Cloudflare · Abuse Defense

cloudflare-worker-abuse-defense-kit

A Worker starter for public forms and lightweight APIs that need abuse controls before the first campaign, contact page, or landing-page launch.

Repository Source bundle Launch article

What it includes

KV-backed sliding-window rate limiting for repeated submissions.
Cloudflare Turnstile verification helper for server-side challenge checks.
Honeypot and timestamp validation for public form payloads.
A Worker entrypoint with safe JSON responses and test coverage.

Why Mirogate built it

Public forms are often launched as simple plumbing and secured later. This kit keeps abuse controls in the first implementation pass, while staying small enough for teams to understand and adapt.

npm test

Use the examples as a starting point, then tune limits, retention, and logging to the actual risk profile.