I had seen a previous article about the __cfruid cookie being designed to prevent DDoS attacks and to ensure load balancing: What does __cfRuid cookie do?
The approach from Cloudflare was to install a __cfruid cookie on every users computer without consent saying that this cookie was strictly necessary for the operation of the service.
New ePrivacy regulation from the EU in Feb 2021 expands the requirement of consent to all cookies including those that are labeled as strictly necessary. See the links in this article EU’s ePrivacy Regulation & cookies | ePrivacy Regulation 2021 Updates
How is Cloudflare planning to meet the requirements of the EU’s ePrivacy regulation to not install any cookies prior to user consent?
We are frustrated that all sites in Hubspot cannot meet EU ePrivacy requirements because of a decision made by Cloudflare to install user cookies without user consent.