While I know there are requests for various well-thought out enhancements to CloudFlare Teams’ Gateway service, I want to say that (especially) for a very young service, it beats a “service” called “Advanced Security” which is a sort-of related product offered by Comcast.
That service acts like the proverbial sledgehammer and allows for zero user interaction except to allow access to sites blocked by it for an hour at a time. The false positive rate is phenomenal and no explanation is given except in the most obvious of publicly known cases (Phishing & “Malware”, a category Comcast doesn’t break down into the various types of Malware).
CloudFlare’s Gateway respects users. CloudFlare acknowledges that the users of its Gateway are intelligent enough to know how to read DNS logs, to know what DNS requests (connections by the end users to sites/services/malware/ads/etc) are malicious and which ones aren’t, and to know, from looking at the data, which requests to block and which to allow.