The problem with _cfduid is that it is essentially a third-party cookie (even if it's set on your own domain).

So I think you are still required to inform users of the cookie usage, the purpose of the cookies and link to the relevant Cloudflare privacy/cookie policies.