Adding a CloudFlare Worker

This static website is generated by Hugo to Azure Storage blob-based static website and served from CloudFlare CDN. Out of the box it’s pretty good. CloudFlare’s encryption is graded A+ on SSLLabs.

In the CloudFlare dashboard I added Page Rules to redirect naked root domain requests to www and enable CloudFlare’s minifier + cache. To add strict security HTTP headers and proper 404 Not Found responses, I had to turn to CloudFlare Workers, i.e. simple NodeJS script that runs in the CloudFlare pipeline between edge cache and origin server.

image

Heavily inspired by Scott Helme I wrote this https://gist.github.com/klinkby/8e161a3e2926ecc7d7b53a5c57bf0790 , which provide an A grade in Scott’s security headers analyzer.

❤ serverless.