Use Cookie-Free Domains with Cloudflare in WordPress

Update: Cloudflare no longer serve _cfduid cookie in the header response. This article is only for archive purpose.

You may have seen “Use cookie-free domains” error at GTmetrix Yslow or Pingdom while testing page speed of your site.

cloudflare cookie

Why use Cookie Free Domains?

GTmetrix reports

When the browser requests a static element and sends cookies with the request, the server ignores the cookies. These cookies are unnecessary network traffic. It increases page load time. Therefore, it is better to avoid cookies for static resources like CSS, JS, Images, etc. files. This is why speed test tool such as GTMetrix and Pingdom recommend to serve the static resources from a domain that doesn’t set cookies.


#1. Use a CDN to Serve Cookie-Free Content

As uneccessary cookies can comes from various source such as Cloudflare, Analytics, top level domain name and so on, it’s better to completely offload static resources to a CDN unique hostname.

  • Use BunnyCDN to serve all static resources cookies-free.
bunnycdn disable cookies
function wpseo_cdn_filter( $uri ) {
	return str_replace( '', '', $uri );
add_filter( 'wpseo_xml_sitemap_img_src', 'wpseo_cdn_filter' );
  • Or, use Stackpath (Formerly known as MaxCDN), they support cookie-free domains.
stackpath strip all cookies
Strip all cookies with Stackpath CDN

This method should work for site using top level (non-www) domain or www alias.

Bonus tip: If you’re using Yoast SEO WordPress plugin, it would be best to update image path in XML file. You can add below snippet via Code Snippets plugin.

#2. Use Cloudflare only for DNS

Generally you can’t serve cookie-free content while using its CDN (Reverse Proxy) services together. The way Cloudflare provide services, it must adds a special cookie namely _cfduid with each HTTP requests over whole domain

HTTP/1.1 200 OK
Date: Thu, 26 Mar 2020 15:37:09 GMT
Content-Type: image/
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=d36b1934da000d3fbc11e5a8e13fccde11585237029; expires=Sat, 25-Apr-20 15:37:09 GMT; path=/;; HttpOnly; SameSite=Lax; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: HIT
Age: 4650
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri=""
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 57a1f3878d3ad597-BOM
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

Solution: To eliminate __cfduid cookies, keep Cloudflare in DNS only mode or switch to Enterprise Plan that allow to remove but it would be costly. Alternatively, you can use Sucuri performance and security solution which doesn’t set cookies with each request.

#3. Switch to Static WordPress

This blog is live example a static WordPress site. It is hosted at BunnyCDN Cloud Storage. I am huge fan of their services and amazing support.

Key facts

  • It helps serving pages without cookies.
  • The process require deep technical understanding of CDN, Caching Policy and end result is worth it.
  • I use Cloudflare only as DNS not proxy.
  • My all pages score 90+ at PageSpeed Insight
  • I use WordPress just as CMS in backend but end user interact with HTML pages.

By converting WordPress to HTML you can make your website faster than 99% of the world.


How to check either my domain/subdomain cookiesless or not?

Check at Network Tab of Chrome Developer tool or using GTmetrix.

Final words: I have tried my best to explain this tutorial to you. If you have any question in mind, or couldn’t understand this tutorial at any part. Please feel free to ask via below in the comment section. I would be happy to reply your queries.


Want more? 
Imagine getting Tutorials everyday! THAT's FREAKING AWESOME. Subscribe now. 

Leave a Comment

55 thoughts on “Use Cookie-Free Domains with Cloudflare in WordPress”

  1. This tutorial is really helpful. But only problem with Yoast Image index. The code is not updating image locale path in Yoast Sitemap. I think Yoast has something changed due to this functions.php code is not working. Is there any solution for this?

  2. Start Working. I just disabled and re enabled Yoast Sitemap and it start working thanks. Your Tutorial is really great. Thanks!

  3. I have followed your tutorial but how long will it take for the subdomain to resolve?
    I am using Direct Admin and Cloadflare.
    But if I go to my subdomain for testing, it would not work.

    My site is at

    Thanks a lot!

    • Hi Kristof,

      Sorry for delay response.
      Could you please elaborate your question?
      I would like to answer it.


      • Dear Gulshan,

        I have figured it out why it doesn’t work my provider has disabled this setting so his customers should use his CDN service.

        Thank you

  4. Thanks for this guide. This is by far the most thorough one I found on the subject. I especially like your “Pausing CF” trick, thanks 🙂

    • Actually, Cloudflare don’t allow to eliminate cookies. So this is the only way that we can use it just as a DNS manager. Thanks for stopping by!

  5. It seems to work except I get 404 errors for all my images. What am I missing? I use speed booster pack not W3 Total Cache because my site loads faster with this plugin. Im not good at coding. Is there an easy to not get my images 404ed?

    • Have you pointed your subdomain to the public_html directory? If no, first make sure to do it as per your host guideline.

