# Agents
URL: https://developers.cloudflare.com/workers-ai/agents/
import { LinkButton } from "~/components"
Build AI assistants that can perform complex tasks on behalf of your users using Cloudflare Workers AI and Agents.
Go to Agents documentation
---
# Changelog
URL: https://developers.cloudflare.com/workers-ai/changelog/
import { ProductReleaseNotes } from "~/components";
{/* */}
---
# Cloudflare Workers AI
URL: https://developers.cloudflare.com/workers-ai/
import { CardGrid, Description, Feature, LinkTitleCard, Plan, RelatedProduct, Render, LinkButton, Flex } from "~/components"
Run machine learning models, powered by serverless GPUs, on Cloudflare's global network.
Workers AI allows you to run AI models in a serverless way, without having to worry about scaling, maintaining, or paying for unused infrastructure. You can invoke models running on GPUs on Cloudflare's network from your own code — from [Workers](/workers/), [Pages](/pages/), or anywhere via [the Cloudflare API](/api/resources/ai/methods/run/).
Workers AI gives you access to:
- **50+ [open-source models](/workers-ai/models/)**, available as a part of our model catalog
- Serverless, **pay-for-what-you-use** [pricing model](/workers-ai/platform/pricing/)
- All as part of a **fully-featured developer platform**, including [AI Gateway](/ai-gateway/), [Vectorize](/vectorize/), [Workers](/workers/) and more...
Get startedWatch a Workers AI demo
***
## Features
Workers AI comes with a curated set of popular open-source models that enable you to do tasks such as image classification, text generation, object detection and more.
***
## Related products
Observe and control your AI applications with caching, rate limiting, request retries, model fallback, and more.
Build full-stack AI applications with Vectorize, Cloudflare’s vector database. Adding Vectorize enables you to perform tasks such as semantic search, recommendations, anomaly detection or can be used to provide context and memory to an LLM.
Build serverless applications and deploy instantly across the globe for exceptional performance, reliability, and scale.
Create full-stack applications that are instantly deployed to the Cloudflare global network.
Store large amounts of unstructured data without the costly egress bandwidth fees associated with typical cloud storage services.
Create new serverless SQL databases to query from your Workers and Pages projects.
A globally distributed coordination API with strongly consistent storage.
Create a global, low-latency, key-value data storage.
***
## More resources
Build and deploy your first Workers AI application.
Learn about Free and Paid plans.
Learn about Workers AI limits.
Learn how you can build and deploy ambitious AI applications to Cloudflare's global network.
Learn which storage option is best for your project.
Connect with the Workers community on Discord to ask questions, share what you are building, and discuss the platform with other developers.
Follow @CloudflareDev on Twitter to learn about product announcements, and what is new in Cloudflare Workers.
---
# Demos and architectures
URL: https://developers.cloudflare.com/workers/demos/
import { ExternalResources, GlossaryTooltip, ResourcesBySelector } from "~/components"
Learn how you can use Workers within your existing application and architecture.
## Demos
Explore the following demo applications for Workers.
## Reference architectures
Explore the following reference architectures that use Workers:
---
# Glossary
URL: https://developers.cloudflare.com/workers/glossary/
import { Glossary } from "~/components";
Review the definitions for terms used across Cloudflare's Workers documentation.
---
# Cloudflare Workers
URL: https://developers.cloudflare.com/workers/
import { Description, RelatedProduct, LinkButton } from "~/components";
A serverless platform for building, deploying, and scaling apps across [Cloudflare's global network](https://www.cloudflare.com/network/) with a single command — no infrastructure to manage, no complex configuration
With Cloudflare Workers, you can expect to:
- Deliver fast performance with high reliability anywhere in the world
- Build full-stack apps with your framework of choice, including [React](/workers/frameworks/framework-guides/react/), [Vue](/workers/frameworks/framework-guides/vue/), [Svelte](/workers/frameworks/framework-guides/svelte/), [Next](/workers/frameworks/framework-guides/nextjs/), [Astro](/workers/frameworks/framework-guides/astro/), [React Router](/workers/frameworks/framework-guides/react-router/), [and more](/workers/frameworks/)
- Use your preferred language, including [JavaScript](/workers/languages/javascript/), [TypeScript](/workers/languages/typescript/), [Python](/workers/languages/python/), [Rust](/workers/languages/rust/), [and more](/workers/runtime-apis/webassembly/)
- Gain deep visibility and insight with built-in [observability](/workers/observability/logs/)
- Get started for free and grow with flexible [pricing](/workers/platform/pricing/), affordable at any scale
Get started with your first project:
Deploy a template
Deploy with Wrangler CLI
---
## Build with Workers
#### Front-end applications
Deploy [static assets](/workers/static-assets/) to Cloudflare's [CDN & cache](/cache/) for fast rendering
#### Back-end applications
Build APIs and connect to data stores with [Smart Placement](/workers/configuration/smart-placement/) to optimize latency
#### Serverless AI inference
Run LLMs, generate images, and more with [Workers AI](/workers-ai/)
#### Background jobs
Schedule [cron jobs](/workers/configuration/cron-triggers/), run durable [Workflows](/workflows/), and integrate with [Queues](/queues/)
---
## Integrate with Workers
Connect to external services like databases, APIs, and storage via [Bindings](/workers/runtime-apis/bindings/), enabling functionality with just a few lines of code:
**Storage**
Scalable stateful storage for real-time coordination.
Serverless SQL database built for fast, global queries.
Low-latency key-value storage for fast, edge-cached reads.
Guaranteed delivery with no charges for egress bandwidth.
Connect to your external database with accelerated queries, cached at the edge.
**Compute**
Machine learning models powered by serverless GPUs.
Durable, long-running operations with automatic retries.
Vector database for AI-powered semantic search.
Zero-egress object storage for cost-efficient data access.
Programmatic serverless browser instances.
**Media**
Global caching for high-performance, low-latency delivery.
Streamlined image infrastructure from a single API.
---
Want to connect with the Workers community? [Join our Discord](https://discord.cloudflare.com)
---
# Playground
URL: https://developers.cloudflare.com/workers/playground/
import { LinkButton } from "~/components";
:::note[Browser support]
The Cloudflare Workers Playground is currently only supported in Firefox and Chrome desktop browsers. In Safari, it will show a `PreviewRequestFailed` error message.
:::
The quickest way to experiment with Cloudflare Workers is in the [Playground](https://workers.cloudflare.com/playground). It does not require any setup or authentication. The Playground is a sandbox which gives you an instant way to preview and test a Worker directly in the browser.
The Playground uses the same editor as the authenticated experience. The Playground provides the ability to [share](#share) the code you write as well as [deploy](#deploy) it instantly to Cloudflare's global network. This way, you can try new things out and deploy them when you are ready.
Launch the Playground
## Hello Cloudflare Workers
When you arrive in the Playground, you will see this default code:
```js
import welcome from "welcome.html";
/**
* @typedef {Object} Env
*/
export default {
/**
* @param {Request} request
* @param {Env} env
* @param {ExecutionContext} ctx
* @returns {Response}
*/
fetch(request, env, ctx) {
console.log("Hello Cloudflare Workers!");
return new Response(welcome, {
headers: {
"content-type": "text/html",
},
});
},
};
```
This is an example of a multi-module Worker that is receiving a [request](/workers/runtime-apis/request/), logging a message to the console, and then returning a [response](/workers/runtime-apis/response/) body containing the content from `welcome.html`.
Refer to the [Fetch handler documentation](/workers/runtime-apis/handlers/fetch/) to learn more.
## Use the Playground
As you edit the default code, the Worker will auto-update such that the preview on the right shows your Worker running just as it would in a browser. If your Worker uses URL paths, you can enter those in the input field on the right to navigate to them. The Playground provides type-checking via JSDoc comments and [`workers-types`](https://www.npmjs.com/package/@cloudflare/workers-types). The Playground also provides pretty error pages in the event of application errors.
To test a raw HTTP request (for example, to test a `POST` request), go to the **HTTP** tab and select **Send**. You can add and edit headers via this panel, as well as edit the body of a request.
## DevTools
For debugging Workers inside the Playground, use the developer tools at the bottom of the Playground's preview panel to view `console.logs`, network requests, memory and CPU usage. The developer tools for the Workers Playground work similarly to the developer tools in Chrome or Firefox, and are the same developer tools users have access to in the [Wrangler CLI](/workers/wrangler/install-and-update/) and the authenticated dashboard.
### Network tab
**Network** shows the outgoing requests from your Worker — that is, any calls to `fetch` inside your Worker code.
### Console Logs
The console displays the output of any calls to `console.log` that were called for the current preview run as well as any other preview runs in that session.
### Sources
**Sources** displays the sources that make up your Worker. Note that KV, text, and secret bindings are only accessible when authenticated with an account. This means you must be logged in to the dashboard, or use [`wrangler dev`](/workers/wrangler/commands/#dev) with your account credentials.
## Share
To share what you have created, select **Copy Link** in the top right of the screen. This will copy a unique URL to your clipboard that you can share with anyone. These links do not expire, so you can bookmark your creation and share it at any time. Users that open a shared link will see the Playground with the shared code and preview.
## Deploy
You can deploy a Worker from the Playground. If you are already logged in, you can review the Worker before deploying. Otherwise, you will be taken through the first-time user onboarding flow before you can review and deploy.
Once deployed, your Worker will get its own unique URL and be available almost instantly on Cloudflare's global network. From here, you can add [Custom Domains](/workers/configuration/routing/custom-domains/), [storage resources](/workers/platform/storage-options/), and more.
---
# Vercel AI SDK
URL: https://developers.cloudflare.com/workers-ai/configuration/ai-sdk/
import { PackageManagers } from "~/components";
Workers AI can be used with the [Vercel AI SDK](https://sdk.vercel.ai/) for JavaScript and TypeScript codebases.
## Setup
Install the [`workers-ai-provider` provider](https://sdk.vercel.ai/providers/community-providers/cloudflare-workers-ai):
Then, add an AI binding in your Workers project Wrangler file:
```toml
[ai]
binding = "AI"
```
## Models
The AI SDK can be configured to work with [any AI model](/workers-ai/models/).
```js
import { createWorkersAI } from "workers-ai-provider";
const workersai = createWorkersAI({ binding: env.AI });
// Choose any model: https://developers.cloudflare.com/workers-ai/models/
const model = workersai("@cf/meta/llama-3.1-8b-instruct", {});
```
## Generate Text
Once you have selected your model, you can generate text from a given prompt.
```js
import { createWorkersAI } from 'workers-ai-provider';
import { generateText } from 'ai';
type Env = {
AI: Ai;
};
export default {
async fetch(_: Request, env: Env) {
const workersai = createWorkersAI({ binding: env.AI });
const result = await generateText({
model: workersai('@cf/meta/llama-2-7b-chat-int8'),
prompt: 'Write a 50-word essay about hello world.',
});
return new Response(result.text);
},
};
```
## Stream Text
For longer responses, consider streaming responses to provide as the generation completes.
```js
import { createWorkersAI } from 'workers-ai-provider';
import { streamText } from 'ai';
type Env = {
AI: Ai;
};
export default {
async fetch(_: Request, env: Env) {
const workersai = createWorkersAI({ binding: env.AI });
const result = streamText({
model: workersai('@cf/meta/llama-2-7b-chat-int8'),
prompt: 'Write a 50-word essay about hello world.',
});
return result.toTextStreamResponse({
headers: {
// add these headers to ensure that the
// response is chunked and streamed
'Content-Type': 'text/x-unknown',
'content-encoding': 'identity',
'transfer-encoding': 'chunked',
},
});
},
};
```
## Generate Structured Objects
You can provide a Zod schema to generate a structured JSON response.
```js
import { createWorkersAI } from 'workers-ai-provider';
import { generateObject } from 'ai';
import { z } from 'zod';
type Env = {
AI: Ai;
};
export default {
async fetch(_: Request, env: Env) {
const workersai = createWorkersAI({ binding: env.AI });
const result = await generateObject({
model: workersai('@cf/meta/llama-3.1-8b-instruct'),
prompt: 'Generate a Lasagna recipe',
schema: z.object({
recipe: z.object({
ingredients: z.array(z.string()),
description: z.string(),
}),
}),
});
return Response.json(result.object);
},
};
```
---
# Workers Bindings
URL: https://developers.cloudflare.com/workers-ai/configuration/bindings/
import { Type, MetaInfo, WranglerConfig } from "~/components";
## Workers
[Workers](/workers/) provides a serverless execution environment that allows you to create new applications or augment existing ones.
To use Workers AI with Workers, you must create a Workers AI [binding](/workers/runtime-apis/bindings/). Bindings allow your Workers to interact with resources, like Workers AI, on the Cloudflare Developer Platform. You create bindings on the Cloudflare dashboard or by updating your [Wrangler file](/workers/wrangler/configuration/).
To bind Workers AI to your Worker, add the following to the end of your Wrangler file:
```toml
[ai]
binding = "AI" # i.e. available in your Worker on env.AI
```
## Pages Functions
[Pages Functions](/pages/functions/) allow you to build full-stack applications with Cloudflare Pages by executing code on the Cloudflare network. Functions are Workers under the hood.
To configure a Workers AI binding in your Pages Function, you must use the Cloudflare dashboard. Refer to [Workers AI bindings](/pages/functions/bindings/#workers-ai) for instructions.
## Methods
### async env.AI.run()
`async env.AI.run()` runs a model. Takes a model as the first parameter, and an object as the second parameter.
```javascript
const answer = await env.AI.run('@cf/meta/llama-3.1-8b-instruct', {
prompt: "What is the origin of the phrase 'Hello, World'"
});
```
**Parameters**
* `model`
* The model to run.
**Supported options**
* `stream`
* Returns a stream of results as they are available.
```javascript
const answer = await env.AI.run('@cf/meta/llama-3.1-8b-instruct', {
prompt: "What is the origin of the phrase 'Hello, World'",
stream: true
});
return new Response(answer, {
headers: { "content-type": "text/event-stream" }
});
```
---
# Hugging Face Chat UI
URL: https://developers.cloudflare.com/workers-ai/configuration/hugging-face-chat-ui/
Use Workers AI with [Chat UI](https://github.com/huggingface/chat-ui?tab=readme-ov-file#text-embedding-models), an open-source chat interface offered by Hugging Face.
## Prerequisites
You will need the following:
* A [Cloudflare account](https://dash.cloudflare.com)
* Your [Account ID](/fundamentals/account/find-account-and-zone-ids/)
* An [API token](/workers-ai/get-started/rest-api/#1-get-api-token-and-account-id) for Workers AI
## Setup
First, decide how to reference your Account ID and API token (either directly in your `.env.local` using the `CLOUDFLARE_ACCOUNT_ID` and `CLOUDFLARE_API_TOKEN` variables or in the endpoint configuration).
Then, follow the rest of the setup instructions in the [Chat UI GitHub repository](https://github.com/huggingface/chat-ui?tab=readme-ov-file#text-embedding-models).
When setting up your models, specify the `cloudflare` endpoint.
```json
{
"name" : "nousresearch/hermes-2-pro-mistral-7b",
"tokenizer": "nousresearch/hermes-2-pro-mistral-7b",
"parameters": {
"stop": ["<|im_end|>"]
},
"endpoints" : [
{
"type": "cloudflare",
// optionally specify these if not included in .env.local
"accountId": "your-account-id",
"apiToken": "your-api-token"
//
}
]
}
```
## Supported models
This template works with any [text generation models](/workers-ai/models/) that begin with the `@hf` parameter.
---
# Configuration
URL: https://developers.cloudflare.com/workers-ai/configuration/
import { DirectoryListing } from "~/components";
---
# OpenAI compatible API endpoints
URL: https://developers.cloudflare.com/workers-ai/configuration/open-ai-compatibility/
import { Render } from "~/components"
## Usage
### Workers AI
Normally, Workers AI requires you to specify the model name in the cURL endpoint or within the `env.AI.run` function.
With OpenAI compatible endpoints,you can leverage the [openai-node sdk](https://github.com/openai/openai-node) to make calls to Workers AI. This allows you to use Workers AI by simply changing the base URL and the model name.
```js title="OpenAI SDK Example"
import OpenAI from "openai";
const openai = new OpenAI({
apiKey: env.CLOUDFLARE_API_KEY,
baseURL: `https://api.cloudflare.com/client/v4/accounts/${env.CLOUDFLARE_ACCOUNT_ID}/ai/v1`
});
const chatCompletion = await openai.chat.completions.create({
messages: [{ role: "user", content: "Make some robot noises" }],
model: "@cf/meta/llama-3.1-8b-instruct",
});
const embeddings = await openai.embeddings.create({
model: "@cf/baai/bge-large-en-v1.5",
input: "I love matcha"
});
```
```bash title="cURL example"
curl --request POST \
--url https://api.cloudflare.com/client/v4/accounts/{account_id}/ai/v1/chat/completions \
--header "Authorization: Bearer {api_token}" \
--header "Content-Type: application/json" \
--data '
{
"model": "@cf/meta/llama-3.1-8b-instruct",
"messages": [
{
"role": "user",
"content": "how to build a wooden spoon in 3 short steps? give as short as answer as possible"
}
]
}
'
```
### AI Gateway
These endpoints are also compatible with [AI Gateway](/ai-gateway/providers/workersai/#openai-compatible-endpoints).
---
# Guides
URL: https://developers.cloudflare.com/workers-ai/guides/
import { DirectoryListing } from "~/components";
---
# Demos and architectures
URL: https://developers.cloudflare.com/workers-ai/guides/demos-architectures/
import {
ExternalResources,
GlossaryTooltip,
ResourcesBySelector,
} from "~/components";
Workers AI can be used to build dynamic and performant services. The following demo applications and reference architectures showcase how to use Workers AI optimally within your architecture.
## Demos
Explore the following demo applications for Workers AI.
## Reference architectures
Explore the following reference architectures that use Workers AI:
---
# Dashboard
URL: https://developers.cloudflare.com/workers-ai/get-started/dashboard/
import { Render } from "~/components"
Follow this guide to create a Workers AI application using the Cloudflare dashboard.
## Prerequisites
Sign up for a [Cloudflare account](https://dash.cloudflare.com/sign-up/workers-and-pages) if you have not already.
## Setup
To create a Workers AI application:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to **Compute (Workers)** and **Workers & Pages**.
3. Select **Create**.
4. Under **Start from a template**, select **LLM App**. After you select your template, an [AI binding](/workers-ai/configuration/bindings/) will be created for you in the dashboard.
5. Review the provided code and select **Deploy**.
6. Preview your Worker at its provided [`workers.dev`](/workers/configuration/routing/workers-dev/) subdomain.
## Development
---
# Getting started
URL: https://developers.cloudflare.com/workers-ai/get-started/
import { DirectoryListing } from "~/components"
There are several options to build your Workers AI projects on Cloudflare. To get started, choose your preferred method:
:::note
These examples are geared towards creating new Workers AI projects. For help adding Workers AI to an existing Worker, refer to [Workers Bindings](/workers-ai/configuration/bindings/).
:::
---
# REST API
URL: https://developers.cloudflare.com/workers-ai/get-started/rest-api/
This guide will instruct you through setting up and deploying your first Workers AI project. You will use the Workers AI REST API to experiment with a large language model (LLM).
## Prerequisites
Sign up for a [Cloudflare account](https://dash.cloudflare.com/sign-up/workers-and-pages) if you have not already.
## 1. Get API token and Account ID
You need your API token and Account ID to use the REST API.
To get these values:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to **AI** > **Workers AI**.
3. Select **Use REST API**.
4. Get your API token:
1. Select **Create a Workers AI API Token**.
2. Review the prefilled information.
3. Select **Create API Token**.
4. Select **Copy API Token**.
5. Save that value for future use.
5. For **Get Account ID**, copy the value for **Account ID**. Save that value for future use.
:::note
If you choose to [create an API token](/fundamentals/api/get-started/create-token/) instead of using the template, that token will need permissions for both `Workers AI - Read` and `Workers AI - Edit`.
:::
## 2. Run a model via API
After creating your API token, authenticate and make requests to the API using your API token in the request.
You will use the [Execute AI model](/api/resources/ai/methods/run/) endpoint to run the [`@cf/meta/llama-3.1-8b-instruct`](/workers-ai/models/llama-3.1-8b-instruct/) model:
```bash
curl https://api.cloudflare.com/client/v4/accounts/{ACCOUNT_ID}/ai/run/@cf/meta/llama-3.1-8b-instruct \
-H 'Authorization: Bearer {API_TOKEN}' \
-d '{ "prompt": "Where did the phrase Hello World come from" }'
```
Replace the values for `{ACCOUNT_ID}` and `{API_token}`.
The API response will look like the following:
```json
{
"result": {
"response": "Hello, World first appeared in 1974 at Bell Labs when Brian Kernighan included it in the C programming language example. It became widely used as a basic test program due to simplicity and clarity. It represents an inviting greeting from a program to the world."
},
"success": true,
"errors": [],
"messages": []
}
```
This example execution uses the `@cf/meta/llama-3.1-8b-instruct` model, but you can use any of the models in the [Workers AI models catalog](/workers-ai/models/). If using another model, you will need to replace `{model}` with your desired model name.
By completing this guide, you have created a Cloudflare account (if you did not have one already) and an API token that grants Workers AI read permissions to your account. You executed the [`@cf/meta/llama-3.1-8b-instruct`](/workers-ai/models/llama-3.1-8b-instruct/) model using a cURL command from the terminal and received an answer to your prompt in a JSON response.
## Related resources
- [Models](/workers-ai/models/) - Browse the Workers AI models catalog.
- [AI SDK](/workers-ai/configuration/ai-sdk) - Learn how to integrate with an AI model.
---
# Workers Bindings
URL: https://developers.cloudflare.com/workers-ai/get-started/workers-wrangler/
import { Render, PackageManagers, WranglerConfig, TypeScriptExample } from "~/components";
This guide will instruct you through setting up and deploying your first Workers AI project. You will use [Workers](/workers/), a Workers AI binding, and a large language model (LLM) to deploy your first AI-powered application on the Cloudflare global network.
## 1. Create a Worker project
You will create a new Worker project using the `create-cloudflare` CLI (C3). [C3](https://github.com/cloudflare/workers-sdk/tree/main/packages/create-cloudflare) is a command-line tool designed to help you set up and deploy new applications to Cloudflare.
Create a new project named `hello-ai` by running:
Running `npm create cloudflare@latest` will prompt you to install the [`create-cloudflare` package](https://www.npmjs.com/package/create-cloudflare), and lead you through setup. C3 will also install [Wrangler](/workers/wrangler/), the Cloudflare Developer Platform CLI.
This will create a new `hello-ai` directory. Your new `hello-ai` directory will include:
- A `"Hello World"` [Worker](/workers/get-started/guide/#3-write-code) at `src/index.ts`.
- A [`wrangler.jsonc`](/workers/wrangler/configuration/) configuration file.
Go to your application directory:
```sh
cd hello-ai
```
## 2. Connect your Worker to Workers AI
You must create an AI binding for your Worker to connect to Workers AI. [Bindings](/workers/runtime-apis/bindings/) allow your Workers to interact with resources, like Workers AI, on the Cloudflare Developer Platform.
To bind Workers AI to your Worker, add the following to the end of your Wrangler file:
```toml
[ai]
binding = "AI"
```
Your binding is [available in your Worker code](/workers/reference/migrate-to-module-workers/#bindings-in-es-modules-format) on [`env.AI`](/workers/runtime-apis/handlers/fetch/).
{/* */}
You can also bind Workers AI to a Pages Function. For more information, refer to [Functions Bindings](/pages/functions/bindings/#workers-ai).
## 3. Run an inference task in your Worker
You are now ready to run an inference task in your Worker. In this case, you will use an LLM, [`llama-3.1-8b-instruct`](/workers-ai/models/llama-3.1-8b-instruct/), to answer a question.
Update the `index.ts` file in your `hello-ai` application directory with the following code:
```ts
export interface Env {
// If you set another name in the Wrangler config file as the value for 'binding',
// replace "AI" with the variable name you defined.
AI: Ai;
}
export default {
async fetch(request, env): Promise {
const response = await env.AI.run("@cf/meta/llama-3.1-8b-instruct", {
prompt: "What is the origin of the phrase Hello, World",
});
return new Response(JSON.stringify(response));
},
} satisfies ExportedHandler;
```
Up to this point, you have created an AI binding for your Worker and configured your Worker to be able to execute the Llama 3.1 model. You can now test your project locally before you deploy globally.
## 4. Develop locally with Wrangler
While in your project directory, test Workers AI locally by running [`wrangler dev`](/workers/wrangler/commands/#dev):
```sh
npx wrangler dev
```
You will be prompted to log in after you run the `wrangler dev`. When you run `npx wrangler dev`, Wrangler will give you a URL (most likely `localhost:8787`) to review your Worker. After you go to the URL Wrangler provides, a message will render that resembles the following example:
```json
{
"response": "Ah, a most excellent question, my dear human friend! *adjusts glasses*\n\nThe origin of the phrase \"Hello, World\" is a fascinating tale that spans several decades and multiple disciplines. It all began in the early days of computer programming, when a young man named Brian Kernighan was tasked with writing a simple program to demonstrate the basics of a new programming language called C.\nKernighan, a renowned computer scientist and author, was working at Bell Labs in the late 1970s when he created the program. He wanted to showcase the language's simplicity and versatility, so he wrote a basic \"Hello, World!\" program that printed the familiar greeting to the console.\nThe program was included in Kernighan and Ritchie's influential book \"The C Programming Language,\" published in 1978. The book became a standard reference for C programmers, and the \"Hello, World!\" program became a sort of \"Hello, World!\" for the programming community.\nOver time, the phrase \"Hello, World!\" became a shorthand for any simple program that demonstrated the basics"
}
```
## 5. Deploy your AI Worker
Before deploying your AI Worker globally, log in with your Cloudflare account by running:
```sh
npx wrangler login
```
You will be directed to a web page asking you to log in to the Cloudflare dashboard. After you have logged in, you will be asked if Wrangler can make changes to your Cloudflare account. Scroll down and select **Allow** to continue.
Finally, deploy your Worker to make your project accessible on the Internet. To deploy your Worker, run:
```sh
npx wrangler deploy
```
```sh output
https://hello-ai..workers.dev
```
Your Worker will be deployed to your custom [`workers.dev`](/workers/configuration/routing/workers-dev/) subdomain. You can now visit the URL to run your AI Worker.
By finishing this tutorial, you have created a Worker, connected it to Workers AI through an AI binding, and ran an inference task from the Llama 3 model.
## Related resources
- [Cloudflare Developers community on Discord](https://discord.cloudflare.com) - Submit feature requests, report bugs, and share your feedback directly with the Cloudflare team by joining the Cloudflare Discord server.
- [Models](/workers-ai/models/) - Browse the Workers AI models catalog.
- [AI SDK](/workers-ai/configuration/ai-sdk) - Learn how to integrate with an AI model.
---
# Features
URL: https://developers.cloudflare.com/workers-ai/features/
import { DirectoryListing } from "~/components";
---
# JSON Mode
URL: https://developers.cloudflare.com/workers-ai/features/json-mode/
import { Code } from "~/components";
export const jsonModeSchema = `{
response_format: {
title: "JSON Mode",
type: "object",
properties: {
type: {
type: "string",
enum: ["json_object", "json_schema"],
},
json_schema: {},
}
}
}`;
export const jsonModeRequestExample = `{
"messages": [
{
"role": "system",
"content": "Extract data about a country."
},
{
"role": "user",
"content": "Tell me about India."
}
],
"response_format": {
"type": "json_schema",
"json_schema": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"capital": {
"type": "string"
},
"languages": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"name",
"capital",
"languages"
]
}
}
}`;
export const jsonModeResponseExample = `{
"response": {
"name": "India",
"capital": "New Delhi",
"languages": [
"Hindi",
"English",
"Bengali",
"Telugu",
"Marathi",
"Tamil",
"Gujarati",
"Urdu",
"Kannada",
"Odia",
"Malayalam",
"Punjabi",
"Sanskrit"
]
}
}`;
When we want text-generation AI models to interact with databases, services, and external systems programmatically, typically when using tool calling or building AI agents, we must have structured response formats rather than natural language.
Workers AI supports JSON Mode, enabling applications to request a structured output response when interacting with AI models.
## Schema
JSON Mode is compatible with OpenAI’s implementation; to enable add the `response_format` property to the request object using the following convention:
Where `json_schema` must be a valid [JSON Schema](https://json-schema.org/) declaration.
## JSON Mode example
When using JSON Format, pass the schema as in the example below as part of the request you send to the LLM.
The LLM will follow the schema, and return a response such as below:
As you can see, the model is complying with the JSON schema definition in the request and responding with a validated JSON object.
## Supported Models
This is the list of models that now support JSON Mode:
- [@cf/meta/llama-3.1-8b-instruct-fast](/workers-ai/models/llama-3.1-8b-instruct-fast/)
- [@cf/meta/llama-3.1-70b-instruct](/workers-ai/models/llama-3.1-70b-instruct/)
- [@cf/meta/llama-3.3-70b-instruct-fp8-fast](/workers-ai/models/llama-3.3-70b-instruct-fp8-fast/)
- [@cf/meta/llama-3-8b-instruct](/workers-ai/models/llama-3-8b-instruct/)
- [@cf/meta/llama-3.1-8b-instruct](/workers-ai/models/llama-3.1-8b-instruct/)
- [@cf/meta/llama-3.2-11b-vision-instruct](/workers-ai/models/llama-3.2-11b-vision-instruct/)
- [@hf/nousresearch/hermes-2-pro-mistral-7b](/workers-ai/models/hermes-2-pro-mistral-7b/)
- [@hf/thebloke/deepseek-coder-6.7b-instruct-awq](/workers-ai/models/deepseek-coder-6.7b-instruct-awq/)
- [@cf/deepseek-ai/deepseek-r1-distill-qwen-32b](/workers-ai/models/deepseek-r1-distill-qwen-32b/)
We will continue extending this list to keep up with new, and requested models.
Note that Workers AI can't guarantee that the model responds according to the requested JSON Schema. Depending on the complexity of the task and adequacy of the JSON Schema, the model may not be able to satisfy the request in extreme situations. If that's the case, then an error `JSON Mode couldn't be met` is returned and must be handled.
JSON Mode currently doesn't support streaming.
---
# Markdown Conversion
URL: https://developers.cloudflare.com/workers-ai/features/markdown-conversion/
import { Code, Type, MetaInfo, Details, Render } from "~/components";
[Markdown](https://en.wikipedia.org/wiki/Markdown) is essential for text generation and large language models (LLMs) in training and inference because it can provide structured, semantic, human, and machine-readable input. Likewise, Markdown facilitates chunking and structuring input data for better retrieval and synthesis in the context of RAGs, and its simplicity and ease of parsing and rendering make it ideal for AI Agents.
For these reasons, document conversion plays an important role when designing and developing AI applications. Workers AI provides the `toMarkdown` utility method that developers can use from the [`env.AI`](/workers-ai/configuration/bindings/) binding or the REST APIs for quick, easy, and convenient conversion and summary of documents in multiple formats to Markdown language.
## Methods and definitions
### async env.AI.toMarkdown()
Takes a list of documents in different formats and converts them to Markdown.
#### Parameter
- documents: - An array of
`toMarkdownDocument`s.
#### Return values
- results: - An array of
`toMarkdownDocumentResult`s.
### `toMarkdownDocument` definition
- `name`
- Name of the document to convert.
- `blob`
- A new [Blob](https://developer.mozilla.org/en-US/docs/Web/API/Blob/Blob) object with the document content.
### `toMarkdownDocumentResult` definition
- `name`
- Name of the converted document. Matches the input name.
- `mimetype`
- The detected [mime type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/MIME_types/Common_types) of the document.
- `tokens`
- The estimated number of tokens of the converted document.
- `data`
- The content of the converted document in Markdown format.
## Supported formats
This is the list of support formats. We are constantly adding new formats and updating this table.
## Example
In this example, we fetch a PDF document and an image from R2 and feed them both to `env.AI.toMarkdown`. The result is a list of converted documents. Workers AI models are used automatically to detect and summarize the image.
```typescript
import { Env } from "./env";
export default {
async fetch(request: Request, env: Env, ctx: ExecutionContext) {
// https://pub-979cb28270cc461d94bc8a169d8f389d.r2.dev/somatosensory.pdf
const pdf = await env.R2.get("somatosensory.pdf");
// https://pub-979cb28270cc461d94bc8a169d8f389d.r2.dev/cat.jpeg
const cat = await env.R2.get("cat.jpeg");
return Response.json(
await env.AI.toMarkdown([
{
name: "somatosensory.pdf",
blob: new Blob([await pdf.arrayBuffer()], {
type: "application/octet-stream",
}),
},
{
name: "cat.jpeg",
blob: new Blob([await cat.arrayBuffer()], {
type: "application/octet-stream",
}),
},
]),
);
},
};
```
This is the result:
```json
[
{
"name": "somatosensory.pdf",
"mimeType": "application/pdf",
"format": "markdown",
"tokens": 0,
"data": "# somatosensory.pdf\n## Metadata\n- PDFFormatVersion=1.4\n- IsLinearized=false\n- IsAcroFormPresent=false\n- IsXFAPresent=false\n- IsCollectionPresent=false\n- IsSignaturesPresent=false\n- Producer=Prince 20150210 (www.princexml.com)\n- Title=Anatomy of the Somatosensory System\n\n## Contents\n### Page 1\nThis is a sample document to showcase..."
},
{
"name": "cat.jpeg",
"mimeType": "image/jpeg",
"format": "markdown",
"tokens": 0,
"data": "The image is a close-up photograph of Grumpy Cat, a cat with a distinctive grumpy expression and piercing blue eyes. The cat has a brown face with a white stripe down its nose, and its ears are pointed upright. Its fur is light brown and darker around the face, with a pink nose and mouth. The cat's eyes are blue and slanted downward, giving it a perpetually grumpy appearance. The background is blurred, but it appears to be a dark brown color. Overall, the image is a humorous and iconic representation of the popular internet meme character, Grumpy Cat. The cat's facial expression and posture convey a sense of displeasure or annoyance, making it a relatable and entertaining image for many people."
}
]
```
## REST API
In addition to the Workers AI [binding](/workers-ai/configuration/bindings/), you can use the [REST API](/workers-ai/get-started/rest-api/):
```bash
curl https://api.cloudflare.com/client/v4/accounts/{ACCOUNT_ID}/ai/tomarkdown \
-H 'Authorization: Bearer {API_TOKEN}' \
-F "files=@cat.jpeg" \
-F "files=@somatosensory.pdf"
```
## Pricing
`toMarkdown` is free for most format conversions. In some cases, like image conversion, it can use Workers AI models for object detection and summarization, which may incur additional costs if it exceeds the Workers AI free allocation limits. See the [pricing page](/workers-ai/platform/pricing/) for more details.
---
# Prompting
URL: https://developers.cloudflare.com/workers-ai/features/prompting/
import { Code } from "~/components";
export const scopedExampleOne = `{
messages: [
{ role: "system", content: "you are a very funny comedian and you like emojis" },
{ role: "user", content: "tell me a joke about cloudflare" },
],
};`;
export const scopedExampleTwo = `{
messages: [
{ role: "system", content: "you are a professional computer science assistant" },
{ role: "user", content: "what is WASM?" },
{ role: "assistant", content: "WASM (WebAssembly) is a binary instruction format that is designed to be a platform-agnostic" },
{ role: "user", content: "does Python compile to WASM?" },
{ role: "assistant", content: "No, Python does not directly compile to WebAssembly" },
{ role: "user", content: "what about Rust?" },
],
};`;
export const unscopedExampleOne = `{
prompt: "tell me a joke about cloudflare";
}`;
export const unscopedExampleTwo = `{
prompt: "[INST]comedian[/INST]\n[INST]tell me a joke about cloudflare[/INST]",
raw: true
};`;
Part of getting good results from text generation models is asking questions correctly. LLMs are usually trained with specific predefined templates, which should then be used with the model's tokenizer for better results when doing inference tasks.
There are two ways to prompt text generation models with Workers AI:
:::note[Important]
We recommend using unscoped prompts for inference with LoRA.
:::
### Scoped Prompts
This is the recommended method. With scoped prompts, Workers AI takes the burden of knowing and using different chat templates for different models and provides a unified interface to developers when building prompts and creating text generation tasks.
Scoped prompts are a list of messages. Each message defines two keys: the role and the content.
Typically, the role can be one of three options:
- system - System messages define the AI's personality. You can
use them to set rules and how you expect the AI to behave.
- user - User messages are where you actually query the AI by
providing a question or a conversation.
- assistant - Assistant messages hint to the AI about the
desired output format. Not all models support this role.
OpenAI has a [good explanation](https://platform.openai.com/docs/guides/text-generation#messages-and-roles) of how they use these roles with their GPT models. Even though chat templates are flexible, other text generation models tend to follow the same conventions.
Here's an input example of a scoped prompt using system and user roles:
Here's a better example of a chat session using multiple iterations between the user and the assistant.
Note that different LLMs are trained with different templates for different use cases. While Workers AI tries its best to abstract the specifics of each LLM template from the developer through a unified API, you should always refer to the model documentation for details (we provide links in the table above.) For example, instruct models like Codellama are fine-tuned to respond to a user-provided instruction, while chat models expect fragments of dialogs as input.
### Unscoped Prompts
You can use unscoped prompts to send a single question to the model without worrying about providing any context. Workers AI will automatically convert your `prompt` input to a reasonable default scoped prompt internally so that you get the best possible prediction.
You can also use unscoped prompts to construct the model chat template manually. In this case, you can use the raw parameter. Here's an input example of a [Mistral](https://docs.mistral.ai/models/#chat-template) chat template prompt:
---
# Models
URL: https://developers.cloudflare.com/workers-ai/models/
import ModelCatalog from "~/pages/workers-ai/models/index.astro";
---
# Data usage
URL: https://developers.cloudflare.com/workers-ai/platform/data-usage/
Cloudflare processes certain customer data in order to provide the Workers AI service, subject to our [Privacy Policy](https://www.cloudflare.com/privacypolicy/) and [Self-Serve Subscription Agreement](https://www.cloudflare.com/terms/) or [Enterprise Subscription Agreement](https://www.cloudflare.com/enterpriseterms/) (as applicable).
Cloudflare neither creates nor trains the AI models made available on Workers AI. The models constitute Third-Party Services and may be subject to open source or other license terms that apply between you and the model provider. Be sure to review the license terms applicable to each model (if any).
Your inputs (e.g., text prompts, image submissions, audio files, etc.), outputs (e.g., generated text/images, translations, etc.), embeddings, and training data constitute Customer Content.
For Workers AI:
* You own, and are responsible for, all of your Customer Content.
* Cloudflare does not make your Customer Content available to any other Cloudflare customer.
* Cloudflare does not use your Customer Content to (1) train any AI models made available on Workers AI or (2) improve any Cloudflare or third-party services, and would not do so unless we received your explicit consent.
* Your Customer Content for Workers AI may be stored by Cloudflare if you specifically use a storage service (e.g., R2, KV, DO, Vectorize, etc.) in conjunction with Workers AI.
---
# Errors
URL: https://developers.cloudflare.com/workers-ai/platform/errors/
Below is a list of Workers AI errors.
| **Name** | **Internal Code** | **HTTP Code** | **Description** |
| ------------------------------------- | ----------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| No such model | `5007` | `400` | No such model `${model}` or task |
| Invalid data | `5004` | `400` | Invalid data type for base64 input: `${type}` |
| Finetune missing required files | `3039` | `400` | Finetune is missing required files `(model.safetensors and config.json) ` |
| Incomplete request | `3003` | `400` | Request is missing headers or body: `{what}` |
| Account not allowed for private model | `5018` | `403` | The account is not allowed to access this model |
| Model agreement | `5016` | `403` | User has not agreed to Llama3.2 model terms |
| Account blocked | `3023` | `403` | Service unavailable for account |
| Account not allowed for private model | `3041` | `403` | The account is not allowed to access this model |
| Deprecated SDK version | `5019` | `405` | Request trying to use deprecated SDK version |
| LoRa unsupported | `5005` | `405` | The model `${this.model}` does not support LoRa inference |
| Invalid model ID | `3042` | `404` | The model name is invalid |
| Request too large | `3006` | `413` | Request is too large |
| Timeout | `3007` | `408` | Request timeout |
| Aborted | `3008` | `408` | Request was aborted |
| Account limited | `3036` | `429` | You have used up your daily free allocation of 10,000 neurons. Please upgrade to Cloudflare's Workers Paid plan if you would like to continue usage. |
| Out of capacity | `3040` | `429` | No more data centers to forward the request to |
---
# Glossary
URL: https://developers.cloudflare.com/workers-ai/platform/glossary/
import { Glossary } from "~/components";
Review the definitions for terms used across Cloudflare's Workers AI documentation.
---
# Platform
URL: https://developers.cloudflare.com/workers-ai/platform/
import { DirectoryListing } from "~/components";
---
# Limits
URL: https://developers.cloudflare.com/workers-ai/platform/limits/
import { Render } from "~/components"
Workers AI is now Generally Available. We've updated our rate limits to reflect this.
Note that model inferences in local mode using Wrangler will also count towards these limits. Beta models may have lower rate limits while we work on performance and scale.
Rate limits are default per task type, with some per-model limits defined as follows:
## Rate limits by task type
### [Automatic Speech Recognition](/workers-ai/models/)
* 720 requests per minute
### [Image Classification](/workers-ai/models/)
* 3000 requests per minute
### [Image-to-Text](/workers-ai/models/)
* 720 requests per minute
### [Object Detection](/workers-ai/models/)
* 3000 requests per minute
### [Summarization](/workers-ai/models/)
* 1500 requests per minute
### [Text Classification](/workers-ai/models/)
* 2000 requests per minute
### [Text Embeddings](/workers-ai/models/)
* 3000 requests per minute
* [@cf/baai/bge-large-en-v1.5](/workers-ai/models/bge-large-en-v1.5/) is 1500 requests per minute
### [Text Generation](/workers-ai/models/)
* 300 requests per minute
* [@hf/thebloke/mistral-7b-instruct-v0.1-awq](/workers-ai/models/mistral-7b-instruct-v0.1-awq/) is 400 requests per minute
* [@cf/microsoft/phi-2](/workers-ai/models/phi-2/) is 720 requests per minute
* [@cf/qwen/qwen1.5-0.5b-chat](/workers-ai/models/qwen1.5-0.5b-chat/) is 1500 requests per minute
* [@cf/qwen/qwen1.5-1.8b-chat](/workers-ai/models/qwen1.5-1.8b-chat/) is 720 requests per minute
* [@cf/qwen/qwen1.5-14b-chat-awq](/workers-ai/models/qwen1.5-14b-chat-awq/) is 150 requests per minute
* [@cf/tinyllama/tinyllama-1.1b-chat-v1.0](/workers-ai/models/tinyllama-1.1b-chat-v1.0/) is 720 requests per minute
### [Text-to-Image](/workers-ai/models/)
* 720 requests per minute
* [@cf/runwayml/stable-diffusion-v1-5-img2img](/workers-ai/models/stable-diffusion-v1-5-img2img/) is 1500 requests per minute
### [Translation](/workers-ai/models/)
* 720 requests per minute
---
# Pricing
URL: https://developers.cloudflare.com/workers-ai/platform/pricing/
:::note
Workers AI has updated pricing to be more granular, with per-model unit-based pricing presented, but still billing in neurons in the back end.
:::
Workers AI is included in both the [Free and Paid Workers plans](/workers/platform/pricing/) and is priced at **$0.011 per 1,000 Neurons**.
Our free allocation allows anyone to use a total of **10,000 Neurons per day at no charge**. To use more than 10,000 Neurons per day, you need to sign up for the [Workers Paid plan](/workers/platform/pricing/#workers). On Workers Paid, you will be charged at $0.011 / 1,000 Neurons for any usage above the free allocation of 10,000 Neurons per day.
You can monitor your Neuron usage in the [Cloudflare Workers AI dashboard](https://dash.cloudflare.com/?to=/:account/ai/workers-ai).
All limits reset daily at 00:00 UTC. If you exceed any one of the above limits, further operations will fail with an error.
| | Free allocation | Pricing |
| ------------ | ---------------------- | ----------------------------- |
| Workers Free | 10,000 Neurons per day | N/A - Upgrade to Workers Paid |
| Workers Paid | 10,000 Neurons per day | $0.011 / 1,000 Neurons |
## What are Neurons?
Neurons are our way of measuring AI outputs across different models, representing the GPU compute needed to perform your request. Our serverless model allows you to pay only for what you use without having to worry about renting, managing, or scaling GPUs.
:::note
The Price in Tokens column is equivalent to the Price in Neurons column - the different units are displayed so you can easily compare and understand pricing.
:::
## LLM model pricing
| Model | Price in Tokens | Price in Neurons |
| -------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------- |
| @cf/meta/llama-3.2-1b-instruct | $0.027 per M input tokens $0.201 per M output tokens | 2457 neurons per M input tokens 18252 neurons per M output tokens |
| @cf/meta/llama-3.2-3b-instruct | $0.051 per M input tokens $0.335 per M output tokens | 4625 neurons per M input tokens 30475 neurons per M output tokens |
| @cf/meta/llama-3.1-8b-instruct-fp8-fast | $0.045 per M input tokens $0.384 per M output tokens | 4119 neurons per M input tokens 34868 neurons per M output tokens |
| @cf/meta/llama-3.2-11b-vision-instruct | $0.049 per M input tokens $0.676 per M output tokens | 4410 neurons per M input tokens 61493 neurons per M output tokens |
| @cf/meta/llama-3.1-70b-instruct-fp8-fast | $0.293 per M input tokens $2.253 per M output tokens | 26668 neurons per M input tokens 204805 neurons per M output tokens |
| @cf/meta/llama-3.3-70b-instruct-fp8-fast | $0.293 per M input tokens $2.253 per M output tokens | 26668 neurons per M input tokens 204805 neurons per M output tokens |
| @cf/deepseek-ai/deepseek-r1-distill-qwen-32b | $0.497 per M input tokens $4.881 per M output tokens | 45170 neurons per M input tokens 443756 neurons per M output tokens |
| @cf/mistral/mistral-7b-instruct-v0.1 | $0.110 per M input tokens $0.190 per M output tokens | 10000 neurons per M input tokens 17300 neurons per M output tokens |
| @cf/mistralai/mistral-small-3.1-24b-instruct | $0.351 per M input tokens $0.555 per M output tokens | 31876 neurons per M input tokens 50488 neurons per M output tokens |
| @cf/meta/llama-3.1-8b-instruct | $0.282 per M input tokens $0.827 per M output tokens | 25608 neurons per M input tokens 75147 neurons per M output tokens |
| @cf/meta/llama-3.1-8b-instruct-fp8 | $0.152 per M input tokens $0.287 per M output tokens | 13778 neurons per M input tokens 26128 neurons per M output tokens |
| @cf/meta/llama-3.1-8b-instruct-awq | $0.123 per M input tokens $0.266 per M output tokens | 11161 neurons per M input tokens 24215 neurons per M output tokens |
| @cf/meta/llama-3-8b-instruct | $0.282 per M input tokens $0.827 per M output tokens | 25608 neurons per M input tokens 75147 neurons per M output tokens |
| @cf/meta/llama-3-8b-instruct-awq | $0.123 per M input tokens $0.266 per M output tokens | 11161 neurons per M input tokens 24215 neurons per M output tokens |
| @cf/meta/llama-2-7b-chat-fp16 | $0.556 per M input tokens $6.667 per M output tokens | 50505 neurons per M input tokens 606061 neurons per M output tokens |
| @cf/meta/llama-guard-3-8b | $0.484 per M input tokens $0.030 per M output tokens | 44003 neurons per M input tokens 2730 neurons per M output tokens |
| @cf/meta/llama-4-scout-17b-16e-instruct | $0.270 per M input tokens $0.850 per M output tokens | 24545 neurons per M input tokens 77273 neurons per M output tokens |
| @cf/google/gemma-3-12b-it | $0.345 per M input tokens $0.556 per M output tokens | 31371 neurons per M input tokens 50560 neurons per M output tokens |
| @cf/qwen/qwq-32b | $0.660 per M input tokens $1.000 per M output tokens | 60000 neurons per M input tokens 90909 neurons per M output tokens |
| @cf/qwen/qwen2.5-coder-32b-instruct | $0.660 per M input tokens $1.000 per M output tokens | 60000 neurons per M input tokens 90909 neurons per M output tokens |
## Embeddings model pricing
| Model | Price in Tokens | Price in Neurons |
| -------------------------- | ------------------------- | -------------------------------- |
| @cf/baai/bge-small-en-v1.5 | $0.020 per M input tokens | 1841 neurons per M input tokens |
| @cf/baai/bge-base-en-v1.5 | $0.067 per M input tokens | 6058 neurons per M input tokens |
| @cf/baai/bge-large-en-v1.5 | $0.204 per M input tokens | 18582 neurons per M input tokens |
| @cf/baai/bge-m3 | $0.012 per M input tokens | 1075 neurons per M input tokens |
## Other model pricing
| Model | Price in Tokens | Price in Neurons |
| ------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------ |
| @cf/black-forest-labs/flux-1-schnell | $0.0000528 per 512x512 tile $0.0001056 per step | 4.80 neurons per 512x512 tile 9.60 neurons per step |
| @cf/huggingface/distilbert-sst-2-int8 | $0.026 per M input tokens | 2394 neurons per M input tokens |
| @cf/baai/bge-reranker-base | $0.003 per M input tokens | 283 neurons per M input tokens |
| @cf/meta/m2m100-1.2b | $0.342 per M input tokens $0.342 per M output tokens | 31050 neurons per M input tokens 31050 neurons per M output tokens |
| @cf/microsoft/resnet-50 | $2.51 per M images | 228055 neurons per M images |
| @cf/openai/whisper | $0.0005 per audio minute | 41.14 neurons per audio minute |
| @cf/openai/whisper-large-v3-turbo | $0.0005 per audio minute | 46.63 neurons per audio minute |
| @cf/myshell-ai/melotts | $0.0002 per audio minute | 18.63 neurons per audio minute |
---
# CI/CD
URL: https://developers.cloudflare.com/workers/ci-cd/
You can set up continuous integration and continuous deployment (CI/CD) for your Workers by using either the integrated build system, [Workers Builds](#workers-builds), or using [external providers](#external-cicd) to optimize your development workflow.
## Why use CI/CD?
Using a CI/CD pipeline to deploy your Workers is a best practice because it:
- Automates the build and deployment process, removing the need for manual `wrangler deploy` commands.
- Ensures consistent builds and deployments across your team by using the same source control management (SCM) system.
- Reduces variability and errors by deploying in a uniform environment.
- Simplifies managing access to production credentials.
## Which CI/CD should I use?
Choose [Workers Builds](/workers/ci-cd/builds) if you want a fully integrated solution within Cloudflare's ecosystem that requires minimal setup and configuration for GitHub or GitLab users.
We recommend using [external CI/CD providers](/workers/ci-cd/external-cicd) if:
- You have a self-hosted instance of GitHub or GitLabs, which is currently not supported in Workers Builds' [Git integration](/workers/ci-cd/builds/git-integration/)
- You are using a Git provider that is not GitHub or GitLab
## Workers Builds
[Workers Builds](/workers/ci-cd/builds) is Cloudflare's native CI/CD system that allows you to integrate with GitHub or GitLab to automatically deploy changes with each new push to a selected branch (e.g. `main`).
Ready to streamline your Workers deployments? Get started with [Workers Builds](/workers/ci-cd/builds/#get-started).
## External CI/CD
You can also choose to set up your CI/CD pipeline with an external provider.
- [GitHub Actions](/workers/ci-cd/external-cicd/github-actions/)
- [GitLab CI/CD](/workers/ci-cd/external-cicd/gitlab-cicd/)
---
# Compatibility dates
URL: https://developers.cloudflare.com/workers/configuration/compatibility-dates/
import { WranglerConfig } from "~/components";
Cloudflare regularly updates the Workers runtime. These updates apply to all Workers globally and should never cause a Worker that is already deployed to stop functioning. Sometimes, though, some changes may be backwards-incompatible. In particular, there might be bugs in the runtime API that existing Workers may inadvertently depend upon. Cloudflare implements bug fixes that new Workers can opt into while existing Workers will continue to see the buggy behavior to prevent breaking deployed Workers.
The compatibility date and flags are how you, as a developer, opt into these runtime changes. [Compatibility flags](/workers/configuration/compatibility-flags) will often have a date in which they are enabled by default, and so, by specifying a `compatibility_date` for your Worker, you can quickly enable all of these various compatibility flags up to, and including, that date.
## Setting compatibility date
When you start your project, you should always set `compatibility_date` to the current date. You should occasionally update the `compatibility_date` field. When updating, you should refer to the [compatibility flags](/workers/configuration/compatibility-flags) page to find out what has changed, and you should be careful to test your Worker to see if the changes affect you, updating your code as necessary. The new compatibility date takes effect when you next run the [`npx wrangler deploy`](/workers/wrangler/commands/#deploy) command.
There is no need to update your `compatibility_date` if you do not want to. The Workers runtime will support old compatibility dates forever. If, for some reason, Cloudflare finds it is necessary to make a change that will break live Workers, Cloudflare will actively contact affected developers. That said, Cloudflare aims to avoid this if at all possible.
However, even though you do not need to update the `compatibility_date` field, it is a good practice to do so for two reasons:
1. Sometimes, new features can only be made available to Workers that have a current `compatibility_date`. To access the latest features, you need to stay up-to-date.
2. Generally, other than the [compatibility flags](/workers/configuration/compatibility-flags) page, the Workers documentation may only describe the current `compatibility_date`, omitting information about historical behavior. If your Worker uses an old `compatibility_date`, you will need to continuously refer to the compatibility flags page in order to check if any of the APIs you are using have changed.
#### Via Wrangler
The compatibility date can be set in a Worker's [Wrangler configuration file](/workers/wrangler/configuration/).
```toml
# Opt into backwards-incompatible changes through April 5, 2022.
compatibility_date = "2022-04-05"
```
#### Via the Cloudflare Dashboard
When a Worker is created through the Cloudflare Dashboard, the compatibility date is automatically set to the current date.
The compatibility date can be updated in the Workers settings on the [Cloudflare dashboard](https://dash.cloudflare.com/).
#### Via the Cloudflare API
The compatibility date can be set when uploading a Worker using the [Workers Script API](/api/resources/workers/subresources/scripts/methods/update/) or [Workers Versions API](/api/resources/workers/subresources/scripts/subresources/versions/methods/create/) in the request body's `metadata` field.
If a compatibility date is not specified on upload via the API, it defaults to the oldest compatibility date, before any flags took effect (2021-11-02). When creating new Workers, it is highly recommended to set the compatibility date to the current date when uploading via the API.
