My guess is that it's less that there are now better ways to do it, and more that bots are increasingly sophisticated and the value of this signal has decreased over time, while the business costs (explaining to customers why this is not a GDPR violation) have increased.
Vaguely related... If you are using Cloudflare's bot protection be sure to disable it for asset requests such as JavaScript and CSS.
Cloudflare's default behaviour upon detecting a "malicious bot" is to serve a captcha for these requests which will break your site. You should probably only be using this for top-level navigation where the captcha will be visible to use user.
This is a bit complicated for API endpoints, in this case all of your JS must be ready to receive an HTML captcha page instead of whatever your API should return. It is unclear what to do in this case. Send the request again? Reload the page and hope that the user gets a captcha on the HTML?
I've had Google down-rank my pages because Cloudflare served a captcha instead of the CSS file and Google decided that they weren't "mobile friendly".
Side-note: This is extra painful for https://cloudflare-ipfs.com as you can't disable security since Cloudflare has picked the settings, it makes that service unusable for hosting website assets.
Yessss. I always found this weird. I just wanted to use Cloudflare cdn. Not wanting them to track me. Just give me headers with cache hit/miss and edge pop being served from. No cookies.
reply