New Extra Cloudflare cookie?


We are getting this extra cookie on our site in headers

set-cookie : __cf_bm=e1523f9a3f7dbb2aa1cb804eb2413dcdbb872bd6-1597990731-1800-AT9btEYrAA6GQpTZ5TndjbLSO5mcZHhW6bK8ZbElsNVB; path=/; expires=Fri, 21-Aug-20 06:48:51 GMT;; HttpOnly; Secure; SameSite=None


You’re an CF Enterprise user with Bot Management enabled ?

Nope, I am not a enterprise user.

Not, I believe this cookie is present on any Bot Fight plan.

@user3011, this come comes from bot fight mode and it represents certain patterns from the browser encrypted, or at leat that’s what I recall at the very moment. If you are worried about the GDPR implications, I would ask Cloudflare directly via a support ticket.



Ah yes Bot Fight mode !

1 Like

Well, that’s interesting. I have Bot Fight mode enabled on a free plan and the Javascript helper, and I’m not getting that cookie. I’ve tried with Curl, Firefox and Tor browser.

That’s weird, I just checked myself and it seems to be present on my website.

It’s Bot Management cookie

Firewall fields - Bot Management fields

  • cf.bot_management.score - an integer indicating the likelihood between 0 and 100 whether a request originated from an automated program (low score) to a human (high score).
  • cf.bot_management.verified_bot - a boolean indicating whether such request comes from a Cloudflare allowlisted bot.
  • cf.bot_management.static_resource - a boolean indicating whether request matches file extensions for many types of static resources.

Cookies - most notably it produces cf_bm , which helps manage incoming traffic that matches criteria associated with bots.

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.