diff --git a/README.md b/README.md
index 39e3acac99..e9fa889a1a 100644
--- a/README.md
+++ b/README.md
@@ -139,6 +139,7 @@ Legend:
 | -- | -- | -- |
 | Node.js | LTS ^12.19.0 || ^14.15.0 | |
 | Electron | ^12.0.0 | see <sup>[1]</sup> |
+| Cloudflare Workers | ✓ | see <sup>[2], [4]</sup> |
 | Deno | experimental | see Deno's [Web Cryptography API roadmap](https://github.com/denoland/deno/issues/11690) |
 | React Native | ✕ | has no available and usable crypto runtime |
 | IE | ✕ | implements old version of the Web Cryptography API specification |
diff --git a/src/runtime/browser/fetch_jwks.ts b/src/runtime/browser/fetch_jwks.ts
index 09f72a1fee..8aa8ce0c39 100644
--- a/src/runtime/browser/fetch_jwks.ts
+++ b/src/runtime/browser/fetch_jwks.ts
@@ -12,10 +12,17 @@ const fetchJwks: FetchFunction = async (url: URL, timeout: number) => {
   const response = await globalThis.fetch(url.href, {
     signal: controller ? controller.signal : undefined,
     redirect: 'manual',
-    referrerPolicy: 'no-referrer',
-    credentials: 'omit',
-    mode: 'cors',
     method: 'GET',
+    // do not pass referrerPolicy, credentials, and mode when running
+    // in Cloudflare Workers environment
+    // @ts-expect-error
+    ...(typeof globalThis.WebSocketPair === 'undefined'
+      ? {
+          referrerPolicy: 'no-referrer',
+          credentials: 'omit',
+          mode: 'cors',
+        }
+      : undefined),
   })
 
   if (response.status !== 200) {