My semi scuffed browser emulation research.
We do pass https://nowsecure.nl though, Meaning we bypass bot defend mode while leaving HeadlessChrome exposed, Cloudflare you have some working on to do.. This is mostly patched now, Any good WAF rules or even bot defense mode should have this poor emulation fixed. It was bypassing my personal site in recent but it stopped as of last check. You can do whatever with this code
Enjoy!