Using Cloudflare Orange-to-Orange (O2O) with Webflow

Enhance your Webflow site with Cloudflare security and performance features.

Orange-to-Orange (O2O) allows you to use Cloudflare’s performance and security features alongside Webflow hosting. When O2O is enabled, traffic to your site goes to Cloudflare first — where your chosen features are applied — and then to Webflow, which serves your site to visitors.

What you can do with O2O

With O2O enabled, you can layer Cloudflare’s features on top of Webflow hosting — adding more ways to protect your site and manage traffic. For example:

• Web Application Firewall (WAF) — blocks malicious traffic and helps protect your site from common web attacks

• Bot protection (Bot Fight Mode) — detects and challenges automated bot traffic to reduce spam and abuse

• Waiting Room — manages surges in demand by queuing visitors and keeping your site available during high-traffic events

For the full list of supported features, check out Cloudflare’s product compatibility guide.

Enable O2O for your domain

To use O2O, you need to add and configure your domain in Cloudflare, then connect it to your Webflow.

Before you get started

Before setting up O2O, you’ll need:

• A Cloudflare account — log in or create a Cloudflare account

• A custom domain (e.g., yourdomain.com) — you can buy a custom domain from IONOS through Webflow or purchase one directly from any domain registrar

• A paid Webflow Site plan — learn how to upgrade your Site plan

Add and configure your domain in Cloudflare

If you already manage your domain in Cloudflare, you can skip to Configure your DNS records.

Add your domain

1. In the Cloudflare dashboard, click Onboard a domain

2. Enter your root (apex) domain (e.g., yourdomain.com) and complete the setup steps

3. Update your domain’s nameservers with your registrar, following Cloudflare’s instructions

Configure your DNS records

In your domain’s DNS settings in Cloudflare, create a proxied CNAME record for each version of your domain you want to use with O2O.

Cloudflare uses @ to represent your root domain (e.g., yourdomain.com). For subdomains, enter the domain prefix — for example, for www.yourdomain.com, enter www.

Most sites use both the root domain (@) and the www subdomain — we recommend adding records for both so all traffic is covered. If you use additional subdomains (e.g., blog.yourdomain.com), add a record for each one as well.

Connect, verify, and publish your custom domain in Webflow

1. Go to Site settings > Publishing > Production

2. Quick connect your custom domain (recommended), or manually connect your custom domain if quick connect isn’t available

3. Click Verify domain to confirm the connection

4. Set a default domain

5. Publish your site to your custom domain

Troubleshooting O2O

Once you’ve added your domain to Cloudflare and created the CNAME record, your domain is set up to use O2O. You can now turn on Cloudflare features like WAF, Bot protection, and Waiting Room, or explore other compatible features in Cloudflare’s product compatibility guide.

If you encounter issues with any Cloudflare features you’ve enabled, contact Cloudflare Support for help.

525 Handshake Error

If you see a “525 Handshake Error,” the Cloudflare proxy (orange cloud) may be enabled for your Webflow DNS records. For standard Webflow hosting, set the proxy status to DNS only (grey cloud). 

If you want to use Cloudflare’s performance and security features alongside Webflow hosting, set up Orange-to-Orange (O2O) instead.