I've seen some posts like this which show that the current website domain is accessible from $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_NAME']. The HTTP_HOST is an HTTP header and thus the user is free to change it. There is no reason to believe it's accurate. The SERVER_NAME doesn't change in my situation, because I use an domain alias that does change the domain but not the SERVER_NAME. What's best to do in this situation?
2
There are 2 best solutions below
Related Questions in PHP
- php Variable name must change in for loop
- register_shutdown_function is not getting called
- Query returning zero rows despite entries existing
- Retrieving *number* pages by page id
- Automatically closing tags in form input?
- How to resize images with PHP PARSE SDK
- how to send email from localhost using codeigniter?
- Mariadb max Error while sending QUERY packet PID
- Multiusers login redirect different page in php
- Imaginary folder when I use "DirectoryIterator" in PHP?
- CodeIgniter + XDebug: debug only working in the main controller, index() function
- PHP script timeout when I use sleep()
- posting javascript populated form to another php page
- AJAX PHP - Reload div after submit
- PHP : How can I check Array in array?
Related Questions in DNS
- Configured TTL for A record(s) backing CNAME records
- Redirecting subdomain to directory on Azure
- SPF and DKIM records for Mandrill on DigitalOcean
- How to convert hostname to DNS name?
- Could someone bring Google OAuth2 for Cloud DNS via Rest to light?
- Spoof Captive Portal Screen on an iOS Device using DNS
- DNS_PROBE_FINISHED_NXDOMAIN on Google App Engine website
- How to check if a redirect leads to a different domain
- IP address to Domain Name? DNS?
- error CS1729: The type `ARSoft.Tools.Net.Dns.DnsServer' does not contain a constructor that takes `4' arguments
- Windows, Apache, Acrylic DNS, and wildcard subdomains
- How to configure DNS for microsoft odbc driver for oracle (in 64 bit arch.)
- How to use one time domain name in android?
- logstash dns filter miss
- Redirect website to another website if blocked in particular region
Related Questions in HEADER
- sorting all data on multiple pages by clicking on its header
- Chrome print preview disable only link location in footer and header
- Keeping middle item centered horizontally
- Class enumerator values cannot be passed as parameters to another class's function
- Mobile Header not working properly
- Text before php header not giving errors
- Checking proxy anonymity in Java
- PHP Header Location - redirect to URL with HTML anchor
- Save cookies between two curl requests
- What do I have to consider when putting all code in the header?
- Cocoapods generate bad xcconfig file - no header search path
- multiple header files redefinition error in C
- Loop for reading txt file with multiple headers and detail items in php
- Header Content 3 (tagline area) set to Banner, shortcode for cart added. How to reposition and align
- Aligning headers/footers using responsive styles
Related Questions in HTTP-HOST
- About HTTP_HOST & PHP_SELF
- How to prevent SERVER['HTTP_REFERER'] switches to the calling page?
- Lightsail Configure Apache's HTTP_HOST
- Keeping original HTTP_HOST when Redirecting/Rewriting
- Get in wsgi.py apache virtualhost name
- HTTP_HOST Stripping via Firewalls and VPNs
- How to disable Django's invalid HTTP_HOST error?
- apache redirect in https from none www to www domain
- Why there're different host headers when making requests in Next.js?
- apache wrong HTTP_HOST and SERVER_NAME in .htaccess but correct in php
- Set HTTP_HOST server variable in ASP.NET (4.7) MVC behind reverse proxy in Azure
- get full url link with language prefix in wordpress
- What is the .net core version of HttpContext.Current.Request.ServerVariables["HTTP_HOST"]
- Nginx propagate server_name regex inside Php
- get the host the user is coming from
Related Questions in SERVER-NAME
- Why does using the wildcard signifier for a second "server_name" break my nginx config
- VirtualHost Same ServerName Different Directories (mirror codes)
- Docker, MS SQL Server, SMMS not connecting unless I stop any local SQL Server Instance
- How to set the same document root for all server names on Apache
- Apache VirtualHost, multiple ServerName in one line
- SQL Server 2017 Server Name , Aliases, and Client Protocols
- Powershell command did not include error in output file
- apache wrong HTTP_HOST and SERVER_NAME in .htaccess but correct in php
- How to overwrite server_name value in istio 1.1 (envoy 1.11.0)?
- How to login with newly created server name in sql server 2008
- Linked server with same server name
- apache2 - ServerName in virtual host isn't working
- server name in sql server management studio
- Nginx propagate server_name regex inside Php
- Android: mapping hostname to IP on windows 10 using DNS?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Although a user is free to change
HTTP_HOST, they would hardly reach your site in this case.Anyway, I see no problem in this ability to change. Okay, even if I set this header to
some.bad.bad.words- whom it would harm?