In preparation for GDPR, I’ve been removing all tracking scripts and logging from my sites rather than try to comply with user requests for data, disclosure popups, etc. It would be nice if Cloudflare had an app or option to completely anonymize incoming users, by not passing their IPs in X-Forwarded-For and stripping Cookie and Referer headers before proxying requests to my origin.
I’m no GDPR expert, but I doubt X-Forwarded-For is a problem, since it’s just what your server would see if it wasn’t proxied by Cloudflare. Referer is another thing you’d normally have no control over, as by default it’s on, so that’s going to show up under most conditions. Dunno about Cookies, though. Here’s Cloudflare’s bit on GDPR:
p.s. One more tidbit: https://blog.cloudflare.com/keeping-your-gdpr-resolutions/
I’m just thinking anything I can do to reduce the amount of information I have about users, the better.