Cloudflare Workers code to manage redirection of a domain and adding extra security headers to the correct hostname

manage-redirection-and-add-security-headers-via-cloudflare-workers.js

/**
 * CloudFlare Worker to handle each request
 * and based on the given condition either redirect it to 
 * the proper URL
 * OR add the security headers in case of Status 200
 * @author Acnam Infotech
 * @explanation https://acnam.com/why-and-how-to-use-cloudflare-workers-explained-with-sample-code/
 */
addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

/**
 * Respond to the request
 * @param {Request} request
 */
async function handleRequest(request) {
  // Convert the request to a mutable URL
  const requestURL = new URL(request.url)

  // Check if the website is using correct hostname, protocol or using a port
  // which should not be redirected
  if(
    (
      requestURL.hostname === 'www.example.com' && 
      requestURL.protocol === 'https:'
    ) || 
    (
      requestURL.hostname === 'example.com' &&
      requestURL.protocol === 'https:' &&
      requestURL.port === '2083'
    )
  ) {
    // No need to redirect the URL. Just add the necessary Security Headers
    let response = await fetch(request)

    // Make the headers mutable by re-constructing the Response.
    response = new Response(response.body, response)

    // Add the security headers we want to add to our response
    response.headers.append('X-Frame-Options', 'DENY')
    response.headers.append('Content-Security-Policy', 'block-all-mixed-content')
    response.headers.append('X-XSS-Protection', '1; mode=block')

    // Return the response
    return response
  } else {
    // We need to redirect the URL to the correct hostname
    // Have to redirect the URL to the proper hostname and protocol
    requestURL.hostname = 'www.example.com'
    requestURL.protocol = 'https:'

    // Make the redirect
    return Response.redirect(requestURL, 301)
  }
}

Good one.

Thanks, @zakirsajib. Enjoy. 🙂