X-Forwarded-Host
The HTTP X-Forwarded-Host request header is an unofficial HTTP header indicating the original Host header value sent by the client before a proxy or load balancer modified the request.
Usage
Reverse proxies and load balancers often rewrite the Host header when forwarding a request to a backend server. The X-Forwarded-Host header preserves the hostname the client originally targeted, allowing the origin server to generate correct URLs, Redirects, and cookie domains.
A typical scenario involves a CDN or reverse proxy accepting
requests for shop.example.re and forwarding them to an
internal backend at backend-pool-3.internal. Without the
X-Forwarded-Host header, the backend only sees the
rewritten host value and produces incorrect absolute URLs in
responses.
The standardized replacement is the host parameter of the
Forwarded header.
Note
The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated and needs to be transitioned to the formal naming convention for HTTP headers.
Values
The value is a single hostname, optionally followed by a port number separated by a colon.
X-Forwarded-Host: <host>
X-Forwarded-Host: <host>:<port>
Example
A reverse proxy receives a request targeting
shop.example.re and forwards the request to the backend.
The proxy sets the X-Forwarded-Host header so the
backend knows the original hostname.
X-Forwarded-Host: shop.example.re
When the original request targeted a non-standard port, the port number is included.
X-Forwarded-Host: api.example.re:8443
A backend application generating an absolute redirect URL reads the X-Forwarded-Host value instead of the rewritten Host header to construct the correct Location response.
X-Forwarded-Host: www.example.re
Host: backend-7.internal
Takeaway
The HTTP X-Forwarded-Host header preserves the original
hostname from the client request when reverse proxies rewrite
the Host header. The host parameter of the
Forwarded header is the
standardized replacement.