---
title: Edge processing phases model
summary: null
url: >-
https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model
---
This edge processing phases model defines a series of ordered phases that a request and response pass through at the Fastly edge. It provides a framework for understanding when different types of logic execute.
For example, this model can help explain why VCL headers added to a request during [edge application request processing](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-edge-application-request-processing) are visible to the [Edge WAF](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-edge-waf-request-inspection) but not the [Adaptive Threat Engine](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-adaptive-threat-engine).
## Key principles
Edge processing phases adhere to the following key principles:
- **Phases begin in a defined order.** Each phase starts only after the previous phase has started.
- **Phases may not end in the order they started.** The flexible nature of edge processing means that later phases for one subrequest may complete before earlier phases for another subrequest. For example, a Compute program can initiate multiple backend requests, service chains, or shielded requests, each proceeding through later phases independently and completing at different times.
- **Phases are skipped when not applicable.** If a feature is not enabled or configured, the related phase is bypassed. For example, if your service does not use [Image Optimizer](https://www.fastly.com/documentation/guides/full-site-delivery/image-optimization/about-fastly-image-optimizer/), the [image optimization](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#response-processing-phase-image-optimization) phase is skipped.
- **Some phases create additional requests.** For example, in the [edge application request processing](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-edge-application-request-processing) phase, shielding, service chaining, and async origin fetch can generate new requests that pass through the edge processing phases model independently.
- **Phases 1-5 only process external client requests.** They do not process internal requests generated by shielding, service chaining, and async origin fetch.
## Request processing phases
When a client sends a request to a Fastly service, it passes through the following phases in order:
| Order | Name | Description |
| ----- | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| 1 | Client transport negotiation | Fastly negotiates transport protocol with the web client. This includes modern protocols such as [HTTP/3 over QUIC (UDP)](https://www.fastly.com/documentation/guides/full-site-delivery/performance/enabling-http3-for-fastly-services/), as well as TCP for traditional HTTP/2 and HTTP/1.1. This phase does not include transport negotiation for connections to origins. |
| 2 | Client TLS handshake | Fastly handles the [TLS handshake](https://www.fastly.com/documentation/reference/api/ip-configuration/spp/tls-configuration/) with external web clients, which can include [mutual TLS (mTLS) authentication](https://www.fastly.com/documentation/guides/getting-started/domains/securing-domains/setting-up-mutual-tls-authentication/). Origin TLS handshakes are not a part of this phase and are instead performed in [phase 8](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-external-origin-fetch). |
| 3 | Adaptive threat engine | [DDoS Protection](https://www.fastly.com/documentation/guides/security/ddos-protection/about-ddos-protection/) inspects requests for Distributed Denial of Service (DDoS) attacks. |
| 4 | API discovery | [API Discovery](https://www.fastly.com/documentation/guides/security/api-security/about-api-discovery/) passively monitors HTTP traffic as it flows through Fastly's edge network and catalogs your API endpoints. |
| 5 | Bot detection | [Bot Management](https://www.fastly.com/documentation/guides/security/bot-management/about-bot-management/) (pre-cache inspection deployment) detects and classifies bot traffic. This phase is distinct from the bot-related processing that may occur during [phase 7](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-edge-waf-request-inspection). |
| 6 | Edge application request processing | VCL and Compute programs execute in this phase, along with a wide range of supporting functionality:
- [Access Control Lists](https://www.fastly.com/documentation/guides/security/access-control-lists/)
- [Cache](https://www.fastly.com/documentation/guides/concepts/cache/)
- [Clustering](https://www.fastly.com/documentation/guides/full-site-delivery/fastly-vcl/clustering-in-vcl/)
- [Compute](https://www.fastly.com/documentation/guides/compute/getting-started-with-compute/)
- [Edge Rate Limiting](https://www.fastly.com/documentation/guides/security/rate-limiting/working-with-rate-limiting-policies/)
- [Fanout](https://www.fastly.com/documentation/guides/concepts/real-time-messaging/fanout/)
- [Health checks](https://www.fastly.com/documentation/guides/concepts/healthcheck/)
- [IP block lists](https://www.fastly.com/documentation/guides/security/access-control-lists/using-the-ip-block-list/)
- [Request collapsing](https://www.fastly.com/documentation/guides/concepts/cache/request-collapsing/)
- [Service chaining](https://www.fastly.com/documentation/guides/getting-started/services/service-chaining/)
- [Shielding](https://www.fastly.com/documentation/guides/concepts/shielding/)
- [VCL (Delivery)](https://www.fastly.com/documentation/reference/vcl/subroutines/recv/)
- [WebSockets](https://www.fastly.com/documentation/guides/concepts/real-time-messaging/websockets-tunnel/)
This phase can create additional requests through shielding, service chaining, and async origin fetch. Each additional request passes through the edge processing phases model as a separate, independent request.
