Content Delivery Networks and DDOS protection services that require TLS traffic be terminated within their cloud are creating new problem: CLIENT DATA EXPOSURE.
To be fair, CDN's terminate the TLS sessions so that they can do TCP and TLS protocol break, content inspection and traffic analysis. These networks also add TLS to TCP sessions as well. But, unfortunately both these types of services breaks three core features of TLS end-to-end protections: data privacy, data integrity and how its most often used server side authentication. The only solution is for apps to implement their own end-to-end, at the process level, protocol that can put these key protections back in place.