Fraud Detection at the Edge: Cloudflare Workers + tracio.ai
Traditional fraud detection happens at the application layer: the request arrives at your server, you query your fraud detection API, wait for the response, and then decide whether to allow or block. This round-trip adds 50-200ms of latency to every request — acceptable for page loads, but painful for API endpoints, AJAX calls, and real-time interactions.
What if you could make the fraud decision before the request reaches your origin server? That is what edge computing enables, and Cloudflare Workers is the platform we use to demonstrate this pattern.
The Architecture
The setup has three components: the tracio.ai TraceJS SDK running in the browser, a Cloudflare Worker sitting between the client and your origin, and the tracio.ai Server API for full signal analysis.
The flow works like this: The TraceJS SDK collects device signals and sends them to tracio.ai during page load. tracio.ai responds with a requestId and visitorId. The browser includes the requestId in subsequent API requests (via header or cookie). The Cloudflare Worker intercepts each request, validates the requestId against a cached result, and makes an allow/block decision in under 5ms.
Worker Implementation
The Worker maintains a lightweight cache of recent device verification results using Cloudflare's KV storage. When a request arrives with a requestId header, the Worker checks the cache. If the result is cached and the visitor is clean (low bot score, no VPN, confidence above threshold), the request passes through immediately. If the result is not cached, the Worker makes a single API call to tracio.ai's verification endpoint, caches the result, and then decides.
The critical insight is that the verification cache is populated proactively. The first page load triggers signal collection and caches the result. All subsequent API calls from that visitor hit the cache — no round-trip to tracio.ai needed. Cache TTL is configurable; we recommend 5 minutes for high-security endpoints and 30 minutes for general content.
Performance Numbers
We benchmarked this architecture with a customer processing 50,000 requests per minute through Cloudflare Workers. Results:
Cache hit rate: 94% (most requests are from visitors who already loaded a page). Edge decision latency (cache hit): 1.2ms median, 3.8ms p99. Edge decision latency (cache miss): 45ms median (includes API call to tracio.ai). Origin latency savings: 120ms median per request (eliminated server-side fraud check).
The 94% cache hit rate means that 94% of fraud decisions happen in under 4ms at the edge, with no origin involvement. The remaining 6% are first-visit requests that require a full API round-trip.
Blocking Strategies
The Worker supports three blocking strategies, configurable per route:
Hard block: Return 403 immediately for high-risk visitors (bot score > 0.9, known automation framework). Soft block: Add X-Tracio-Risk headers and let the origin decide. This is useful when you want application-level context for the decision. Challenge: Redirect suspicious visitors (moderate bot score, VPN detected) to a challenge page that requires additional verification.
We recommend starting with soft blocking in production, monitoring the risk distribution for a week, and then enabling hard blocking for clear-cut cases (known bots, headless browsers, high-confidence automation).
Cost Analysis
Cloudflare Workers pricing is based on requests and compute time. At 50K requests/minute (2.16 billion/month), the Worker cost is approximately $500/month. Compare this to the latency savings: eliminating 120ms of origin-side fraud checking reduces server CPU usage by 15-20%, which typically saves more than the Worker cost in compute.
The real value is in fraud prevention: catching bots and fraudulent requests before they consume origin resources, database connections, and downstream API calls. One customer reduced their origin server count from 12 to 8 after implementing edge-based fraud detection — the bots that were consuming 30% of their compute never reached the origin.