> For the complete documentation index, see [llms.txt](https://gowthams.gitbook.io/bughunter-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/host-header.md).

# Host Header

Common Headers for Host Header Injection Attack:-

1. Host:
2. X-Host:
3. X-Forwarded-For:
4. X-Forwarder- Host:
5. X-Forwarder- Server:
6. Forwarded:
7. X-HTTP-Host- Override:
8. X-Forwarded-Proto headers:
9.

Typical Host Header Injection Bypass: POST /endpoint/ HTTP 1.1 Host: [http://evil.com](https://t.co/Hg2GwZOUIf?amp=1) Response: 403, 404 Bypass: POST /<https://endpoint/> HTTP 1.1 Host: [http://evil.com](https://t.co/Hg2GwZOUIf?amp=1) Response: 200, 302 Give it a try!!
