You can let Secure Web Gateway appliances take the roles of servers and clients with web traffic going on between them under ICAP.
Under this protocol, an ICAP server modifies requests and responses when communicating with ICAP clients. Traffic can, therefore, go on in what is known as the REQMOD and the RESPMOD mode.
ICAP traffic can also be SSL-secured. It is then referred to as Secure ICAP or ICAPS traffic.
To secure ICAP traffic, you need to import a server certificate for each port on the appliance that takes the server role, listening to SSL-secured requests from its clients.
Requests that ICAP clients send to the server must include ICAPS as specification in the server address to enable SSL-secured communication.
ICAP clients are not required to submit certificates to the server.