In Cloudflare Workers, I use code like this
if (request.headers.get("Origin") !== "(Website)") { }
return new Response('Unauthorized', { status: 403 });
}
I set it to reject all requests except those from my website.
However, using the above method, since the server code is executed even when rejecting requests from other websites, it counts towards the 100,000/day limit on the free plan. This means that a malicious user may intentionally send requests to exceed this limit. How can I prevent this?