> Even when we’re under attack, we still don’t use their TLS certificates, so Cloudflare will NEVER content inspect our traffic.

Is that true? I didn't think Cloudflare offered a mode where they proxy the encrypted TLS traffic. If there is, I don't know where to find it.

Cloudflare does have a mode they label "end-to-end", which is not E2EE (it is decrypting and re-encrypting on Cloudflare's servers).

https://developers.cloudflare.com/ssl/origin-configuration/s...