Vulnerability Database

Host Header Injection

A host header injection vulnerability occurs when a variant of host header such as X-Forwarded-Host is used by the application to determine the current host. This header is often used in backend services.

The host header injection vulnerability can be used in a wide range of attack scenarios from influencing password reset forms to accessing secrets via Server-Side Request Forgery vulnerability.


Do not rely on input information such as headers for business-critical decisions. Instead, ensure that the application is aware of the server environment with a static configuration.


  • Suitable For Non-commercial Use
  • Limited Features
  • Cloud Storage

Suite Pro

  • Suitable For Commercial Use
  • Unlimited Features
  • Cloud Storage


  • All Tools, Services, and Plans
  • Suitable For Enterprises
  • Single Sign-On Integration
  • Single Tenant
  • Dedicated Support
  • Custom Integrations
  • Annual or Monthly, Fixed-cost Billing