Starting this morning we started seeing 403/Forbidden errors for all of our internal Zero Trust Applications that are served over cloudflared tunnels. Nothing had changed with policies, etc.
After a bunch of troubleshooting, we determined the issue, (at least for us), was down to Chrome and Safari: Firefox works without issue, and is our workaround for now.
An urgent ticket as been created, but just in case anyone else is seeing similar issues within the past 12-24 hours, give Firefox a try.