  6. Hello Sir, thank you very much for this tutorial. I managed to get 95/100 for that score and I’m quite happy because from F score to A is truly tremendous. Once again, thank you very much. 🙂

  7. Hi,
    this is really an excellent post for the guidance of CDN. i followed all the instructions in your post. but i have a problem .when i pause the cloudfalre my website is not working saying security error / threat etc.,
    can you help me how to solve this?

    • Hello,

      Thanks for the comment. I understand when you paused Cloudflare, it is saying security error. Okay, are you using HTTPS via Cloudflare Flexible SSL on your blog? If possible, kindly share a screenshot of the error. I would love to assist.

      Thanks & Regards,

    • Thanks for the complete information. Let me tell you, once you pause Cloudflare service, their Flexible SSL will stop working. As a solution, you must have SSL at the origin server from your host side.

  8. hi,
    i have seen cloudflare certificate in my host origin. i have to uninstall this certificate? if i uninstall it ,then my website will be having only http:\\ is it?
    do i really need to uninstall it?
    what is u r opinion?

    • When you will pause Cloudflare, then you will be able to use cookie-free subdomain.


      If then problem is Fexible SSL for your site will not work.

      As a fall back, you must have real SSL installed at your web hosting server.

      If you can, then only proceed. Else, please continue with Cloudflare as usual.

      To use HTTPS, SSL is indeed required.


    • Hi John,

      You have to keep a separate domain as cookie-free. The process would be similar like having DNS records pointed to your main domain and it should be accessible. If you want me to elaborate more on this in detail, please let me know.

      Thanks & Regards,

  9. I have tried step by step but failed to, I just noticed that it should use www, As for me non-www … can you help me the best way? should i buy new domain or move to www ( can i move to www, even mine non-www). Thanks

  10. Hi, Thanks for guide. I have 1 question, my have SSL (Comodo SSL, no wildcard). I want to implement your guide, will it work? Or wildcard ssl is necessary?

  11. Thanks for article, I’ve a question:
    When we update plugins, we have to move/upload the new plugin folders to our cookieless domain?
    Is it a way to make this process automatic?

  12. Bro,You can points cname values to primary domain but my host told me point cdn url…but when i point cdn url my subdomain ssl not working also subdomain server not found error also facecing…??

    • Ya, because your subdomain must be authorised to be used in your CDN. Please ask customer care for support. Another thing, SSL must be active.

  13. Hey,
    How to move all static content on cookies-free subdomain via CDN EnablerPlugin because I do not find any option for moving.

    • I have the same question..

      I made all the things in the tutorial, but when i check the source code on the site.. all the css, js and images are still pointing to instead to

      We forgot something?


      • Please purge cache. If you can share website URL, then I would be able to check, what’s exactly happening. Thanks.

  14. Hii,

    Thanks for the detailed peocedures. I’ve followed all the steps, but finally my blog was broke and no miages are loading. I pointed subdomain to public_html only. Could you please help

    • It’s because of mixed content error, your subdomain point be supported for HTTPS if your primary domain uses HTTPS.

  15. Hi, thanks for the very informative post. I’m wondering if every you set up the sub domain correctly, how would you upload and manage all images from there?

    your answer would be greatly appreciated.


    • A subdomain is typically a hostname that should point to same directory where your WordPress exist. So, it’s nothing about moving files.

  16. Thank you so much Sir. Your valuable comments are really helpful to resolve my problem. I really impressed.

  17. Hi,

    I followed all your instructions and they were very helpful, I was able to set the subdomain as cookie less to serve static content, but now pindom is complaining of too many redirects from my static domain to main domain and decreasing the overall score. Can you please suggest what can be done to resolve this ?

  18. Hello I have a problem with my domain that is without the www but according to the metrics of pindom I must configure the problem of serving the data, I have tried other tutorials and the site is broken, I do not know if it is a problem of cloudflare? would you help me ? Thank you.

  19. I tried out your guide, I must say you did a good job in explaining. But i still not able to get a cookie free domain. Even though I have ssl for both domain and sub domain. May be I am having issue with cloudflare.
    Any suggestion ?

    • You have to disable Cloudflare reverse proxy (I mean, at record keep your domain in Grey mode to use only DNS) in order to get Cookie-free domain.

  20. It all sounds good but the images are not appearing in this article so it becomes confusing when you refer to see this image. Great if you can fix this

  21. How are you thinking about the WP plugin called WP2static as someone suggested to me also because I am using the Flexible SSL on Cloudflare but I am not easy setting all adjusting… please let me what you think about that. Thank you.

      • Hello Gulshan Kumar,

        I appreciate you made an answer quickly but that tip mentioned about BunnyCDN, I am using the CloudflareCDN. Even the Cloudflare CDN user applies to your Article.

        So much valuable information there, I need some time to understand so I am checking before the Action.

        Thank you.

        • Yes, that article is exclusively for BunnyCDN at the moment. It is well tested and will be further updated as well.

  22. Thank you.

    How about between CloudflareCDN(Free Version) and Bunny CDN, which one better?

    Just let me know about that.