If on iOS and either iCloud Private Relay or "Limit IP Address Tracking" is on for the mobile or WiFi connection (the last one is on by default, no iCloud subscription needed) the requests will be via the iCloud Private Relay, and give a mixed result (depending on Cloudflare, Akamai, Fastly).
This can be detected by checking if the IP is on the list https://mask-api.icloud.com/egress-ip-ranges.csv
The "Limit IP Tracking protection" seems to kicks in on external loaded resources (e.g. script or XHR) where the nameserver (NS) ends on the same domain name as the resource domain, e.g. doing an XHR to https://cloudflare.com/cdn-cgi/trace (with NS = ns[3-7.cloudflare.com) will trigger it, while https://one.one.one.one/cdn-cgi/trace (with NS of one.one.one being {dorthy,terin}.ns.cloudflare.com) or https://1.1.1.1/cdn-cgi/trace (no NS) won't trigger it.
If on iOS and either iCloud Private Relay or "Limit IP Address Tracking" is on for the mobile or WiFi connection (the last one is on by default, no iCloud subscription needed) the requests will be via the iCloud Private Relay, and give a mixed result (depending on Cloudflare, Akamai, Fastly). This can be detected by checking if the IP is on the list https://mask-api.icloud.com/egress-ip-ranges.csv
The "Limit IP Tracking protection" seems to kicks in on external loaded resources (e.g. script or XHR) where the nameserver (NS) ends on the same domain name as the resource domain, e.g. doing an XHR to
https://cloudflare.com/cdn-cgi/trace
(with NS =ns[3-7.cloudflare.com
) will trigger it, whilehttps://one.one.one.one/cdn-cgi/trace
(with NS of one.one.one being{dorthy,terin}.ns.cloudflare.com
) orhttps://1.1.1.1/cdn-cgi/trace
(no NS) won't trigger it.