The HTML you show does not indicate that this 403 is from Cloudflare. They are branding their 403 responses if they are the issuer of it. If the destination server issues a 403 that will just be passed along.
The response body from a Pipedrive 403 should return a JSON-formatted error message and not html, so something doesn’t make sense to me here.
Perhaps there is something useful in this thread. In the end you see what a Pipedrive 403 should look like (at the time)