Scrape Shield 'Hotlink Protection' is blocking requests inside on the Worker

My domain on CloudFlare has Scrape Shield Hotlink Protection enabled, when a request inside the Worker is made using the Header ‘Referer’ to a AWS S3 bucket the request is blocked by CloudFlare with the message error code: 1011.


addEventListener('fetch', event => { 

async function handleRequest(event) {
  const request = await fetch("",{
    method: "GET",
    cf: { scrapeShield: false },
    headers: {"Referer": "MY-HASH"}
  return new Response(
    { status: request.status, statusText: request.statusText, headers: request.headers  }


This request returns the body error code: 1011, but if I remove the header ‘Referer’ it works. The curious thing is in the worker Quick edit works perfectly, but when I access using my domain it returns the error.

Can someone help me? Thanks

I would recommend joining the Workers discord server and I’m sure someone will be able to help :slight_smile:

1 Like