---
title: X-Forwarded-Host
summary: null
url: >-
  https://www.fastly.com/documentation/reference/http/http-headers/X-Forwarded-Host
---



For VCL services, Fastly will add or append `X-Forwarded-Host` headers on incoming requests over TLS, as follows:

* The client `Host` header – if the request protocol is TLS.
* The `Host` header from the edge – if the origin has a TLS configuration **and** [shielding](https://www.fastly.com/documentation/guides/concepts/shielding/) is enabled.
* Even if client connection is TLS, unless the origin connection is over TLS, nothing will be added or appended at the shield.

## Examples

| [Shielding](https://www.fastly.com/documentation/guides/concepts/shielding/) | Request Protocol | Origin Protocol | Client Header | X-Forwarded-Host | Note |
|---|---|---|---|---|---|
| No | TLS | TLS | No | example.global.ssl.fastly.net | Added at edge |
| No | No TLS | TLS | No | null | |
| No | TLS | TLS | Yes | Host1, example.global.ssl.fastly.net | Appended |
| No | No TLS | TLS | Yes | Host1 | Pass-through |
| No | TLS | No TLS | No | example.global.ssl.fastly.net | Added at edge |
| No | No TLS | No TLS | No | null | |
| No | TLS | No TLS | Yes | Host1, example.global.ssl.fastly.net | Appended |
| No | No TLS | No TLS | Yes | Host1 | Pass-through |
| Yes | TLS | TLS | No | example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
| Yes | No TLS | TLS | No | example.global.ssl.fastly.net | Added at shield |
| Yes | TLS | TLS | Yes | Host1, example.global.ssl.fastly.net, example.global.ssl.fastly.net | Added at edge and shield |
| Yes | No TLS | TLS | Yes | Host1, example.global.ssl.fastly.net | Added at shield |
| Yes | TLS | No TLS | No | example.global.ssl.fastly.net | Added at edge |
| Yes | No TLS | No TLS | No | null | |
| Yes | TLS | No TLS | Yes | Host1, example.global.ssl.fastly.net | Added at edge |
| Yes | No TLS | No TLS | Yes | Host1 | Pass-through |

## Overriding multiple entries 

To set a single value for this header, add the following to `vcl_miss` and `vcl_pass`:

```vcl
set bereq.http.X-Forwarded-Host = req.http.host;
```