shields.io is tracked by CloudFlare

[techtonik]

Chrome page audit shows that requiest to shields.io sends 8.9KB of cookies. The guilty is this CloudFlare cookie which seems to be impossible to turn off:

http://webmasters.stackexchange.com/questions/59226/disable-cfduid-cookie-from-cloudflare

What are other alternatives to CloudFlare?

[espadrine]

Huh, I didn't know about it. That said, it is only on the main page, not on badges, so the harm is limited.

CloudFlare provides us TLS with valid certificates. An alternative would be let's encrypt, but at this point, it would be quite a hassle to set up.

[techtonik]

@espadrine why do you think it is only on the main page? GitHub just caches all that content, so there are no direct requests to CloudFare.

[espadrine]

Ah, true. The cookie spans .shields.io. I understand CloudFlare's justification, but it feels like something that they should allow disabling. Their argument doesn't apply here since they cannot cache my content, even if I wanted them to.

I'll try to use let's encrypt instead.

[techtonik]

let's encrypt is not a CDN. Do you mean switch to self-hosting shields?

[espadrine]

We already self-host shields. We don't have a CDN. The only thing we use CloudFlare for is its free TLS certificates.

[techtonik]

So, what server is used? Is the production configuration explained somewhere? From https://github.com/badges/shields/blob/master/INSTALL.md#start-the-server it looks like it is running Node. Is there nginx or something?

[techtonik]

Different ways to fetch certificates

[espadrine]

I tried adding more information. I use a node server pretty much directly.

[anantshri]

Today i have started to get cloudflare warnings on img.shields.io as per this conversation looks like cloudflare was suppose to only work on shields.io. Can you check and suggest.

[paulmelnikow]

I think this should be fixed for the home page, which no longer uses Cloudflare.