Is there any standard http header which a ssl termination point should set?
I'm asking because currently we have a loadbalancer which is the termination for https. Behind there's an application server, and at the moment we have no clue wether the request came over http or https.
Should the loadbalancer set a cookie, or maybe a special http header?
SSL wraps HTTP, it is an issue similar to the https Vhost one ... nothing in the http is aware of the encrypted tunnel it is wrapped in.
Nevertheless the web server can set some env variable or other similar mechanism to make server side applications such as php script aware of the channel being encrypted or not, but it is not a protocol issue.
I assume your load balancer can manipulate the HTTP headers after decipher the SSL. Thus, a solution would be to add a custom local header to the HTTP request forwarded to the server, such as X-SSL-ENABLE: 1.
A cookie would be stored on the client's side, resent for each request and therefore loading your external bandwidth for no reason, since this is of internal use only.