Why TikTok “Infinite Loading” Usually Means Split Paths

TikTok rarely fails because a single toggle is wrong. A typical session resolves the glossy tiktok.com shell, fetches layout JSON, negotiates auth cookies, opens parallel HTTPS flows to ByteDance API edges, and then downloads high-bitrate short-video segments and live ingest legs from CDN hostnames that do not always include the word “TikTok” in the public suffix. Clash evaluates every new connection with ordered domain rules, so it is easy to proxy the marketing storefront while telemetry, upload APIs, or segment hosts still exit DIRECT through an ISP path that the app treats as inconsistent with the rest of the session. The UI responds with softness: endless spinners on the For You page, thumbnails that never hydrate, live rooms that connect audio but freeze video, or a web player that loads comments while the clip itself stays at zero percent.

This pattern is the same family we document for long-form streaming—see our YouTube split-routing guide for Google’s googlevideo.com story—but TikTok swaps vendor namespaces. Where Netflix clusters many hostnames under familiar streaming suffixes, ByteDance products mix brand surfaces with infrastructure under tiktokcdn.com, tiktokv.com, byteoversea.com, and other capture-specific domains. A profile tuned only for “the site I clicked” can therefore look healthy in a speed test while the actual byte pipes never reach your streaming nodes.

Speed tests exaggerate confidence because they measure one fat session to a speed-test host, not dozens of short-lived TLS connections with aggressive deadlines that a short-video client opens while it re-evaluates bitrate ladders. People who search “Clash TikTok” alongside CDN or ByteDance keywords are usually describing routing incoherence—not a mysterious device ban. Everything below assumes you may legally use Clash and access TikTok in a way that complies with ByteDance’s terms and your local regulations; evading lawful blocks, scraping at scale, or bypassing contractual restrictions where prohibited is not the purpose of this guide.

Prove the path, not the myth: Open Clash connection logs, launch TikTok, and pull to refresh. If tiktokcdn.com or tiktokv.com hits DIRECT while tiktok.com rides your proxy, you have a textbook partial domain split routing fault—the sort that produces endless loading even when the storefront HTML looked fine.

ByteDance Estates Versus YouTube, Netflix, and Disney+ CDNs

Our Disney+ guide and the YouTube article above optimize for long-form streaming: parallel segment fetches, DRM handshakes, and sustained megabits. TikTok adds bursty scroll workloads, aggressive prefetch, and live rooms that mix RTM-style control channels with CDN bulk—so throughput still matters, but connection churn and UDP-heavy paths can dominate. The actionable difference is suffix shape: Google’s stack leans on googlevideo.com; Netflix concentrates video under provider-specific namespaces; ByteDance stacks frequently split “account and control” from “bytes and thumbnails” across multiple public suffixes that rotate with app versions and regional rollouts.

If you are merging profiles, read rule routing best practices first so AI chat sections, games, and short-video blocks stay separated and reviewable when the next mobile update renames a CDN leaf overnight. Treat rule sets as versioned dependencies: diff them when playback regresses, the same way you would diff a dependency bump in an application build.

Compared with opaque “one click acceleration,” explicit domain split routing costs more thought up front and pays back when you can explain, line by line, which hostname families belong in STREAM_PROXY versus DIRECT—especially in 2026 as edge deployments continue to shift.

Hostname Families: Storefront, APIs, CDN Bytes, and Live Rooms

Think in families so your YAML stays legible. First, the customer-facing TikTok shell lives primarily under tiktok.com and related marketing hosts—enough for shallow navigation and some web playback, but rarely sufficient alone for native apps that fan out across additional namespaces. Second, ByteDance API and identity plumbing often appears on domains such as byteoversea.com, snssdk.com, or similarly named infrastructure captured in real-world traces; login, consent, device attestation, and feature flags frequently show up here when those calls accidentally go DIRECT while the storefront is proxied. Third, video bytes and thumbnails commonly use tiktokcdn.com, tiktokv.com, or third-party edges referenced by manifests; community lists cluster these because they are high-signal for “make the player actually move bits.” Fourth, live streaming may introduce additional upload/download legs and time-synced APIs; starving any one leg produces “audio OK, video frozen” symptoms that look like app bugs but are routing faults. Fifth, expect telemetry, crash reporting, and experiments on fast-rotating subdomains; capture them from logs instead of guessing.

