Can I rely on the 'x-forwarded-host' request header?
I'm using Cloudflare and Cloudflare Tunnel. I'd like to get the current domain/host in my app by looking at the request headers. It seems 'x-forwarded-host' (together with 'x-forwarded-proto') is the defacto standard. However, nowhere in the documentation I can read anything about this header, even though it seems to be set. Can I rely on this header being available and correct? Or should I just stick to the 'Host' header?
Thank you 🙂
4 Replies
Support AI
According to the documentation, Cloudflare will not alter the Host header by default, and will forward exactly as sent by the client. (Source: https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/reference/connection-details/)
However, there is no mention of the 'x-forwarded-host' header in the provided documentation. While it may be present in the request headers, it is not explicitly documented as a reliable or guaranteed header.
Therefore, it is recommended to stick with the 'Host' header, as it is explicitly mentioned in the documentation as being forwarded by Cloudflare. Relying on undocumented headers may lead to unexpected behavior or issues.
Sources
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
@SuperHelpflare So if I cannot rely on the 'Host' header, how would I know the current domain?
Feedback
Feedback has been submitted! Thank you :)
It is tempting to use 'x-forwarded-host' as it seems to be set.. (and I can't seem to override it in a client request)