---
title: X-Forwarded-Host
summary: null
url: >-
  https://www.fastly.com/documentation/reference/http/http-headers/X-Forwarded-Host
---

For VCL services, Fastly will add or append `X-Forwarded-Host` headers on incoming requests over TLS, as follows:

- The client `Host` header – if the request protocol is TLS.
- The `Host` header from the edge – if the origin has a TLS configuration **and** [shielding](https://www.fastly.com/documentation/guides/concepts/shielding/) is enabled.
- Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.

## Examples

| [Shielding](https://www.fastly.com/documentation/guides/concepts/shielding/) | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Host                                                    | Note                     |
| ---------------------------------------------------------------------------- | ---------------- | --------------- | ------------- | ------------------------------------------------------------------- | ------------------------ |
| No                                                                           | TLS              | TLS             | No            | example.global.ssl.fastly.net                                       | Added at edge            |
| No                                                                           | No TLS           | TLS             | No            | null                                                                |                          |
| No                                                                           | TLS              | TLS             | Yes           | Host1, example.global.ssl.fastly.net                                | Appended                 |
| No                                                                           | No TLS           | TLS             | Yes           | Host1                                                               | Pass-through             |
| No                                                                           | TLS              | No TLS          | No            | example.global.ssl.fastly.net                                       | Added at edge            |
| No                                                                           | No TLS           | No TLS          | No            | null                                                                |                          |
| No                                                                           | TLS              | No TLS          | Yes           | Host1, example.global.ssl.fastly.net                                | Appended                 |
| No                                                                           | No TLS           | No TLS          | Yes           | Host1                                                               | Pass-through             |
| Yes                                                                          | TLS              | TLS             | No            | example.global.ssl.fastly.net, example.global.ssl.fastly.net        | Added at edge and shield |
| Yes                                                                          | No TLS           | TLS             | No            | example.global.ssl.fastly.net                                       | Added at shield          |
| Yes                                                                          | TLS              | TLS             | Yes           | Host1, example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
| Yes                                                                          | No TLS           | TLS             | Yes           | Host1, example.global.ssl.fastly.net                                | Added at shield          |
| Yes                                                                          | TLS              | No TLS          | No            | example.global.ssl.fastly.net                                       | Added at edge            |
| Yes                                                                          | No TLS           | No TLS          | No            | null                                                                |                          |
| Yes                                                                          | TLS              | No TLS          | Yes           | Host1, example.global.ssl.fastly.net                                | Added at edge            |
| Yes                                                                          | No TLS           | No TLS          | Yes           | Host1                                                               | Pass-through             |

## Overriding multiple entries

To set a single value for this header, add the following to `vcl_miss` and `vcl_pass`:

```vcl
set bereq.http.X-Forwarded-Host = req.http.host;
```