1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:09 am May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

How to disable all cookies with .htaccess on one domain?

         

seoholic

12:41 am on Apr 8, 2018 (gmt 0)

10+ Year Member



I have a simple Wordpress website and no need to set cookies. To comply with regulations and avoid EU cookie warnings at the same time, I would like to disable all cookies on my domain.
I read that this can be done by using the following code in .htaccess:
Header unset Cookie
Header unset Set-Cookie
I added it to /var/www/html/.htaccess but I still get cookies. How can I achieve a cookie-free website with Apache?
Follow-up question:
How can I restrict the above policy to one domain only, so I can still have cookies for the admin interface using the IP instead of the domain?

lucy24

6:10 am on Apr 8, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Cookies don't just materialize of their own volition. Your site is setting them because it has been explicitly instructed to do so. Find the code that generates the cookies, and stop them from being set in the first place.

If you use Google Analytics, that's where the cookies are coming from. They're the ones with names in utm_ and utz_ and so on.

If you use WordPress, long ago you unthinkingly added some plugin that generates cookies. Identify it and get rid of it.

Travis

9:08 am on Apr 8, 2018 (gmt 0)

5+ Year Member Top Contributors Of The Month



And know what these cookies are doing. They might be mandatory for some feature of your site. If they are not used to collect or track user's data, then you don't have to remove them, or display a cookie banner.

Also, ensure that these cookies are set by your domain, and not from third part domains, (like adsense, analytic, social networks, etc...), you can't block these cookies from your apache conf.

keyplyr

9:56 am on Apr 8, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I added it to /var/www/html/.htaccess but I still get cookies.
Yup. You block the cookies as the request hits the server, but a millisecond later as the page loads, a cookie(s) is generated. As Lucy suggests, find where that cookie is coded.

However IMO the cookie in itself is not breaking the GDRP privacy standard. Cookie notices generate cookies. Personal data storage is the big deal.

wilderness

12:35 pm on Apr 8, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



FWIW, changed hosts (shared) recently and my host generates cookies above my root.
Don't care for it, but . . .

Travis

12:38 pm on Apr 8, 2018 (gmt 0)

5+ Year Member Top Contributors Of The Month



The thing is, it's possible you have cookies being set by a piece of Javascript code...
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:09 am May 1, 2026