fastly_info.edge.is_tls
BOOL, read-only.
Available inall subroutines.
True if the client request is made over a TLS-secured connection.
If the server processing the request is acting as a shield, then the client will be another Fastly POP, not the end-user device. When that happens this variable reports whether the shielding connection uses TLS, not whether the end user's connection uses TLS.
This is a good way to detect whether a server is directly handling a request that is from an end user and that is not secure:
sub vcl_recv { ... }
Fastly VCL
if (fastly.ff.visits_this_service == 0 && !fastly_info.edge.is_tls) { // ...}