How to Use Cookie-Free Domains with Cloudflare in WordPress

Seeing “Use cookie-free domains” error at GTmetrix Yslow or Pingdom for your site?

GTmetrix reports

Why use Cookie Free Domains?

When the browser requests a static element and sends cookies with the request, the server ignores the cookies. These cookies are unnecessary network traffic. It increases page load time. Therefore, it is better to avoid cookies for static resources like CSS, JS, Images, etc. files. This is why speed test tool such as GTMetrix and Pingdom recommend to serve the static resources from a domain that doesn’t set cookies.


  • Use a CDN
  • Use Cloudflare only for DNS

#1. Use a CDN to Serve Cookie-Free Content

As uneccessary cookies can comes from various source such as Cloudflare, Analytics, top level domain name and so on, it’s better to completely offload static resources to a CDN unique hostname.

  • Use BunnyCDN to serve all static resources cookies-free.
  • Or, use Stackpath (Formerly known as MaxCDN), they support cookie-free domains.
stackpath strip all cookies
Strip all cookies with Stackpath CDN

This method should work for site using top level (non-www) domain or www alias.

Bonus tip: If you’re using Yoast SEO WordPress plugin, it would be best to update image path in XML file. You can add below snippet via Code Snippets plugin.

function wpseo_cdn_filter( $uri ) {
	return str_replace( '', '', $uri );
add_filter( 'wpseo_xml_sitemap_img_src', 'wpseo_cdn_filter' );

#2. Use Cloudflare only for DNS

Generally you can’t serve cookie-free content while using its CDN (Reverse Proxy) services together. The way Cloudflare provide services, it must adds a special cookie namely _cfduid with each HTTP requests over whole domain

HTTP/1.1 200 OK
Date: Thu, 26 Mar 2020 15:37:09 GMT
Content-Type: image/
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=d36b1934da000d3fbc11e5a8e13fccde11585237029; expires=Sat, 25-Apr-20 15:37:09 GMT; path=/;; HttpOnly; SameSite=Lax; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: HIT
Age: 4650
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri=""
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 57a1f3878d3ad597-BOM
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

Solution: To eliminate __cfduid cookies, keep Cloudflare in DNS only mode or switch to Enterprise Plan that allow to remove but it would be costly. Alternatively, you can use Sucuri performance and security solution which doesn’t set cookies with each request.

#3. Switch to Static WordPress

This blog is live example a static WordPress site. It is hosted at BunnyCDN Cloud Storage. I am huge fan of their services and amazing support.

Key facts

  • It helps serving pages without cookies.
  • The process require deep technical understanding of CDN, Caching Policy and end result is worth it.
  • I use Cloudflare only as DNS not proxy.
  • My all pages score 90+ at PageSpeed Insight
  • I use WordPress just as CMS in backend but end user interact with HTML pages.

By converting WordPress to HTML you can make your website faster than 99% of the world.

How to check either my domain/subdomain cookiesless or not?

Check at Network Tab of Chrome Developer tool or using GTmetrix.

Final words: I have tried my best to explain this tutorial to you. If you have any question in mind, or couldn’t understand this tutorial at any part. Please feel free to ask via below in the comment section. I would be happy to reply your queries.


About the author

Saeed Ashif Ahmed is a Blogger who has a keen interest in how emerging technology can help the world become a more just, equitable, and kind place. He enjoys interviewing CEOs of tech startups asking them what they are doing to bring greater opportunity and equity to our society.

Leave a Comment