WordPress Cookieless Domains

October 10, 2011

First off, cookieless domains are your friends for content distribution. Why? Because every time a web browser talks to a server it sends a copy of all its cookies for that domain. As you can imagine this is quite ridiculous if your client is requesting an image, CSS, JS or other static resource which can never use that cookie information. These wasted upload bits are totally unnecessary so lets get rid of them with the help of a cookieless domain.

Sub or New Domain?

You might think there is a magical 'no cookies' option on your server but there isn't. A cookieless domain is simply one that has never set a cookie. This means two options; create a sub domain (like s.forstmist.org) or create a new domain name.

At first glance a sub domain seems nice and simple but there is a caveat. If you redirect your visitors from a sub domain (www.forestmist.org) to your root domain (forestmist.org) you'll end up with cookies on your root domain. These root cookies are automatically sent along with any requests to all sub domains. That's right, having cookies on your root domain taints all your sub domains from becoming cookieless domains. This is not a concern if you channel all your visitors to a www sub domain since any cookies there will not be available to the root domain and therefore won't taint other sub domains.

For short domain name lovers, registering a new domain for serving static content is a no brainer. I definitely fall into this category so I registered forestmisty.org which I shall use as an example in the rest of this guide.

.htaccess Redirect

With the new misty domain setup and pointing to my web server everything was working great. Requests to static images weren't passing cookie information but what if someone went to the root of forestmisty.org? What if a broken link sent them to a 404? WordPress would handle the request and that means potential cookies from it or Google Analytics. Yikes!

What would be nice is if we can allow any requests for forestmisty.org/wp-content/ but redirect anything else back to forestmist.org. We can do exactly that with the following .htaccess commands.

Options -Indexes
            RewriteEngine on
            RewriteCond %{HTTP_HOST} ^forestmisty.org$ [NC]
            RewriteCond %{REQUEST_URI} !^/wp-content/?(.*)$ [NC]
            RewriteRule ^(.*)?$ http://forestmist.org/$1 [R=301,L]

The first line disables any automatic directory listings.
The second line enables the Apache rewrite engine.
The third line says anytime a request comes in for 'forestmisty.org' continue to the next line.
The fourth line says if the request is NOT for '/wp-content/...' continue to the next line.
The fifth line says if we made it this far redirect the original request to forestmist.org including any extra query information like /favicon.ico, /creative-resume, etc...

By the way...
^ means the start of a string.
$ means the end of a string.
? means the preceding character or collection in parenthesis is optional.
. means any one character.
* means the preceding character can occur 0 or more times.
$1 means insert whatever was inside the first set of parenthesis to the left.
[NC] means not case sensitive.
[R=301] means do a 301 redirect.
[L] means the last rule so don't bother processing the rest of the .htaccess file.

Now we can rest assured that requests to our new cookieless domain will stay cookie free by only servering up what are almost always static file requests from the /wp-content folder.

Configure WordPress

Our new domain is setup and protected pretty well thanks to our .htaccess file so now it's time for WordPress to join the fray. Specially, WordPress needs to have any /wp-content links rewritten to point to the same location on our cookie free domain.

Load your home page and view source. You should see your new cookieless domain being referenced quite often. Yay!


With a little bit of effort our server is less stressed, our clients are loading faster and hopefully you've got a silly grin on your face.