How to set a bypass rule for cloudflare own servers?

I am using cloudfare tunnel to publicly expose two services main.domain.tld and sub.domain.tld.
Main has it’s own authentication with 2fa, so I did not put any access rules on it. Sub does not have built in auth, so I am using applications to limit access.
Sub is included in an iframe in Main. To see it I need to login going to Sub first.
How do I write a bypass rule for sub that it the call is coming from specific domain main it would not require an auth?

I don’t see this as a possible option.

Thanks for an answer.
I was suspecting that to be the case but hey I will get to learn new tech on how to make a bot pretend a human… better :smiley:
A little annoying but I am not paying for residential services to get a couple 10/50 EUR discounts on some used parts :smiley: