Seeing “Use cookie-free domains” error at GTmetrix Yslow or Pingdom for your site?

GTmetrix report

Why use Cookie Free Domains?

When the browser requests a static element and sends cookies with the request, the server ignores the cookies. These cookies are unnecessary network traffic. It increases page load time. Therefore, it is better to avoid cookies for static resources like CSS, JS, Images, etc. files. This is why speed test tools such as GTMetrix and Pingdom recommend to serve the static resources from a domain that doesn’t set cookies.

Solutions

• Use a CDN
• Use Cloudflare only for DNS

#1. Use a CDN to Serve Cookie-Free Content

As unnecessary cookies can come from various sources such as Cloudflare, Analytics, top-level domain names and so on, it’s better to completely offload static resources to a CDN unique hostname.

• Use BunnyCDN to serve all static resources cookies-free.

• Or, use Stackpath (Formerly known as MaxCDN), they support cookie-free domains.

This method should work for site using top level (non-www) domain or www alias.

Bonus tip: If you’re using Yoast SEO WordPress plugin, it would be best to update the image path in XML file. You can add the below snippet via Code Snippets plugin.

function wpseo_cdn_filter( $uri ) {
	return str_replace( 'https://example.com', 'https://example.stackpathcdn.com', $uri );
}
add_filter( 'wpseo_xml_sitemap_img_src', 'wpseo_cdn_filter' );

#2. Use Cloudflare only for DNS

Generally, you can’t serve cookie-free content while using its CDN (Reverse Proxy) services together. The way Cloudflare provide services, it must add a special cookie namely _cfduid with each HTTP request over whole domain.

HTTP/1.1 200 OK
Date: Thu, 26 Mar 2020 15:37:09 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=d36b1934da000d3fbc11e5a8e13fccde11585237029; expires=Sat, 25-Apr-20 15:37:09 GMT; path=/; domain=.cloudflare.com; HttpOnly; SameSite=Lax; Secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: HIT
Age: 4650
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 57a1f3878d3ad597-BOM
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

Solution: To eliminate __cfduid cookies, keep Cloudflare in DNS only mode or switch to Enterprise Plan that allow to remove but it would be costly. Alternatively, you can use Sucuri performance and security solution which doesn’t set cookies with each request.

#3. Switch to Static WordPress

This blog is live example a static WordPress site. It is hosted at BunnyCDN Cloud Storage. I am huge fan of their services and amazing support.

Key facts

• It helps serving pages without cookies.
• The process require deep technical understanding of CDN, Caching Policy and end result is worth it.
• I use Cloudflare only as DNS not proxy.
• My all pages score 90+ at PageSpeed Insight
• I use WordPress just as CMS in backend but end user interact with HTML pages.

By converting WordPress to HTML you can make your website faster than 99% of the world.

How to check either my domain/subdomain cookiesless or not?

Check at Network Tab of Chrome Developer tool or using GTmetrix.

Final words: I have tried my best to explain this tutorial to you. If you have any questions in mind, or couldn’t understand this tutorial at any part. Please feel free to write to me at prospeedguy@gmail.com. I would be happy to reply to your queries.