---
title: Validate Application Hostnames
impact: MEDIUM
impactDescription: prevents Host Header Injection and cache poisoning
tags: security, host-header, infrastructure
---

## Validate Application Hostnames

Configure your application or web server to only respond to expected hostnames.

**Incorrect (allowing any host):**

```ruby
# config/environments/production.rb
# No configuration for allowed hosts
```

**Correct (Rails Host Authorization):**

```ruby
# config/environments/production.rb
config.hosts << "example.com"
config.hosts << "app.example.com"
```

**Tools:** Rails default
---