# Host Header

Common Headers for Host Header Injection Attack:-

1. Host:
2. X-Host:
3. X-Forwarded-For:
4. X-Forwarder- Host:
5. X-Forwarder- Server:
6. Forwarded:
7. X-HTTP-Host- Override:
8. X-Forwarded-Proto headers:
9.

Typical Host Header Injection Bypass: POST /endpoint/ HTTP 1.1 Host: [http://evil.com](https://t.co/Hg2GwZOUIf?amp=1) Response: 403, 404 Bypass: POST /<https://endpoint/> HTTP 1.1 Host: [http://evil.com](https://t.co/Hg2GwZOUIf?amp=1) Response: 200, 302 Give it a try!!