Just to make it clear: Cloudflare is NOT returning a 404, only passing on a 404 that your origin is returning. Cloudflare acts as a proxy (intermediary) between your site and its visitors. When your origin (hosting) server returns a 404, Cloudflare will pass that 404 on to the visitor, and you will see a
server: Cloudflare header like the one on your OP screenshot.
Cloudflare does not proxy Instagram, but your origin. Because of the way WordPress embeds work, when a request to embed a URL is rejected by the URL server (in this case, Instagram’s), this will show as a 404 originating from your site (with the
server: Cloudflare header).
In my tests with WordPress embed blocks, only when the URL is obtained from the
Copy Link (not the Embed as in your screenshot) will Instagram accept the request and fulfill the embed.
If you tried using the URL that Instagram provides via the
Copy Link from the ellipsis menu, and it didn’t work, you may want to check whether there’s any plugin interfering with your embeds. You can do so by using WordPress’s own Heath Check plugin, which offers a Troubleshooting mode where you can selectively deactivate plugins until you find where the problem is.