WP Thinker

The WordPress Playground

How to Fix “Use Cookie-Free Domains” in WordPress

Cookie-Free Domains in WordPress

Failed to achieve 100/100 score on GTMetrix and Pingdom, and YSlow tab suggests you need to “Use cookie-free domains” to improve it? The solution, obviously, isn’t to remove all cookies. They improve user experience through personalization and security, manage visitor sessions, help with tracking and analytics, and more. Instead, you must separate parts that don’t need to deliver cookies to the visitor from the ones that do. It comes down to choosing the method – manual and free, or user-friendly and potentially costly. Without further ado, this is how to fix “Use cookie-free domains” in WordPress.

What is a cookie-free domain?

When a browser sends a request to the server, the server sends the requested data back alongside response headers. One of those headers could instruct the browser to set a cookie. When the requested data is static, e.g., never changes, such as an image, script, or CSS file, the cookie is unnecessary. It creates extra traffic by sending additional requests, which wastes bandwidth and reduces the performance of your website. Cookie-free domains solve that problem by storing the aforementioned components separately so that websites can still set cookies on requests where that’s needed. Cookie-free domains also help with caching, since proxies sometimes refuse to cache components that are requested with cookies.

1. Fix “Use cookie-free domains” through the WordPress CDN/caching service

All leading website caching and CDN (Content Delivery Network) services implement cookie-free domains as part of their service. Unfortunately, enabling static content delivery is at the discretion of the service, and varies in difficulty. To illustrate our point, we’ll demonstrate enabling a cookie-free domain with 3 CDN services we’re not affiliated with:

1. Easy

BunnyCDN is the easiest to set up. All it takes is signing up for an account, logging in to the Dashboard, finding the Disable Cookies option, and toggling it on. The CDN will analyze your website, then deliver static content from one of its edge CDN locations worldwide shortly. We recommend you clear the website cache while you wait.

2. Medium

KeyCDN also requires a paid or a free trial account. However, manual configuration is needed too:

  1. Sign in to KeyCDN Dashboard.
  2. Click on Zones in the left sidebar.
  3. Under “Zone Name”, enter a name for the static content delivery zone (static or cookiefree are common choices).
  4. Make sure “Zone Status” is set to active.
  5. Under “Zone Type”, set Pull. Don’t click on Show Advanced Features.
  6. Under “Origin URL”, enter your full website URL, like this: “https://www.website.com”.
  7. Click on Save.
  8. Copy the domain name in the Zone URL table column that fits your Origin URL.
  9. Switch over to your WordPress Admin Section.
  10. Install the plugin KeyCDN created, CDN Enabler (https://wordpress.org/plugins/cdn-enabler/).
  11. Click on Settings in the left sidebar of the WordPress Admin Section.
  12. Find the “CDN Enabler Settings” section.
  13. Paste the URL you copied in step 8 into the field next to CDN URL.
  14. Put a checkmark in front of Enable CDN for HTTPS.
  15. Click on Save Changes.
  16. Clear cache on your website while waiting for changes to take effect.

3. Impossible or costly

Cloudflare CDN, for security reasons, sets a cookie named __cfduid at every request and doesn’t let regular users remove it. The only way to delete it is to upgrade to Enterprise plan, then ask Cloudflare Customer Support to remove it for you.

2. Fix the “Use cookie-free domains” warning manually

You cannot follow this method if you configured cookies on the top-level domain (“website.com” as opposed to “www.website.com”). That’s because all of its subdomains inherit the cookies automatically. In that case, we suggest using the method above or buying a separate domain and setting it up to deliver static content, as YouTube and Twitter do. We believe the former is easier, more effective, and often cheaper. With that in mind, follow these steps to remove the “Use cookie-free domains” warning manually:

1. Create a subdomain

Sign in the cPanel on your hosting’s website and proceed like this:

  1. Find the “Domains” section and click on Subdomains.
  2. In the “Create a Subdomain” section, do the following:
    1. Name your subdomain. Most people use static or cookiefree.
    2. Select your top-level domain from the drop-down list.
    3. Under “Document Root”, enter the path to the wp-content folder on your WordPress website. If you installed it to the root of the public_html folder, enter:
      /public_html/wp-content
  3. Save changes by clicking on Create.

2. Define subdomain

Now that you made a subdomain that points to your wp-content folder, it’s time to ensure WordPress recognizes that change. Here’s what to do:

  1. Access your website via FTP.
  2. Open the public_html/wp-config.php file.
  3. Confirm you want to edit the file if prompted.
  4. Scroll to the bottom and put your cursor above the /* That's all, stop editing! Happy publishing. */ line.
  5. Paste these two lines of code:
    define(“WP_CONTENT_URL”, “http://static.website.com”);
    define(“COOKIE_DOMAIN”, “www.website.com”);
  6. Note. Replace www.website.com with your actual domain name, and static with however you named your subdomain.
  7. Save changes.

3. Update your WordPress database (Situational)

If your website is brand new, skip this step. However, if it has any content, you need to update the WordPress database to reflect the changes above. We’ll use phpMyAdmin for demonstration:

  1. Log in to your cPanel again.
  2. Click on phpMyAdmin under “Databases”.
  3. Expand your WordPress database in the left sidebar by clicking the + sign.
  4. Note the prefix of the – it should be wp_ by default. Your host (or you) might have changed it.
  5. Click on wp_posts, since that’s the table we’ll execute our command in.
  6. Once you see a list of tables within wp-posts, switch to the SQL tab at the top.
  7. If you see any text, delete it.
  8. Paste the following command, but don’t execute it yet:
    UPDATE wp_posts SET post_content = REPLACE(post_content,'www.website.com/wp-content/','static.website.com/')
  9. Change the domain name, subdomain name, and database prefix if yours is different.
  10. Click on Simulate Query in the bottom right corner.
  11. If there are no errors, click on Go, but if they appear, it’s likely due to a typo or unnecessary blank spaces.
  12. You’ll see a green checkmark alongside “(Query took 0.000X seconds)”.
  13. Run a performance test, and see if you managed to fix “Use cookie-free domains” in WordPress.