Cloudflare Worker Changelog

DataDome Cloudflare Module

2.0.0 (2025-07-07)

Breaking changes

Module import syntax

  • Use ES module syntax instead of Service Worker syntax

Worker configuration settings

Renamed:

  • DATADOME_IP_FILTERINGDATADOME_IP_EXCLUSION
  • DATADOME_URL_REGEXDATADOME_URL_REGEX_INCLUSION
  • DATADOME_JS_URL_REGEXDATADOME_JS_URL_REGEX_INCLUSION
  • DATADOME_LOG_VALUESDATADOME_LOGPUSH_CONFIGURATION

Removed:

  • DATADOME_URI_REGEX
  • DATADOME_URI_REGEX_EXCLUSION
  • DATADOME_HOSTNAME_REGEX_EXCLUSION
  • DATADOME_JS_URI_REGEX_EXCLUSION
  • DATADOME_JS_HOSTNAME_REGEX_EXCLUSION

DataDomeOptions interface

Renamed properties:

  • timeOuttimeout?: number
  • licenseKeyserverSideKey?: string

New properties:

  • ipExclusion?: string[] - List of IPv4 and IPv6 addresses to exclude from DataDome protection; accepts ranges with CIDR notation
  • urlPatternExclusion?: RegExp | string - Regex pattern to exclude URLs from DataDome protection
  • urlPatternInclusion?: RegExp | string - Regex pattern to include URLs for DataDome protection; all URLs will match if empty
  • enableDebugging?: boolean - Enable debugging mode
  • enableGraphQLSupport?: boolean - Enable GraphQL support
  • enableReferrerRestoration?: boolean - Enable referrer restoration
  • maximumBodySize?: number - Maximum body size in bytes (default: 25KB)
  • logpushConfiguration?: string[] - List of enriched headers names to log inside Logpush
  • clientSideKey?: string - Client-side key for JS Tag injection
  • jsURL?: string - URL of the JS Tag (default: https://js.datadome.co/tags.js)
  • jsEndpoint?: string - URL for the JS data endpoint
  • jsTagOptions?: Record<string, any> - Options for the JS Tag in JavaScript object format
  • jsURLRegexExclusion?: RegExp | string - Regex pattern to exclude URLs where JS Tag injection must not execute
  • jsURLRegexInclusion?: RegExp | string - Regex pattern to include URLs where JS Tag injection must execute; all URLs will match if empty

Logging system

  • Use Cloudflare Workers' native logging system for debugging information instead of adding debug headers to requests

Enhancements

  • Add CookiesList to payloads sent to Protection API
  • Improve error logging and debugging capabilities:
    • Include more details in error messages
    • Change log format to be easier to parse and analyze
  • Publish module as an npm package to ease installation

1.19.0 (2025-01-28)

  • Add support for CIDR notation in DATADOME_IP_FILTERING
  • Remove unused code related to deprecated App

1.18.1 (2024-12-27)

  • Fix collection of JA4 fingerprints
  • Add collection of JA3 fingerprints

1.18.0 (2024-11-20)

  • Add DATADOME_ENABLE_REFERRER_RESTORATION option to enable referrer restoration

1.17.0 (2024-10-24)

  • Collect JA4 fingerprints

1.16.3 (2024-08-21)

  • Add chunk-by-chunk reading for GraphQL body payloads
  • Add DATADOME_MAXIMUM_BODY_SIZE to restrict the body payload size (25Kb by default)

1.16.2 (2024-07-25)

  • Inject JS Tag in the <head> tag on HTML responses as recommended by the documentation
  • Handle GraphQL shorthand syntax (no operation type or operation name)

1.16.1 (2023-12-01) – Workers only

  • Fix header truncation

1.16.0 (2023-11-15)

  • Add GraphQL support
  • Support JS Tag injection in responses to POST requests

1.15.1 (2023-09-21)

  • Switch protocol to HTTPS for calls to the DataDome API

1.15.0 (2023-05-04)

  • Add support for regex flags d, s, and u
  • Add option for volatile session (experimental)

1.14.0 (2023-02-09)

  • Add logging function for workers
  • Collect Fetch Metadata headers

1.13.2 (2022-11-23)

  • Update payload field name to XForwardedForIp

1.13.1 (2022-09-29)

  • Fix include regex option for client-side detection

1.13.0 (2022-09-27)

  • Add include regex option for client-side detection

1.12.0 (2022-07-07)

  • Add truncate logic for headers

1.11.1 (2022-06-10)

  • Improve logging conditions

1.11.0 (2022-05-30)

  • Add support for logging in custom response headers for debugging

1.10.0 (2022-03-28)

  • Add support for allow session feature
  • Add support for session by header

1.9.0 (2022-01-05)

  • Collect TLS version and cipher
  • Rename Sec-CH-UA-Full-Version to Sec-CH-UA-Full-Version-List

1.8.0 (2021-11-23)

  • Collect client hints

1.7.2 (2021-06-23)

  • Add IP filtering settings

1.7.1 (2021-05-28)

  • Simplify App UI declaration file

1.7.0 (2021-02-07)

  • Support first-party JS tag
  • Add new exclusion rules based on URLs
  • Improve UI with placeholders and formatting

1.6.4 (2020-10-01)

  • Add URL filtering as a regex parameter in the App

1.6.3 (2020-08-14)

  • Modify filtering on static assets

1.6.2 (2020-06-11)

  • Add new HTTP headers

1.6.1 (2020-05-27)

  • Update default timeout to 300ms
  • Simplify static assets list

1.6.0 (2020-05-05)

  • Fix regex parsing bug

1.5.9 (2020-04-17)

  • Use _HTMLRewriter_ for better performance and tag support
  • Fix limitations from old parser

1.5.7 (2020-04-03)

  • Fix charset checks on tag injection

1.5.6 (2020-03-09)

  • Fix DataDome headers

1.5.5 (2020-02-17)

  • Add support for hostname exclusion
  • Expand static asset regex exclusion
  • Clarify documentation on exclusions

1.5.2 (2019-02-12)

  • Enable login and sign-up via OAuth (no API keys required)
  • Apply minor UI improvements

1.4.9 (2019-11-26)

  • Add support for Cloudflare Pseudo IPv4 feature

1.4.8 (2019-11-20)

  • Make UI more dynamic
  • Update documentation

1.4.7 (2019-09-27)

  • Add JSTag URI exclusion option

1.4.6 (2019-09-19)

  • Add JS Tag hostname exclusion option
  • Revamp App options UI

1.4.5 (2019-09-13)

  • Add support for query parameters in URLs

1.4.4 (2019-09-09)

  • Fix timeout issue (App only)
  • Remove _app.js logic to avoid client-side JS generation

1.4.2 (2019-09-02)

  • Fix JSTag options issue (App only)

1.4.0 (2019-08-26)

  • Add JSTag insertion and timeout configuration

1.3.1 (2019-04-28)

  • Add Cloudflare App support

1.3 (2019-01-26)

  • Override all headers except Set-Cookie

1.2 (2019-01-10)

  • Prevent addition of headers to backend requests

1.1 (2018-12-17)

  • Preserve original backend headers if a header may have multiple values

1.0

  • Initial release