I've seen some posts like this which show that the current website domain is accessible from $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_NAME']. The HTTP_HOST is an HTTP header and thus the user is free to change it. There is no reason to believe it's accurate. The SERVER_NAME doesn't change in my situation, because I use an domain alias that does change the domain but not the SERVER_NAME. What's best to do in this situation?
2
There are 2 best solutions below
Related Questions in PHP
- How to add the dynamic new rows from my registration form in my database?
- Issue in payment form gateway
- How to create a facet for WP gridbuilder that displays both parent and child custom fields?
- Function in anonymous Laravel Blade component
- How to change woocomerce or full wordpress currency with value from USD to AUD
- General questions about creating a custom theme Moodle CMS
- How to add logging to an abstract class in php
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- Composer installation fails and reverts ./composer.json and ./composer.lock to original content
- How to isolate PHP apps from each other on a local machine(Windows or Linux)?
- Laravel: Using belongsToMany relationship with MongoDB
- window.location.href redirects but is causing problems on the webpage
- Key provided is shorter than 256 bits, only 64 bits provided
- Laravel's whereBetween method not working with two timestamps
- Implementing UUID as primary key in Laravel intermediate table
Related Questions in DNS
- AWS Dns record A not navigate to elb
- I created a domain name from cloudflare, and Hoisted my static site hosted in google firebase, error in adding custom domain in firebase
- I am the domain admin, newbie, how do I connect youtube.com on my domain?
- The problem with raising the DNS server on Ubuntu 20.04 - bind9
- I registered a service in eureka which is resolving through java code. But it is not able to resolve its name when hitting through chrome or postman
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Why Bind9 responds with latency for RPZ rule?
- Create aws certification for domain
- Make Bind DNS server to request only root DNS servers of IANA website
- Domain Still Redirecting Despite Transferring Out of Godaddy
- Set up MX records in apache/Ubuntu to point to external mail server
- Changing AWS registred domain back to AWS name servers
- Docker networking forwarding failed
- Can access IP address of domain via mobile but not wifi
- CURL got Could not resolve host: my subdomain
Related Questions in HEADER
- How can I read the header of request to webserver
- #include Header files in C with definition too
- I have a horizontal line drawn in the header of the last page of the list of tables in my document, how can I remove it?
- Invoke Rest API with a custom header
- A subtle line appears within our homepage banner, situated near the header section
- browsers don't display authorization header in devtools
- Using if directives in headers
- Why is my head not working on my website? It only shows the alt text
- Menu and logo disappeared from the header in WordPress
- How do I log into a site with curl or javascript?
- What CSP Headers are needed for serving .NET Core site to iframe in Shopify Page?
- Background video of header doesnt display on iPhones
- Multi-Level Header in Pandas DataFrame
- My header has disappeared/lost its formatting; Its suddenly not applying some of the custom css
- Why Rstudio compiler looking for R headers in the wrong include directories?
Related Questions in HTTP-HOST
- How to fix Invalid HTTP_HOST header error
- HTTP_HOST Stripping via Firewalls and VPNs
- How is the HTTP host header resolvable?
- Need help in simulating (and blocking) HTTP_HOST spoofing attacks
- What is the .net core version of HttpContext.Current.Request.ServerVariables["HTTP_HOST"]
- Get only domain name
- Nginx: Need a map function for domain of http_name
- Set HTTP_HOST server variable in ASP.NET (4.7) MVC behind reverse proxy in Azure
- Generic way to set a proxy server for a JaxRs client
- Nginx propagate server_name regex inside Php
- apache wrong HTTP_HOST and SERVER_NAME in .htaccess but correct in php
- Why there're different host headers when making requests in Next.js?
- apache redirect in https from none www to www domain
- Is it possible to overide HttpRequestHeader Host spring boot
- Nginx: modifying http_host header using the value from x_custom_header
Related Questions in SERVER-NAME
- SQL Server 2017 Server Name , Aliases, and Client Protocols
- Nginx - generic https and non www redirect
- How do I set server name to in "combobox" slot?
- Powershell command did not include error in output file
- Get Sub-domain with PHP
- Get only domain name
- Nginx propagate server_name regex inside Php
- server name in sql server management studio
- kubernetes ingress server-alias only applies to one ingress host
- Basic nginx server_name setup issue (redirect url)
- How to connect to database on freewebhostingarea?
- Docker, MS SQL Server, SMMS not connecting unless I stop any local SQL Server Instance
- apache wrong HTTP_HOST and SERVER_NAME in .htaccess but correct in php
- How to overwrite server_name value in istio 1.1 (envoy 1.11.0)?
- Change nginx server name in Docker
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Although a user is free to change
HTTP_HOST, they would hardly reach your site in this case.Anyway, I see no problem in this ability to change. Okay, even if I set this header to
some.bad.bad.words- whom it would harm?