Is the CF-Worker header from worker fetch() reliable?

Yes, this header is reliable and is intended to be used for security and anti-abuse purposes. It actually names the Cloudflare zone, which is usually the eTLD+1, but it’s actually possible (though unusual) for Cloudflare zones to be subdomains.

We should definitely document it better, sorry about that.

2 Likes