Prevent Cookies from Being Made
When I use images from cloudinary on my website cookies from cloudinary get added to the browser. I don't want this.
How do I prevent cloudinary cookies from being created for the users of my website?
In case you are worried about bandwidth or loading speed please consider the following:
- in HTTP/1.1 the request + cookies is generally less than 1 packet (~1500Bytes) and most certainly less than 1 RTT (icwnd of 10 = ~15KB). So there really there is no performance savings with cookieless domains. The only savings is if you pay for up + down bytes. Still, for images and video, the 50-100Bytes in the typical cookie is dwarfed by the actual size of images and video on the wire.
- in HTTP/2, because it is a binary protocol, the overhead of a request is further reduced because a) more requests filled in a single packet (eg: you don't have half empty packets) and b) while http/2 doesn't compress headers (because of a gzip vulnerability), it does use HPAC which de-duplicates headers with the same value. So the cookie value is only sent once on a domain instead of multiple times.
For our Advanced + and Enterprise customers, we do offer to set a cookieless domain (
static-domain.com) to make sure no cookies are set on images.
Please note that res.cloudinary.com does not set cookies. The cookie you see sent to res.cloudinary.com was set because you previously visited https://cloudinary.com - which sets a cookie. Your website users won't be using https://cloudinary.com in general, so they won't have this cookie set.
Hello. I am not concerned with performance. I am concerned with European Law. It is against the law in many cases to store cookies on users computers without their consent and so I would rather not store any cookies. How does cloudinary comply with this law?
More info about the law here: https://www.cookielaw.org/the-cookie-law/
Thank you for sharing your concern and provide more information.
1. As a part of using Cloudinary's service to deliver images and videos to your users, there are no cookies involved.
No cookies are used for tracking Cloudinary's customers' customers.
2. When using Cloudinary's website and console, there is a use of Google Analytics cookies and session cookies.
3. There is currently no way to manage cookies duration programmatically but it is something we consider as a part of the roadmap.
I can see 3 cookies being set when accessing the image url in the initial comment:
- __cfduid - d19b78624e1635bf430dd4606746be82f1564420771 .cloudinary.com / 2020-07-28T17:19:31.781Z 51 ✓
- __cfruid - 66d5b2fefc2bf63c50277e428b8ef8b2ecddfb1e-1577971280 .cloudinary.com / Session 59 ✓
- __zlcmid - mQhLJOAFBhwJp2 .cloudinary.com / 2020-09-03T10:56:05.000Z 22
The first two seem to be the "standard" cloudflare cookies - which are in relation to them providing their service and are deemed as essential.
The 3rd one however i don't understand. It seems to be commonly referring to zendesk - however i don't understand it's purpose for me as a user when I access an image on "res.cloudinary.com".
Can you please elaborate as to what the purpose is?
Just the one in the first message in this thread.
Thanks for sharing this.
Requesting the above image or others via res.cloudinary.com doesn't set any cookies. I've gone ahead and attached a screenshot when making a request to that URL and showing the request/response headers.
If you have accessed cloudinary.com and have existing cookies bound to ".cloudinary.com" then they will be sent as part of the request to res.cloudinary.com, but the response from res.cloudinary.com doesn't set cookies.
If you can see cookies set in the response to res.cloudinary.com, please share a network log/capture with the relevant request/response.
Post is closed for comments.