Indicates whether the client-side connection used TLS to connect to Fastly.

Fastly writes this header into requests. It is proprietary to Fastly.

Set to "1" on requests that arrived at Fastly over TLS, if the header is not already present on the request.

Be aware of several important caveats when using this header:

  • If the client request includes this header, Fastly will not overwrite or correct it. A client capable of setting arbitrary headers can therefore spoof the value of Fastly-SSL.
  • If the end-user connection is not secure, but the Fastly service is configured to use shielding, the value of Fastly-SSL when read on a machine acting as a shield will be "1", because the connection between Fastly edge POPs and shield POPs is always secure.

For a secure method of detecting the TLS state of the connection, see fastly_info.edge.is_tls.