I’m using a Vercel rewrite as a transparent proxy for the /api/cf endpoint. This is only there because Cloudflare’s GraphQL API doesn't play nice with CORS from a browser. It’s not a serverless function—it’s just a pass-through tunnel. No logs, no backend, no funny business.
Your token stays in your localStorage, and you can verify the traffic in your Network tab. I built this for my own peace of mind, and I wanted to make sure it stays as secure for you as it is for me.
– It uses Cloudflare’s official GraphQL API – The API token never leaves your browser (stored in localStorage) – Minimum required permission: R2 read-only analytics
I built this because I was close to the free Class B limit and couldn’t easily see daily burn rate.
Happy to open-source it if there’s interest.