Bank and government website behind Cloudflare???

Fuck, I just checked, my bank is also behind Cloudflare, what the fuck..
I kind of assumed a bank wouldn't put another company with ability to view all transferred data between customers and themselves.

How much of the internet is not behind CF?
I should probably try blocking their IPs and see what will still work.

It redirects, it doesn’t proxy. The workflow is: user navigates to URL->DNS sends it to cloudflare->cloudflare ensures request is allowed based on selected rules (human check, geo check, DDOS check, etc) and remembers->request is redirected to non-cloudflare address->server response goes direct from server to user browser->subsequent requests are redirected without the test as long as the cookie remembers. I don’t like cloudflare, every time I have an issue pop up out of nowhere, it’s usually cloudflare and some over eager netsec engineer that broke CORS, or decided css wasn’t important, or that machine to machine traffic was a DOS attack. But it’s not reading your statements or anything else the server sends back. It could conceivably read your username and password and any other data you send in your request, but it doesn’t have the TLS certificate. So even though it doesn’t even try, if CF decided to be nefarious, as long as your banks engineers are at least somewhat competent CF is only getting encrypted data that it can’t do anything with. Hate on CF all you want, but hate it for the right reasons.

Yeah at least Google will let you in after you solve 5 puzzles. It's shit but it's possible. With CloudFlare you are at the mercy of whatever hidden criteria they're using.

If you change your user agent from Firefox to Chrome for instance, CloudFlare will never let you through.