We are now in the process of replacing our Google Recaptcha implementation with Turnstile for privacy reasons, since we can’t use tracking cookies on our website. However, in our test environment we noticed 3 cloudflare cookies being placed on pages using Turnstile:
sparrow_id
CF_VERIFIED_DEVICE_*
__cf_logged_in
I can’t find any documentation on what these cookies do on the Cloudflare website. We need that info to determine if we’re indeed getting rid of tracking cookies by switching to Turnstile, and also to share the info in our cookie statement. Can you please elaborate on what these cookies are used for?
Hi @team-frontend, Turnstile does indeed not use any cookies.
The ones you mentioned are sent by the Cloudflare Dashboard (dash.cloudflare.com), not Turnstile (challenges.cloudflare.com). This can be confirmed by using an incognito/private tab.
I’ve reached out to the Dashboard UI team to ensure those cookies are scoped to dash.cloudflare.com instead of .cloudflare.com to avoid any confusion since that is not the intended behavior.
Thanks for the reply, indeed when loading our form with Turnstile challenge in incognito window, the mentioned cookies aren’t there. Is the change of scope from these cookies captured in a ticket we can follow?