diff --git a/README.md b/README.md
index 39e3acac99..e9fa889a1a 100644
--- a/README.md
+++ b/README.md
@@ -139,6 +139,7 @@ Legend:
| -- | -- | -- |
| Node.js | LTS ^12.19.0 || ^14.15.0 | |
| Electron | ^12.0.0 | see [1] |
+| Cloudflare Workers | ✓ | see [2], [4] |
| Deno | experimental | see Deno's [Web Cryptography API roadmap](https://github.com/denoland/deno/issues/11690) |
| React Native | ✕ | has no available and usable crypto runtime |
| IE | ✕ | implements old version of the Web Cryptography API specification |
diff --git a/src/runtime/browser/fetch_jwks.ts b/src/runtime/browser/fetch_jwks.ts
index 09f72a1fee..8aa8ce0c39 100644
--- a/src/runtime/browser/fetch_jwks.ts
+++ b/src/runtime/browser/fetch_jwks.ts
@@ -12,10 +12,17 @@ const fetchJwks: FetchFunction = async (url: URL, timeout: number) => {
const response = await globalThis.fetch(url.href, {
signal: controller ? controller.signal : undefined,
redirect: 'manual',
- referrerPolicy: 'no-referrer',
- credentials: 'omit',
- mode: 'cors',
method: 'GET',
+ // do not pass referrerPolicy, credentials, and mode when running
+ // in Cloudflare Workers environment
+ // @ts-expect-error
+ ...(typeof globalThis.WebSocketPair === 'undefined'
+ ? {
+ referrerPolicy: 'no-referrer',
+ credentials: 'omit',
+ mode: 'cors',
+ }
+ : undefined),
})
if (response.status !== 200) {