Unless you use Cloudflare (or roughly any other DDOS protection system), in which case you're letting those companies MITM all requests on purpose. Protected between you and Cloudflare by PFS and any other acronym you like.

I think the odds that Cloudflare hasn't been forced into data snooping by the government are approximately zero. It's the by far the biggest, juiciest target.