Well, cookies are not per se evil and you can use them in a privacy-friendly way. You should ask for consent for non-functional cookies (for the Cloudflare cookie you probably wouldn't need to ask for consent, for example) and make sure your consent workflow is compliant with the GDPR. The European Data Protection Board just published guidelines on this btw (in May): https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...
We e.g. offer an open-source consent management solution that is compliant with GDPR (as much as you can say that with confidence) and which you can self host: https://github.com/kiprotect/klaro
Building sites without cookies is possible but it's a bit extreme IMHO. Properly scoped and limited first-party cookies do not pose a large privacy risk to indivuals and can make certain legitimate use cases like analytics much easier (or even possible, in some cases).
We e.g. offer an open-source consent management solution that is compliant with GDPR (as much as you can say that with confidence) and which you can self host: https://github.com/kiprotect/klaro
Building sites without cookies is possible but it's a bit extreme IMHO. Properly scoped and limited first-party cookies do not pose a large privacy risk to indivuals and can make certain legitimate use cases like analytics much easier (or even possible, in some cases).