I got it! I asked on the Cloudflare Discord server whether anyone knows what might cause this odd behaviour and I was told that it is likely HTTPS entries Cloudflare uses for opportunistic https to https upgrade, ECH and more that cause an outer layer to be added to the ECH request with the cloudflare-ech.com domain. So I looked around how to block those HTTPS entries/queries for my domain and it's subdomains and added a regex blacklist filter for it. For anyone else with this issue, the regex filter looks something like this: ^.*\.<domain>\.<tld>$;querytype=HTTPS and for the main domain ^<domain>\.<tld>;querytype=HTTPS. Just replace and respectively. Especially if you have a longer domain, you may to add more text and dots and just remember to add a backslash \ before each dot of the actual domain.