Hmm, I didn't realize Privacy Pass was an opt-in. That's too bad. That didn't seem to be the case when it came out, but maybe they changed it or maybe I just misremembered.
In that case, I have some bad news for you (which you already experience every day). Cloudflare lets website owners have different security levels for different countries. I think it's pretty common for some websites (especially smaller ones with a primarily US audience) to lock down other countries tighter. At one job I had to do that, and we altogether banned all Chinese and Russian IPs in Cloudflare -- on purpose. Overnight, bots and scans went from tens of thousands a day to virtually zero. We locked down other countries too, but not quite so tightly. It was selfish of us, but as a small business with mostly American customers, it was a tradeoff we chose. I would imagine other orgs make similar rules under pressure.
In that case, I have some bad news for you (which you already experience every day). Cloudflare lets website owners have different security levels for different countries. I think it's pretty common for some websites (especially smaller ones with a primarily US audience) to lock down other countries tighter. At one job I had to do that, and we altogether banned all Chinese and Russian IPs in Cloudflare -- on purpose. Overnight, bots and scans went from tens of thousands a day to virtually zero. We locked down other countries too, but not quite so tightly. It was selfish of us, but as a small business with mostly American customers, it was a tradeoff we chose. I would imagine other orgs make similar rules under pressure.