Cloudflare is deprecating the __cfduid cookie and the cf-request-id headers. The __cfduid cookie will be removed on 10 May 2021 and the cf-request-id headers will be removed on 1 July. We expect that most customers will not have to take action as a result of this removal.
Removing the __cfduid cookie
The __cfduid cookie was set on Cloudflare HTTP responses and was used for providing critical performance and security services on behalf of our customers. Now, we are working to transition our security services to not depend on this cookie. You can read more about this change
On 8 April, we will temporarily remove the cfduid cookie. Details will be posted on our
Starting on 10 May 2021, we will stop adding a “Set-Cookie” header on all HTTP responses. The last __cfduid cookies will expire 30 days after that.
Removing the cf-request-id header
In mid 2020, we introduced cf-request-id, an experimental HTTP header. This header was present on requests sent to origins and returned in responses to eyeballs (users). After careful evaluation, we decided to remove the cf-request-id header. You can read more about this change
On 15 June, 2021, we will temporarily remove the cf-request-id header between 15:00 UTC to 23:00 UTC.
Starting on 1 July 2021, we will stop adding the cf-request-id header on HTTP requests and responses.
The Cloudflare team