.pas without being heavily changed: you just reference the unit in place of StringUtils7552, replace GetPage() with GetPage5Advanced(), and (optional) apply the initial check.

The library does one simple thing: through the setupScript() function, it creates a subfolder in which it places a single batch file.
If your catalog is located at D:\catalogs\movies.amc, the subfolder will be D:\catalogs\movies_curlscript\, and inside it, the created file will be called setup.bat.

This file needs to be run only once (I still have to make changes to handle more catalogs!).
So, the first time FilmAffinity (ES) is launched, it creates this file and you’ll be asked to close the window and run the `setup.bat` file.

The GetPage5Advanced() function, on the other hand, is an alternative to GetPage5() with the same parameters, but it is based on curl.
It writes the URL (and the headers) to call into a text file (curlRequestHeaders.txt) and waits for a response text file (curlOutput.html).
At the moment, the function still needs to be completed, but it already works partially.
This was my original idea.

The magic is done by the setup.bat file, which performs some fairly complex operations:

1. It checks if Task Scheduler has a process called ExternalCurlHandler. If this process doesn’t exist, it creates it (it asks for admin permission).
This process will automatically run every time the PC starts and will execute the file ExternalCurlHandler.ps1.
The ExternalCurlHandler.ps1 file is the one that waits for curlRequestHeaders.txt to appear and then generates the `curlOutput.html` file.

2. It creates the file ExternalCurlHandler.ps1 if it doesn’t already exist.

3. It manually starts ExternalCurlHandler.ps1 if it's not already running (so you don't need to reboot your pc).

I’ve tested the entire setup locally on my PC and it works. You need Windows 10 or 11, I don't know if this could works on Windows 7 or 8 (maybe ...)
For the end user, aside from the initial setup, everything is transparent — nothing changes, and the script works as it always has.
No browser launches, execution time is the same — everything is identical: 100% the same as before.

I tested both by searching with "Superman" and by directly providing the URL:
[https://www.filmaffinity.com/es/film811435.html](https://www.filmaffinity.com/es/film811435.html)

The only limitation of this solution is image handling — but fortunately, for movies, there are no changes needed in this script regarding that.

This is a "last chance option" when everything fails and you still need to access to a site. This will never be an official version and you will never find it in official release and official update scripts.

[MrObama2022]

https://dai.ly/k5YFHzCfgEYWPzDtMAu

The powershell window is for debug only, in the real world it will be 100% hidden

[raulsara01]

Hi MrObama2022, I've modified the Filmaffinity script several times when the webmaster made changes, but this completely eludes me. You're doing a great job. It's hard to follow everything you're saying, but from what I understand, we can continue using the script as we have been doing up until now. You'll post the script with instructions for using it once you've tested it thoroughly. It's clear to us that this won't be the official script. Thanks for everything.

[antp]

When I do requests on FilmAffinity with the Postman application, using the same parameters as AMC, it usually works, so I'm still investigating why it does not work in AMC. I don't know yet if they block it on purpose or if it is a side effect of some other setting, or collateral damage of some bot-protection (like Cloudflare).
If you try to use AMC's user-agent in cURL, does it work? If so, that could be an acceptable solution, as they could block it in case they want to explicitly block AMC.

[MrObama2022]

When I do requests on FilmAffinity with the Postman application, using the same parameters as AMC, it usually works, so I'm still investigating why it does not work in AMC. I don't know yet if they block it on purpose or if it is a side effect of some other setting, or collateral damage of some bot-protection (like Cloudflare).
If you try to use AMC's user-agent in cURL, does it work? If so, that could be an acceptable solution, as they could block it in case they want to explicitly block AMC.

