What Is X-Forwarded-Host (XFH)?
The X-Forwarded-Host HTTP header is used to forward the original Host header value to the origin server. This can be useful in the event that a proxy or CDN rewrites the Host header, for example to:
lorem-1c6b.kxcdn.com. According to RFC 7230, section 5.4,
When a proxy receives a request with an absolute-form of request-target, the proxy MUST ignore the received Host header field (if any) and instead replace it with the host information of the request-target.
For a request from a KeyCDN edge server, the above quote means that unless the Forward Host Header option is enabled, the Host header becomes your_origin_host and the XFH header contains the original Host value. For example:
GET /image.jpg HTTP/2 Host: https://example.com X-Forwarded-Host: <zonename>-<id>.kxcdn.com X-Forwarded-For: 126.96.36.199 X-Forwarded-Scheme: http X-Pull: KeyCDN Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Accept-Language: en-US,en;q=0.8,de;q=0.6,ja;q=0.4 Cookie: foobar
The example above shows that the Host header is replaced with the domain url of the website while the X-Forwarded-Host contains the original Host header value (either your Zonealias or zone url).
Using XFH With KeyCDN
When a request is made from a client for an asset on a KeyCDN edge server, the Host will be either the defined zone url or Zonealias (e.g. cdn.example.com). If the content is not cached on the edge server, it will make a request to the origin server for the content. The Host header for the request from the edge server will be your_origin_host and will include the X-Forwarded-Host header. The XFH header value will be the originally requested host (either the Zonealias or zone url) to let the origin server know what hostname the request is coming from, similar to:
The XFH header is useful when wanting to use one zone to manage multiple sites. The image below demonstrates the use of the X-Forwarded-Host header in this scenario.
The XFH contains the Zonealias of each request allowing the origin server to distinguish between websites and deliver the appropriate assets to each Zonealias.
With X-Forwarded-Host header is a valuable HTTP header for determining which Host was originally used in the case that there is a proxy or CDN between the client and origin server. As seen in the example above, making the origin server aware of what the original host header is, can prove to be very useful for certain tasks such as using one zone to manage multiple sites.