The built-in DDoS protection is cool, but if the user wishes not to accept any cookies (by clicking Reject All on a cookie banner say) how do I remove the __cf_bm cookie and make sure it doesn’t get re-set?
thanks
Dan
Ah, online resources are contradictory on this, but the UK ICO resource does say here that this type of cookie probably doesn’t need consent:
Is that how everyone else is treating it?
Dan,
The 2 cookies you refer to indeed are as a result of us fronting all Render services with Cloudflare - this is something that cannot be disabled.
https://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/#__cf_bm-cookie-for-cloudflare-bot-products
https://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/#_cfuvid-for-rate-limiting-rules
The ICOs own cookie control selection has ‘Necessary Cookies’
Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
John B
Render Support, UTC+1 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.