What is your goal? If it’s to have personal remote access, set up tailscale on all the devices you want to connect. If it’s self-hosting a public webserver, your options are hosting on non-standard ports, changing ISPs to one that lets you host, or tunneling to some other third party location that lets you host.

The only real alternative is to get a cheap VPS so you can VPN between the VPS and your home and keep using the tunnel and not expose your home IP but only your VPS IP. Or variations of that: you can also just use NGINX to forward 80/443 to 8080/8443 at home without even needing a VPN or to decode the encrypted traffic. Oracle has a free tier for those, but there's lots of reports of people's instances being shut down and left without their data.

There's no free and readily available solution like Cloudflare tunnels that can be more private, because whoever is proxying your traffic pretty much has to be able to see it. At the bare minimum, to be able to route it, they'd have to either give you your own public IP and blanket forward port 443, or they have to inspect the SNI header of the TLS session. It's technically possible to do that, I've implemented such a proxy with zero knowledge of the data inside. Cloudflare does have such a product in the enterprise tier, but it doesn't make sense for them to offer as a free product.

The only reason they have a free tier is to collect telemetry and run experiments to improve their enterprise offerings, and also free advertising by luring small companies into using them and then upgrading when they grow, or from people like us that will never need their paid features but will likely use them in an enterprise setting out of habit and comfort rather than do a true evaluation of all the CDN options available. Or people moving from free companies on the free tier to a bigger company that then will use them and upgrade to paid.