diff --git a/hosts/public-access-proxy/proxy.nix b/hosts/public-access-proxy/proxy.nix
index 50173ff9..a22a87f4 100644
--- a/hosts/public-access-proxy/proxy.nix
+++ b/hosts/public-access-proxy/proxy.nix
@@ -120,7 +120,8 @@ in
           timeout server 30000
 
         frontend http-in
-          bind :::80 v4v6
+          # tfo is tcp fastopen
+          bind :::80 tfo v4v6
           option http-keep-alive
           default_backend proxy-backend-http
 
@@ -143,7 +144,8 @@ in
           }
 
         frontend https-in
-          bind :::443 v4v6
+          # tfo is tcp fastopen
+          bind :::443 tfo v4v6
           tcp-request inspect-delay 5s
           tcp-request content accept if { req.ssl_hello_type 1 }
 
@@ -154,7 +156,7 @@ in
           ) cfg.proxyHosts}
 
         ${lib.concatMapStrings ({ proxyTo, proxyProtocol, ...  }: ''
-        
+
           backend ${canonicalize proxyTo.host}-https
             server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${toString proxyTo.httpsPort} check ${lib.optionalString proxyProtocol "backup"}
             ${lib.optionalString proxyProtocol "server ${canonicalize proxyTo.host}-proxy-https ${proxyTo.host}:${toString proxyTo.proxyHttpsPort} check send-proxy-v2"}