Could you be any less helpful or inane?

The problem with your description of Cloudflare 1020 is that in every case the Cloudflare customer has said to me “We looked everywhere and there is no security setting for you that is different than anyone else”. They are not even aware that 1020 means they need to talk to Cloudflare. So while it is technically correct that a 1020 means a customer has security settings and must change those, in reality the customers often have no clue what 1020 is or how they implement settings for it, or how they investigate those settings on behalf of their end-user customer.

My guess is that a single employee or team within a company has set security policies that affect the 1020 code, and none of that information is available to the line employees of companies who deal with customers. This results in an untenable situation where Cloudflare points to the customer, and the customer says “we have no clue what is going wrong here or why”? At both ends of this spectrum, the end user has no way to resolve issues.