Cloudflare Workers Response "Just a Moment..."

Hi everyone,

I’m hosting a backend on Cloudflare Workers and a frontend on Vercel. When I try to fetch data from my Cloudflare Workers backend via Vercel, the response I get is “Just a moment…”, which seems to be a Cloudflare security challenge.

However, if I fetch the same API directly from Postman or the browser, it works fine.

I’ve already tried the following:

• Set Cloudflare Security Level to “Essentially Off”.**
• Checked Firewall Rules to ensure there are no JS challenges.**
• Disabled Bot Fight Mode in Cloudflare.**
• Attempted to whitelist Vercel IPs, but Vercel uses dynamic IPs.**

Despite all these steps, Vercel still gets blocked. Is there a recommended way to make Vercel’s requests pass through Cloudflare without triggering a challenge?

Would appreciate any insights. Thanks!

That’s a Firewall Challenge. Your Firewall Event Logs should show why that request is being challenged. Security Events · Cloudflare Web Application Firewall (WAF) docs

I am not sure if Cloudflare allow to bypass such request , in ideal world you should be able to create a WAF bypass rule specifically for requests from Vercel :

1. Go to Cloudflare Dashboard > Security > WAF > Custom Rules

2. Create a new rule with:

3. Name: “Vercel Bypass”

4. Expression: (http.request.headers["X-API-Key"] eq "YOUR_SECRET_KEY")

5. Action: “Bypass”

I will recommend reaching out to Cloudflare support team for specific guidance.

@alhifny-wahid Can you go to your Cloudflare Security → Events page and check what rules are triggered for those requests?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.