---
title: Fastly-SSL
summary: null
url: https://www.fastly.com/documentation/reference/http/http-headers/Fastly-SSL
---

Set to `"1"` on requests that arrived at Fastly over TLS, if the header is not already present on the request.

> **HINT:** In [VCL services](https://www.fastly.com/documentation/guides/vcl), `fastly_info.edge.is_tls` is a better choice in all scenarios in which the `Fastly-SSL` header might otherwise be used.  In [Compute@Edge](https://www.fastly.com/documentation/guides/compute) services, each [language SDK](https://www.fastly.com/documentation/reference/compute/sdks) exposes connection properties which are also a better choice than relying on `Fastly-SSL`.

Be aware of several important caveats when using this header:

- If the client request includes this header, Fastly will not overwrite or correct it.  A client capable of setting arbitrary headers can therefore spoof the value of `Fastly-SSL`.
- If the Fastly service is configured to use [shielding](https://www.fastly.com/documentation/guides/concepts/shielding/), the connection between the edge and shield POPs uses TLS if the origin itself supports TLS.  The value of `Fastly-SSL` when read on a machine acting as a shield will therefore be `"1"` if the origin is configured with TLS enabled.

For a secure method of detecting the TLS state of the connection, see `fastly_info.edge.is_tls`.