For a long time cloudflare has proudly protected DDoS-as-a-service sites (but of course, they claim they don't "host" them)
Are you using the word "claim" to call them wrong or for a more confusing reason?
Because I'm pretty sure they are not in fact wrong.
The distinction between a caching proxy and an origin server is pretty meaningless when you're serving static content, if you ask me.
There's a blurry line there, true.
On the other hand when a page is small and static enough that it's basically just a flyer, I also care a lot less about who hosts it.