Sorry if I wasn't clear. Yes I understand I can set whatever headers I want in a response via the edit options for my workers. The problem I'm running in to is that I created a worker for a static site and it has a massive 1 line JS blob for the script section that I have to go through to set this. I never created this, it's just what was set up when I used Wrangler to deploy my static site.

This is fine except it's a huge hassle to modify and I'm actually a bit surprised that by default workers don't use secure headers. I figured they would since they're pretty standard now and I'd rather have to disable them if I needed then to manually configure them. If someone isn't familiar with security headers there's also a good chance they would deploy their site and never enable them which makes sites running on workers less secure by default.

I'm going off this several year old blog post: https://scotthelme.co.uk/security-headers-cloudflare-worker/ that talks about how to set this up and it seems like functionality has changed a bit since then, or maybe I am misunderstanding their screenshots. Outside of this I can't find any documentation from Cloudflare about setting these headers that is more recent, or what I would need to set for a new worker that has recently been created to get this functionality.

So I guess my question is two fold, are there plans to make it easier to enable secure headers than to manually modify the worker itself? My plan is to do that currently once I stop slacking and decide to just parse this giant JS blob.

My second question is are there any plans to add documentation around functionality such as this? I was really shocked to see that secure headers weren't something that's simply enabled by default and even more so when I looked through the docs and didn't see any examples on how to set them up. Maybe my use case is niche, but I thought secure headers were pretty standard at this point.