That’s exactly the part that people forget: all these policies are decided to be applied by the website owners. It started with DDoS blocking and they just extended it to more things.
I feel like people here are forgetting the fact just how hostile bad actors on the internet are / can be.
That brings up opt-in vs opt-out tho, and last time I looked, Cloudflare defaulted to automatically signing website owners for it. That is to say, if you just mash next, Cloudflare blocks "AI", whatever that means.
It was better. 'Wget' and 'links' worked with most of the sites.