We’ve just received a question from a user of the cdnjs service and they’ve noticed a new cookie in our response headers for the Cloudflare.com domain __cf_bm. This appears to be one that Cloudflare is setting in the cdn response, does anyone know what it does so that I can give the user a conclusive answer?
With regards to the GDPR issue, this is only passed on from the user who reported it to us. I too do not exactly understand the relevancy but would like to ensure the user is satisfied.
I have tagged the original CF contact who I believe was originally around much earlier in the history of cdnjs as well as the more recent contact I have established on the reporting Github issue but neither have replied. I may take this up directly in a support ticket but wanted to check with the community first as to not waste support time if the community has the answer.
I’d dare to say the community doesnt really know either - maybe cloonan or cscharff can shed light, but they are Cloudflare anyhow - so I’d probably go for a support ticket at this point.
If you get an answer it would be great if you could post a follow up here.
Yeah to be honest I will get in touch with support about it. As the reporting user has just highlighted, the cookie isn’t actually even mentioned in the CF cookie policy which is very odd. Will keep this posted updated
Cloudflare have just replied to me with the following: Our engineering team has deployed a fix and removed the __cf_bm cookie from https://cdnjs.Cloudflare.com website.
Unfortunately no clarification of what the cookie did at this stage, but at least it has been removed.
Thanks for reaching out to us regarding the __cf_bm cookie. This new cookie is part of Cloudflare’s Bot Management service and helps manage incoming traffic that matches criteria associated with bots. It was not intended for use on cdnjs.Cloudflare.com and we are in the process of removing it from those pages. Thank you for spotting it!
We are currently in active development and will have many more announcements as the feature matures. Please follow https://blog.Cloudflare.com/ and https://twitter.com/Cloudflare for all the latest product updates and announcements.
Thanks again for bringing this to our attention, please let us know if you have any further questions.