Prevent Cookies from Being Made

Comments

12 comments

  • Avatar
    Shirly Manor

    Hey,

    In case you are worried about bandwidth or loading speed please consider the following:

    • in HTTP/1.1 the request + cookies is generally less than 1 packet (~1500Bytes) and most certainly less than 1 RTT (icwnd of 10 = ~15KB). So there really there is no performance savings with cookieless domains. The only savings is if you pay for up + down bytes. Still, for images and video, the 50-100Bytes in the typical cookie is dwarfed by the actual size of images and video on the wire.
    • in HTTP/2, because it is a binary protocol, the overhead of a request is further reduced because a) more requests filled in a single packet (eg: you don't have half empty packets) and b) while http/2 doesn't compress headers (because of a gzip vulnerability), it does use HPAC which de-duplicates headers with the same value. So the cookie value is only sent once on a domain instead of multiple times.

    For our Advanced + and Enterprise customers, we do offer to set a cookieless domain (static.domain.com or static-domain.com) to make sure no cookies are set on images.

    Update:
    Please note that res.cloudinary.com does not set cookies. The cookie you see sent to res.cloudinary.com was set because you previously visited https://cloudinary.com - which sets a cookie. Your website users won't be using https://cloudinary.com in general, so they won't have this cookie set.

    0
    Comment actions Permalink
  • Avatar
    Nick Mudge

    Hello. I am not concerned with performance. I am concerned with European Law. It is against the law in many cases to store cookies on users computers without their consent and so I would rather not store any cookies.  How does cloudinary comply with this law?

    More info about the law here: https://www.cookielaw.org/the-cookie-law/

    0
    Comment actions Permalink
  • Avatar
    Nick Mudge

    Thanks for the info about res.clodinary.com does not set cookies. Very helpful to know.

    0
    Comment actions Permalink
  • Avatar
    Shirly Manor

    Hi Nick,

    Thank you for sharing your concern and provide more information.

    Please note that we are not using cookies to track our customers. you can read more about our cookie policy here:

    https://cloudinary.com/privacy

    Thanks,

    Shirly

    0
    Comment actions Permalink
  • Avatar
    Fabien Leufroy

    Hi,

    Is there a way to manage cookies duration programmatically ? Or manage use of the cookies ?

    I'm facing the same problem that Nick regarding the new european law.

    Thanks in advance

    0
    Comment actions Permalink
  • Avatar
    Raya Straus

    As Shirly mentioned, we don't use cookies to track our customers. We only use cookies for login. If you could share additional information on your use case we'd be happy to help. 

    0
    Comment actions Permalink
  • Avatar
    Fabien Leufroy

    I'm working on GDPR (in France). 

    I don't use cookies in my application. Do you know if cloudinary's cookies involve cookies information banner on my website ?

    0
    Comment actions Permalink
  • Avatar
    Roee Ben Ari

    Hey Fabien,

    1. As a part of using Cloudinary's service to deliver images and videos to your users, there are no cookies involved. 
    No cookies are used for tracking Cloudinary's customers' customers.
    2. When using Cloudinary's website and console, there is a use of Google Analytics cookies and session cookies.
    3. There is currently no way to manage cookies duration programmatically but it is something we consider as a part of the roadmap.

    0
    Comment actions Permalink
  • Avatar
    Eike Dawid

    I can see 3 cookies being set when accessing the image url in the initial comment:

    1. __cfduid  -  d19b78624e1635bf430dd4606746be82f1564420771 .cloudinary.com / 2020-07-28T17:19:31.781Z 51 ✓
    2. __cfruid -  66d5b2fefc2bf63c50277e428b8ef8b2ecddfb1e-1577971280 .cloudinary.com / Session 59 ✓
    3. __zlcmid - mQhLJOAFBhwJp2 .cloudinary.com / 2020-09-03T10:56:05.000Z 22

    The first two seem to be the "standard" cloudflare cookies - which are in relation to them providing their service and are deemed as essential.

    The 3rd one however i don't understand. It seems to be commonly referring to zendesk - however i don't understand it's purpose for me as a user when I access an image on "res.cloudinary.com".

    Can you please elaborate as to what the purpose is?

    Thank you!

     

    0
    Comment actions Permalink
  • Avatar
    Daniel Mendoza

    @Eike

    Can you provide us with the steps to reproduce and the Cloudinary URL you are using?

    0
    Comment actions Permalink
  • Avatar
    Eike Dawid

    Just the one in the first message in this thread.
    http://res.cloudinary.com/mokens/image/upload/v1524074898/bl26e14zgee48t12erly.jpg

    Cheers

    Eike

    0
    Comment actions Permalink
  • Avatar
    Aleksandar Kostadinov

    Hi Eike,

    Thanks for sharing this.

    Requesting the above image or others via res.cloudinary.com doesn't set any cookies. I've gone ahead and attached a screenshot when making a request to that URL and showing the request/response headers.


    If you have accessed cloudinary.com and have existing cookies bound to ".cloudinary.com" then they will be sent as part of the request to res.cloudinary.com, but the response from res.cloudinary.com doesn't set cookies.

    If you can see cookies set in the response to res.cloudinary.com, please share a network log/capture with the relevant request/response.

    Best regards,

    Aleksandar

    0
    Comment actions Permalink

Please sign in to leave a comment.