Can I trust the contents of the request.url

Would like to use worker to post create/update request to API and was wondering if I could trust the worker request.url to always contain the URL of the requesting website.

If this is the case then I will be able to restrict when request.url matches some value.

If this is not the case then any suggestions about how to restrict running the worker when only triggered from a domain/url when it would be appreciated.

I am not sure what you mean by that.

Request · Cloudflare Workers docs is quite clear about what the field in particular contains.

Thanks Sandro for quick reply and link to helpful article.

What I wanted to confirm is that can I trust the request.url to be correct or is there a chance that it could be tampered with?

The reason that I am asking is that I would like to use worker to update an API and would like to ensure that request was from a trusted domain.

Tampered by whom? Unless there is a bug in the system, that field will contain the URL Cloudflare received.