X-Forwarded-Host vs. x-Forwarded-Server
What is the difference between the following titles?
- X-Forwarded-Host
- X-Forwarded-server
In a setup with Apache being the proxy and Tomcat being the origin server, I see both of these in the HTTP requests that reach Tomcat. The values ββwere (this is from my own code logging names and header pairs with actual caps that I ran into)
x-forwarded-host some-server
x-forwarded-server some-server.dept.some-uni.edu
Are these values ββtypical? Which of the two should I use to reliably recover the URL given by the browser? In my case, the browser sent a GET with a value some-server.dept.some-uni.edu
in the request url, which makes me think it is x-forwarded-server
more appropriate to recover the url. I believe this is somewhat at odds with the MDN documentation , which only mentions X-Forwarded-Host
and states that this is a "standard de facto header to identify the original host requested by the client" (and no documentation on x-forwarded-server
)
This Apache OTOH page describes both headers as follows:
- X-Forwarded-Host The original host requested by the client in the Host HTTP header.
- X-Forwarded-Server Hostname of the proxy server.
(I appreciate that in order to recover the url I also need X-Forwarded-Proto
and X-Forwarded-Port
)
No one has answered this question yet
Check out similar questions: