[m1aw]

Is it necessary to get consent from the user about _cfduid?

From what I understand functional cookies are excluded from the consent banner.

[achairapart]

The problem with _cfduid is that it is essentially a third-party cookie (even if it's set on your own domain).

So I think you are still required to inform users of the cookie usage, the purpose of the cookies and link to the relevant Cloudflare privacy/cookie policies.

[jivings]

This is what I assumed too.

[stjohnswarts]

They wanted to get rid of cookies as much as possible as that's part of their business plan (privacy). So they found a better CDN that didn't use cookies at all, so I'd say they made out like a bandit.