Adding a CloudFlare Worker
In the CloudFlare dashboard I added Page Rules to redirect naked root domain requests to
www and enable CloudFlare’s minifier + cache. To add strict security HTTP headers and proper
404 Not Found responses, I had to turn to CloudFlare Workers, i.e. simple NodeJS script that runs in the CloudFlare pipeline between edge cache and origin server.
Heavily inspired by Scott Helme I wrote this https://gist.github.com/klinkby/8e161a3e2926ecc7d7b53a5c57bf0790 , which provide an A grade in Scott’s security headers analyzer.