IMO Linux distro teams don’t ‘provide’ an operating system and so shouldn’t be held responsible for the operating system itself not verifying user age. They provide source code/builds/instructions through which people can install an operating system for themselves. You could maybe make software source code something that it is illegal to provide to someone under 18 (like cigarettes), and open source service companies like Red Hat may be forced to age verify clients of their services, but the service a website provides (and so can legally be required to provide only to over 18s, as much as I disagree with it) is very different to what an open source distro team does.
Even if they were somehow legally required to write and provide the age verification code , they could also write a big easy to find toggle/setting that turns off that code, and the person who installs it is the one responsible, because it is THEIR operating system, not the distro team.
Microslop products are different because their code isn’t open, their system is half installed and half cloud hosted, and they are half selling products and half selling services (and half selling user data) so they can in some sense be said to be still running the user’s operating system.
I believe cloudflare has some sort of tunneling option but I’ve never really looked into it, it might get around that.