Hey David, so yes my thinking was the same in terms of skipping the cloudflare healthchecks -- I extended the IsCrawler method (see below) so that anything that didn't have a specific cookie (which can only be added by clicking "Accept" on the GDPR banner) gets flagged as a crawler and thus shouldn't be creating a contact...
public bool IsCrawler()
HttpContext context = HttpContext.Current;
bool hasAcceptedGDPR = context.Request.Cookies.AllKeys.Contains("ssb-gdprDate");
HttpBrowserCapabilitiesBase browser = CMSHttpContext.Current?.Request?.Browser;
return browser != null && browser.Crawler || !hasAcceptedGDPR;
it seemed to be working for a few of the cloudflare requests but not sure if I should try and extend some other functionality. Maybe something like this? https://docs.xperience.io/on-line-marketing-features/configuring-and-customizing-your-on-line-marketing-features/configuring-contacts/configuring-contact-recognition
I also considered restricting based on IP range / User-Agent or another header, but the requests seemed to be too varied for that
Edit: I'm also getting about 8 contacts per minute or 80k per week so not sure it would be tenable to do the cleanup inactive contact strategy?