Why dont you use CloudFlare or some other CDN for the clearnet version to mitigate DDOS? AFAIK, if content is served over HTTPS, CDN has no way to intercept that data. As I can see, you are already using HTTPS. So, anonymity of your users remain as is.