Forcing a TLS redirect

      Last updated October 09, 2018

    If you want to only allow TLS on your site, we have you covered. We've built a switch into the request settings that will allow you to force unencrypted requests over to TLS. It works by returning a 301 Moved Permanently response to any unencrypted request, which redirects to the TLS equivalent. For instance, making a request for would redirect to


    These instructions assume that you've set up TLS service with Fastly.

    Forcing a TLS redirect

    To force a TLS redirect, follow these steps:

    1. Log in to the Fastly web interface and click the Configure link.
    2. From the service menu, select the appropriate service.
    3. Click the Edit configuration button and then select Clone active. The Domains page appears.
    4. Click the Settings link. The Settings page appears.
    5. Click the Create request setting button. The Create a request setting page appears.

      the Create a request setting window

    6. Fill out the Create a request setting fields as follows:
      • In the Name field, type a human-readable name for the request setting. This name is displayed in the Fastly web interface.
      • From the Force TLS menu, select Yes.
    7. Click the Create button to save your request setting changes.
    8. Click the Activate button to deploy your configuration changes.
    Back to Top

    Additional resources: