Skip to content

[Cloudflare One] Document non-identity email for auth proxy endpoint background requests #28674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
caley-b merged 2 commits into from
Mar 3, 2026
Merged

[Cloudflare One] Document non-identity email for auth proxy endpoint background requests #28674

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0af9fbe
[Cloudflare One] Document non-identity email for authorization proxy …
Encore-Encore Feb 28, 2026
bec6d88
fix: use <your-team-name> placeholder to match docs conventions
Encore-Encore Feb 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions ...nt/docs/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,9 +472,15 @@ Authorization endpoints do not support plaintext HTTP traffic unless the traffic

#### Referer header traffic

Traffic with a referer HTTP header matching the domain of a recently logged in user from the same source IP will be allowed through and logged with a non-identity email address.
Traffic with a referer HTTP header matching the domain of a recently logged in user from the same source IP will be allowed through and logged with the following non-identity email address:

This issue occurs because browsers will not tag HTTP sub-requests with the identity cookie used to verify user authentication. If you would like to filter this traffic, you can set up an [HTTP policy](/cloudflare-one/traffic-policies/http-policies/) to block all traffic matching the non-identity email address.
```txt
auth-proxy-non-identity@<your-team-name>.cloudflareaccess.com
```

Where `<your-team-name>` is your [team name](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name).
Comment on lines +475 to +481
Copy link
Contributor

@caley-b caley-b Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Traffic with a referer HTTP header matching the domain of a recently logged in user from the same source IP will be allowed through and logged with the following non-identity email address:
This issue occurs because browsers will not tag HTTP sub-requests with the identity cookie used to verify user authentication. If you would like to filter this traffic, you can set up an [HTTP policy](/cloudflare-one/traffic-policies/http-policies/) to block all traffic matching the non-identity email address.
```txt
auth-proxy-non-identity@<your-team-name>.cloudflareaccess.com
```
Where `<your-team-name>` is your [team name](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name).
Traffic with a referer HTTP header matching the domain of a recently logged-in user from the same source IP will be allowed through and logged with the following non-identity email address: `auth-proxy-non-identity@<your-team-name>.cloudflareaccess.com`, where `<your-team-name>` is your [team name](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name).


This occurs because browsers do not tag HTTP sub-requests with the identity cookie used to verify user authentication. If you would like to filter this traffic, you can set up an [HTTP policy](/cloudflare-one/traffic-policies/http-policies/) to block or allow all traffic matching the `auth-proxy-non-identity@<your-team-name>.cloudflareaccess.com` email address.

### Traffic limitations

Expand Down
Loading