Welcome to WebmasterWorld Guest from 54.221.75.68

Forum Moderators: Ocean10000 & phranque

How to disable all cookies with .htaccess on one domain?

     
12:41 am on Apr 8, 2018 (gmt 0)

Junior Member

5+ Year Member

joined:June 29, 2010
posts: 89
votes: 0


I have a simple Wordpress website and no need to set cookies. To comply with regulations and avoid EU cookie warnings at the same time, I would like to disable all cookies on my domain.
I read that this can be done by using the following code in .htaccess:
Header unset Cookie
Header unset Set-Cookie
I added it to /var/www/html/.htaccess but I still get cookies. How can I achieve a cookie-free website with Apache?
Follow-up question:
How can I restrict the above policy to one domain only, so I can still have cookies for the admin interface using the IP instead of the domain?
6:10 am on Apr 8, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15256
votes: 691


Cookies don't just materialize of their own volition. Your site is setting them because it has been explicitly instructed to do so. Find the code that generates the cookies, and stop them from being set in the first place.

If you use Google Analytics, that's where the cookies are coming from. They're the ones with names in utm_ and utz_ and so on.

If you use WordPress, long ago you unthinkingly added some plugin that generates cookies. Identify it and get rid of it.
9:08 am on Apr 8, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


And know what these cookies are doing. They might be mandatory for some feature of your site. If they are not used to collect or track user's data, then you don't have to remove them, or display a cookie banner.

Also, ensure that these cookies are set by your domain, and not from third part domains, (like adsense, analytic, social networks, etc...), you can't block these cookies from your apache conf.
9:56 am on Apr 8, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


I added it to /var/www/html/.htaccess but I still get cookies.
Yup. You block the cookies as the request hits the server, but a millisecond later as the page loads, a cookie(s) is generated. As Lucy suggests, find where that cookie is coded.

However IMO the cookie in itself is not breaking the GDRP privacy standard. Cookie notices generate cookies. Personal data storage is the big deal.
12:35 pm on Apr 8, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5496
votes: 3


FWIW, changed hosts (shared) recently and my host generates cookies above my root.
Don't care for it, but . . .
12:38 pm on Apr 8, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


The thing is, it's possible you have cookies being set by a piece of Javascript code...
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members