Additional information (ho)

Host header injection

If a website gets a request from the server, it sends a reply to identify itself. The server then serves the request if the respond from the website corresponds to what the server expected. If an intruder can send a different destination and is able to trick the server into thinking that it's trusted by intercepting the communication between the server and the website, the attacker gets full control. For this reason each value instucting the host should always be validated and sanitized, but next to this: the server himself should also be configurated safely against host header injections.
 

Footnotes: