I've verified that the request being sent from the browser is exactly the same every time you open that URL (well it can't be different because it's just opening an URL in an incognito tab)
How can the server distinguish the same request sent from a browser and from Fiddler? First time I see such issue and I don't have any idea on how to dig deeper here...
The request looks like this:
GET <url> HTTP/1.1
Host: <host>
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
It seems this server has dropped the TLSv1.0 support and .NET Framework uses it by default.
There is a detailed answer on how to set the default SSL cipher to TLSv1.2 here: Are there .NET implementation of TLS 1.2?
By the way, it IS possible to enable TLSv1.2 support in .NET 4.0 apps using a registry trick described in one of the answers to that question. That is if the installed IE supports it of course.