curl.exe -I --tls-max 1.2 --http1.1 -v "https://www.filmaffinity.com/es/film811435.html" -H "Accept: text/html, */*" -H "Accept-Language: it" -H "DNT: 1" -H "Priority: u=0, i" -H "Sec-Ch-Ua: \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Google Chrome\";v=\"138\"" -H "Sec-Ch-Ua-Mobile: ?0" -H "Sec-Ch-Ua-Platform: \"Windows\"" -H "Sec-Fetch-Dest: Document" -H "Sec-Fetch-Mode: Navigate" -H "Sec-Fetch-Site: None" -H "Sec-Fetch-User: ?1" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
Note: Using embedded CA bundle, for proxies (231212 bytes)
* Host www.filmaffinity.com:443 was resolved.
* IPv6: (none)
* IPv4: 172.67.74.202, 104.26.0.105, 104.26.1.105
* Trying 172.67.74.202:443...
* ALPN: curl offers http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* CAfile: c:\myprograms\curl\curl-ca-bundle.crt
* CApath: none
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=filmaffinity.com
* start date: Jun 27 23:39:25 2025 GMT
* expire date: Sep 26 00:39:19 2025 GMT
* subjectAltName: host "www.filmaffinity.com" matched cert's "*.filmaffinity.com"
* issuer: C=US; O=Google Trust Services; CN=WE1
* SSL certificate verify ok.
* Certificate level 0: Public key type ? (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* Certificate level 1: Public key type ? (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type ? (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Connected to www.filmaffinity.com (172.67.74.202) port 443
* using HTTP/1.x
> HEAD /es/film811435.html HTTP/1.1
> Host: www.filmaffinity.com
> Accept: text/html, */*
> Accept-Language: it
> DNT: 1
> Priority: u=0, i
> Sec-Ch-Ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"
> Sec-Ch-Ua-Mobile: ?0
> Sec-Ch-Ua-Platform: "Windows"
> Sec-Fetch-Dest: Document
> Sec-Fetch-Mode: Navigate
> Sec-Fetch-Site: None
> Sec-Fetch-User: ?1
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
>
* Request completely sent off
< HTTP/1.1 200 OK
HTTP/1.1 200 OK

curl.exe -I --tls-max 1.2 --http1.1 -v "https://www.filmaffinity.com/es/film811435.html" -H "Accept: text/html, */*" -H "Accept-Language: it" -H "DNT: 1" -H "Priority: u=0, i" -H "Sec-Ch-Ua: \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Google Chrome\";v=\"138\"" -H "Sec-Ch-Ua-Mobile: ?0" -H "Sec-Ch-Ua-Platform: \"Windows\"" -H "Sec-Fetch-Dest: Document" -H "Sec-Fetch-Mode: Navigate" -H "Sec-Fetch-Site: None" -H "Sec-Fetch-User: ?1" -H "Upgrade-Insecure-Requests: 1" -H "Mozilla/5.0 (compatible; Ant Movie Catalog)"
Note: Using embedded CA bundle, for proxies (231212 bytes)
* Host www.filmaffinity.com:443 was resolved.
* IPv6: (none)
* IPv4: 172.67.74.202, 104.26.0.105, 104.26.1.105
* Trying 172.67.74.202:443...
* ALPN: curl offers http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* CAfile: c:\myprograms\curl\curl-ca-bundle.crt
* CApath: none
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=filmaffinity.com
* start date: Jun 27 23:39:25 2025 GMT
* expire date: Sep 26 00:39:19 2025 GMT
* subjectAltName: host "www.filmaffinity.com" matched cert's "*.filmaffinity.com"
* issuer: C=US; O=Google Trust Services; CN=WE1
* SSL certificate verify ok.
* Certificate level 0: Public key type ? (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* Certificate level 1: Public key type ? (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type ? (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Connected to www.filmaffinity.com (172.67.74.202) port 443
* using HTTP/1.x
> HEAD /es/film811435.html HTTP/1.1
> Host: www.filmaffinity.com
> User-Agent: curl/8.11.1
> Accept: text/html, */*
> Accept-Language: it
> DNT: 1
> Priority: u=0, i
> Sec-Ch-Ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"
> Sec-Ch-Ua-Mobile: ?0
> Sec-Ch-Ua-Platform: "Windows"
> Sec-Fetch-Dest: Document
> Sec-Fetch-Mode: Navigate
> Sec-Fetch-Site: None
> Sec-Fetch-User: ?1
> Upgrade-Insecure-Requests: 1
>
* Request completely sent off
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

I managed to use the same http headers (also user-agent, of course) in curl and AMC and with the 100% exact headers I get 200 with curl and 403 with FilmAffinity (you can see I forced http 1.1 and tls 1.2, as AMC does). MAYBE FilmAffinity is using JA3 and JA4+ techniques to stop bots but I think their problem is with IA (Gemini, ChatGpt, ...) and not with AMC (that is, blocking AMC is a side effect). JA3 and JA4+ (Cloudflare, Amazon AWS) create a unique fingerprint for the client. MAYBE the problem could be with libeay32.dll and ssleay32.dll and all the handshake during https connection but I should install Wireshark for further analysis and I don't want ...