The [VCL request lifecycle](https://www.fastly.com/documentation/reference/vcl/request-lifecycle/) maps primarily to this phase and [phase 13](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#response-processing-phase-edge-application-response-processing). |
| 7 | Edge WAF request inspection | The [Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/how-the-edge-waf-works/) (Edge WAF deployment) and [Bot Management](https://www.fastly.com/documentation/guides/security/bot-management/about-bot-management/) (post-cache inspection deployment) inspect requests. For Compute services, you can configure this phase to execute after [phase 8](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-external-origin-fetch). |
| 8 | External origin fetch | Fastly sends requests to [origin backends](https://www.fastly.com/documentation/guides/integrations/non-fastly-services/developer-guide-backends/) outside the current Fastly deployment configuration. This phase includes the origin TLS handshake if applicable.
Requests to Fastly-managed origins outside the current deployment configuration (e.g., the On-The-Fly Packager) are modeled in this phase. However, requests to customer-managed origins within the current Fastly deployment configuration (e.g., shielding and service chaining) are handled in the [edge application request processing](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-edge-application-request-processing) phase. |
| 9 | On-Prem WAF request inspection | The [Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/about-deploying-the-next-gen-waf/#about-on-prem-waf-deployment) (On-Prem WAF deployment) inspects requests at the customer origin.
Other origin-side logic (such as web server request handling) may execute before this phase. The Next-Gen WAF agent executes at the discretion of that upstream logic. |
## Response processing phases
When a response is received from the origin or generated at the edge, it passes through the following phases in order:
| Order | Name | Description |
| ----- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| 10 | On-Prem WAF response inspection | The [Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/about-deploying-the-next-gen-waf/#about-on-prem-waf-deployment) (On-Prem WAF deployment) inspects responses at the customer origin before the response is sent back to the Fastly edge. |
| 11 | Image optimization | [Fastly Image Optimizer](https://www.fastly.com/documentation/guides/full-site-delivery/image-optimization/about-fastly-image-optimizer/) processes media in responses. |
| 12 | Edge WAF response inspection | The [Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/how-the-edge-waf-works/) (Edge WAF deployment) and [Bot Management](https://www.fastly.com/documentation/guides/security/bot-management/about-bot-management/) (post-cache inspection deployment) inspect responses. |
| 13 | Edge application response processing | VCL (in `vcl_deliver`) and Compute programs process responses. This phase also includes static response compression for VCL services. For more information, check out [VCL deliver subroutine](https://www.fastly.com/documentation/reference/vcl/subroutines/deliver/), [Getting started with Compute](https://www.fastly.com/documentation/guides/compute/getting-started-with-compute/), and [Static compression](https://www.fastly.com/documentation/guides/concepts/compression/#static-compression).
The [VCL request lifecycle](https://www.fastly.com/documentation/reference/vcl/request-lifecycle/) maps primarily to this phase and [phase 6](https://www.fastly.com/documentation/guides/getting-started/concepts/edge-processing-phases-model#request-processing-phase-edge-application-request-processing). |
| 14 | Dynamic response compression | Fastly dynamically compresses responses before delivering them to web clients. This [dynamic compression](https://www.fastly.com/documentation/guides/concepts/compression/#dynamic-compression) relies on HTTP content negotiation headers and is applied immediately before the response leaves the Fastly platform. |
## Related content
- [VCL request lifecycle](https://www.fastly.com/documentation/reference/vcl/request-lifecycle/)
- [About the Next-Gen WAF architecture](https://www.fastly.com/documentation/guides/next-gen-waf/getting-started/about-the-architecture/)