We’ve introduced the “Fly-Src” header previously: Fly-Src: Authenticating HTTP requests between Fly Apps. Its an HTTP header that we inject in requests between fly machines going over 6pn, including flycast. Well we’ve recently expanded on this feature to make it available making requests that don’t go over flycast. Fly wont populate this header unless you ask for it by including a Fly-Src-OptIn: * header in your request. If you opt-in, you’ll get the same format Fly-Src header that you know and love.
Why is this important? You could use it to authenticate requests coming to your public fly apps from unrelated fly machines without having to provision a flycast address for them.
By way of example, if you make a request from a fly app to https://timflyio-go-example.fly.dev/flysrc from your fly machine, you should see the fly-src information it received:
root@e784731ead16d8:/# curl -s -H 'fly-src-optin: *' https://timflyio-go-example.fly.dev/flysrc
peer: 172.16.1.146:36902
fly-src: instance=e784731ead16d8;app=timflyio-go-example;org=tim-newsham;ts=1760048620
fly-src-signature: xWle3koPEkH+ihbhHv48BtzpYatg3StJ+6Hr7cYXgFwZBN1MIUW/AYUeg2+EsL90FlZrCqBPlYxqh0WzQw3lAA==
map[app:timflyio-go-example instance:e784731ead16d8 org:tim-newsham ts:2025-10-09 22:23:40 +0000 UTC]
For more information, please refer back to Ben’s great post about the Fly-Src header mentioned above.