get real artifact upload date

I’m searching for the way to get real upload date for artifacts from This is mainly needed for security reasons to quarantine too new artifacts in our internal storage before using them in code. An obvious approach to do this is fetching Last-Modified header in HTTP request. However so far as runs behind Cloudflare this header is means not the date when artifact was uploaded to but the date when is was cached in Cloudflare. So even for old artifacts we have:

$ curl -I
HTTP/1.1 200 OK
Date: Thu, 18 Aug 2022 15:07:17 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 673
Connection: keep-alive
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' data:; script-src 'self' 'sha256-3qctdUZX/6QPVNn4hg55oarXzLBDDCkQ6AaG8ehXgDg=' 'sha256-ZqVyBZIOnOs0ufJvaehuhjzSkrVKIH4DFy95DJ8pDxw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-bzgPbiBbhlwatKiESkSqGJr5wldMGBU+GAbfeWwMqBM=' 'sha256-cThjNwQ0AS+/Z2uD76101UnXGOH65pSGKTbFESeaGzE=' 'sha256-z37L25oLkGTsxFGUxf9x0Fj5KBhjKdcy49cFi+MqJXA='; font-src 'self' data:; img-src 'self' *; frame-src 'self'
X-Permitted-Cross-Domain-Policies: master-only
Via: 1.1 vegur
CF-Cache-Status: HIT
Age: 3013
Last-Modified: Thu, 18 Aug 2022 14:17:04 GMT
Expires: Fri, 19 Aug 2022 03:07:17 GMT
Cache-Control: public, max-age=43200
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri=""
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 73cb8eec9ca3169f-DME

As you can see Last-Modified is today. However artifact was published at least a year ago. Any way to fetch real artifact upload date?