Cloudfare.com cookies on my website

Hello,

Need a couple of pieces of advice. I have implemented CF on Pro account. I understand CF has to drop certain cookies to enable its safety features.

My first comment is about cf_clearance cookie. It lasts for a year. Why if someone just wants to visit a website once. I think this is too long, and such a long lifespan can’t be justified by pointing out that it is a security issue. I don’t know much about it, but why it is not a session cookie, or lasts a month? Can the lifespan be reduced?

Second concern, and more important one. If my website visitor is challenged by either captcha or JS challenge, it drops additional three cookies which last for an hour. However, if a visitor visits cloudfare.com website, CF drops a bunch of cookies which are also used when my website is visited and they are not used for security of my website. Some of them are used for marketing (it is not in the list as I cleared cookies and it didn’t appear again).

Here is the list of cookie loaded on my website, after I close the browser and re-open my website.

How can I prevent this from happening? I don’t want cookies dropped by cloudfare.com to be used when a visitor visits my website?

_ga
_ga_PGV1K2BN4M
_gaexp
_gat
_gat_UA-10218544-29
_gcl_au
_gid
cfmrk_cic
expSessionID
sparrow_id
gates_cohorts

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.