X-Forwarded-Host
The originating host of a client request.
Fastly reads this header from requests and writes it into requests. It is defined by an external standard.
For VCL services, Fastly will add or append X-Forwarded-Host
headers on incoming requests over TLS, as follows:
- The client
Host
header – if the request protocol is TLS. - The
Host
header from the edge – if the origin has a TLS configuration and shielding is enabled. - Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.
Examples
Shielding | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Host | Note |
---|---|---|---|---|---|
No | TLS | TLS | No | example.global.ssl.fastly.net | Added at edge |
No | No TLS | TLS | No | null | |
No | TLS | TLS | Yes | Host1, example.global.ssl.fastly.net | Appended |
No | No TLS | TLS | Yes | Host1 | Pass-through |
No | TLS | No TLS | No | example.global.ssl.fastly.net | Added at edge |
No | No TLS | No TLS | No | null | |
No | TLS | No TLS | Yes | Host1, example.global.ssl.fastly.net | Appended |
No | No TLS | No TLS | Yes | Host1 | Pass-through |
Yes | TLS | TLS | No | example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
Yes | No TLS | TLS | No | example.global.ssl.fastly.net | Added at shield |
Yes | TLS | TLS | Yes | Host1, example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
Yes | No TLS | TLS | Yes | Host1, example.global.ssl.fastly.net | Added at shield |
Yes | TLS | No TLS | No | example.global.ssl.fastly.net | Added at edge |
Yes | No TLS | No TLS | No | null | |
Yes | TLS | No TLS | Yes | Host1, example.global.ssl.fastly.net | Added at edge |
Yes | No TLS | No TLS | Yes | Host1 | Pass-through |
Overriding multiple entries
To set a single value for this header, add the following to vcl_miss
and vcl_pass
:
set bereq.http.X-Forwarded-Host = req.http.host;