Cloudflare Workers Bot & Crawler Detection

Detect crawlers and AI bots that never run the JavaScript SDK from a Cloudflare Worker sitting in front of your origin. The Worker serves the page first, then forwards the visitor's signals to Kitbase with ctx.waitUntil so analytics never adds latency. Cloudflare resolves the true client IP in cf-connecting-ip.

Privacy — we only keep the bots

Forwarding every request doesn't mean every request is stored. Human visitors' signals are used only to classify the request in memory and are then discarded — only bot and crawler requests are persisted. For those, the raw IP is stored only when IP logging is enabled for the environment; otherwise it's used to derive geolocation (country, region, city) and then dropped.

Prerequisites

Add two Worker environment variables / secrets:

• KITBASE_API_KEY — your project's secret API key (sk_kitbase_…), not the browser SDK key.
• KITBASE_ENVIRONMENT — the target environment name, e.g. Production.

Setup

export default {
  async fetch(request, env, ctx) {
    const response = await fetch(request); // serve the page first
    ctx.waitUntil(fetch("https://ingest.kitbase.dev/ingest/v1/server", {
      method: "POST",
      headers: { "authorization": `Bearer ${env.KITBASE_API_KEY}`, "content-type": "application/json" },
      body: JSON.stringify({ environment: env.KITBASE_ENVIRONMENT, events: [{
        user_agent: request.headers.get("user-agent"),
        ip_address: request.headers.get("cf-connecting-ip"),
        method: request.method,
        host: new URL(request.url).host,
        path: new URL(request.url).pathname,
        referrer: request.headers.get("referer"),
        signature: request.headers.get("signature"),
        signature_input: request.headers.get("signature-input"),
        signature_agent: request.headers.get("signature-agent"),
      }]}),
    }));
    return response;
  },
};

The signature* headers are part of Web Bot Auth — forwarding them lets Kitbase cryptographically verify a crawler's claimed identity when present.

Next steps

• API reference — full request schema, response, and attribution fields.
• All platforms — setup guides for other frameworks and hosts.