Global setting to hide origin IP from everywhere - is it possible?

Not sure why I can’t?

They have an option where they don’t decrypt secure traffic, i.e. it they “transparently” proxy it without decrypting. So I was thinking, what if I manually get a certificate and install it as guided in this topic, and the configure ddos-guard to just transparently proxy all https traffic.