i find the OP rather amusing--one of the earlier incidents during my time at Cloudflare (circa 2015) was dealing with prolific domain fronting, where IIRC some third-party proxy tool had set something up to the effect of "send SNI query for unblocked site on CF network, send HTTP Host for blocked site" automatically. this was ultimately blocked less because it was strictly undesirable and more because it resulted in some sort of cache poisoning problem. the unintended use started serving those proxy hack results to regular, non-domain fronting requests for whatever reason, which is obviously bad--you want the CDN to serve normal requests correctly, so you squash abnormal requests that work on their own, but cause cascading problems for other not abnormal requests.
many years down the road this is now an actual (with the problem cases handled) feature!
many years down the road this is now an actual (with the problem cases handled) feature!