Skip to content
Cloudflare Docs

Worker Isolation

Untrusted Mode (Default)

By default, Workers inside of a dispatch namespace are considered "untrusted." This provides the strongest isolation between Workers and is best in cases where your customers have control over the code that's being deployed.

In untrusted mode:

This mode ensures complete isolation between customer Workers, preventing any potential cross-tenant data access.

Trusted Mode

If you control the Worker code and want to disable isolation mode, you can configure the namespace as "trusted". This is useful when building internal platforms where your company controls all Worker code.

In trusted mode:

  • The request.cf object becomes available, providing access to request metadata
  • All Workers in the namespace share the same cache space when using the Cache API

To convert a namespace from untrusted to trusted:

Terminal window
curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/workers/dispatch/namespaces/{namespace_name}" \
  -H "Authorization: Bearer {api_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "{namespace_name}",
    "trusted_workers": true
  }'

If you enable trusted mode for a namespace that already has deployed Workers, you'll need to redeploy those Workers for the request.cf object to become available. Any new Workers you deploy after enabling trusted mode will automatically have access to it.

Maintaining cache isolation in trusted mode

If you need access to request.cf but want to maintain cache isolation between customers, use customer-specific cache keys or the Cache API with isolated keys.