Backend on different domain? (to hide sni)

I don’t see how that matters. If they DPI your visitors, they’ll only see your domain.

They would have to DPI the traffic between Cloudflare and your server. If that’s the case, then you’re looking for something like domain masking. You can can try something like this with Workers:

1 Like