The downside of hosting things all in the same domain is that cookies are shared between them, so a vulnerability in one site (e.g. XSS) leads to compromise of all sites. Choosing different domains means they are sandboxed and safe from each other.
Any domain name could be used to host porn. But not any domain name can get linked from a cloudflare blog. I think the fact that it's linked from cloudflare's blog should indicate that it's fine.
> The downside of hosting things all in the same domain is that cookies are shared between them, so a vulnerability in one site (e.g. XSS) leads to compromise of all sites. Choosing different domains means they are sandboxed and safe from each other.
I believe this is incorrect. Cookies should only be shared (by default) if the domain matches exactly, which is why it's best practice to use a www subdomain instead of the domain alone. For example, www.example.com cookies will not be shared with test.example.com by default, though this can be enabled. See here for a fuller explanation: https://stackoverflow.com/a/23086139
The name is so terrible that I can't tell if it's a malware or a porn site.
If anyone from cloudflare is reading, please host your project on something legit. tls13test.cloudflare.com or whatever.