Domain Management
Fastly Engineers detected a performance impacting event affecting our certificate authorization system for Fastly-managed certificates.
All other data centers and services were unaffected. The issue has been resolved and we are monitoring performance closely.
On the 18th of July, 2025, Fastly was made aware of a new HTTP/1.1 desync attack vector. Our security response engineers immediately initiated a thorough internal investigation, which determined that the Fastly platform is
not vulnerable
to this attack vector.
On the 21st of July, to validate our findings, we collaborated with the third-party researcher who discovered the attack vector. In this process, we confirmed that no Fastly-hosted endpoints were flagged as vulnerable during their research. The researcher noted that "Fastly seems to be relatively robust against desync attacks."
For additional due diligence, our Engineering teams also reviewed a preview of the full whitepaper on 28th of July, which further confirmed our conclusions.
You can read more about their research here: [ The Desync Endgame Begins by James Kettle from PortSwigger Research ]
We are seeing increased errors across multiple Fastly services that utilize a common third party service provider, unrelated to Fastly's Edge Cloud Network.
Fastly has launched acute incident response practices to investigate into this issue further in an effort to reduce the impact to our customers.
As our engineers determine the scope of impact our Customer Escalation Management team will be updating the impacted components on this status post.
We're aware of an ongoing Google Cloud incident, detailed on their status page, which is affecting several Fastly services. Customers may be experiencing increased latency due to impact to our KV Store.
Specifically, those trying to access their control plane via manage.fastly.com might notice that several key Observability features are not loading, including Billing, Historical Stats, Log Explorer & Insights, Origin Inspector, Real-Time Log Streaming, and Real-time Analytics. You may also find it difficult to engage with API endpoints. Additionally, customers might see elevated errors when accessing Fastly webpages and documented resources.
Our engineers are working to restore these services as a high priority and we will provide more information shortly.
You can monitor the Google Cloud incident here:
We've confirmed that customers won't receive status post notifications through their Support Slack channels during this incident.
However, we want to assure you that your ability to request a support case through our Support Slack services remains unaffected. You can still open new support cases as needed.
Google Cloud has communicated that they have successfully deployed mitigations to the majority of their services. We are now observing a gradual recovery of Fastly services.
We will continue to monitor this situation with the highest priority until all Fastly and customer services are fully restored.
We have continued to monitor the Google Cloud Status Page for the latest information by the third party service provider.
Incident Update: Full Recovery and Root Cause Identified
Current Status: Resolved
We're confirming that all services impacted during yesterday's incident have fully recovered. Our teams continuously monitored the situation and verified the stability of all affected systems.
Root Cause Analysis
Our investigation has confirmed that the increased errors and latency across our KV Store, control plane, and certain Observability features were a direct result of the Google Cloud disruption on the 12th of June 2025.
Google has publicly shared a post-mortem regarding the incident. It includes specific information about the root cause—an invalid automated quota update to their API management system—along with their mitigation strategies and steps they're taking for future prevention.
Next Steps
For a comprehensive understanding of the incident's origin, mitigation, and Google's preventative measures, we encourage customers to review the official Google Cloud Status Page. This provides a full breakdown from their perspective.
Additionally, our Product and Engineering teams will thoroughly review all Google Cloud Platform (GCP) reports to determine mitigation strategies and ensure they are adopted as part of our long-term preventive measures to ensure our systems are more resilient to third-party outages of this kind in the future.
We appreciate your patience and understanding as we worked through this third-party event. Our focus remains on providing reliable and high-performance services.
Our Engineers identified a incident that would have impacted new or renewal requests for Certainly TLS certifications to fail shortly after our customers made the request from 14:37 to 17:10 UTC.
Requests from customers made during the affected timeframe would have not been successful and would require a follow-up request.
Our ability to deliver network and security services to existing TLS certifications was not impacted during this incident.
We're currently investigating performance issues with our TLS provisioning system.
All other services are unaffected.
A fix has been implemented and we are monitoring the results.
This incident has been resolved.