---
# Compatibility flags
URL: https://developers.cloudflare.com/workers/configuration/compatibility-flags/
import { CompatibilityFlags, WranglerConfig, Render } from "~/components";
Compatibility flags enable specific features. They can be useful if you want to help the Workers team test upcoming changes that are not yet enabled by default, or if you need to hold back a change that your code depends on but still want to apply other compatibility changes.
Compatibility flags will often have a date in which they are enabled by default, and so, by specifying a [`compatibility_date`](/workers/configuration/compatibility-dates) for your Worker, you can quickly enable all of these various compatibility flags up to, and including, that date.
## Setting compatibility flags
You may provide a list of `compatibility_flags`, which enable or disable specific changes.
#### Via Wrangler
Compatibility flags can be set in a Worker's [Wrangler configuration file](/workers/wrangler/configuration/).
This example enables the specific flag `formdata_parser_supports_files`, which is described [below](/workers/configuration/compatibility-flags/#formdata-parsing-supports-file). As of the specified date, `2021-09-14`, this particular flag was not yet enabled by default, but, by specifying it in `compatibility_flags`, we can enable it anyway. `compatibility_flags` can also be used to disable changes that became the default in the past.
```toml
# Opt into backwards-incompatible changes through September 14, 2021.
compatibility_date = "2021-09-14"
# Also opt into an upcoming fix to the FormData API.
compatibility_flags = [ "formdata_parser_supports_files" ]
```
#### Via the Cloudflare Dashboard
Compatibility flags can be updated in the Workers settings on the [Cloudflare dashboard](https://dash.cloudflare.com/).
#### Via the Cloudflare API
Compatibility flags can be set when uploading a Worker using the [Workers Script API](/api/resources/workers/subresources/scripts/methods/update/) or [Workers Versions API](/api/resources/workers/subresources/scripts/subresources/versions/methods/create/) in the request body's `metadata` field.
## Node.js compatibility flag
:::note
[The `nodejs_compat` flag](/workers/runtime-apis/nodejs/) also enables `nodejs_compat_v2` as long as your compatibility date is 2024-09-23 or later. The v2 flag improves runtime Node.js compatibility by bundling additional polyfills and globals into your Worker. However, this improvement increases bundle size.
If your compatibility date is 2024-09-22 or before and you want to enable v2, add the `nodejs_compat_v2` in addition to the `nodejs_compat` flag.
If your compatibility date is after 2024-09-23, but you want to disable v2 to avoid increasing your bundle size, add the `no_nodejs_compat_v2` in addition to the `nodejs_compat flag`.
:::
A [growing subset](/workers/runtime-apis/nodejs/) of Node.js APIs are available directly as [Runtime APIs](/workers/runtime-apis/nodejs), with no need to add polyfills to your own code. To enable these APIs in your Worker, add the `nodejs_compat` compatibility flag to your [Wrangler configuration file](/workers/wrangler/configuration/):
A [growing subset](/workers/runtime-apis/nodejs/) of Node.js APIs are available directly as [Runtime APIs](/workers/runtime-apis/nodejs), with no need to add polyfills to your own code. To enable these APIs in your Worker, only the `nodejs_compat` compatibility flag is required:
```toml title="wrangler.toml"
compatibility_flags = [ "nodejs_compat" ]
```
As additional Node.js APIs are added, they will be made available under the `nodejs_compat` compatibility flag. Unlike most other compatibility flags, we do not expect the `nodejs_compat` to become active by default at a future date.
The Node.js `AsyncLocalStorage` API is a particularly useful feature for Workers. To enable only the `AsyncLocalStorage` API, use the `nodejs_als` compatibility flag.
```toml title="wrangler.toml"
compatibility_flags = [ "nodejs_als" ]
```
## Flags history
Newest flags are listed first.
## Experimental flags
These flags can be enabled via `compatibility_flags`, but are not yet scheduled to become default on any particular date.
---
# Cron Triggers
URL: https://developers.cloudflare.com/workers/configuration/cron-triggers/
import { Render, WranglerConfig, TabItem, Tabs } from "~/components";
## Background
Cron Triggers allow users to map a cron expression to a Worker using a [`scheduled()` handler](/workers/runtime-apis/handlers/scheduled/) that enables Workers to be executed on a schedule.
Cron Triggers are ideal for running periodic jobs, such as for maintenance or calling third-party APIs to collect up-to-date data. Workers scheduled by Cron Triggers will run on underutilized machines to make the best use of Cloudflare's capacity and route traffic efficiently.
:::note
Cron Triggers can also be combined with [Workflows](/workflows/) to trigger multi-step, long-running tasks. You can [bind to a Workflow](/workflows/build/workers-api/) from directly from your Cron Trigger to execute a Workflow on a schedule.
:::
Cron Triggers execute on UTC time.
## Add a Cron Trigger
### 1. Define a scheduled event listener
To respond to a Cron Trigger, you must add a [`"scheduled"` handler](/workers/runtime-apis/handlers/scheduled/) to your Worker.
```js
export default {
async scheduled(controller, env, ctx) {
console.log("cron processed");
},
};
```
```ts
interface Env {}
export default {
async scheduled(
controller: ScheduledController,
env: Env,
ctx: ExecutionContext,
) {
console.log("cron processed");
},
};
```
```python
from workers import handler
@handler
async def on_scheduled(controller, env, ctx):
print("cron processed")
```
Refer to the following additional examples to write your code:
- [Setting Cron Triggers](/workers/examples/cron-trigger/)
- [Multiple Cron Triggers](/workers/examples/multiple-cron-triggers/)
### 2. Update configuration
:::note[Cron Trigger changes take time to propagate.]
Changes such as adding a new Cron Trigger, updating an old Cron Trigger, or deleting a Cron Trigger may take several minutes (up to 15 minutes) to propagate to the Cloudflare global network.
:::
After you have updated your Worker code to include a `"scheduled"` event, you must update your Worker project configuration.
#### Via the [Wrangler configuration file](/workers/wrangler/configuration/)
If a Worker is managed with Wrangler, Cron Triggers should be exclusively managed through the [Wrangler configuration file](/workers/wrangler/configuration/).
Refer to the example below for a Cron Triggers configuration:
```toml
[triggers]
# Schedule cron triggers:
# - At every 3rd minute
# - At 15:00 (UTC) on first day of the month
# - At 23:59 (UTC) on the last weekday of the month
crons = [ "*/3 * * * *", "0 15 1 * *", "59 23 LW * *" ]
```
You also can set a different Cron Trigger for each [environment](/workers/wrangler/environments/) in your [Wrangler configuration file](/workers/wrangler/configuration/). You need to put the `triggers` array under your chosen environment. For example:
```toml
[env.dev.triggers]
crons = ["0 * * * *"]
```
#### Via the dashboard
To add Cron Triggers in the Cloudflare dashboard:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. In Account Home, select **Workers & Pages**.
3. In **Overview**, select your Worker > **Settings** > **Triggers** > **Cron Triggers**.
## Supported cron expressions
Cloudflare supports cron expressions with five fields, along with most [Quartz scheduler](http://www.quartz-scheduler.org/documentation/quartz-2.3.0/tutorials/crontrigger.html#introduction)-like cron syntax extensions:
| Field | Values | Characters |
| ------------- | ------------------------------------------------------------------ | ------------ |
| Minute | 0-59 | \* , - / |
| Hours | 0-23 | \* , - / |
| Days of Month | 1-31 | \* , - / L W |
| Months | 1-12, case-insensitive 3-letter abbreviations ("JAN", "aug", etc.) | \* , - / |
| Weekdays | 1-7, case-insensitive 3-letter abbreviations ("MON", "fri", etc.) | \* , - / L # |
:::note
Days of the week go from 1 = Sunday to 7 = Saturday, which is different on some other cron systems (where 0 = Sunday and 6 = Saturday).
To avoid ambiguity you may prefer to use the three latter abbreviations (e.g. `SUN` rather than 1).
:::
### Examples
Some common time intervals that may be useful for setting up your Cron Trigger:
- `* * * * *`
- At every minute
- `*/30 * * * *`
- At every 30th minute
- `45 * * * *`
- On the 45th minute of every hour
- `0 17 * * sun` or `0 17 * * 1`
- 17:00 (UTC) on Sunday
- `10 7 * * mon-fri` or `10 7 * * 2-6`
- 07:10 (UTC) on weekdays
- `0 15 1 * *`
- 15:00 (UTC) on first day of the month
- `0 18 * * 6L` or `0 18 * * friL`
- 18:00 (UTC) on the last Friday of the month
- `59 23 LW * *`
- 23:59 (UTC) on the last weekday of the month
## Test Cron Triggers locally
Test Cron Triggers using Wrangler with [`wrangler dev`](/workers/wrangler/commands/#dev). This will expose a `/cdn-cgi/handler/scheduled` route which can be used to test using a HTTP request.
```sh
curl "http://localhost:8787/cdn-cgi/handler/scheduled"
```
To simulate different cron patterns, a `cron` query parameter can be passed in.
```sh
curl "http://localhost:8787/cdn-cgi/handler/scheduled?cron=*+*+*+*+*"
```
Optionally, you can also pass a `time` query parameter to override `controller.scheduledTime` in your scheduled event listener.
```sh
curl "http://localhost:8787/cdn-cgi/handler/scheduled?cron=*+*+*+*+*&time=1745856238"
```
## View past events
To view the execution history of Cron Triggers, view **Cron Events**:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. In Account Home, go to **Workers & Pages**.
3. In **Overview**, select your **Worker**.
4. Select **Settings**.
5. Under **Trigger Events**, select **View events**.
Cron Events stores the 100 most recent invocations of the Cron scheduled event. [Workers Logs](/workers/observability/logs/workers-logs) also records invocation logs for the Cron Trigger with a longer retention period and a filter & query interface. If you are interested in an API to access Cron Events, use Cloudflare's [GraphQL Analytics API](/analytics/graphql-api).
:::note
It can take up to 30 minutes before events are displayed in **Past Cron Events** when creating a new Worker or changing a Worker's name.
:::
Refer to [Metrics and Analytics](/workers/observability/metrics-and-analytics/) for more information.
## Remove a Cron Trigger
### Via the dashboard
To delete a Cron Trigger on a deployed Worker via the dashboard:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to **Workers & Pages**, and select your Worker.
3. Go to **Triggers** > select the three dot icon next to the Cron Trigger you want to remove > **Delete**.
#### Via the [Wrangler configuration file](/workers/wrangler/configuration/)
If a Worker is managed with Wrangler, Cron Triggers should be exclusively managed through the [Wrangler configuration file](/workers/wrangler/configuration/).
When deploying a Worker with Wrangler any previous Cron Triggers are replaced with those specified in the `triggers` array.
- If the `crons` property is an empty array then all the Cron Triggers are removed.
- If the `triggers` or `crons` property are `undefined` then the currently deploy Cron Triggers are left in-place.
```toml
[triggers]
# Remove all cron triggers:
crons = [ ]
```
## Limits
Refer to [Limits](/workers/platform/limits/) to track the maximum number of Cron Triggers per Worker.
## Green Compute
With Green Compute enabled, your Cron Triggers will only run on Cloudflare points of presence that are located in data centers that are powered purely by renewable energy. Organizations may claim that they are powered by 100 percent renewable energy if they have procured sufficient renewable energy to account for their overall energy use.
Renewable energy can be purchased in a number of ways, including through on-site generation (wind turbines, solar panels), directly from renewable energy producers through contractual agreements called Power Purchase Agreements (PPA), or in the form of Renewable Energy Credits (REC, IRECs, GoOs) from an energy credit market.
Green Compute can be configured at the account level:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. In Account Home, select **Workers & Pages**.
3. In the **Account details** section, find **Compute Setting**.
4. Select **Change**.
5. Select **Green Compute**.
6. Select **Confirm**.
## Related resources
- [Triggers](/workers/wrangler/configuration/#triggers) - Review Wrangler configuration file syntax for Cron Triggers.
- Learn how to access Cron Triggers in [ES modules syntax](/workers/reference/migrate-to-module-workers/) for an optimized experience.
---
# Environment variables
URL: https://developers.cloudflare.com/workers/configuration/environment-variables/
import { Render, TabItem, Tabs, WranglerConfig } from "~/components";
## Background
You can add environment variables, which are a type of binding, to attach text strings or JSON values to your Worker. Environment variables are available on the [`env` parameter](/workers/runtime-apis/handlers/fetch/#parameters) passed to your Worker's [`fetch` event handler](/workers/runtime-apis/handlers/fetch/).
Text strings and JSON values are not encrypted and are useful for storing application configuration.
## Add environment variables via Wrangler
To add env variables using Wrangler, define text and JSON via the `[vars]` configuration in your Wrangler file. In the following example, `API_HOST` and `API_ACCOUNT_ID` are text values and `SERVICE_X_DATA` is a JSON value.
Refer to the following example on how to access the `API_HOST` environment variable in your Worker code:
```js
export default {
async fetch(request, env, ctx) {
return new Response(`API host: ${env.API_HOST}`);
},
};
```
```ts
export interface Env {
API_HOST: string;
}
export default {
async fetch(request, env, ctx): Promise {
return new Response(`API host: ${env.API_HOST}`);
},
} satisfies ExportedHandler;
```
### Configuring different environments in Wrangler
[Environments in Wrangler](/workers/wrangler/environments) let you specify different configurations for the same Worker, including different values for `vars` in each environment.
As `vars` is a [non-inheritable key](/workers/wrangler/configuration/#non-inheritable-keys), they are not inherited by environments and must be specified for each environment.
The example below sets up two environments, `staging` and `production`, with different values for `API_HOST`.
```toml
name = "my-worker-dev"
# top level environment
[vars]
API_HOST = "api.example.com"
[env.staging.vars]
API_HOST = "staging.example.com"
[env.production.vars]
API_HOST = "production.example.com"
```
To run Wrangler commands in specific environments, you can pass in the `--env` or `-e` flag. For example, you can develop the Worker in an environment called `staging` by running `npx wrangler dev --env staging`, and deploy it with `npx wrangler deploy --env staging`.
Learn about [environments in Wrangler](/workers/wrangler/environments).
## Add environment variables via the dashboard
To add environment variables via the dashboard:
1. Log in to [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Select **Workers & Pages**.
3. In **Overview**, select your Worker.
4. Select **Settings**.
5. Under **Variables and Secrets**, select **Add**.
6. Select a **Type**, input a **Variable name**, and input its **Value**. This variable will be made available to your Worker.
7. (Optional) To add multiple environment variables, select **Add variable**.
8. Select **Deploy** to implement your changes.
:::caution[Plaintext strings and secrets]
Select the **Secret** type if your environment variable is a [secret](/workers/configuration/secrets/). Alternatively, consider [Cloudflare Secrets Store](/secrets-store/), for account-level secrets.
:::
## Related resources
- Migrating environment variables from [Service Worker format to ES modules syntax](/workers/reference/migrate-to-module-workers/#environment-variables).
---
# Configuration
URL: https://developers.cloudflare.com/workers/configuration/
import { DirectoryListing } from "~/components";
Configure your Worker project with various features and customizations.
---
# Multipart upload metadata
URL: https://developers.cloudflare.com/workers/configuration/multipart-upload-metadata/
import { Type, MetaInfo } from "~/components";
If you're using the [Workers Script Upload API](/api/resources/workers/subresources/scripts/methods/update/) or [Version Upload API](/api/resources/workers/subresources/scripts/subresources/versions/methods/create/) directly, `multipart/form-data` uploads require you to specify a `metadata` part. This metadata defines the Worker's configuration in JSON format, analogue to the [wrangler.toml file](/workers/wrangler/configuration/).
## Sample `metadata`
```json
{
"main_module": "main.js",
"bindings": [
{
"type": "plain_text",
"name": "MESSAGE",
"text": "Hello, world!"
}
],
"compatibility_date": "2021-09-14"
}
```
## Attributes
The following attributes are configurable at the top-level.
:::note
At a minimum, the `main_module` key is required to upload a Worker.
:::
- `main_module`
- The part name that contains the module entry point of the Worker that will be executed. For example, `main.js`.
- `assets`
- [Asset](/workers/static-assets/) configuration for a Worker.
- `config`
- [html_handling](/workers/static-assets/routing/advanced/html-handling/) determines the redirects and rewrites of requests for HTML content.
- [not_found_handling](/workers/static-assets/#routing-behavior) determines the response when a request does not match a static asset.
- `jwt` field provides a token authorizing assets to be attached to a Worker.
- `keep_assets`
- Specifies whether assets should be retained from a previously uploaded Worker version; used in lieu of providing a completion token.
- `bindings` array\[object] optional
- [Bindings](#bindings) to expose in the Worker.
- `placement`
- [Smart placement](/workers/configuration/smart-placement/) object for the Worker.
- `mode` field only supports `smart` for automatic placement.
- `compatibility_date`
- [Compatibility Date](/workers/configuration/compatibility-dates/#setting-compatibility-date) indicating targeted support in the Workers runtime. Backwards incompatible fixes to the runtime following this date will not affect this Worker. Highly recommended to set a `compatibility_date`, otherwise if on upload via the API, it defaults to the oldest compatibility date before any flags took effect (2021-11-02).
- `compatibility_flags` array\[string] optional
- [Compatibility Flags](/workers/configuration/compatibility-flags/#setting-compatibility-flags) that enable or disable certain features in the Workers runtime. Used to enable upcoming features or opt in or out of specific changes not included in a `compatibility_date`.
## Additional attributes: [Workers Script Upload API](/api/resources/workers/subresources/scripts/methods/update/)
For [immediately deployed uploads](/workers/configuration/versions-and-deployments/#upload-a-new-version-and-deploy-it-immediately), the following **additional** attributes are configurable at the top-level.
:::note
These attributes are **not available** for version uploads.
:::
- `migrations` array\[object] optional
- [Durable Objects migrations](/durable-objects/reference/durable-objects-migrations/) to apply.
- `logpush`
- Whether [Logpush](/cloudflare-for-platforms/cloudflare-for-saas/hostname-analytics/#logpush) is turned on for the Worker.
- `tail_consumers` array\[object] optional
- [Tail Workers](/workers/observability/logs/tail-workers/) that will consume logs from the attached Worker.
- `tags` array\[string] optional
- List of strings to use as tags for this Worker.
## Additional attributes: [Version Upload API](/api/resources/workers/subresources/scripts/subresources/versions/methods/create/)
For [version uploads](/workers/configuration/versions-and-deployments/#upload-a-new-version-to-be-gradually-deployed-or-deployed-at-a-later-time), the following **additional** attributes are configurable at the top-level.
:::note
These attributes are **not available** for immediately deployed uploads.
:::
- `annotations`
- Annotations object specific to the Worker version.
- `workers/message` specifies a custom message for the version.
- `workers/tag` specifies a custom identifier for the version.
## Bindings
Workers can interact with resources on the Cloudflare Developer Platform using [bindings](/workers/runtime-apis/bindings/). Refer to the JSON example below that shows how to add bindings in the `metadata` part.
```json
{
"bindings": [
{
"type": "ai",
"name": ""
},
{
"type": "analytics_engine",
"name": "",
"dataset": ""
},
{
"type": "assets",
"name": ""
},
{
"type": "browser_rendering",
"name": ""
},
{
"type": "d1",
"name": "",
"id": ""
},
{
"type": "durable_object_namespace",
"name": "",
"class_name": ""
},
{
"type": "hyperdrive",
"name": "",
"id": ""
},
{
"type": "kv_namespace",
"name": "",
"namespace_id": ""
},
{
"type": "mtls_certificate",
"name": "",
"certificate_id": ""
},
{
"type": "plain_text",
"name": "",
"text": ""
},
{
"type": "queue",
"name": "",
"queue_name": ""
},
{
"type": "r2_bucket",
"name": "",
"bucket_name": ""
},
{
"type": "secret_text",
"name": "",
"text": ""
},
{
"type": "service",
"name": "",
"service": "",
"environment": "production"
},
{
"type": "tail_consumer",
"service": ""
},
{
"type": "vectorize",
"name": "",
"index_name": ""
},
{
"type": "version_metadata",
"name": ""
}
]
}
```
---
# Preview URLs
URL: https://developers.cloudflare.com/workers/configuration/previews/
import { Render, WranglerConfig } from "~/components";
Preview URLs allow you to preview new versions of your Worker without deploying it to production.
Every time you create a new [version](/workers/configuration/versions-and-deployments/#versions) of your Worker a unique preview URL is generated. Preview URLs take the format: `-..workers.dev`. New [versions](/workers/configuration/versions-and-deployments/#versions) of a Worker are created on [`wrangler deploy`](/workers/wrangler/commands/#deploy), [`wrangler versions upload`](/workers/wrangler/commands/#upload) or when you make edits on the Cloudflare dashboard. By default, preview URLs are enabled and available publicly.
Preview URLs can be:
- Integrated into CI/CD pipelines, allowing automatic generation of preview environments for every pull request.
- Used for collaboration between teams to test code changes in a live environment and verify updates.
- Used to test new API endpoints, validate data formats, and ensure backward compatibility with existing services.
When testing zone level performance or security features for a version, we recommend using [version overrides](/workers/configuration/versions-and-deployments/gradual-deployments/#version-overrides) so that your zone's performance and security settings apply.
:::note
Preview URLs are only available for Worker versions uploaded after 2024-09-25.
Minimum required Wrangler version: 3.74.0. Check your version by running `wrangler --version`. To update Wrangler, refer to [Install/Update Wrangler](/workers/wrangler/install-and-update/).
:::
## View preview URLs using wrangler
The [`wrangler versions upload`](/workers/wrangler/commands/#upload) command uploads a new [version](/workers/configuration/versions-and-deployments/#versions) of your Worker and returns a preview URL for each version uploaded.
## View preview URLs on the Workers dashboard
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers) and select your project.
2. Go to the **Deployments** tab, and find the version you would like to view.
## Manage access to Preview URLs
By default, preview URLs are enabled and available publicly. You can use [Cloudflare Access](/cloudflare-one/policies/access/) to require visitors to authenticate before accessing preview URLs. You can limit access to yourself, your teammates, your organization, or anyone else you specify in your [access policy](/cloudflare-one/policies/access).
To limit your preview URLs to authorized emails only:
1. Log in to the [Cloudflare Access dashboard](https://one.dash.cloudflare.com/?to=/:account/access/apps).
2. Select your account.
3. Add an application.
4. Select **Self Hosted**.
5. Name your application (for example, "my-worker") and add your `workers.dev` subdomain as the **Application domain**.
For example, if you want to secure preview URLs for a Worker running on `my-worker.my-subdomain.workers.dev`.
- Subdomain: `*-my-worker`
- Domain: `my-subdomain.workers.dev`
:::note
You must press enter after you input your Application domain for it to save. You will see a "Zone is not associated with the current account" warning that you may ignore.
:::
6. Go to the next page.
7. Add a name for your access policy (for example, "Allow employees access to preview URLs for my-worker").
8. In the **Configure rules** section create a new rule with the **Emails** selector, or any other attributes which you wish to gate access to previews with.
9. Enter the emails you want to authorize. View [access policies](/cloudflare-one/policies/access/#selectors) to learn about configuring alternate rules.
10. Go to the next page.
11. Add application.
## Disabling Preview URLs
### Disabling Preview URLs in the dashboard
To disable Preview URLs for a Worker:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to **Workers & Pages** and in **Overview**, select your Worker.
3. Go to **Settings** > **Domains & Routes**.
4. On "Preview URLs" click "Disable".
5. Confirm you want to disable.
### Disabling Preview URLs in the [Wrangler configuration file](/workers/wrangler/configuration/)
:::note
Wrangler 3.91.0 or higher is required to use this feature.
:::
To disable Preview URLs for a Worker, include the following in your Worker's Wrangler file:
```toml
preview_urls = false
```
When you redeploy your Worker with this change, Preview URLs will be disabled.
:::caution
If you disable Preview URLs in the Cloudflare dashboard but do not update your Worker's Wrangler file with `preview_urls = false`, then Preview URLs will be re-enabled the next time you deploy your Worker with Wrangler.
:::
## Limitations
- Preview URLs are not generated for Workers that implement a [Durable Object](/durable-objects/).
- Preview URLs are not currently generated for [Workers for Platforms](/cloudflare-for-platforms/workers-for-platforms/) [user Workers](/cloudflare-for-platforms/workers-for-platforms/reference/how-workers-for-platforms-works/#user-workers). This is a temporary limitation, we are working to remove it.
- You cannot currently configure Preview URLs to run on a subdomain other than [`workers.dev`](/workers/configuration/routing/workers-dev/).
- You cannot view logs for Preview URLs today, this includes Workers Logs, Wrangler tail and Logpush.
---
# Secrets
URL: https://developers.cloudflare.com/workers/configuration/secrets/
import { Render } from "~/components";
## Background
Secrets are a type of binding that allow you to attach encrypted text values to your Worker. You cannot see secrets after you set them and can only access secrets via [Wrangler](/workers/wrangler/commands/#secret) or programmatically via the [`env` parameter](/workers/runtime-apis/handlers/fetch/#parameters). Secrets are used for storing sensitive information like API keys and auth tokens. Secrets are available on the [`env` parameter](/workers/runtime-apis/handlers/fetch/#parameters) passed to your Worker's [`fetch` event handler](/workers/runtime-apis/handlers/fetch/).
:::note[Secrets Store (beta)]
Secrets described on this page are defined and managed on a per-Worker level. If you want to use account-level secrets, refer to [Secrets Store](/secrets-store/). Account-level secrets are configured on your Worker as a [Secrets Store binding](/secrets-store/integrations/workers/).
:::
## Local Development with Secrets
## Secrets on deployed Workers
### Adding secrets to your project
#### Via Wrangler
Secrets can be added through [`wrangler secret put`](/workers/wrangler/commands/#secret) or [`wrangler versions secret put`](/workers/wrangler/commands/#secret-put) commands.
`wrangler secret put` creates a new version of the Worker and deploys it immediately.
```sh
npx wrangler secret put
```
If using [gradual deployments](/workers/configuration/versions-and-deployments/gradual-deployments/), instead use the `wrangler versions secret put` command. This will only create a new version of the Worker, that can then be deploying using [`wrangler versions deploy`](/workers/wrangler/commands/#deploy-2).
:::note
Wrangler versions before 3.73.0 require you to specify a `--x-versions` flag.
:::
```sh
npx wrangler versions secret put
```
#### Via the dashboard
To add a secret via the dashboard:
1. Log in to [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Select **Workers & Pages**.
3. In **Overview**, select your Worker > **Settings**.
4. Under **Variables and Secrets**, select **Add**.
5. Select the type **Secret**, input a **Variable name**, and input its **Value**. This secret will be made available to your Worker but the value will be hidden in Wrangler and the dashboard.
6. (Optional) To add more secrets, select **Add variable**.
7. Select **Deploy** to implement your changes.
### Delete secrets from your project
#### Via Wrangler
Secrets can be deleted through [`wrangler secret delete`](/workers/wrangler/commands/#delete-1) or [`wrangler versions secret delete`](/workers/wrangler/commands/#secret-delete) commands.
`wrangler secret delete` creates a new version of the Worker and deploys it immediately.
```sh
npx wrangler secret delete
```
If using [gradual deployments](/workers/configuration/versions-and-deployments/gradual-deployments/), instead use the `wrangler versions secret delete` command. This will only create a new version of the Worker, that can then be deploying using [`wrangler versions deploy`](/workers/wrangler/commands/#deploy-2).
```sh
npx wrangler versions secret delete
```
#### Via the dashboard
To delete a secret from your Worker project via the dashboard:
1. Log in to [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
2. Select **Workers & Pages**.
3. In **Overview**, select your Worker > **Settings**.
4. Under **Variables and Secrets**, select **Edit**.
5. In the **Edit** drawer, select **X** next to the secret you want to delete.
6. Select **Deploy** to implement your changes.
7. (Optional) Instead of using the edit drawer, you can click the delete icon next to the secret.
## Related resources
- [Wrangler secret commands](/workers/wrangler/commands/#secret) - Review the Wrangler commands to create, delete and list secrets.
- [Cloudflare Secrets Store](/secrets-store/) - Encrypt and store sensitive information as secrets that are securely reusable across your account.
---
# Smart Placement
URL: https://developers.cloudflare.com/workers/configuration/smart-placement/
import { WranglerConfig } from "~/components";
By default, [Workers](/workers/) and [Pages Functions](/pages/functions/) are invoked in a data center closest to where the request was received. If you are running back-end logic in a Worker, it may be more performant to run that Worker closer to your back-end infrastructure rather than the end user. Smart Placement automatically places your workloads in an optimal location that minimizes latency and speeds up your applications.
## Background
The following example demonstrates how moving your Worker close to your back-end services could decrease application latency:
You have a user in Sydney, Australia who is accessing an application running on Workers. This application makes multiple round trips to a database located in Frankfurt, Germany in order to serve the user’s request.
The issue is the time that it takes the Worker to perform multiple round trips to the database. Instead of the request being processed close to the user, the Cloudflare network, with Smart Placement enabled, would process the request in a data center closest to the database.
## Understand how Smart Placement works
Smart Placement is enabled on a per-Worker basis. Once enabled, Smart Placement analyzes the [request duration](/workers/observability/metrics-and-analytics/#request-duration) of the Worker in different Cloudflare locations around the world on a regular basis. Smart Placement decides where to run the Worker by comparing the estimated request duration in the location closest to where the request was received (the default location where the Worker would run) to a set of candidate locations around the world. For each candidate location, Smart Placement considers the performance of the Worker in that location as well as the network latency added by forwarding the request to that location. If the estimated request duration in the best candidate location is significantly faster than the location where the request was received, the request will be forwarded to that candidate location. Otherwise, the Worker will run in the default location closest to where the request was received.
Smart Placement only considers candidate locations where the Worker has previously run, since the estimated request duration in each candidate location is based on historical data from the Worker running in that location. This means that Smart Placement cannot run the Worker in a location that it does not normally receive traffic from.
Smart Placement only affects the execution of [fetch event handlers](/workers/runtime-apis/handlers/fetch/). Smart Placement does not affect the execution of [RPC methods](/workers/runtime-apis/rpc/) or [named entrypoints](/workers/runtime-apis/bindings/service-bindings/rpc/#named-entrypoints). Workers without a fetch event handler will be ignored by Smart Placement. For Workers with both fetch and non-fetch event handlers, Smart Placement will only affect the execution of the fetch event handler.
Similarly, Smart Placement will not affect where [static assets](/workers/static-assets/) are served from. Static assets will continue to be served from the location nearest to the incoming request. If a Worker is invoked and your code retrieves assets via the [static assets binding](https://developers.cloudflare.com/workers/static-assets/binding/), then assets will be served from the location that your Worker runs in.
## Enable Smart Placement
Smart Placement is available to users on all Workers plans.
### Enable Smart Placement via Wrangler
To enable Smart Placement via Wrangler:
1. Make sure that you have `wrangler@2.20.0` or later [installed](/workers/wrangler/install-and-update/).
2. Add the following to your Worker project's Wrangler file:
```toml
[placement]
mode = "smart"
```
3. Wait for Smart Placement to analyze your Worker. This process may take up to 15 minutes.
4. View your Worker's [request duration analytics](/workers/observability/metrics-and-analytics/#request-duration).
### Enable Smart Placement via the dashboard
To enable Smart Placement via the dashboard:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. In **Account Home**, select **Workers & Pages**.
3. In **Overview**,select your Worker.
4. Select **Settings** > **General**.
5. Under **Placement**, choose **Smart**.
6. Wait for Smart Placement to analyze your Worker. Smart Placement requires consistent traffic to the Worker from multiple locations around the world to make a placement decision. The analysis process may take up to 15 minutes.
7. View your Worker's [request duration analytics](/workers/observability/metrics-and-analytics/#request-duration)
## Observability
### Placement Status
A Worker's metadata contains details about a Worker's placement status. Query your Worker's placement status through the following Workers API endpoint:
```bash
curl -X GET https://api.cloudflare.com/client/v4/accounts/{ACCOUNT_ID}/workers/services/{WORKER_NAME} \
-H "Authorization: Bearer " \
-H "Content-Type: application/json" | jq .
```
Possible placement states include:
- _(not present)_: The Worker has not been analyzed for Smart Placement yet. The Worker will always run in the default Cloudflare location closest to where the request was received.
- `SUCCESS`: The Worker was successfully analyzed and will be optimized by Smart Placement. The Worker will run in the Cloudflare location that minimizes expected request duration, which may be the default location closest to where the request was received or may be a faster location elsewhere in the world.
- `INSUFFICIENT_INVOCATIONS`: The Worker has not received enough requests to make a placement decision. Smart Placement requires consistent traffic to the Worker from multiple locations around the world. The Worker will always run in the default Cloudflare location closest to where the request was received.
- `UNSUPPORTED_APPLICATION`: Smart Placement began optimizing the Worker and measured the results, which showed that Smart Placement made the Worker slower. In response, Smart Placement reverted the placement decision. The Worker will always run in the default Cloudflare location closest to where the request was received, and Smart Placement will not analyze the Worker again until it's redeployed. This state is rare and accounts for less that 1% of Workers with Smart Placement enabled.
### Request Duration Analytics
Once Smart Placement is enabled, data about request duration gets collected. Request duration is measured at the data center closest to the end user.
By default, one percent (1%) of requests are not routed with Smart Placement. These requests serve as a baseline to compare to.
### `cf-placement` header
Once Smart Placement is enabled, Cloudflare adds a `cf-placement` header to all requests. This can be used to check whether a request has been routed with Smart Placement and where the Worker is processing the request (which is shown as the nearest airport code to the data center).
For example, the `cf-placement: remote-LHR` header's `remote` value indicates that the request was routed using Smart Placement to a Cloudflare data center near London. The `cf-placement: local-EWR` header's `local` value indicates that the request was not routed using Smart Placement and the Worker was invoked in a data center closest to where the request was received, close to Newark Liberty International Airport (EWR).
:::caution[Beta use only]
We may remove the `cf-placement` header before Smart Placement enters general availability.
:::
## Best practices
If you are building full-stack applications on Workers, we recommend splitting up the front-end and back-end logic into different Workers and using [Service Bindings](/workers/runtime-apis/bindings/service-bindings/) to connect your front-end logic and back-end logic Workers.
Enabling Smart Placement on your back-end Worker will invoke it close to your back-end service, while the front-end Worker serves requests close to the user. This architecture maintains fast, reactive front-ends while also improving latency when the back-end Worker is called.
## Give feedback on Smart Placement
Smart Placement is in beta. To share your thoughts and experience with Smart Placement, join the [Cloudflare Developer Discord](https://discord.cloudflare.com).
---
# Page Rules
URL: https://developers.cloudflare.com/workers/configuration/workers-with-page-rules/
Page Rules trigger certain actions whenever a request matches one of the URL patterns you define. You can define a page rule to trigger one or more actions whenever a certain URL pattern is matched. Refer to [Page Rules](/rules/page-rules/) to learn more about configuring Page Rules.
## Page Rules with Workers
Cloudflare acts as a [reverse proxy](https://www.cloudflare.com/learning/what-is-cloudflare/) to provide services, like Page Rules, to Internet properties. Your application's traffic will pass through a Cloudflare data center that is closest to the visitor. There are hundreds of these around the world, each of which are capable of running services like Workers and Page Rules. If your application is built on Workers and/or Pages, the [Cloudflare global network](https://www.cloudflare.com/learning/serverless/glossary/what-is-edge-computing/) acts as your origin server and responds to requests directly from the Cloudflare global network.
When using Page Rules with Workers, the following workflow is applied.
1. Request arrives at Cloudflare data center.
2. Cloudflare decides if this request is a Worker route. Because this is a Worker route, Cloudflare evaluates and disabled a number of features, including some that would be set by Page Rules.
3. Page Rules run as part of normal request processing with some features now disabled.
4. Worker executes.
5. Worker makes a same-zone or other-zone subrequest. Because this is a Worker route, Cloudflare disables a number of features, including some that would be set by Page Rules.
Page Rules are evaluated both at the client-to-Worker request stage (step 2) and the Worker subrequest stage (step 5).
If you are experiencing Page Rule errors when running Workers, contact your Cloudflare account team or [Cloudflare Support](/support/contacting-cloudflare-support/).
## Affected Page Rules
The following Page Rules may not work as expected when an incoming request is matched to a Worker route:
* Always Online
* [Always Use HTTPS](/workers/configuration/workers-with-page-rules/#always-use-https)
* [Automatic HTTPS Rewrites](/workers/configuration/workers-with-page-rules/#automatic-https-rewrites)
* [Browser Cache TTL](/workers/configuration/workers-with-page-rules/#browser-cache-ttl)
* [Browser Integrity Check](/workers/configuration/workers-with-page-rules/#browser-integrity-check)
* [Cache Deception Armor](/workers/configuration/workers-with-page-rules/#cache-deception-armor)
* [Cache Level](/workers/configuration/workers-with-page-rules/#cache-level)
* Disable Apps
* [Disable Zaraz](/workers/configuration/workers-with-page-rules/#disable-zaraz)
* [Edge Cache TTL](/workers/configuration/workers-with-page-rules/#edge-cache-ttl)
* [Email Obfuscation](/workers/configuration/workers-with-page-rules/#email-obfuscation)
* [Forwarding URL](/workers/configuration/workers-with-page-rules/#forwarding-url)
* Host Header Override
* [IP Geolocation Header](/workers/configuration/workers-with-page-rules/#ip-geolocation-header)
* Mirage
* [Origin Cache Control](/workers/configuration/workers-with-page-rules/#origin-cache-control)
* [Rocket Loader](/workers/configuration/workers-with-page-rules/#rocket-loader)
* [Security Level](/workers/configuration/workers-with-page-rules/#security-level)
* [SSL](/workers/configuration/workers-with-page-rules/#ssl)
This is because the default setting of these Page Rules will be disabled when Cloudflare recognizes that the request is headed to a Worker.
:::caution[Testing]
Due to ongoing changes to the Workers runtime, detailed documentation on how these rules will be affected are updated following testing.
:::
To learn what these Page Rules do, refer to [Page Rules](/rules/page-rules/).
:::note[Same zone versus other zone]
A same zone subrequest is a request the Worker makes to an orange-clouded hostname in the same zone the Worker runs on. Depending on your DNS configuration, any request that falls outside that definition may be considered an other zone request by the Cloudflare network.
:::
### Always Use HTTPS
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Ignored |
| Worker | Other Zone | Rule Ignored |
### Automatic HTTPS Rewrites
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Ignored |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Browser Cache TTL
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Ignored |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Browser Integrity Check
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Ignored |
| Worker | Other Zone | Rule Ignored |
### Cache Deception Armor
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Cache Level
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Disable Zaraz
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Edge Cache TTL
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Email Obfuscation
| Source | Target | Behavior |
| -------------------------|------------|------------|
| Client | Worker | Rule Ignored |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Forwarding URL
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Ignored |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### IP Geolocation Header
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Origin Cache Control
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
### Rocket Loader
| Source | Target | Behavior |
| ------ | ---------- | ------------ |
| Client | Worker | Rule Ignored |
| Worker | Same Zone | Rule Ignored |
| Worker | Other Zone | Rule Ignored |
### Security Level
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Ignored |
| Worker | Other Zone | Rule Ignored |
### SSL
| Source | Target | Behavior |
| ------ | ---------- | -------------- |
| Client | Worker | Rule Respected |
| Worker | Same Zone | Rule Respected |
| Worker | Other Zone | Rule Ignored |
---
# Connect to databases
URL: https://developers.cloudflare.com/workers/databases/connecting-to-databases/
Cloudflare Workers can connect to and query your data in both SQL and NoSQL databases, including:
- Cloudflare's own [D1](/d1/), a serverless SQL-based database.
- Traditional hosted relational databases, including Postgres and MySQL, using [Hyperdrive](/hyperdrive/) (recommended) to significantly speed up access.
- Serverless databases, including Supabase, MongoDB Atlas, PlanetScale, and Prisma.
### D1 SQL database
D1 is Cloudflare's own SQL-based, serverless database. It is optimized for global access from Workers, and can scale out with multiple, smaller (10GB) databases, such as per-user, per-tenant or per-entity databases. Similar to some serverless databases, D1 pricing is based on query and storage costs.
| Database | Library or Driver | Connection Method |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- |
| [D1](/d1/) | [Workers binding](/d1/worker-api/), integrates with [Prisma](https://www.prisma.io/), [Drizzle](https://orm.drizzle.team/), and other ORMs | [Workers binding](/d1/worker-api/), [REST API](/api/resources/d1/subresources/database/methods/create/) |
### Traditional SQL databases
Traditional databases use SQL drivers that use [TCP sockets](/workers/runtime-apis/tcp-sockets/) to connect to the database. TCP is the de-facto standard protocol that many databases, such as PostgreSQL and MySQL, use for client connectivity.
These drivers are also widely compatible with your preferred ORM libraries and query builders.
This also includes serverless databases that are PostgreSQL or MySQL-compatible like [Supabase](/hyperdrive/examples/connect-to-postgres/postgres-database-providers/supabase/), [Neon](/hyperdrive/examples/connect-to-postgres/postgres-database-providers/neon/) or [PlanetScale](/hyperdrive/examples/connect-to-mysql/mysql-database-providers/planetscale/),
which can be connected to using both native [TCP sockets and Hyperdrive](/hyperdrive/) or [serverless HTTP-based drivers](/workers/databases/connecting-to-databases/#serverless-databases) (detailed below).
| Database | Integration | Library or Driver | Connection Method |
| ---------------------------------------- | ----------------- | ----------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| [Postgres](/workers/tutorials/postgres/) | Direct connection | [Postgres.js](https://github.com/porsager/postgres),[node-postgres](https://node-postgres.com/) | [TCP Socket](/workers/runtime-apis/tcp-sockets/) via database driver, using [Hyperdrive](/hyperdrive/) for optimal performance (optional, recommended) |
| [MySQL](/workers/tutorials/mysql/) | Direct connection | [mysql2](https://github.com/sidorares/node-mysql2), [mysql](https://github.com/mysqljs/mysql) | [TCP Socket](/workers/runtime-apis/tcp-sockets/) via database driver, using [Hyperdrive](/hyperdrive/) for optimal performance (optional, recommended) |
:::note[Speed up database connectivity with Hyperdrive]
Connecting to SQL databases with TCP sockets requires multiple roundtrips to establish a secure connection before a query to the database is made.
Since a connection must be re-established on every Worker invocation, this adds unnecessary latency.
[Hyperdrive](/hyperdrive/) solves this by pooling database connections globally to eliminate unnecessary roundtrips and speed up your database access. Learn more about [how Hyperdrive works](/hyperdrive/configuration/how-hyperdrive-works/).
:::
### Serverless databases
Serverless databases provide HTTP-based proxies and drivers, also known as serverless drivers. These address the lack of connection reuse between Worker invocation similarly to [Hyperdrive](/hyperdrive/) for traditional SQL databases.
By providing a way to query your database with HTTP, these serverless databases and drivers eliminate several roundtrips needed to establish a secure connection.
| Database | Integration | Library or Driver | Connection Method |
| --------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------- | ----------------------- |
| [PlanetScale](https://planetscale.com/blog/introducing-the-planetscale-serverless-driver-for-javascript) | [Yes](/workers/databases/native-integrations/planetscale/) | [@planetscale/database](https://github.com/planetscale/database-js) | API via client library |
| [Supabase](https://github.com/supabase/supabase/tree/master/examples/with-cloudflare-workers) | [Yes](/workers/databases/native-integrations/supabase/) | [@supabase/supabase-js](https://github.com/supabase/supabase-js) | API via client library |
| [Prisma](https://www.prisma.io/docs/guides/deployment/deployment-guides/deploying-to-cloudflare-workers) | No | [prisma](https://github.com/prisma/prisma) | API via client library |
| [Neon](https://blog.cloudflare.com/neon-postgres-database-from-workers/) | [Yes](/workers/databases/native-integrations/neon/) | [@neondatabase/serverless](https://neon.tech/blog/serverless-driver-for-postgres/) | API via client library |
| [Hasura](https://hasura.io/blog/building-applications-with-cloudflare-workers-and-hasura-graphql-engine/) | No | API | GraphQL API via fetch() |
| [Upstash Redis](https://blog.cloudflare.com/cloudflare-workers-database-integration-with-upstash/) | [Yes](/workers/databases/native-integrations/upstash/) | [@upstash/redis](https://github.com/upstash/upstash-redis) | API via client library |
| [TiDB Cloud](https://docs.pingcap.com/tidbcloud/integrate-tidbcloud-with-cloudflare) | No | [@tidbcloud/serverless](https://github.com/tidbcloud/serverless-js) | API via client library |
:::note[Easier setup with database integrations]
[Database Integrations](/workers/databases/native-integrations/) simplify the authentication for serverless database drivers by managing credentials on your behalf and includes support for PlanetScale, Neon and Supabase.
If you do not see an integration listed or have an integration to add, complete and submit the [Cloudflare Developer Platform Integration form](https://forms.gle/iaUqLWE8aezSEhgd6).
:::
Once you have installed the necessary packages, use the APIs provided by these packages to connect to your database and perform operations on it. Refer to detailed links for service-specific instructions.
## Authentication
If your database requires authentication, use Wrangler secrets to securely store your credentials. To do this, create a secret in your Cloudflare Workers project using the following [`wrangler secret`](/workers/wrangler/commands/#secret) command:
```sh
wrangler secret put
```
Then, retrieve the secret value in your code using the following code snippet:
```js
const secretValue = env.;
```
Use the secret value to authenticate with the external service. For example, if the external service requires an API key or database username and password for authentication, include these in using the relevant service's library or API.
For services that require mTLS authentication, use [mTLS certificates](/workers/runtime-apis/bindings/mtls) to present a client certificate.
## Next steps
- Learn how to connect to [an existing PostgreSQL database](/hyperdrive/) with Hyperdrive.
- Discover [other storage options available](/workers/platform/storage-options/) for use with Workers.
- [Create your first database](/d1/get-started/) with Cloudflare D1.
---
# Databases
URL: https://developers.cloudflare.com/workers/databases/
import { DirectoryListing } from "~/components";
Explore database integrations for your Worker projects.
---
# Frameworks
URL: https://developers.cloudflare.com/workers/frameworks/
import {
Badge,
Description,
DirectoryListing,
InlineBadge,
Render,
TabItem,
Tabs,
PackageManagers,
Feature,
} from "~/components";
Run front-end websites — static or dynamic — directly on Cloudflare's global
network.
The following frameworks have support for Cloudflare Workers and the new [Workers Assets](/workers/static-assets/). Refer to the individual guides below for instructions on how to get started.
:::note
**Static Assets for Workers is currently in open beta.**
If you are looking for a framework not on this list:
- It may be supported in [Cloudflare Pages](/pages/). Refer to [Pages Frameworks guides](/pages/framework-guides/) for a full list.
- Tell us which framework you would like to see supported on Workers in our [Cloudflare's Developer Discord](http://discord.cloudflare.com/).
:::
---
# Dashboard
URL: https://developers.cloudflare.com/workers/get-started/dashboard/
import { Render } from "~/components";
Follow this guide to create a Workers application using [the Cloudflare dashboard](https://dash.cloudflare.com).
## Prerequisites
[Create a Cloudflare account](/fundamentals/account/create-account/), if you have not already.
## Setup
To get started with a new Workers application:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Go to the **Workers & Pages** section of the dashboard.
2. Select [Create](https://dash.cloudflare.com/?to=/:account/workers-and-pages/create). From here, you can:
* You can select from the gallery of production-ready templates
* Import an existing Git repository on your own account
* Let Cloudflare clone and bootstrap a public repository containing a Workers application.
3. Once you've connected to your chosen [Git provider](/workers/ci-cd/builds/git-integration/github-integration/), configure your project and click `Deploy`.
4. Cloudflare will kick off a new build and deployment. Once deployed, preview your Worker at its provided `workers.dev` subdomain.
## Continue development
Applications started in the dashboard are set up with Git to help kickstart your development workflow. To continue developing on your repository, you can run:
```bash
# clone you repository locally
git clone
# be sure you are in the root directory
cd
```
Now, you can preview and test your changes by [running Wrangler in your local development environment](/workers/local-development/). Once you are ready to deploy you can run:
```bash
# adds the files to git tracking
git add .
# commits the changes
git commit -m "your message"
# push the changes to your Git provider
git push origin main
```
To do more:
- Review our [Examples](/workers/examples/) and [Tutorials](/workers/tutorials/) for inspiration.
- Set up [bindings](/workers/runtime-apis/bindings/) to allow your Worker to interact with other resources and unlock new functionality.
- Learn how to [test and debug](/workers/testing/) your Workers.
- Read about [Workers limits and pricing](/workers/platform/).
---
# CLI
URL: https://developers.cloudflare.com/workers/get-started/guide/
import { Details, Render, PackageManagers } from "~/components";
Set up and deploy your first Worker with Wrangler, the Cloudflare Developer Platform CLI.
This guide will instruct you through setting up and deploying your first Worker.
## Prerequisites
## 1. Create a new Worker project
Open a terminal window and run C3 to create your Worker project. [C3 (`create-cloudflare-cli`)](https://github.com/cloudflare/workers-sdk/tree/main/packages/create-cloudflare) is a command-line tool designed to help you set up and deploy new applications to Cloudflare.
Now, you have a new project set up. Move into that project folder.
```sh
cd my-first-worker
```
In your project directory, C3 will have generated the following:
* `wrangler.jsonc`: Your [Wrangler](/workers/wrangler/configuration/#sample-wrangler-configuration) configuration file.
* `index.js` (in `/src`): A minimal `'Hello World!'` Worker written in [ES module](/workers/reference/migrate-to-module-workers/) syntax.
* `package.json`: A minimal Node dependencies configuration file.
* `package-lock.json`: Refer to [`npm` documentation on `package-lock.json`](https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json).
* `node_modules`: Refer to [`npm` documentation `node_modules`](https://docs.npmjs.com/cli/v7/configuring-npm/folders#node-modules).
In addition to creating new projects from C3 templates, C3 also supports creating new projects from existing Git repositories. To create a new project from an existing Git repository, open your terminal and run:
```sh
npm create cloudflare@latest -- --template
```
`` may be any of the following:
- `user/repo` (GitHub)
- `git@github.com:user/repo`
- `https://github.com/user/repo`
- `user/repo/some-template` (subdirectories)
- `user/repo#canary` (branches)
- `user/repo#1234abcd` (commit hash)
- `bitbucket:user/repo` (Bitbucket)
- `gitlab:user/repo` (GitLab)
Your existing template folder must contain the following files, at a minimum, to meet the requirements for Cloudflare Workers:
- `package.json`
- `wrangler.jsonc` [See sample Wrangler configuration](/workers/wrangler/configuration/#sample-wrangler-configuration)
- `src/` containing a worker script referenced from `wrangler.jsonc`
## 2. Develop with Wrangler CLI
C3 installs [Wrangler](/workers/wrangler/install-and-update/), the Workers command-line interface, in Workers projects by default. Wrangler lets you to [create](/workers/wrangler/commands/#init), [test](/workers/wrangler/commands/#dev), and [deploy](/workers/wrangler/commands/#deploy) your Workers projects.
After you have created your first Worker, run the [`wrangler dev`](/workers/wrangler/commands/#dev) command in the project directory to start a local server for developing your Worker. This will allow you to preview your Worker locally during development.
```sh
npx wrangler dev
```
If you have never used Wrangler before, it will open your web browser so you can login to your Cloudflare account.
Go to [http://localhost:8787](http://localhost:8787) to view your Worker.
If you have issues with this step or you do not have access to a browser interface, refer to the [`wrangler login`](/workers/wrangler/commands/#login) documentation.
## 3. Write code
With your new project generated and running, you can begin to write and edit your code.
Find the `src/index.js` file. `index.js` will be populated with the code below:
```js title="Original index.js"
export default {
async fetch(request, env, ctx) {
return new Response("Hello World!");
},
};
```
This code block consists of a few different parts.
```js title="Updated index.js" {1}
export default {
async fetch(request, env, ctx) {
return new Response("Hello World!");
},
};
```
`export default` is JavaScript syntax required for defining [JavaScript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#default_exports_versus_named_exports). Your Worker has to have a default export of an object, with properties corresponding to the events your Worker should handle.
```js title="index.js" {2}
export default {
async fetch(request, env, ctx) {
return new Response("Hello World!");
},
};
```
This [`fetch()` handler](/workers/runtime-apis/handlers/fetch/) will be called when your Worker receives an HTTP request. You can define additional event handlers in the exported object to respond to different types of events. For example, add a [`scheduled()` handler](/workers/runtime-apis/handlers/scheduled/) to respond to Worker invocations via a [Cron Trigger](/workers/configuration/cron-triggers/).
Additionally, the `fetch` handler will always be passed three parameters: [`request`, `env` and `context`](/workers/runtime-apis/handlers/fetch/).
```js title="index.js" {3}
export default {
async fetch(request, env, ctx) {
return new Response("Hello World!");
},
};
```
The Workers runtime expects `fetch` handlers to return a `Response` object or a Promise which resolves with a `Response` object. In this example, you will return a new `Response` with the string `"Hello World!"`.
Replace the content in your current `index.js` file with the content below, which changes the text output.
```js title="index.js" {3}
export default {
async fetch(request, env, ctx) {
return new Response("Hello Worker!");
},
};
```
Then, save the file and reload the page. Your Worker's output will have changed to the new text.
If the output for your Worker does not change, make sure that:
1. You saved the changes to `index.js`.
2. You have `wrangler dev` running.
3. You reloaded your browser.
## 4. Deploy your project
Deploy your Worker via Wrangler to a `*.workers.dev` subdomain or a [Custom Domain](/workers/configuration/routing/custom-domains/).
```sh
npx wrangler deploy
```
If you have not configured any subdomain or domain, Wrangler will prompt you during the publish process to set one up.
Preview your Worker at `..workers.dev`.
If you see [`523` errors](/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-523/) when pushing your `*.workers.dev` subdomain for the first time, wait a minute or so and the errors will resolve themselves.
## Next steps
To do more:
- Push your project to a GitHub or GitLab repository then [connect to builds](/workers/ci-cd/builds/#get-started) to enable automatic builds and deployments.
- Visit the [Cloudflare dashboard](https://dash.cloudflare.com/) for simpler editing.
- Review our [Examples](/workers/examples/) and [Tutorials](/workers/tutorials/) for inspiration.
- Set up [bindings](/workers/runtime-apis/bindings/) to allow your Worker to interact with other resources and unlock new functionality.
- Learn how to [test and debug](/workers/testing/) your Workers.
- Read about [Workers limits and pricing](/workers/platform/).
---
# Prompting
URL: https://developers.cloudflare.com/workers/get-started/prompting/
import { Tabs, TabItem, GlossaryTooltip, Type, Badge, TypeScriptExample } from "~/components";
import { Code } from "@astrojs/starlight/components";
import BasePrompt from '~/content/partials/prompts/base-prompt.txt?raw';
One of the fastest ways to build an application is by using AI to assist with writing the boiler plate code. When building, iterating on or debugging applications using AI tools and Large Language Models (LLMs), a well-structured and extensive prompt helps provide the model with clearer guidelines & examples that can dramatically improve output.
Below is an extensive example prompt that can help you build applications using Cloudflare Workers and your preferred AI model.
### Build Workers using a prompt
To use the prompt:
1. Use the click-to-copy button at the top right of the code block below to copy the full prompt to your clipboard
2. Paste into your AI tool of choice (for example OpenAI's ChatGPT or Anthropic's Claude)
3. Make sure to enter your part of the prompt at the end between the `` and `` tags.
Base prompt:
The prompt above adopts several best practices, including:
* Using `` tags to structure the prompt
* API and usage examples for products and use-cases
* Guidance on how to generate configuration (e.g. `wrangler.jsonc`) as part of the models response.
* Recommendations on Cloudflare products to use for specific storage or state needs
### Additional uses
You can use the prompt in several ways:
* Within the user context window, with your own user prompt inserted between the `` tags (**easiest**)
* As the `system` prompt for models that support system prompts
* Adding it to the prompt library and/or file context within your preferred IDE:
* Cursor: add the prompt to [your Project Rules](https://docs.cursor.com/context/rules-for-ai)
* Zed: use [the `/file` command](https://zed.dev/docs/assistant/assistant-panel) to add the prompt to the Assistant context.
* Windsurf: use [the `@-mention` command](https://docs.codeium.com/chat/overview) to include a file containing the prompt to your Chat.
* GitHub Copilot: create the [`.github/copilot-instructions.md`](https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot) file at the root of your project and add the prompt.
:::note
The prompt(s) here are examples and should be adapted to your specific use case. We'll continue to build out the prompts available here, including additional prompts for specific products.
Depending on the model and user prompt, it may generate invalid code, configuration or other errors, and we recommend reviewing and testing the generated code before deploying it.
:::
### Passing a system prompt
If you are building an AI application that will itself generate code, you can additionally use the prompt above as a "system prompt", which will give the LLM additional information on how to structure the output code. For example:
```ts
import workersPrompt from "./workersPrompt.md"
// Llama 3.3 from Workers AI
const PREFERRED_MODEL = "@cf/meta/llama-3.3-70b-instruct-fp8-fast"
export default {
async fetch(req: Request, env: Env, ctx: ExecutionContext) {
const openai = new OpenAI({
apiKey: env.WORKERS_AI_API_KEY
});
const stream = await openai.chat.completions.create({
messages: [
{
role: "system",
content: workersPrompt,
},
{
role: "user",
// Imagine something big!
content: "Build an AI Agent using Workflows. The Workflow should be triggered by a GitHub webhook on a pull request, and ..."
}
],
model: PREFERRED_MODEL,
stream: true,
});
// Stream the response so we're not buffering the entire response in memory,
// since it could be very large.
const transformStream = new TransformStream();
const writer = transformStream.writable.getWriter();
const encoder = new TextEncoder();
(async () => {
try {
for await (const chunk of stream) {
const content = chunk.choices[0]?.delta?.content || '';
await writer.write(encoder.encode(content));
}
} finally {
await writer.close();
}
})();
return new Response(transformStream.readable, {
headers: {
'Content-Type': 'text/plain; charset=utf-8',
'Transfer-Encoding': 'chunked'
}
});
}
}
```
## Use docs in your editor
AI-enabled editors, including Cursor and Windsurf, can index documentation. Cursor includes the Cloudflare Developer Docs by default: you can use the [`@Docs`](https://docs.cursor.com/context/@-symbols/@-docs) command.
In other editors, such as Zed or Windsurf, you can paste in URLs to add to your context. Use the _Copy Page_ button to paste in Cloudflare docs directly, or fetch docs for each product by appending `llms-full.txt` to the root URL - for example, `https://developers.cloudflare.com/agents/llms-full.txt` or `https://developers.cloudflare.com/workflows/llms-full.txt`.
You can combine these with the Workers system prompt on this page to improve your editor or agent's understanding of the Workers APIs.
## Additional resources
To get the most out of AI models and tools, we recommend reading the following guides on prompt engineering and structure:
* OpenAI's [prompt engineering](https://platform.openai.com/docs/guides/prompt-engineering) guide and [best practices](https://platform.openai.com/docs/guides/reasoning-best-practices) for using reasoning models.
* The [prompt engineering](https://docs.anthropic.com/en/docs/build-with-claude/prompt-engineering/overview) guide from Anthropic
* Google's [quick start guide](https://services.google.com/fh/files/misc/gemini-for-google-workspace-prompting-guide-101.pdf) for writing effective prompts
* Meta's [prompting documentation](https://www.llama.com/docs/how-to-guides/prompting/) for their Llama model family.
* GitHub's guide for [prompt engineering](https://docs.github.com/en/copilot/using-github-copilot/copilot-chat/prompt-engineering-for-copilot-chat) when using Copilot Chat.
---
# Getting started
URL: https://developers.cloudflare.com/workers/get-started/
import { DirectoryListing, Render } from "~/components";
Build your first Worker.
---
# Templates
URL: https://developers.cloudflare.com/workers/get-started/quickstarts/
import { LinkButton, WorkersTemplates } from "~/components";
Templates are GitHub repositories that are designed to be a starting point for building a new Cloudflare Workers project. To start any of the projects below, run:
---
## Built with Workers
Get inspiration from other sites and projects out there that were built with Cloudflare Workers.
Built with Workers
---
# Languages
URL: https://developers.cloudflare.com/workers/languages/
import { DirectoryListing } from "~/components";
Workers is a polyglot platform, and provides first-class support for the following programming languages:
Workers also supports [WebAssembly](/workers/runtime-apis/webassembly/) (abbreviated as "Wasm") — a binary format that many languages can be compiled to. This allows you to write Workers using programming language beyond the languages listed above, including C, C++, Kotlin, Go and more.
---
# Supported bindings in local and remote dev
URL: https://developers.cloudflare.com/workers/local-development/bindings-per-env/
import { Render } from "~/components";
---
# Environment variables and secrets
URL: https://developers.cloudflare.com/workers/local-development/environment-variables/
import { Aside, PackageManagers, Steps } from "~/components";
During local development, you may need to configure **environment variables** (such as API URLs, feature flags) and **secrets** (API tokens, private keys). You can use a `.dev.vars` file in the root of your project to override environment variables for local development, and both [Wrangler](/workers/configuration/environment-variables/#compare-secrets-and-environment-variables) and the [Vite plugin](/workers/vite-plugin/reference/secrets/) will respect this override.
### Why use a `.dev.vars` file?
Use `.dev.vars` to set local overrides for environment variables that should not be checked into your repository.
If you want to manage environment-based configuration that you **want checked into your repository** (for example, non-sensitive or shared environment defaults), you can define [environment variables as `[vars]`](/workers/wrangler/environments/#_top) in your Wrangler configuration. Using a `.dev.vars` file is specifically for local-only secrets or configuration that you do not want in version control and only want to inject in local dev sessions.
## Basic setup
1. Create a `.dev.vars` file in your project root.
2. Add key-value pairs:
```ini title=".dev.vars"
API_HOST="localhost:3000"
DEBUG="true"
SECRET_TOKEN="my-local-secret-token"
```
3. Run your `dev` command
**Wrangler**
**Vite plugin**
## Multiple local environments with `.dev.vars`
To simulate different local environments, you can:
1. Create a file named `.dev.vars.` . For example, we'll use `.dev.vars.staging`.
2. Add key-value pairs:
```ini title=".dev.vars.staging"
API_HOST="staging.localhost:3000"
DEBUG="false"
SECRET_TOKEN="staging-token"
```
3. Specify the environment when running the `dev` command:
**Wrangler**
**Vite plugin**
Only the values from `.dev.vars.staging` will be applied instead of `.dev.vars`.
## Learn more
- To learn how to configure multiple environments in Wrangler configuration, [read the documentation](/workers/wrangler/environments/#_top).
- To learn how to use Wrangler environments and Vite environments together, [read the Vite plugin documentation](/workers/vite-plugin/reference/cloudflare-environments/)
---
# Local development
URL: https://developers.cloudflare.com/workers/local-development/
import { Details, LinkCard, Render, PackageManagers } from "~/components";
When building projects on Cloudflare Workers, you have two options for local development:
- [**Wrangler**](/workers/wrangler/), using the built-in [`wrangler dev`](/workers/wrangler/commands/#dev) command.
- [Vite](https://vite.dev/), using the [**Cloudflare Vite plugin**](/workers/vite-plugin/).
Both Wrangler and the Vite plugin use [Miniflare](/workers/testing/miniflare/) to provide an accurate **local** simulation of the Cloudflare Workers runtime, ([`workerd`](https://github.com/cloudflare/workerd)). If you need to [develop with **remote resources**](/workers/local-development/remote-data/), Wrangler is the only option, and provides remote development via the `wrangler dev --remote` command.
## Choosing between Wrangler or Vite
Deciding between Wrangler and the Cloudflare Vite plugin depends on your project's focus and development workflow. Here are some quick guidelines to help you choose:
### When to use Wrangler
- **Backend & Workers-focused:**
If you're primarily building APIs, serverless functions, or background tasks, use Wrangler.
- **Remote development:**
If your project needs the ability to develop and test using production resources and data on Cloudflare's network, use Wrangler's `--remote` flag.
- **Simple frontends:**
If you have minimal frontend requirements and don’t need hot reloading or advanced bundling, Wrangler may be sufficient.
### When to use the Cloudflare Vite Plugin
Use the [Vite plugin](/workers/vite-plugin/) for:
- **Frontend-centric development:**
If you already use Vite with modern frontend frameworks like React, Vue, Svelte, or Solid, the Vite plugin integrates into your development workflow.
- **React Router v7:**
If you are using [React Router v7](https://reactrouter.com/) (the successor to Remix), it is officially supported by the Vite plugin as a full-stack SSR framework.
- **Rapid iteration (HMR):**
If you need near-instant updates in the browser, the Vite plugin provides [Hot Module Replacement (HMR)](https://vite.dev/guide/features.html#hot-module-replacement) during local development.
- **Advanced optimizations:**
If you require more advanced optimizations (code splitting, efficient bundling, CSS handling, build time transformations, etc.), Vite is a strong fit.
- **Greater flexibility:**
Due to Vite's advanced configuration options and large ecosystem of plugins, there is more flexibility to customize your development experience and build output.
---
# Local data
URL: https://developers.cloudflare.com/workers/local-development/local-data/
import {
Details,
LinkCard,
Render,
PackageManagers,
FileTree,
Aside,
} from "~/components";
Whether you are using Wrangler or the [Cloudflare Vite plugin](https://developers.cloudflare.com/workers/vite-plugin/), your workflow for **accessing** data during local development remains the same. However, you can only [populate local resources with data](/workers/local-development/local-data/#populating-local-resources-with-data) via the Wrangler CLI.
### How it works
When you run either `wrangler dev` or [`vite`](https://vite.dev/guide/cli#dev-server), [Miniflare](/workers/testing/miniflare/) automatically creates **local versions** of your resources (like [KV](/kv), [D1](/d1/), or [R2](/r2)). This means you **don’t** need to manually set up separate local instances for each service. However, newly created local resources **won’t** contain any data — you'll need to use Wrangler commands with the `--local` flag to populate them. Changes made to local resources won’t affect production data.
## Populating local resources with data
When you first start developing, your local resources will be empty. You'll need to populate them with data using the Wrangler CLI.
### KV namespaces
#### [Add a single key-value pair](/workers/wrangler/commands/#kv-key)
#### [Bulk upload](/workers/wrangler/commands/#kv-bulk)
### R2 buckets
#### [Upload a file](/workers/wrangler/commands/#r2-object)
You may also include [other metadata](/workers/wrangler/commands/#r2-object-put).
### D1 databases
#### [Execute a SQL statement](/workers/wrangler/commands/#d1-execute)
#### [Execute a SQL file](/workers/wrangler/commands/#d1-execute)
### Durable Objects
For Durable Objects, unlike KV, D1, and R2, there are no CLI commands to populate them with local data. To add data to Durable Objects during local development, you must write application code that creates Durable Object instances and [calls methods on them that store state](/durable-objects/best-practices/access-durable-objects-storage/). This typically involves creating development endpoints or test routes that initialize your Durable Objects with the desired data.
## Where local data gets stored
By default, both Wrangler and the Vite plugin store local binding data in the same location: the `.wrangler/state` folder in your project directory. This folder stores data in subdirectories for all local bindings: KV namespaces, R2 buckets, D1 databases, Durable Objects, etc.
### Clearing local storage
You can delete the `.wrangler/state` folder at any time to reset your local environment, and Miniflare will recreate it the next time you run your `dev` command. You can also delete specific sub-folders within `.wrangler/state` for more targeted clean-up.
### Changing the local data directory
If you prefer to specify a different directory for local storage, you can do so through the Wranlger CLI or in the Vite plugin's configuration.
#### Using Wrangler
Use the [`--persist-to`](/workers/wrangler/commands/#dev) flag with `wrangler dev`. You need to specify this flag every time you run the `dev` command:
:::note
The local persistence folder (like `.wrangler/state` or any custom folder you set) should be added to your `.gitignore` to avoid committing local development data to version control.
:::
If you run `wrangler dev --persist-to ` to specify a custom location for local data, you must also include the same `--persist-to ` when running other Wrangler commands that modify local data (and be sure to include the `--local` flag).
For example, to create a KV key named `test` with a value of `12345` in a local KV namespace, run:
This command:
- Sets the KV key `test` to `12345` in the binding `MY_KV_NAMESPACE` (defined in your [Wrangler configuration file](/workers/wrangler/configuration/)).
- Uses `--persist-to worker-local` to ensure the data is created in the **worker-local** directory instead of the default `.wrangler/state`.
- Adds the `--local` flag, indicating you want to modify local data.
If `--persist-to` is not specified, Wrangler defaults to using `.wrangler/state` for local data.
#### Using the Cloudflare Vite plugin
To customize where the Vite plugin stores local data, configure the [`persistState` option](/workers/vite-plugin/reference/api/#interface-pluginconfig) in your Vite config file:
```js title="vite.config.js"
import { defineConfig } from "vite";
import { cloudflare } from "@cloudflare/vite-plugin";
export default defineConfig({
plugins: [
cloudflare({
persistState: "./my-custom-directory",
}),
],
});
```
#### Sharing state between tools
If you want Wrangler and the Vite plugin to share the same state, configure them to use the same persistence path.
---
# Remote data
URL: https://developers.cloudflare.com/workers/local-development/remote-data/
import {
Details,
LinkCard,
Render,
PackageManagers,
FileTree,
} from "~/components";
When developing Workers applications, you can use Wrangler's remote development mode (via [`wrangler dev --remote`](/workers/wrangler/commands/#dev)) to test your code on Cloudflare's global network before
deploying to production. Remote development is [**not** supported in the Vite plugin](/workers/local-development/#choosing-between-wrangler-or-vite).
### How It Works
The `wrangler dev --remote` command creates a temporary preview deployment on Cloudflare's infrastructure, allowing you to test your Worker in an environment that closely mirrors production.
When you run `wrangler dev --remote`:
- Your code is uploaded to a temporary preview environment on Cloudflare's infrastructure.
- Changes to your code are automatically uploaded as you save.
- All requests and execution happen on Cloudflare's global network
- The preview automatically terminates when you exit the command
## When to Use Remote Development
- You need to develop using [bindings that don't work locally](/workers/local-development/bindings-per-env/) (such as [Browser Rendering](/browser-rendering/)).
- You need to verify behavior specifically on Cloudflare's infrastructure.
- You want to work with preview resources that mirror production.
## Isolating from Production
To protect production data, you can specify preview resources in your [Wrangler configuration](/workers/wrangler/configuration/), such as:
- [Preview namespaces for KV stores](/workers/wrangler/configuration/#kv-namespaces):`preview_id`.
- This option is **required** when using `wrangler dev --remote`.
- [Preview buckets for R2 storage](/workers/wrangler/configuration/#r2-buckets): `preview_bucket_name`.
- [Preview database IDs for D1](/workers/wrangler/configuration/#d1-databases): `preview_database_id`
This separation ensures your development activities don't impact production data while still providing a realistic testing environment.
## Limitations
- When you run a remote development session using the `--remote` flag, a limit of 50 [routes](/workers/configuration/routing/routes/) per zone is enforced. Learn more in[ Workers platform limits](/workers/platform/limits/#number-of-routes-per-zone-when-using-wrangler-dev---remote).
---
# Observability
URL: https://developers.cloudflare.com/workers/observability/
import { Badge, DirectoryListing } from "~/components";
Understand how your Worker projects are performing via logs, traces, and other data sources.
---
# Errors and exceptions
URL: https://developers.cloudflare.com/workers/observability/errors/
import { TabItem, Tabs } from "~/components";
Review Workers errors and exceptions.
## Error pages generated by Workers
When a Worker running in production has an error that prevents it from returning a response, the client will receive an error page with an error code, defined as follows:
| Error code | Meaning |
| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| `1101` | Worker threw a JavaScript exception. |
| `1102` | Worker exceeded [CPU time limit](/workers/platform/limits/#cpu-time). |
| `1103` | The owner of this worker needs to contact [Cloudflare Support](/support/contacting-cloudflare-support/) |
| `1015` | Worker hit the [burst rate limit](/workers/platform/limits/#burst-rate). |
| `1019` | Worker hit [loop limit](#loop-limit). |
| `1021` | Worker has requested a host it cannot access. |
| `1022` | Cloudflare has failed to route the request to the Worker. |
| `1024` | Worker cannot make a subrequest to a Cloudflare-owned IP address. |
| `1027` | Worker exceeded free tier [daily request limit](/workers/platform/limits/#daily-request). |
| `1042` | Worker tried to fetch from another Worker on the same zone, which is only [supported](/workers/runtime-apis/fetch/) when the [`global_fetch_strictly_public` compatibility flag](/workers/configuration/compatibility-flags/#global-fetch-strictly-public) is used. |
Other `11xx` errors generally indicate a problem with the Workers runtime itself. Refer to the [status page](https://www.cloudflarestatus.com) if you are experiencing an error.
### Loop limit
A Worker cannot call itself or another Worker more than 16 times. In order to prevent infinite loops between Workers, the [`CF-EW-Via`](/fundamentals/reference/http-headers/#cf-ew-via) header's value is an integer that indicates how many invocations are left. Every time a Worker is invoked, the integer will decrement by 1. If the count reaches zero, a [`1019`](#error-pages-generated-by-workers) error is returned.
### "The script will never generate a response" errors
Some requests may return a 1101 error with `The script will never generate a response` in the error message. This occurs when the Workers runtime detects that all the code associated with the request has executed and no events are left in the event loop, but a Response has not been returned.
#### Cause 1: Unresolved Promises
This is most commonly caused by relying on a Promise that is never resolved or rejected, which is required to return a Response. To debug, look for Promises within your code or dependencies' code that block a Response, and ensure they are resolved or rejected.
In browsers and other JavaScript runtimes, equivalent code will hang indefinitely, leading to both bugs and memory leaks. The Workers runtime throws an explicit error to help you debug.
In the example below, the Response relies on a Promise resolution that never happens. Uncommenting the `resolve` callback solves the issue.
```js null {9}
export default {
fetch(req) {
let response = new Response("Example response");
let { promise, resolve } = Promise.withResolvers();
// If the promise is not resolved, the Workers runtime will
// recognize this and throw an error.
// setTimeout(resolve, 0)
return promise.then(() => response);
},
};
```
You can prevent this by enforcing the [`no-floating-promises` eslint rule](https://typescript-eslint.io/rules/no-floating-promises/), which reports when a Promise is created and not properly handled.
#### Cause 2: WebSocket connections that are never closed
If a WebSocket is missing the proper code to close its server-side connection, the Workers runtime will throw a `script will never generate a response` error. In the example below, the `'close'` event from the client is not properly handled by calling `server.close()`, and the error is thrown. In order to avoid this, ensure that the WebSocket's server-side connection is properly closed via an event listener or other server-side logic.
```js null {10}
async function handleRequest(request) {
let webSocketPair = new WebSocketPair();
let [client, server] = Object.values(webSocketPair);
server.accept();
server.addEventListener("close", () => {
// This missing line would keep a WebSocket connection open indefinitely
// and results in "The script will never generate a response" errors
// server.close();
});
return new Response(null, {
status: 101,
webSocket: client,
});
}
```
### "Illegal invocation" errors
The error message `TypeError: Illegal invocation: function called with incorrect this reference` can be a source of confusion.
This is typically caused by calling a function that calls `this`, but the value of `this` has been lost.
For example, given an `obj` object with the `obj.foo()` method which logic relies on `this`, executing the method via `obj.foo();` will make sure that `this` properly references the `obj` object. However, assigning the method to a variable, e.g.`const func = obj.foo;` and calling such variable, e.g. `func();` would result in `this` being `undefined`. This is because `this` is lost when the method is called as a standalone function. This is standard behavior in JavaScript.
In practice, this is often seen when destructuring runtime provided Javascript objects that have functions that rely on the presence of `this`, such as `ctx`.
The following code will error:
```js
export default {
async fetch(request, env, ctx) {
// destructuring ctx makes waitUntil lose its 'this' reference
const { waitUntil } = ctx;
// waitUntil errors, as it has no 'this'
waitUntil(somePromise);
return fetch(request);
},
};
```
Avoid destructuring or re-bind the function to the original context to avoid the error.
The following code will run properly:
```js
export default {
async fetch(request, env, ctx) {
// directly calling the method on ctx avoids the error
ctx.waitUntil(somePromise);
// alternatively re-binding to ctx via apply, call, or bind avoids the error
const { waitUntil } = ctx;
waitUntil.apply(ctx, [somePromise]);
waitUntil.call(ctx, somePromise);
const reboundWaitUntil = waitUntil.bind(ctx);
reboundWaitUntil(somePromise);
return fetch(request);
},
};
```
### Cannot perform I/O on behalf of a different request
```
Uncaught (in promise) Error: Cannot perform I/O on behalf of a different request. I/O objects (such as streams, request/response bodies, and others) created in the context of one request handler cannot be accessed from a different request's handler.
```
This error occurs when you attempt to share input/output (I/O) objects (such as streams, requests, or responses) created by one invocation of your Worker in the context of a different invocation.
In Cloudflare Workers, each invocation is handled independently and has its own execution context. This design ensures optimal performance and security by isolating requests from one another. When you try to share I/O objects between different invocations, you break this isolation. Since these objects are tied to the specific request they were created in, accessing them from another request's handler is not allowed and leads to the error.
This error is most commonly caused by attempting to cache an I/O object, like a [Request](/workers/runtime-apis/request/) in global scope, and then access it in a subsequent request. For example, if you create a Worker and run the following code in local development, and make two requests to your Worker in quick succession, you can reproduce this error:
```js
let cachedResponse = null;
export default {
async fetch(request, env, ctx) {
if (cachedResponse) {
return cachedResponse;
}
cachedResponse = new Response("Hello, world!");
await new Promise((resolve) => setTimeout(resolve, 5000)); // Sleep for 5s to demonstrate this particular error case
return cachedResponse;
},
};
```
You can fix this by instead storing only the data in global scope, rather than the I/O object itself:
```js
let cachedData = null;
export default {
async fetch(request, env, ctx) {
if (cachedData) {
return new Response(cachedData);
}
const response = new Response("Hello, world!");
cachedData = await response.text();
return new Response(cachedData, response);
},
};
```
If you need to share state across requests, consider using [Durable Objects](/durable-objects/). If you need to cache data across requests, consider using [Workers KV](/kv/).
## Errors on Worker upload
These errors occur when a Worker is uploaded or modified.
| Error code | Meaning |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------- |
| `10006` | Could not parse your Worker's code. |
| `10007` | Worker or [workers.dev subdomain](/workers/configuration/routing/workers-dev/) not found. |
| `10015` | Account is not entitled to use Workers. |
| `10016` | Invalid Worker name. |
| `10021` | Validation Error. Refer to [Validation Errors](/workers/observability/errors/#validation-errors-10021) for details. |
| `10026` | Could not parse request body. |
| `10027` | The uploaded Worker exceeded the [Worker size limits](/workers/platform/limits/#worker-size). |
| `10035` | Multiple attempts to modify a resource at the same time |
| `10037` | An account has exceeded the number of [Workers allowed](/workers/platform/limits/#number-of-workers). |
| `10052` | A [binding](/workers/runtime-apis/bindings/) is uploaded without a name. |
| `10054` | A environment variable or secret exceeds the [size limit](/workers/platform/limits/#environment-variables). |
| `10055` | The number of environment variables or secrets exceeds the [limit/Worker](/workers/platform/limits/#environment-variables). |
| `10056` | [Binding](/workers/runtime-apis/bindings/) not found. |
| `10068` | The uploaded Worker has no registered [event handlers](/workers/runtime-apis/handlers/). |
| `10069` | The uploaded Worker contains [event handlers](/workers/runtime-apis/handlers/) unsupported by the Workers runtime. |
### Validation Errors (10021)
The 10021 error code includes all errors that occur when you attempt to deploy a Worker, and Cloudflare then attempts to load and run the top-level scope (everything that happens before your Worker's [handler](/workers/runtime-apis/handlers/) is invoked). For example, if you attempt to deploy a broken Worker with invalid JavaScript that would throw a `SyntaxError` — Cloudflare will not deploy your Worker.
Specific error cases include but are not limited to:
#### Script startup exceeded CPU time limit
This means that you are doing work in the top-level scope of your Worker that takes [more than the startup time limit (400ms)](/workers/platform/limits/#worker-startup-time) of CPU time.
This is usually a sign of a bug and/or large performance problem with your code or a dependency you rely on. It's not typical to use more than 400ms of CPU time when your app starts. The more time your Worker's code spends parsing and executing top-level scope, the slower your Worker will be when you deploy a code change or a new [isolate](/workers/reference/how-workers-works/) is created.
This error is most commonly caused by attempting to perform expernsive initialization work directly in top level (global) scope, rather than either at build time or when your Worker's handler is invoked. For example, attempting to initialize an app by generating or consuming a large schema.
To analyze what is consuming so much CPU time, you should open Chrome DevTools for your Worker and look at the Profiling and/or Performance panels to understand where time is being spent. Is there something glaring that consumes tons of CPU time, especially the first time you make a request to your Worker?
## Runtime errors
Runtime errors will occur within the runtime, do not throw up an error page, and are not visible to the end user. Runtime errors are detected by the user with logs.
| Error message | Meaning |
| -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
| `Network connection lost` | Connection failure. Catch a `fetch` or binding invocation and retry it. |
| `Memory limit` `would be exceeded` `before EOF` | Trying to read a stream or buffer that would take you over the [memory limit](/workers/platform/limits/#memory). |
| `daemonDown` | A temporary problem invoking the Worker. |
## Identify errors: Workers Metrics
To review whether your application is experiencing any downtime or returning any errors:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. In **Account Home**, select **Workers & Pages**.
3. In **Overview**, select your Worker and review your Worker's metrics.
### Worker Errors
The **Errors by invocation status** chart shows the number of errors broken down into the following categories:
| Error | Meaning |
| -------------------------- | --------------------------------------------------------------- |
| `Uncaught Exception` | Your Worker code threw a JavaScript exception during execution. |
| `Exceeded CPU Time Limits` | Worker exceeded CPU time limit or other resource constraints. |
| `Exceeded Memory` | Worker exceeded the memory limit during execution. |
| `Internal` | An internal error occurred in the Workers runtime. |
The **Client disconnected by type** chart shows the number of client disconnect errors broken down into the following categories:
| Client Disconnects | Meaning |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `Response Stream Disconnected` | Connection was terminated during the deferred proxying stage of a Worker request flow. It commonly appears for longer lived connections such as [WebSockets](/workers/runtime-apis/websockets/). |
| `Cancelled` | The Client disconnected before the Worker completed its response. |
## Debug exceptions with Workers Logs
[Workers Logs](/workers/observability/logs/workers-logs) is a powerful tool for debugging your Workers. It shows all the historic logs generated by your Worker, including any uncaught exceptions that occur during execution.
To find all your errors in Workers Logs, you can use the following filter: `$metadata.error EXISTS`. This will show all the logs that have an error associated with them. You can also filter by `$workers.outcome` to find the requests that resulted in an error. For example, you can filter by `$workers.outcome = "exception"` to find all the requests that resulted in an uncaught exception.
All the possible outcome values can be found in the [Workers Trace Event](/logs/reference/log-fields/account/workers_trace_events/#outcome) reference.
## Debug exceptions from `Wrangler`
To debug your worker via wrangler use `wrangler tail` to inspect and fix the exceptions.
Exceptions will show up under the `exceptions` field in the JSON returned by `wrangler tail`. After you have identified the exception that is causing errors, redeploy your code with a fix, and continue tailing the logs to confirm that it is fixed.
## Set up a 3rd party logging service
A Worker can make HTTP requests to any HTTP service on the public Internet. You can use a service like [Sentry](https://sentry.io) to collect error logs from your Worker, by making an HTTP request to the service to report the error. Refer to your service’s API documentation for details on what kind of request to make.
When using an external logging strategy, remember that outstanding asynchronous tasks are canceled as soon as a Worker finishes sending its main response body to the client. To ensure that a logging subrequest completes, pass the request promise to [`event.waitUntil()`](https://developer.mozilla.org/en-US/docs/Web/API/ExtendableEvent/waitUntil). For example:
```js
export default {
async fetch(request, env, ctx) {
function postLog(data) {
return fetch("https://log-service.example.com/", {
method: "POST",
body: data,
});
}
// Without ctx.waitUntil(), the `postLog` function may or may not complete.
ctx.waitUntil(postLog(stack));
return fetch(request);
},
};
```
:::caution[Service Workers are deprecated]
Service Workers are deprecated, but still supported. We recommend using [Module Workers](/workers/reference/migrate-to-module-workers/) instead. New features may not be supported for Service Workers.
:::
```js
addEventListener("fetch", (event) => {
event.respondWith(handleEvent(event));
});
async function handleEvent(event) {
// ...
// Without event.waitUntil(), the `postLog` function may or may not complete.
event.waitUntil(postLog(stack));
return fetch(event.request);
}
function postLog(data) {
return fetch("https://log-service.example.com/", {
method: "POST",
body: data,
});
}
```
## Go to origin on error
By using [`event.passThroughOnException`](/workers/runtime-apis/context/#passthroughonexception), a Workers application will forward requests to your origin if an exception is thrown during the Worker's execution. This allows you to add logging, tracking, or other features with Workers, without degrading your application's functionality.
```js
export default {
async fetch(request, env, ctx) {
ctx.passThroughOnException();
// an error here will return the origin response, as if the Worker wasn't present
return fetch(request);
},
};
```
:::caution[Service Workers are deprecated]
Service Workers are deprecated, but still supported. We recommend using [Module Workers](/workers/reference/migrate-to-module-workers/) instead. New features may not be supported for Service Workers.
:::
```js
addEventListener("fetch", (event) => {
event.passThroughOnException();
event.respondWith(handleRequest(event.request));
});
async function handleRequest(request) {
// An error here will return the origin response, as if the Worker wasn’t present.
// ...
return fetch(request);
}
```
## Related resources
- [Log from Workers](/workers/observability/logs/) - Learn how to log your Workers.
- [Logpush](/workers/observability/logs/logpush/) - Learn how to push Workers Trace Event Logs to supported destinations.
- [RPC error handling](/workers/runtime-apis/rpc/error-handling/) - Learn how to handle errors from remote-procedure calls.
---
# Metrics and analytics
URL: https://developers.cloudflare.com/workers/observability/metrics-and-analytics/
import { GlossaryTooltip } from "~/components"
There are two graphical sources of information about your Workers traffic at a given time: Workers metrics and zone-based Workers analytics.
Workers metrics can help you diagnose issues and understand your Workers' workloads by showing performance and usage of your Workers. If your Worker runs on a route on a zone, or on a few zones, Workers metrics will show how much traffic your Worker is handling on a per-zone basis, and how many requests your site is getting.
Zone analytics show how much traffic all Workers assigned to a zone are handling.
## Workers metrics
Workers metrics aggregate request data for an individual Worker (if your Worker is running across multiple domains, and on `*.workers.dev`, metrics will aggregate requests across them). To view your Worker's metrics:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Select **Compute (Workers)**.
3. In **Overview**, select your Worker to view its metrics.
There are two metrics that can help you understand the health of your Worker in a given moment: requests success and error metrics, and invocation statuses.
### Requests
The first graph shows historical request counts from the Workers runtime broken down into successful requests, errored requests, and subrequests.
* **Total**: All incoming requests registered by a Worker. Requests blocked by [WAF](https://www.cloudflare.com/waf/) or other security features will not count.
* **Success**: Requests that returned a Success or Client Disconnected invocation status.
* **Errors**: Requests that returned a Script Threw Exception, Exceeded Resources, or Internal Error invocation status — refer to [Invocation Statuses](/workers/observability/metrics-and-analytics/#invocation-statuses) for a breakdown of where your errors are coming from.
Request traffic data may display a drop off near the last few minutes displayed in the graph for time ranges less than six hours. This does not reflect a drop in traffic, but a slight delay in aggregation and metrics delivery.
### Subrequests
Subrequests are requests triggered by calling `fetch` from within a Worker. A subrequest that throws an uncaught error will not be counted.
* **Total**: All subrequests triggered by calling `fetch` from within a Worker.
* **Cached**: The number of cached responses returned.
* **Uncached**: The number of uncached responses returned.
### Wall time per execution
Wall time represents the elapsed time in milliseconds between the start of a Worker invocation, and when the Workers runtime determines that no more JavaScript needs to run. Specifically, wall time per execution chart measures the wall time that the JavaScript context remained open — including time spent waiting on I/O, and time spent executing in your Worker's [`waitUntil()`](/workers/runtime-apis/context/#waituntil) handler. Wall time is not the same as the time it takes your Worker to send the final byte of a response back to the client - wall time can be higher, if tasks within `waitUntil()` are still running after the response has been sent, or it can be lower. For example, when returning a response with a large body, the Workers runtime can, in some cases, determine that no more JavaScript needs to run, and closes the JavaScript context before all the bytes have passed through and been sent.
The Wall Time per execution chart shows historical wall time data broken down into relevant quantiles using [reservoir sampling](https://en.wikipedia.org/wiki/Reservoir_sampling). Learn more about [interpreting quantiles](https://www.statisticshowto.com/quantile-definition-find-easy-steps/).
### CPU Time per execution
The CPU Time per execution chart shows historical CPU time data broken down into relevant quantiles using [reservoir sampling](https://en.wikipedia.org/wiki/Reservoir_sampling). Learn more about [interpreting quantiles](https://www.statisticshowto.com/quantile-definition-find-easy-steps/). In some cases, higher quantiles may appear to exceed [CPU time limits](/workers/platform/limits/#cpu-time) without generating invocation errors because of a mechanism in the Workers runtime that allows rollover CPU time for requests below the CPU limit.
### Execution duration (GB-seconds)
The Duration per request chart shows historical [duration](/workers/platform/limits/#duration) per Worker invocation. The data is broken down into relevant quantiles, similar to the CPU time chart. Learn more about [interpreting quantiles](https://www.statisticshowto.com/quantile-definition-find-easy-steps/). Understanding duration on your Worker is especially useful when you are intending to do a significant amount of computation on the Worker itself.
### Invocation statuses
To review invocation statuses:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Select **Workers & Pages**.
3. Select your Worker.
4. Find the **Summary** graph in **Metrics**.
5. Select **Errors**.
Worker invocation statuses indicate whether a Worker executed successfully or failed to generate a response in the Workers runtime. Invocation statuses differ from HTTP status codes. In some cases, a Worker invocation succeeds but does not generate a successful HTTP status because of another error encountered outside of the Workers runtime. Some invocation statuses result in a [Workers error code](/workers/observability/errors/#error-pages-generated-by-workers) being returned to the client.
| Invocation status | Definition | Workers error code | GraphQL field |
| ---------------------- | ---------------------------------------------------------------------------- | ------------------ | ---------------------- |
| Success | Worker executed successfully | | `success` |
| Client disconnected | HTTP client (that is, the browser) disconnected before the request completed | | `clientDisconnected` |
| Worker threw exception | Worker threw an unhandled JavaScript exception | 1101 | `scriptThrewException` |
| Exceeded resources¹ | Worker exceeded runtime limits | 1102, 1027 | `exceededResources` |
| Internal error² | Workers runtime encountered an error | | `internalError` |
¹ The Exceeded Resources status may appear when the Worker exceeds a [runtime limit](/workers/platform/limits/#request-limits). The most common cause is excessive CPU time, but is also caused by a Worker exceeding startup time or free tier limits.
² The Internal Error status may appear when the Workers runtime fails to process a request due to an internal failure in our system. These errors are not caused by any issue with the Worker code nor any resource limit. While requests with Internal Error status are rare, some may appear during normal operation. These requests are not counted towards usage for billing purposes. If you notice an elevated rate of requests with Internal Error status, review [www.cloudflarestatus.com](https://www.cloudflarestatus.com/).
To further investigate exceptions, use [`wrangler tail`](/workers/wrangler/commands/#tail).
### Request duration
The request duration chart shows how long it took your Worker to respond to requests, including code execution and time spent waiting on I/O. The request duration chart is currently only available when your Worker has [Smart Placement](/workers/configuration/smart-placement) enabled.
In contrast to [execution duration](/workers/observability/metrics-and-analytics/#execution-duration-gb-seconds), which measures only the time a Worker is active, request duration measures from the time a request comes into a data center until a response is delivered.
The data shows the duration for requests with Smart Placement enabled compared to those with Smart Placement disabled (by default, 1% of requests are routed with Smart Placement disabled). The chart shows a histogram with duration across the x-axis and the percentage of requests that fall into the corresponding duration on the y-axis.
### Metrics retention
Worker metrics can be inspected for up to three months in the past in maximum increments of one week.
## Zone analytics
Zone analytics aggregate request data for all Workers assigned to any [routes](/workers/configuration/routing/routes/) defined for a zone.
To review zone metrics:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Select your site.
3. In **Analytics & Logs**, select **Workers**.
Zone data can be scoped by time range within the last 30 days. The dashboard includes charts and information described below.
### Subrequests
This chart shows subrequests — requests triggered by calling `fetch` from within a Worker — broken down by cache status.
* **Uncached**: Requests answered directly by your origin server or other servers responding to subrequests.
* **Cached**: Requests answered by Cloudflare’s [cache](https://www.cloudflare.com/learning/cdn/what-is-caching/). As Cloudflare caches more of your content, it accelerates content delivery and reduces load on your origin.
### Bandwidth
This chart shows historical bandwidth usage for all Workers on a zone broken down by cache status.
### Status codes
This chart shows historical requests for all Workers on a zone broken down by HTTP status code.
### Total requests
This chart shows historical data for all Workers on a zone broken down by successful requests, failed requests, and subrequests. These request types are categorized by HTTP status code where `200`-level requests are successful and `400` to `500`-level requests are failed.
## GraphQL
Worker metrics are powered by GraphQL. Learn more about querying our data sets in the [Querying Workers Metrics with GraphQL tutorial](/analytics/graphql-api/tutorials/querying-workers-metrics/).
---
# Query Builder
URL: https://developers.cloudflare.com/workers/observability/query-builder/
import { TabItem, Tabs, Steps, Render, WranglerConfig, YouTube, Markdown } from "~/components"
The Query Builder helps you write structured queries to investigate and visualize your telemetry data. The Query Builder searches the Workers Observability dataset, which currently includes all logs stored by [Workers Logs](/workers/observability/logs/workers-logs/).
The Query Builder can be found in the [Workers' Observability tab in the Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/investigate/).
## Enable Query Builder
The Query Builder is available to all developers and requires no enablement. Queries search all Workers Logs stored by Cloudflare. If you have not yet enabled Workers Logs, you can do so by adding the following setting to your [Worker's Wrangler file](/workers/observability/logs/workers-logs/#enable-workers-logs) and redeploying your Worker.
```toml
[observability]
enabled = true
[observability.logs]
invocation_logs = true
head_sampling_rate = 1 # optional. default = 1.
```
## Write a query in the Cloudflare dashboard
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/investigate/) and select your account.
2. In Account Home, go to **Workers & Pages**.
3. Select **Observability** in the left-hand navigation panel, and then the **Investigate** tab.
4. Select a **Visualization**.
5. Optional: Add fields to Filter, Group By, Order By, and Limit. For more information, see what [composes a query](/workers/observability/query-builder/#query-composition).
6. Optional: Select the appropriate time range.
7. Select **Run**. The query will automatically run whenever changes are made.
## Query composition
### Visualization
The Query Builder supports many visualization operators, including:
| Function | Arguments | Description |
| --- | --- | --- |
| **Count** | n/a | The total number of rows matching the query conditions |
| **Count Distinct** | any field | The number of occurrences of the unique values in the dataset |
| **Min** | numeric field | The smallest value for the field in the dataset |
| **Max** | numeric field | The largest value for the field in the dataset |
| **Sum** | numeric field | The total of all of the values for the field in the dataset |
| **Average** | numeric field | The average of the field in the dataset |
| **Standard Deviation** | numeric field | The standard deviation of the field in the dataset |
| **Variance** | numeric field | The variance of the field in the dataset |
| **P001** | numeric field | The value of the field below which 0.1% of the data falls |
| **P01** | numeric field | The value of the field below with 1% of the data falls |
| **P05** | numeric field | The value of the field below with 5% of the data falls |
| **P10** | numeric field | The value of the field below with 10% of the data falls |
| **P25** | numeric field | The value of the field below with 25% of the data falls |
| **Median (P50)** | numeric field | The value of the field below with 50% of the data falls |
| **P75** | numeric field | The value of the field below with 75% of the data falls |
| **P90** | numeric field | The value of the field below with 90% of the data falls |
| **P95** | numeric field | The value of the field below with 95% of the data falls |
| **P99** | numeric field | The value of the field below with 99% of the data falls |
| **P999** | numeric field | The value of the field below with 99.9% of the data falls |
You can add multiple visualizations in a single query. Each visualization renders a graph. A single summary table is also returned, which shows the raw query results.
All methods are aggregate functions. Most methods operate on a specific field in the log event. `Count` is an exception, and is an aggregate function that returns the number of log events matching the filter conditions.
### Filter
Filters help return the columns that match the specified conditions. Filters have three components: a key, an operator, and a value.
The key is any field in a log event. For example, you may choose `$workers.cpuTimeMs` or `$metadata.message`.
The operator is a logical condition that evaluates to true or false. See the table below for supported conditions:
| Data Type | Valid Conditions (Operators) |
| --- | --- |
| Numeric | Equals, Does not equal, Greater, Greater or equals, Less, Less or equals, Exists, Does not exist |
| String | Equals, Does not equal, Includes, Does not include, Regex, Exists, Does not exist, Starts with |
The value for a numeric field is an integer. The value for a string field is any string.
To add a filter:
1. Select **+** in the **Filter** section.
2. Select **Select key...** and input a key name. For example, `$workers.cpuTimeMs`.
3. Select the operator and change it to the operator best suited. For example, `Greater than`.
4. Select **Select value...** and input a value. For example, `100`.
When you run the query with the filter specified above, only log events where `$workers.cpuTimeMs > 100` will be returned.
Adding multiple filters combines them with an AND operator, meaning that only events matching all the filters will be returned.
### Search
Search is a text filter that returns only events containing the specified text. Search can be helpful as a quick filtering mechanism, or to search for unique identifiable values in your logs.
### Group By
Group By combines rows that have the same value into summary rows. For example, if a query adds `$workers.event.request.cf.country` as a Group By field, then the summary table will group by country.
### Order By
Order By affects how the results are sorted in the summary table. If `asc` is selected, the results are sorted in ascending order - from least to greatest. If `desc` is selected, the results are sorted in descending order - from greatest to least.
### Limit
Limit restricts the number of results returned. When paired with [Order By](/workers/observability/query-builder/#order-by), it can be used to return the "top" or "first" N results.
### Select time range
When you select a time range, you specify the time interval where you want to look for matching events. The retention period is dependent on your [plan type](/workers/observability/logs/workers-logs/#pricing).
## Viewing query results
There are three views for queries: Visualizations, Invocations, and Events.
### Visualizations tab
The **Visualizations** tab shows graphs and a summary table for the query.
### Invocations tab
The **Invocations** tab shows all logs, grouped by by the invocation, and ordered by timestamp. Only invocations matching the query criteria are returned.
### Events tab
The **Events** tab shows all logs, ordered by timestamp. Only events matching the query criteria are returned. The Events tab can be customized to add additional fields in the view.
## Save queries
It is recommended to save queries that may be reused for future investigations. You can save a query with a name, description, and custom tags by selecting **Save Query**. Queries are saved at the account-level and are accessible to all users in the account.
Saved queries can be re-run by selecting the relevant query from the **Queries** tab. You can edit the query and save edits.
Queries can be starred by users. Starred queries are unique to the user, and not to the account.
## Delete queries
Saved queries can be deleted from the **Queries** tab. If you delete a query, the query is deleted for all users in the account.
1. Select the [Queries](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/queries) tab in the Observability dashboard.
2. On the right-hand side, select the three dots for additional actions.
3. Select **Delete Query** and follow the instructions.
## Share queries
Saved queries are assigned a unique URL and can be shared with any user in the account.
## Example: Composing a query
In this example, we will construct a query to find and debug all paths that respond with 5xx errors. First, we create a base query. In this base query, we want to visualize by
the raw event count. We can add a filter for `$workers.event.response.status` that is greater than 500.
Then, we group by `$workers.event.request.path` and `$workers.event.response.status` to identify the number of requests that were
affected by this behavior.
The results show that the `/actuator/env` path has been experiencing 500s. Now, we can apply a filter for this path and investigate.
Now, we can investigate by selecting the **Invocations** tab. We can see that there were two logged invocations of this error.
We can expand a single invocation to view the relevant logs, and continue to debug.
---
# Source maps and stack traces
URL: https://developers.cloudflare.com/workers/observability/source-maps/
import { Render, WranglerConfig } from "~/components";
import { FileTree } from "@astrojs/starlight/components";
## Source Maps
To enable source maps, add the following to your Worker's [Wrangler configuration](/workers/wrangler/configuration/):
```toml
upload_source_maps = true
```
When `upload_source_maps` is set to `true`, Wrangler will automatically generate and upload source map files when you run [`wrangler deploy`](/workers/wrangler/commands/#deploy) or [`wrangler versions deploy`](/workers/wrangler/commands/#deploy-2).
:::note
Miniflare can also [output source maps](https://miniflare.dev/developing/source-maps) for use in local development or [testing](/workers/testing/miniflare/writing-tests).
:::
## Stack traces
When your Worker throws an uncaught exception, we fetch the source map and use it to map the stack trace of the exception back to lines of your Worker’s original source code.
You can then view the stack trace when streaming [real-time logs](/workers/observability/logs/real-time-logs/) or in [Tail Workers](/workers/observability/logs/tail-workers/).
:::note
The source map is retrieved after your Worker invocation completes — it's an asynchronous process that does not impact your Worker's CPU utilization or performance. Source maps are not accessible inside the Worker at runtime, if you `console.log()` the [stack property](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error/stack) within a Worker, you will not get a deobfuscated stack trace.
:::
When Cloudflare attempts to remap a stack trace to the Worker's source map, it does so line-by-line, remapping as much as possible. If a line of the stack trace cannot be remapped for any reason, Cloudflare will leave that line of the stack trace unchanged, and continue to the next line of the stack trace.
## Limits
:::note[Wrangler version]
Minimum required Wrangler version for source maps: 3.46.0. Check your version by running `wrangler --version`.
:::
| Description | Limit |
| ------------------------------ | ------------- |
| Maximum Source Map Size | 15 MB gzipped |
## Example
Consider a simple project. `src/index.ts` serves as the entrypoint of the application and `src/calculator.ts` defines a ComplexCalculator class that supports basic arithmetic.
- wrangler.jsonc
- tsconfig.json
- src
- calculator.ts
- index.ts
Let's see how source maps can simplify debugging an error in the ComplexCalculator class.
With **no source maps uploaded**: notice how all the Javascript has been minified to one file, so the stack trace is missing information on file name, shows incorrect line numbers, and incorrectly references `js` instead of `ts`.
With **source maps uploaded**: all methods reference the correct files and line numbers.
## Related resources
* [Tail Workers](/workers/observability/logs/logpush/) - Learn how to attach Tail Workers to transform your logs and send them to HTTP endpoints.
* [Real-time logs](/workers/observability/logs/real-time-logs/) - Learn how to capture Workers logs in real-time.
* [RPC error handling](/workers/runtime-apis/rpc/error-handling/) - Learn how exceptions are handled over RPC (Remote Procedure Call).
---
# Betas
URL: https://developers.cloudflare.com/workers/platform/betas/
These are the current alphas and betas relevant to the Cloudflare Workers platform.
* **Public alphas and betas are openly available**, but may have limitations and caveats due to their early stage of development.
* Private alphas and betas require explicit access to be granted. Refer to the documentation to join the relevant product waitlist.
| Product | Private Beta | Public Beta | More Info |
| ------------------------------------------------- | ------------ | ----------- | --------------------------------------------------------------------------- |
| Email Workers | | ✅ | [Docs](/email-routing/email-workers/) |
| Green Compute | | ✅ | [Blog](https://blog.cloudflare.com/earth-day-2022-green-compute-open-beta/) |
| Pub/Sub | ✅ | | [Docs](/pub-sub) |
| [TCP Sockets](/workers/runtime-apis/tcp-sockets/) | | ✅ | [Docs](/workers/runtime-apis/tcp-sockets) |
---
# Deploy to Cloudflare buttons
URL: https://developers.cloudflare.com/workers/platform/deploy-buttons/
import { Tabs, TabItem } from "@astrojs/starlight/components";
If you're building a Workers application and would like to share it with other developers, you can embed a Deploy to Cloudflare button in your README, blog post, or documentation to enable others to quickly deploy your application on their own Cloudflare account. Deploy to Cloudflare buttons eliminate the need for complex setup, allowing developers to get started with your public GitHub or GitLab repository in just a few clicks.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/templates/tree/staging/saas-admin-template)
## What are Deploy to Cloudflare buttons?
Deploy to Cloudflare buttons simplify the deployment of a Workers application by enabling Cloudflare to:
* **Clone a Git repository**: Cloudflare clones your source repository into the user's GitHub/GitLab account where they can continue development after deploying.
* **Configure a project**: Your users can customize key details such as repository name, Worker name, and required resource names in a single setup page with customizations reflected in the newly created Git repository.
* **Build & deploy**: Cloudflare builds the application using [Workers Builds](/workers/ci-cd/builds) and deploys it to the Cloudflare network. Any required resources are automatically provisioned and bound to the Worker without additional setup.
## How to Set Up Deploy to Cloudflare buttons
Deploy to Cloudflare buttons can be embedded anywhere developers might want to launch your project. To add a Deploy to Cloudflare button, copy the following snippet and replace the Git repository URL with your project's URL. You can also optionally specify a subdirectory.
```md
[](https://deploy.workers.cloudflare.com/?url=)
```
```html
```
```
https://deploy.workers.cloudflare.com/?url=
```
If you have already deployed your application using Workers Builds, you can generate a Deploy to Cloudflare button directly from the Cloudflare dashboard by selecting the share button (located within your Worker details) and copying the provided snippet.
Once you have your snippet, you can paste this wherever you would like your button to be displayed.
## Automatic Resource provisioning
If your Worker application requires Cloudflare resources, they will be automatically provisioned as part of the deployment. Currently, supported resources include:
* **Storage**: [KV namespaces](/kv/), [D1 databases](/d1/), [R2 buckets](/r2/), [Hyperdrive](/hyperdrive/), and [Vectorize databases](/vectorize/)
* **Compute**: [Durable Objects](/durable-objects/), [Workers AI](/workers-ai/), and [Queues](/queues/)
Cloudflare will read the Wrangler configuration file of your source repo to determine resource requirements for your application. During deployment, Cloudflare will provision any necessary resources and update the Wrangler configuration where applicable for newly created resources (e.g. database IDs and namespace IDs). To ensure successful deployment, please make sure your source repository includes default values for resource names, resource IDs and any other properties for each binding.
## Best practices
**Configuring Build/Deploy commands**: If you are using custom `build` and `deploy` scripts in your package.json (for example, if using a full stack framework or running D1 migrations), Cloudflare will automatically detect and pre-populate the build and deploy fields. Users can choose to modify or accept the custom commands during deployment configuration.
If no `deploy` script is specified, Cloudflare will preconfigure `npx wrangler deploy` by default. If no `build` script is specified, Cloudflare will leave this field blank.
**Running D1 Migrations**: If you would like to run migrations as part of your setup, you can specify this in your `package.json` by running your migrations as part of your `deploy` script. The migration command should reference the binding name rather than the database name to ensure migrations are successful when users specify a database name that is different from that of your source repository. The following is an example of how you can set up the scripts section of your `package.json`:
```json
{
"scripts": {
"build": "astro build",
"deploy": "npm run db:migrations:apply && wrangler deploy",
"db:migrations:apply": "wrangler d1 migrations apply DB_BINDING --remote"
}
}
```
## Limitations
* **Monorepos**: Cloudflare does not fully support monorepos
* If your repository URL contains a subdirectory, your application must be fully isolated within that subdirectory, including any dependencies. Otherwise, the build will fail. Cloudflare treats this subdirectory as the root of the new repository created as part of the deploy process.
* Additionally, if you have a monorepo that contains multiple Workers applications, they will not be deployed together. You must configure a separate Deploy to Cloudflare button for each application. The user will manually create a distinct Workers application for each subdirectory.
* **Pages applications**: Deploy to Cloudflare buttons only support Workers applications.
* **Non-GitHub/GitLab repositories**: Source repositories from anything other than github.com and gitlab.com are not supported. Self-hosted versions of GitHub and GitLab are also not supported.
* **Private repositories**: Repositories must be public in order for others to successfully use your Deploy to Cloudflare button.
---
# Platform
URL: https://developers.cloudflare.com/workers/platform/
import { DirectoryListing } from "~/components";
Pricing, limits and other information about the Workers platform.
---
# Known issues
URL: https://developers.cloudflare.com/workers/platform/known-issues/
Below are some known bugs and issues to be aware of when using Cloudflare Workers.
## Route specificity
* When defining route specificity, a trailing `/*` in your pattern may not act as expected.
Consider two different Workers, each deployed to the same zone. Worker A is assigned the `example.com/images/*` route and Worker B is given the `example.com/images*` route pattern. With these in place, here are how the following URLs will be resolved:
```
// (A) example.com/images/*
// (B) example.com/images*
"example.com/images"
// -> B
"example.com/images123"
// -> B
"example.com/images/hello"
// -> B
```
You will notice that all examples trigger Worker B. This includes the final example, which exemplifies the unexpected behavior.
When adding a wildcard on a subdomain, here are how the following URLs will be resolved:
```
// (A) *.example.com/a
// (B) a.example.com/*
"a.example.com/a"
// -> B
```
## wrangler dev
* When running `wrangler dev --remote`, all outgoing requests are given the `cf-workers-preview-token` header, which Cloudflare recognizes as a preview request. This applies to the entire Cloudflare network, so making HTTP requests to other Cloudflare zones is currently discarded for security reasons. To enable a workaround, insert the following code into your Worker script:
```js
const request = new Request(url, incomingRequest);
request.headers.delete('cf-workers-preview-token');
return await fetch(request);
```
## Fetch API in CNAME setup
When you make a subrequest using [`fetch()`](/workers/runtime-apis/fetch/) from a Worker, the Cloudflare DNS resolver is used. When a zone has a [Partial (CNAME) setup](/dns/zone-setups/partial-setup/), all hostnames that the Worker needs to be able to resolve require a dedicated DNS entry in Cloudflare's DNS setup. Otherwise the Fetch API call will fail with status code [530 (1016)](/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1016/).
Setup with missing DNS records in Cloudflare DNS
```
// Zone in partial setup: example.com
// DNS records at Authoritative DNS: sub1.example.com, sub2.example.com, ...
// DNS records at Cloudflare DNS: sub1.example.com
"sub1.example.com/"
// -> Can be resolved by Fetch API
"sub2.example.com/"
// -> Cannot be resolved by Fetch API, will lead to 530 status code
```
After adding `sub2.example.com` to Cloudflare DNS
```
// Zone in partial setup: example.com
// DNS records at Authoritative DNS: sub1.example.com, sub2.example.com, ...
// DNS records at Cloudflare DNS: sub1.example.com, sub2.example.com
"sub1.example.com/"
// -> Can be resolved by Fetch API
"sub2.example.com/"
// -> Can be resolved by Fetch API
```
## Fetch to IP addresses
For Workers subrequests, requests can only be made to URLs, not to IP addresses directly. To overcome this limitation [add a A or AAAA name record to your zone](https://developers.cloudflare.com/dns/manage-dns-records/how-to/create-dns-records/) and then fetch that resource.
For example, in the zone `example.com` create a record of type `A` with the name `server` and value `192.0.2.1`, and then use:
```js
await fetch('http://server.example.com')
```
Do not use:
```js
await fetch('http://192.0.2.1')
```
---
# Limits
URL: https://developers.cloudflare.com/workers/platform/limits/
import { Render, WranglerConfig } from "~/components";
## Account plan limits
| Feature | Workers Free | Workers Paid |
| -------------------------------------------------------------------------------- | ------------ | ------------ |
| [Subrequests](#subrequests) | 50/request | 1000/request |
| [Simultaneous outgoing connections/request](#simultaneous-open-connections) | 6 | 6 |
| [Environment variables](#environment-variables) | 64/Worker | 128/Worker |
| [Environment variable size](#environment-variables) | 5 KB | 5 KB |
| [Worker size](#worker-size) | 3 MB | 10 MB |
| [Worker startup time](#worker-startup-time) | 400 ms | 400 ms |
| [Number of Workers](#number-of-workers)1 | 100 | 500 |
| Number of [Cron Triggers](/workers/configuration/cron-triggers/) per account | 5 | 250 |
| Number of [Static Asset](#static-assets) files | 20000 | 20000 |
| Individual [Static Asset](#static-assets) file size | 25 MiB | 25 MiB |
1 If you are running into limits, your project may be a good fit for
[Workers for Platforms](/cloudflare-for-platforms/workers-for-platforms/).
---
## Request limits
URLs have a limit of 16 KB.
Request headers observe a total limit of 32 KB, but each header is limited to 16 KB.
Cloudflare has network-wide limits on the request body size. This limit is tied to your Cloudflare account's plan, which is separate from your Workers plan. When the request body size of your `POST`/`PUT`/`PATCH` requests exceed your plan's limit, the request is rejected with a `(413) Request entity too large` error.
Cloudflare Enterprise customers may contact their account team or [Cloudflare Support](/support/contacting-cloudflare-support/) to have a request body limit beyond 500 MB.
| Cloudflare Plan | Maximum body size |
| --------------- | ------------------- |
| Free | 100 MB |
| Pro | 100 MB |
| Business | 200 MB |
| Enterprise | 500 MB (by default) |
---
## Response limits
Response headers observe a total limit of 32 KB, but each header is limited to 16 KB.
Cloudflare does not enforce response limits on response body sizes, but cache limits for [our CDN are observed](/cache/concepts/default-cache-behavior/). Maximum file size is 512 MB for Free, Pro, and Business customers and 5 GB for Enterprise customers.
---
## Worker limits
| Feature | Workers Free | Workers Paid |
| ------------------------ | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Request](#request) | 100,000 requests/day 1000 requests/min | No limit |
| [Worker memory](#memory) | 128 MB | 128 MB |
| [CPU time](#cpu-time) | 10 ms | 5 min HTTP request 15 min [Cron Trigger](/workers/configuration/cron-triggers/) |
| [Duration](#duration) | No limit | No limit for Workers. 15 min duration limit for [Cron Triggers](/workers/configuration/cron-triggers/), [Durable Object Alarms](/durable-objects/api/alarms/) and [Queue Consumers](/queues/configuration/javascript-apis/#consumer) |
### Duration
Duration is a measurement of wall-clock time — the total amount of time from the start to end of an invocation of a Worker. There is no hard limit on the duration of a Worker. As long as the client that sent the request remains connected, the Worker can continue processing, making subrequests, and setting timeouts on behalf of that request. When the client disconnects, all tasks associated with that client request are canceled. Use [`event.waitUntil()`](/workers/runtime-apis/handlers/fetch/) to delay cancellation for another 30 seconds or until the promise passed to `waitUntil()` completes.
:::note
Cloudflare updates the Workers runtime a few times per week. When this happens, any in-flight requests are given a grace period of 30 seconds to finish. If a request does not finish within this time, it is terminated. While your application should follow the best practice of handling disconnects by retrying requests, this scenario is extremely improbable. To encounter it, you would need to have a request that takes longer than 30 seconds that also happens to intersect with the exact time an update to the runtime is happening.
:::
### CPU time
CPU time is the amount of time the CPU actually spends doing work during a given request.
If a Worker's request makes a sub-request and waits for that request to come back before
doing additional work, this time spent waiting **is not** counted towards CPU time.
**Most Workers requests consume less than 1-2 milliseconds of CPU time**, but you can increase the maximum CPU time from the default 30 seconds to 5 minutes (300,000 milliseconds) if you have CPU-bound tasks, such as large JSON payloads that need to be serialized, cryptographic key generation, or other data processing tasks.
To understand your CPU usage:
- CPU time and Wall time are surfaced in the [invocation log](/workers/observability/logs/workers-logs/#invocation-logs) within Workers Logs.
- For Tail Workers, CPU time and Wall time are surfaced at the top level of the [Workers Trace Events object](/logs/reference/log-fields/account/workers_trace_events/).
- DevTools locally can help identify CPU intensive portions of your code. See the [CPU profiling with DevTools documentation](/workers/observability/dev-tools/cpu-usage/).
You can also set a [custom limit](/workers/wrangler/configuration/#limits) on the amount of CPU time that can be used during each invocation of your Worker.
```jsonc
{
// ...rest of your configuration...
"limits": {
"cpu_ms": 300000, // default is 30000 (30 seconds)
},
// ...rest of your configuration...
}
```
You can also customize this in the [Workers dashboard](https://dash.cloudflare.com/?to=/:account/workers). Select the specific Worker you wish to modify -> click on the "Settings" tab -> adjust the CPU time limit.
:::note
Scheduled Workers ([Cron Triggers](/workers/configuration/cron-triggers/)) have different limits on CPU time based on the schedule interval. When the schedule interval is less than 1 hour, a Scheduled Worker may run for up to 30 seconds. When the schedule interval is more than 1 hour, a scheduled Worker may run for up to 15 minutes.
:::
---
## Cache API limits
| Feature | Workers Free | Workers Paid |
| ---------------------------------------- | ------------ | ------------ |
| [Maximum object size](#cache-api-limits) | 512 MB | 512 MB |
| [Calls/request](#cache-api-limits) | 50 | 1,000 |
Calls/request means the number of calls to `put()`, `match()`, or `delete()` Cache API method per-request, using the same quota as subrequests (`fetch()`).
:::note
The size of chunked response bodies (`Transfer-Encoding: chunked`) is not known in advance. Then, `.put()`ing such responses will block subsequent `.put()`s from starting until the current `.put()` completes.
:::
---
## Request
Workers automatically scale onto thousands of Cloudflare global network servers around the world. There is no general limit to the number of requests per second Workers can handle.
Cloudflare’s abuse protection methods do not affect well-intentioned traffic. However, if you send many thousands of requests per second from a small number of client IP addresses, you can inadvertently trigger Cloudflare’s abuse protection. If you expect to receive `1015` errors in response to traffic or expect your application to incur these errors, [contact Cloudflare support](/support/contacting-cloudflare-support/) to increase your limit. Cloudflare's anti-abuse Workers Rate Limiting does not apply to Enterprise customers.
You can also confirm if you have been rate limited by anti-abuse Worker Rate Limiting by logging into the Cloudflare dashboard, selecting your account and zone, and going to **Security** > **Events**. Find the event and expand it. If the **Rule ID** is `worker`, this confirms that it is the anti-abuse Worker Rate Limiting.
The burst rate and daily request limits apply at the account level, meaning that requests on your `*.workers.dev` subdomain count toward the same limit as your zones. Upgrade to a [Workers Paid plan](https://dash.cloudflare.com/?account=workers/plans) to automatically lift these limits.
:::caution
If you are currently being rate limited, upgrade to a [Workers Paid plan](https://dash.cloudflare.com/?account=workers/plans) to lift burst rate and daily request limits.
:::
### Burst rate
Accounts using the Workers Free plan are subject to a burst rate limit of 1,000 requests per minute. Users visiting a rate limited site will receive a Cloudflare `1015` error page. However if you are calling your Worker programmatically, you can detect the rate limit page and handle it yourself by looking for HTTP status code `429`.
Workers being rate-limited by Anti-Abuse Protection are also visible from the Cloudflare dashboard:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and your website.
2. Select **Security** > **Events** > scroll to **Sampled logs**.
3. Review the log for a Web Application Firewall block event with a `ruleID` of `worker`.
### Daily request
Accounts using the Workers Free plan are subject to a daily request limit of 100,000 requests. Free plan daily requests counts reset at midnight UTC. A Worker that fails as a result of daily request limit errors can be configured by toggling its corresponding [route](/workers/configuration/routing/routes/) in two modes: 1) Fail open and 2) Fail closed.
#### Fail open
Routes in fail open mode will bypass the failing Worker and prevent it from operating on incoming traffic. Incoming requests will behave as if there was no Worker.
#### Fail closed
Routes in fail closed mode will display a Cloudflare `1027` error page to visitors, signifying the Worker has been temporarily disabled. Cloudflare recommends this option if your Worker is performing security related tasks.
---
## Memory
Only one Workers instance runs on each of the many global Cloudflare global network servers. Each Workers instance can consume up to 128 MB of memory. Use [global variables](/workers/runtime-apis/web-standards/) to persist data between requests on individual nodes. Note however, that nodes are occasionally evicted from memory.
If a Worker processes a request that pushes the Worker over the 128 MB limit, the Cloudflare Workers runtime may cancel one or more requests. To view these errors, as well as CPU limit overages:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
2. Select **Workers & Pages** and in **Overview**, select the Worker you would like to investigate.
3. Under **Metrics**, select **Errors** > **Invocation Statuses** and examine **Exceeded Memory**.
Use the [TransformStream API](/workers/runtime-apis/streams/transformstream/) to stream responses if you are concerned about memory usage. This avoids loading an entire response into memory.
Using DevTools locally can help identify memory leaks in your code. See the [memory profiling with DevTools documentation](/workers/observability/dev-tools/memory-usage/) to learn more.
---
## Subrequests
A subrequest is any request that a Worker makes to either Internet resources using the [Fetch API](/workers/runtime-apis/fetch/) or requests to other Cloudflare services like [R2](/r2/), [KV](/kv/), or [D1](/d1/).
### Worker-to-Worker subrequests
To make subrequests from your Worker to another Worker on your account, use [Service Bindings](/workers/runtime-apis/bindings/service-bindings/). Service bindings allow you to send HTTP requests to another Worker without those requests going over the Internet.
If you attempt to use global [`fetch()`](/workers/runtime-apis/fetch/) to make a subrequest to another Worker on your account that runs on the same [zone](/fundamentals/concepts/accounts-and-zones/#zones), without service bindings, the request will fail.
If you make a subrequest from your Worker to a target Worker that runs on a [Custom Domain](/workers/configuration/routing/custom-domains/#worker-to-worker-communication) rather than a route, the request will be allowed.
### How many subrequests can I make?
You can make 50 subrequests per request on Workers Free, and 1,000 subrequests per request on Workers Paid. Each subrequest in a redirect chain counts against this limit. This means that the number of subrequests a Worker makes could be greater than the number of `fetch(request)` calls in the Worker.
For subrequests to internal services like Workers KV and Durable Objects, the subrequest limit is 1,000 per request, regardless of the [usage model](/workers/platform/pricing/#workers) configured for the Worker.
### How long can a subrequest take?
There is no set limit on the amount of real time a Worker may use. As long as the client which sent a request remains connected, the Worker may continue processing, making subrequests, and setting timeouts on behalf of that request.
When the client disconnects, all tasks associated with that client’s request are proactively canceled. If the Worker passed a promise to [`event.waitUntil()`](/workers/runtime-apis/handlers/fetch/), cancellation will be delayed until the promise has completed or until an additional 30 seconds have elapsed, whichever happens first.
---
## Simultaneous open connections
You can open up to six connections simultaneously for each invocation of your Worker. The connections opened by the following API calls all count toward this limit:
- the `fetch()` method of the [Fetch API](/workers/runtime-apis/fetch/).
- `get()`, `put()`, `list()`, and `delete()` methods of [Workers KV namespace objects](/kv/api/).
- `put()`, `match()`, and `delete()` methods of [Cache objects](/workers/runtime-apis/cache/).
- `list()`, `get()`, `put()`, `delete()`, and `head()` methods of [R2](/r2/).
- `send()` and `sendBatch()`, methods of [Queues](/queues/).
- Opening a TCP socket using the [`connect()`](/workers/runtime-apis/tcp-sockets/) API.
Once an invocation has six connections open, it can still attempt to open additional connections.
- These attempts are put in a pending queue — the connections will not be initiated until one of the currently open connections has closed.
- Earlier connections can delay later ones, if a Worker tries to make many simultaneous subrequests, its later subrequests may appear to take longer to start.
If you have cases in your application that use `fetch()` but that do not require consuming the response body, you can avoid the unread response body from consuming a concurrent connection by using `response.body.cancel()`.
For example, if you want to check whether the HTTP response code is successful (2xx) before consuming the body, you should explicitly cancel the pending response body:
```ts
let resp = await fetch(url);
// Only read the response body for successful responses
if (resp.statusCode <= 299) {
// Call resp.json(), resp.text() or otherwise process the body
} else {
// Explicitly cancel it
resp.body.cancel();
}
```
This will free up an open connection.
If the system detects that a Worker is deadlocked on open connections — for example, if the Worker has pending connection attempts but has no in-progress reads or writes on the connections that it already has open — then the least-recently-used open connection will be canceled to unblock the Worker.
If the Worker later attempts to use a canceled connection, an exception will be thrown. These exceptions should rarely occur in practice, though, since it is uncommon for a Worker to open a connection that it does not have an immediate use for.
:::note
Simultaneous Open Connections are measured from the top-level request, meaning any connections open from Workers sharing resources (for example, Workers triggered via [Service bindings](/workers/runtime-apis/bindings/service-bindings/)) will share the simultaneous open connection limit.
:::
---
## Environment variables
The maximum number of environment variables (secret and text combined) for a Worker is 128 variables on the Workers Paid plan, and 64 variables on the Workers Free plan.
There is no limit to the number of environment variables per account.
Each environment variable has a size limitation of 5 KB.
---
## Worker size
A Worker can be up to 10 MB in size _after compression_ on the Workers Paid plan, and up to 3 MB on the Workers Free plan. On either plan, a Worker can be up to 64 MB _before compression_.
You can assess the size of your Worker bundle after compression by performing a dry-run with `wrangler` and reviewing the final compressed (`gzip`) size output by `wrangler`:
```sh
wrangler deploy --outdir bundled/ --dry-run
```
```sh output
# Output will resemble the below:
Total Upload: 259.61 KiB / gzip: 47.23 KiB
```
Note that larger Worker bundles can impact the start-up time of the Worker, as the Worker needs to be loaded into memory.
To reduce the upload size of a Worker, consider some of the following strategies:
- Removing unnecessary dependencies and packages
- Storing configuration files, static assets, and binary data using [Workers KV](/kv/), [R2](/r2/), [D1](/d1/), or [Workers Static Assets](/workers/static-assets/) instead of bundling them within your Worker code.
- Splitng functionality across multiple Workers and connecting them using [Service bindings](/workers/runtime-apis/bindings/service-bindings/).
---
## Worker startup time
A Worker must be able to be parsed and execute its global scope (top-level code outside of any handlers) within 400 ms. Worker size can impact startup because there is more code to parse and evaluate. Avoiding expensive code in the global scope can keep startup efficient as well.
You can measure your Worker's startup time by deploying it to Cloudflare using [Wrangler](/workers/wrangler/). When you run `npx wrangler@latest deploy` or `npx wrangler@latest versions upload`, Wrangler will output the startup time of your Worker in the command-line output, using the `startup_time_ms` field in the [Workers Script API](/api/resources/workers/subresources/scripts/methods/update/) or [Workers Versions API](/api/resources/workers/subresources/scripts/subresources/versions/methods/create/).
If you are having trouble staying under this limit, consider [profiling using DevTools](/workers/observability/dev-tools/) locally to learn how to optimize your code.
When you attempt to deploy a Worker using the [Wrangler CLI](/workers/wrangler/), but your deployment is rejected because your Worker exceeds the maximum startup time, Wrangler will automatically generate a CPU profile that you can import into Chrome DevTools or open directly in VSCode. You can use this to learn what code in your Worker uses large amounts of CPU time at startup. Refer to [`wrangler check startup`](/workers/wrangler/commands/#startup) for more details.
---
## Number of Workers
You can have up to 500 Workers on your account on the Workers Paid plan, and up to 100 Workers on the Workers Free plan.
If you need more than 500 Workers, consider using [Workers for Platforms](/cloudflare-for-platforms/workers-for-platforms/).
---
## Routes and domains
### Number of routes per zone
Each zone has a limit of 1,000 [routes](/workers/configuration/routing/routes/). If you require more than 1,000 routes on your zone, consider using [Workers for Platforms](/cloudflare-for-platforms/workers-for-platforms/) or request an increase to this limit.
### Number of routes per zone when using `wrangler dev --remote`
When you run a [remote development](/workers/local-development/#develop-using-remote-resources-and-bindings) session using the `--remote` flag, a limit of 50 [routes](/workers/configuration/routing/routes/) per zone is enforced. The Quick Editor in the Cloudflare Dashboard also uses `wrangler dev --remote`, so any changes made there are subject to the same 50-route limit. If your zone has more than 50 routes, you **will not be able to run a remote session**. To fix this, you must remove routes until you are under the 50-route limit.
### Number of custom domains per zone
Each zone has a limit of 100 [custom domains](/workers/configuration/routing/custom-domains/). If you require more than 100 custom domains on your zone, consider using a wildcard [route](/workers/configuration/routing/routes/) or request an increase to this limit.
### Number of routed zones per Worker
When configuring [routing](/workers/configuration/routing/), the maximum number of zones that can be referenced by a Worker is 1,000. If you require more than 1,000 zones on your Worker, consider using [Workers for Platforms](/cloudflare-for-platforms/workers-for-platforms/) or request an increase to this limit.
---
## Image Resizing with Workers
When using Image Resizing with Workers, refer to [Image Resizing documentation](/images/transform-images/) for more information on the applied limits.
---
## Log size
You can emit a maximum of 256 KB of data (across `console.log()` statements, exceptions, request metadata and headers) to the console for a single request. After you exceed this limit, further context associated with the request will not be recorded in logs, appear when tailing logs of your Worker, or within a [Tail Worker](/workers/observability/logs/tail-workers/).
Refer to the [Workers Trace Event Logpush documentation](/workers/observability/logs/logpush/#limits) for information on the maximum size of fields sent to logpush destinations.
---
## Unbound and Bundled plan limits
:::note
Unbound and Bundled plans have been deprecated and are no longer available for new accounts.
:::
If your Worker is on an Unbound plan, your limits are exactly the same as the Workers Paid plan.
If your Worker is on a Bundled plan, your limits are the same as the Workers Paid plan except for the following differences:
- Your limit for [subrequests](/workers/platform/limits/#subrequests) is 50/request
- Your limit for [CPU time](/workers/platform/limits/#cpu-time) is 50ms for HTTP requests and 50ms for [Cron Triggers](/workers/configuration/cron-triggers/)
- You have no [Duration](/workers/platform/limits/#duration) limits for [Cron Triggers](/workers/configuration/cron-triggers/), [Durable Object alarms](/durable-objects/api/alarms/), or [Queue consumers](/queues/configuration/javascript-apis/#consumer)
- Your Cache API limits for calls/requests is 50
---
## Static Assets
### Files
There is a 20,000 file count limit per [Worker version](/workers/configuration/versions-and-deployments/), and a 25 MiB individual file size limit. This matches the [limits in Cloudflare Pages](/pages/platform/limits/) today.
### Headers
A `_headers` file may contain up to 100 rules and each line may contain up to 2,000 characters. The entire line, including spacing, header name, and value, counts towards this limit.
### Redirects
A `_redirects` file may contain up to 2,000 static redirects and 100 dynamic redirects, for a combined total of 2,100 redirects. Each redirect declaration has a 1,000-character limit.
---
## Related resources
Review other developer platform resource limits.
- [KV limits](/kv/platform/limits/)
- [Durable Object limits](/durable-objects/platform/limits/)
- [Queues limits](/queues/platform/limits/)
---
# Choose a data or storage product
URL: https://developers.cloudflare.com/workers/platform/storage-options/
import { Render, Details } from "~/components";
This guide describes the storage & database products available as part of Cloudflare Workers, including recommended use-cases and best practices.
## Choose a storage product
The following table maps our storage & database products to common industry terms as well as recommended use-cases:
Applications can build on multiple storage & database products: for example, using Workers KV for session data; R2 for large file storage, media assets and user-uploaded files; and Hyperdrive to connect to a hosted Postgres or MySQL database.
:::note[Pages Functions]
Storage options can also be used by your front-end application built with Cloudflare Pages. For more information on available storage options for Pages applications, refer to the [Pages Functions bindings documentation](/pages/functions/bindings/).
:::
## SQL database options
There are three options for SQL-based databases available when building applications with Workers.
* **Hyperdrive** if you have an existing Postgres or MySQL database, require large (1TB, 100TB or more) single databases, and/or want to use your existing database tools. You can also connect Hyperdrive to database platforms like [PlanetScale](https://planetscale.com/) or [Neon](https://neon.tech/).
* **D1** for lightweight, serverless applications that are read-heavy, have global users that benefit from D1's [read replication](/d1/best-practices/read-replication/), and do not require you to manage and maintain a traditional RDBMS. You can connect to
* **Durable Objects** for stateful serverless workloads, per-user or per-customer SQL state, and building distributed systems (D1 and Queues are built on Durable Objects) where Durable Object's [strict serializability](https://blog.cloudflare.com/durable-objects-easy-fast-correct-choose-three/) enables global ordering of requests and storage operations.
### Session storage
We recommend using [Workers KV](/kv/) for storing session data, credentials (API keys), and/or configuration data. These are typically read at high rates (thousands of RPS or more), are not typically modified (within KV's 1 write RPS per unique key limit), and do not need to be immediately consistent.
Frequently read keys benefit from KV's [internal cache](/kv/concepts/how-kv-works/), and repeated reads to these "hot" keys will typically see latencies in the 500µs to 10ms range.
Authentication frameworks like [OpenAuth](https://openauth.js.org/docs/storage/cloudflare/) use Workers KV as session storage when deployed to Cloudflare, and [Cloudflare Access](/cloudflare-one/policies/access/) uses KV to securely store and distribute user credentials so that they can be validated as close to the user as possible and reduce overall latency.
## Product overviews
### Workers KV
Workers KV is an eventually consistent key-value data store that caches on the Cloudflare global network.
It is ideal for projects that require:
- High volumes of reads and/or repeated reads to the same keys.
- Low-latency global reads (typically within 10ms for hot keys)
- Per-object time-to-live (TTL).
- Distributed configuration and/or session storage.
To get started with KV:
- Read how [KV works](/kv/concepts/how-kv-works/).
- Create a [KV namespace](/kv/concepts/kv-namespaces/).
- Review the [KV Runtime API](/kv/api/).
- Learn about KV [Limits](/kv/platform/limits/).
### R2
R2 is S3-compatible blob storage that allows developers to store large amounts of unstructured data without egress fees associated with typical cloud storage services.
It is ideal for projects that require:
- Storage for files which are infrequently accessed.
- Large object storage (for example, gigabytes or more per object).
- Strong consistency per object.
- Asset storage for websites (refer to [caching guide](/r2/buckets/public-buckets/#caching))
To get started with R2:
- Read the [Get started guide](/r2/get-started/).
- Learn about R2 [Limits](/r2/platform/limits/).
- Review the [R2 Workers API](/r2/api/workers/workers-api-reference/).
### Durable Objects
Durable Objects provide low-latency coordination and consistent storage for the Workers platform through global uniqueness and a transactional storage API.
- Global Uniqueness guarantees that there will be a single instance of a Durable Object class with a given ID running at once, across the world. Requests for a Durable Object ID are routed by the Workers runtime to the Cloudflare data center that owns the Durable Object.
- The transactional storage API provides strongly consistent key-value storage to the Durable Object. Each Object can only read and modify keys associated with that Object. Execution of a Durable Object is single-threaded, but multiple request events may still be processed out-of-order from how they arrived at the Object.
It is ideal for projects that require:
- Real-time collaboration (such as a chat application or a game server).
- Consistent storage.
- Data locality.
To get started with Durable Objects:
- Read the [introductory blog post](https://blog.cloudflare.com/introducing-workers-durable-objects/).
- Review the [Durable Objects documentation](/durable-objects/).
- Get started with [Durable Objects](/durable-objects/get-started/).
- Learn about Durable Objects [Limits](/durable-objects/platform/limits/).
### D1
[D1](/d1/) is Cloudflare’s native serverless database. With D1, you can create a database by importing data or defining your tables and writing your queries within a Worker or through the API.
D1 is ideal for:
- Persistent, relational storage for user data, account data, and other structured datasets.
- Use-cases that require querying across your data ad-hoc (using SQL).
- Workloads with a high ratio of reads to writes (most web applications).
To get started with D1:
- Read [the documentation](/d1)
- Follow the [Get started guide](/d1/get-started/) to provision your first D1 database.
- Review the [D1 Workers Binding API](/d1/worker-api/).
:::note
If your working data size exceeds 10 GB (the maximum size for a D1 database), consider splitting the database into multiple, smaller D1 databases.
:::
### Queues
Cloudflare Queues allows developers to send and receive messages with guaranteed delivery. It integrates with [Cloudflare Workers](/workers) and offers at-least once delivery, message batching, and does not charge for egress bandwidth.
Queues is ideal for:
- Offloading work from a request to schedule later.
- Send data from Worker to Worker (inter-Service communication).
- Buffering or batching data before writing to upstream systems, including third-party APIs or [Cloudflare R2](/queues/examples/send-errors-to-r2/).
To get started with Queues:
- [Set up your first queue](/queues/get-started/).
- Learn more [about how Queues works](/queues/reference/how-queues-works/).
### Hyperdrive
Hyperdrive is a service that accelerates queries you make to MySQL and Postgres databases, making it faster to access your data from across the globe, irrespective of your users’ location.
Hyperdrive allows you to:
- Connect to an existing database from Workers without connection overhead.
- Cache frequent queries across Cloudflare's global network to reduce response times on highly trafficked content.
- Reduce load on your origin database with connection pooling.
To get started with Hyperdrive:
- [Connect Hyperdrive](/hyperdrive/get-started/) to your existing database.
- Learn more [about how Hyperdrive speeds up your database queries](/hyperdrive/configuration/how-hyperdrive-works/).
## Pipelines
Pipelines is a streaming ingestion service that allows you to ingest high volumes of real time data, without managing any infrastructure.
Pipelines allows you to:
- Ingest data at extremely high throughput (tens of thousands of records per second or more)
- Batch and write data directly to object storage, ready for querying
- (Future) Transform and aggregate data during ingestion
To get started with Pipelines:
- [Create a Pipeline](/pipelines/getting-started/) that can batch and write records to R2.
- Learn more [about how Pipelines works](/pipelines/concepts/how-pipelines-work/).
### Analytics Engine
Analytics Engine is Cloudflare's time-series and metrics database that allows you to write unlimited-cardinality analytics at scale using a built-in API to write data points from Workers and query that data using SQL directly.
Analytics Engine allows you to:
- Expose custom analytics to your own customers
- Build usage-based billing systems
- Understand the health of your service on a per-customer or per-user basis
- Add instrumentation to frequently called code paths, without impacting performance or overwhelming external analytics systems with events
Cloudflare uses Analytics Engine internally to store and product per-product metrics for products like D1 and R2 at scale.
To get started with Analytics Engine:
- Learn how to [get started with Analytics Engine](/analytics/analytics-engine/get-started/)
- See [an example of writing time-series data to Analytics Engine](/analytics/analytics-engine/recipes/usage-based-billing-for-your-saas-product/)
- Understand the [SQL API](/analytics/analytics-engine/sql-api/) for reading data from your Analytics Engine datasets
### Vectorize
Vectorize is a globally distributed vector database that enables you to build full-stack, AI-powered applications with Cloudflare Workers and [Workers AI](/workers-ai/).
Vectorize allows you to:
- Store embeddings from any vector embeddings model (Bring Your Own embeddings) for semantic search and classification tasks.
- Add context to Large Language Model (LLM) queries by using vector search as part of a [Retrieval Augmented Generation](/workers-ai/guides/tutorials/build-a-retrieval-augmented-generation-ai/) (RAG) workflow.
- [Filter on vector metadata](/vectorize/reference/metadata-filtering/) to reduce the search space and return more relevant results.
To get started with Vectorize:
- [Create your first vector database](/vectorize/get-started/intro/).
- Combine [Workers AI and Vectorize](/vectorize/get-started/embeddings/) to generate, store and query text embeddings.
- Learn more about [how vector databases work](/vectorize/reference/what-is-a-vector-database/).
---
# Pricing
URL: https://developers.cloudflare.com/workers/platform/pricing/
import { GlossaryTooltip, Render } from "~/components";
By default, users have access to the Workers Free plan. The Workers Free plan includes limited usage of Workers, Pages Functions, Workers KV and Hyperdrive. Read more about the [Free plan limits](/workers/platform/limits/#worker-limits).
The Workers Paid plan includes Workers, Pages Functions, Workers KV, Hyperdrive, and Durable Objects usage for a minimum charge of $5 USD per month for an account. The plan includes increased initial usage allotments, with clear charges for usage that exceeds the base plan. There are no additional charges for data transfer (egress) or throughput (bandwidth).
All included usage is on a monthly basis.
:::note[Pages Functions billing]
All [Pages Functions](/pages/functions/) are billed as Workers. All pricing and inclusions in this document apply to Pages Functions. Refer to [Functions Pricing](/pages/functions/pricing/) for more information on Pages Functions pricing.
:::
## Workers
Users on the Workers Paid plan have access to the Standard usage model. Workers Enterprise accounts are billed based on the usage model specified in their contract. To switch to the Standard usage model, reach out to your CSM.
| | Requests1, 2 | Duration | CPU time |
| ------------ | ------------------------------------------------------------------ | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Free** | 100,000 per day | No charge for duration | 10 milliseconds of CPU time per invocation |
| **Standard** | 10 million included per month +$0.30 per additional million | No charge or limit for duration | 30 million CPU milliseconds included per month +$0.02 per additional million CPU milliseconds
Max of [5 minutes of CPU time](/workers/platform/limits/#worker-limits) per invocation (default: 30 seconds) Max of 15 minutes of CPU time per [Cron Trigger](/workers/configuration/cron-triggers/) or [Queue Consumer](/queues/configuration/javascript-apis/#consumer) invocation |
1 Inbound requests to your Worker. Cloudflare does not bill for
[subrequests](/workers/platform/limits/#subrequests) you make from your Worker.
2 Requests to static assets are free and unlimited.
### Example pricing
#### Example 1
A Worker that serves 15 million requests per month, and uses an average of 7 milliseconds (ms) of CPU time per request, would have the following estimated costs:
| | Monthly Costs | Formula |
| ---------------- | ------------- | --------------------------------------------------------------------------------------------------------- |
| **Subscription** | $5.00 | |
| **Requests** | $1.50 | (15,000,000 requests - 10,000,000 included requests) / 1,000,000 \* $0.30 |
| **CPU time** | $1.50 | ((7 ms of CPU time per request \* 15,000,000 requests) - 30,000,000 included CPU ms) / 1,000,000 \* $0.02 |
| **Total** | $8.00 | |
#### Example 2
A project that serves 15 million requests per month, with 80% (12 million) requests serving [static assets](/workers/static-assets/) and the remaining invoking dynamic Worker code. The Worker uses an average of 7 milliseconds (ms) of time per request.
Requests to static assets are free and unlimited. This project would have the following estimated costs:
| | Monthly Costs | Formula |
| ----------------------------- | ------------- | ------- |
| **Subscription** | $5.00 | |
| **Requests to static assets** | $0 | - |
| **Requests to Worker** | $0 | - |
| **CPU time** | $0 | - |
| **Total** | $5.00 |
| |
#### Example 3
A Worker that runs on a [Cron Trigger](/workers/configuration/cron-triggers/) once an hour to collect data from multiple APIs, process the data and create a report.
- 720 requests/month
- 3 minutes (180,000ms) of CPU time per request
In this scenario, the estimated monthly cost would be calculated as:
| | Monthly Costs | Formula |
| ---------------- | ------------- | -------------------------------------------------------------------------------------------------------- |
| **Subscription** | $5.00 | |
| **Requests** | $0.00 | - |
| **CPU time** | $1.99 | ((180,000 ms of CPU time per request \* 720 requests) - 30,000,000 included CPU ms) / 1,000,000 \* $0.02 |
| **Total** | $6.99 | |
| | | |
#### Example 4
A high traffic Worker that serves 100 million requests per month, and uses an average of 7 milliseconds (ms) of CPU time per request, would have the following estimated costs:
| | Monthly Costs | Formula |
| ---------------- | ------------- | ---------------------------------------------------------------------------------------------------------- |
| **Subscription** | $5.00 | |
| **Requests** | $27.00 | (100,000,000 requests - 10,000,000 included requests) / 1,000,000 \* $0.30 |
| **CPU time** | $13.40 | ((7 ms of CPU time per request \* 100,000,000 requests) - 30,000,000 included CPU ms) / 1,000,000 \* $0.02 |
| **Total** | $45.40 | |
:::note[Custom limits]
To prevent accidental runaway bills or denial-of-wallet attacks, configure the maximum amount of CPU time that can be used per invocation by [defining limits in your Worker's Wrangler file](/workers/wrangler/configuration/#limits), or via the Cloudflare dashboard (**Workers & Pages** > Select your Worker > **Settings** > **CPU Limits**).
If you had a Worker on the Bundled usage model prior to the migration to Standard pricing on March 1, 2024, Cloudflare has automatically added a 50 ms CPU limit on your Worker.
:::
### How to switch usage models
:::note
Some Workers Enterprise customers maintain the ability to change usage models.
:::
Users on the Workers Paid plan have access to the Standard usage model. However, some users may still have a legacy usage model configured.
Legacy usage models include Workers Unbound and Workers Bundled. Users are advised to move to the Workers Standard usage model.
Changing the usage model only affects billable usage, and has no technical implications.
To change your default account-wide usage model:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers-and-pages) and select your account.
2. In Account Home, select **Workers & Pages**.
3. Find **Usage Model** on the right-side menu > **Change**.
Usage models may be changed at the individual Worker level:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers/services/view/:worker/production/settings) and select your account.
2. In Account Home, select **Workers & Pages**.
3. In **Overview**, select your Worker > **Settings** > **Usage Model**.
Existing Workers will not be impacted when changing the default usage model. You may change the usage model for individual Workers without affecting your account-wide default usage model.
:::
## Workers Logs
:::note[Workers Logs documentation]
For more information and [examples of Workers Logs billing](/workers/observability/logs/workers-logs/#example-pricing), refer to the [Workers Logs documentation](/workers/observability/logs/workers-logs).
:::
## Workers Trace Events Logpush
Workers Logpush is only available on the Workers Paid plan.
| | Paid plan |
| --------------------- | ---------------------------------- |
| Requests 1 | 10 million / month, +$0.05/million |
1 Workers Logpush charges for request logs that reach your end
destination after applying filtering or sampling.
## Workers KV
:::note[KV documentation]
To learn more about KV, refer to the [KV documentation](/kv/).
:::
## Hyperdrive
:::note[Hyperdrive documentation]
To learn more about Hyperdrive, refer to the [Hyperdrive documentation](/hyperdrive/).
:::
## Queues
:::note[Queues billing examples]
To learn more about Queues pricing and review billing examples, refer to [Queues Pricing](/queues/platform/pricing/).
:::
## D1
D1 is available on both the Workers Free and Workers Paid plans.
:::note[D1 billing]
Refer to [D1 Pricing](/d1/platform/pricing/) to learn more about how D1 is billed.
:::
## Durable Objects
:::note[Durable Objects billing examples]
For more information and [examples of Durable Objects billing](/durable-objects/platform/pricing#compute-billing-examples), refer to [Durable Objects Pricing](/durable-objects/platform/pricing/).
:::
## Vectorize
Vectorize is currently only available on the Workers paid plan.
## Service bindings
Requests made from your Worker to another worker via a [Service Binding](/workers/runtime-apis/bindings/service-bindings/) do not incur additional request fees. This allows you to split apart functionality into multiple Workers, without incurring additional costs.
For example, if Worker A makes a subrequest to Worker B via a Service Binding, or calls an RPC method provided by Worker B via a Service Binding, this is billed as:
- One request (for the initial invocation of Worker A)
- The total amount of CPU time used across both Worker A and Worker B
:::note[Only available on Workers Standard pricing]
If your Worker is on the deprecated Bundled or Unbound pricing plans, incoming requests from Service Bindings are charged the same as requests from the Internet. In the example above, you would be charged for two requests, one to Worker A, and one to Worker B.
:::
## Fine Print
Workers Paid plan is separate from any other Cloudflare plan (Free, Professional, Business) you may have. If you are an Enterprise customer, reach out to your account team to confirm pricing details.
Only requests that hit a Worker will count against your limits and your bill. Since Cloudflare Workers runs before the Cloudflare cache, the caching of a request still incurs costs. Refer to [Limits](/workers/platform/limits/) to review definitions and behavior after a limit is hit.
---
# Workers for Platforms
URL: https://developers.cloudflare.com/workers/platform/workers-for-platforms/
Deploy custom code on behalf of your users or let your users directly deploy their own code to your platform, managing infrastructure.
---
# 103 Early Hints
URL: https://developers.cloudflare.com/workers/examples/103-early-hints/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/103-early-hints)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
`103` Early Hints is an HTTP status code designed to speed up content delivery. When enabled, Cloudflare can cache the `Link` headers marked with preload and/or preconnect from HTML pages and serve them in a `103` Early Hints response before reaching the origin server. Browsers can use these hints to fetch linked assets while waiting for the origin’s final response, dramatically improving page load speeds.
To ensure Early Hints are enabled on your zone:
1. Log in to the [Cloudflare Dashboard](https://dash.cloudflare.com) and select your account and website.
2. Go to **Speed** > **Optimization** > **Content Optimization**.
3. Enable the **Early Hints** toggle to on.
You can return `Link` headers from a Worker running on your zone to speed up your page load times.
```js
const CSS = "body { color: red; }";
const HTML = `
Early Hints test
Early Hints test page
`;
export default {
async fetch(req) {
// If request is for test.css, serve the raw CSS
if (/test\.css$/.test(req.url)) {
return new Response(CSS, {
headers: {
"content-type": "text/css",
},
});
} else {
// Serve raw HTML using Early Hints for the CSS file
return new Response(HTML, {
headers: {
"content-type": "text/html",
link: "; rel=preload; as=style",
},
});
}
},
};
```
```js
const CSS = "body { color: red; }";
const HTML = `
Early Hints test
Early Hints test page
`;
export default {
async fetch(req): Promise {
// If request is for test.css, serve the raw CSS
if (/test\.css$/.test(req.url)) {
return new Response(CSS, {
headers: {
"content-type": "text/css",
},
});
} else {
// Serve raw HTML using Early Hints for the CSS file
return new Response(HTML, {
headers: {
"content-type": "text/html",
link: "; rel=preload; as=style",
},
});
}
},
} satisfies ExportedHandler;
```
```py
import re
from workers import Response
CSS = "body { color: red; }"
HTML = """
Early Hints test
Early Hints test page
"""
def on_fetch(request):
if re.search("test.css", request.url):
headers = {"content-type": "text/css"}
return Response(CSS, headers=headers)
else:
headers = {"content-type": "text/html","link": "; rel=preload; as=style"}
return Response(HTML, headers=headers)
```
```ts
import { Hono } from "hono";
const app = new Hono();
const CSS = "body { color: red; }";
const HTML = `
Early Hints test
Early Hints test page
`;
// Serve CSS file
app.get("/test.css", (c) => {
return c.body(CSS, {
headers: {
"content-type": "text/css",
},
});
});
// Serve HTML with early hints
app.get("*", (c) => {
return c.html(HTML, {
headers: {
link: "; rel=preload; as=style",
},
});
});
export default app;
```
---
# Accessing the Cloudflare Object
URL: https://developers.cloudflare.com/workers/examples/accessing-the-cloudflare-object/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/accessing-the-cloudflare-object)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(req) {
const data =
req.cf !== undefined
? req.cf
: { error: "The `cf` object is not available inside the preview." };
return new Response(JSON.stringify(data, null, 2), {
headers: {
"content-type": "application/json;charset=UTF-8",
},
});
},
};
```
```ts
export default {
async fetch(req): Promise {
const data =
req.cf !== undefined
? req.cf
: { error: "The `cf` object is not available inside the preview." };
return new Response(JSON.stringify(data, null, 2), {
headers: {
"content-type": "application/json;charset=UTF-8",
},
});
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
const app = new Hono();
app.get("*", async (c) => {
// Access the raw request to get the cf object
const req = c.req.raw;
// Check if the cf object is available
const data =
req.cf !== undefined
? req.cf
: { error: "The `cf` object is not available inside the preview." };
// Return the data formatted with 2-space indentation
return c.json(data);
});
export default app;
```
```py
import json
from workers import Response
from js import JSON
def on_fetch(request):
error = json.dumps({ "error": "The `cf` object is not available inside the preview." })
data = request.cf if request.cf is not None else error
headers = {"content-type":"application/json"}
return Response(JSON.stringify(data, None, 2), headers=headers)
```
---
# A/B testing with same-URL direct access
URL: https://developers.cloudflare.com/workers/examples/ab-testing/
import { TabItem, Tabs } from "~/components";
```js
const NAME = "myExampleWorkersABTest";
export default {
async fetch(req) {
const url = new URL(req.url);
// Enable Passthrough to allow direct access to control and test routes.
if (url.pathname.startsWith("/control") || url.pathname.startsWith("/test"))
return fetch(req);
// Determine which group this requester is in.
const cookie = req.headers.get("cookie");
if (cookie && cookie.includes(`${NAME}=control`)) {
url.pathname = "/control" + url.pathname;
} else if (cookie && cookie.includes(`${NAME}=test`)) {
url.pathname = "/test" + url.pathname;
} else {
// If there is no cookie, this is a new client. Choose a group and set the cookie.
const group = Math.random() < 0.5 ? "test" : "control"; // 50/50 split
if (group === "control") {
url.pathname = "/control" + url.pathname;
} else {
url.pathname = "/test" + url.pathname;
}
// Reconstruct response to avoid immutability
let res = await fetch(url);
res = new Response(res.body, res);
// Set cookie to enable persistent A/B sessions.
res.headers.append("Set-Cookie", `${NAME}=${group}; path=/`);
return res;
}
return fetch(url);
},
};
```
```ts
const NAME = "myExampleWorkersABTest";
export default {
async fetch(req): Promise {
const url = new URL(req.url);
// Enable Passthrough to allow direct access to control and test routes.
if (url.pathname.startsWith("/control") || url.pathname.startsWith("/test"))
return fetch(req);
// Determine which group this requester is in.
const cookie = req.headers.get("cookie");
if (cookie && cookie.includes(`${NAME}=control`)) {
url.pathname = "/control" + url.pathname;
} else if (cookie && cookie.includes(`${NAME}=test`)) {
url.pathname = "/test" + url.pathname;
} else {
// If there is no cookie, this is a new client. Choose a group and set the cookie.
const group = Math.random() < 0.5 ? "test" : "control"; // 50/50 split
if (group === "control") {
url.pathname = "/control" + url.pathname;
} else {
url.pathname = "/test" + url.pathname;
}
// Reconstruct response to avoid immutability
let res = await fetch(url);
res = new Response(res.body, res);
// Set cookie to enable persistent A/B sessions.
res.headers.append("Set-Cookie", `${NAME}=${group}; path=/`);
return res;
}
return fetch(url);
},
} satisfies ExportedHandler;
```
```py
import random
from urllib.parse import urlparse, urlunparse
from workers import Response, fetch
NAME = "myExampleWorkersABTest"
async def on_fetch(request):
url = urlparse(request.url)
# Uncomment below when testing locally
# url = url._replace(netloc="example.com") if "localhost" in url.netloc else url
# Enable Passthrough to allow direct access to control and test routes.
if url.path.startswith("/control") or url.path.startswith("/test"):
return fetch(urlunparse(url))
# Determine which group this requester is in.
cookie = request.headers.get("cookie")
if cookie and f'{NAME}=control' in cookie:
url = url._replace(path="/control" + url.path)
elif cookie and f'{NAME}=test' in cookie:
url = url._replace(path="/test" + url.path)
else:
# If there is no cookie, this is a new client. Choose a group and set the cookie.
group = "test" if random.random() < 0.5 else "control"
if group == "control":
url = url._replace(path="/control" + url.path)
else:
url = url._replace(path="/test" + url.path)
# Reconstruct response to avoid immutability
res = await fetch(urlunparse(url))
headers = dict(res.headers)
headers["Set-Cookie"] = f'{NAME}={group}; path=/'
return Response(res.body, headers=headers)
return fetch(urlunparse(url))
```
```ts
import { Hono } from "hono";
import { getCookie, setCookie } from "hono/cookie";
const app = new Hono();
const NAME = "myExampleWorkersABTest";
// Enable passthrough to allow direct access to control and test routes
app.all("/control/*", (c) => fetch(c.req.raw));
app.all("/test/*", (c) => fetch(c.req.raw));
// Middleware to handle A/B testing logic
app.use("*", async (c) => {
const url = new URL(c.req.url);
// Determine which group this requester is in
const abTestCookie = getCookie(c, NAME);
if (abTestCookie === "control") {
// User is in control group
url.pathname = "/control" + c.req.path;
} else if (abTestCookie === "test") {
// User is in test group
url.pathname = "/test" + c.req.path;
} else {
// If there is no cookie, this is a new client
// Choose a group and set the cookie (50/50 split)
const group = Math.random() < 0.5 ? "test" : "control";
// Update URL path based on assigned group
if (group === "control") {
url.pathname = "/control" + c.req.path;
} else {
url.pathname = "/test" + c.req.path;
}
// Set cookie to enable persistent A/B sessions
setCookie(c, NAME, group, {
path: "/",
});
}
const res = await fetch(url);
return c.body(res.body, res);
});
export default app;
```
---
# Aggregate requests
URL: https://developers.cloudflare.com/workers/examples/aggregate-requests/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/aggregate-requests)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
// someHost is set up to return JSON responses
const someHost = "https://jsonplaceholder.typicode.com";
const url1 = someHost + "/todos/1";
const url2 = someHost + "/todos/2";
const responses = await Promise.all([fetch(url1), fetch(url2)]);
const results = await Promise.all(responses.map((r) => r.json()));
const options = {
headers: { "content-type": "application/json;charset=UTF-8" },
};
return new Response(JSON.stringify(results), options);
},
};
```
```ts
export default {
async fetch(request) {
// someHost is set up to return JSON responses
const someHost = "https://jsonplaceholder.typicode.com";
const url1 = someHost + "/todos/1";
const url2 = someHost + "/todos/2";
const responses = await Promise.all([fetch(url1), fetch(url2)]);
const results = await Promise.all(responses.map((r) => r.json()));
const options = {
headers: { "content-type": "application/json;charset=UTF-8" },
};
return new Response(JSON.stringify(results), options);
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
const app = new Hono();
app.get("*", async (c) => {
// someHost is set up to return JSON responses
const someHost = "https://jsonplaceholder.typicode.com";
const url1 = someHost + "/todos/1";
const url2 = someHost + "/todos/2";
// Fetch both URLs concurrently
const responses = await Promise.all([fetch(url1), fetch(url2)]);
// Parse JSON responses concurrently
const results = await Promise.all(responses.map((r) => r.json()));
// Return aggregated results
return c.json(results);
});
export default app;
```
```py
from workers import Response, fetch
import asyncio
import json
async def on_fetch(request):
# some_host is set up to return JSON responses
some_host = "https://jsonplaceholder.typicode.com"
url1 = some_host + "/todos/1"
url2 = some_host + "/todos/2"
responses = await asyncio.gather(fetch(url1), fetch(url2))
results = await asyncio.gather(*(r.json() for r in responses))
headers = {"content-type": "application/json;charset=UTF-8"}
return Response.json(results, headers=headers)
```
---
# Alter headers
URL: https://developers.cloudflare.com/workers/examples/alter-headers/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/alter-headers)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const response = await fetch("https://example.com");
// Clone the response so that it's no longer immutable
const newResponse = new Response(response.body, response);
// Add a custom header with a value
newResponse.headers.append(
"x-workers-hello",
"Hello from Cloudflare Workers",
);
// Delete headers
newResponse.headers.delete("x-header-to-delete");
newResponse.headers.delete("x-header2-to-delete");
// Adjust the value for an existing header
newResponse.headers.set("x-header-to-change", "NewValue");
return newResponse;
},
};
```
```ts
export default {
async fetch(request): Promise {
const response = await fetch(request);
// Clone the response so that it's no longer immutable
const newResponse = new Response(response.body, response);
// Add a custom header with a value
newResponse.headers.append(
"x-workers-hello",
"Hello from Cloudflare Workers",
);
// Delete headers
newResponse.headers.delete("x-header-to-delete");
newResponse.headers.delete("x-header2-to-delete");
// Adjust the value for an existing header
newResponse.headers.set("x-header-to-change", "NewValue");
return newResponse;
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
async def on_fetch(request):
response = await fetch("https://example.com")
# Grab the response headers so they can be modified
new_headers = response.headers
# Add a custom header with a value
new_headers["x-workers-hello"] = "Hello from Cloudflare Workers"
# Delete headers
if "x-header-to-delete" in new_headers:
del new_headers["x-header-to-delete"]
if "x-header2-to-delete" in new_headers:
del new_headers["x-header2-to-delete"]
# Adjust the value for an existing header
new_headers["x-header-to-change"] = "NewValue"
return Response(response.body, headers=new_headers)
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.use('*', async (c, next) => {
// Process the request with the next middleware/handler
await next();
// After the response is generated, we can modify its headers
// Add a custom header with a value
c.res.headers.append(
"x-workers-hello",
"Hello from Cloudflare Workers with Hono"
);
// Delete headers
c.res.headers.delete("x-header-to-delete");
c.res.headers.delete("x-header2-to-delete");
// Adjust the value for an existing header
c.res.headers.set("x-header-to-change", "NewValue");
});
app.get('*', async (c) => {
// Fetch content from example.com
const response = await fetch("https://example.com");
// Return the response body with original headers
// (our middleware will modify the headers before sending)
return new Response(response.body, {
headers: response.headers
});
});
export default app;
```
You can also use the [`custom-headers-example` template](https://github.com/kristianfreeman/custom-headers-example) to deploy this code to your custom domain.
---
# Auth with headers
URL: https://developers.cloudflare.com/workers/examples/auth-with-headers/
import { TabItem, Tabs } from "~/components";
:::caution[Caution when using in production]
The example code contains a generic header key and value of `X-Custom-PSK` and `mypresharedkey`. To best protect your resources, change the header key and value in the Workers editor before saving your code.
:::
```js
export default {
async fetch(request) {
/**
* @param {string} PRESHARED_AUTH_HEADER_KEY Custom header to check for key
* @param {string} PRESHARED_AUTH_HEADER_VALUE Hard coded key value
*/
const PRESHARED_AUTH_HEADER_KEY = "X-Custom-PSK";
const PRESHARED_AUTH_HEADER_VALUE = "mypresharedkey";
const psk = request.headers.get(PRESHARED_AUTH_HEADER_KEY);
if (psk === PRESHARED_AUTH_HEADER_VALUE) {
// Correct preshared header key supplied. Fetch request from origin.
return fetch(request);
}
// Incorrect key supplied. Reject the request.
return new Response("Sorry, you have supplied an invalid key.", {
status: 403,
});
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* @param {string} PRESHARED_AUTH_HEADER_KEY Custom header to check for key
* @param {string} PRESHARED_AUTH_HEADER_VALUE Hard coded key value
*/
const PRESHARED_AUTH_HEADER_KEY = "X-Custom-PSK";
const PRESHARED_AUTH_HEADER_VALUE = "mypresharedkey";
const psk = request.headers.get(PRESHARED_AUTH_HEADER_KEY);
if (psk === PRESHARED_AUTH_HEADER_VALUE) {
// Correct preshared header key supplied. Fetch request from origin.
return fetch(request);
}
// Incorrect key supplied. Reject the request.
return new Response("Sorry, you have supplied an invalid key.", {
status: 403,
});
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
async def on_fetch(request):
PRESHARED_AUTH_HEADER_KEY = "X-Custom-PSK"
PRESHARED_AUTH_HEADER_VALUE = "mypresharedkey"
psk = request.headers[PRESHARED_AUTH_HEADER_KEY]
if psk == PRESHARED_AUTH_HEADER_VALUE:
# Correct preshared header key supplied. Fetch request from origin.
return fetch(request)
# Incorrect key supplied. Reject the request.
return Response("Sorry, you have supplied an invalid key.", status=403)
```
```ts
import { Hono } from 'hono';
const app = new Hono();
// Add authentication middleware
app.use('*', async (c, next) => {
/**
* Define authentication constants
*/
const PRESHARED_AUTH_HEADER_KEY = "X-Custom-PSK";
const PRESHARED_AUTH_HEADER_VALUE = "mypresharedkey";
// Get the pre-shared key from the request header
const psk = c.req.header(PRESHARED_AUTH_HEADER_KEY);
if (psk === PRESHARED_AUTH_HEADER_VALUE) {
// Correct preshared header key supplied. Continue to the next handler.
await next();
} else {
// Incorrect key supplied. Reject the request.
return c.text("Sorry, you have supplied an invalid key.", 403);
}
});
// Handle all authenticated requests by passing through to origin
app.all('*', async (c) => {
return fetch(c.req.raw);
});
export default app;
```
---
# HTTP Basic Authentication
URL: https://developers.cloudflare.com/workers/examples/basic-auth/
import { TabItem, Tabs } from "~/components";
:::note
This example Worker makes use of the [Node.js Buffer API](/workers/runtime-apis/nodejs/buffer/), which is available as part of the Worker's runtime [Node.js compatibility mode](/workers/runtime-apis/nodejs/). To run this Worker, you will need to [enable the `nodejs_compat` compatibility flag](/workers/configuration/compatibility-flags/#nodejs-compatibility-flag).
:::
:::caution[Caution when using in production]
This code is provided as a sample, and is not suitable for production use. Basic Authentication sends credentials unencrypted, and must be used with an HTTPS connection to be considered secure. For a production-ready authentication system, consider using [Cloudflare Access](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-public-app/).
:::
```js
/**
* Shows how to restrict access using the HTTP Basic schema.
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
* @see https://tools.ietf.org/html/rfc7617
*
*/
import { Buffer } from "node:buffer";
const encoder = new TextEncoder();
/**
* Protect against timing attacks by safely comparing values using `timingSafeEqual`.
* Refer to https://developers.cloudflare.com/workers/runtime-apis/web-crypto/#timingsafeequal for more details
* @param {string} a
* @param {string} b
* @returns {boolean}
*/
function timingSafeEqual(a, b) {
const aBytes = encoder.encode(a);
const bBytes = encoder.encode(b);
if (aBytes.byteLength !== bBytes.byteLength) {
// Strings must be the same length in order to compare
// with crypto.subtle.timingSafeEqual
return false;
}
return crypto.subtle.timingSafeEqual(aBytes, bBytes);
}
export default {
/**
*
* @param {Request} request
* @param {{PASSWORD: string}} env
* @returns
*/
async fetch(request, env) {
const BASIC_USER = "admin";
// You will need an admin password. This should be
// attached to your Worker as an encrypted secret.
// Refer to https://developers.cloudflare.com/workers/configuration/secrets/
const BASIC_PASS = env.PASSWORD ?? "password";
const url = new URL(request.url);
switch (url.pathname) {
case "/":
return new Response("Anyone can access the homepage.");
case "/logout":
// Invalidate the "Authorization" header by returning a HTTP 401.
// We do not send a "WWW-Authenticate" header, as this would trigger
// a popup in the browser, immediately asking for credentials again.
return new Response("Logged out.", { status: 401 });
case "/admin": {
// The "Authorization" header is sent when authenticated.
const authorization = request.headers.get("Authorization");
if (!authorization) {
return new Response("You need to login.", {
status: 401,
headers: {
// Prompts the user for credentials.
"WWW-Authenticate": 'Basic realm="my scope", charset="UTF-8"',
},
});
}
const [scheme, encoded] = authorization.split(" ");
// The Authorization header must start with Basic, followed by a space.
if (!encoded || scheme !== "Basic") {
return new Response("Malformed authorization header.", {
status: 400,
});
}
const credentials = Buffer.from(encoded, "base64").toString();
// The username & password are split by the first colon.
//=> example: "username:password"
const index = credentials.indexOf(":");
const user = credentials.substring(0, index);
const pass = credentials.substring(index + 1);
if (
!timingSafeEqual(BASIC_USER, user) ||
!timingSafeEqual(BASIC_PASS, pass)
) {
return new Response("You need to login.", {
status: 401,
headers: {
// Prompts the user for credentials.
"WWW-Authenticate": 'Basic realm="my scope", charset="UTF-8"',
},
});
}
return new Response("🎉 You have private access!", {
status: 200,
headers: {
"Cache-Control": "no-store",
},
});
}
}
return new Response("Not Found.", { status: 404 });
},
};
```
```ts
/**
* Shows how to restrict access using the HTTP Basic schema.
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
* @see https://tools.ietf.org/html/rfc7617
*
*/
import { Buffer } from "node:buffer";
const encoder = new TextEncoder();
/**
* Protect against timing attacks by safely comparing values using `timingSafeEqual`.
* Refer to https://developers.cloudflare.com/workers/runtime-apis/web-crypto/#timingsafeequal for more details
*/
function timingSafeEqual(a: string, b: string) {
const aBytes = encoder.encode(a);
const bBytes = encoder.encode(b);
if (aBytes.byteLength !== bBytes.byteLength) {
// Strings must be the same length in order to compare
// with crypto.subtle.timingSafeEqual
return false;
}
return crypto.subtle.timingSafeEqual(aBytes, bBytes);
}
interface Env {
PASSWORD: string;
}
export default {
async fetch(request, env): Promise {
const BASIC_USER = "admin";
// You will need an admin password. This should be
// attached to your Worker as an encrypted secret.
// Refer to https://developers.cloudflare.com/workers/configuration/secrets/
const BASIC_PASS = env.PASSWORD ?? "password";
const url = new URL(request.url);
switch (url.pathname) {
case "/":
return new Response("Anyone can access the homepage.");
case "/logout":
// Invalidate the "Authorization" header by returning a HTTP 401.
// We do not send a "WWW-Authenticate" header, as this would trigger
// a popup in the browser, immediately asking for credentials again.
return new Response("Logged out.", { status: 401 });
case "/admin": {
// The "Authorization" header is sent when authenticated.
const authorization = request.headers.get("Authorization");
if (!authorization) {
return new Response("You need to login.", {
status: 401,
headers: {
// Prompts the user for credentials.
"WWW-Authenticate": 'Basic realm="my scope", charset="UTF-8"',
},
});
}
const [scheme, encoded] = authorization.split(" ");
// The Authorization header must start with Basic, followed by a space.
if (!encoded || scheme !== "Basic") {
return new Response("Malformed authorization header.", {
status: 400,
});
}
const credentials = Buffer.from(encoded, "base64").toString();
// The username and password are split by the first colon.
//=> example: "username:password"
const index = credentials.indexOf(":");
const user = credentials.substring(0, index);
const pass = credentials.substring(index + 1);
if (
!timingSafeEqual(BASIC_USER, user) ||
!timingSafeEqual(BASIC_PASS, pass)
) {
return new Response("You need to login.", {
status: 401,
headers: {
// Prompts the user for credentials.
"WWW-Authenticate": 'Basic realm="my scope", charset="UTF-8"',
},
});
}
return new Response("🎉 You have private access!", {
status: 200,
headers: {
"Cache-Control": "no-store",
},
});
}
}
return new Response("Not Found.", { status: 404 });
},
} satisfies ExportedHandler;
```
```rs
use base64::prelude::*;
use worker::*;
#[event(fetch)]
async fn fetch(req: Request, env: Env, _ctx: Context) -> Result {
let basic_user = "admin";
// You will need an admin password. This should be
// attached to your Worker as an encrypted secret.
// Refer to https://developers.cloudflare.com/workers/configuration/secrets/
let basic_pass = match env.secret("PASSWORD") {
Ok(s) => s.to_string(),
Err(_) => "password".to_string(),
};
let url = req.url()?;
match url.path() {
"/" => Response::ok("Anyone can access the homepage."),
// Invalidate the "Authorization" header by returning a HTTP 401.
// We do not send a "WWW-Authenticate" header, as this would trigger
// a popup in the browser, immediately asking for credentials again.
"/logout" => Response::error("Logged out.", 401),
"/admin" => {
// The "Authorization" header is sent when authenticated.
let authorization = req.headers().get("Authorization")?;
if authorization == None {
let mut headers = Headers::new();
// Prompts the user for credentials.
headers.set(
"WWW-Authenticate",
"Basic realm='my scope', charset='UTF-8'",
)?;
return Ok(Response::error("You need to login.", 401)?.with_headers(headers));
}
let authorization = authorization.unwrap();
let auth: Vec<&str> = authorization.split(" ").collect();
let scheme = auth[0];
let encoded = auth[1];
// The Authorization header must start with Basic, followed by a space.
if encoded == "" || scheme != "Basic" {
return Response::error("Malformed authorization header.", 400);
}
let buff = BASE64_STANDARD.decode(encoded).unwrap();
let credentials = String::from_utf8_lossy(&buff);
// The username & password are split by the first colon.
//=> example: "username:password"
let credentials: Vec<&str> = credentials.split(':').collect();
let user = credentials[0];
let pass = credentials[1];
if user != basic_user || pass != basic_pass {
let mut headers = Headers::new();
// Prompts the user for credentials.
headers.set(
"WWW-Authenticate",
"Basic realm='my scope', charset='UTF-8'",
)?;
return Ok(Response::error("You need to login.", 401)?.with_headers(headers));
}
let mut headers = Headers::new();
headers.set("Cache-Control", "no-store")?;
Ok(Response::ok("🎉 You have private access!")?.with_headers(headers))
}
_ => Response::error("Not Found.", 404),
}
}
````
```ts
/**
* Shows how to restrict access using the HTTP Basic schema with Hono.
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
* @see https://tools.ietf.org/html/rfc7617
*/
import { Hono } from "hono";
import { basicAuth } from "hono/basic-auth";
// Define environment interface
interface Env {
Bindings: {
USERNAME: string;
PASSWORD: string;
};
}
const app = new Hono();
// Public homepage - accessible to everyone
app.get("/", (c) => {
return c.text("Anyone can access the homepage.");
});
// Admin route - protected with Basic Auth
app.get(
"/admin",
async (c, next) => {
const auth = basicAuth({
username: c.env.USERNAME,
password: c.env.PASSWORD
})
return await auth(c, next);
},
(c) => {
return c.text("🎉 You have private access!", 200, {
"Cache-Control": "no-store",
});
}
);
export default app;
````
---
# Block on TLS
URL: https://developers.cloudflare.com/workers/examples/block-on-tls/
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
try {
const tlsVersion = request.cf.tlsVersion;
// Allow only TLS versions 1.2 and 1.3
if (tlsVersion !== "TLSv1.2" && tlsVersion !== "TLSv1.3") {
return new Response("Please use TLS version 1.2 or higher.", {
status: 403,
});
}
return fetch(request);
} catch (err) {
console.error(
"request.cf does not exist in the previewer, only in production",
);
return new Response(`Error in workers script ${err.message}`, {
status: 500,
});
}
},
};
```
```ts
export default {
async fetch(request): Promise {
try {
const tlsVersion = request.cf.tlsVersion;
// Allow only TLS versions 1.2 and 1.3
if (tlsVersion !== "TLSv1.2" && tlsVersion !== "TLSv1.3") {
return new Response("Please use TLS version 1.2 or higher.", {
status: 403,
});
}
return fetch(request);
} catch (err) {
console.error(
"request.cf does not exist in the previewer, only in production",
);
return new Response(`Error in workers script ${err.message}`, {
status: 500,
});
}
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
const app = new Hono();
// Middleware to check TLS version
app.use("*", async (c, next) => {
// Access the raw request to get the cf object with TLS info
const request = c.req.raw;
const tlsVersion = request.cf?.tlsVersion;
// Allow only TLS versions 1.2 and 1.3
if (tlsVersion !== "TLSv1.2" && tlsVersion !== "TLSv1.3") {
return c.text("Please use TLS version 1.2 or higher.", 403);
}
await next();
});
app.onError((err, c) => {
console.error(
"request.cf does not exist in the previewer, only in production",
);
return c.text(`Error in workers script: ${err.message}`, 500);
});
app.get("/", async (c) => {
return c.text(`TLS Version: ${c.req.raw.cf.tlsVersion}`);
});
export default app;
```
```py
from workers import Response, fetch
async def on_fetch(request):
tls_version = request.cf.tlsVersion
if tls_version not in ("TLSv1.2", "TLSv1.3"):
return Response("Please use TLS version 1.2 or higher.", status=403)
return fetch(request)
```
---
# Bulk origin override
URL: https://developers.cloudflare.com/workers/examples/bulk-origin-proxy/
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
/**
* An object with different URLs to fetch
* @param {Object} ORIGINS
*/
const ORIGINS = {
"starwarsapi.yourdomain.com": "swapi.dev",
"google.yourdomain.com": "www.google.com",
};
const url = new URL(request.url);
// Check if incoming hostname is a key in the ORIGINS object
if (url.hostname in ORIGINS) {
const target = ORIGINS[url.hostname];
url.hostname = target;
// If it is, proxy request to that third party origin
return fetch(url.toString(), request);
}
// Otherwise, process request as normal
return fetch(request);
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* An object with different URLs to fetch
* @param {Object} ORIGINS
*/
const ORIGINS = {
"starwarsapi.yourdomain.com": "swapi.dev",
"google.yourdomain.com": "www.google.com",
};
const url = new URL(request.url);
// Check if incoming hostname is a key in the ORIGINS object
if (url.hostname in ORIGINS) {
const target = ORIGINS[url.hostname];
url.hostname = target;
// If it is, proxy request to that third party origin
return fetch(url.toString(), request);
}
// Otherwise, process request as normal
return fetch(request);
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
import { proxy } from "hono/proxy";
// An object with different URLs to fetch
const ORIGINS: Record = {
"starwarsapi.yourdomain.com": "swapi.dev",
"google.yourdomain.com": "www.google.com",
};
const app = new Hono();
app.all("*", async (c) => {
const url = new URL(c.req.url);
// Check if incoming hostname is a key in the ORIGINS object
if (url.hostname in ORIGINS) {
const target = ORIGINS[url.hostname];
url.hostname = target;
// If it is, proxy request to that third party origin
return proxy(url, c.req.raw);
}
// Otherwise, process request as normal
return proxy(c.req.raw);
});
export default app;
```
```py
from js import fetch, URL
async def on_fetch(request):
# A dict with different URLs to fetch
ORIGINS = {
"starwarsapi.yourdomain.com": "swapi.dev",
"google.yourdomain.com": "www.google.com",
}
url = URL.new(request.url)
# Check if incoming hostname is a key in the ORIGINS object
if url.hostname in ORIGINS:
url.hostname = ORIGINS[url.hostname]
# If it is, proxy request to that third party origin
return fetch(url.toString(), request)
# Otherwise, process request as normal
return fetch(request)
```
---
# Bulk redirects
URL: https://developers.cloudflare.com/workers/examples/bulk-redirects/
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const externalHostname = "examples.cloudflareworkers.com";
const redirectMap = new Map([
["/bulk1", "https://" + externalHostname + "/redirect2"],
["/bulk2", "https://" + externalHostname + "/redirect3"],
["/bulk3", "https://" + externalHostname + "/redirect4"],
["/bulk4", "https://google.com"],
]);
const requestURL = new URL(request.url);
const path = requestURL.pathname;
const location = redirectMap.get(path);
if (location) {
return Response.redirect(location, 301);
}
// If request not in map, return the original request
return fetch(request);
},
};
```
```ts
export default {
async fetch(request): Promise {
const externalHostname = "examples.cloudflareworkers.com";
const redirectMap = new Map([
["/bulk1", "https://" + externalHostname + "/redirect2"],
["/bulk2", "https://" + externalHostname + "/redirect3"],
["/bulk3", "https://" + externalHostname + "/redirect4"],
["/bulk4", "https://google.com"],
]);
const requestURL = new URL(request.url);
const path = requestURL.pathname;
const location = redirectMap.get(path);
if (location) {
return Response.redirect(location, 301);
}
// If request not in map, return the original request
return fetch(request);
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
from urllib.parse import urlparse
async def on_fetch(request):
external_hostname = "examples.cloudflareworkers.com"
redirect_map = {
"/bulk1": "https://" + external_hostname + "/redirect2",
"/bulk2": "https://" + external_hostname + "/redirect3",
"/bulk3": "https://" + external_hostname + "/redirect4",
"/bulk4": "https://google.com",
}
url = urlparse(request.url)
location = redirect_map.get(url.path, None)
if location:
return Response.redirect(location, 301)
# If request not in map, return the original request
return fetch(request)
```
```ts
import { Hono } from "hono";
const app = new Hono();
// Configure your redirects
const externalHostname = "examples.cloudflareworkers.com";
const redirectMap = new Map([
["/bulk1", `https://${externalHostname}/redirect2`],
["/bulk2", `https://${externalHostname}/redirect3`],
["/bulk3", `https://${externalHostname}/redirect4`],
["/bulk4", "https://google.com"],
]);
// Middleware to handle redirects
app.use("*", async (c, next) => {
const path = c.req.path;
const location = redirectMap.get(path);
if (location) {
// If path is in our redirect map, perform the redirect
return c.redirect(location, 301);
}
// Otherwise, continue to the next handler
await next();
});
// Default handler for requests that don't match any redirects
app.all("*", async (c) => {
// Pass through to origin
return fetch(c.req.raw);
});
export default app;
```
---
# Using the Cache API
URL: https://developers.cloudflare.com/workers/examples/cache-api/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/cache-api)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request, env, ctx) {
const cacheUrl = new URL(request.url);
// Construct the cache key from the cache URL
const cacheKey = new Request(cacheUrl.toString(), request);
const cache = caches.default;
// Check whether the value is already available in the cache
// if not, you will need to fetch it from origin, and store it in the cache
let response = await cache.match(cacheKey);
if (!response) {
console.log(
`Response for request url: ${request.url} not present in cache. Fetching and caching request.`,
);
// If not in cache, get it from origin
response = await fetch(request);
// Must use Response constructor to inherit all of response's fields
response = new Response(response.body, response);
// Cache API respects Cache-Control headers. Setting s-max-age to 10
// will limit the response to be in cache for 10 seconds max
// Any changes made to the response here will be reflected in the cached value
response.headers.append("Cache-Control", "s-maxage=10");
ctx.waitUntil(cache.put(cacheKey, response.clone()));
} else {
console.log(`Cache hit for: ${request.url}.`);
}
return response;
},
};
```
```ts
interface Env {}
export default {
async fetch(request, env, ctx): Promise {
const cacheUrl = new URL(request.url);
// Construct the cache key from the cache URL
const cacheKey = new Request(cacheUrl.toString(), request);
const cache = caches.default;
// Check whether the value is already available in the cache
// if not, you will need to fetch it from origin, and store it in the cache
let response = await cache.match(cacheKey);
if (!response) {
console.log(
`Response for request url: ${request.url} not present in cache. Fetching and caching request.`,
);
// If not in cache, get it from origin
response = await fetch(request);
// Must use Response constructor to inherit all of response's fields
response = new Response(response.body, response);
// Cache API respects Cache-Control headers. Setting s-max-age to 10
// will limit the response to be in cache for 10 seconds max
// Any changes made to the response here will be reflected in the cached value
response.headers.append("Cache-Control", "s-maxage=10");
ctx.waitUntil(cache.put(cacheKey, response.clone()));
} else {
console.log(`Cache hit for: ${request.url}.`);
}
return response;
},
} satisfies ExportedHandler;
```
```py
from pyodide.ffi import create_proxy
from js import Response, Request, URL, caches, fetch
async def on_fetch(request, _env, ctx):
cache_url = request.url
# Construct the cache key from the cache URL
cache_key = Request.new(cache_url, request)
cache = caches.default
# Check whether the value is already available in the cache
# if not, you will need to fetch it from origin, and store it in the cache
response = await cache.match(cache_key)
if response is None:
print(f"Response for request url: {request.url} not present in cache. Fetching and caching request.")
# If not in cache, get it from origin
response = await fetch(request)
# Must use Response constructor to inherit all of response's fields
response = Response.new(response.body, response)
# Cache API respects Cache-Control headers. Setting s-max-age to 10
# will limit the response to be in cache for 10 seconds s-maxage
# Any changes made to the response here will be reflected in the cached value
response.headers.append("Cache-Control", "s-maxage=10")
ctx.waitUntil(create_proxy(cache.put(cache_key, response.clone())))
else:
print(f"Cache hit for: {request.url}.")
return response
```
```ts
import { Hono } from "hono";
import { cache } from "hono/cache";
const app = new Hono();
// We leverage hono built-in cache helper here
app.get(
"*",
cache({
cacheName: "my-cache",
cacheControl: "max-age=3600", // 1 hour
}),
);
// Add a route to handle the request if it's not in cache
app.get("*", (c) => {
return c.text("Hello from Hono!");
});
export default app;
```
---
# Cache POST requests
URL: https://developers.cloudflare.com/workers/examples/cache-post-request/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/cache-post-request)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request, env, ctx) {
async function sha256(message) {
// encode as UTF-8
const msgBuffer = await new TextEncoder().encode(message);
// hash the message
const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
// convert bytes to hex string
return [...new Uint8Array(hashBuffer)]
.map((b) => b.toString(16).padStart(2, "0"))
.join("");
}
try {
if (request.method.toUpperCase() === "POST") {
const body = await request.clone().text();
// Hash the request body to use it as a part of the cache key
const hash = await sha256(body);
const cacheUrl = new URL(request.url);
// Store the URL in cache by prepending the body's hash
cacheUrl.pathname = "/posts" + cacheUrl.pathname + hash;
// Convert to a GET to be able to cache
const cacheKey = new Request(cacheUrl.toString(), {
headers: request.headers,
method: "GET",
});
const cache = caches.default;
// Find the cache key in the cache
let response = await cache.match(cacheKey);
// Otherwise, fetch response to POST request from origin
if (!response) {
response = await fetch(request);
ctx.waitUntil(cache.put(cacheKey, response.clone()));
}
return response;
}
return fetch(request);
} catch (e) {
return new Response("Error thrown " + e.message);
}
},
};
```
```ts
interface Env {}
export default {
async fetch(request, env, ctx): Promise {
async function sha256(message) {
// encode as UTF-8
const msgBuffer = await new TextEncoder().encode(message);
// hash the message
const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
// convert bytes to hex string
return [...new Uint8Array(hashBuffer)]
.map((b) => b.toString(16).padStart(2, "0"))
.join("");
}
try {
if (request.method.toUpperCase() === "POST") {
const body = await request.clone().text();
// Hash the request body to use it as a part of the cache key
const hash = await sha256(body);
const cacheUrl = new URL(request.url);
// Store the URL in cache by prepending the body's hash
cacheUrl.pathname = "/posts" + cacheUrl.pathname + hash;
// Convert to a GET to be able to cache
const cacheKey = new Request(cacheUrl.toString(), {
headers: request.headers,
method: "GET",
});
const cache = caches.default;
// Find the cache key in the cache
let response = await cache.match(cacheKey);
// Otherwise, fetch response to POST request from origin
if (!response) {
response = await fetch(request);
ctx.waitUntil(cache.put(cacheKey, response.clone()));
}
return response;
}
return fetch(request);
} catch (e) {
return new Response("Error thrown " + e.message);
}
},
} satisfies ExportedHandler;
```
```py
import hashlib
from pyodide.ffi import create_proxy
from js import fetch, URL, Headers, Request, caches
async def on_fetch(request, _, ctx):
if 'POST' in request.method:
# Hash the request body to use it as a part of the cache key
body = await request.clone().text()
body_hash = hashlib.sha256(body.encode('UTF-8')).hexdigest()
# Store the URL in cache by prepending the body's hash
cache_url = URL.new(request.url)
cache_url.pathname = "/posts" + cache_url.pathname + body_hash
# Convert to a GET to be able to cache
headers = Headers.new(dict(request.headers).items())
cache_key = Request.new(cache_url.toString(), method='GET', headers=headers)
# Find the cache key in the cache
cache = caches.default
response = await cache.match(cache_key)
# Otherwise, fetch response to POST request from origin
if response is None:
response = await fetch(request)
ctx.waitUntil(create_proxy(cache.put(cache_key, response.clone())))
return response
return fetch(request)
```
```ts
import { Hono } from "hono";
import { sha256 } from "hono/utils/crypto";
const app = new Hono();
// Middleware for caching POST requests
app.post("*", async (c) => {
try {
// Get the request body
const body = await c.req.raw.clone().text();
// Hash the request body to use it as part of the cache key
const hash = await sha256(body);
// Create the cache URL
const cacheUrl = new URL(c.req.url);
// Store the URL in cache by prepending the body's hash
cacheUrl.pathname = "/posts" + cacheUrl.pathname + hash;
// Convert to a GET to be able to cache
const cacheKey = new Request(cacheUrl.toString(), {
headers: c.req.raw.headers,
method: "GET",
});
const cache = caches.default;
// Find the cache key in the cache
let response = await cache.match(cacheKey);
// If not in cache, fetch response to POST request from origin
if (!response) {
response = await fetch(c.req.raw);
c.executionCtx.waitUntil(cache.put(cacheKey, response.clone()));
}
return response;
} catch (e) {
return c.text("Error thrown " + e.message, 500);
}
});
// Handle all other HTTP methods
app.all("*", (c) => {
return fetch(c.req.raw);
});
export default app;
```
---
# Cache Tags using Workers
URL: https://developers.cloudflare.com/workers/examples/cache-tags/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/cache-tags)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const requestUrl = new URL(request.url);
const params = requestUrl.searchParams;
const tags =
params && params.has("tags") ? params.get("tags").split(",") : [];
const url = params && params.has("uri") ? params.get("uri") : "";
if (!url) {
const errorObject = {
error: "URL cannot be empty",
};
return new Response(JSON.stringify(errorObject), { status: 400 });
}
const init = {
cf: {
cacheTags: tags,
},
};
return fetch(url, init)
.then((result) => {
const cacheStatus = result.headers.get("cf-cache-status");
const lastModified = result.headers.get("last-modified");
const response = {
cache: cacheStatus,
lastModified: lastModified,
};
return new Response(JSON.stringify(response), {
status: result.status,
});
})
.catch((err) => {
const errorObject = {
error: err.message,
};
return new Response(JSON.stringify(errorObject), { status: 500 });
});
},
};
```
```ts
export default {
async fetch(request): Promise {
const requestUrl = new URL(request.url);
const params = requestUrl.searchParams;
const tags =
params && params.has("tags") ? params.get("tags").split(",") : [];
const url = params && params.has("uri") ? params.get("uri") : "";
if (!url) {
const errorObject = {
error: "URL cannot be empty",
};
return new Response(JSON.stringify(errorObject), { status: 400 });
}
const init = {
cf: {
cacheTags: tags,
},
};
return fetch(url, init)
.then((result) => {
const cacheStatus = result.headers.get("cf-cache-status");
const lastModified = result.headers.get("last-modified");
const response = {
cache: cacheStatus,
lastModified: lastModified,
};
return new Response(JSON.stringify(response), {
status: result.status,
});
})
.catch((err) => {
const errorObject = {
error: err.message,
};
return new Response(JSON.stringify(errorObject), { status: 500 });
});
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
const app = new Hono();
app.all("*", async (c) => {
const tags = c.req.query("tags") ? c.req.query("tags").split(",") : [];
const uri = c.req.query("uri") ? c.req.query("uri") : "";
if (!uri) {
return c.json({ error: "URL cannot be empty" }, 400);
}
const init = {
cf: {
cacheTags: tags,
},
};
const result = await fetch(uri, init);
const cacheStatus = result.headers.get("cf-cache-status");
const lastModified = result.headers.get("last-modified");
const response = {
cache: cacheStatus,
lastModified: lastModified,
};
return c.json(response, result.status);
});
app.onError((err, c) => {
return c.json({ error: err.message }, 500);
});
export default app;
```
```py
from pyodide.ffi import to_js as _to_js
from js import Response, URL, Object, fetch
def to_js(x):
return _to_js(x, dict_converter=Object.fromEntries)
async def on_fetch(request):
request_url = URL.new(request.url)
params = request_url.searchParams
tags = params["tags"].split(",") if "tags" in params else []
url = params["uri"] or None
if url is None:
error = {"error": "URL cannot be empty"}
return Response.json(to_js(error), status=400)
options = {"cf": {"cacheTags": tags}}
result = await fetch(url, to_js(options))
cache_status = result.headers["cf-cache-status"]
last_modified = result.headers["last-modified"]
response = {"cache": cache_status, "lastModified": last_modified}
return Response.json(to_js(response), status=result.status)
```
---
# Cache using fetch
URL: https://developers.cloudflare.com/workers/examples/cache-using-fetch/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/cache-using-fetch)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const url = new URL(request.url);
// Only use the path for the cache key, removing query strings
// and always store using HTTPS, for example, https://www.example.com/file-uri-here
const someCustomKey = `https://${url.hostname}${url.pathname}`;
let response = await fetch(request, {
cf: {
// Always cache this fetch regardless of content type
// for a max of 5 seconds before revalidating the resource
cacheTtl: 5,
cacheEverything: true,
//Enterprise only feature, see Cache API for other plans
cacheKey: someCustomKey,
},
});
// Reconstruct the Response object to make its headers mutable.
response = new Response(response.body, response);
// Set cache control headers to cache on browser for 25 minutes
response.headers.set("Cache-Control", "max-age=1500");
return response;
},
};
```
```ts
export default {
async fetch(request): Promise {
const url = new URL(request.url);
// Only use the path for the cache key, removing query strings
// and always store using HTTPS, for example, https://www.example.com/file-uri-here
const someCustomKey = `https://${url.hostname}${url.pathname}`;
let response = await fetch(request, {
cf: {
// Always cache this fetch regardless of content type
// for a max of 5 seconds before revalidating the resource
cacheTtl: 5,
cacheEverything: true,
//Enterprise only feature, see Cache API for other plans
cacheKey: someCustomKey,
},
});
// Reconstruct the Response object to make its headers mutable.
response = new Response(response.body, response);
// Set cache control headers to cache on browser for 25 minutes
response.headers.set("Cache-Control", "max-age=1500");
return response;
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from 'hono';
type Bindings = {};
const app = new Hono<{ Bindings: Bindings }>();
app.all('*', async (c) => {
const url = new URL(c.req.url);
// Only use the path for the cache key, removing query strings
// and always store using HTTPS, for example, https://www.example.com/file-uri-here
const someCustomKey = `https://${url.hostname}${url.pathname}`;
// Fetch the request with custom cache settings
let response = await fetch(c.req.raw, {
cf: {
// Always cache this fetch regardless of content type
// for a max of 5 seconds before revalidating the resource
cacheTtl: 5,
cacheEverything: true,
// Enterprise only feature, see Cache API for other plans
cacheKey: someCustomKey,
},
});
// Reconstruct the Response object to make its headers mutable
response = new Response(response.body, response);
// Set cache control headers to cache on browser for 25 minutes
response.headers.set("Cache-Control", "max-age=1500");
return response;
});
export default app;
```
```py
from pyodide.ffi import to_js as _to_js
from js import Response, URL, Object, fetch
def to_js(x):
return _to_js(x, dict_converter=Object.fromEntries)
async def on_fetch(request):
url = URL.new(request.url)
# Only use the path for the cache key, removing query strings
# and always store using HTTPS, for example, https://www.example.com/file-uri-here
some_custom_key = f"https://{url.hostname}{url.pathname}"
response = await fetch(
request,
cf=to_js({
# Always cache this fetch regardless of content type
# for a max of 5 seconds before revalidating the resource
"cacheTtl": 5,
"cacheEverything": True,
# Enterprise only feature, see Cache API for other plans
"cacheKey": some_custom_key,
}),
)
# Reconstruct the Response object to make its headers mutable
response = Response.new(response.body, response)
# Set cache control headers to cache on browser for 25 minutes
response.headers["Cache-Control"] = "max-age=1500"
return response
```
```rs
use worker::*;
#[event(fetch)]
async fn fetch(req: Request, _env: Env, _ctx: Context) -> Result {
let url = req.url()?;
// Only use the path for the cache key, removing query strings
// and always store using HTTPS, for example, https://www.example.com/file-uri-here
let custom_key = format!(
"https://{host}{path}",
host = url.host_str().unwrap(),
path = url.path()
);
let request = Request::new_with_init(
url.as_str(),
&RequestInit {
headers: req.headers().clone(),
method: req.method(),
cf: CfProperties {
// Always cache this fetch regardless of content type
// for a max of 5 seconds before revalidating the resource
cache_ttl: Some(5),
cache_everything: Some(true),
// Enterprise only feature, see Cache API for other plans
cache_key: Some(custom_key),
..CfProperties::default()
},
..RequestInit::default()
},
)?;
let mut response = Fetch::Request(request).send().await?;
// Set cache control headers to cache on browser for 25 minutes
let _ = response.headers_mut().set("Cache-Control", "max-age=1500");
Ok(response)
}
```
## Caching HTML resources
```js
// Force Cloudflare to cache an asset
fetch(event.request, { cf: { cacheEverything: true } });
```
Setting the cache level to **Cache Everything** will override the default cacheability of the asset. For time-to-live (TTL), Cloudflare will still rely on headers set by the origin.
## Custom cache keys
:::note
This feature is available only to Enterprise customers.
:::
A request's cache key is what determines if two requests are the same for caching purposes. If a request has the same cache key as some previous request, then Cloudflare can serve the same cached response for both. For more about cache keys, refer to the [Create custom cache keys](/cache/how-to/cache-keys/#create-custom-cache-keys) documentation.
```js
// Set cache key for this request to "some-string".
fetch(event.request, { cf: { cacheKey: "some-string" } });
```
Normally, Cloudflare computes the cache key for a request based on the request's URL. Sometimes, though, you may like different URLs to be treated as if they were the same for caching purposes. For example, if your website content is hosted from both Amazon S3 and Google Cloud Storage - you have the same content in both places, and you can use a Worker to randomly balance between the two. However, you do not want to end up caching two copies of your content. You could utilize custom cache keys to cache based on the original request URL rather than the subrequest URL:
```js
export default {
async fetch(request) {
let url = new URL(request.url);
if (Math.random() < 0.5) {
url.hostname = "example.s3.amazonaws.com";
} else {
url.hostname = "example.storage.googleapis.com";
}
let newRequest = new Request(url, request);
return fetch(newRequest, {
cf: { cacheKey: request.url },
});
},
};
```
```ts
export default {
async fetch(request): Promise {
let url = new URL(request.url);
if (Math.random() < 0.5) {
url.hostname = "example.s3.amazonaws.com";
} else {
url.hostname = "example.storage.googleapis.com";
}
let newRequest = new Request(url, request);
return fetch(newRequest, {
cf: { cacheKey: request.url },
});
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from 'hono';
type Bindings = {};
const app = new Hono<{ Bindings: Bindings }>();
app.all('*', async (c) => {
const originalUrl = c.req.url;
const url = new URL(originalUrl);
// Randomly select a storage backend
if (Math.random() < 0.5) {
url.hostname = "example.s3.amazonaws.com";
} else {
url.hostname = "example.storage.googleapis.com";
}
// Create a new request to the selected backend
const newRequest = new Request(url, c.req.raw);
// Fetch using the original URL as the cache key
return fetch(newRequest, {
cf: { cacheKey: originalUrl },
});
});
export default app;
```
Workers operating on behalf of different zones cannot affect each other's cache. You can only override cache keys when making requests within your own zone (in the above example `event.request.url` was the key stored), or requests to hosts that are not on Cloudflare. When making a request to another Cloudflare zone (for example, belonging to a different Cloudflare customer), that zone fully controls how its own content is cached within Cloudflare; you cannot override it.
## Override based on origin response code
```js
// Force response to be cached for 86400 seconds for 200 status
// codes, 1 second for 404, and do not cache 500 errors.
fetch(request, {
cf: { cacheTtlByStatus: { "200-299": 86400, 404: 1, "500-599": 0 } },
});
```
This option is a version of the `cacheTtl` feature which chooses a TTL based on the response's status code and does not automatically set `cacheEverything: true`. If the response to this request has a status code that matches, Cloudflare will cache for the instructed time, and override cache directives sent by the origin. You can review [details on the `cacheTtl` feature on the Request page](/workers/runtime-apis/request/#the-cf-property-requestinitcfproperties).
## Customize cache behavior based on request file type
Using custom cache keys and overrides based on response code, you can write a Worker that sets the TTL based on the response status code from origin, and request file type.
The following example demonstrates how you might use this to cache requests for streaming media assets:
```js title="index.js"
export default {
async fetch(request) {
// Instantiate new URL to make it mutable
const newRequest = new URL(request.url);
const customCacheKey = `${newRequest.hostname}${newRequest.pathname}`;
const queryCacheKey = `${newRequest.hostname}${newRequest.pathname}${newRequest.search}`;
// Different asset types usually have different caching strategies. Most of the time media content such as audio, videos and images that are not user-generated content would not need to be updated often so a long TTL would be best. However, with HLS streaming, manifest files usually are set with short TTLs so that playback will not be affected, as this files contain the data that the player would need. By setting each caching strategy for categories of asset types in an object within an array, you can solve complex needs when it comes to media content for your application
const cacheAssets = [
{
asset: "video",
key: customCacheKey,
regex:
/(.*\/Video)|(.*\.(m4s|mp4|ts|avi|mpeg|mpg|mkv|bin|webm|vob|flv|m2ts|mts|3gp|m4v|wmv|qt))/,
info: 0,
ok: 31556952,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "image",
key: queryCacheKey,
regex:
/(.*\/Images)|(.*\.(jpg|jpeg|png|bmp|pict|tif|tiff|webp|gif|heif|exif|bat|bpg|ppm|pgn|pbm|pnm))/,
info: 0,
ok: 3600,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "frontEnd",
key: queryCacheKey,
regex: /^.*\.(css|js)/,
info: 0,
ok: 3600,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "audio",
key: customCacheKey,
regex:
/(.*\/Audio)|(.*\.(flac|aac|mp3|alac|aiff|wav|ogg|aiff|opus|ape|wma|3gp))/,
info: 0,
ok: 31556952,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "directPlay",
key: customCacheKey,
regex: /.*(\/Download)/,
info: 0,
ok: 31556952,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "manifest",
key: customCacheKey,
regex: /^.*\.(m3u8|mpd)/,
info: 0,
ok: 3,
redirects: 2,
clientError: 1,
serverError: 0,
},
];
const { asset, regex, ...cache } =
cacheAssets.find(({ regex }) => newRequest.pathname.match(regex)) ?? {};
const newResponse = await fetch(request, {
cf: {
cacheKey: cache.key,
polish: false,
cacheEverything: true,
cacheTtlByStatus: {
"100-199": cache.info,
"200-299": cache.ok,
"300-399": cache.redirects,
"400-499": cache.clientError,
"500-599": cache.serverError,
},
cacheTags: ["static"],
},
});
const response = new Response(newResponse.body, newResponse);
// For debugging purposes
response.headers.set("debug", JSON.stringify(cache));
return response;
},
};
```
:::caution[Service Workers are deprecated]
Service Workers are deprecated, but still supported. We recommend using [Module Workers](/workers/reference/migrate-to-module-workers/) instead. New features may not be supported for Service Workers.
:::
```js title="index.js"
addEventListener("fetch", (event) => {
return event.respondWith(handleRequest(event.request));
});
async function handleRequest(request) {
// Instantiate new URL to make it mutable
const newRequest = new URL(request.url);
// Set `const` to be used in the array later on
const customCacheKey = `${newRequest.hostname}${newRequest.pathname}`;
const queryCacheKey = `${newRequest.hostname}${newRequest.pathname}${newRequest.search}`;
// Set all variables needed to manipulate Cloudflare's cache using the fetch API in the `cf` object. You will be passing these variables in the objects down below.
const cacheAssets = [
{
asset: "video",
key: customCacheKey,
regex:
/(.*\/Video)|(.*\.(m4s|mp4|ts|avi|mpeg|mpg|mkv|bin|webm|vob|flv|m2ts|mts|3gp|m4v|wmv|qt))/,
info: 0,
ok: 31556952,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "image",
key: queryCacheKey,
regex:
/(.*\/Images)|(.*\.(jpg|jpeg|png|bmp|pict|tif|tiff|webp|gif|heif|exif|bat|bpg|ppm|pgn|pbm|pnm))/,
info: 0,
ok: 3600,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "frontEnd",
key: queryCacheKey,
regex: /^.*\.(css|js)/,
info: 0,
ok: 3600,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "audio",
key: customCacheKey,
regex:
/(.*\/Audio)|(.*\.(flac|aac|mp3|alac|aiff|wav|ogg|aiff|opus|ape|wma|3gp))/,
info: 0,
ok: 31556952,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "directPlay",
key: customCacheKey,
regex: /.*(\/Download)/,
info: 0,
ok: 31556952,
redirects: 30,
clientError: 10,
serverError: 0,
},
{
asset: "manifest",
key: customCacheKey,
regex: /^.*\.(m3u8|mpd)/,
info: 0,
ok: 3,
redirects: 2,
clientError: 1,
serverError: 0,
},
];
// the `.find` method is used to find elements in an array (`cacheAssets`), in this case, `regex`, which can passed to the .`match` method to match on file extensions to cache, since they are many media types in the array. If you want to add more types, update the array. Refer to https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/find for more information.
const { asset, regex, ...cache } =
cacheAssets.find(({ regex }) => newRequest.pathname.match(regex)) ?? {};
const newResponse = await fetch(request, {
cf: {
cacheKey: cache.key,
polish: false,
cacheEverything: true,
cacheTtlByStatus: {
"100-199": cache.info,
"200-299": cache.ok,
"300-399": cache.redirects,
"400-499": cache.clientError,
"500-599": cache.serverError,
},
cacheTags: ["static"],
},
});
const response = new Response(newResponse.body, newResponse);
// For debugging purposes
response.headers.set("debug", JSON.stringify(cache));
return response;
}
```
## Using the HTTP Cache API
The `cache` mode can be set in `fetch` options.
Currently Workers only support the `no-store` mode for controlling the cache.
When `no-store` is supplied the cache is bypassed on the way to the origin and the request is not cacheable.
```js
fetch(request, { cache: 'no-store'});
```
---
# Conditional response
URL: https://developers.cloudflare.com/workers/examples/conditional-response/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/conditional-response)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const BLOCKED_HOSTNAMES = ["nope.mywebsite.com", "bye.website.com"];
// Return a new Response based on a URL's hostname
const url = new URL(request.url);
if (BLOCKED_HOSTNAMES.includes(url.hostname)) {
return new Response("Blocked Host", { status: 403 });
}
// Block paths ending in .doc or .xml based on the URL's file extension
const forbiddenExtRegExp = new RegExp(/\.(doc|xml)$/);
if (forbiddenExtRegExp.test(url.pathname)) {
return new Response("Blocked Extension", { status: 403 });
}
// On HTTP method
if (request.method === "POST") {
return new Response("Response for POST");
}
// On User Agent
const userAgent = request.headers.get("User-Agent") || "";
if (userAgent.includes("bot")) {
return new Response("Block User Agent containing bot", { status: 403 });
}
// On Client's IP address
const clientIP = request.headers.get("CF-Connecting-IP");
if (clientIP === "1.2.3.4") {
return new Response("Block the IP 1.2.3.4", { status: 403 });
}
// On ASN
if (request.cf && request.cf.asn == 64512) {
return new Response("Block the ASN 64512 response");
}
// On Device Type
// Requires Enterprise "CF-Device-Type Header" zone setting or
// Page Rule with "Cache By Device Type" setting applied.
const device = request.headers.get("CF-Device-Type");
if (device === "mobile") {
return Response.redirect("https://mobile.example.com");
}
console.error(
"Getting Client's IP address, device type, and ASN are not supported in playground. Must test on a live worker",
);
return fetch(request);
},
};
```
```ts
export default {
async fetch(request): Promise {
const BLOCKED_HOSTNAMES = ["nope.mywebsite.com", "bye.website.com"];
// Return a new Response based on a URL's hostname
const url = new URL(request.url);
if (BLOCKED_HOSTNAMES.includes(url.hostname)) {
return new Response("Blocked Host", { status: 403 });
}
// Block paths ending in .doc or .xml based on the URL's file extension
const forbiddenExtRegExp = new RegExp(/\.(doc|xml)$/);
if (forbiddenExtRegExp.test(url.pathname)) {
return new Response("Blocked Extension", { status: 403 });
}
// On HTTP method
if (request.method === "POST") {
return new Response("Response for POST");
}
// On User Agent
const userAgent = request.headers.get("User-Agent") || "";
if (userAgent.includes("bot")) {
return new Response("Block User Agent containing bot", { status: 403 });
}
// On Client's IP address
const clientIP = request.headers.get("CF-Connecting-IP");
if (clientIP === "1.2.3.4") {
return new Response("Block the IP 1.2.3.4", { status: 403 });
}
// On ASN
if (request.cf && request.cf.asn == 64512) {
return new Response("Block the ASN 64512 response");
}
// On Device Type
// Requires Enterprise "CF-Device-Type Header" zone setting or
// Page Rule with "Cache By Device Type" setting applied.
const device = request.headers.get("CF-Device-Type");
if (device === "mobile") {
return Response.redirect("https://mobile.example.com");
}
console.error(
"Getting Client's IP address, device type, and ASN are not supported in playground. Must test on a live worker",
);
return fetch(request);
},
} satisfies ExportedHandler;
```
```py
import re
from workers import Response
from urllib.parse import urlparse
async def on_fetch(request):
blocked_hostnames = ["nope.mywebsite.com", "bye.website.com"]
url = urlparse(request.url)
# Block on hostname
if url.hostname in blocked_hostnames:
return Response("Blocked Host", status=403)
# On paths ending in .doc or .xml
if re.search(r'\.(doc|xml)$', url.path):
return Response("Blocked Extension", status=403)
# On HTTP method
if "POST" in request.method:
return Response("Response for POST")
# On User Agent
user_agent = request.headers["User-Agent"] or ""
if "bot" in user_agent:
return Response("Block User Agent containing bot", status=403)
# On Client's IP address
client_ip = request.headers["CF-Connecting-IP"]
if client_ip == "1.2.3.4":
return Response("Block the IP 1.2.3.4", status=403)
# On ASN
if request.cf and request.cf.asn == 64512:
return Response("Block the ASN 64512 response")
# On Device Type
# Requires Enterprise "CF-Device-Type Header" zone setting or
# Page Rule with "Cache By Device Type" setting applied.
device = request.headers["CF-Device-Type"]
if device == "mobile":
return Response.redirect("https://mobile.example.com")
return fetch(request)
```
```ts
import { Hono } from "hono";
import { HTTPException } from "hono/http-exception";
const app = new Hono();
// Middleware to handle all conditions before reaching the main handler
app.use("*", async (c, next) => {
const request = c.req.raw;
const BLOCKED_HOSTNAMES = ["nope.mywebsite.com", "bye.website.com"];
const hostname = new URL(c.req.url)?.hostname;
// Return a new Response based on a URL's hostname
if (BLOCKED_HOSTNAMES.includes(hostname)) {
return c.text("Blocked Host", 403);
}
// Block paths ending in .doc or .xml based on the URL's file extension
const forbiddenExtRegExp = new RegExp(/\.(doc|xml)$/);
if (forbiddenExtRegExp.test(c.req.pathname)) {
return c.text("Blocked Extension", 403);
}
// On User Agent
const userAgent = c.req.header("User-Agent") || "";
if (userAgent.includes("bot")) {
return c.text("Block User Agent containing bot", 403);
}
// On Client's IP address
const clientIP = c.req.header("CF-Connecting-IP");
if (clientIP === "1.2.3.4") {
return c.text("Block the IP 1.2.3.4", 403);
}
// On ASN
if (request.cf && request.cf.asn === 64512) {
return c.text("Block the ASN 64512 response");
}
// On Device Type
// Requires Enterprise "CF-Device-Type Header" zone setting or
// Page Rule with "Cache By Device Type" setting applied.
const device = c.req.header("CF-Device-Type");
if (device === "mobile") {
return c.redirect("https://mobile.example.com");
}
// Continue to the next handler
await next();
});
// Handle POST requests differently
app.post("*", (c) => {
return c.text("Response for POST");
});
// Default handler for other methods
app.get("*", async (c) => {
console.error(
"Getting Client's IP address, device type, and ASN are not supported in playground. Must test on a live worker",
);
// Fetch the original request
return fetch(c.req.raw);
});
export default app;
```
---
# CORS header proxy
URL: https://developers.cloudflare.com/workers/examples/cors-header-proxy/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/cors-header-proxy)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const corsHeaders = {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
"Access-Control-Max-Age": "86400",
};
// The URL for the remote third party API you want to fetch from
// but does not implement CORS
const API_URL = "https://examples.cloudflareworkers.com/demos/demoapi";
// The endpoint you want the CORS reverse proxy to be on
const PROXY_ENDPOINT = "/corsproxy/";
// The rest of this snippet for the demo page
function rawHtmlResponse(html) {
return new Response(html, {
headers: {
"content-type": "text/html;charset=UTF-8",
},
});
}
const DEMO_PAGE = `
Waiting
`;
async function handleRequest(request) {
const url = new URL(request.url);
let apiUrl = url.searchParams.get("apiurl");
if (apiUrl == null) {
apiUrl = API_URL;
}
// Rewrite request to point to API URL. This also makes the request mutable
// so you can add the correct Origin header to make the API server think
// that this request is not cross-site.
request = new Request(apiUrl, request);
request.headers.set("Origin", new URL(apiUrl).origin);
let response = await fetch(request);
// Recreate the response so you can modify the headers
response = new Response(response.body, response);
// Set CORS headers
response.headers.set("Access-Control-Allow-Origin", url.origin);
// Append to/Add Vary header so browser will cache response correctly
response.headers.append("Vary", "Origin");
return response;
}
async function handleOptions(request) {
if (
request.headers.get("Origin") !== null &&
request.headers.get("Access-Control-Request-Method") !== null &&
request.headers.get("Access-Control-Request-Headers") !== null
) {
// Handle CORS preflight requests.
return new Response(null, {
headers: {
...corsHeaders,
"Access-Control-Allow-Headers": request.headers.get(
"Access-Control-Request-Headers",
),
},
});
} else {
// Handle standard OPTIONS request.
return new Response(null, {
headers: {
Allow: "GET, HEAD, POST, OPTIONS",
},
});
}
}
const url = new URL(request.url);
if (url.pathname.startsWith(PROXY_ENDPOINT)) {
if (request.method === "OPTIONS") {
// Handle CORS preflight requests
return handleOptions(request);
} else if (
request.method === "GET" ||
request.method === "HEAD" ||
request.method === "POST"
) {
// Handle requests to the API server
return handleRequest(request);
} else {
return new Response(null, {
status: 405,
statusText: "Method Not Allowed",
});
}
} else {
return rawHtmlResponse(DEMO_PAGE);
}
},
};
```
```ts
export default {
async fetch(request): Promise {
const corsHeaders = {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
"Access-Control-Max-Age": "86400",
};
// The URL for the remote third party API you want to fetch from
// but does not implement CORS
const API_URL = "https://examples.cloudflareworkers.com/demos/demoapi";
// The endpoint you want the CORS reverse proxy to be on
const PROXY_ENDPOINT = "/corsproxy/";
// The rest of this snippet for the demo page
function rawHtmlResponse(html) {
return new Response(html, {
headers: {
"content-type": "text/html;charset=UTF-8",
},
});
}
const DEMO_PAGE = `
Waiting
`;
async function handleRequest(request) {
const url = new URL(request.url);
let apiUrl = url.searchParams.get("apiurl");
if (apiUrl == null) {
apiUrl = API_URL;
}
// Rewrite request to point to API URL. This also makes the request mutable
// so you can add the correct Origin header to make the API server think
// that this request is not cross-site.
request = new Request(apiUrl, request);
request.headers.set("Origin", new URL(apiUrl).origin);
let response = await fetch(request);
// Recreate the response so you can modify the headers
response = new Response(response.body, response);
// Set CORS headers
response.headers.set("Access-Control-Allow-Origin", url.origin);
// Append to/Add Vary header so browser will cache response correctly
response.headers.append("Vary", "Origin");
return response;
}
async function handleOptions(request) {
if (
request.headers.get("Origin") !== null &&
request.headers.get("Access-Control-Request-Method") !== null &&
request.headers.get("Access-Control-Request-Headers") !== null
) {
// Handle CORS preflight requests.
return new Response(null, {
headers: {
...corsHeaders,
"Access-Control-Allow-Headers": request.headers.get(
"Access-Control-Request-Headers",
),
},
});
} else {
// Handle standard OPTIONS request.
return new Response(null, {
headers: {
Allow: "GET, HEAD, POST, OPTIONS",
},
});
}
}
const url = new URL(request.url);
if (url.pathname.startsWith(PROXY_ENDPOINT)) {
if (request.method === "OPTIONS") {
// Handle CORS preflight requests
return handleOptions(request);
} else if (
request.method === "GET" ||
request.method === "HEAD" ||
request.method === "POST"
) {
// Handle requests to the API server
return handleRequest(request);
} else {
return new Response(null, {
status: 405,
statusText: "Method Not Allowed",
});
}
} else {
return rawHtmlResponse(DEMO_PAGE);
}
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
import { cors } from "hono/cors";
// The URL for the remote third party API you want to fetch from
// but does not implement CORS
const API_URL = "https://examples.cloudflareworkers.com/demos/demoapi";
// The endpoint you want the CORS reverse proxy to be on
const PROXY_ENDPOINT = "/corsproxy/";
const app = new Hono();
// Demo page handler
app.get("*", async (c) => {
// Only handle non-proxy requests with this handler
if (c.req.path.startsWith(PROXY_ENDPOINT)) {
return next();
}
// Create the demo page HTML
const DEMO_PAGE = `
Waiting
"#
);
if req.url()?.path().starts_with(proxy_endpoint) {
match req.method() {
Method::Options => return handle_options(req, &cors_headers),
Method::Get | Method::Head | Method::Post => return handle_request(req, api_url).await,
_ => return Response::error("Method Not Allowed", 405),
}
}
raw_html_response(&demo_page)
}
```
```
---
# Country code redirect
URL: https://developers.cloudflare.com/workers/examples/country-code-redirect/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/country-code-redirect)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
/**
* A map of the URLs to redirect to
* @param {Object} countryMap
*/
const countryMap = {
US: "https://example.com/us",
EU: "https://example.com/eu",
};
// Use the cf object to obtain the country of the request
// more on the cf object: https://developers.cloudflare.com/workers/runtime-apis/request#incomingrequestcfproperties
const country = request.cf.country;
if (country != null && country in countryMap) {
const url = countryMap[country];
// Remove this logging statement from your final output.
console.log(
`Based on ${country}-based request, your user would go to ${url}.`,
);
return Response.redirect(url);
} else {
return fetch("https://example.com", request);
}
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* A map of the URLs to redirect to
* @param {Object} countryMap
*/
const countryMap = {
US: "https://example.com/us",
EU: "https://example.com/eu",
};
// Use the cf object to obtain the country of the request
// more on the cf object: https://developers.cloudflare.com/workers/runtime-apis/request#incomingrequestcfproperties
const country = request.cf.country;
if (country != null && country in countryMap) {
const url = countryMap[country];
return Response.redirect(url);
} else {
return fetch(request);
}
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
async def on_fetch(request):
countries = {
"US": "https://example.com/us",
"EU": "https://example.com/eu",
}
# Use the cf object to obtain the country of the request
# more on the cf object: https://developers.cloudflare.com/workers/runtime-apis/request#incomingrequestcfproperties
country = request.cf.country
if country and country in countries:
url = countries[country]
return Response.redirect(url)
return fetch("https://example.com", request)
```
```ts
import { Hono } from 'hono';
// Define the RequestWithCf interface to add Cloudflare-specific properties
interface RequestWithCf extends Request {
cf: {
country: string;
// Other CF properties can be added as needed
};
}
const app = new Hono();
app.get('*', async (c) => {
/**
* A map of the URLs to redirect to
*/
const countryMap: Record = {
US: "https://example.com/us",
EU: "https://example.com/eu",
};
// Cast the raw request to include Cloudflare-specific properties
const request = c.req.raw as RequestWithCf;
// Use the cf object to obtain the country of the request
// more on the cf object: https://developers.cloudflare.com/workers/runtime-apis/request#incomingrequestcfproperties
const country = request.cf.country;
if (country != null && country in countryMap) {
const url = countryMap[country];
// Redirect using Hono's redirect helper
return c.redirect(url);
} else {
// Default fallback
return fetch("https://example.com", request);
}
});
export default app;
```
---
# Setting Cron Triggers
URL: https://developers.cloudflare.com/workers/examples/cron-trigger/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/cron-trigger)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { Render, TabItem, Tabs, WranglerConfig } from "~/components";
```js
export default {
async scheduled(controller, env, ctx) {
console.log("cron processed");
},
};
```
```ts
interface Env {}
export default {
async scheduled(
controller: ScheduledController,
env: Env,
ctx: ExecutionContext,
) {
console.log("cron processed");
},
};
```
```python
from workers import handler
@handler
async def on_scheduled(controller, env, ctx):
print("cron processed")
```
```ts
import { Hono } from 'hono';
interface Env {}
// Create Hono app
const app = new Hono<{ Bindings: Env }>();
// Regular routes for normal HTTP requests
app.get('/', (c) => c.text('Hello World!'));
// Export both the app and a scheduled function
export default {
// The Hono app handles regular HTTP requests
fetch: app.fetch,
// The scheduled function handles Cron triggers
async scheduled(
controller: ScheduledController,
env: Env,
ctx: ExecutionContext,
) {
console.log("cron processed");
// You could also perform actions like:
// - Fetching data from external APIs
// - Updating KV or Durable Object storage
// - Running maintenance tasks
// - Sending notifications
},
};
```
## Set Cron Triggers in Wrangler
Refer to [Cron Triggers](/workers/configuration/cron-triggers/) for more information on how to add a Cron Trigger.
If you are deploying with Wrangler, set the cron syntax (once per hour as shown below) by adding this to your Wrangler file:
```toml
name = "worker"
# ...
[triggers]
crons = ["0 * * * *"]
```
You also can set a different Cron Trigger for each [environment](/workers/wrangler/environments/) in your [Wrangler configuration file](/workers/wrangler/configuration/). You need to put the `[triggers]` table under your chosen environment. For example:
```toml
[env.dev.triggers]
crons = ["0 * * * *"]
```
## Test Cron Triggers using Wrangler
The recommended way of testing Cron Triggers is using Wrangler.
Cron Triggers can be tested using Wrangler by passing in the `--test-scheduled` flag to [`wrangler dev`](/workers/wrangler/commands/#dev). This will expose a `/__scheduled` (or `/cdn-cgi/handler/scheduled` for Python Workers) route which can be used to test using a HTTP request. To simulate different cron patterns, a `cron` query parameter can be passed in.
```sh
npx wrangler dev --test-scheduled
curl "http://localhost:8787/__scheduled?cron=0+*+*+*+*"
curl "http://localhost:8787/cdn-cgi/handler/scheduled?cron=*+*+*+*+*" # Python Workers
```
---
# Data loss prevention
URL: https://developers.cloudflare.com/workers/examples/data-loss-prevention/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/data-loss-prevention)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const DEBUG = true;
const SOME_HOOK_SERVER = "https://webhook.flow-wolf.io/hook";
/**
* Alert a data breach by posting to a webhook server
*/
async function postDataBreach(request) {
return await fetch(SOME_HOOK_SERVER, {
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
},
body: JSON.stringify({
ip: request.headers.get("cf-connecting-ip"),
time: Date.now(),
request: request,
}),
});
}
/**
* Define personal data with regular expressions.
* Respond with block if credit card data, and strip
* emails and phone numbers from the response.
* Execution will be limited to MIME type "text/*".
*/
const response = await fetch(request);
// Return origin response, if response wasn’t text
const contentType = response.headers.get("content-type") || "";
if (!contentType.toLowerCase().includes("text/")) {
return response;
}
let text = await response.text();
// When debugging replace the response
// from the origin with an email
text = DEBUG
? text.replace("You may use this", "me@example.com may use this")
: text;
const sensitiveRegexsMap = {
creditCard: String.raw`\b(?:4[0-9]{12}(?:[0-9]{3})?|(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})\b`,
email: String.raw`\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b`,
phone: String.raw`\b07\d{9}\b`,
};
for (const kind in sensitiveRegexsMap) {
const sensitiveRegex = new RegExp(sensitiveRegexsMap[kind], "ig");
const match = await sensitiveRegex.test(text);
if (match) {
// Alert a data breach
await postDataBreach(request);
// Respond with a block if credit card,
// otherwise replace sensitive text with `*`s
return kind === "creditCard"
? new Response(kind + " found\nForbidden\n", {
status: 403,
statusText: "Forbidden",
})
: new Response(text.replace(sensitiveRegex, "**********"), response);
}
}
return new Response(text, response);
},
};
```
```ts
export default {
async fetch(request): Promise {
const DEBUG = true;
const SOME_HOOK_SERVER = "https://webhook.flow-wolf.io/hook";
/**
* Alert a data breach by posting to a webhook server
*/
async function postDataBreach(request) {
return await fetch(SOME_HOOK_SERVER, {
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
},
body: JSON.stringify({
ip: request.headers.get("cf-connecting-ip"),
time: Date.now(),
request: request,
}),
});
}
/**
* Define personal data with regular expressions.
* Respond with block if credit card data, and strip
* emails and phone numbers from the response.
* Execution will be limited to MIME type "text/*".
*/
const response = await fetch(request);
// Return origin response, if response wasn’t text
const contentType = response.headers.get("content-type") || "";
if (!contentType.toLowerCase().includes("text/")) {
return response;
}
let text = await response.text();
// When debugging replace the response
// from the origin with an email
text = DEBUG
? text.replace("You may use this", "me@example.com may use this")
: text;
const sensitiveRegexsMap = {
creditCard: String.raw`\b(?:4[0-9]{12}(?:[0-9]{3})?|(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})\b`,
email: String.raw`\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b`,
phone: String.raw`\b07\d{9}\b`,
};
for (const kind in sensitiveRegexsMap) {
const sensitiveRegex = new RegExp(sensitiveRegexsMap[kind], "ig");
const match = await sensitiveRegex.test(text);
if (match) {
// Alert a data breach
await postDataBreach(request);
// Respond with a block if credit card,
// otherwise replace sensitive text with `*`s
return kind === "creditCard"
? new Response(kind + " found\nForbidden\n", {
status: 403,
statusText: "Forbidden",
})
: new Response(text.replace(sensitiveRegex, "**********"), response);
}
}
return new Response(text, response);
},
} satisfies ExportedHandler;
```
```py
import re
from datetime import datetime
from js import Response, fetch, JSON, Headers
# Alert a data breach by posting to a webhook server
async def post_data_breach(request):
some_hook_server = "https://webhook.flow-wolf.io/hook"
headers = Headers.new({"content-type": "application/json"}.items())
body = JSON.stringify({
"ip": request.headers["cf-connecting-ip"],
"time": datetime.now(),
"request": request,
})
return await fetch(some_hook_server, method="POST", headers=headers, body=body)
async def on_fetch(request):
debug = True
# Define personal data with regular expressions.
# Respond with block if credit card data, and strip
# emails and phone numbers from the response.
# Execution will be limited to MIME type "text/*".
response = await fetch(request)
# Return origin response, if response wasn’t text
content_type = response.headers["content-type"] or ""
if "text" not in content_type:
return response
text = await response.text()
# When debugging replace the response from the origin with an email
text = text.replace("You may use this", "me@example.com may use this") if debug else text
sensitive_regex = [
("credit_card",
r'\b(?:4[0-9]{12}(?:[0-9]{3})?|(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})\b'),
("email", r'\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b'),
("phone", r'\b07\d{9}\b'),
]
for (kind, regex) in sensitive_regex:
match = re.search(regex, text, flags=re.IGNORECASE)
if match:
# Alert a data breach
await post_data_breach(request)
# Respond with a block if credit card, otherwise replace sensitive text with `*`s
card_resp = Response.new(kind + " found\nForbidden\n", status=403,statusText="Forbidden")
sensitive_resp = Response.new(re.sub(regex, "*"*10, text, flags=re.IGNORECASE), response)
return card_resp if kind == "credit_card" else sensitive_resp
return Response.new(text, response)
```
```ts
import { Hono } from 'hono';
const app = new Hono();
// Configuration
const DEBUG = true;
const SOME_HOOK_SERVER = "https://webhook.flow-wolf.io/hook";
// Define sensitive data patterns
const sensitiveRegexsMap = {
creditCard: String.raw`\b(?:4[0-9]{12}(?:[0-9]{3})?|(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})\b`,
email: String.raw`\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b`,
phone: String.raw`\b07\d{9}\b`,
};
/**
* Alert a data breach by posting to a webhook server
*/
async function postDataBreach(request: Request) {
return await fetch(SOME_HOOK_SERVER, {
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
},
body: JSON.stringify({
ip: request.headers.get("cf-connecting-ip"),
time: Date.now(),
request: request,
}),
});
}
// Main middleware to handle data loss prevention
app.use('*', async (c) => {
// Fetch the origin response
const response = await fetch(c.req.raw);
// Return origin response if response wasn't text
const contentType = response.headers.get("content-type") || "";
if (!contentType.toLowerCase().includes("text/")) {
return response;
}
// Get the response text
let text = await response.text();
// When debugging, replace the response from the origin with an email
text = DEBUG
? text.replace("You may use this", "me@example.com may use this")
: text;
// Check for sensitive data
for (const kind in sensitiveRegexsMap) {
const sensitiveRegex = new RegExp(sensitiveRegexsMap[kind], "ig");
const match = sensitiveRegex.test(text);
if (match) {
// Alert a data breach
await postDataBreach(c.req.raw);
// Respond with a block if credit card, otherwise replace sensitive text with `*`s
if (kind === "creditCard") {
return c.text(`${kind} found\nForbidden\n`, 403);
} else {
return new Response(text.replace(sensitiveRegex, "**********"), {
status: response.status,
statusText: response.statusText,
headers: response.headers,
});
}
}
}
// Return the modified response
return new Response(text, {
status: response.status,
statusText: response.statusText,
headers: response.headers,
});
});
export default app;
```
---
# Debugging logs
URL: https://developers.cloudflare.com/workers/examples/debugging-logs/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/debugging-logs)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request, env, ctx) {
// Service configured to receive logs
const LOG_URL = "https://log-service.example.com/";
async function postLog(data) {
return await fetch(LOG_URL, {
method: "POST",
body: data,
});
}
let response;
try {
response = await fetch(request);
if (!response.ok && !response.redirected) {
const body = await response.text();
throw new Error(
"Bad response at origin. Status: " +
response.status +
" Body: " +
// Ensure the string is small enough to be a header
body.trim().substring(0, 10),
);
}
} catch (err) {
// Without ctx.waitUntil(), your fetch() to Cloudflare's
// logging service may or may not complete
ctx.waitUntil(postLog(err.toString()));
const stack = JSON.stringify(err.stack) || err;
// Copy the response and initialize body to the stack trace
response = new Response(stack, response);
// Add the error stack into a header to find out what happened
response.headers.set("X-Debug-stack", stack);
response.headers.set("X-Debug-err", err);
}
return response;
},
};
```
```ts
interface Env {}
export default {
async fetch(request, env, ctx): Promise {
// Service configured to receive logs
const LOG_URL = "https://log-service.example.com/";
async function postLog(data) {
return await fetch(LOG_URL, {
method: "POST",
body: data,
});
}
let response;
try {
response = await fetch(request);
if (!response.ok && !response.redirected) {
const body = await response.text();
throw new Error(
"Bad response at origin. Status: " +
response.status +
" Body: " +
// Ensure the string is small enough to be a header
body.trim().substring(0, 10),
);
}
} catch (err) {
// Without ctx.waitUntil(), your fetch() to Cloudflare's
// logging service may or may not complete
ctx.waitUntil(postLog(err.toString()));
const stack = JSON.stringify(err.stack) || err;
// Copy the response and initialize body to the stack trace
response = new Response(stack, response);
// Add the error stack into a header to find out what happened
response.headers.set("X-Debug-stack", stack);
response.headers.set("X-Debug-err", err);
}
return response;
},
} satisfies ExportedHandler;
```
```py
import json
import traceback
from pyodide.ffi import create_once_callable
from js import Response, fetch, Headers
async def on_fetch(request, _env, ctx):
# Service configured to receive logs
log_url = "https://log-service.example.com/"
async def post_log(data):
return await fetch(log_url, method="POST", body=data)
response = await fetch(request)
try:
if not response.ok and not response.redirected:
body = await response.text()
# Simulating an error. Ensure the string is small enough to be a header
raise Exception(f'Bad response at origin. Status:{response.status} Body:{body.strip()[:10]}')
except Exception as e:
# Without ctx.waitUntil(), your fetch() to Cloudflare's
# logging service may or may not complete
ctx.waitUntil(create_once_callable(post_log(e)))
stack = json.dumps(traceback.format_exc()) or e
# Copy the response and add to header
response = Response.new(stack, response)
response.headers["X-Debug-stack"] = stack
response.headers["X-Debug-err"] = e
return response
```
```ts
import { Hono } from 'hono';
// Define the environment with appropriate types
interface Env {}
const app = new Hono<{ Bindings: Env }>();
// Service configured to receive logs
const LOG_URL = "https://log-service.example.com/";
// Function to post logs to an external service
async function postLog(data: string) {
return await fetch(LOG_URL, {
method: "POST",
body: data,
});
}
// Middleware to handle error logging
app.use('*', async (c, next) => {
try {
// Process the request with the next handler
await next();
// After processing, check if the response indicates an error
if (c.res && (!c.res.ok && !c.res.redirected)) {
const body = await c.res.clone().text();
throw new Error(
"Bad response at origin. Status: " +
c.res.status +
" Body: " +
// Ensure the string is small enough to be a header
body.trim().substring(0, 10)
);
}
} catch (err) {
// Without waitUntil, the fetch to the logging service may not complete
c.executionCtx.waitUntil(
postLog(err.toString())
);
// Get the error stack or error itself
const stack = JSON.stringify(err.stack) || err.toString();
// Create a new response with the error information
const response = c.res ?
new Response(stack, {
status: c.res.status,
headers: c.res.headers
}) :
new Response(stack, { status: 500 });
// Add debug headers
response.headers.set("X-Debug-stack", stack);
response.headers.set("X-Debug-err", err.toString());
// Set the modified response
c.res = response;
}
});
// Default route handler that passes requests through
app.all('*', async (c) => {
return fetch(c.req.raw);
});
export default app;
```
---
# Cookie parsing
URL: https://developers.cloudflare.com/workers/examples/extract-cookie-value/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/extract-cookie-value)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
import { parse } from "cookie";
export default {
async fetch(request) {
// The name of the cookie
const COOKIE_NAME = "__uid";
const cookie = parse(request.headers.get("Cookie") || "");
if (cookie[COOKIE_NAME] != null) {
// Respond with the cookie value
return new Response(cookie[COOKIE_NAME]);
}
return new Response("No cookie with name: " + COOKIE_NAME);
},
};
```
```ts
import { parse } from "cookie";
export default {
async fetch(request): Promise {
// The name of the cookie
const COOKIE_NAME = "__uid";
const cookie = parse(request.headers.get("Cookie") || "");
if (cookie[COOKIE_NAME] != null) {
// Respond with the cookie value
return new Response(cookie[COOKIE_NAME]);
}
return new Response("No cookie with name: " + COOKIE_NAME);
},
} satisfies ExportedHandler;
```
```py
from http.cookies import SimpleCookie
from workers import Response
async def on_fetch(request):
# Name of the cookie
cookie_name = "__uid"
cookies = SimpleCookie(request.headers["Cookie"] or "")
if cookie_name in cookies:
# Respond with cookie value
return Response(cookies[cookie_name].value)
return Response("No cookie with name: " + cookie_name)
```
```ts
import { Hono } from 'hono';
import { getCookie } from 'hono/cookie';
const app = new Hono();
app.get('*', (c) => {
// The name of the cookie
const COOKIE_NAME = "__uid";
// Get the specific cookie value using Hono's cookie helper
const cookieValue = getCookie(c, COOKIE_NAME);
if (cookieValue) {
// Respond with the cookie value
return c.text(cookieValue);
}
return c.text("No cookie with name: " + COOKIE_NAME);
});
export default app;
```
:::note[External dependencies]
This example requires the npm package [`cookie`](https://www.npmjs.com/package/cookie) to be installed in your JavaScript project.
The Hono example uses the built-in cookie utilities provided by Hono, so no external dependencies are needed for that implementation.
:::
---
# Fetch HTML
URL: https://developers.cloudflare.com/workers/examples/fetch-html/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/fetch-html)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { Render, TabItem, Tabs } from "~/components";
```ts
export default {
async fetch(request: Request): Promise {
/**
* Replace `remote` with the host you wish to send requests to
*/
const remote = "https://example.com";
return await fetch(remote, request);
},
};
```
```py
from js import fetch
async def on_fetch(request):
# Replace `remote` with the host you wish to send requests to
remote = "https://example.com"
return await fetch(remote, request)
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.all('*', async (c) => {
/**
* Replace `remote` with the host you wish to send requests to
*/
const remote = "https://example.com";
// Forward the request to the remote server
return await fetch(remote, c.req.raw);
});
export default app;
```
---
# Fetch JSON
URL: https://developers.cloudflare.com/workers/examples/fetch-json/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/fetch-json)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request, env, ctx) {
const url = "https://jsonplaceholder.typicode.com/todos/1";
// gatherResponse returns both content-type & response body as a string
async function gatherResponse(response) {
const { headers } = response;
const contentType = headers.get("content-type") || "";
if (contentType.includes("application/json")) {
return { contentType, result: JSON.stringify(await response.json()) };
}
return { contentType, result: await response.text() };
}
const response = await fetch(url);
const { contentType, result } = await gatherResponse(response);
const options = { headers: { "content-type": contentType } };
return new Response(result, options);
},
};
```
```ts
interface Env {}
export default {
async fetch(request, env, ctx): Promise {
const url = "https://jsonplaceholder.typicode.com/todos/1";
// gatherResponse returns both content-type & response body as a string
async function gatherResponse(response) {
const { headers } = response;
const contentType = headers.get("content-type") || "";
if (contentType.includes("application/json")) {
return { contentType, result: JSON.stringify(await response.json()) };
}
return { contentType, result: await response.text() };
}
const response = await fetch(url);
const { contentType, result } = await gatherResponse(response);
const options = { headers: { "content-type": contentType } };
return new Response(result, options);
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
import json
async def on_fetch(request):
url = "https://jsonplaceholder.typicode.com/todos/1"
# gather_response returns both content-type & response body as a string
async def gather_response(response):
headers = response.headers
content_type = headers["content-type"] or ""
if "application/json" in content_type:
return (content_type, json.dumps(await response.json()))
return (content_type, await response.text())
response = await fetch(url)
content_type, result = await gather_response(response)
headers = {"content-type": content_type}
return Response(result, headers=headers)
```
```ts
import { Hono } from 'hono';
type Env = {};
const app = new Hono<{ Bindings: Env }>();
app.get('*', async (c) => {
const url = "https://jsonplaceholder.typicode.com/todos/1";
// gatherResponse returns both content-type & response body as a string
async function gatherResponse(response: Response) {
const { headers } = response;
const contentType = headers.get("content-type") || "";
if (contentType.includes("application/json")) {
return { contentType, result: JSON.stringify(await response.json()) };
}
return { contentType, result: await response.text() };
}
const response = await fetch(url);
const { contentType, result } = await gatherResponse(response);
return new Response(result, {
headers: { "content-type": contentType }
});
});
export default app;
```
---
# Geolocation: Weather application
URL: https://developers.cloudflare.com/workers/examples/geolocation-app-weather/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/geolocation-app-weather)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
let endpoint = "https://api.waqi.info/feed/geo:";
const token = ""; //Use a token from https://aqicn.org/api/
let html_style = `body{padding:6em; font-family: sans-serif;} h1{color:#f6821f}`;
let html_content = "
`;
// Add background gradient based on hour
html_style += `body{background:${await toCSSGradient(hour)};}`;
// Complete HTML document
let html = `
Geolocation: Customized Design
${html_content}
`;
return c.html(html);
});
export default app;
```
---
# Geolocation: Hello World
URL: https://developers.cloudflare.com/workers/examples/geolocation-hello-world/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/geolocation-hello-world)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
let html_content = "";
let html_style =
"body{padding:6em; font-family: sans-serif;} h1{color:#f6821f;}";
html_content += "
Colo: " + request.cf.colo + "
";
html_content += "
Country: " + request.cf.country + "
";
html_content += "
City: " + request.cf.city + "
";
html_content += "
Continent: " + request.cf.continent + "
";
html_content += "
Latitude: " + request.cf.latitude + "
";
html_content += "
Longitude: " + request.cf.longitude + "
";
html_content += "
PostalCode: " + request.cf.postalCode + "
";
html_content += "
MetroCode: " + request.cf.metroCode + "
";
html_content += "
Region: " + request.cf.region + "
";
html_content += "
RegionCode: " + request.cf.regionCode + "
";
html_content += "
Timezone: " + request.cf.timezone + "
";
let html = `
Geolocation: Hello World
Geolocation: Hello World!
You now have access to geolocation data about where your user is visiting from.
You now have access to geolocation data about where your user is visiting from.
{html_content}
"""
headers = {"content-type": "text/html;charset=UTF-8"}
return Response(html, headers=headers)
```
```ts
import { Hono } from "hono";
import { html } from "hono/html";
// Define the RequestWithCf interface to add Cloudflare-specific properties
interface RequestWithCf extends Request {
cf: {
// Cloudflare-specific properties for geolocation
colo: string;
country: string;
city: string;
continent: string;
latitude: string;
longitude: string;
postalCode: string;
metroCode: string;
region: string;
regionCode: string;
timezone: string;
// Add other CF properties as needed
};
}
const app = new Hono();
app.get("*", (c) => {
// Cast the raw request to include Cloudflare-specific properties
const request = c.req.raw;
// Define styles
const html_style =
"body{padding:6em; font-family: sans-serif;} h1{color:#f6821f;}";
// Create content with geolocation data
let html_content = html`
Colo: ${request.cf.colo}
Country: ${request.cf.country}
City: ${request.cf.city}
Continent: ${request.cf.continent}
Latitude: ${request.cf.latitude}
Longitude: ${request.cf.longitude}
PostalCode: ${request.cf.postalCode}
MetroCode: ${request.cf.metroCode}
Region: ${request.cf.region}
RegionCode: ${request.cf.regionCode}
Timezone: ${request.cf.timezone}
`;
// Compose the full HTML
const htmlContent = html`
Geolocation: Hello World
Geolocation: Hello World!
You now have access to geolocation data about where your user is
visiting from.
${html_content}
`;
// Return the HTML response
return c.html(htmlContent);
});
export default app;
```
---
# Hot-link protection
URL: https://developers.cloudflare.com/workers/examples/hot-link-protection/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/hot-link-protection)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const HOMEPAGE_URL = "https://tutorial.cloudflareworkers.com/";
const PROTECTED_TYPE = "image/";
// Fetch the original request
const response = await fetch(request);
// If it's an image, engage hotlink protection based on the
// Referer header.
const referer = request.headers.get("Referer");
const contentType = response.headers.get("Content-Type") || "";
if (referer && contentType.startsWith(PROTECTED_TYPE)) {
// If the hostnames don't match, it's a hotlink
if (new URL(referer).hostname !== new URL(request.url).hostname) {
// Redirect the user to your website
return Response.redirect(HOMEPAGE_URL, 302);
}
}
// Everything is fine, return the response normally.
return response;
},
};
```
```ts
export default {
async fetch(request): Promise {
const HOMEPAGE_URL = "https://tutorial.cloudflareworkers.com/";
const PROTECTED_TYPE = "image/";
// Fetch the original request
const response = await fetch(request);
// If it's an image, engage hotlink protection based on the
// Referer header.
const referer = request.headers.get("Referer");
const contentType = response.headers.get("Content-Type") || "";
if (referer && contentType.startsWith(PROTECTED_TYPE)) {
// If the hostnames don't match, it's a hotlink
if (new URL(referer).hostname !== new URL(request.url).hostname) {
// Redirect the user to your website
return Response.redirect(HOMEPAGE_URL, 302);
}
}
// Everything is fine, return the response normally.
return response;
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
from urllib.parse import urlparse
async def on_fetch(request):
homepage_url = "https://tutorial.cloudflareworkers.com/"
protected_type = "image/"
# Fetch the original request
response = await fetch(request)
# If it's an image, engage hotlink protection based on the referer header
referer = request.headers["Referer"]
content_type = response.headers["Content-Type"] or ""
if referer and content_type.startswith(protected_type):
# If the hostnames don't match, it's a hotlink
if urlparse(referer).hostname != urlparse(request.url).hostname:
# Redirect the user to your website
return Response.redirect(homepage_url, 302)
# Everything is fine, return the response normally
return response
```
```ts
import { Hono } from 'hono';
const app = new Hono();
// Middleware for hot-link protection
app.use('*', async (c, next) => {
const HOMEPAGE_URL = "https://tutorial.cloudflareworkers.com/";
const PROTECTED_TYPE = "image/";
// Continue to the next handler to get the response
await next();
// If we have a response, check for hotlinking
if (c.res) {
// If it's an image, engage hotlink protection based on the Referer header
const referer = c.req.header("Referer");
const contentType = c.res.headers.get("Content-Type") || "";
if (referer && contentType.startsWith(PROTECTED_TYPE)) {
// If the hostnames don't match, it's a hotlink
if (new URL(referer).hostname !== new URL(c.req.url).hostname) {
// Redirect the user to your website
c.res = c.redirect(HOMEPAGE_URL, 302);
}
}
}
});
// Default route handler that passes through the request to the origin
app.all('*', async (c) => {
// Fetch the original request
return fetch(c.req.raw);
});
export default app;
```
---
# Examples
URL: https://developers.cloudflare.com/workers/examples/
import { GlossaryTooltip, ListExamples } from "~/components";
Explore the following examples for Workers.
---
# Custom Domain with Images
URL: https://developers.cloudflare.com/workers/examples/images-workers/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/images-workers)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
To serve images from a custom domain:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
2. Select your account > select **Workers & Pages**.
3. Select **Create application** > **Workers** > **Create Worker** and create your Worker.
4. In your Worker, select **Quick edit** and paste the following code.
```js
export default {
async fetch(request) {
// You can find this in the dashboard, it should look something like this: ZWd9g1K7eljCn_KDTu_MWA
const accountHash = "";
const { pathname } = new URL(request.url);
// A request to something like cdn.example.com/83eb7b2-5392-4565-b69e-aff66acddd00/public
// will fetch "https://imagedelivery.net//83eb7b2-5392-4565-b69e-aff66acddd00/public"
return fetch(`https://imagedelivery.net/${accountHash}${pathname}`);
},
};
```
```ts
export default {
async fetch(request): Promise {
// You can find this in the dashboard, it should look something like this: ZWd9g1K7eljCn_KDTu_MWA
const accountHash = "";
const { pathname } = new URL(request.url);
// A request to something like cdn.example.com/83eb7b2-5392-4565-b69e-aff66acddd00/public
// will fetch "https://imagedelivery.net//83eb7b2-5392-4565-b69e-aff66acddd00/public"
return fetch(`https://imagedelivery.net/${accountHash}${pathname}`);
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from 'hono';
interface Env {
// You can store your account hash as a binding variable
ACCOUNT_HASH?: string;
}
const app = new Hono<{ Bindings: Env }>();
app.get('*', async (c) => {
// You can find this in the dashboard, it should look something like this: ZWd9g1K7eljCn_KDTu_MWA
// Either get it from environment or hardcode it here
const accountHash = c.env.ACCOUNT_HASH || "";
const url = new URL(c.req.url);
// A request to something like cdn.example.com/83eb7b2-5392-4565-b69e-aff66acddd00/public
// will fetch "https://imagedelivery.net//83eb7b2-5392-4565-b69e-aff66acddd00/public"
return fetch(`https://imagedelivery.net/${accountHash}${url.pathname}`);
});
export default app;
```
```py
from js import URL, fetch
async def on_fetch(request):
# You can find this in the dashboard, it should look something like this: ZWd9g1K7eljCn_KDTu_MWA
account_hash = ""
url = URL.new(request.url)
# A request to something like cdn.example.com/83eb7b2-5392-4565-b69e-aff66acddd00/public
# will fetch "https://imagedelivery.net//83eb7b2-5392-4565-b69e-aff66acddd00/public"
return fetch(f'https://imagedelivery.net/{account_hash}{url.pathname}')
```
Another way you can serve images from a custom domain is by using the `cdn-cgi/imagedelivery` prefix path which is used as path to trigger `cdn-cgi` image proxy.
Below is an example showing the hostname as a Cloudflare proxied domain under the same account as the Image, followed with the prefix path and the image ``, `` and `` which can be found in the **Images** on the Cloudflare dashboard.
```js
https://example.com/cdn-cgi/imagedelivery///
```
---
# Logging headers to console
URL: https://developers.cloudflare.com/workers/examples/logging-headers/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/logging-headers)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
console.log(new Map(request.headers));
return new Response("Hello world");
},
};
```
```ts
export default {
async fetch(request): Promise {
console.log(new Map(request.headers));
return new Response("Hello world");
},
} satisfies ExportedHandler;
```
```py
from workers import Response
async def on_fetch(request):
print(dict(request.headers))
return Response('Hello world')
```
```rs
use worker::*;
#[event(fetch)]
async fn fetch(req: HttpRequest, \_env: Env, \_ctx: Context) -> Result {
console_log!("{:?}", req.headers());
Response::ok("hello world")
}
````
```ts
import { Hono } from 'hono';
const app = new Hono();
app.get('*', (c) => {
// Different ways to log headers in Hono:
// 1. Using Map to display headers in console
console.log('Headers as Map:', new Map(c.req.raw.headers));
// 2. Using spread operator to log headers
console.log('Headers spread:', [...c.req.raw.headers]);
// 3. Using Object.fromEntries to convert to an object
console.log('Headers as Object:', Object.fromEntries(c.req.raw.headers));
// 4. Hono's built-in header accessor (for individual headers)
console.log('User-Agent:', c.req.header('User-Agent'));
// 5. Using c.req.headers to get all headers
console.log('All headers from Hono context:', c.req.header());
return c.text('Hello world');
});
export default app;
````
---
## Console-logging headers
Use a `Map` if you need to log a `Headers` object to the console:
```js
console.log(new Map(request.headers));
```
Use the `spread` operator if you need to quickly stringify a `Headers` object:
```js
let requestHeaders = JSON.stringify([...request.headers]);
```
Use `Object.fromEntries` to convert the headers to an object:
```js
let requestHeaders = Object.fromEntries(request.headers);
```
### The problem
When debugging Workers, examine the headers on a request or response. A common mistake is to try to log headers to the developer console via code like this:
```js
console.log(request.headers);
```
Or this:
```js
console.log(`Request headers: ${JSON.stringify(request.headers)}`);
```
Both attempts result in what appears to be an empty object — the string `"{}"` — even though calling `request.headers.has("Your-Header-Name")` might return true. This is the same behavior that browsers implement.
The reason this happens is because [Headers](https://developer.mozilla.org/en-US/docs/Web/API/Headers) objects do not store headers in enumerable JavaScript properties, so the developer console and JSON stringifier do not know how to read the names and values of the headers. It is not actually an empty object, but rather an opaque object.
`Headers` objects are iterable, which you can take advantage of to develop a couple of quick one-liners for debug-printing headers.
### Pass headers through a Map
The first common idiom for making Headers `console.log()`-friendly is to construct a `Map` object from the `Headers` object and log the `Map` object.
```js
console.log(new Map(request.headers));
```
This works because:
- `Map` objects can be constructed from iterables, like `Headers`.
- The `Map` object does store its entries in enumerable JavaScript properties, so the developer console can see into it.
### Spread headers into an array
The `Map` approach works for calls to `console.log()`. If you need to stringify your headers, you will discover that stringifying a `Map` yields nothing more than `[object Map]`.
Even though a `Map` stores its data in enumerable properties, those properties are [Symbol](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol)-keyed. Because of this, `JSON.stringify()` will [ignore Symbol-keyed properties](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol#symbols_and_json.stringify) and you will receive an empty `{}`.
Instead, you can take advantage of the iterability of the `Headers` object in a new way by applying the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_syntax) (`...`) to it.
```js
let requestHeaders = JSON.stringify([...request.headers], null, 2);
console.log(`Request headers: ${requestHeaders}`);
```
### Convert headers into an object with Object.fromEntries (ES2019)
ES2019 provides [`Object.fromEntries`](https://github.com/tc39/proposal-object-from-entries) which is a call to convert the headers into an object:
```js
let headersObject = Object.fromEntries(request.headers);
let requestHeaders = JSON.stringify(headersObject, null, 2);
console.log(`Request headers: ${requestHeaders}`);
```
This results in something like:
```js
Request headers: {
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.9",
"cf-ipcountry": "US",
// ...
}"
```
---
# Modify request property
URL: https://developers.cloudflare.com/workers/examples/modify-request-property/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/modify-request-property)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
/**
* Example someHost is set up to return raw JSON
* @param {string} someUrl the URL to send the request to, since we are setting hostname too only path is applied
* @param {string} someHost the host the request will resolve too
*/
const someHost = "example.com";
const someUrl = "https://foo.example.com/api.js";
/**
* The best practice is to only assign new RequestInit properties
* on the request object using either a method or the constructor
*/
const newRequestInit = {
// Change method
method: "POST",
// Change body
body: JSON.stringify({ bar: "foo" }),
// Change the redirect mode.
redirect: "follow",
// Change headers, note this method will erase existing headers
headers: {
"Content-Type": "application/json",
},
// Change a Cloudflare feature on the outbound response
cf: { apps: false },
};
// Change just the host
const url = new URL(someUrl);
url.hostname = someHost;
// Best practice is to always use the original request to construct the new request
// to clone all the attributes. Applying the URL also requires a constructor
// since once a Request has been constructed, its URL is immutable.
const newRequest = new Request(
url.toString(),
new Request(request, newRequestInit),
);
// Set headers using method
newRequest.headers.set("X-Example", "bar");
newRequest.headers.set("Content-Type", "application/json");
try {
return await fetch(newRequest);
} catch (e) {
return new Response(JSON.stringify({ error: e.message }), {
status: 500,
});
}
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* Example someHost is set up to return raw JSON
* @param {string} someUrl the URL to send the request to, since we are setting hostname too only path is applied
* @param {string} someHost the host the request will resolve too
*/
const someHost = "example.com";
const someUrl = "https://foo.example.com/api.js";
/**
* The best practice is to only assign new RequestInit properties
* on the request object using either a method or the constructor
*/
const newRequestInit = {
// Change method
method: "POST",
// Change body
body: JSON.stringify({ bar: "foo" }),
// Change the redirect mode.
redirect: "follow",
// Change headers, note this method will erase existing headers
headers: {
"Content-Type": "application/json",
},
// Change a Cloudflare feature on the outbound response
cf: { apps: false },
};
// Change just the host
const url = new URL(someUrl);
url.hostname = someHost;
// Best practice is to always use the original request to construct the new request
// to clone all the attributes. Applying the URL also requires a constructor
// since once a Request has been constructed, its URL is immutable.
const newRequest = new Request(
url.toString(),
new Request(request, newRequestInit),
);
// Set headers using method
newRequest.headers.set("X-Example", "bar");
newRequest.headers.set("Content-Type", "application/json");
try {
return await fetch(newRequest);
} catch (e) {
return new Response(JSON.stringify({ error: e.message }), {
status: 500,
});
}
},
} satisfies ExportedHandler;
```
```py
import json
from pyodide.ffi import to_js as _to_js
from js import Object, URL, Request, fetch, Response
def to_js(obj):
return _to_js(obj, dict_converter=Object.fromEntries)
async def on_fetch(request):
some_host = "example.com"
some_url = "https://foo.example.com/api.js"
# The best practice is to only assign new_request_init properties
# on the request object using either a method or the constructor
new_request_init = {
"method": "POST", # Change method
"body": json.dumps({ "bar": "foo" }), # Change body
"redirect": "follow", # Change the redirect mode
# Change headers, note this method will erase existing headers
"headers": {
"Content-Type": "application/json",
},
# Change a Cloudflare feature on the outbound response
"cf": { "apps": False },
}
# Change just the host
url = URL.new(some_url)
url.hostname = some_host
# Best practice is to always use the original request to construct the new request
# to clone all the attributes. Applying the URL also requires a constructor
# since once a Request has been constructed, its URL is immutable.
org_request = Request.new(request, new_request_init)
new_request = Request.new(url.toString(),org_request)
new_request.headers["X-Example"] = "bar"
new_request.headers["Content-Type"] = "application/json"
try:
return await fetch(new_request)
except Exception as e:
return Response.new({"error": str(e)}, status=500)
```
```ts
import { Hono } from "hono";
const app = new Hono();
app.all("*", async (c) => {
/**
* Example someHost is set up to return raw JSON
*/
const someHost = "example.com";
const someUrl = "https://foo.example.com/api.js";
// Create a URL object to modify the hostname
const url = new URL(someUrl);
url.hostname = someHost;
// Create a new request
// First create a clone of the original request with the new properties
const requestClone = new Request(c.req.raw, {
// Change method
method: "POST",
// Change body
body: JSON.stringify({ bar: "foo" }),
// Change the redirect mode
redirect: "follow" as RequestRedirect,
// Change headers, note this method will erase existing headers
headers: {
"Content-Type": "application/json",
"X-Example": "bar",
},
// Change a Cloudflare feature on the outbound response
cf: { apps: false },
});
// Then create a new request with the modified URL
const newRequest = new Request(url.toString(), requestClone);
// Send the modified request
const response = await fetch(newRequest);
// Return the response
return response;
});
// Handle errors
app.onError((err, c) => {
return err.getResponse();
});
export default app;
```
---
# Modify response
URL: https://developers.cloudflare.com/workers/examples/modify-response/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/modify-response)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
/**
* @param {string} headerNameSrc Header to get the new value from
* @param {string} headerNameDst Header to set based off of value in src
*/
const headerNameSrc = "foo"; //"Orig-Header"
const headerNameDst = "Last-Modified";
/**
* Response properties are immutable. To change them, construct a new
* Response and pass modified status or statusText in the ResponseInit
* object. Response headers can be modified through the headers `set` method.
*/
const originalResponse = await fetch(request);
// Change status and statusText, but preserve body and headers
let response = new Response(originalResponse.body, {
status: 500,
statusText: "some message",
headers: originalResponse.headers,
});
// Change response body by adding the foo prop
const originalBody = await originalResponse.json();
const body = JSON.stringify({ foo: "bar", ...originalBody });
response = new Response(body, response);
// Add a header using set method
response.headers.set("foo", "bar");
// Set destination header to the value of the source header
const src = response.headers.get(headerNameSrc);
if (src != null) {
response.headers.set(headerNameDst, src);
console.log(
`Response header "${headerNameDst}" was set to "${response.headers.get(
headerNameDst,
)}"`,
);
}
return response;
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* @param {string} headerNameSrc Header to get the new value from
* @param {string} headerNameDst Header to set based off of value in src
*/
const headerNameSrc = "foo"; //"Orig-Header"
const headerNameDst = "Last-Modified";
/**
* Response properties are immutable. To change them, construct a new
* Response and pass modified status or statusText in the ResponseInit
* object. Response headers can be modified through the headers `set` method.
*/
const originalResponse = await fetch(request);
// Change status and statusText, but preserve body and headers
let response = new Response(originalResponse.body, {
status: 500,
statusText: "some message",
headers: originalResponse.headers,
});
// Change response body by adding the foo prop
const originalBody = await originalResponse.json();
const body = JSON.stringify({ foo: "bar", ...originalBody });
response = new Response(body, response);
// Add a header using set method
response.headers.set("foo", "bar");
// Set destination header to the value of the source header
const src = response.headers.get(headerNameSrc);
if (src != null) {
response.headers.set(headerNameDst, src);
console.log(
`Response header "${headerNameDst}" was set to "${response.headers.get(
headerNameDst,
)}"`,
);
}
return response;
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
import json
async def on_fetch(request):
header_name_src = "foo" # Header to get the new value from
header_name_dst = "Last-Modified" # Header to set based off of value in src
# Response properties are immutable. To change them, construct a new response
original_response = await fetch(request)
# Change status and statusText, but preserve body and headers
response = Response(original_response.body, status=500, status_text="some message", headers=original_response.headers)
# Change response body by adding the foo prop
new_body = await original_response.json()
new_body["foo"] = "bar"
response.replace_body(json.dumps(new_body))
# Add a new header
response.headers["foo"] = "bar"
# Set destination header to the value of the source header
src = response.headers[header_name_src]
if src is not None:
response.headers[header_name_dst] = src
print(f'Response header {header_name_dst} was set to {response.headers[header_name_dst]}')
return response
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.get('*', async (c) => {
/**
* Header configuration
*/
const headerNameSrc = "foo"; // Header to get the new value from
const headerNameDst = "Last-Modified"; // Header to set based off of value in src
/**
* Response properties are immutable. With Hono, we can modify the response
* by creating custom response objects.
*/
const originalResponse = await fetch(c.req.raw);
// Get the JSON body from the original response
const originalBody = await originalResponse.json();
// Modify the body by adding a new property
const modifiedBody = {
foo: "bar",
...originalBody
};
// Create a new custom response with modified status, headers, and body
const response = new Response(JSON.stringify(modifiedBody), {
status: 500,
statusText: "some message",
headers: originalResponse.headers,
});
// Add a header using set method
response.headers.set("foo", "bar");
// Set destination header to the value of the source header
const src = response.headers.get(headerNameSrc);
if (src != null) {
response.headers.set(headerNameDst, src);
console.log(
`Response header "${headerNameDst}" was set to "${response.headers.get(headerNameDst)}"`
);
}
return response;
});
export default app;
```
---
# Multiple Cron Triggers
URL: https://developers.cloudflare.com/workers/examples/multiple-cron-triggers/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/multiple-cron-triggers)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async scheduled(event, env, ctx) {
// Write code for updating your API
switch (event.cron) {
case "*/3 * * * *":
// Every three minutes
await updateAPI();
break;
case "*/10 * * * *":
// Every ten minutes
await updateAPI2();
break;
case "*/45 * * * *":
// Every forty-five minutes
await updateAPI3();
break;
}
console.log("cron processed");
},
};
```
```ts
interface Env {}
export default {
async scheduled(
controller: ScheduledController,
env: Env,
ctx: ExecutionContext,
) {
// Write code for updating your API
switch (controller.cron) {
case "*/3 * * * *":
// Every three minutes
await updateAPI();
break;
case "*/10 * * * *":
// Every ten minutes
await updateAPI2();
break;
case "*/45 * * * *":
// Every forty-five minutes
await updateAPI3();
break;
}
console.log("cron processed");
},
};
```
```ts
import { Hono } from "hono";
interface Env {}
// Create Hono app
const app = new Hono<{ Bindings: Env }>();
// Regular routes for normal HTTP requests
app.get("/", (c) => c.text("Multiple Cron Trigger Example"));
// Export both the app and a scheduled function
export default {
// The Hono app handles regular HTTP requests
fetch: app.fetch,
// The scheduled function handles Cron triggers
async scheduled(
controller: ScheduledController,
env: Env,
ctx: ExecutionContext,
) {
// Check which cron schedule triggered this execution
switch (controller.cron) {
case "*/3 * * * *":
// Every three minutes
await updateAPI();
break;
case "*/10 * * * *":
// Every ten minutes
await updateAPI2();
break;
case "*/45 * * * *":
// Every forty-five minutes
await updateAPI3();
break;
}
console.log("cron processed");
},
};
```
## Test Cron Triggers using Wrangler
The recommended way of testing Cron Triggers is using Wrangler.
Cron Triggers can be tested using Wrangler by passing in the `--test-scheduled` flag to [`wrangler dev`](/workers/wrangler/commands/#dev). This will expose a `/__scheduled` (or `/cdn-cgi/handler/scheduled` for Python Workers) route which can be used to test using a HTTP request. To simulate different cron patterns, a `cron` query parameter can be passed in.
```sh
npx wrangler dev --test-scheduled
curl "http://localhost:8787/__scheduled?cron=*%2F3+*+*+*+*"
curl "http://localhost:8787/cdn-cgi/handler/scheduled?cron=*+*+*+*+*" # Python Workers
```
---
# Stream OpenAI API Responses
URL: https://developers.cloudflare.com/workers/examples/openai-sdk-streaming/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/openai-sdk-streaming)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
In order to run this code, you must install the OpenAI SDK by running `npm i openai`.
:::note
For analytics, caching, rate limiting, and more, you can also send requests like this through Cloudflare's [AI Gateway](/ai-gateway/providers/openai/).
:::
```ts
import OpenAI from "openai";
export default {
async fetch(request, env, ctx): Promise {
const openai = new OpenAI({
apiKey: env.OPENAI_API_KEY,
});
// Create a TransformStream to handle streaming data
let { readable, writable } = new TransformStream();
let writer = writable.getWriter();
const textEncoder = new TextEncoder();
ctx.waitUntil(
(async () => {
const stream = await openai.chat.completions.create({
model: "gpt-4o-mini",
messages: [{ role: "user", content: "Tell me a story" }],
stream: true,
});
// loop over the data as it is streamed and write to the writeable
for await (const part of stream) {
writer.write(
textEncoder.encode(part.choices[0]?.delta?.content || ""),
);
}
writer.close();
})(),
);
// Send the readable back to the browser
return new Response(readable);
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
import { streamText } from "hono/streaming";
import OpenAI from "openai";
interface Env {
OPENAI_API_KEY: string;
}
const app = new Hono<{ Bindings: Env }>();
app.get("*", async (c) => {
const openai = new OpenAI({
apiKey: c.env.OPENAI_API_KEY,
});
const chatStream = await openai.chat.completions.create({
model: "gpt-4o-mini",
messages: [{ role: "user", content: "Tell me a story" }],
stream: true,
});
return streamText(c, async (stream) => {
for await (const message of chatStream) {
await stream.write(message.choices[0].delta.content || "");
}
stream.close();
});
});
export default app;
```
---
# Post JSON
URL: https://developers.cloudflare.com/workers/examples/post-json/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/post-json)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
/**
* Example someHost is set up to take in a JSON request
* Replace url with the host you wish to send requests to
* @param {string} url the URL to send the request to
* @param {BodyInit} body the JSON data to send in the request
*/
const someHost = "https://examples.cloudflareworkers.com/demos";
const url = someHost + "/requests/json";
const body = {
results: ["default data to send"],
errors: null,
msg: "I sent this to the fetch",
};
/**
* gatherResponse awaits and returns a response body as a string.
* Use await gatherResponse(..) in an async function to get the response body
* @param {Response} response
*/
async function gatherResponse(response) {
const { headers } = response;
const contentType = headers.get("content-type") || "";
if (contentType.includes("application/json")) {
return JSON.stringify(await response.json());
} else if (contentType.includes("application/text")) {
return response.text();
} else if (contentType.includes("text/html")) {
return response.text();
} else {
return response.text();
}
}
const init = {
body: JSON.stringify(body),
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
},
};
const response = await fetch(url, init);
const results = await gatherResponse(response);
return new Response(results, init);
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* Example someHost is set up to take in a JSON request
* Replace url with the host you wish to send requests to
* @param {string} url the URL to send the request to
* @param {BodyInit} body the JSON data to send in the request
*/
const someHost = "https://examples.cloudflareworkers.com/demos";
const url = someHost + "/requests/json";
const body = {
results: ["default data to send"],
errors: null,
msg: "I sent this to the fetch",
};
/**
* gatherResponse awaits and returns a response body as a string.
* Use await gatherResponse(..) in an async function to get the response body
* @param {Response} response
*/
async function gatherResponse(response) {
const { headers } = response;
const contentType = headers.get("content-type") || "";
if (contentType.includes("application/json")) {
return JSON.stringify(await response.json());
} else if (contentType.includes("application/text")) {
return response.text();
} else if (contentType.includes("text/html")) {
return response.text();
} else {
return response.text();
}
}
const init = {
body: JSON.stringify(body),
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
},
};
const response = await fetch(url, init);
const results = await gatherResponse(response);
return new Response(results, init);
},
} satisfies ExportedHandler;
```
```py
import json
from pyodide.ffi import to_js as _to_js
from js import Object, fetch, Response, Headers
def to_js(obj):
return _to_js(obj, dict_converter=Object.fromEntries)
# gather_response returns both content-type & response body as a string
async def gather_response(response):
headers = response.headers
content_type = headers["content-type"] or ""
if "application/json" in content_type:
return (content_type, json.dumps(dict(await response.json())))
return (content_type, await response.text())
async def on_fetch(_request):
url = "https://jsonplaceholder.typicode.com/todos/1"
body = {
"results": ["default data to send"],
"errors": None,
"msg": "I sent this to the fetch",
}
options = {
"body": json.dumps(body),
"method": "POST",
"headers": {
"content-type": "application/json;charset=UTF-8",
},
}
response = await fetch(url, to_js(options))
content_type, result = await gather_response(response)
headers = Headers.new({"content-type": content_type}.items())
return Response.new(result, headers=headers)
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.get('*', async (c) => {
/**
* Example someHost is set up to take in a JSON request
* Replace url with the host you wish to send requests to
*/
const someHost = "https://examples.cloudflareworkers.com/demos";
const url = someHost + "/requests/json";
const body = {
results: ["default data to send"],
errors: null,
msg: "I sent this to the fetch",
};
/**
* gatherResponse awaits and returns a response body as a string.
* Use await gatherResponse(..) in an async function to get the response body
*/
async function gatherResponse(response: Response) {
const { headers } = response;
const contentType = headers.get("content-type") || "";
if (contentType.includes("application/json")) {
return { contentType, result: JSON.stringify(await response.json()) };
} else if (contentType.includes("application/text")) {
return { contentType, result: await response.text() };
} else if (contentType.includes("text/html")) {
return { contentType, result: await response.text() };
} else {
return { contentType, result: await response.text() };
}
}
const init = {
body: JSON.stringify(body),
method: "POST",
headers: {
"content-type": "application/json;charset=UTF-8",
},
};
const response = await fetch(url, init);
const { contentType, result } = await gatherResponse(response);
return new Response(result, {
headers: {
"content-type": contentType,
},
});
});
export default app;
```
---
# Using timingSafeEqual
URL: https://developers.cloudflare.com/workers/examples/protect-against-timing-attacks/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/protect-against-timing-attacks)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
The [`crypto.subtle.timingSafeEqual`](/workers/runtime-apis/web-crypto/#timingsafeequal) function compares two values using a constant-time algorithm. The time taken is independent of the contents of the values.
When strings are compared using the equality operator (`==` or `===`), the comparison will end at the first mismatched character. By using `timingSafeEqual`, an attacker would not be able to use timing to find where at which point in the two strings there is a difference.
The `timingSafeEqual` function takes two `ArrayBuffer` or `TypedArray` values to compare. These buffers must be of equal length, otherwise an exception is thrown.
Note that this function is not constant time with respect to the length of the parameters and also does not guarantee constant time for the surrounding code.
Handling of secrets should be taken with care to not introduce timing side channels.
In order to compare two strings, you must use the [`TextEncoder`](/workers/runtime-apis/encoding/#textencoder) API.
```ts
interface Environment {
MY_SECRET_VALUE?: string;
}
export default {
async fetch(req: Request, env: Environment) {
if (!env.MY_SECRET_VALUE) {
return new Response("Missing secret binding", { status: 500 });
}
const authToken = req.headers.get("Authorization") || "";
if (authToken.length !== env.MY_SECRET_VALUE.length) {
return new Response("Unauthorized", { status: 401 });
}
const encoder = new TextEncoder();
const a = encoder.encode(authToken);
const b = encoder.encode(env.MY_SECRET_VALUE);
if (a.byteLength !== b.byteLength) {
return new Response("Unauthorized", { status: 401 });
}
if (!crypto.subtle.timingSafeEqual(a, b)) {
return new Response("Unauthorized", { status: 401 });
}
return new Response("Welcome!");
},
};
```
```py
from workers import Response
from js import TextEncoder, crypto
async def on_fetch(request, env):
auth_token = request.headers["Authorization"] or ""
secret = env.MY_SECRET_VALUE
if secret is None:
return Response("Missing secret binding", status=500)
if len(auth_token) != len(secret):
return Response("Unauthorized", status=401)
encoder = TextEncoder.new()
a = encoder.encode(auth_token)
b = encoder.encode(secret)
if a.byteLength != b.byteLength:
return Response("Unauthorized", status=401)
if not crypto.subtle.timingSafeEqual(a, b):
return Response("Unauthorized", status=401)
return Response("Welcome!")
```
```ts
import { Hono } from 'hono';
interface Environment {
Bindings: {
MY_SECRET_VALUE?: string;
}
}
const app = new Hono();
// Middleware to handle authentication with timing-safe comparison
app.use('*', async (c, next) => {
const secret = c.env.MY_SECRET_VALUE;
if (!secret) {
return c.text("Missing secret binding", 500);
}
const authToken = c.req.header("Authorization") || "";
// Early length check to avoid unnecessary processing
if (authToken.length !== secret.length) {
return c.text("Unauthorized", 401);
}
const encoder = new TextEncoder();
const a = encoder.encode(authToken);
const b = encoder.encode(secret);
if (a.byteLength !== b.byteLength) {
return c.text("Unauthorized", 401);
}
// Perform timing-safe comparison
if (!crypto.subtle.timingSafeEqual(a, b)) {
return c.text("Unauthorized", 401);
}
// If we got here, the auth token is valid
await next();
});
// Protected route
app.get('*', (c) => {
return c.text("Welcome!");
});
export default app;
```
---
# Read POST
URL: https://developers.cloudflare.com/workers/examples/read-post/
import { TabItem, Tabs, Render } from "~/components";
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/read-post)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
```js
export default {
async fetch(request) {
/**
* rawHtmlResponse returns HTML inputted directly
* into the worker script
* @param {string} html
*/
function rawHtmlResponse(html) {
return new Response(html, {
headers: {
"content-type": "text/html;charset=UTF-8",
},
});
}
/**
* readRequestBody reads in the incoming request body
* Use await readRequestBody(..) in an async function to get the string
* @param {Request} request the incoming request to read from
*/
async function readRequestBody(request) {
const contentType = request.headers.get("content-type");
if (contentType.includes("application/json")) {
return JSON.stringify(await request.json());
} else if (contentType.includes("application/text")) {
return request.text();
} else if (contentType.includes("text/html")) {
return request.text();
} else if (contentType.includes("form")) {
const formData = await request.formData();
const body = {};
for (const entry of formData.entries()) {
body[entry[0]] = entry[1];
}
return JSON.stringify(body);
} else {
// Perhaps some other type of data was submitted in the form
// like an image, or some other binary data.
return "a file";
}
}
const { url } = request;
if (url.includes("form")) {
return rawHtmlResponse(someForm);
}
if (request.method === "POST") {
const reqBody = await readRequestBody(request);
const retBody = `The request body sent in was ${reqBody}`;
return new Response(retBody);
} else if (request.method === "GET") {
return new Response("The request was a GET");
}
},
};
```
```ts
export default {
async fetch(request): Promise {
/**
* rawHtmlResponse returns HTML inputted directly
* into the worker script
* @param {string} html
*/
function rawHtmlResponse(html) {
return new Response(html, {
headers: {
"content-type": "text/html;charset=UTF-8",
},
});
}
/**
* readRequestBody reads in the incoming request body
* Use await readRequestBody(..) in an async function to get the string
* @param {Request} request the incoming request to read from
*/
async function readRequestBody(request: Request) {
const contentType = request.headers.get("content-type");
if (contentType.includes("application/json")) {
return JSON.stringify(await request.json());
} else if (contentType.includes("application/text")) {
return request.text();
} else if (contentType.includes("text/html")) {
return request.text();
} else if (contentType.includes("form")) {
const formData = await request.formData();
const body = {};
for (const entry of formData.entries()) {
body[entry[0]] = entry[1];
}
return JSON.stringify(body);
} else {
// Perhaps some other type of data was submitted in the form
// like an image, or some other binary data.
return "a file";
}
}
const { url } = request;
if (url.includes("form")) {
return rawHtmlResponse(someForm);
}
if (request.method === "POST") {
const reqBody = await readRequestBody(request);
const retBody = `The request body sent in was ${reqBody}`;
return new Response(retBody);
} else if (request.method === "GET") {
return new Response("The request was a GET");
}
},
} satisfies ExportedHandler;
```
```py
from js import Object, Response, Headers, JSON
async def read_request_body(request):
headers = request.headers
content_type = headers["content-type"] or ""
if "application/json" in content_type:
return JSON.stringify(await request.json())
if "form" in content_type:
form = await request.formData()
data = Object.fromEntries(form.entries())
return JSON.stringify(data)
return await request.text()
async def on_fetch(request):
def raw_html_response(html):
headers = Headers.new({"content-type": "text/html;charset=UTF-8"}.items())
return Response.new(html, headers=headers)
if "form" in request.url:
return raw_html_response("")
if "POST" in request.method:
req_body = await read_request_body(request)
ret_body = f"The request body sent in was {req_body}"
return Response.new(ret_body)
return Response.new("The request was not POST")
```
```rs
use serde::{Deserialize, Serialize};
use worker::*;
fn raw_html_response(html: &str) -> Result {
Response::from_html(html)
}
#[derive(Deserialize, Serialize, Debug)]
struct Payload {
msg: String,
}
async fn read_request_body(mut req: Request) -> String {
let ctype = req.headers().get("content-type").unwrap().unwrap();
match ctype.as_str() {
"application/json" => format!("{:?}", req.json::().await.unwrap()),
"text/html" => req.text().await.unwrap(),
"multipart/form-data" => format!("{:?}", req.form_data().await.unwrap()),
_ => String::from("a file"),
}
}
#[event(fetch)]
async fn fetch(req: Request, _env: Env, _ctx: Context) -> Result {
if String::from(req.url()?).contains("form") {
return raw_html_response("some html form");
}
match req.method() {
Method::Post => {
let req_body = read_request_body(req).await;
Response::ok(format!("The request body sent in was {}", req_body))
}
_ => Response::ok(format!("The result was a {:?}", req.method())),
}
}
```
```ts
import { Hono } from "hono";
import { html } from "hono/html";
const app = new Hono();
/**
* readRequestBody reads in the incoming request body
* @param {Request} request the incoming request to read from
*/
async function readRequestBody(request: Request): Promise {
const contentType = request.headers.get("content-type") || "";
if (contentType.includes("application/json")) {
const body = await request.json();
return JSON.stringify(body);
} else if (contentType.includes("application/text")) {
return request.text();
} else if (contentType.includes("text/html")) {
return request.text();
} else if (contentType.includes("form")) {
const formData = await request.formData();
const body: Record = {};
for (const [key, value] of formData.entries()) {
body[key] = value.toString();
}
return JSON.stringify(body);
} else {
// Perhaps some other type of data was submitted in the form
// like an image, or some other binary data.
return "a file";
}
}
const someForm = html`
`;
app.get("*", async (c) => {
const url = c.req.url;
if (url.includes("form")) {
return c.html(someForm);
}
return c.text("The request was a GET");
});
app.post("*", async (c) => {
const reqBody = await readRequestBody(c.req.raw);
const retBody = `The request body sent in was ${reqBody}`;
return c.text(retBody);
});
export default app;
```
---
# Redirect
URL: https://developers.cloudflare.com/workers/examples/redirect/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/redirect)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { Render, TabItem, Tabs } from "~/components";
## Redirect all requests to one URL
```ts
export default {
async fetch(request): Promise {
const destinationURL = "https://example.com";
const statusCode = 301;
return Response.redirect(destinationURL, statusCode);
},
} satisfies ExportedHandler;
```
```py
from workers import Response
def on_fetch(request):
destinationURL = "https://example.com"
statusCode = 301
return Response.redirect(destinationURL, statusCode)
```
```rs
use worker::*;
#[event(fetch)]
async fn fetch(_req: Request, _env: Env, _ctx: Context) -> Result {
let destination_url = Url::parse("https://example.com")?;
let status_code = 301;
Response::redirect_with_status(destination_url, status_code)
}
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.all('*', (c) => {
const destinationURL = "https://example.com";
const statusCode = 301;
return c.redirect(destinationURL, statusCode);
});
export default app;
```
## Redirect requests from one domain to another
```js
export default {
async fetch(request) {
const base = "https://example.com";
const statusCode = 301;
const url = new URL(request.url);
const { pathname, search } = url;
const destinationURL = `${base}${pathname}${search}`;
console.log(destinationURL);
return Response.redirect(destinationURL, statusCode);
},
};
```
```ts
export default {
async fetch(request): Promise {
const base = "https://example.com";
const statusCode = 301;
const url = new URL(request.url);
const { pathname, search } = url;
const destinationURL = `${base}${pathname}${search}`;
console.log(destinationURL);
return Response.redirect(destinationURL, statusCode);
},
} satisfies ExportedHandler;
```
```py
from workers import Response
from urllib.parse import urlparse
async def on_fetch(request):
base = "https://example.com"
statusCode = 301
url = urlparse(request.url)
destinationURL = f'{base}{url.path}{url.query}'
print(destinationURL)
return Response.redirect(destinationURL, statusCode)
```
```rs
use worker::*;
#[event(fetch)]
async fn fetch(req: Request, _env: Env, _ctx: Context) -> Result {
let mut base = Url::parse("https://example.com")?;
let status_code = 301;
let url = req.url()?;
base.set_path(url.path());
base.set_query(url.query());
console_log!("{:?}", base.to_string());
Response::redirect_with_status(base, status_code)
}
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.all('*', (c) => {
const base = "https://example.com";
const statusCode = 301;
const { pathname, search } = new URL(c.req.url);
const destinationURL = `${base}${pathname}${search}`;
console.log(destinationURL);
return c.redirect(destinationURL, statusCode);
});
export default app;
```
---
# Respond with another site
URL: https://developers.cloudflare.com/workers/examples/respond-with-another-site/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/respond-with-another-site)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { Render, TabItem, Tabs } from "~/components";
```ts
export default {
async fetch(request): Promise {
async function MethodNotAllowed(request) {
return new Response(`Method ${request.method} not allowed.`, {
status: 405,
headers: {
Allow: "GET",
},
});
}
// Only GET requests work with this proxy.
if (request.method !== "GET") return MethodNotAllowed(request);
return fetch(`https://example.com`);
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
def on_fetch(request):
def method_not_allowed(request):
msg = f'Method {request.method} not allowed.'
headers = {"Allow": "GET"}
return Response(msg, headers=headers, status=405)
# Only GET requests work with this proxy.
if request.method != "GET":
return method_not_allowed(request)
return fetch("https://example.com")
```
---
# Return small HTML page
URL: https://developers.cloudflare.com/workers/examples/return-html/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/return-html)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { Render, TabItem, Tabs } from "~/components";
```ts
export default {
async fetch(request): Promise {
const html = `
Hello World
This markup was generated by a Cloudflare Worker.
`;
return new Response(html, {
headers: {
"content-type": "text/html;charset=UTF-8",
},
});
},
} satisfies ExportedHandler;
```
```py
from workers import Response
def on_fetch(request):
html = """
Hello World
This markup was generated by a Cloudflare Worker.
"""
headers = {"content-type": "text/html;charset=UTF-8"}
return Response(html, headers=headers)
```
```rs
use worker::*;
#[event(fetch)]
async fn fetch(_req: Request, _env: Env, _ctx: Context) -> Result {
let html = r#"
Hello World
This markup was generated by a Cloudflare Worker.
"#;
Response::from_html(html)
}
```
```ts
import { Hono } from "hono";
import { html } from "hono/html";
const app = new Hono();
app.get("*", (c) => {
const doc = html`
Hello World
This markup was generated by a Cloudflare Worker with Hono.
`;
return c.html(doc);
});
export default app;
```
---
# Return JSON
URL: https://developers.cloudflare.com/workers/examples/return-json/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/return-json)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { Render, TabItem, Tabs } from "~/components";
```ts
export default {
async fetch(request): Promise {
const data = {
hello: "world",
};
return Response.json(data);
},
} satisfies ExportedHandler;
```
```py
from workers import Response
import json
def on_fetch(request):
data = json.dumps({"hello": "world"})
headers = {"content-type": "application/json"}
return Response(data, headers=headers)
```
```rs
use serde::{Deserialize, Serialize};
use worker::*;
#[derive(Deserialize, Serialize, Debug)]
struct Json {
hello: String,
}
#[event(fetch)]
async fn fetch(_req: Request, _env: Env, _ctx: Context) -> Result {
let data = Json {
hello: String::from("world"),
};
Response::from_json(&data)
}
```
```ts
import { Hono } from 'hono';
const app = new Hono();
app.get('*', (c) => {
const data = {
hello: "world",
};
return c.json(data);
});
export default app;
```
---
# Rewrite links
URL: https://developers.cloudflare.com/workers/examples/rewrite-links/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/rewrite-links)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const OLD_URL = "developer.mozilla.org";
const NEW_URL = "mynewdomain.com";
class AttributeRewriter {
constructor(attributeName) {
this.attributeName = attributeName;
}
element(element) {
const attribute = element.getAttribute(this.attributeName);
if (attribute) {
element.setAttribute(
this.attributeName,
attribute.replace(OLD_URL, NEW_URL),
);
}
}
}
const rewriter = new HTMLRewriter()
.on("a", new AttributeRewriter("href"))
.on("img", new AttributeRewriter("src"));
const res = await fetch(request);
const contentType = res.headers.get("Content-Type");
// If the response is HTML, it can be transformed with
// HTMLRewriter -- otherwise, it should pass through
if (contentType.startsWith("text/html")) {
return rewriter.transform(res);
} else {
return res;
}
},
};
```
```ts
export default {
async fetch(request): Promise {
const OLD_URL = "developer.mozilla.org";
const NEW_URL = "mynewdomain.com";
class AttributeRewriter {
constructor(attributeName) {
this.attributeName = attributeName;
}
element(element) {
const attribute = element.getAttribute(this.attributeName);
if (attribute) {
element.setAttribute(
this.attributeName,
attribute.replace(OLD_URL, NEW_URL),
);
}
}
}
const rewriter = new HTMLRewriter()
.on("a", new AttributeRewriter("href"))
.on("img", new AttributeRewriter("src"));
const res = await fetch(request);
const contentType = res.headers.get("Content-Type");
// If the response is HTML, it can be transformed with
// HTMLRewriter -- otherwise, it should pass through
if (contentType.startsWith("text/html")) {
return rewriter.transform(res);
} else {
return res;
}
},
} satisfies ExportedHandler;
```
```py
from pyodide.ffi import create_proxy
from js import HTMLRewriter, fetch
async def on_fetch(request):
old_url = "developer.mozilla.org"
new_url = "mynewdomain.com"
class AttributeRewriter:
def __init__(self, attr_name):
self.attr_name = attr_name
def element(self, element):
attr = element.getAttribute(self.attr_name)
if attr:
element.setAttribute(self.attr_name, attr.replace(old_url, new_url))
href = create_proxy(AttributeRewriter("href"))
src = create_proxy(AttributeRewriter("src"))
rewriter = HTMLRewriter.new().on("a", href).on("img", src)
res = await fetch(request)
content_type = res.headers["Content-Type"]
# If the response is HTML, it can be transformed with
# HTMLRewriter -- otherwise, it should pass through
if content_type.startswith("text/html"):
return rewriter.transform(res)
return res
```
```ts
import { Hono } from 'hono';
import { html } from 'hono/html';
const app = new Hono();
app.get('*', async (c) => {
const OLD_URL = "developer.mozilla.org";
const NEW_URL = "mynewdomain.com";
class AttributeRewriter {
attributeName: string;
constructor(attributeName: string) {
this.attributeName = attributeName;
}
element(element: Element) {
const attribute = element.getAttribute(this.attributeName);
if (attribute) {
element.setAttribute(
this.attributeName,
attribute.replace(OLD_URL, NEW_URL)
);
}
}
}
// Make a fetch request using the original request
const res = await fetch(c.req.raw);
const contentType = res.headers.get("Content-Type") || "";
// If the response is HTML, transform it with HTMLRewriter
if (contentType.startsWith("text/html")) {
const rewriter = new HTMLRewriter()
.on("a", new AttributeRewriter("href"))
.on("img", new AttributeRewriter("src"));
return new Response(rewriter.transform(res).body, {
headers: res.headers
});
} else {
// Pass through the response as is
return res;
}
});
export default app;
```
---
# Set security headers
URL: https://developers.cloudflare.com/workers/examples/security-headers/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/security-headers)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
```js
export default {
async fetch(request) {
const DEFAULT_SECURITY_HEADERS = {
/*
Secure your application with Content-Security-Policy headers.
Enabling these headers will permit content from a trusted domain and all its subdomains.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
"Content-Security-Policy": "default-src 'self' example.com *.example.com",
*/
/*
You can also set Strict-Transport-Security headers.
These are not automatically set because your website might get added to Chrome's HSTS preload list.
Here's the code if you want to apply it:
"Strict-Transport-Security" : "max-age=63072000; includeSubDomains; preload",
*/
/*
Permissions-Policy header provides the ability to allow or deny the use of browser features, such as opting out of FLoC - which you can use below:
"Permissions-Policy": "interest-cohort=()",
*/
/*
X-XSS-Protection header prevents a page from loading if an XSS attack is detected.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection
*/
"X-XSS-Protection": "0",
/*
X-Frame-Options header prevents click-jacking attacks.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options
*/
"X-Frame-Options": "DENY",
/*
X-Content-Type-Options header prevents MIME-sniffing.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
*/
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "strict-origin-when-cross-origin",
"Cross-Origin-Embedder-Policy": 'require-corp; report-to="default";',
"Cross-Origin-Opener-Policy": 'same-site; report-to="default";',
"Cross-Origin-Resource-Policy": "same-site",
};
const BLOCKED_HEADERS = [
"Public-Key-Pins",
"X-Powered-By",
"X-AspNet-Version",
];
let response = await fetch(request);
let newHeaders = new Headers(response.headers);
const tlsVersion = request.cf.tlsVersion;
console.log(tlsVersion);
// This sets the headers for HTML responses:
if (
newHeaders.has("Content-Type") &&
!newHeaders.get("Content-Type").includes("text/html")
) {
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHeaders,
});
}
Object.keys(DEFAULT_SECURITY_HEADERS).map((name) => {
newHeaders.set(name, DEFAULT_SECURITY_HEADERS[name]);
});
BLOCKED_HEADERS.forEach((name) => {
newHeaders.delete(name);
});
if (tlsVersion !== "TLSv1.2" && tlsVersion !== "TLSv1.3") {
return new Response("You need to use TLS version 1.2 or higher.", {
status: 400,
});
} else {
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHeaders,
});
}
},
};
```
```ts
export default {
async fetch(request): Promise {
const DEFAULT_SECURITY_HEADERS = {
/*
Secure your application with Content-Security-Policy headers.
Enabling these headers will permit content from a trusted domain and all its subdomains.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
"Content-Security-Policy": "default-src 'self' example.com *.example.com",
*/
/*
You can also set Strict-Transport-Security headers.
These are not automatically set because your website might get added to Chrome's HSTS preload list.
Here's the code if you want to apply it:
"Strict-Transport-Security" : "max-age=63072000; includeSubDomains; preload",
*/
/*
Permissions-Policy header provides the ability to allow or deny the use of browser features, such as opting out of FLoC - which you can use below:
"Permissions-Policy": "interest-cohort=()",
*/
/*
X-XSS-Protection header prevents a page from loading if an XSS attack is detected.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection
*/
"X-XSS-Protection": "0",
/*
X-Frame-Options header prevents click-jacking attacks.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options
*/
"X-Frame-Options": "DENY",
/*
X-Content-Type-Options header prevents MIME-sniffing.
@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
*/
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "strict-origin-when-cross-origin",
"Cross-Origin-Embedder-Policy": 'require-corp; report-to="default";',
"Cross-Origin-Opener-Policy": 'same-site; report-to="default";',
"Cross-Origin-Resource-Policy": "same-site",
};
const BLOCKED_HEADERS = [
"Public-Key-Pins",
"X-Powered-By",
"X-AspNet-Version",
];
let response = await fetch(request);
let newHeaders = new Headers(response.headers);
const tlsVersion = request.cf.tlsVersion;
console.log(tlsVersion);
// This sets the headers for HTML responses:
if (
newHeaders.has("Content-Type") &&
!newHeaders.get("Content-Type").includes("text/html")
) {
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHeaders,
});
}
Object.keys(DEFAULT_SECURITY_HEADERS).map((name) => {
newHeaders.set(name, DEFAULT_SECURITY_HEADERS[name]);
});
BLOCKED_HEADERS.forEach((name) => {
newHeaders.delete(name);
});
if (tlsVersion !== "TLSv1.2" && tlsVersion !== "TLSv1.3") {
return new Response("You need to use TLS version 1.2 or higher.", {
status: 400,
});
} else {
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHeaders,
});
}
},
} satisfies ExportedHandler;
```
```py
from workers import Response, fetch
async def on_fetch(request):
default_security_headers = {
# Secure your application with Content-Security-Policy headers.
#Enabling these headers will permit content from a trusted domain and all its subdomains.
#@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
"Content-Security-Policy": "default-src 'self' example.com *.example.com",
#You can also set Strict-Transport-Security headers.
#These are not automatically set because your website might get added to Chrome's HSTS preload list.
#Here's the code if you want to apply it:
"Strict-Transport-Security" : "max-age=63072000; includeSubDomains; preload",
#Permissions-Policy header provides the ability to allow or deny the use of browser features, such as opting out of FLoC - which you can use below:
"Permissions-Policy": "interest-cohort=()",
#X-XSS-Protection header prevents a page from loading if an XSS attack is detected.
#@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection
"X-XSS-Protection": "0",
#X-Frame-Options header prevents click-jacking attacks.
#@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options
"X-Frame-Options": "DENY",
#X-Content-Type-Options header prevents MIME-sniffing.
#@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "strict-origin-when-cross-origin",
"Cross-Origin-Embedder-Policy": 'require-corp; report-to="default";',
"Cross-Origin-Opener-Policy": 'same-site; report-to="default";',
"Cross-Origin-Resource-Policy": "same-site",
}
blocked_headers = ["Public-Key-Pins", "X-Powered-By" ,"X-AspNet-Version"]
res = await fetch(request)
new_headers = res.headers
# This sets the headers for HTML responses
if "text/html" in new_headers["Content-Type"]:
return Response(res.body, status=res.status, statusText=res.statusText, headers=new_headers)
for name in default_security_headers:
new_headers[name] = default_security_headers[name]
for name in blocked_headers:
del new_headers["name"]
tls = request.cf.tlsVersion
if not tls in ("TLSv1.2", "TLSv1.3"):
return Response("You need to use TLS version 1.2 or higher.", status=400)
return Response(res.body, status=res.status, statusText=res.statusText, headers=new_headers)
```
```rs
use std::collections::HashMap;
use worker::*;
#[event(fetch)]
async fn fetch(req: Request, _env: Env, _ctx: Context) -> Result {
let default_security_headers = HashMap::from([
//Secure your application with Content-Security-Policy headers.
//Enabling these headers will permit content from a trusted domain and all its subdomains.
//@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
(
"Content-Security-Policy",
"default-src 'self' example.com *.example.com",
),
//You can also set Strict-Transport-Security headers.
//These are not automatically set because your website might get added to Chrome's HSTS preload list.
//Here's the code if you want to apply it:
(
"Strict-Transport-Security",
"max-age=63072000; includeSubDomains; preload",
),
//Permissions-Policy header provides the ability to allow or deny the use of browser features, such as opting out of FLoC - which you can use below:
("Permissions-Policy", "interest-cohort=()"),
//X-XSS-Protection header prevents a page from loading if an XSS attack is detected.
//@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-XSS-Protection
("X-XSS-Protection", "0"),
//X-Frame-Options header prevents click-jacking attacks.
//@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options
("X-Frame-Options", "DENY"),
//X-Content-Type-Options header prevents MIME-sniffing.
//@see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
("X-Content-Type-Options", "nosniff"),
("Referrer-Policy", "strict-origin-when-cross-origin"),
(
"Cross-Origin-Embedder-Policy",
"require-corp; report-to='default';",
),
(
"Cross-Origin-Opener-Policy",
"same-site; report-to='default';",
),
("Cross-Origin-Resource-Policy", "same-site"),
]);
let blocked_headers = ["Public-Key-Pins", "X-Powered-By", "X-AspNet-Version"];
let tls = req.cf().unwrap().tls_version();
let res = Fetch::Request(req).send().await?;
let mut new_headers = res.headers().clone();
// This sets the headers for HTML responses
if Some(String::from("text/html")) == new_headers.get("Content-Type")? {
return Ok(Response::from_body(res.body().clone())?
.with_headers(new_headers)
.with_status(res.status_code()));
}
for (k, v) in default_security_headers {
new_headers.set(k, v)?;
}
for k in blocked_headers {
new_headers.delete(k)?;
}
if !vec!["TLSv1.2", "TLSv1.3"].contains(&tls.as_str()) {
return Response::error("You need to use TLS version 1.2 or higher.", 400);
}
Ok(Response::from_body(res.body().clone())?
.with_headers(new_headers)
.with_status(res.status_code()))
}
````
```ts
import { Hono } from 'hono';
import { secureHeaders } from 'hono/secure-headers';
const app = new Hono();
app.use(secureHeaders());
// Handle all other requests by passing through to origin
app.all('*', async (c) => {
return fetch(c.req.raw);
});
export default app;
````
---
# Sign requests
URL: https://developers.cloudflare.com/workers/examples/signing-requests/
If you want to get started quickly, click on the button below.
[](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/docs-examples/tree/main/workers/signing-requests)
This creates a repository in your GitHub account and deploys the application to Cloudflare Workers.
import { TabItem, Tabs } from "~/components";
:::note
This example Worker makes use of the [Node.js Buffer API](/workers/runtime-apis/nodejs/buffer/), which is available as part of the Worker's runtime [Node.js compatibility mode](/workers/runtime-apis/nodejs/). To run this Worker, you will need to [enable the `nodejs_compat` compatibility flag](/workers/runtime-apis/nodejs/#get-started).
:::
You can both verify and generate signed requests from within a Worker using the [Web Crypto APIs](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle).
The following Worker will:
- For request URLs beginning with `/generate/`, replace `/generate/` with `/`, sign the resulting path with its timestamp, and return the full, signed URL in the response body.
- For all other request URLs, verify the signed URL and allow the request through.
```js
import { Buffer } from "node:buffer";
const encoder = new TextEncoder();
// How long an HMAC token should be valid for, in seconds
const EXPIRY = 60;
export default {
/**
*
* @param {Request} request
* @param {{SECRET_DATA: string}} env
* @returns
*/
async fetch(request, env) {
// You will need some secret data to use as a symmetric key. This should be
// attached to your Worker as an encrypted secret.
// Refer to https://developers.cloudflare.com/workers/configuration/secrets/
const secretKeyData = encoder.encode(
env.SECRET_DATA ?? "my secret symmetric key",
);
// Import your secret as a CryptoKey for both 'sign' and 'verify' operations
const key = await crypto.subtle.importKey(
"raw",
secretKeyData,
{ name: "HMAC", hash: "SHA-256" },
false,
["sign", "verify"],
);
const url = new URL(request.url);
// This is a demonstration Worker that allows unauthenticated access to /generate
// In a real application you would want to make sure that
// users could only generate signed URLs when authenticated
if (url.pathname.startsWith("/generate/")) {
url.pathname = url.pathname.replace("/generate/", "/");
const timestamp = Math.floor(Date.now() / 1000);
// This contains all the data about the request that you want to be able to verify
// Here we only sign the timestamp and the pathname, but often you will want to
// include more data (for instance, the URL hostname or query parameters)
const dataToAuthenticate = `${url.pathname}${timestamp}`;
const mac = await crypto.subtle.sign(
"HMAC",
key,
encoder.encode(dataToAuthenticate),
);
// Refer to https://developers.cloudflare.com/workers/runtime-apis/nodejs/
// for more details on using Node.js APIs in Workers
const base64Mac = Buffer.from(mac).toString("base64");
url.searchParams.set("verify", `${timestamp}-${base64Mac}`);
return new Response(`${url.pathname}${url.search}`);
// Verify all non /generate requests
} else {
// Make sure you have the minimum necessary query parameters.
if (!url.searchParams.has("verify")) {
return new Response("Missing query parameter", { status: 403 });
}
const [timestamp, hmac] = url.searchParams.get("verify").split("-");
const assertedTimestamp = Number(timestamp);
const dataToAuthenticate = `${url.pathname}${assertedTimestamp}`;
const receivedMac = Buffer.from(hmac, "base64");
// Use crypto.subtle.verify() to guard against timing attacks. Since HMACs use
// symmetric keys, you could implement this by calling crypto.subtle.sign() and
// then doing a string comparison -- this is insecure, as string comparisons
// bail out on the first mismatch, which leaks information to potential
// attackers.
const verified = await crypto.subtle.verify(
"HMAC",
key,
receivedMac,
encoder.encode(dataToAuthenticate),
);
if (!verified) {
return new Response("Invalid MAC", { status: 403 });
}
// Signed requests expire after one minute. Note that this value should depend on your specific use case
if (Date.now() / 1000 > assertedTimestamp + EXPIRY) {
return new Response(
`URL expired at ${new Date((assertedTimestamp + EXPIRY) * 1000)}`,
{ status: 403 },
);
}
}
return fetch(new URL(url.pathname, "https://example.com"), request);
},
};
```
```ts
import { Buffer } from "node:buffer";
const encoder = new TextEncoder();
// How long an HMAC token should be valid for, in seconds
const EXPIRY = 60;
interface Env {
SECRET_DATA: string;
}
export default {
async fetch(request, env): Promise {
// You will need some secret data to use as a symmetric key. This should be
// attached to your Worker as an encrypted secret.
// Refer to https://developers.cloudflare.com/workers/configuration/secrets/
const secretKeyData = encoder.encode(
env.SECRET_DATA ?? "my secret symmetric key",
);
// Import your secret as a CryptoKey for both 'sign' and 'verify' operations
const key = await crypto.subtle.importKey(
"raw",
secretKeyData,
{ name: "HMAC", hash: "SHA-256" },
false,
["sign", "verify"],
);
const url = new URL(request.url);
// This is a demonstration Worker that allows unauthenticated access to /generate
// In a real application you would want to make sure that
// users could only generate signed URLs when authenticated
if (url.pathname.startsWith("/generate/")) {
url.pathname = url.pathname.replace("/generate/", "/");
const timestamp = Math.floor(Date.now() / 1000);
// This contains all the data about the request that you want to be able to verify
// Here we only sign the timestamp and the pathname, but often you will want to
// include more data (for instance, the URL hostname or query parameters)
const dataToAuthenticate = `${url.pathname}${timestamp}`;
const mac = await crypto.subtle.sign(
"HMAC",
key,
encoder.encode(dataToAuthenticate),
);
// Refer to https://developers.cloudflare.com/workers/runtime-apis/nodejs/
// for more details on using NodeJS APIs in Workers
const base64Mac = Buffer.from(mac).toString("base64");
url.searchParams.set("verify", `${timestamp}-${base64Mac}`);
return new Response(`${url.pathname}${url.search}`);
// Verify all non /generate requests
} else {
// Make sure you have the minimum necessary query parameters.
if (!url.searchParams.has("verify")) {
return new Response("Missing query parameter", { status: 403 });
}
const [timestamp, hmac] = url.searchParams.get("verify").split("-");
const assertedTimestamp = Number(timestamp);
const dataToAuthenticate = `${url.pathname}${assertedTimestamp}`;
const receivedMac = Buffer.from(hmac, "base64");
// Use crypto.subtle.verify() to guard against timing attacks. Since HMACs use
// symmetric keys, you could implement this by calling crypto.subtle.sign() and
// then doing a string comparison -- this is insecure, as string comparisons
// bail out on the first mismatch, which leaks information to potential
// attackers.
const verified = await crypto.subtle.verify(
"HMAC",
key,
receivedMac,
encoder.encode(dataToAuthenticate),
);
if (!verified) {
return new Response("Invalid MAC", { status: 403 });
}
// Signed requests expire after one minute. Note that this value should depend on your specific use case
if (Date.now() / 1000 > assertedTimestamp + EXPIRY) {
return new Response(
`URL expired at ${new Date((assertedTimestamp + EXPIRY) * 1000)}`,
{ status: 403 },
);
}
}
return fetch(new URL(url.pathname, "https://example.com"), request);
},
} satisfies ExportedHandler;
```
```ts
import { Buffer } from "node:buffer";
import { Hono } from "hono";
import { proxy } from "hono/proxy";
const encoder = new TextEncoder();
// How long an HMAC token should be valid for, in seconds
const EXPIRY = 60;
interface Env {
SECRET_DATA: string;
}
const app = new Hono();
// Handle URL generation requests
app.get("/generate/*", async (c) => {
const env = c.env;
// You will need some secret data to use as a symmetric key
const secretKeyData = encoder.encode(
env.SECRET_DATA ?? "my secret symmetric key",
);
// Import the secret as a CryptoKey for both 'sign' and 'verify' operations
const key = await crypto.subtle.importKey(
"raw",
secretKeyData,
{ name: "HMAC", hash: "SHA-256" },
false,
["sign", "verify"],
);
// Replace "/generate/" prefix with "/"
let pathname = c.req.path.replace("/generate/", "/");
const timestamp = Math.floor(Date.now() / 1000);
// Data to authenticate: pathname + timestamp
const dataToAuthenticate = `${pathname}${timestamp}`;
// Sign the data
const mac = await crypto.subtle.sign(
"HMAC",
key,
encoder.encode(dataToAuthenticate),
);
// Convert the signature to base64
const base64Mac = Buffer.from(mac).toString("base64");
// Add verification parameter to URL
url.searchParams.set("verify", `${timestamp}-${base64Mac}`);
return c.text(`${pathname}${url.search}`);
});
// Handle verification for all other requests
app.all("*", async (c) => {
const env = c.env;
const url = c.req.url;
// You will need some secret data to use as a symmetric key
const secretKeyData = encoder.encode(
env.SECRET_DATA ?? "my secret symmetric key",
);
// Import the secret as a CryptoKey for both 'sign' and 'verify' operations
const key = await crypto.subtle.importKey(
"raw",
secretKeyData,
{ name: "HMAC", hash: "SHA-256" },
false,
["sign", "verify"],
);
// Make sure the request has the verification parameter
if (!c.req.query("verify")) {
return c.text("Missing query parameter", 403);
}
// Extract timestamp and signature
const [timestamp, hmac] = c.req.query("verify")!.split("-");
const assertedTimestamp = Number(timestamp);
// Recreate the data that should have been signed
const dataToAuthenticate = `${c.req.path}${assertedTimestamp}`;
// Convert base64 signature back to ArrayBuffer
const receivedMac = Buffer.from(hmac, "base64");
// Verify the signature
const verified = await crypto.subtle.verify(
"HMAC",
key,
receivedMac,
encoder.encode(dataToAuthenticate),
);
// If verification fails, return 403
if (!verified) {
return c.text("Invalid MAC", 403);
}
// Check if the signature has expired
if (Date.now() / 1000 > assertedTimestamp + EXPIRY) {
return c.text(
`URL expired at ${new Date((assertedTimestamp + EXPIRY) * 1000)}`,
403,
);
}
// If verification passes, proxy the request to example.com
return proxy(`https://example.com/${c.req.path}`, ...c.req);
});
export default app;
```
```py
from pyodide.ffi import to_js as _to_js
from js import Response, URL, TextEncoder, Buffer, fetch, Object, crypto
def to_js(x):
return _to_js(x, dict_converter=Object.fromEntries)
encoder = TextEncoder.new()
# How long an HMAC token should be valid for, in seconds
EXPIRY = 60
async def on_fetch(request, env):
# Get the secret key
secret_key_data = encoder.encode(env.SECRET_DATA if hasattr(env, "SECRET_DATA") else "my secret symmetric key")
# Import the secret as a CryptoKey for both 'sign' and 'verify' operations
key = await crypto.subtle.importKey(
"raw",
secret_key_data,
to_js({"name": "HMAC", "hash": "SHA-256"}),
False,
["sign", "verify"]
)
url = URL.new(request.url)
if url.pathname.startswith("/generate/"):
url.pathname = url.pathname.replace("/generate/", "/", 1)
timestamp = int(Date.now() / 1000)
# Data to authenticate
data_to_authenticate = f"{url.pathname}{timestamp}"
# Sign the data
mac = await crypto.subtle.sign(
"HMAC",
key,
encoder.encode(data_to_authenticate)
)
# Convert to base64
base64_mac = Buffer.from(mac).toString("base64")
# Set the verification parameter
url.searchParams.set("verify", f"{timestamp}-{base64_mac}")
return Response.new(f"{url.pathname}{url.search}")
else:
# Verify the request
if not "verify" in url.searchParams:
return Response.new("Missing query parameter", status=403)
verify_param = url.searchParams.get("verify")
timestamp, hmac = verify_param.split("-")
asserted_timestamp = int(timestamp)
data_to_authenticate = f"{url.pathname}{asserted_timestamp}"
received_mac = Buffer.from(hmac, "base64")
# Verify the signature
verified = await crypto.subtle.verify(
"HMAC",
key,
received_mac,
encoder.encode(data_to_authenticate)
)
if not verified:
return Response.new("Invalid MAC", status=403)
# Check expiration
if Date.now() / 1000 > asserted_timestamp + EXPIRY:
expiry_date = Date.new((asserted_timestamp + EXPIRY) * 1000)
return Response.new(f"URL expired at {expiry_date}", status=403)
# Proxy to example.com if verification passes
return fetch(URL.new(f"https://example.com{url.pathname}"), request)
```
## Validate signed requests using the WAF
The provided example code for signing requests is compatible with the [`is_timed_hmac_valid_v0()`](/ruleset-engine/rules-language/functions/#hmac-validation) Rules language function. This means that you can verify requests signed by the Worker script using a [WAF custom rule](/waf/custom-rules/use-cases/configure-token-authentication/#option-2-configure-using-waf-custom-rules).
---
# Turnstile with Workers
URL: https://developers.cloudflare.com/workers/examples/turnstile-html-rewriter/
import { TabItem, Tabs, Render } from "~/components";
```js
export default {
async fetch(request, env) {
const SITE_KEY = env.SITE_KEY; // The Turnstile Sitekey of your widget (pass as env or secret)
const TURNSTILE_ATTR_NAME = "your_id_to_replace"; // The id of the element to put a Turnstile widget in
let res = await fetch(request);
// Instantiate the API to run on specific elements, for example, `head`, `div`
let newRes = new HTMLRewriter()
// `.on` attaches the element handler and this allows you to match on element/attributes or to use the specific methods per the API
.on("head", {
element(element) {
// In this case, you are using `append` to add a new script to the `head` element
element.append(
``,
{ html: true },
);
},
})
.on("div", {
element(element) {
// Add a turnstile widget element into if an element with the id of TURNSTILE_ATTR_NAME is found
if (element.getAttribute("id") === TURNSTILE_ATTR_NAME) {
element.append(
``,
{ html: true },
);
}
},
})
.transform(res);
return newRes;
},
};
```
```ts
export default {
async fetch(request, env): Promise {
const SITE_KEY = env.SITE_KEY; // The Turnstile Sitekey of your widget (pass as env or secret)
const TURNSTILE_ATTR_NAME = "your_id_to_replace"; // The id of the element to put a Turnstile widget in
let res = await fetch(request);
// Instantiate the API to run on specific elements, for example, `head`, `div`
let newRes = new HTMLRewriter()
// `.on` attaches the element handler and this allows you to match on element/attributes or to use the specific methods per the API
.on("head", {
element(element) {
// In this case, you are using `append` to add a new script to the `head` element
element.append(
``,
{ html: true },
);
},
})
.on("div", {
element(element) {
// Add a turnstile widget element into if an element with the id of TURNSTILE_ATTR_NAME is found
if (element.getAttribute("id") === TURNSTILE_ATTR_NAME) {
element.append(
``,
{ html: true },
);
}
},
})
.transform(res);
return newRes;
},
} satisfies ExportedHandler;
```
```ts
import { Hono } from "hono";
interface Env {
SITE_KEY: string;
SECRET_KEY: string;
TURNSTILE_ATTR_NAME?: string;
}
const app = new Hono<{ Bindings: Env }>();
// Middleware to inject Turnstile widget
app.use("*", async (c, next) => {
const SITE_KEY = c.env.SITE_KEY; // The Turnstile Sitekey from environment
const TURNSTILE_ATTR_NAME = c.env.TURNSTILE_ATTR_NAME || "your_id_to_replace"; // The target element ID
// Process the request through the original endpoint
await next();
// Only process HTML responses
const contentType = c.res.headers.get("content-type");
if (!contentType || !contentType.includes("text/html")) {
return;
}
// Clone the response to make it modifiable
const originalResponse = c.res;
const responseBody = await originalResponse.text();
// Create an HTMLRewriter instance to modify the HTML
const rewriter = new HTMLRewriter()
// Add the Turnstile script to the head
.on("head", {
element(element) {
element.append(
``,
{ html: true },
);
},
})
// Add the Turnstile widget to the target div
.on("div", {
element(element) {
if (element.getAttribute("id") === TURNSTILE_ATTR_NAME) {
element.append(
``,
{ html: true },
);
}
},
});
// Create a new response with the same properties as the original
const modifiedResponse = new Response(responseBody, {
status: originalResponse.status,
statusText: originalResponse.statusText,
headers: originalResponse.headers,
});
// Transform the response using HTMLRewriter
c.res = rewriter.transform(modifiedResponse);
});
// Handle POST requests for form submission with Turnstile validation
app.post("*", async (c) => {
const formData = await c.req.formData();
const token = formData.get("cf-turnstile-response");
const ip = c.req.header("CF-Connecting-IP");
// If no token, return an error
if (!token) {
return c.text("Missing Turnstile token", 400);
}
// Prepare verification data
const verifyFormData = new FormData();
verifyFormData.append("secret", c.env.SECRET_KEY || "");
verifyFormData.append("response", token.toString());
if (ip) verifyFormData.append("remoteip", ip);
// Verify the token with Turnstile API
const verifyResult = await fetch(
"https://challenges.cloudflare.com/turnstile/v0/siteverify",
{
method: "POST",
body: verifyFormData,
},
);
const outcome = await verifyResult.json<{ success: boolean }>;
// If verification fails, return an error
if (!outcome.success) {
return c.text("The provided Turnstile token was not valid!", 401);
}
// If verification succeeds, proceed with the original request
// You would typically handle the form submission logic here
// For this example, we'll just send a success response
return c.text("Form submission successful!");
});
// Default handler for GET requests
app.get("*", async (c) => {
// Fetch the original content (you'd replace this with your actual content source)
return await fetch(c.req.raw);
});
export default app;
```
```py
from pyodide.ffi import create_proxy
from js import HTMLRewriter, fetch
async def on_fetch(request, env):
site_key = env.SITE_KEY
attr_name = env.TURNSTILE_ATTR_NAME
res = await fetch(request)
class Append:
def element(self, element):
s = ''
element.append(s, {"html": True})
class AppendOnID:
def __init__(self, name):
self.name = name
def element(self, element):
# You are using the `getAttribute` method here to retrieve the `id` or `class` of an element
if element.getAttribute("id") == self.name:
div = f''
element.append(div, { "html": True })
# Instantiate the API to run on specific elements, for example, `head`, `div`
head = create_proxy(Append())
div = create_proxy(AppendOnID(attr_name))
new_res = HTMLRewriter.new().on("head", head).on("div", div).transform(res)
return new_res
```
:::note
This is only half the implementation for Turnstile. The corresponding token that is a result of a widget being rendered also needs to be verified using the [siteverify API](/turnstile/get-started/server-side-validation/). Refer to the example below for one such implementation.
:::
```js
async function handlePost(request, env) {
const body = await request.formData();
// Turnstile injects a token in `cf-turnstile-response`.
const token = body.get('cf-turnstile-response');
const ip = request.headers.get('CF-Connecting-IP');
// Validate the token by calling the `/siteverify` API.
let formData = new FormData();
// `secret_key` here is the Turnstile Secret key, which should be set using Wrangler secrets
formData.append('secret', env.SECRET_KEY);
formData.append('response', token);
formData.append('remoteip', ip); //This is optional.
const url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
const result = await fetch(url, {
body: formData,
method: 'POST',
});
const outcome = await result.json();
if (!outcome.success) {
return new Response('The provided Turnstile token was not valid!', { status: 401 });
}
// The Turnstile token was successfully validated. Proceed with your application logic.
// Validate login, redirect user, etc.
// Clone the original request with a new body
const newRequest = new Request(request, {
body: request.body, // Reuse the body
method: request.method,
headers: request.headers
});
return await fetch(newRequest);
}
export default {
async fetch(request, env) {
const SITE_KEY = env.SITE_KEY; // The Turnstile Sitekey of your widget (pass as env or secret)
const TURNSTILE_ATTR_NAME = 'your_id_to_replace'; // The id of the element to put a Turnstile widget in
let res = await fetch(request)
if (request.method === 'POST') {
return handlePost(request, env)
}
// Instantiate the API to run on specific elements, for example, `head`, `div`
let newRes = new HTMLRewriter()
// `.on` attaches the element handler and this allows you to match on element/attributes or to use the specific methods per the API
.on('head', {
element(element) {
// In this case, you are using `append` to add a new script to the `head` element
element.append(``, { html: true });
},
})
.on('div', {
element(element) {
// You are using the `getAttribute` method here to retrieve the `id` or `class` of an element
if (element.getAttribute('id') === ) {
element.append(``, { html: true });
}
},
})
.transform(res);
return newRes
}
}
```
---
# Using the WebSockets API
URL: https://developers.cloudflare.com/workers/examples/websockets/
import { TabItem, Tabs } from "~/components";
WebSockets allow you to communicate in real time with your Cloudflare Workers serverless functions. In this guide, you will learn the basics of WebSockets on Cloudflare Workers, both from the perspective of writing WebSocket servers in your Workers functions, as well as connecting to and working with those WebSocket servers as a client.
WebSockets are open connections sustained between the client and the origin server. Inside a WebSocket connection, the client and the origin can pass data back and forth without having to reestablish sessions. This makes exchanging data within a WebSocket connection fast. WebSockets are often used for real-time applications such as live chat and gaming.
:::note
WebSockets utilize an event-based system for receiving and sending messages, much like the Workers runtime model of responding to events.
:::
:::note
If your application needs to coordinate among multiple WebSocket connections, such as a chat room or game match, you will need clients to send messages to a single-point-of-coordination. Durable Objects provide a single-point-of-coordination for Cloudflare Workers, and are often used in parallel with WebSockets to persist state over multiple clients and connections. In this case, refer to [Durable Objects](/durable-objects/) to get started, and prefer using the Durable Objects' extended [WebSockets API](/durable-objects/best-practices/websockets/).
:::
## Write a WebSocket Server
WebSocket servers in Cloudflare Workers allow you to receive messages from a client in real time. This guide will show you how to set up a WebSocket server in Workers.
A client can make a WebSocket request in the browser by instantiating a new instance of `WebSocket`, passing in the URL for your Workers function:
```js
// In client-side JavaScript, connect to your Workers function using WebSockets:
const websocket = new WebSocket(
"wss://example-websocket.signalnerve.workers.dev",
);
```
:::note
For more details about creating and working with WebSockets in the client, refer to [Writing a WebSocket client](#write-a-websocket-client).
:::
When an incoming WebSocket request reaches the Workers function, it will contain an `Upgrade` header, set to the string value `websocket`. Check for this header before continuing to instantiate a WebSocket:
```js
async function handleRequest(request) {
const upgradeHeader = request.headers.get('Upgrade');
if (!upgradeHeader || upgradeHeader !== 'websocket') {
return new Response('Expected Upgrade: websocket', { status: 426 });
}
}
```
```rs
use worker::\*;
#[event(fetch)]
async fn fetch(req: HttpRequest, \_env: Env, \_ctx: Context) -> Result {
let upgrade_header = match req.headers().get("Upgrade") {
Some(h) => h.to_str().unwrap(),
None => "",
};
if upgrade_header != "websocket" {
return worker::Response::error("Expected Upgrade: websocket", 426);
}
}
````
After you have appropriately checked for the `Upgrade` header, you can create a new instance of `WebSocketPair`, which contains server and client WebSockets. One of these WebSockets should be handled by the Workers function and the other should be returned as part of a `Response` with the [`101` status code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/101), indicating the request is switching protocols:
```js
async function handleRequest(request) {
const upgradeHeader = request.headers.get('Upgrade');
if (!upgradeHeader || upgradeHeader !== 'websocket') {
return new Response('Expected Upgrade: websocket', { status: 426 });
}
const webSocketPair = new WebSocketPair();
const client = webSocketPair[0],
server = webSocketPair[1];
return new Response(null, {
status: 101,
webSocket: client,
});
}
````
```rs
use worker::*;
#[event(fetch)]
async fn fetch(req: HttpRequest, \_env: Env, \_ctx: Context) -> Result {
let upgrade_header = match req.headers().get("Upgrade") {
Some(h) => h.to_str().unwrap(),
None => "",
};
if upgrade_header != "websocket" {
return worker::Response::error("Expected Upgrade: websocket", 426);
}
let ws = WebSocketPair::new()?;
let client = ws.client;
let server = ws.server;
server.accept()?;
worker::Response::from_websocket(client)
}
````
The `WebSocketPair` constructor returns an Object, with the `0` and `1` keys each holding a `WebSocket` instance as its value. It is common to grab the two WebSockets from this pair using [`Object.values`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_objects/Object/values) and [ES6 destructuring](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Destructuring_assignment), as seen in the below example.
In order to begin communicating with the `client` WebSocket in your Worker, call `accept` on the `server` WebSocket. This will tell the Workers runtime that it should listen for WebSocket data and keep the connection open with your `client` WebSocket:
```js
async function handleRequest(request) {
const upgradeHeader = request.headers.get('Upgrade');
if (!upgradeHeader || upgradeHeader !== 'websocket') {
return new Response('Expected Upgrade: websocket', { status: 426 });
}
const webSocketPair = new WebSocketPair();
const [client, server] = Object.values(webSocketPair);
server.accept();
return new Response(null, {
status: 101,
webSocket: client,
});
}
````
```rs
use worker::*;
#[event(fetch)]
async fn fetch(req: HttpRequest, \_env: Env, \_ctx: Context) -> Result {
let upgrade_header = match req.headers().get("Upgrade") {
Some(h) => h.to_str().unwrap(),
None => "",
};
if upgrade_header != "websocket" {
return worker::Response::error("Expected Upgrade: websocket", 426);
}
let ws = WebSocketPair::new()?;
let client = ws.client;
let server = ws.server;
server.accept()?;
worker::Response::from_websocket(client)
}
````
WebSockets emit a number of [Events](/workers/runtime-apis/websockets/#events) that can be connected to using `addEventListener`. The below example hooks into the `message` event and emits a `console.log` with the data from it:
```js
async function handleRequest(request) {
const upgradeHeader = request.headers.get('Upgrade');
if (!upgradeHeader || upgradeHeader !== 'websocket') {
return new Response('Expected Upgrade: websocket', { status: 426 });
}
const webSocketPair = new WebSocketPair();
const [client, server] = Object.values(webSocketPair);
server.accept();
server.addEventListener('message', event => {
console.log(event.data);
});
return new Response(null, {
status: 101,
webSocket: client,
});
}
````
```rs
use futures::StreamExt;
use worker::*;
#[event(fetch)]
async fn fetch(req: HttpRequest, \_env: Env, \_ctx: Context) -> Result {
let upgrade_header = match req.headers().get("Upgrade") {
Some(h) => h.to_str().unwrap(),
None => "",
};
if upgrade_header != "websocket" {
return worker::Response::error("Expected Upgrade: websocket", 426);
}
let ws = WebSocketPair::new()?;
let client = ws.client;
let server = ws.server;
server.accept()?;
wasm_bindgen_futures::spawn_local(async move {
let mut event_stream = server.events().expect("could not open stream");
while let Some(event) = event_stream.next().await {
match event.expect("received error in websocket") {
WebsocketEvent::Message(msg) => server.send(&msg.text()).unwrap(),
WebsocketEvent::Close(event) => console_log!("{:?}", event),
}
}
});
worker::Response::from_websocket(client)
}
````
```ts
import { Hono } from 'hono'
import { upgradeWebSocket } from 'hono/cloudflare-workers'
const app = new Hono()
app.get(
'*',
upgradeWebSocket((c) => {
return {
onMessage(event, ws) {
console.log('Received message from client:', event.data)
ws.send(`Echo: ${event.data}`)
},
onClose: () => {
console.log('WebSocket closed:', event)
},
onError: () => {
console.error('WebSocket error:', event)
},
}
})
)
export default app;
````
### Connect to the WebSocket server from a client
Writing WebSocket clients that communicate with your Workers function is a two-step process: first, create the WebSocket instance, and then attach event listeners to it:
```js
const websocket = new WebSocket(
"wss://websocket-example.signalnerve.workers.dev",
);
websocket.addEventListener("message", (event) => {
console.log("Message received from server");
console.log(event.data);
});
```
WebSocket clients can send messages back to the server using the [`send`](/workers/runtime-apis/websockets/#send) function:
```js
websocket.send("MESSAGE");
```
When the WebSocket interaction is complete, the client can close the connection using [`close`](/workers/runtime-apis/websockets/#close):
```js
websocket.close();
```
For an example of this in practice, refer to the [`websocket-template`](https://github.com/cloudflare/websocket-template) to get started with WebSockets.
## Write a WebSocket client
Cloudflare Workers supports the `new WebSocket(url)` constructor. A Worker can establish a WebSocket connection to a remote server in the same manner as the client implementation described above.
Additionally, Cloudflare supports establishing WebSocket connections by making a fetch request to a URL with the `Upgrade` header set.
```js
async function websocket(url) {
// Make a fetch request including `Upgrade: websocket` header.
// The Workers Runtime will automatically handle other requirements
// of the WebSocket protocol, like the Sec-WebSocket-Key header.
let resp = await fetch(url, {
headers: {
Upgrade: "websocket",
},
});
// If the WebSocket handshake completed successfully, then the
// response has a `webSocket` property.
let ws = resp.webSocket;
if (!ws) {
throw new Error("server didn't accept WebSocket");
}
// Call accept() to indicate that you'll be handling the socket here
// in JavaScript, as opposed to returning it on to a client.
ws.accept();
// Now you can send and receive messages like before.
ws.send("hello");
ws.addEventListener("message", (msg) => {
console.log(msg.data);
});
}
```
## WebSocket compression
Cloudflare Workers supports WebSocket compression. Refer to [WebSocket Compression](/workers/configuration/compatibility-flags/#websocket-compression) for more information.
---
# Cache
URL: https://developers.cloudflare.com/workers/runtime-apis/cache/
## Background
The [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache) allows fine grained control of reading and writing from the [Cloudflare global network](https://www.cloudflare.com/network/) cache.
The Cache API is available globally but the contents of the cache do not replicate outside of the originating data center. A `GET /users` response can be cached in the originating data center, but will not exist in another data center unless it has been explicitly created.
:::caution[Tiered caching]
The `cache.put` method is not compatible with tiered caching. Refer to [Cache API](/workers/reference/how-the-cache-works/#cache-api) for more information. To perform tiered caching, use the [fetch API](/workers/reference/how-the-cache-works/#interact-with-the-cloudflare-cache).
:::
Workers deployed to custom domains have access to functional `cache` operations. So do [Pages functions](/pages/functions/), whether attached to custom domains or `*.pages.dev` domains.
However, any Cache API operations in the Cloudflare Workers dashboard editor and [Playground](/workers/playground/) previews will have no impact. For Workers fronted by [Cloudflare Access](https://www.cloudflare.com/teams/access/), the Cache API is not currently available.
:::note
This individualized zone cache object differs from Cloudflare’s Global CDN. For details, refer to [How the cache works](/workers/reference/how-the-cache-works/).
