Cloudflare Worker Changelog
DataDome Cloudflare Module
2.0.0 (2025-07-07)
Breaking changes
Module import syntax
- Use ES module syntax instead of Service Worker syntax
Worker configuration settings
Renamed:
DATADOME_IP_FILTERING
→DATADOME_IP_EXCLUSION
DATADOME_URL_REGEX
→DATADOME_URL_REGEX_INCLUSION
DATADOME_JS_URL_REGEX
→DATADOME_JS_URL_REGEX_INCLUSION
DATADOME_LOG_VALUES
→DATADOME_LOGPUSH_CONFIGURATION
Removed:
DATADOME_URI_REGEX
DATADOME_URI_REGEX_EXCLUSION
DATADOME_HOSTNAME_REGEX_EXCLUSION
DATADOME_JS_URI_REGEX_EXCLUSION
DATADOME_JS_HOSTNAME_REGEX_EXCLUSION
DataDomeOptions interface
Renamed properties:
timeOut
→timeout?: number
licenseKey
→serverSideKey?: string
New properties:
ipExclusion?: string[]
- List of IPv4 and IPv6 addresses to exclude from DataDome protection; accepts ranges with CIDR notationurlPatternExclusion?: RegExp | string
- Regex pattern to exclude URLs from DataDome protectionurlPatternInclusion?: RegExp | string
- Regex pattern to include URLs for DataDome protection; all URLs will match if emptyenableDebugging?: boolean
- Enable debugging modeenableGraphQLSupport?: boolean
- Enable GraphQL supportenableReferrerRestoration?: boolean
- Enable referrer restorationmaximumBodySize?: number
- Maximum body size in bytes (default: 25KB)logpushConfiguration?: string[]
- List of enriched headers names to log inside LogpushclientSideKey?: string
- Client-side key for JS Tag injectionjsURL?: string
- URL of the JS Tag (default: https://js.datadome.co/tags.js)jsEndpoint?: string
- URL for the JS data endpointjsTagOptions?: Record<string, any>
- Options for the JS Tag in JavaScript object formatjsURLRegexExclusion?: RegExp | string
- Regex pattern to exclude URLs where JS Tag injection must not executejsURLRegexInclusion?: RegExp | string
- Regex pattern to include URLs where JS Tag injection must execute; all URLs will match if empty
Logging system
- Use Cloudflare Workers' native logging system for debugging information instead of adding debug headers to requests
Enhancements
- Add
CookiesList
to payloads sent to Protection API - Improve error logging and debugging capabilities:
- Include more details in error messages
- Change log format to be easier to parse and analyze
- Publish module as an npm package to ease installation
1.19.0 (2025-01-28)
- Add support for CIDR notation in
DATADOME_IP_FILTERING
- Remove unused code related to deprecated App
1.18.1 (2024-12-27)
- Fix collection of JA4 fingerprints
- Add collection of JA3 fingerprints
1.18.0 (2024-11-20)
- Add
DATADOME_ENABLE_REFERRER_RESTORATION
option to enable referrer restoration
1.17.0 (2024-10-24)
- Collect JA4 fingerprints
1.16.3 (2024-08-21)
- Add chunk-by-chunk reading for GraphQL body payloads
- Add
DATADOME_MAXIMUM_BODY_SIZE
to restrict the body payload size (25Kb by default)
1.16.2 (2024-07-25)
- Inject JS Tag in the
<head>
tag on HTML responses as recommended by the documentation - Handle GraphQL shorthand syntax (no operation type or operation name)
1.16.1 (2023-12-01) – Workers only
- Fix header truncation
1.16.0 (2023-11-15)
- Add GraphQL support
- Support JS Tag injection in responses to POST requests
1.15.1 (2023-09-21)
- Switch protocol to HTTPS for calls to the DataDome API
1.15.0 (2023-05-04)
- Add support for regex flags
d
,s
, andu
- Add option for volatile session (experimental)
1.14.0 (2023-02-09)
- Add logging function for workers
- Collect Fetch Metadata headers
1.13.2 (2022-11-23)
- Update payload field name to
XForwardedForIp
1.13.1 (2022-09-29)
- Fix include regex option for client-side detection
1.13.0 (2022-09-27)
- Add include regex option for client-side detection
1.12.0 (2022-07-07)
- Add truncate logic for headers
1.11.1 (2022-06-10)
- Improve logging conditions
1.11.0 (2022-05-30)
- Add support for logging in custom response headers for debugging
1.10.0 (2022-03-28)
- Add support for allow session feature
- Add support for session by header
1.9.0 (2022-01-05)
- Collect TLS version and cipher
- Rename
Sec-CH-UA-Full-Version
toSec-CH-UA-Full-Version-List
1.8.0 (2021-11-23)
- Collect client hints
1.7.2 (2021-06-23)
- Add IP filtering settings
1.7.1 (2021-05-28)
- Simplify App UI declaration file
1.7.0 (2021-02-07)
- Support first-party JS tag
- Add new exclusion rules based on URLs
- Improve UI with placeholders and formatting
1.6.4 (2020-10-01)
- Add URL filtering as a regex parameter in the App
1.6.3 (2020-08-14)
- Modify filtering on static assets
1.6.2 (2020-06-11)
- Add new HTTP headers
1.6.1 (2020-05-27)
- Update default timeout to 300ms
- Simplify static assets list
1.6.0 (2020-05-05)
- Fix regex parsing bug
1.5.9 (2020-04-17)
- Use
_HTMLRewriter_
for better performance and tag support - Fix limitations from old parser
1.5.7 (2020-04-03)
- Fix charset checks on tag injection
1.5.6 (2020-03-09)
- Fix DataDome headers
1.5.5 (2020-02-17)
- Add support for hostname exclusion
- Expand static asset regex exclusion
- Clarify documentation on exclusions
1.5.2 (2019-02-12)
- Enable login and sign-up via OAuth (no API keys required)
- Apply minor UI improvements
1.4.9 (2019-11-26)
- Add support for Cloudflare Pseudo IPv4 feature
1.4.8 (2019-11-20)
- Make UI more dynamic
- Update documentation
1.4.7 (2019-09-27)
- Add JSTag URI exclusion option
1.4.6 (2019-09-19)
- Add JS Tag hostname exclusion option
- Revamp App options UI
1.4.5 (2019-09-13)
- Add support for query parameters in URLs
1.4.4 (2019-09-09)
- Fix timeout issue (App only)
- Remove
_app.js
logic to avoid client-side JS generation
1.4.2 (2019-09-02)
- Fix JSTag options issue (App only)
1.4.0 (2019-08-26)
- Add JSTag insertion and timeout configuration
1.3.1 (2019-04-28)
- Add Cloudflare App support
1.3 (2019-01-26)
- Override all headers except
Set-Cookie
1.2 (2019-01-10)
- Prevent addition of headers to backend requests
1.1 (2018-12-17)
- Preserve original backend headers if a header may have multiple values
1.0
- Initial release
Updated 15 days ago