cookies on my website


Need a couple of pieces of advice. I have implemented CF on Pro account. I understand CF has to drop certain cookies to enable its safety features.

My first comment is about cf_clearance cookie. It lasts for a year. Why if someone just wants to visit a website once. I think this is too long, and such a long lifespan can’t be justified by pointing out that it is a security issue. I don’t know much about it, but why it is not a session cookie, or lasts a month? Can the lifespan be reduced?

Second concern, and more important one. If my website visitor is challenged by either captcha or JS challenge, it drops additional three cookies which last for an hour. However, if a visitor visits website, CF drops a bunch of cookies which are also used when my website is visited and they are not used for security of my website. Some of them are used for marketing (it is not in the list as I cleared cookies and it didn’t appear again).

Here is the list of cookie loaded on my website, after I close the browser and re-open my website.

How can I prevent this from happening? I don’t want cookies dropped by to be used when a visitor visits my website?


This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.