Cloudflare SaaS Orange Cloud not working

TLDR: Why doesn’t SaaS domains use the proxied (orange cloud) domain and access the original directly instead?

SaaS Setup

We have a domain such as

  1. Create an A record ( pointing to a cloud hosted backend with the proxy (orange cloud) enabled.

  2. Configure Cloudflare workers to intercept and enhance the traffic.

  3. Configure a SaaS record (SSL/TLS > Custom Hostnames) where the fallback origin points to

  4. Configure a SaaS record with a custom hostname for

  5. For the domain, setup a CNAME DNS record that points to (DNS Only – grey cloud).

Access Issue

If you visit, the response is valid and includes the modifications from the worker.

If you visit (with DNS pointing to then you only get the response from the origin / backend (the worker doesn’t intercept it).

Another fun fact. If has an A record that points to any internal IP address such as, the correct website is served via the worker when visiting However, if you visit, that has a CNAME that points to then you get a timeout and DNS error.

How can we use custom SaaS domains and still leverage the benefits of the orange proxied cloud?