When you run GTMetrix or other diagnostic tools on your website, you may find that the subdomain you use for the CDN may still be sending cookies, even when you have enabled the Disable Cookie feature on BunnyCDN.
What is a cookie?
A cookie is a small text file that a web server will send to a client, and ask it to store. Cookies are often used on interactive websites, such as shopping carts (to store what is in your cart) or for advertisers to track what you visit. More information on cookies is available at: What Are Cookies?
A web server can set and control cookies through a special HTTP response. Once a browser has received a cookie in a header, it is then returned to the web server whenever the client makes a request that matches the requirements defined in the cookie.
For example here, BunnyCDN.com sent our browser a cookie called "cookieconsent_status". The domain for the cookie is defined as "bunnycdn.com" and this means that whenever our browser talks to the bunnycdn.com domain, it will send that cookie.
However, not every website/service will be configured like this, to only ask for the cookie back for the main domain itself. For example, the cookie below is for ".bbc.co.uk". This means, that whenever our browser connects to the BBC, or to a subdomain of BBC.co.uk, my browser will send that cookie:
How does this affect my BunnyCDN site?
We provide an option for you to strip the Set-Cookie headers from your requests that travel over the CDN. This causes us to remove any cookies returned by your server and ignore any cookies that your browser sends to the CDN.
However, even after enabling this feature, you may still find that you get cookies that are being sent from your browser to the CDN. The reason for this, is because these cookies are likely being set via the wildcard mentioned above. A key reason for these wildcard cookies is usually Google Analytics, which sets a wildcard cookie to keep track of what your users do on the website as well as any subdomain related to it.
These wildcard cookies will not have been set via the CDN, and we cannot control them, or control if a browser sends a cookie back. Nevertheless, this behavior has practically no impact on your website performance and is generally not something to worry about.
What can I do to avoid this?
If you still want to avoid this behavior, the only way is to either use a CDN domain that is not a subdomain of your website or use our b-cdn.net domain that we provide with each zone. This way you can make sure that Google Analytics or other scripts will not be setting cookies for domains that are only used to deliver static content.