Andy Gill explains how to use CloudFlare Workers for Conditional Access Payload Delivery (CAPD), which allows red teams to deliver various types of content securely and efficiently. This method offers advantages over traditional servers, such as instant access key rotation and built-in DDoS protection. The article emphasizes the operational flexibility provided by serverless architecture and highlights the downsides, like reliance on CloudFlare and learning curve involved for new users. The article details the request flow, where the Worker intercepts requests and verifies authentication tokens before fetching the specified asset. The provided code demonstrates how to implement the middleware function, ensuring that errors don’t reveal sensitive information. It covers best practices like using environment variables for tokens instead of hard-coded values, which allows for easy token rotation without redeployment. To enhance security further, the article introduces timing-safe comparison techniques to prevent timing attacks. Gill also discusses variations for managing multiple payloads and offers methods to control file behavior for downloads. Logging capabilities within Workers can track which clients accessed the payload, aiding in operational clarity without compromising sensitive data. The focus remains on maintaining security while maximizing the efficiency of payload delivery, making it a relevant approach for red team operations.