Skip to content
Strictly NecessaryNo consent needed

What is the __cflb Cookie?

Set by Cloudflare (Cloudflare, Inc.). Expires after 1 day.

Purpose

Set by Cloudflare load balancing to route a visitor's requests to the same origin server for the duration of their session (session affinity).

Strictly necessary infrastructure cookie, used only when Cloudflare load balancing with session affinity is enabled.

Cookie Details

Cookie Name__cflb
ServiceCloudflare
ProviderCloudflare, Inc.
CategoryStrictly Necessary
Duration1 day
Consent RequiredNo — strictly necessary

Category: Strictly Necessary

Strictly necessary cookies are essential for the website to function and cannot be switched off. They are set only in response to actions made by you — such as logging in or filling forms. No consent is required.

GDPR Requirements

The __cflb cookie is strictly necessary and does not require user consent under GDPR and the ePrivacy Directive. It may be set when the user first visits your site.

However, you must still disclose this cookie in your cookie policy, explaining what it does and why it is necessary.

How to Handle This Cookie

  1. It can load freely — no need to block Cloudflare behind a consent gate for this specific cookie.
  2. Disclose it — list it in your cookie policy explaining it is strictly necessary for cloudflare functionality.
  3. Don't add a checkbox for it — strictly necessary cookies should not be listed as toggleable in your consent UI.

Other Cloudflare Cookies

CookieCategoryDuration
__cf_bmStrictly Necessary30 minutes
cf_clearanceStrictly Necessary30 minutes

Is this cookie on your website?

Scan your website to see every cookie it sets, whether they're blocked before consent, and get a full GDPR compliance report.

Scan your website free →