One of my websites had the very same problem, and after digging in a bit I found out with help from other Community MVPs that this path /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=123456 is returned by a firewall service that some hosting providers are adopting In my case, it was A2 Hosting.
The Imunify360 / Webshield firewall will stand between Cloudflare edge and your origin. You can talk with your hosting provider’s support for more info on its behavior, but as far as Cloudflare is concerned, that means if you have a “cache everything” Page Rule you may need to adjust it somehow.
Most users will create a Page Rule with a Cache Level: Cache Everything instruction coupled with a Edge Cache TTL. The problem is that Edge Cache TTL will override the Cache Control header set by the origin. So instead of using Edge Cache TTL, I’d suggest you try to set Browser Cache TTL: Respect Existing Headers on the Dashboard and leave the Page Rule with just Cache Everything, but not Edge Cache TTL.
I had contacted my hosting provider, x10hosting, which is also using Imunify360 for the same issue and according to them that was not an issue arising from the origin server. I guess they were mistaken.
In my initial contact with A2 Hosting support, they also didn’t know much. After I opened a ticket with them, they then confirmed they were using Imunify360 on their shared hosting plans, and pointed to that blog post about Imunify360 and cache everything. In any case, this seems to be a recent addition, and they now even added a cPanel icon for Imunify360.
I had specifically mentioned Imunify360 when I contacted them, because I considered the firewall as a possible cause. They denied that the issue had anything to do with the origin server or any software they have installed on it.
They may very well be wrong though.
Searching online about the issue had given almost 0 results by the way, so probably the cause was not well known at that time.