Skip to main content

Prevent Cookies from Being Made



  • Shirly Manor


    In case you are worried about bandwidth or loading speed please consider the following:

    • in HTTP/1.1 the request + cookies is generally less than 1 packet (~1500Bytes) and most certainly less than 1 RTT (icwnd of 10 = ~15KB). So there really there is no performance savings with cookieless domains. The only savings is if you pay for up + down bytes. Still, for images and video, the 50-100Bytes in the typical cookie is dwarfed by the actual size of images and video on the wire.
    • in HTTP/2, because it is a binary protocol, the overhead of a request is further reduced because a) more requests filled in a single packet (eg: you don't have half empty packets) and b) while http/2 doesn't compress headers (because of a gzip vulnerability), it does use HPAC which de-duplicates headers with the same value. So the cookie value is only sent once on a domain instead of multiple times.

    For our Advanced + and Enterprise customers, we do offer to set a cookieless domain ( or to make sure no cookies are set on images.

    Please note that does not set cookies. The cookie you see sent to was set because you previously visited - which sets a cookie. Your website users won't be using in general, so they won't have this cookie set.

  • Nick Mudge

    Hello. I am not concerned with performance. I am concerned with European Law. It is against the law in many cases to store cookies on users computers without their consent and so I would rather not store any cookies.  How does cloudinary comply with this law?

    More info about the law here:

  • Nick Mudge

    Thanks for the info about does not set cookies. Very helpful to know.

  • Shirly Manor

    Hi Nick,

    Thank you for sharing your concern and provide more information.

    Please note that we are not using cookies to track our customers. you can read more about our cookie policy here:



  • Fabien Leufroy


    Is there a way to manage cookies duration programmatically ? Or manage use of the cookies ?

    I'm facing the same problem that Nick regarding the new european law.

    Thanks in advance

  • Raya Straus

    As Shirly mentioned, we don't use cookies to track our customers. We only use cookies for login. If you could share additional information on your use case we'd be happy to help. 

  • Fabien Leufroy

    I'm working on GDPR (in France). 

    I don't use cookies in my application. Do you know if cloudinary's cookies involve cookies information banner on my website ?

  • Roee Ben Ari

    Hey Fabien,

    1. As a part of using Cloudinary's service to deliver images and videos to your users, there are no cookies involved. 
    No cookies are used for tracking Cloudinary's customers' customers.
    2. When using Cloudinary's website and console, there is a use of Google Analytics cookies and session cookies.
    3. There is currently no way to manage cookies duration programmatically but it is something we consider as a part of the roadmap.

  • Eike Dawid

    I can see 3 cookies being set when accessing the image url in the initial comment:

    1. __cfduid  -  d19b78624e1635bf430dd4606746be82f1564420771 / 2020-07-28T17:19:31.781Z 51 ✓
    2. __cfruid -  66d5b2fefc2bf63c50277e428b8ef8b2ecddfb1e-1577971280 / Session 59 ✓
    3. __zlcmid - mQhLJOAFBhwJp2 / 2020-09-03T10:56:05.000Z 22

    The first two seem to be the "standard" cloudflare cookies - which are in relation to them providing their service and are deemed as essential.

    The 3rd one however i don't understand. It seems to be commonly referring to zendesk - however i don't understand it's purpose for me as a user when I access an image on "".

    Can you please elaborate as to what the purpose is?

    Thank you!


  • Daniel Mendoza


    Can you provide us with the steps to reproduce and the Cloudinary URL you are using?

  • Eike Dawid

    Just the one in the first message in this thread.



  • Aleksandar Kostadinov

    Hi Eike,

    Thanks for sharing this.

    Requesting the above image or others via doesn't set any cookies. I've gone ahead and attached a screenshot when making a request to that URL and showing the request/response headers.

    If you have accessed and have existing cookies bound to "" then they will be sent as part of the request to, but the response from doesn't set cookies.

    If you can see cookies set in the response to, please share a network log/capture with the relevant request/response.

    Best regards,



Post is closed for comments.