So it basically boils down to creating an asymmetric keypair client-side, sending the pubkey to your server and receiving the pubkey from the server's keypair, then completely encrypting every package inside your browser before sending it to you and only receiving encrypted packages from you which can be decrypted using your privkey.

If it is set up correctly, i guess that approach would be ok... It's still a tad bit early for me, but for now i don't see any real problem... It does feel like it's going to slow down the experience, and you'll probably have to make sure to respond to any vulnerability that's discovered anywhere in the complete stack... But it's defenately a lot better than just using cloudflare.