Disable "Scrape Shield" on workers.dev no-zone?

I have a content modifying proxy on a subdomain “proxy.foo.workers.dev”, not a TLD+1. How do you disable Scrape Shield on a no-domain/subdomained Cloudflare Worker? In my HTML pages I’m getting unwanted modification by CF network, example

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e7c4d2ea054887a10d2bdb2ac1a12767d23d029c">[email&#160;protected]</a>

<script data-cfasync="false" src="/cdn-cgi/scripts/5c5fd718/cloudflare-static/email-decode.min.js"></script>

I already added to my CFW content modify proxy

let response = await fetch(request, { cf: { scrapeShield: false } })

but it has no effect and I still get unwanted HTML modification. The HTML from origin is from a logged-in billing system, there is absolutely no reason to hide the customer’s own email from them after they sign in. There is nothing to scrape unless the end user signs in.

I see workers only have 3 options, so I can’t see how to turn off Scrape Shield for my worker.

-Environment Variables
-KV Namespace Bindings
-Delete Worker (bad idea)

So what “Zone” is a myapp.myname.workers.dev on if end user browser always directly accesses myapp,myname.workers.dev and not through a route/page rule on a TLD+1?

I could create a TLD+1 or TLD+2 for the worker proxy and try to set up the worker under a TLD+1, and see if that disables Scrape Shield, but my front end is not on CF and can not be orange clouded (I have no domain control).

Hi there,

If I might be able to inquire – is the worker fetch() being made against a zone with Scrape Shield enabled on it?

No, origin doesn’t have Scrap Shield.

Live example, take the proxy example at

remove spaces

http://cfwproxy untouched.w voi ce.work ers.de v/corsproxy/?apiurl=http://b88cfwemailtest.free.beeceptor.com/

cors proxy shows

“[email protected]”

origin shows “[email protected]” at