BOOL, read-only.

Available inall subroutines.

True if the client request is made over a TLS-secured connection.

If the server processing the request is acting as a shield, then the client will be another Fastly POP, not the end-user device. When that happens this variable reports whether the shielding connection uses TLS, not whether the end user's connection uses TLS.

This is a good way to detect whether a server is directly handling a request that is from an end user and that is not secure:

sub vcl_recv { ... }
Fastly VCL
if (fastly.ff.visits_this_service == 0 && !fastly_info.edge.is_tls) {
// ...

User contributed notes


Do you see an error in this page? Do you have an interesting use case, example or edge case people should know about? Share your knowledge and help people who are reading this page! (Comments are moderated; for support, please contact Fastly support)