OTT?
"The user's device therefore never touches the web server, so anything nasty on a page is snuffed out by Cloudflare in its cloud instead of poisoning a local PC."
So how does this handle highly interactive dynamic (script driven) web pages?
Furthermore, for a long time now there have been online proxy services that security check pages before forwarding them, and these have never required a dedicated client on the user's device - just a redirect via the proxy. So the rather complicated sounding Cloudflare approach would for me seem to need pretty robust justification. I would also ask - does it require javascript (as do other Cloudflare services) even where the target page doesn't?