Can cloudflare add custom headers?
11,155
Solution 1
Scott Helme has published a way to do it using new recently released Cloudflare Workers.
https://scotthelme.co.uk/security-headers-cloudflare-worker/
let securityHeaders = {
"Content-Security-Policy": "upgrade-insecure-requests",
"Strict-Transport-Security": "max-age=1000",
"X-Xss-Protection": "1; mode=block",
"X-Frame-Options": "DENY",
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "strict-origin-when-cross-origin",
}
let sanitiseHeaders = {
"Server": "My New Server Header!!!",
}
let removeHeaders = [
"Public-Key-Pins",
"X-Powered-By",
"X-AspNet-Version",
]
addEventListener('fetch', event => {
event.respondWith(addHeaders(event.request))
})
async function addHeaders(req) {
let response = await fetch(req)
let newHdrs = new Headers(response.headers)
if (newHdrs.has("Content-Type") && !newHdrs.get("Content-Type").includes("text/html")) {
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHdrs
})
}
Object.keys(securityHeaders).map(function(name, index) {
newHdrs.set(name, securityHeaders[name]);
})
Object.keys(sanitiseHeaders).map(function(name, index) {
newHdrs.set(name, sanitiseHeaders[name]);
})
removeHeaders.forEach(function(name) {
newHdrs.delete(name)
})
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHdrs
})
}Solution 2
To add custom headers, select Workers in Cloudflare.
To add custom headers such as Access-Control-Allow-Credentials or X-Frame-Options then add the following little script: -
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
let response = await fetch(request)
let newHeaders = new Headers(response.headers)
newHeaders.set("Access-Control-Allow-Credentials", "true")
newHeaders.set("X-Frame-Options", "SAMEORIGIN")
// ... and any more required headers
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers: newHeaders
})
}
Once you have created your worker, you need to match it to a route e.g.
If you now test your endpoint using e.g. Chrome Dev tools, you will see the response headers.
Related videos on Youtube
03 : 35
How to add Custom Headers to your Cloudflare Pages Applications
08 : 40
What's New in Wrangler?
21 : 03
.com.np to cloudflare and blogger | how to connect .com.np to blogger | .com.np registration Part 6
09 : 55
AWS DDOS Resiliency Part 1: Configuring CloudFront to Add Custom Headers to Origin Requests
![What is Cloudflare? How to improve speed & security on your site for free [Tutorial]](https://i.ytimg.com/vi/NV2eKYmQF6Q/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLA-cLJA6et5g7Jh6oV_OUhxP7PMcA)
11 : 01
What is Cloudflare? How to improve speed & security on your site for free [Tutorial]
08 : 40
How to Cache Static Content with CloudFlare
03 : 45
Cloudflare CNAME Record
13 : 15
Cloudflare Email Setup (Free Professional Custom Email Setup)
10 : 03
Request Headers for Web Scraping
04 : 00
How to Use CloudFlare as a Static Content CDN with LSCWP
19 : 45
Cloudflare Images | How to Setup and Use Cloudflare Images?
12 : 58
Cloudflare Images! How to setup and an overview.
![How to Set Up the Cloudflare Add-on in WP Rocket [2022 Edition]](https://i.ytimg.com/vi/2-6CfcRV4zg/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAyeL2WzfX2At3WuSf85TVymwP8Og)
03 : 44
How to Set Up the Cloudflare Add-on in WP Rocket [2022 Edition]
07 : 24
Tạo Tài Khoản Cloudflare #1 | Sử Dụng Cloudflare Cơ Bản
08 : 57
Sử Dụng TLS/SSL Miễn Phí Của CloudFlare
02 : 53
How to Install Security Headers For Any Website Using Cloudflare Workers | Urdu / Hindi
Author by
Merik C.
Updated on June 08, 2022Comments
-
Merik C. almost 2 years
Is there anyway to add custom headers in cloudflare?
We do some https ajax to cache static files, but it's not handling some headers like "Access-Control-Allow-Credentials" in response header, and cause failure on chrome.