What does the Cloudflare cfduid cookie do?

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. For example, if the visitor is in a coffee shop where there are a bunch of infected machines, but the specific visitor's machine is trusted (e.g. because they've completed a challenge within your Challenge Passage period), the cookie allows us to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

Depending on the "Always Use HTTPs" configuration this cookie will be created either as secure or non-secure. 

The "Always use HTTPS" redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone. You can find this option in the Crypto app of the Cloudflare dashboard.

Always Use HTTPS = True:

< Set-Cookie: __cfduid=de73c7e08a3753ac6b2fc84a838098dd91524036568; expires=Thu, 18-Apr-19 07:29:28 GMT; path=/; domain=.domain.com; HttpOnly; Secure

Always Use HTTPS = False:

< Set-Cookie: __cfduid=dbed136878a72f4a881e70c74fcf4b3411524036444; expires=Thu, 18-Apr-19 07:27:24 GMT; path=/; domain=.domain.com; HttpOnly

This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk