Let’s say I have two domains registered with Cloudflare,
domain2.com, and a single Worker that does something simple and non-distinguishing like return 400 for every request. Both domains are set as custom domains for the same Worker.
When someone makes a request to one of these domains, the HTTP headers will make it obvious that both domains point to a Cloudflare Worker, but is it possible for someone who doesn’t have access to my account to determine that these two domains are pointing to the exact same Worker? If not, is it possible for them to determine that both domains are managed by the same Cloudflare account?
(Obviously a government agency could force Cloudflare to reveal these facts. I’m asking about an actor who doesn’t have jurisdiction over Cloudflare.)