Render
Cloudflare partners with Render to provide Render customers’ web services and static sites with Cloudflare’s performance and security benefits.
If you use Render and also have a Cloudflare plan, you can use your own Cloudflare zone to proxy web traffic to your zone first, then Render's (the SaaS Provider) zone second. This configuration option is called Orange-to-Orange (O2O).
O2O's benefits include applying your own Cloudflare zone's services and settings — such as WAF, Bot Management, Waiting Room, and more — on the traffic destined for your Render services.
For additional detail about how traffic routes when O2O is enabled, refer to How O2O works.
Render customers can enable O2O on any Cloudflare zone plan. Cloudflare support for O2O setups is only available for Enterprise customers.
To enable O2O for a specific hostname within a Cloudflare zone, create a Proxied CNAME DNS record with your Render site name as the target. Render's domain addition setup will walk you through other validation steps.
| Type | Name | Target | Proxy status |
|---|---|---|---|
CNAME | <YOUR_HOSTNAME> | <RENDER_SUBDOMAIN> (for example, example.onrender.com) | Proxied |
With O2O enabled, adding a wildcard subdomain to a Render service requires that the corresponding root domain is also routed to Render. If the root domain is routed elsewhere, wildcard routing will fail.
If your root domain needs to route somewhere besides Render, add individual subdomains to your Render service instead of a wildcard.
When a hostname within your Cloudflare zone has O2O enabled, you assume additional responsibility for the traffic on that hostname because you can now configure various Cloudflare products to affect that traffic. Some of the Cloudflare products compatible with O2O are:
For a full list of compatible products and potential limitations, refer to Product compatibility.
If you are a Render customer and have set up your own Cloudflare zone with O2O enabled on specific hostnames, contact your Cloudflare Account Team or Cloudflare Support for help resolving issues in your own zone.
Cloudflare will consult Render if there are technical issues that Cloudflare cannot resolve.
If you encounter SSL errors, check if you have a CAA record.
If you have a CAA record, verify that it permits SSL certificates to be issued by Google Trust Services (pki.goog).
For more details, refer to CAA records.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
