Protocol Downgrade (HTTPS Downgrade to Origin)

If you're incorporating Standard TLS or ​Akamai​'s shared certificate delivery security (HTTPS L1), you may want to apply HTTPS to the request from the client to our edge servers, but "downgrade" the connection to HTTP-only between ​Akamai​ and your origin.


Before you set up this behavior, familiarize yourself with its various features and limitations.

  • This behavior requires secure certificate delivery (HTTPS). However, Enhanced TLS (L3) certificate security is only supported in the Legacy Protocol Downgrade behavior. This behavior is only supported for use with the following:

    • Standard TLS (L1) Certificate
    • Shared Certificate hostname
  • A downgrade is restricted to GET, HEAD and OPTIONS methods.

  • This behavior doesn't allow whole site downgrades. For example, you can't use this behavior to downgrade delivery of the full site, from your origin.

  • There are no limits on downgrade based on file extension. We don't limit the downgrade of specific file types.

  • This behavior does not trim query strings on a downgrade. If your origin delivers assets that incorporate query strings, they're left as is.

  • You can include headers in a downgraded request, except these:

    • Origin
    • Referer
    • Cookie
    • Cookie2
    • sec-*
    • proxy-*

How it works

Complete usage details and requirements for this behavior are maintained in the relevant product's documentation: