Comments on some cookies
The PHPSESSID is only used inside a session and is deleted and therefore allowed as per GDPR.
The __cfduid cookie is set by our Content Delivery Network (CloudFlare) and is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. For example, if a certain laptop is used in a local area network where there are laptops infected with viruses, but the specific person’s laptop is trusted (e.g. because they’ve completed a challenge (within your Challenge Passage period), the cookie allows CloudFlare to identify that client and not challenge them again. It does not correspond to any user ID and does store any personally identifiable information.
Because Cloudflare uses this cookie to identify both HTTP and HTTPS requests from known clients, we do not set the “secure” flag on it. This is not a risk, however: as mentioned above the cookie does not contain sensitive data.
It is not possible to block the Cloudflare cookie at the moment. A Content Delivery Network ensures good performance of websites across the globe.