CDN edges for segments may not say “TikTok” in the hostname at all. If your domain rules only cover marketing suffixes, segment hosts can still match MATCH,DIRECT or an unintended group, producing the exact “stuck at 0%” feeling users blame on Clash. When that happens, widen coverage using observed suffixes, curated remote lists, or temporary logging captures—avoid blind DOMAIN-KEYWORD,tiktok shortcuts except as short triage, because keywords over-capture unrelated marketing pages and third-party widgets.

Names in this article are illustrative: your client build, A/B experiments, or regional rollout may require additional suffixes—append what your logs prove rather than cargo-culting a stale gist from a forum thread.

Observing Traffic: Web, Mobile Apps, TVs, and Clash Logs

Reproduce the issue with logging enabled. Desktop browsers expose hostnames in developer tools for the web app; native Windows and macOS clients may need OS connection monitors or process-scoped utilities. Smart TVs and cheap streaming sticks are harder—often the practical approach is gateway-side observation on the same LAN or testing the same account on a phone where Clash logs are visible. On Android and iOS, vendor-specific per-app routing or TUN coverage matters because mobile TikTok clients may ignore classic system proxy settings while still opening many parallel flows to CDN edges. The debugging question stays the same: for each hostname involved in login, feed hydration, and playback, which policy group fired, and did the connection complete TLS?

If the policy is wrong, fix domain rules and ordering. If the policy is right but connections reset mid-handshake, rotate streaming nodes or inspect uplink congestion before rewriting YAML. Timeout and TLS patterns in logs helps separate handshake failures from post-connect throttling—both masquerade as “infinite loading” in glossy mobile UIs.

When the web player works but the official app does not, suspect application coverage: many mobile binaries ignore system proxy environment variables. That is where TUN mode enters later—kernel-level routing is often the only way to give stubborn binaries a coherent view of your domain split routing policy.

Streaming Nodes, UDP/QUIC, Live, and Stable Node Region

Not every exit labeled “media” in a subscription title is honest about capacity. Prefer nodes that sustain throughput during multi-minute runs, not just nodes that win a url-test against a tiny probe. For TikTok, also think about node region as part of the same story as account consistency: if authentication APIs see a Tokyo egress while segment CDNs or upload edges attempt to leave Los Angeles, the service may refuse to advance the state machine even though raw ping looks fine. Mixed routing—where OAuth-style calls exit one city while CDN bytes attempt another—is a classic recipe for cryptic errors after app updates tighten consistency checks.

Modern stacks may prefer QUIC where networks allow it; some exits handle UDP-heavy paths poorly even when TCP speed tests look glorious. When you see mystery stalls, compare logs for protocol behavior alongside raw Mbps. Within Clash, dedicate a policy group such as STREAM_PROXY with url-test or fallback tuned for sustained downloads rather than minimal-latency gaming. Nested selectors let you try a small pool of streaming-friendly exits before falling back to a general pool. Keep elephant flows (nightly backups, torrents, giant game patches) off that group when possible so short-video sessions do not compete for the same bottleneck during prime time.

Choosing a capable Clash client matters because you will compare live throughput, error counters, and per-host policy hits while you test—tasks that are painful on minimal UIs.

DOMAIN-SUFFIX Baselines and an Illustrative YAML Fragment

Suffix rules remain the readable default for sprawling vendor estates. Lines such as DOMAIN-SUFFIX,tiktok.com,STREAM_PROXY cover the public namespace users recognize, while DOMAIN-SUFFIX,tiktokcdn.com,STREAM_PROXY and DOMAIN-SUFFIX,tiktokv.com,STREAM_PROXY catch high-volume media hosts that dominate many captures. Supporting families frequently include DOMAIN-SUFFIX,byteoversea.com,STREAM_PROXY and DOMAIN-SUFFIX,snssdk.com,STREAM_PROXY when logs show API or device-attestation traffic there; treat those lines as examples to validate, not as eternal truth. Broader lines such as DOMAIN-SUFFIX,ttlivecdn.com,STREAM_PROXY may appear in community lists when live features introduce new edges—import what your traces justify. Avoid merging unrelated vendor namespaces into an unreadable soup: label ByteDance blocks clearly beside your YouTube and Netflix sections so ordering stays reviewable.

