One of the services Cloudflare provides for our Enterprise customers is the Managed CNAME service. This service lets another website owner create a CNAME that targets your domain on Cloudflare and CloudFlare will resolve with the CNAME zone's host header.
The main benefit to a Managed CNAME setup is to preserve branding for a Cloudflare customer. For a SaaS company, a client who signs up for your service does not need to make a separate Cloudflare account. The customer can use the SaaS provider’s account to add the benefits CloudFlare adds to your website. This allows a SaaS company to add clients with relative ease.
There are drawbacks for this setup. One of which is the inability to use Cloudflare-issued SSL certificates due to validation restrictions from our partner certificate authorities (CA).
Since Cloudflare's features are all applied to a zone on an account there are some extra things to consider:
Requests with host headers that don't belong to the managed zone cannot be directly managed by this zone in the Cloudflare UI or via the API.
This means that page rules cannot be created by the site owner for zones CNAME’d to their domain unless using Edge Side Code.
Files for zones CNAME’d to the domain on CloudFlare will be cached based on our default caching behaviors (file extensions, duration, etc.).
Files for zones CNAME’d to the domain on Cloudflare can only be purged using the cache tag functionality.
Note: TLS ("SSL") is not currently supported on the Managed CNAME endpoint.