PS as a comparison, this is the last rule I remember:
(http.host contains "domain.com" and http.cookie ne "comment_" and not http.cookie contains "auth_" and not http.cookie contains "comment_author" and not http.cookie contains "wordpress_logged_in_" and not http.cookie contains "wordpress_sec_" and not http.cookie contains "wordpresspass_" and not http.cookie contains "wordpressuser_" and not http.cookie contains "wp-resetpass-" and not http.request.uri.path contains ".php" and not http.request.uri.path contains ".xml" and not http.request.uri.path contains ".xsl" and not http.request.uri.path contains "/dashboard/" and not http.request.uri.path contains "/register/" and not http.request.uri.path contains "phs_downloads-mbr" and not http.request.uri.query contains "nocache" and not starts_with(http.request.uri.path, "/wp-json/") and not starts_with(http.request.uri.path, "/wp-login") and not starts_with(http.request.uri.query, "p=") and not starts_with(http.request.uri.query, "s=") and not starts_with(http.request.uri.path, "/wp-admin") and not http.cookie contains "dshack_level" and not http.cookie contains "edd_items_in_cart" and not http.cookie contains "it_exchange_session_" and not http.cookie contains "mp_globalcart_" and not http.cookie contains "mp_session" and not http.cookie contains "noaffiliate_" and not http.cookie contains "upsell_customer" and not http.cookie contains "wishlist_reg" and not http.cookie contains "wlmapi" and not http.cookie contains "woocommerce_" and not http.cookie contains "xf_" and not http.cookie contains "yith_wcwl_products" and not http.request.uri.path contains "/checkout/" and not http.request.uri.path contains "/members-area/" and not http.request.uri.path contains "/wishlist-member/" and not http.request.uri.query contains "nowprocket" and not starts_with(http.request.uri.path, "/edd-api/") and not starts_with(http.request.uri.path, "/mepr/") and not starts_with(http.request.uri.path, "/wc-api/"))