Prefer suffixes tied to observed TLS Server Name Indication values, then refine once playback is stable. If you need failover tuning for pools, see policy groups, url-test, and fallback—the same ideas apply when you want a streaming group that fails over without manual clicking.

Illustrative YAML fragment

rules:
  - DOMAIN-SUFFIX,tiktok.com,STREAM_PROXY
  - DOMAIN-SUFFIX,tiktokcdn.com,STREAM_PROXY
  - DOMAIN-SUFFIX,tiktokv.com,STREAM_PROXY
  - DOMAIN-SUFFIX,byteoversea.com,STREAM_PROXY
  - DOMAIN-SUFFIX,snssdk.com,STREAM_PROXY
  - GEOIP,CN,DIRECT
  - MATCH,DIRECT

Place domestic or LAN bypass rules above broad proxy catches as usual. These names are examples; append additional suffixes that appear in your own Clash logs when feeds or live rooms still spin.

Accounts, Commerce, and Region Signals (Reality Check)

Even perfect domain rules cannot invent entitlements your account and payment profile do not support. Shop availability, localized offers, creator tools, and merchant flows depend on account country, payment history, merchant-of-record rules, and device capabilities—not only the egress IP that Clash selects. Some quality caps trace to codecs, HDR pipelines, or camera hardware; no YAML file overrides physics or studio agreements.

From a networking standpoint, the actionable advice remains boring but effective: pick one stable node region for the whole session instead of flapping between exits mid-login, and avoid split paths where authentication APIs and media stacks disagree about which market they are in. If purchase pages behave oddly, verify you are not mixing DNS answers, HTTPS MITM tooling, and aggressive blocklists that break payment iframes—symptoms that look like “region bugs” but are really partial breakage of the broader web estate.

This article does not instruct readers to evade ByteDance’s geographic rules, share accounts across borders in ways that violate terms, or manipulate commerce jurisdictions where prohibited.

Remote Rule Sets and TikTok-Oriented Lists

Hand-maintaining every new CDN leaf is tedious; remote rule sets automate refreshes. The trade-off is trust and ordering: a list that lags reality leaves you with missing suffixes, while an over-broad list may send unrelated traffic through your streaming nodes. Diff updates when TikTok regresses after a silent rule-provider refresh—treat third-party lists like dependency upgrades, not magic incantations.

Keep LAN, intranet, and aggressive tracker blocklists above indiscriminate proxy rules. A false positive on a CDN hostname starves the app even when your TikTok suffix lines exist lower in the file, because the first match wins. When debugging, temporarily disable suspicious lists to confirm whether “TikTok is down” is really “my blocklist ate a media API host.”

When lists disagree, prefer the capture from your own Clash logs on the failing device. Regional rollouts mean two “correct” community lists can differ; your ground truth is the hostname that timed out, not the upvote count on a forum thread.

System Proxy, Mobile Apps, and When TUN Wins

System proxy works when the client respects OS proxy settings—many desktop browsers do; many mobile, TV, and set-top apps do not. If only the browser obeys the proxy, your phone’s official TikTok client may keep using the ISP path while the laptop looks “fixed,” producing endless threads that blame the app instead of coverage.

TUN pushes routing to the kernel so stubborn binaries follow the same default route through Clash. That is powerful and conflict-prone: corporate VPNs, zero-trust agents, and other virtual adapters fight over precedence. Read the TUN deep dive before stacking TUN on top of another tunnel. On routers or gateways, equivalent concepts apply—policy routing must be coherent for every device on the LAN that scrolls or goes live.

The goal is not “disable security to make video work”; it is to choose one enforcement mechanism that actually covers the binary you care about, then align domain split routing rules with that mechanism.

DNS, fake-ip, and Flows That Never Attach to STREAM_PROXY

Under fake-ip, apps may receive quick synthetic answers while resolution continues on the proxy side. If your DOMAIN-SUFFIX coverage does not include a new API or segment hostname, the flow may never attach to STREAM_PROXY even though the marketing shell loaded over a covered suffix—classic “home screen OK, playback stuck.” Align fake-ip filters with the namespaces you proxy, or enumerate critical hosts explicitly when debugging.

