Host Header Injection Vulnerability Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Host Header Injection Vulnerability Scanner Detail

HTTP header injection is a common class of web application security vulnerability that occurs when hypertext transfer protocol headers are dynamically generated based on user input.

The HTTP host header is a required request header from HTTP / 1.1. Specify the domain name that the client wants to access. In some cases, such as when a request is routed from an intermediate system, the host value may change before it reaches the desired backend component.

HTTP host header attacks exploit vulnerable websites that manipulate host header values ​​in an insecure way. If the server implicitly trusts the host header and does not properly validate or mask it, an attacker could use this input to inject a malicious payload that manipulates server-side behavior. Attacks that inject the payload directly into the host header are often referred to as "Host Header Injection" attacks.

Some Advice for Common Problems

Defending the host header is easy. Do not trust the host header. However, in some cases this is not as easy as it sounds (especially in the context of legacy code). If you need to use host headers as a mechanism to identify the location of your web server, we strongly recommend that you use a whitelist of allowed host names.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service