"Fastly-Force-Shield" AND "Fastly-No-Shield" Usage


Hi guys,

I found several blog posts and videos mentioning the use of the Force\No-Shield header, I understand it has to do with the nodes clustering logic.
For example, in case of a restart (not in an error case) we would want to enable the clustering logic so we set “Fastly-Force-Shield” header.

I didn’t find any official documentation on these headers usage, Can you please explain when we should use these headers, why and how?



Can you please explain when we should use these headers, why and how?

While they’re available for use, they have quite specific uses and won’t be needed by the majority of users. Thus the scarcity of documentation.

Fastly-Force-Shield ensures that clustering is enabled. Clustering means there’s more cooperation between nodes in the POP when requesting content. It can also mean fewer requests to your origin. You might want to use this if:

  • You want your VCL config to make a secondary request to another origin host. This will ensure the request clusters rather than going straight to origin when the restart happens.
  • You want the content found as a result of a redirect to be served (rather than serving the actual redirect).

One of our Support Engineers, Paolo Alvarado, gave a talk about this recently at the Fastly Altitude conference.
here are the slides and the video.

Fastly-No-Shield ensures clustering gets disabled. It’s useful for troubleshooting, but it may also have other ramifications such as impacting performance, or more traffic to the origin, so I wouldn’t recommend using it in normal use. It’s really an internal mechanism that we’ve made available to customers to use for ease and flexibility. You might want to use this if:

  • You want to test request behavior when a particular cache node communicates with the origin server (as when clustering happens you won’t be able to determine which node the cluster request is sent to).

To use them, merely set the value to any value (“1”, “yes” etc) either at the source of your request or in a function in VCL. eg: curl -svo /dev/null https://www.example.com/ -H"Fastly-No-Shield: 1"