How to Add Security Headers to Cloudflare Workers from Dashboard

Cloudflare Workers were a new feature in the Dashboard that was added on August 7th, 2017. These workers allow you to use your domains with your worker name instead of storing them externally. However, if you want to add security headers for the Cloudflare servers and make sure they are encrypted by default, there is an option under Advanced Settings > Security Headers. Follow these steps from Cloudflare’s documentation:
1) Navigate to “Advanced”
2) Click “Security Headers.”
3) Search for “X-Forwarded-For” (You may have other options too).
4) Check out what it says at top and bottom of this section – set these variables respectively as XFORWARDED_FOR=REMOTEIP AND XFORWARDED_ORIGIN=”*”. Now click save settings when done!. This will encrypt all connections coming into our system through HTTPS!

The “cloudflare worker security headers” is a feature that allows users to add security headers to their cloudflare workers. This feature can be found in the cloudflare dashboard.

Web applications employ security headers as part of HTTP headers to set security defenses in web browsers. Permissions-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, Content-Security-Policy, and Referrer-Policy are the most often used HTTP security headers.

You may quickly return a fresh response to the browser with appropriate modifications using Cloudflare Workers. To archive this, you may create workers functions in Javascript.

You’ll learn how to add worker security headers to Cloudflare workers from the dashboard in this article.

Step 1: Make a Cloudflare Workers account.

Click the Create a Worker button on the Workers tab.

Step 2: Add the Script for the Security Header

After you’ve given the Worker a name, you can add the script. Depending on your needs, you’ll need to change the derivative values.

For security headers, use the Worker below.

let securityHeaders = “Content-Security-Policy”: “upgrade-insecure-requests,” “Strict-Transport-Security”: “max-age=1000,” “X-Xss-Protection”: “1; mode=block,” “X-Frame-Options”: “DENY,” “X-Content-Type-Options”: “nosniff,” “Referrer-Pol sanitiseHeaders = let sanitiseHeaders = let removeHeaders = [ “Public-Key-Pins”, “X-Powered-By”, “X-AspNet-Version”,] “Server”: “Cloudflare”, let response = await addEventListener(‘fetch’, event => event.respondWith(addHeaders(event.request)) async function addHeaders(req) async function addHeaders(req) async function addHeaders(req) async function addHeaders(req) async function addHeaders(req) async function add (req) if (newHdrs.has(“Content-Type”) && newHdrs.has(“Content-Type”) && newHdrs.has(“Content-Type”) && newHdrs.has(“Content-Type”) && newHdrs.has(“Content-Type”) && newHd newHdrs.get(“Content-Type”). includes(“text/html”)) return new Response(response.body, newResponse(response.body, newResponse(respon headers: newHdrs, status: response.status, statusText: response.statusText) Object.keys(securityHeaders).map(function(name, index) newHdrs.set(name, securityHeaders[name]); Object.keys(sanitiseHeaders).map(function(name, index) newHdrs.set(name, sanitiseHeaders[name]); Object.keys(sanitiseHeaders).map(function(name, index) newH new Response(response.body, status: response.status, statusText: response.statusText, headers: newHdrs)

Step 3: Assign the worker a route.

Workers may be found in the Cloudflare menu.

Assign your Worker to the routes and run it. The asterisk (*) may be used to generate dynamic patterns that match several URLs, such as *.domain.com/* and https://*domain.com/*. Then, from the drop-down option, choose the Worker you established earlier.

For personal usage and basic apps, Cloudflare Workers is free.

Conclusion

We learnt how to add worker security headers to Cloudflare workers via the dashboard in this lesson. Thank you for reading; please leave your comments and recommendations in the space below.

Watch This Video-

The “cloudflare http headers” is a feature that was recently added to Cloudflare’s dashboard. This feature allows users to add security headers to their cloudflare workers.