Cloudflare cfduid cookie for EU will be soon no longer allowed (e-Privacy)


Hello Cloudflare team,

I think we got a problem in the EU, they change the law many times and it is not good for all of us. It is a pain right now!

Soon there will be the new e-Privacy and it will not be allowed to place any cookies at all.

Means, a cookie can be used, only if the client has agreed in advanced, that he wish this cookie. So for cloudflare it will not be allowed to place this cookie automatically as it has been done all the time.

Since we will not be able to disable the cfduid cookie, we will not be able to use the service.

Is there any solution for Europeans clients?

Thank you.


Do you have a source for that? Technical cookies have always been exempt from these regulations so far.

1 Like

It was in Germany in many online newspaper, I’m not sure if it is available in english sir…


Again, technical cookies have always been exempt and I would be surprised if there was a change.


I try to get some information and I will post the link…



Your article seems to refer to tracking cookies, not technical ones.


From CF website: The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

We understand in German, that it will be no longer allowed to track and to identify individual clients without they agreed. It will not be allowed to set such of cookie BEFORE the visitor has alowed this.

We know, it is a big problem, for us also :frowning:


It is now complicated to do anything in the EU…


This refers to network clients, not individuals. Again, it purely is a technical cookie.

If you are unsure I’d suggest you seek out legal advice, but I am pretty confident you should be on the safe side. Generally speaking Cloudflare is GDPR compliant


For the GDPR yes, but as soon the new e-Privacy law will come out, I’m sure there will be a lot of problems to deliver this service to the EU. However, thank you for your time. Maybe CF should think about a solution for the future…


I would argue this amendment makes it even more clear that the cookie in question does not require explicit consent, but again in case of doubt you should go for legal advice to be on the safe side.


The GDPR doesn’t directly affect cookies, because cookies are addressed under the e-Privacy Directive.

Thank you again and have nice day to the CF team…

closed #14

This topic was automatically closed after 14 days. New replies are no longer allowed.