Do not stack browser DNS-over-HTTPS, OS resolvers, Clash DNS, and ISP redirection without knowing precedence. FAQ guidance on DNS and connectivity helps separate poisoned answers from correct answers sent out the wrong policy. For deep DNS stack tuning on modern cores, see Clash Meta DNS: nameserver, fallback, and fake-ip-filter—especially if you run Mihomo-class features alongside streaming rules.

Corporate networks that rewrite media names to caches or sinkholes need IT cooperation; no consumer YAML overrides resolver policy inside someone else’s perimeter without their participation.

Rule Order, Blocklists, and the MATCH Line

Sequential evaluation means broad geolocation shortcuts must sit in the right place relative to your TikTok lines. A premature GEOIP,CN,DIRECT might be correct for domestic sites but disastrous if it catches traffic you meant to proxy—ordering is policy, not decoration. After any rule-provider update, scan for new catch-all lines above your streaming section.

The trailing MATCH encodes your default philosophy. MATCH,DIRECT is pleasant for everyday browsing but unforgiving when ByteDance shifts a CDN prefix overnight. The sustainable fix is refreshing streaming lists and suffix baselines, not permanently forcing MATCH to a global proxy unless you truly want every flow to share one exit—including bulk downloads that will starve short-video traffic.

Subscription Updates and Proxy Loops

A proxy loop starves your profile silently: subscription URLs and rule providers cannot refresh because their HTTP fetches are forced through dead nodes. Your TikTok rules stop evolving; new hostnames never arrive; yesterday’s YAML rots. Give update endpoints a reliable DIRECT path or a maintenance group, and verify refreshes succeed on a schedule. Combine that operational habit with subscription and node maintenance so you can tell stale lists from stale exits.

Checklist Before You Blame TikTok or Your ISP

Work top to bottom; each step eliminates a class of failures before you factory-reset hardware or reinstall apps.

  1. Confirm TikTok access with Clash is allowed by ByteDance’s terms, local law, and your network policy.
  2. Verify account status, device capabilities, OS “data saver” toggles, and in-app quality limits are not the real bottleneck.
  3. Reproduce while watching Clash logs; list hostnames for login, APIs, thumbnails, segments, and live legs.
  4. Ensure every critical hostname hits STREAM_PROXY (or your chosen group), not DIRECT by accident.
  5. Expand DOMAIN-SUFFIX baselines and refresh TikTok-oriented rule sets when captures change.
  6. Align DNS and fake-ip filters with the same namespaces you proxy.
  7. Audit rule order for geolocation lines and blocklists that starve CDN or API calls.
  8. Choose system proxy versus TUN based on which apps actually honor your policy.
  9. Keep node region stable for the session; avoid mixed exits across authentication and playback stacks.
  10. Confirm subscription and rule-provider downloads are not stuck in a proxy loop.
  11. After local issues are ruled out, rotate streaming nodes or check provider status—not superstition.

Timestamp each change. Playback regressions love to correlate with silent list updates; diffs beat guesswork.

Compliance reminder: Respect TikTok and ByteDance terms of service, content licensing, local regulations, and workplace acceptable-use policies. This article explains routing hygiene for legitimate use—not credential sharing, unauthorized redistribution, or evasion of lawful restrictions where prohibited.

Wrap-Up: Short Video Wants One Coherent Egress per Session

TikTok is a multi-hostname, high-churn workflow disguised as a single vertical feed. Clash gives you precise levers—policy groups, domain rules, remote rule sets, DNS alignment, and optional TUN enforcement—to describe which flows should use streaming nodes and which should stay DIRECT. When that description drifts, users blame “ISP throttling” or “bad app updates” while the logs quietly show ByteDance APIs and CDN edges never took the same exit as the glossy shell.

Compared with opaque accelerators, explicit domain split routing costs more thought up front and pays back in fewer mystery spinner loops—especially as edges and APIs continue to shift in 2026. Keep AI-oriented profiles separate from short-video stacks, refresh lists deliberately, and treat throughput plus session consistency as part of node selection, not an afterthought once chat sites feel fast. When you need another streaming playbook with different suffixes, revisit Disney+ alongside YouTube and Netflix—same discipline, different vendor hostnames.

Download Clash for free and experience the difference—spend your evening watching the feed, not rebooting hardware that only ever needed coherent TikTok hostnames and a streaming-friendly exit.