Consequence of blocking cookies

Hi

We have a customer that insists on removing the _cfduid (and related) cookies.
However, that requires an enterprise subscription to have Cloudflare do, so we are looking into alternative solutions.

A suggested solution is that the customer relay the call to the resource in question (javascript and css) through their own servers and thereby preventing the cookie from reaching the client.
What, if any, consequences will this have? From Cloudflares perspective, it will be a lot of calls to the same resource that will be coming from the same client that doesn’t use cookies. Could this trigger any security/thread prevention mechanisms and have unintended consequences?

Thanks in advance!

Thats probably something you best clarify directly with support.

The cookies are described at https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies

My guess would be, as long as your user does not fire a security warning, it shouldnt matter much if he blocks the cookies or not. From a Cloudflare perspective it always will be a fresh request. What they could not do in this case is ever pass a possible challenge they might be presented with, either JavaScript or captcha.

Hi

Thanks for the answer.
I talked to support and they escalated this to “Enterprise sales” as I mentioned the cookie, so I was hoping someone here knew more.

None of our users would ever be able to pass any challenge, as we’re purely using Cloudflare for hosting static background content, such as javascript and css, which is always fetched in the background. I’m not sure if that’s an issue in itself - but we have never seen any issues with it.

Does this mean that Cloudflare could suddenly send back a Captcha challenge if it receives too many requests from the same IP, instead of returning the javascript resource? that would 100% of the time go unnoticed for the above reasons.

The challenges are dependent on certain cookies. If your users blocks them, he will not be able to pass the challenge.

Support should definitely be able to provide you with the most applicable answer to your business case though.

This topic was automatically closed after 14 days. New replies are no longer allowed.