Cloudflare - the predator striking from the shadows.
Forgive the "clever" title. Let me briefly explain what's the issue with Cloudflare for anyone who doesn't know. Cloudflare's main claim to fame is DDOS protection (but it also advertises spam protection, "always online" mode, and other stuff). Any website can choose to use it and official statistics say 13% of the Internet already does (https://w3techs.com/technologies/history_overview/proxy/all) - but from my personal tests, it's closer to 30% (likely selection bias here - more popular / English language sites more likely to be behind CF?). Every month, more and more sites hop on the Cloudflare train. There are other similar services, but compared to cloudflare - just drops in the Pacific Ocean.
Anyway - whenever you connect to that Cloudflare-using website - your SSL is being decrypted, and Cloudflare sees and can modify all your traffic (including plaintext passwords, private messages...). This is called a Man in the Middle attack and it's how Cloudflare can perform all their "magic" such as blocking bots (which incidentally also blocks legitimate Tor or VPN users, users of unconventional browsers, JavaScript disablers, etc). The real issue is that not a single browser out there will tell you about this. It's like a blind spot exists in the minds of the programmers, security people, and users. Often, a singular hacking attack happens and the whole security community goes crazy (recall the Amazon breaches, etc). And yet, Cloudflare MitMs at least 13% of internet traffic and no one even blinks.
So, my point is - I hope LibreWolf would be the first browser that does something about Cloudflare by default. There used to be an addon called BCMA (Block Cloudflare MitM Attack) which automatically redirected Cloudflared pages to web archive. I don't think it's being developed anymore and it was probably overkill. Something like a MitM alert in the window title would maybe be enough, or just to have the "https" part of the URL striken through. Maybe broken padlock - lots of ideas. But, people have to know they're being MitMed en masse. It's a tragedy no browser has took this up - even the allegedly secure Tor Browser completely ignored the issue and the long-standing ticket was actually deleted (https://trac.torproject.org/projects/tor/ticket/24351 - see https://web.archive.org/web/20200301013104/https://trac.torproject.org/projects/tor/ticket/24351 for most recent archive).
Edit: BTW, gitlab is also behind CF! Of course it blocked my Tor, so I had to turn it off to be able to post this.