I get asked this question quite often by clients. Can you use Cookie-Free Domains with CloudFlare? This is a common warning found in GTMetrix, which even this site gets flagged for.
Some users are confused as to whether or not they can resolve this issue when using Cloudflare. The answer is no.
Cloudflare serves a cookie on every asset for security purposes. Cloudflare’s cookie stops legimitimate users from being flagged as spam. The cookie is also assigned to potentially malicious users as well. This data is used to help protect your website from malicious users, while giving your users a better user experience.
Why You Shouldn’t Care
Unlike some other articles that teach you how to make the warning go away by slapping a CDN onto the site, or setting up some sort of static subdomain. I am going to tell you to not even bother because it’s not worth your time.
Removing cookies from your static resources would save not even 1 KB worth of data. This would lead to such an insignificant reduction in page weight. It would lead to no improvement in real world performance.
Instead, you should focus on things that actually matter.
Reduce Bloat Where It Matters
If you’re loading Dashicons on your frontend, but you’re not using it, that alone is 30 KB of data. Removing dashicons won’t lead to an improvement in your GTMetrix score (in most cases), but it will improve your mobile performance by removing a large chunk of CSS that is not being used.
You could do any variety of things that, while they won’t have an impact on your GTMetrix score, they will yield actual performance gains. Whereas this is a vanity metric.