If you think the culprit is JA4+/fingerprints, MAYBE this could help to "validate" AMC at Cloudflare.

Note: https://roundproxies.com/blog/what-is-tls-fingerprint/ "Mixing inconsistent parameters – If your User‑Agent screams “Chrome 122” but your cipher list matches Safari, expect a block.".

[MrObama2022]

That's why I think my library is useful ... because if more and more sites start using JA3 and JA4+ (and JA3 and JA4+ are part of cloudflare ...), we can still use AMC "as usual" thanks to that library. With ANY site. Now that my library use native curl and we can play with parameters but tomorrow can use a different curl or wget or postman or chromium (hopefully in no-gui/hidden mode) with an ad-hoc extension. This library is a "plan B" for "hard to abate" firewalls. I still have to test with GetPicture but I have one or two ideas.

Off topic: about legal question, I'm not a lawyer (my wife is) but I think AMC is like an ad-blocker or a personal ia agent: final user uses it for a different approach to a site page. You don't host these informations on cloud, you don't resell/earn from these informations and you are not sharing them with anyone. It's the user who use a different client to read the information on the website. Also blind people use specific client to access website. In my country, Italy, there is not a law asking to only use official web browser without any ad-blocker/other extension to access a website. Brave browser is still legal ...

[MrObama2022]

This is how AMC should be identified by JA4+

Protocol Details


Protocols
TLS 1.3 No
TLS 1.2 Yes*
TLS 1.1 Yes*
TLS 1.0 Yes*
SSL 3 Yes*
SSL 2 No


Cipher Suites (in order of preference)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) WEAK 256
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0xa5) 256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0xa3) Forward Secrecy2 256
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0xa1) 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) WEAK 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a) WEAK 256
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x69) WEAK 256
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x68) WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) WEAK 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) WEAK 256
TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x37) WEAK 256
TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x36) WEAK 256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032) 256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e) 256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a) WEAK 256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026) WEAK 256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) WEAK 256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) WEAK 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) WEAK 256
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x87) WEAK 256
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x86) WEAK 256
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x85) WEAK 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) WEAK 128
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0xa4) 128
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0xa2) Forward Secrecy2 128
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0xa0) 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) WEAK 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40) WEAK 128
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x3f) WEAK 128
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x3e) WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) WEAK 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) WEAK 128
TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x31) WEAK 128
TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x30) WEAK 128
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031) 128
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d) 128
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029) WEAK 128
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025) WEAK 128
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) WEAK 128
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) WEAK 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) WEAK 128
TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x99) WEAK 128
TLS_DH_RSA_WITH_SEED_CBC_SHA (0x98) WEAK 128
TLS_DH_DSS_WITH_SEED_CBC_SHA (0x97) WEAK 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) WEAK 128
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x44) WEAK 128
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x43) WEAK 128
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x42) WEAK 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) WEAK 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK 128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) WEAK 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) INSECURE 128
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) INSECURE 128
TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c) INSECURE 128
TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002) INSECURE 128
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) WEAK 112
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) WEAK 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) WEAK 112
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13) WEAK 112
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x10) WEAK 112
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0xd) WEAK 112
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) WEAK 112
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) WEAK 112
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112

Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling No
Signature algorithms SHA512/RSA, SHA512/DSA, SHA512/ECDSA, SHA384/RSA, SHA384/DSA, SHA384/ECDSA, SHA256/RSA, SHA256/DSA, SHA256/ECDSA, SHA224/RSA, SHA224/DSA, SHA224/ECDSA, SHA1/RSA, SHA1/DSA, SHA1/ECDSA
Named Groups secp256r1, secp521r1, brainpoolP512r1, brainpoolP384r1, secp384r1, brainpoolP256r1, secp256k1, sect571r1, sect571k1, sect409k1, sect409r1, sect283k1, sect283r1
Next Protocol Negotiation No
Application Layer Protocol Negotiation No
SSL 2 handshake compatibility No

I tried using "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" and "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" with their headers but no luck. These 2 browsers have similar protocol settings. I think JA4+ is strong enough to identify well the real browser, that is why my library can help for further cloudflare block