Deal with the *Host* header field

Introduction

Performing HTTP requests is a routine task for a web developer nowadays.

This action contains, though, a number of things that are not necessarily well understood.

The Host header

One of these things is the Host header.

The Host header is a required one in HTTP requests:

A client MUST send a Host header field in an HTTP/1.1 request even if
the request-target is in the absolute-form, since this allows the
Host information to be forwarded through ancient HTTP/1.0 proxies
that might not have implemented Host.

Wait a moment! How come I've never needed to deal with it ? How come it does not ring a bell with me ?

These questions are absolutely legit.
Since Host is required, browsers and even curl set it by default to the provided hostname.

Example

Try to run these commands from your terminal:

  1. request with hostname ✅
❯ curl -vvvI stackoverflow.com

> HEAD / HTTP/1.1
> Host: stackoverflow.com
> User-Agent: curl/7.64.1
> Accept: */*
>
  1. request with ip address ❌
❯ curl -vvvI 151.101.65.69

> HEAD / HTTP/1.1
> Host: 151.101.65.69
> User-Agent: curl/7.64.1
> Accept: */*
>

Please notice the line > Host: for each command 💡. Got it?

Let's talk about wrong request.
If you execute the command number 2, you will notice that the response is an error.
This is due to the fact that when the request arrive til stackoverflow server, it cannot go any further as one IP address can host many websites.
So the web server gets confused and most likely returns 500 Domain Not Found.

Conclusion

Knowing how to deal with the Host header comes in handy when one needs to connect to a website through an ssh tunnel for instance.

A Post is coming soon to explain how this can be done 🚀.

33