:::
***
## Accessing Cache
The `caches.default` API is strongly influenced by the web browsers’ Cache API, but there are some important differences. For instance, Cloudflare Workers runtime exposes a single global cache object.
```js
let cache = caches.default;
await cache.match(request);
```
You may create and manage additional Cache instances via the [`caches.open`](https://developer.mozilla.org/en-US/docs/Web/API/CacheStorage/open) method.
```js
let myCache = await caches.open('custom:cache');
await myCache.match(request);
```
:::note
When using the cache API, avoid overriding the hostname in cache requests, as this can lead to unnecessary DNS lookups and cache inefficiencies. Always use the hostname that matches the domain associated with your Worker.
```js
// recommended approach: use your Worker hostname to ensure efficient caching
request.url = "https://your-Worker-hostname.com/";
let myCache = await caches.open('custom:cache');
let response = await myCache.match(request);
```
:::
***
## Headers
Our implementation of the Cache API respects the following HTTP headers on the response passed to `put()`:
* `Cache-Control`
* Controls caching directives. This is consistent with [Cloudflare Cache-Control Directives](/cache/concepts/cache-control#cache-control-directives). Refer to [Edge TTL](/cache/how-to/configure-cache-status-code#edge-ttl) for a list of HTTP response codes and their TTL when `Cache-Control` directives are not present.
* `Cache-Tag`
* Allows resource purging by tag(s) later.
* `ETag`
* Allows `cache.match()` to evaluate conditional requests with `If-None-Match`.
* `Expires` string
* A string that specifies when the resource becomes invalid.
* `Last-Modified`
* Allows `cache.match()` to evaluate conditional requests with `If-Modified-Since`.
This differs from the web browser Cache API as they do not honor any headers on the request or response.
:::note
Responses with `Set-Cookie` headers are never cached, because this sometimes indicates that the response contains unique data. To store a response with a `Set-Cookie` header, either delete that header or set `Cache-Control: private=Set-Cookie` on the response before calling `cache.put()`.
Use the `Cache-Control` method to store the response without the `Set-Cookie` header.
:::
***
## Methods
### Put
```js
cache.put(request, response);
```
* put(request, response) : Promise
* Attempts to add a response to the cache, using the given request as the key. Returns a promise that resolves to `undefined` regardless of whether the cache successfully stored the response.
:::note
The `stale-while-revalidate` and `stale-if-error` directives are not supported when using the `cache.put` or `cache.match` methods.
:::
#### Parameters
* `request` string | Request
* Either a string or a [`Request`](/workers/runtime-apis/request/) object to serve as the key. If a string is passed, it is interpreted as the URL for a new Request object.
* `response` Response
* A [`Response`](/workers/runtime-apis/response/) object to store under the given key.
#### Invalid parameters
`cache.put` will throw an error if:
* The `request` passed is a method other than `GET`.
* The `response` passed has a `status` of [`206 Partial Content`](https://www.webfx.com/web-development/glossary/http-status-codes/what-is-a-206-status-code/).
* The `response` passed contains the header `Vary: *`. The value of the `Vary` header is an asterisk (`*`). Refer to the [Cache API specification](https://w3c.github.io/ServiceWorker/#cache-put) for more information.
#### Errors
`cache.put` returns a `413` error if `Cache-Control` instructs not to cache or if the response is too large.
### `Match`
```js
cache.match(request, options);
```
* match(request, options) : Promise``
* Returns a promise wrapping the response object keyed to that request.
:::note
The `stale-while-revalidate` and `stale-if-error` directives are not supported when using the `cache.put` or `cache.match` methods.
:::
#### Parameters
* `request` string | Request
* The string or [`Request`](/workers/runtime-apis/request/) object used as the lookup key. Strings are interpreted as the URL for a new `Request` object.
* `options`
* Can contain one possible property: `ignoreMethod` (Boolean). When `true`, the request is considered to be a `GET` request regardless of its actual value.
Unlike the browser Cache API, Cloudflare Workers do not support the `ignoreSearch` or `ignoreVary` options on `match()`. You can accomplish this behavior by removing query strings or HTTP headers at `put()` time.
Our implementation of the Cache API respects the following HTTP headers on the request passed to `match()`:
* `Range`
* Results in a `206` response if a matching response with a Content-Length header is found. Your Cloudflare cache always respects range requests, even if an `Accept-Ranges` header is on the response.
* `If-Modified-Since`
* Results in a `304` response if a matching response is found with a `Last-Modified` header with a value after the time specified in `If-Modified-Since`.
* `If-None-Match`
* Results in a `304` response if a matching response is found with an `ETag` header with a value that matches a value in `If-None-Match`.
* `cache.match()`
* Never sends a subrequest to the origin. If no matching response is found in cache, the promise that `cache.match()` returns is fulfilled with `undefined`.
#### Errors
`cache.match` generates a `504` error response when the requested content is missing or expired. The Cache API does not expose this `504` directly to the Worker script, instead returning `undefined`. Nevertheless, the underlying `504` is still visible in Cloudflare Logs.
If you use Cloudflare Logs, you may see these `504` responses with the `RequestSource` of `edgeWorkerCacheAPI`. Again, these are expected if the cached asset was missing or expired. Note that `edgeWorkerCacheAPI` requests are already filtered out in other views, such as Cache Analytics. To filter out these requests or to filter requests by end users of your website only, refer to [Filter end users](/analytics/graphql-api/features/filtering/#filter-end-users).
### `Delete`
```js
cache.delete(request, options);
```
* delete(request, options) : Promise``
Deletes the `Response` object from the cache and returns a `Promise` for a Boolean response:
* `true`: The response was cached but is now deleted
* `false`: The response was not in the cache at the time of deletion.
:::caution[Global purges]
The `cache.delete` method only purges content of the cache in the data center that the Worker was invoked. For global purges, refer to [Purging assets stored with the Cache API](/workers/reference/how-the-cache-works/#purge-assets-stored-with-the-cache-api).
:::
#### Parameters
* `request` string | Request
* The string or [`Request`](/workers/runtime-apis/request/) object used as the lookup key. Strings are interpreted as the URL for a new `Request` object.
* `options` object
* Can contain one possible property: `ignoreMethod` (Boolean). Consider the request method a GET regardless of its actual value.
***
## Related resources
* [How the cache works](/workers/reference/how-the-cache-works/)
* [Example: Cache using `fetch()`](/workers/examples/cache-using-fetch/)
* [Example: using the Cache API](/workers/examples/cache-api/)
* [Example: caching POST requests](/workers/examples/cache-post-request/)
---
# Console
URL: https://developers.cloudflare.com/workers/runtime-apis/console/
The `console` object provides a set of methods to help you emit logs, warnings, and debug code.
All standard [methods of the `console` API](https://developer.mozilla.org/en-US/docs/Web/API/console) are present on the `console` object in Workers.
However, some methods are no ops — they can be called, and do not emit an error, but do not do anything. This ensures compatibility with libraries which may use these APIs.
The table below enumerates each method, and the extent to which it is supported in Workers.
All methods noted as "✅ supported" have the following behavior:
* They will be written to the console in local dev (`npx wrangler@latest dev`)
* They will appear in live logs, when tailing logs in the dashboard or running [`wrangler tail`](https://developers.cloudflare.com/workers/observability/log-from-workers/#use-wrangler-tail)
* They will create entries in the `logs` field of [Tail Worker](https://developers.cloudflare.com/workers/observability/tail-workers/) events and [Workers Trace Events](https://developers.cloudflare.com/logs/reference/log-fields/account/workers_trace_events/), which can be pushed to a destination of your choice via [Logpush](https://developers.cloudflare.com/workers/observability/logpush/).
All methods noted as "🟡 partial support" have the following behavior:
* In both production and local development the method can be safely called, but will do nothing (no op)
* In the [Workers Playground](https://workers.cloudflare.com/playground), Quick Editor in the Workers dashboard, and remote preview mode (`wrangler dev --remote`) calling the method will behave as expected, print to the console, etc.
Refer to [Log from Workers](https://developers.cloudflare.com/workers/observability/log-from-workers/) for more on debugging and adding logs to Workers.
| Method | Behavior |
| -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- |
| [`console.debug()`](https://developer.mozilla.org/en-US/docs/Web/API/console/debug_static) | ✅ supported |
| [`console.error()`](https://developer.mozilla.org/en-US/docs/Web/API/console/error_static) | ✅ supported |
| [`console.info()`](https://developer.mozilla.org/en-US/docs/Web/API/console/info_static) | ✅ supported |
| [`console.log()`](https://developer.mozilla.org/en-US/docs/Web/API/console/log_static) | ✅ supported |
| [`console.warn()`](https://developer.mozilla.org/en-US/docs/Web/API/console/warn_static) | ✅ supported |
| [`console.clear()`](https://developer.mozilla.org/en-US/docs/Web/API/console/clear_static) | 🟡 partial support |
| [`console.count()`](https://developer.mozilla.org/en-US/docs/Web/API/console/count_static) | 🟡 partial support |
| [`console.group()`](https://developer.mozilla.org/en-US/docs/Web/API/console/group_static) | 🟡 partial support |
| [`console.table()`](https://developer.mozilla.org/en-US/docs/Web/API/console/table_static) | 🟡 partial support |
| [`console.trace()`](https://developer.mozilla.org/en-US/docs/Web/API/console/trace_static) | 🟡 partial support |
| [`console.assert()`](https://developer.mozilla.org/en-US/docs/Web/API/console/assert_static) | ⚪ no op |
| [`console.countReset()`](https://developer.mozilla.org/en-US/docs/Web/API/console/countreset_static) | ⚪ no op |
| [`console.dir()`](https://developer.mozilla.org/en-US/docs/Web/API/console/dir_static) | ⚪ no op |
| [`console.dirxml()`](https://developer.mozilla.org/en-US/docs/Web/API/console/dirxml_static) | ⚪ no op |
| [`console.groupCollapsed()`](https://developer.mozilla.org/en-US/docs/Web/API/console/groupcollapsed_static) | ⚪ no op |
| [`console.groupEnd`](https://developer.mozilla.org/en-US/docs/Web/API/console/groupend_static) | ⚪ no op |
| [`console.profile()`](https://developer.mozilla.org/en-US/docs/Web/API/console/profile_static) | ⚪ no op |
| [`console.profileEnd()`](https://developer.mozilla.org/en-US/docs/Web/API/console/profileend_static) | ⚪ no op |
| [`console.time()`](https://developer.mozilla.org/en-US/docs/Web/API/console/time_static) | ⚪ no op |
| [`console.timeEnd()`](https://developer.mozilla.org/en-US/docs/Web/API/console/timeend_static) | ⚪ no op |
| [`console.timeLog()`](https://developer.mozilla.org/en-US/docs/Web/API/console/timelog_static) | ⚪ no op |
| [`console.timeStamp()`](https://developer.mozilla.org/en-US/docs/Web/API/console/timestamp_static) | ⚪ no op |
| [`console.createTask()`](https://developer.chrome.com/blog/devtools-modern-web-debugging/#linked-stack-traces) | 🔴 Will throw an exception in production, but works in local dev, Quick Editor, and remote preview |
---
# Context (ctx)
URL: https://developers.cloudflare.com/workers/runtime-apis/context/
The Context API provides methods to manage the lifecycle of your Worker or Durable Object.
Context is exposed via the following places:
* As the third parameter in all [handlers](/workers/runtime-apis/handlers/), including the [`fetch()` handler](/workers/runtime-apis/handlers/fetch/). (`fetch(request, env, ctx)`)
* As a class property of the [`WorkerEntrypoint` class](/workers/runtime-apis/bindings/service-bindings/rpc)
## `waitUntil`
`ctx.waitUntil()` extends the lifetime of your Worker, allowing you to perform work without blocking returning a response, and that may continue after a response is returned. It accepts a `Promise`, which the Workers runtime will continue executing, even after a response has been returned by the Worker's [handler](/workers/runtime-apis/handlers/).
`waitUntil` is commonly used to:
* Fire off events to external analytics providers. (note that when you use [Workers Analytics Engine](/analytics/analytics-engine/), you do not need to use `waitUntil`)
* Put items into cache using the [Cache API](/workers/runtime-apis/cache/)
:::note[Alternatives to waitUntil]
If you are using `waitUntil()` to emit logs or exceptions, we recommend using [Tail Workers](/workers/observability/logs/tail-workers/) instead. Even if your Worker throws an uncaught exception, the Tail Worker will execute, ensuring that you can emit logs or exceptions regardless of the Worker's invocation status.
[Cloudflare Queues](/queues/) is purpose-built for performing work out-of-band, without blocking returning a response back to the client Worker.
:::
You can call `waitUntil()` multiple times. Similar to `Promise.allSettled`, even if a promise passed to one `waitUntil` call is rejected, promises passed to other `waitUntil()` calls will still continue to execute.
For example:
```js
export default {
async fetch(request, env, ctx) {
// Forward / proxy original request
let res = await fetch(request);
// Add custom header(s)
res = new Response(res.body, res);
res.headers.set('x-foo', 'bar');
// Cache the response
// NOTE: Does NOT block / wait
ctx.waitUntil(caches.default.put(request, res.clone()));
// Done
return res;
},
};
```
## `passThroughOnException`
:::caution[Reuse of body]
The Workers Runtime uses streaming for request and response bodies. It does not buffer the body. Hence, if an exception occurs after the body has been consumed, `passThroughOnException()` cannot send the body again.
If this causes issues, we recommend cloning the request body and handling exceptions in code. This will protect against uncaught code exceptions. However some exception times such as exceed CPU or memory limits will not be mitigated.
:::
The `passThroughOnException` method allows a Worker to [fail open](https://community.microfocus.com/cyberres/b/sws-22/posts/security-fundamentals-part-1-fail-open-vs-fail-closed), and pass a request through to an origin server when a Worker throws an unhandled exception. This can be useful when using Workers as a layer in front of an existing service, allowing the service behind the Worker to handle any unexpected error cases that arise in your Worker.
```js
export default {
async fetch(request, env, ctx) {
// Proxy to origin on unhandled/uncaught exceptions
ctx.passThroughOnException();
throw new Error('Oops');
},
};
```
---
# Encoding
URL: https://developers.cloudflare.com/workers/runtime-apis/encoding/
## TextEncoder
### Background
The `TextEncoder` takes a stream of code points as input and emits a stream of bytes. Encoding types passed to the constructor are ignored and a UTF-8 `TextEncoder` is created.
[`TextEncoder()`](https://developer.mozilla.org/en-US/docs/Web/API/TextEncoder/TextEncoder) returns a newly constructed `TextEncoder` that generates a byte stream with UTF-8 encoding. `TextEncoder` takes no parameters and throws no exceptions.
### Constructor
```js
let encoder = new TextEncoder();
```
### Properties
* `encoder.encoding` DOMString read-only
* The name of the encoder as a string describing the method the `TextEncoder` uses (always `utf-8`).
### Methods
* encode(inputUSVString) : Uint8Array
* Encodes a string input.
***
## TextDecoder
### Background
The `TextDecoder` interface represents a UTF-8 decoder. Decoders take a stream of bytes as input and emit a stream of code points.
[`TextDecoder()`](https://developer.mozilla.org/en-US/docs/Web/API/TextDecoder/TextDecoder) returns a newly constructed `TextDecoder` that generates a code-point stream.
### Constructor
```js
let decoder = new TextDecoder();
```
### Properties
* `decoder.encoding` DOMString read-only
* The name of the decoder that describes the method the `TextDecoder` uses.
* `decoder.fatal` boolean read-only
* Indicates if the error mode is fatal.
* `decoder.ignoreBOM` boolean read-only
* Indicates if the byte-order marker is ignored.
### Methods
* `decode()` : DOMString
* Decodes using the method specified in the `TextDecoder` object. Learn more at [MDN’s `TextDecoder` documentation](https://developer.mozilla.org/en-US/docs/Web/API/TextDecoder/decode).
---
# EventSource
URL: https://developers.cloudflare.com/workers/runtime-apis/eventsource/
## Background
The [`EventSource`](https://developer.mozilla.org/en-US/docs/Web/API/EventSource) interface is a server-sent event API that allows a server to push events to a client. The `EventSource` object is used to receive server-sent events. It connects to a server over HTTP and receives events in a text-based format.
### Constructor
```js
let eventSource = new EventSource(url, options);
```
* `url` USVString - The URL to which to connect.
* `options` EventSourceInit - An optional dictionary containing any optional settings.
By default, the `EventSource` will use the global `fetch()` function under the
covers to make requests. If you need to use a different fetch implementation as
provided by a Cloudflare Workers binding, you can pass the `fetcher` option:
```js
export default {
async fetch(req, env) {
let eventSource = new EventSource(url, { fetcher: env.MYFETCHER });
// ...
}
};
```
Note that the `fetcher` option is a Cloudflare Workers specific extension.
### Properties
* `eventSource.url` USVString read-only
* The URL of the event source.
* `eventSource.readyState` USVString read-only
* The state of the connection.
* `eventSource.withCredentials` Boolean read-only
* A Boolean indicating whether the `EventSource` object was instantiated with cross-origin (CORS) credentials set (`true`), or not (`false`).
### Methods
* `eventSource.close()`
* Closes the connection.
* `eventSource.onopen`
* An event handler called when a connection is opened.
* `eventSource.onmessage`
* An event handler called when a message is received.
* `eventSource.onerror`
* An event handler called when an error occurs.
### Events
* `message`
* Fired when a message is received.
* `open`
* Fired when the connection is opened.
* `error`
* Fired when an error occurs.
### Class Methods
* EventSource.from(readableStreamReadableStream) : EventSource
* This is a Cloudflare Workers specific extension that creates a new `EventSource` object from an existing `ReadableStream`. Such an instance does not initiate a new connection but instead attaches to the provided stream.
---
# Fetch
URL: https://developers.cloudflare.com/workers/runtime-apis/fetch/
import { TabItem, Tabs } from "~/components";
The [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) provides an interface for asynchronously fetching resources via HTTP requests inside of a Worker.
:::note
Asynchronous tasks such as `fetch` must be executed within a [handler](/workers/runtime-apis/handlers/). If you try to call `fetch()` within [global scope](https://developer.mozilla.org/en-US/docs/Glossary/Global_scope), your Worker will throw an error. Learn more about [the Request context](/workers/runtime-apis/request/#the-request-context).
:::
:::caution[Worker to Worker]
Worker-to-Worker `fetch` requests are possible with [Service bindings](/workers/runtime-apis/bindings/service-bindings/) or by enabling the [`global_fetch_strictly_public` compatibility flag](/workers/configuration/compatibility-flags/#global-fetch-strictly-public).
:::
## Syntax
```js null {3-7}
export default {
async scheduled(controller, env, ctx) {
return await fetch("https://example.com", {
headers: {
"X-Source": "Cloudflare-Workers",
},
});
},
};
```
:::caution[Service Workers are deprecated]
Service Workers are deprecated, but still supported. We recommend using [Module Workers](/workers/reference/migrate-to-module-workers/) instead. New features may not be supported for Service Workers.
:::
```js null {8}
addEventListener("fetch", (event) => {
// NOTE: can’t use fetch here, as we’re not in an async scope yet
event.respondWith(eventHandler(event));
});
async function eventHandler(event) {
// fetch can be awaited here since `event.respondWith()` waits for the Promise it receives to settle
const resp = await fetch(event.request);
return resp;
}
```
```python
from workers import fetch, handler
@handler
async def on_scheduled(controller, env, ctx):
return await fetch("https://example.com", headers={"X-Source": "Cloudflare-Workers"})
```
- fetch(resource, options optional) : Promise``
- Fetch returns a promise to a Response.
### Parameters
- [`resource`](https://developer.mozilla.org/en-US/docs/Web/API/fetch#resource) Request | string | URL
- `options` options
- `cache` `undefined | 'no-store'` optional
- Standard HTTP `cache` header. Only `cache: 'no-store'` is supported.
Any other `cache` header will result in a `TypeError` with the message `Unsupported cache mode: `.
_ For all requests this forwards the `Pragma: no-cache` and `Cache-Control: no-cache` headers to the origin.
_ For requests to origins not hosted by Cloudflare, `no-store` bypasses the use of Cloudflare's caches.
- An object that defines the content and behavior of the request.
---
## How the `Accept-Encoding` header is handled
When making a subrequest with the `fetch()` API, you can specify which forms of compression to prefer that the server will respond with (if the server supports it) by including the [`Accept-Encoding`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Encoding) header.
Workers supports both the gzip and brotli compression algorithms. Usually it is not necessary to specify `Accept-Encoding` or `Content-Encoding` headers in the Workers Runtime production environment – brotli or gzip compression is automatically requested when fetching from an origin and applied to the response when returning data to the client, depending on the capabilities of the client and origin server.
To support requesting brotli from the origin, you must enable the [`brotli_content_encoding`](/workers/configuration/compatibility-flags/#brotli-content-encoding-support) compatibility flag in your Worker. Soon, this compatibility flag will be enabled by default for all Workers past an upcoming compatibility date.
### Passthrough behavior
One scenario where the Accept-Encoding header is useful is for passing through compressed data from a server to the client, where the Accept-Encoding allows the worker to directly receive the compressed data stream from the server without it being decompressed beforehand. As long as you do not read the body of the compressed response prior to returning it to the client and keep the `Content-Encoding` header intact, it will "pass through" without being decompressed and then recompressed again. This can be helpful when using Workers in front of origin servers or when fetching compressed media assets, to ensure that the same compression used by the origin server is used in the response that your Worker returns.
In addition to a change in the content encoding, recompression is also needed when a response uses an encoding not supported by the client. As an example, when a Worker requests either brotli or gzip as the encoding but the client only supports gzip, recompression will still be needed if the server returns brotli-encoded data to the server (and will be applied automatically). Note that this behavior may also vary based on the [compression rules](/rules/compression-rules/), which can be used to configure what compression should be applied for different types of data on the server side.
```typescript
export default {
async fetch(request) {
// Accept brotli or gzip compression
const headers = new Headers({
"Accept-Encoding": "br, gzip",
});
let response = await fetch("https://developers.cloudflare.com", {
method: "GET",
headers,
});
// As long as the original response body is returned and the Content-Encoding header is
// preserved, the same encoded data will be returned without needing to be compressed again.
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: response.headers,
});
},
};
```
## Related resources
- [Example: use `fetch` to respond with another site](/workers/examples/respond-with-another-site/)
- [Example: Fetch HTML](/workers/examples/fetch-html/)
- [Example: Fetch JSON](/workers/examples/fetch-json/)
- [Example: cache using Fetch](/workers/examples/cache-using-fetch/)
- Write your Worker code in [ES modules syntax](/workers/reference/migrate-to-module-workers/) for an optimized experience.
---
# Headers
URL: https://developers.cloudflare.com/workers/runtime-apis/headers/
## Background
All HTTP request and response headers are available through the [Headers API](https://developer.mozilla.org/en-US/docs/Web/API/Headers).
When a header name possesses multiple values, those values will be concatenated as a single, comma-delimited string value. This means that `Headers.get` will always return a string or a `null` value. This applies to all header names except for `Set-Cookie`, which requires `Headers.getAll`. This is documented below in [Differences](#differences).
```js
let headers = new Headers();
headers.get('x-foo'); //=> null
headers.set('x-foo', '123');
headers.get('x-foo'); //=> "123"
headers.set('x-foo', 'hello');
headers.get('x-foo'); //=> "hello"
headers.append('x-foo', 'world');
headers.get('x-foo'); //=> "hello, world"
```
## Differences
* Despite the fact that the `Headers.getAll` method has been made obsolete, Cloudflare still offers this method but only for use with the `Set-Cookie` header. This is because cookies will often contain date strings, which include commas. This can make parsing multiple values in a `Set-Cookie` header more difficult. Any attempts to use `Headers.getAll` with other header names will throw an error. A brief history `Headers.getAll` is available in this [GitHub issue](https://github.com/whatwg/fetch/issues/973).
* Due to [RFC 6265](https://www.rfc-editor.org/rfc/rfc6265) prohibiting folding multiple `Set-Cookie` headers into a single header, the `Headers.append` method will allow you to set multiple `Set-Cookie` response headers instead of appending the value onto the existing header.
```js
const headers = new Headers();
headers.append("Set-Cookie", "cookie1=value_for_cookie_1; Path=/; HttpOnly;");
headers.append("Set-Cookie", "cookie2=value_for_cookie_2; Path=/; HttpOnly;");
console.log(headers.getAll("Set-Cookie"));
// Array(2) [ cookie1=value_for_cookie_1; Path=/; HttpOnly;, cookie2=value_for_cookie_2; Path=/; HttpOnly; ]
```
* In Cloudflare Workers, the `Headers.get` method returns a [`USVString`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String) instead of a [`ByteString`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String), which is specified by the spec. For most scenarios, this should have no noticeable effect. To compare the differences between these two string classes, refer to this [Playground example](https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbMutvvsCMALAJx-cAzAHZeANkG8AHAAZOU7t2EBWAEy9eqsXNWdOALg5HjbHv34jxk2fMUr1m7Z12cAsACgAwuioQApr7YACJQAM4w6KFQ0D76JBhYeATEJFRwwH4MAERQNH4AHgB0AFahWaSoUGAB6Zk5eUWlWR7evgEQ2AAqdDB+cXAwMGBQAMYEUD7IxXAAbnChIwiwEADUwOi44H4eHgURSCS4fqhw4BAkAN7uAJDzdFQj8X4QIwAWABQIfgCOIH6hEAAlJcbtdqucxucGCQsoBeDcAXHtZUHgkggCCoKSeAgkaFUPwAdxInQKEAAog8Nn4EO9AYUAiNKe9IYDkc8SPTKbgsVCSABlCBLKgAc0KqAQ6GAnleiG8R3ehQVaIx3JZoIZVFC6GqhTA6CF7yynVeYRIJrgJAAqryAGr8wVCkj46KvEjmyH6LIAGhIzLVPk12t1+sNxtCprD5oAQnR-Hbcg6nRAXW7sT5LZ0AGLYKQe70co5cgiq67XZDIEgACT8cCOCAjXxIoRAg0iflwJAg6EdmAA1iQfGA6I7nSRo7GBfHQt6yGj+yAEKCy6bgEM-BlfOM0yBQv9LTa48LQoUiaHUiSSMM8cOwGASDBBec4Ivy-jEFR466KLOk2FCqzzq81a1mGuIEpWQFUqE7wXDC+ZttgkJZHEcGFucAC+xbXF8EDzlQZ6EgASv8EQan4BpSn4Ix9pQ5xJn4JAAAatAGfgMa6NAdoBJBEeE-r0YBNaQR2XY7vRdFzhAMCzgyK6IGE-qFF6lwkAJwEkBhNxoe4aEeCYelGGYAiWBI0hyAoShqBoWg6HoLQ+P4gQhLxUQxFQcQJDg+CEKQaQZNkGSEF5cDlPEVQ1H5WRkLqZDNF49ntF0PR9K6gzDJCExUFMmpUDs7gXFkwBwLkAD66ybNUSH1EcjRlDp7j6Q1rCGRYogmTY5n2FZTguMwHhAA).
## Cloudflare headers
Cloudflare sets a number of its own custom headers on incoming requests and outgoing responses. While some may be used for its own tracking and bookkeeping, many of these can be useful to your own applications – or Workers – too.
For a list of documented Cloudflare request headers, refer to [Cloudflare HTTP headers](/fundamentals/reference/http-headers/).
## Related resources
* [Logging headers to console](/workers/examples/logging-headers/) - Review how to log headers in the console.
* [Cloudflare HTTP headers](/fundamentals/reference/http-headers/) - Contains a list of specific headers that Cloudflare adds.
---
# HTMLRewriter
URL: https://developers.cloudflare.com/workers/runtime-apis/html-rewriter/
import { Render } from "~/components";
## Background
The `HTMLRewriter` class allows developers to build comprehensive and expressive HTML parsers inside of a Cloudflare Workers application. It can be thought of as a jQuery-like experience directly inside of your Workers application. Leaning on a powerful JavaScript API to parse and transform HTML, `HTMLRewriter` allows developers to build deeply functional applications.
The `HTMLRewriter` class should be instantiated once in your Workers script, with a number of handlers attached using the `on` and `onDocument` functions.
---
## Constructor
```js
new HTMLRewriter()
.on("*", new ElementHandler())
.onDocument(new DocumentHandler());
```
---
## Global types
Throughout the `HTMLRewriter` API, there are a few consistent types that many properties and methods use:
- `Content` string | Response | ReadableStream
- Content inserted in the output stream should be a string, [`Response`](/workers/runtime-apis/response/), or [`ReadableStream`](/workers/runtime-apis/streams/readablestream/).
- `ContentOptions` Object
- `{ html: Boolean }` Controls the way the HTMLRewriter treats inserted content. If the `html` boolean is set to true, content is treated as raw HTML. If the `html` boolean is set to false or not provided, content will be treated as text and proper HTML escaping will be applied to it.
---
## Handlers
There are two handler types that can be used with `HTMLRewriter`: element handlers and document handlers.
### Element Handlers
An element handler responds to any incoming element, when attached using the `.on` function of an `HTMLRewriter` instance. The element handler should respond to `element`, `comments`, and `text`. The example processes `div` elements with an `ElementHandler` class.
```js
class ElementHandler {
element(element) {
// An incoming element, such as `div`
console.log(`Incoming element: ${element.tagName}`);
}
comments(comment) {
// An incoming comment
}
text(text) {
// An incoming piece of text
}
}
async function handleRequest(req) {
const res = await fetch(req);
return new HTMLRewriter().on("div", new ElementHandler()).transform(res);
}
```
### Document Handlers
A document handler represents the incoming HTML document. A number of functions can be defined on a document handler to query and manipulate a document’s `doctype`, `comments`, `text`, and `end`. Unlike an element handler, a document handler’s `doctype`, `comments`, `text`, and `end` functions are not scoped by a particular selector. A document handler's functions are called for all the content on the page including the content outside of the top-level HTML tag:
```js
class DocumentHandler {
doctype(doctype) {
// An incoming doctype, such as
}
comments(comment) {
// An incoming comment
}
text(text) {
// An incoming piece of text
}
end(end) {
// The end of the document
}
}
```
#### Async Handlers
All functions defined on both element and document handlers can return either `void` or a `Promise`. Making your handler function `async` allows you to access external resources such as an API via fetch, Workers KV, Durable Objects, or the cache.
```js
class UserElementHandler {
async element(element) {
let response = await fetch(new Request("/user"));
// fill in user info using response
}
}
async function handleRequest(req) {
const res = await fetch(req);
// run the user element handler via HTMLRewriter on a div with ID `user_info`
return new HTMLRewriter()
.on("div#user_info", new UserElementHandler())
.transform(res);
}
```
### Element
The `element` argument, used only in element handlers, is a representation of a DOM element. A number of methods exist on an element to query and manipulate it:
#### Properties
- `tagName` string
- The name of the tag, such as `"h1"` or `"div"`. This property can be assigned different values, to modify an element’s tag.
- `attributes` Iterator read-only
- A `[name, value]` pair of the tag’s attributes.
- `removed` boolean
- Indicates whether the element has been removed or replaced by one of the previous handlers.
- `namespaceURI` String
- Represents the [namespace URI](https://infra.spec.whatwg.org/#namespaces) of an element.
#### Methods
- getAttribute(namestring) : string | null
- Returns the value for a given attribute name on the element, or `null` if it is not found.
- hasAttribute(namestring) : boolean
- Returns a boolean indicating whether an attribute exists on the element.
- setAttribute(namestring, valuestring) : Element
- Sets an attribute to a provided value, creating the attribute if it does not exist.
- removeAttribute(namestring) : Element
- Removes the attribute.
- before(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content before the element.
- after(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content right after the element.
- prepend(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content right after the start tag of the element.
- append(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content right before the end tag of the element.
- replace(contentContent, contentOptionsContentOptionsoptional) :
Element
- Removes the element and inserts content in place of it.
- setInnerContent(contentContent, contentOptionsContentOptionsoptional) :
Element
- Replaces content of the element.
- remove() : Element
- Removes the element with all its content.
- removeAndKeepContent() : Element
- Removes the start tag and end tag of the element but keeps its inner content intact.
- `onEndTag(handlerFunction)` : void
- Registers a handler that is invoked when the end tag of the element is reached.
### EndTag
The `endTag` argument, used only in handlers registered with `element.onEndTag`, is a limited representation of a DOM element.
#### Properties
- `name` string
- The name of the tag, such as `"h1"` or `"div"`. This property can be assigned different values, to modify an element's tag.
#### Methods
- before(contentContent, contentOptionsContentOptionsoptional) :
EndTag
- Inserts content right before the end tag.
- after(contentContent, contentOptionsContentOptionsoptional) :
EndTag
- Inserts content right after the end tag.
- remove() : EndTag
- Removes the element with all its content.
### Text chunks
Since Cloudflare performs zero-copy streaming parsing, text chunks are not the same thing as text nodes in the lexical tree. A lexical tree text node can be represented by multiple chunks, as they arrive over the wire from the origin.
Consider the following markup: `
Hey. How are you?
`. It is possible that the Workers script will not receive the entire text node from the origin at once; instead, the `text` element handler will be invoked for each received part of the text node. For example, the handler might be invoked with `“Hey. How ”,` then `“are you?”`. When the last chunk arrives, the text’s `lastInTextNode` property will be set to `true`. Developers should make sure to concatenate these chunks together.
#### Properties
- `removed` boolean
- Indicates whether the element has been removed or replaced by one of the previous handlers.
- `text` string read-only
- The text content of the chunk. Could be empty if the chunk is the last chunk of the text node.
- `lastInTextNode` boolean read-only
- Specifies whether the chunk is the last chunk of the text node.
#### Methods
- before(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content before the element.
- after(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content right after the element.
- replace(contentContent, contentOptionsContentOptionsoptional) :
Element
- Removes the element and inserts content in place of it.
- remove() : Element
- Removes the element with all its content.
### Comments
The `comments` function on an element handler allows developers to query and manipulate HTML comment tags.
```js
class ElementHandler {
comments(comment) {
// An incoming comment element, such as
}
}
```
#### Properties
- `comment.removed` boolean
- Indicates whether the element has been removed or replaced by one of the previous handlers.
- `comment.text` string
- The text of the comment. This property can be assigned different values, to modify comment’s text.
#### Methods
- before(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content before the element.
- after(contentContent, contentOptionsContentOptionsoptional) :
Element
- Inserts content right after the element.
- replace(contentContent, contentOptionsContentOptionsoptional) :
Element
- Removes the element and inserts content in place of it.
- remove() : Element
- Removes the element with all its content.
### Doctype
The `doctype` function on a document handler allows developers to query a document’s [doctype](https://developer.mozilla.org/en-US/docs/Glossary/Doctype).
```js
class DocumentHandler {
doctype(doctype) {
// An incoming doctype element, such as
//
}
}
```
#### Properties
- `doctype.name` string | null read-only
- The doctype name.
- `doctype.publicId` string | null read-only
- The quoted string in the doctype after the PUBLIC atom.
- `doctype.systemId` string | null read-only
- The quoted string in the doctype after the SYSTEM atom or immediately after the `publicId`.
### End
The `end` function on a document handler allows developers to append content to the end of a document.
```js
class DocumentHandler {
end(end) {
// The end of the document
}
}
```
#### Methods
- append(contentContent, contentOptionsContentOptionsoptional) :
DocumentEnd
- Inserts content after the end of the document.
---
## Selectors
This is what selectors are and what they are used for.
- `*`
- Any element.
- `E`
- Any element of type E.
- `E:nth-child(n)`
- An E element, the n-th child of its parent.
- `E:first-child`
- An E element, first child of its parent.
- `E:nth-of-type(n)`
- An E element, the n-th sibling of its type.
- `E:first-of-type`
- An E element, first sibling of its type.
- `E:not(s)`
- An E element that does not match either compound selectors.
- `E.warning`
- An E element belonging to the class warning.
- `E#myid`
- An E element with ID equal to myid.
- `E[foo]`
- An E element with a foo attribute.
- `E[foo="bar"]`
- An E element whose foo attribute value is exactly equal to bar.
- `E[foo="bar" i]`
- An E element whose foo attribute value is exactly equal to any (ASCII-range) case-permutation of bar.
- `E[foo="bar" s]`
- An E element whose foo attribute value is exactly and case-sensitively equal to bar.
- `E[foo~="bar"]`
- An E element whose foo attribute value is a list of whitespace-separated values, one of which is exactly equal to bar.
- `E[foo^="bar"]`
- An E element whose foo attribute value begins exactly with the string bar.
- `E[foo$="bar"]`
- An E element whose foo attribute value ends exactly with the string bar.
- `E[foo*="bar"]`
- An E element whose foo attribute value contains the substring bar.
- `E[foo|="en"]`
- An E element whose foo attribute value is a hyphen-separated list of values beginning with en.
- `E F`
- An F element descendant of an E element.
- `E > F`
- An F element child of an E element.
---
## Errors
If a handler throws an exception, parsing is immediately halted, the transformed response body is errored with the thrown exception, and the untransformed response body is canceled (closed). If the transformed response body was already partially streamed back to the client, the client will see a truncated response.
```js
async function handle(request) {
let oldResponse = await fetch(request);
let newResponse = new HTMLRewriter()
.on("*", {
element(element) {
throw new Error("A really bad error.");
},
})
.transform(oldResponse);
// At this point, an expression like `await newResponse.text()`
// will throw `new Error("A really bad error.")`.
// Thereafter, any use of `newResponse.body` will throw the same error,
// and `oldResponse.body` will be closed.
// Alternatively, this will produce a truncated response to the client:
return newResponse;
}
```
---
## Related resources
- [Introducing `HTMLRewriter`](https://blog.cloudflare.com/introducing-htmlrewriter/)
- [Tutorial: Localize a Website](/pages/tutorials/localize-a-website/)
- [Example: rewrite links](/workers/examples/rewrite-links/)
- [Example: Inject Turnstile](/workers/examples/turnstile-html-rewriter/)
---
# Runtime APIs
URL: https://developers.cloudflare.com/workers/runtime-apis/
import { DirectoryListing } from "~/components";
The Workers runtime is designed to be [JavaScript standards compliant](https://ecma-international.org/publications-and-standards/standards/ecma-262/) and web-interoperable. Wherever possible, it uses web platform APIs, so that code can be reused across client and server, as well as across [WinterCG](https://wintercg.org/) JavaScript runtimes.
[Workers runtime features](/workers/runtime-apis/) are [compatible with a subset of Node.js APIs](/workers/runtime-apis/nodejs) and the ability to set a [compatibility date or compatibility flag](/workers/configuration/compatibility-dates/).
---
# Performance and timers
URL: https://developers.cloudflare.com/workers/runtime-apis/performance/
## Background
The Workers runtime supports a subset of the [`Performance` API](https://developer.mozilla.org/en-US/docs/Web/API/Performance), used to measure timing and performance, as well as timing of subrequests and other operations.
### `performance.now()`
The [`performance.now()` method](https://developer.mozilla.org/en-US/docs/Web/API/Performance/now) returns timestamp in milliseconds, representing the time elapsed since `performance.timeOrigin`.
When Workers are deployed to Cloudflare, as a security measure to [mitigate against Spectre attacks](/workers/reference/security-model/#step-1-disallow-timers-and-multi-threading), APIs that return timers, including [`performance.now()`](https://developer.mozilla.org/en-US/docs/Web/API/Performance/now) and [`Date.now()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now), only advance or increment after I/O occurs. Consider the following examples:
```typescript title="Time is frozen — start will have the exact same value as end."
const start = performance.now();
for (let i = 0; i < 1e6; i++) {
// do expensive work
}
const end = performance.now();
const timing = end - start; // 0
```
```typescript title="Time advances, because a subrequest has occurred between start and end."
const start = performance.now();
const response = await fetch("https://developers.cloudflare.com/");
const end = performance.now();
const timing = end - start; // duration of the subrequest to developers.cloudflare.com
```
By wrapping a subrequest in calls to `performance.now()` or `Date.now()` APIs, you can measure the timing of a subrequest, fetching a key from KV, an object from R2, or any other form of I/O in your Worker.
In local development, however, timers will increment regardless of whether I/O happens or not. This means that if you need to measure timing of a piece of code that is CPU intensive, that does not involve I/O, you can run your Worker locally, via [Wrangler](/workers/wrangler/), which uses the open-source Workers runtime, [workerd](https://github.com/cloudflare/workerd) — the same runtime that your Worker runs in when deployed to Cloudflare.
### `performance.timeOrigin`
The [`performance.timeOrigin`](https://developer.mozilla.org/en-US/docs/Web/API/Performance/timeOrigin) API is a read-only property that returns a baseline timestamp to base other measurements off of.
In the Workers runtime, the `timeOrigin` property returns 0.
---
# Request
URL: https://developers.cloudflare.com/workers/runtime-apis/request/
import { Type, MetaInfo, Render } from "~/components";
The [`Request`](https://developer.mozilla.org/en-US/docs/Web/API/Request/Request) interface represents an HTTP request and is part of the [Fetch API](/workers/runtime-apis/fetch/).
## Background
The most common way you will encounter a `Request` object is as a property of an incoming request:
```js null {2}
export default {
async fetch(request, env, ctx) {
return new Response('Hello World!');
},
};
```
You may also want to construct a `Request` yourself when you need to modify a request object, because the incoming `request` parameter that you receive from the [`fetch()` handler](/workers/runtime-apis/handlers/fetch/) is immutable.
```js
export default {
async fetch(request, env, ctx) {
const url = "https://example.com";
const modifiedRequest = new Request(url, request);
// ...
},
};
```
The [`fetch() handler`](/workers/runtime-apis/handlers/fetch/) invokes the `Request` constructor. The [`RequestInit`](#options) and [`RequestInitCfProperties`](#the-cf-property-requestinitcfproperties) types defined below also describe the valid parameters that can be passed to the [`fetch() handler`](/workers/runtime-apis/handlers/fetch/).
***
## Constructor
```js
let request = new Request(input, options)
```
### Parameters
* `input` string | Request
* Either a string that contains a URL, or an existing `Request` object.
* `options` options optional
* Optional options object that contains settings to apply to the `Request`.
#### `options`
An object containing properties that you want to apply to the request.
* `cache` `undefined | 'no-store'` optional
* Standard HTTP `cache` header. Only `cache: 'no-store'` is supported.
Any other cache header will result in a `TypeError` with the message `Unsupported cache mode: `.
* `cf` RequestInitCfProperties optional
* Cloudflare-specific properties that can be set on the `Request` that control how Cloudflare’s global network handles the request.
* `method`
* The HTTP request method. The default is `GET`. In Workers, all [HTTP request methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods) are supported, except for [`CONNECT`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods/CONNECT).
* `headers` Headers optional
* A [`Headers` object](https://developer.mozilla.org/en-US/docs/Web/API/Headers).
* `body` string | ReadableStream | FormData | URLSearchParams optional
* The request body, if any.
* Note that a request using the GET or HEAD method cannot have a body.
* `redirect`
* The redirect mode to use: `follow`, `error`, or `manual`. The default for a new `Request` object is `follow`. Note, however, that the incoming `Request` property of a `FetchEvent` will have redirect mode `manual`.
* `signal` AbortSignal optional
* If provided, the request can be canceled by triggering an abort on the corresponding `AbortController`.
#### The `cf` property (`RequestInitCfProperties`)
An object containing Cloudflare-specific properties that can be set on the `Request` object. For example:
```js
// Disable ScrapeShield for this request.
fetch(event.request, { cf: { scrapeShield: false } })
```
Invalid or incorrectly-named keys in the `cf` object will be silently ignored. Consider using TypeScript and generating types by running [`wrangler types`](/workers/languages/typescript/#generate-types) to ensure proper use of the `cf` object.
* `apps`
* Whether [Cloudflare Apps](https://www.cloudflare.com/apps/) should be enabled for this request. Defaults to `true`.
* `cacheEverything`
* Treats all content as static and caches all [file types](/cache/concepts/default-cache-behavior#default-cached-file-extensions) beyond the Cloudflare default cached content. Respects cache headers from the origin web server. This is equivalent to setting the Page Rule [**Cache Level** (to **Cache Everything**)](/rules/page-rules/reference/settings/). Defaults to `false`.
This option applies to `GET` and `HEAD` request methods only.
* `cacheKey`
* A request’s cache key is what determines if two requests are the same for caching purposes. If a request has the same cache key as some previous request, then Cloudflare can serve the same cached response for both.
* `cacheTags` Array\ optional
* This option appends additional [**Cache-Tag**](/cache/how-to/purge-cache/purge-by-tags/) headers to the response from the origin server. This allows for purges of cached content based on tags provided by the Worker, without modifications to the origin server. This is performed using the [**Purge by Tag**](/cache/how-to/purge-cache/purge-by-tags/#purge-using-cache-tags) feature.
* `cacheTtl`
* This option forces Cloudflare to cache the response for this request, regardless of what headers are seen on the response. This is equivalent to setting two Page Rules: [**Edge Cache TTL**](/cache/how-to/edge-browser-cache-ttl/) and [**Cache Level** (to **Cache Everything**)](/rules/page-rules/reference/settings/). The value must be zero or a positive number. A value of `0` indicates that the cache asset expires immediately. This option applies to `GET` and `HEAD` request methods only.
* `cacheTtlByStatus` `{ [key: string]: number }` optional
* This option is a version of the `cacheTtl` feature which chooses a TTL based on the response’s status code. If the response to this request has a status code that matches, Cloudflare will cache for the instructed time and override cache instructives sent by the origin. For example: `{ "200-299": 86400, "404": 1, "500-599": 0 }`. The value can be any integer, including zero and negative integers. A value of `0` indicates that the cache asset expires immediately. Any negative value instructs Cloudflare not to cache at all. This option applies to `GET` and `HEAD` request methods only.
* `image` Object | null optional
* Enables [Image Resizing](/images/transform-images/) for this request. The possible values are described in [Transform images via Workers](/images/transform-images/transform-via-workers/) documentation.
* `mirage`
* Whether [Mirage](https://www.cloudflare.com/website-optimization/mirage/) should be enabled for this request, if otherwise configured for this zone. Defaults to `true`.
* `polish`
* Sets [Polish](https://blog.cloudflare.com/introducing-polish-automatic-image-optimizati/) mode. The possible values are `lossy`, `lossless` or `off`.
* `resolveOverride`
* Directs the request to an alternate origin server by overriding the DNS lookup. The value of `resolveOverride` specifies an alternate hostname which will be used when determining the origin IP address, instead of using the hostname specified in the URL. The `Host` header of the request will still match what is in the URL. Thus, `resolveOverride` allows a request to be sent to a different server than the URL / `Host` header specifies. However, `resolveOverride` will only take effect if both the URL host and the host specified by `resolveOverride` are within your zone. If either specifies a host from a different zone / domain, then the option will be ignored for security reasons. If you need to direct a request to a host outside your zone (while keeping the `Host` header pointing within your zone), first create a CNAME record within your zone pointing to the outside host, and then set `resolveOverride` to point at the CNAME record. Note that, for security reasons, it is not possible to set the `Host` header to specify a host outside of your zone unless the request is actually being sent to that host.
* `scrapeShield`
* Whether [ScrapeShield](https://blog.cloudflare.com/introducing-scrapeshield-discover-defend-dete/) should be enabled for this request, if otherwise configured for this zone. Defaults to `true`.
* `webp`
* Enables or disables [WebP](https://blog.cloudflare.com/a-very-webp-new-year-from-cloudflare/) image format in [Polish](/images/polish/).
***
## Properties
All properties of an incoming `Request` object (the request you receive from the [`fetch()` handler](/workers/runtime-apis/handlers/fetch/)) are read-only. To modify the properties of an incoming request, create a new `Request` object and pass the options to modify to its [constructor](#constructor).
* `body` ReadableStream read-only
* Stream of the body contents.
* `bodyUsed` Boolean read-only
* Declares whether the body has been used in a response yet.
* `cf` IncomingRequestCfProperties read-only
* An object containing properties about the incoming request provided by Cloudflare’s global network.
* This property is read-only (unless created from an existing `Request`). To modify its values, pass in the new values on the [`cf` key of the `init` options argument](/workers/runtime-apis/request/#the-cf-property-requestinitcfproperties) when creating a new `Request` object.
* `headers` Headers read-only
* A [`Headers` object](https://developer.mozilla.org/en-US/docs/Web/API/Headers).
* Compared to browsers, Cloudflare Workers imposes very few restrictions on what headers you are allowed to send. For example, a browser will not allow you to set the `Cookie` header, since the browser is responsible for handling cookies itself. Workers, however, has no special understanding of cookies, and treats the `Cookie` header like any other header.
:::caution
If the response is a redirect and the redirect mode is set to `follow` (see below), then all headers will be forwarded to the redirect destination, even if the destination is a different hostname or domain. This includes sensitive headers like `Cookie`, `Authorization`, or any application-specific headers. If this is not the behavior you want, you should set redirect mode to `manual` and implement your own redirect policy. Note that redirect mode defaults to `manual` for requests that originated from the Worker's client, so this warning only applies to `fetch()`es made by a Worker that are not proxying the original request.
:::
* `method` string read-only
* Contains the request’s method, for example, `GET`, `POST`, etc.
* `redirect` string read-only
* The redirect mode to use: `follow`, `error`, or `manual`. The `fetch` method will automatically follow redirects if the redirect mode is set to `follow`. If set to `manual`, the `3xx` redirect response will be returned to the caller as-is. The default for a new `Request` object is `follow`. Note, however, that the incoming `Request` property of a `FetchEvent` will have redirect mode `manual`.
* `signal` AbortSignal read-only
* The `AbortSignal` corresponding to this request. If you use the [`enable_request_signal`](/workers/configuration/compatibility-flags/#enable-requestsignal-for-incoming-requests) compatibility flag, you can attach an event listener to the signal. This allows you to perform cleanup tasks or write to logs before your Worker's invocation ends.
For example, if you run the Worker below, and then abort the request from the client, a log will be written:
* `url` string read-only
* Contains the URL of the request.
### `IncomingRequestCfProperties`
In addition to the properties on the standard [`Request`](https://developer.mozilla.org/en-US/docs/Web/API/Request) object, the `request.cf` object on an inbound `Request` contains information about the request provided by Cloudflare’s global network.
All plans have access to:
* `asn` Number
* ASN of the incoming request, for example, `395747`.
* `asOrganization` string
* The organization which owns the ASN of the incoming request, for example, `Google Cloud`.
* `botManagement` Object | null
* Only set when using Cloudflare Bot Management. Object with the following properties: `score`, `verifiedBot`, `staticResource`, `ja3Hash`, `ja4`, and `detectionIds`. Refer to [Bot Management Variables](/bots/reference/bot-management-variables/) for more details.
* `clientAcceptEncoding` string | null
* If Cloudflare replaces the value of the `Accept-Encoding` header, the original value is stored in the `clientAcceptEncoding` property, for example, `"gzip, deflate, br"`.
* `colo` string
* The three-letter [`IATA`](https://en.wikipedia.org/wiki/IATA_airport_code) airport code of the data center that the request hit, for example, `"DFW"`.
* `country` string | null
* Country of the incoming request. The two-letter country code in the request. This is the same value as that provided in the `CF-IPCountry` header, for example, `"US"`.
* `isEUCountry` string | null
* If the country of the incoming request is in the EU, this will return `"1"`. Otherwise, this property will be omitted.
* `httpProtocol` string
* HTTP Protocol, for example, `"HTTP/2"`.
* `requestPriority` string | null
* The browser-requested prioritization information in the request object, for example, `"weight=192;exclusive=0;group=3;group-weight=127"`.
* `tlsCipher` string
* The cipher for the connection to Cloudflare, for example, `"AEAD-AES128-GCM-SHA256"`.
* `tlsClientAuth` Object | null
* Only set when using Cloudflare Access or API Shield (mTLS). Object with the following properties: `certFingerprintSHA1`, `certFingerprintSHA256`, `certIssuerDN`, `certIssuerDNLegacy`, `certIssuerDNRFC2253`, `certIssuerSKI`, `certIssuerSerial`, `certNotAfter`, `certNotBefore`, `certPresented`, `certRevoked`, `certSKI`, `certSerial`, `certSubjectDN`, `certSubjectDNLegacy`, `certSubjectDNRFC2253`, `certVerified`.
* `tlsClientCiphersSha1` string
* The SHA-1 hash (Base64-encoded) of the cipher suite sent by the client during the TLS handshake, encoded in big-endian format. For example, `"GXSPDLP4G3X+prK73a4wBuOaHRc="`.
* `tlsClientExtensionsSha1` string
* The SHA-1 hash (Base64-encoded) of the TLS client extensions sent during the handshake, encoded in big-endian format. For example, `"OWFiM2I5ZDc0YWI0YWYzZmFkMGU0ZjhlYjhiYmVkMjgxNTU5YTU2Mg=="`.
* `tlsClientExtensionsSha1Le` string
* The SHA-1 hash (Base64-encoded) of the TLS client extensions sent during the handshake, encoded in little-endian format. For example, `"7zIpdDU5pvFPPBI2/PCzqbaXnRA="`.
* `tlsClientHelloLength` string
* The length of the client hello message sent in a [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/). For example, `"508"`. Specifically, the length of the bytestring of the client hello.
* `tlsClientRandom` string
* The value of the 32-byte random value provided by the client in a [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/). Refer to [RFC 8446](https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.2) for more details.
* `tlsVersion` string
* The TLS version of the connection to Cloudflare, for example, `TLSv1.3`.
* `city` string | null
* City of the incoming request, for example, `"Austin"`.
* `continent` string | null
* Continent of the incoming request, for example, `"NA"`.
* `latitude` string | null
* Latitude of the incoming request, for example, `"30.27130"`.
* `longitude` string | null
* Longitude of the incoming request, for example, `"-97.74260"`.
* `postalCode` string | null
* Postal code of the incoming request, for example, `"78701"`.
* `metroCode` string | null
* Metro code (DMA) of the incoming request, for example, `"635"`.
* `region` string | null
* If known, the [ISO 3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) name for the first level region associated with the IP address of the incoming request, for example, `"Texas"`.
* `regionCode` string | null
* If known, the [ISO 3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) code for the first-level region associated with the IP address of the incoming request, for example, `"TX"`.
* `timezone` string
* Timezone of the incoming request, for example, `"America/Chicago"`.
:::caution
The `request.cf` object is not available in the Cloudflare Workers dashboard or Playground preview editor.
:::
***
## Methods
### Instance methods
These methods are only available on an instance of a `Request` object or through its prototype.
* `clone()` : Promise\
* Creates a copy of the `Request` object.
* `arrayBuffer()` : Promise\
* Returns a promise that resolves with an [`ArrayBuffer`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer) representation of the request body.
* `formData()` : Promise\
* Returns a promise that resolves with a [`FormData`](https://developer.mozilla.org/en-US/docs/Web/API/FormData) representation of the request body.
* `json()` : Promise\