Cloudflare adds cookie to our site

Whenever i bypass Cloudflare the cookie disappears.

The cookie is called “wschkid”, I believe it means “web server check id”, my site is earthstoriez com

There is a tread about an other cookie called “wsidchk” which has been traced down to immunity360, however my hosting company ChemiCloud does not believe that this is related. Therefore i opened an other tread.

My logic tells me that the cookie does not originate from my WordPress installation, as it only appears if use Cloudflare.

I checked my installation carefully, all the files and database, there is no trace of the cookie. The website works as expected, i scanned it for issues with Sucurli and other tools, everything is OK. I purged the cache at Cloudflare, I use the free plan in its standard settings.

How could i future trace down where the cookie gets added?

I am gratefull for any input.

Thank you,

Earthstoriez

Hey there!

Sorry to hear about the issue with the mysterious cookie.

In checking a Cloudflare connection to your origin server at 45.xx.xx.xx, the origin returns this header:

< server: imunify360-webshield/1.21

That’s not the same type of response I get when connecting directly to that IP address from my desktop computer. Please check with your host why requests from Cloudflare would route to that server, rather than directly to the LiteSpeed server indicated in the other headers.

1 Like

@cf-scott ChemiClould just went back to me.

Thanks for getting back to us. Could you please ask Cloudflare to run 
another test on staging.earthstoriez.com and let us know the details 
on the following:

a. The exact time (including UTC offset)
b. The IP address used for testing

This way, we could crosscheck if there are any specific IM360 WAF
 rules blocking access, and then whitelist your domain against that rule.

Thank you for your consideration,

Earthstoirez

Hello again.

It sounds like they don’t realize there’s no blocking issue. Just a question of why that cookie is there. However, to answer their questions:

    • 2024-02-12T18:09:11.580Z (UTC)
  1. 172.69.65.252

If you need further assistance with diagnosing your origin server issue, please open a Support Ticket:

@cf-scott I am on a Cloudflare free account, and therefore not able to create a ticket.

I hope you people at Cloudflare are aware that many more websites out there are affected by the same issue. A quick search for “wschkid” brings up many websites that have the cookie listed in their privacy policy page.

This is the response form my hosting company:

“We heard back from them a few minutes ago, and Imunify360 has a global allowlist for well-known services (Cloudflare, Google, Amazon, Microsoft, etc.), allowing traffic from these online service providers to go directly to Webshield for further security checks. Even if a domain is allowlisted, when splashscreen is enabled, the cookie is set (in this case it’s so called untrusted cookie). The only way to get rid of those cookies is to disable the splash screen-antibot feature.
And, as the request is done from Cloudflare, the traffic is automatically redirected to the web shield (because known_proxies_support is enabled)”

Maybe you from Cloudflare could check with them, it is your costumer that suffer from the issue after all.

Best,

Earthstoriez

We finally where able to find the reason for the cookie “wschkid”, our hosting company previously allowlisted our site in imunify360. That adds the cookie.

This is the response from our hosting company:

“For allowlisted domains neither captcha nor splashscreen won’t be shown regardless of the source IP, but the cookie which is set the requests, I’ve removed the domain from the allowlist and now the cookie is no longer present:”

Thanks all,

Earthstoirez

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.