Cookie getting sent with Wordpress header from Cloudflare on every response

As of April first, my graphql caching layer has stopped caching (Stellate) and their support team is saying that wordpress is setting a cookie on the headers and it can’t cache the graphql response because of that, the only thing I see on the response when I inspect it is this:

Is there some option where I can turn this off for my submain in the dashboard?



This cookie is documented as related to Rate Limiting Rules. You should be able to redefine your Rate Limiting Rule to exclude your subdomain by visiting Dashboard > Security > WAF > Rate Limiting Rules. Or perhaps create a Firewall Rule (or a WAF Exception) to bypass RL for whatever criteria you see fit.