Performing HTTP requests is a routine task for a web developer nowadays.
This action contains, though, a number of things that are not necessarily well understood.
One of these things is the Host header.
Host header is a required one in
A client MUST send a Host header field in an HTTP/1.1 request even if
the request-target is in the absolute-form, since this allows the
Host information to be forwarded through ancient HTTP/1.0 proxies
that might not have implemented Host.
Wait a moment! How come I've never needed to deal with it ? How come it does not ring a bell with me ?
These questions are absolutely legit.
Host is required, browsers and even curl set it by default to the provided hostname.
Try to run these commands from your terminal:
- request with hostname ✅
❯ curl -vvvI stackoverflow.com > HEAD / HTTP/1.1 > Host: stackoverflow.com > User-Agent: curl/7.64.1 > Accept: */* >
- request with ip address ❌
❯ curl -vvvI 18.104.22.168 > HEAD / HTTP/1.1 > Host: 22.214.171.124 > User-Agent: curl/7.64.1 > Accept: */* >
Please notice the line
> Host: for each command 💡. Got it?
Let's talk about the wrong request.
If you execute the command number 2, you will notice that the response is an error.
This is due to the fact that when the request arrives til
stackoverflow server, it cannot go any further as one IP address can host many websites.
So the web server gets confused and most likely returns
500 Domain Not Found.
Knowing how to deal with the
Host header comes in handy when one needs to connect to a website through an ssh tunnel for instance.
A Post is coming soon to explain how this can be done 🚀.