X-Forwarded-Host
The originating host of a client request .
Fastly reads this header from requests and writes it into requests . It is defined by an external standard .
For VCL services, Fastly will add or append
X-Forwarded-Host
headers on incoming requests over TLS, as follows:
-
The client
Hostheader – if the request protocol is TLS. -
The
Hostheader from the edge – if the origin has a TLS configuration and shielding is enabled. - Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.
Examples
| Shielding | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Host | Note |
|---|---|---|---|---|---|
| No | TLS | TLS | No | example.global.ssl.fastly.net | Added at edge |
| No | No TLS | TLS | No | null | |
| No | TLS | TLS | Yes | Host1, example.global.ssl.fastly.net | Appended |
| No | No TLS | TLS | Yes | Host1 | Pass-through |
| No | TLS | No TLS | No | example.global.ssl.fastly.net | Added at edge |
| No | No TLS | No TLS | No | null | |
| No | TLS | No TLS | Yes | Host1, example.global.ssl.fastly.net | Appended |
| No | No TLS | No TLS | Yes | Host1 | Pass-through |
| Yes | TLS | TLS | No | example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
| Yes | No TLS | TLS | No | example.global.ssl.fastly.net | Added at shield |
| Yes | TLS | TLS | Yes | Host1, example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
| Yes | No TLS | TLS | Yes | Host1, example.global.ssl.fastly.net | Added at shield |
| Yes | TLS | No TLS | No | example.global.ssl.fastly.net | Added at edge |
| Yes | No TLS | No TLS | No | null | |
| Yes | TLS | No TLS | Yes | Host1, example.global.ssl.fastly.net | Added at edge |
| Yes | No TLS | No TLS | Yes | Host1 | Pass-through |
Overriding multiple entries
To set a single value for this header, add the following to
vcl_miss
and
vcl_pass
:
