X-Forwarded-Host

When reverse proxies rewrite the Host header during forwarding, the X-Forwarded-Host unofficial request header preserves the original hostname the client targeted.

Table of Contents

Usage

Reverse proxies and load balancers often rewrite the Host header when forwarding a request to a backend server. The X-Forwarded-Host header preserves the hostname the client originally targeted, allowing the origin server to generate correct URLs, Redirects, and cookie domains.

A typical scenario involves a CDN or reverse proxy accepting requests for shop.example.re and forwarding them to an internal backend at backend-pool-3.internal. Without the X-Forwarded-Host header, the backend only sees the rewritten host value and produces incorrect absolute URLs in responses.

The standardized replacement is the host parameter of the Forwarded header.

Security

Trusting X-Forwarded-Host without validation enables host-header injection. A forged value can poison shared caches or redirect password-reset links to a malicious domain. Accept the header only from trusted proxies, and validate it against an allowlist of known hostnames before using it to build URLs.

Note

The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated and needs to be transitioned to the formal naming convention for HTTP headers.

Values

The value is a single hostname, optionally followed by a port number separated by a colon.

X-Forwarded-Host: <host>
X-Forwarded-Host: <host>:<port>

Example

A reverse proxy receives a request targeting shop.example.re and forwards the request to the backend. The proxy sets the X-Forwarded-Host header so the backend knows the original hostname.

X-Forwarded-Host: shop.example.re

When the original request targeted a non-standard port, the port number is included.

X-Forwarded-Host: api.example.re:8443

A backend application generating an absolute redirect URL reads the X-Forwarded-Host value instead of the rewritten Host header to construct the correct Location response.

X-Forwarded-Host: www.example.re
Host: backend-7.internal

Note

In Nginx, proxy_set_header Host $host forwards the original client-facing hostname in the Host header itself rather than using X-Forwarded-Host. When Nginx rewrites the Host header to an internal backend address, adding proxy_set_header X-Forwarded-Host $host preserves the original hostname separately. The choice depends on whether the backend application reads Host or X-Forwarded-Host for URL generation.

See also

Last updated: June 5, 2026