Account plan limits
Bundled Usage Model
Workers on the Bundled Usage Model are intended for use cases below 50 ms. Bundled Workers limits are based on CPU time, rather than . This means that the time limit does not include the time a script is waiting for responses from network calls. The billing model for Bundled Workers is based on requests that exceed the included number of requests on the
Paid plan. Learn more about .
Unbound Usage Model
The Workers Unbound Usage Model has a significantly higher limit than the Bundled Usage Model and is intended for use cases up to 30 seconds. Unbound Worker limits are based on , meaning the limit includes the time a script is waiting for responses from network calls. Learn more about .
The Workers Free plan includes limited KV Usage. If you exceed one of these limits, further operations of that type will fail with an error. All limits reset daily at 00:00 UTC.
The following limits apply regardless of the plan used.
Cache API limits
Bundled (Paid) Workers scripts automatically scale onto thousands of Cloudflare edge servers around the world; there is no general limit to the number of requests per second Workers can handle.
Cloudflare’s abuse protection methods do not affect well-intentioned traffic. However, if you send many thousands of requests per second from a small number of client IP addresses, you can inadvertently trigger Cloudflare’s abuse protection. If you expect to receive
1015 errors in response to traffic or expect your application to incur these errors, contact Cloudflare to increase your limit.
The burst rate and daily request limits apply at the account level, meaning that requests on your workers.dev subdomain count toward the same limit as your zones. Upgrade to a to automatically lift these limits.
Accounts using the Workers free plan are subject to a burst rate limit of 1000 requests per minute. Users visiting a rate limited site will receive a Cloudflare 1015 error page. However if you are calling your script programmatically, you can detect the rate limit page and handle it yourself by looking for HTTP status code 429.
Accounts using the Workers free plan are subject to a daily request limit of 100,000 requests. Free plan daily requests counts reset at midnight UTC. A Worker that fails as a result of daily request limit errors can be configured by toggling its corresponding in two modes: Fail open and Fail closed.
Routes in fail open mode will bypass the failing Worker and prevent it from operating on incoming traffic. Incoming requests will behave as if there was no Worker.
Routes in fail closed mode will display a Cloudflare 1027 error page to visitors, signifying the Worker has been temporarily disabled. We recommend this option if your Worker is performing security related tasks.
Only one Workers instance runs on each of the many global Cloudflare edge servers. Each Workers instance can consume up to 128MB of memory. Use to persist data between requests on individual nodes; note however, that nodes are occasionally evicted from memory.
Most Workers requests consume less than a millisecond. It’s rare to find a normally operating Workers script that exceeds the CPU time limit. A Worker may consume up to 10ms on the free plan and 50ms on the Bundled tier. The 10ms allowance on the free plan is enough execution time for most use cases including application hosting.
There is no limit on the real runtime for a Workers script. As long as the client that sent the request remains connected, the Workers script can continue processing, making subrequests, and setting timeouts on behalf of that request. When the client disconnects, all tasks associated with that client request are canceled. You can use to delay cancellation for another 30 seconds or until the promise passed to
Duration is the measurement of wall-clock time. This is measured in Gigabytes per second (GB-s). When a Worker is executed, it is allocated 128mb of . As the Worker continues to execute that memory remains allocated, even during network IO requests.
Egress data transfer
Egress data transfer is the measurement of data sent out of an executing Worker. The diagram below illustrates the flow of data going from a requesting device, to a Worker which calls a 3rd party, like a storage provider, and returns the data. In this example, the egress data measured is the request going from a Worker to a 3rd party and the Workers response to the original requester.
Can a Workers script make subrequests to load other sites on the Internet?
How many subrequests can I make?
The limit for subrequests a Workers script can make is 50 per request. Each subrequest in a redirect chain counts against this limit. This means that the number of subrequests a Workers script makes could be greater than the number of
fetch(request) calls in the script.
How long can a subrequest take?
There is no hard limit on the amount of real time a Worker may use. As long as the client which sent a request remains connected, the Worker may continue processing, making subrequests, and setting timeouts on behalf of that request.
When the client disconnects, all tasks associated with that client’s request are proactively canceled. If the Worker passed a promise to , cancellation will be delayed until the promise has completed or until an additional 30 seconds have elapsed, whichever happens first.
Simultaneous open connections
While handling a request, each Worker script is allowed to have up to six connections open simultaneously. The connections opened by the following API calls all count toward this limit:
fetch()method of the
Once a Worker has six connections open, it can still attempt to open additional connections. However, these attempts are put in a pending queue — the connections won’t actually be initiated until one of the currently open connections has closed. Since earlier connections can delay later ones, if a Worker tries to make many simultaneous subrequests, its later subrequests may appear to take longer to start.
If the system detects that a Worker is deadlocked on open connections — for instance, if the Worker has pending connection attempts but has no in-progress reads or writes on the connections that it already has open — then the least-recently-used open connection will be canceled to unblock the Worker. If the Worker later attempts to use a canceled connection, an exception will be thrown. These exceptions should rarely occur in practice, though, since it’s uncommon for a Worker to open a connection that it doesn’t have an immediate use for.
The maximum number of environment variables (secret and text combined) for a Worker is 32 variables. There is no limit to the number of environment variables per account.
Each environment variable has a size limitation of 1 KB.
Number of scripts
Unless otherwise negotiated as a part of an enterprise level contract, all Workers accounts are limited to a maximum of 30 scripts at any given time.
Workers KV supports:
- Up to 100 Namespaces per account
- Unlimited keys per namespace
- Keys of up to 512 bytes
- Values of up to 25 MB
- Metadata of up to 1024 bytes per key
- Unlimited reads per second
- Unlimited writes per second, if they are to different keys
- Up to one write per second to any particular key
Workers KV read performance is determined by the amount of read-volume a given key receives. Maximum performance for a key is not reached unless that key is being read at least a couple times per minute in any given data center.
Workers KV is an eventually consistent system, meaning that reads will sometimes reflect an older state of the system. While writes will often be visible globally immediately, it can take up to 60 seconds before reads in all edge locations are guaranteed to see the new value.
delete()calls per-request, using the same quota as
5 GBs total