Hello,
I found from Pingdom tools that I should use a cookie-free domain
When the browser requests a static image and sends cookies with the request, the server ignores the cookies. These cookies are unnecessary network traffic. To workaround this problem, make sure that static components are requested with cookie-free requests by creating a subdomain and hosting them there.
Pingdom will give you that error since it sees the cookies that Cloudflare adds for its magic security and caching stuff. Nothing to worry about.
To create a subdomain though, you could add a CNAME record with name what you want (e.g. static.example.com) pointing to your root. This has implications in speed (you lose HTTP/2 advantages, incur in double SSL handshake, etc.) and in settings server wise.
Pingdom (all other tools similar to it) are a good indication, but shouldn’t be taken as law since each case is different.