So Bunny CDN got back to me and said.
have diagnosed this further, and my original guess was correct. Your origin seems to be blocking requests that do not contain a specific browser user agent, see here:
X:~$ curl -I https://forum.penangexpats.com/ -A chrome
HTTP/2 200
date: Tue, 23 May 2023 11:36:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: BunnyCDN-SG1-868
cdn-pullzone: 1408974
cdn-uid: 7e2b52ab-b488-4ff1-b538-1bc4b7004d60
cdn-requestcountrycode: NL
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-discourse-route: categories/index
content-security-policy-report-only: upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.penangexpats.com/logs/ https://forum.penangexpats.com/sidekiq/ https://forum.penangexpats.com/mini-profiler-resources/ https://forum.penangexpats.com/assets/ https://forum.penangexpats.com/brotli_asset/ https://forum.penangexpats.com/extra-locales/ https://forum.penangexpats.com/highlight-js/ https://forum.penangexpats.com/javascripts/ https://forum.penangexpats.com/plugins/ https://forum.penangexpats.com/theme-javascripts/ https://forum.penangexpats.com/svg-sprite/ https://www.googletagmanager.com/gtm.js 'nonce-af9b14e48a03b0e8bb7d66bf8be1368c' 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY='; worker-src 'self' https://forum.penangexpats.com/assets/ https://forum.penangexpats.com/brotli_asset/ https://forum.penangexpats.com/javascripts/ https://forum.penangexpats.com/plugins/; frame-ancestors 'self'; manifest-src 'self'
x-discourse-cached: true
x-request-id: a0b16517-ee98-43f3-a703-913f5e3850a1
x-runtime: 0.004948
x-discourse-trackview: 1
strict-transport-security: max-age=31536000
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/23/2023 11:36:08
cdn-edgestorageid: 868
cdn-status: 200
cdn-requestid: 985151325f02414670eb77798e8e5e27
cdn-cache: MISS
X:~$ curl -I https://forum.penangexpats.com/
HTTP/2 403
date: Tue, 23 May 2023 11:36:43 GMT
server: BunnyCDN-SG1-868
cdn-pullzone: 1408974
cdn-uid: 7e2b52ab-b488-4ff1-b538-1bc4b7004d60
cdn-requestcountrycode: SI
cache-control: no-cache
x-request-id: d8519537-194f-41c0-b8a4-e5f9ba56f612
x-runtime: 0.002454
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 403
cdn-cachedat: 05/23/2023 11:36:43
cdn-edgestorageid: 868
cdn-status: 403
cdn-requestid: c55661436d71de7db2b28ac5123093f7
cdn-cache: MISS
The top one succeeds when I specify a Chrome user-agent, the bottom one 403’s when there is none. This is not a configuration from Bunny, and must certainly be coming from the origin. I’d recommend checking this further on your end.