`cf_clearance` cookie scoped to parent of the issuing domain?
Hello from rainy, gloomy Liverpool!
A stranger on an @gmail.com address emailed me a "vulnerability report" whilst asking for cash for reporting it—but I'm not convinced it has any merit as it's just how Cloudflare Turnstile is, right? Can anyone sanity-check this?
Thank you very much in advance, really appreciative of your time. :- )
4 Replies
cf_clearance Clearance Cookie stores the proof of challenge passed. It is used to no longer issue a challenge if present. It is required to reach an origin server.
Cloudflare Docs
Cloudflare Cookies | Cloudflare Fundamentals docs
Cloudflare uses various cookies to maximize network resources, manage traffic, and protect our customers’ sites from malicious traffic.
do a challenge from main domain wont get a challenge from sub domain
This sounds like a very low-effort email. I wouldn’t worry about it