BOOL, read-only.

Available inall subroutines.

True if the client request is made over a TLS-secured connection.

If the server processing the request is acting as a shield, then the client will be another Fastly POP, not the end-user device. When that happens this variable reports whether the shielding connection uses TLS, not whether the end user's connection uses TLS.

This is a good way to detect whether a server is directly handling a request that is from an end user and that is not secure:

sub vcl_recv { ... }
Fastly VCL
if (fastly.ff.visits_this_service == 0 && !fastly_info.edge.is_tls) {
// ...