The command it just on the Pi-hole server itself, the clients should be redirecting their requests for blocked domains to the Pi-hole server, and seeing the REJECT on port 443, they should be immediately stopping the attempt at rendering the asset and continue on with the rest of the page.
Can you post your iptables configuration?
sudo iptables -nvL and sudo ip6tables -nvL and lets see what is configured.
Here is my configurations iptables.
IPTABLES
IP6TABLES
I tried to install unix OS (no Windows OS) on another virtual machine, set DNS to pihole and go to on problamatic webpage and ? It works... no timeout error, only connection refused. Webpage loaded quickly.
It means, that problem is on windows side, or windows OS dont know REJECT ? Can anyone test it ?
I found it, but i dont know, how to fix it.
Pi-hole REJECT connection only for clients in the same address range as he is. Pi hole answer for all clients on http, but on https no.
There should be no restrictions on the private network.
Websites pihole work well for everyone, DNS too..
What I found out:
traceroute script.ioam.de
traceroute to script.ioam.de (10.10.0.12), 30 hops max, 60 byte packets
1 pihole (10.10.0.12) 0.020 ms 0.005 ms 0.003 ms
traceroute6 script.ioam.de
traceroute to script.ioam.de (2a01:5740:1000:3301:dee6:8e74:7152:5bc1) from 2a01:5740:1000:3301::12, 30 hops max, 16 byte packets
1 pihole (2a01:5740:1000:3301::12) 2999.96 ms !H 2998.66 ms !H 3000.02 ms !H
I think slow websites are related with IPv6. If you turn off IPv6 pihole answers like greased lightning. Only IPv6 resolution is slow.
You can see that with script.ioam.de which is blocked by pyhole. Both routes v4 and v6 are resolved by pihole. IPv4 in 0.3 ms and IPv6 in 3 seconds. This is the delay.
Has anybody an idea how to fix this?
This is sometimes the case:
After setting the right IPv6 address everything works perfect.
Thanks for your help.
Thomas
I ran into a similar problem. I'm using IPv4 only. Mac and Linux clients would get an immediate "connection refused" for pi-holed https resources, but the same request from a browser on Windows would hang for ~20 seconds before timing out. I was using the iptables REJECT rule given above on the pi-hole server.
However there are several ways to reject a connection. By default iptables will send an ICMP port-unreachable, which Windows seems to ignore. I modified the rule to be iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset which fixed the problem for Windows clients as well as the others.
Possibly Windows Firewall was blocking the incoming ICMP packet and adjusting its inbound rules would have fixed this also.
ip6tables is the interface to the IPv6 iptables rules.
Yes, I wanted to reject port 443 on ipv6 as well but I'm not familiar with writing rules 
I've started receiving ipv6 from my ISP this week. Since then I'm experiencing some loading time issues, which seem to go away when pihole's on v4 only. That's why I'm reading all these "slow sites" "slow loading" threads, which I never cared for when I was on IPv4 only, hehe.
Should be the exact same command as listed, just with ip6tables as the command.
ip6tables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
And remember to save your rules so they are applied on reboot, by default they are not saved. Saving Iptables Firewall Rules Permanently - Thomas-Krenn-Wiki
Thanks! I thought ip6tables would be different. I make rules.. on pretty GUIs (pfsense). It didn't improve the loading times though. I'll start a new thread for IPv6.
I wanted to chime in on a similar issue I had, and this was one of the top Google hit for my searches.
I had the same behavior with blocked scripts preventing the page from loading, until Chrome timed out the script. Then the page loaded quickly, but only after waiting 20+ seconds. I don't have IPv6 enabled anywhere.
My router detected a IP conflict on my network and changed the internal IP addresses from default 192.168.0.x to 10.0.0.x. Even after a Pi restart, the Pihole web interface reported the old address - but the Pihole still successfully blocked ads, just very slowly.
I ran the configuration script with pihole -r and it picked up the new IP address - and all is well again. Thanks for everyone's work on Pihole.
I also had the same issue. I am running pi.hole within an LXC container on a virtual machine in the cloud. I was forwarding port 53 for DNS lookups so I could use the external IP address of the virtual server as my local DNS server on my home machine.
I hit the timeout problem too because any blocked domains were actually resolving to the pi.hole IP address used when I configured pi.hole. Of course, my home LAN cannot "see" the LAN that pi.hole resides in, hence the long timeout.
To rectify, I reconfigured pi.hole and specified the external/globally reachable address of the virtual server with a /32 mask. This did the trick. Now my home PC addresses the pi.hole on the correct external server IP and my firewall there simply REJECT's the incoming connections immediately.
Is it possible to config the piholed answer IP? To answer with 127.0.0.1 for a piholed domain instead of pi-holes own static IP?
Example:
Pi-hole IP: 192.168.0.2
normal dns Resolution für an ad: ad.domain.com 192.168.0.2
solution for all slow loading times: ad.domain.com 127.0.0.1
Or is there any reason that forbid the IP 127.0.01 as answer for piholed Domains?
Most devices don't run servers on port 80, so redirecting to localhost might result in the same timeout. Because Pi-hole will answer immediately, it is much preferred over redirecting to localhost.
Thats not true. When I add the 100.000 blocked domains to my lokal Windows host file with 127.0.0.1 all problematic websites load instantly. Without Ads.
Heise.de
Computerbild.de
Chip.de
Any chance to config pihole to answer with 127.0.01? Just for tests.
Just because Windows will correctly handle that case doesn't mean that all devices will. You can edit /etc/pihole/setupVars.conf and change the IPv4 address to 127.0.0.1 and then run pihole -g.
Solution: