Pound adds multiple X-SSL-* request header fields to the request. The backend can query these and could set security::secure_conn_p (see
https://www.apsis.ch/pound.html).
This was not an issue for us, since we only allow SSL connections from the outside world.
guess, with nginx one can get the same behaviour by using proxy_set_header.