This solely happened because of mainstream media pressure and significant clients moving or threatening to move away from Cloudflare and the board deciding they don’t need the bad press and loss of customers and nothing else.

You provide a service and like every service provider you have a TOS/AUP. The issue is the Acceptable Use Paragraph is clear as long as the content isn’t Copyright or CSE then it’s fine as you will absolve yourself of any responsibility.

No other CDN/WAF tolerates nationalists who threaten people, Cloudflare does. No other CDN/WAF makes the reporting process essentially doxing yourself to the threatening website. Cloudflare does. No other CDN/WAF intentionally puts all the most vile sites on dedicated CDN hosts so they get DDoSed while the normal customers don’t.

It’s purely so then when the vile sites get DDoSes then they use those learnings to improve the controls for all customers.

Much like providing security guards for a Proud Boys rally. It’s an intentional business decision to provide those services. You could chose not to. But you don’t.