X-Forwarded-Host vs. x-Forwarded-Server

Question

What is the difference between the following headers?

• X-Forwarded-Host
• X-Forwarded-Server

In a setup with Apache being the proxy and Tomcat the origin server I see both of them in the HTTP requests that reach Tomcat. Values were (this is from my own code logging the header name and value pairs with the actual capitalization I encountered)

x-forwarded-host some-server
x-forwarded-server some-server.dept.some-uni.edu

Are the above values typical? Which of the two should I use to reliably reconstruct the URL asked by the browser? In my case, the browser sent a GET with the some-server.dept.some-uni.edu value in the request URL which leads me to think that the x-forwarded-server is more relevant to reconstruct the URL. I find this somewhat at odds with the MDN documentation only mentioning X-Forwarded-Host and stating that this is the "de-facto standard header for identifying the original host requested by the client" (and containing no documentation on X-Forwarded-Server)

This Apache page OTOH describes both headers as follows:

• X-Forwarded-Host The original host requested by the client in the Host HTTP request header.
• X-Forwarded-Server The hostname of the proxy server.

(I appreciate that to reconstruct the URL I also need X-Forwarded-Proto and X-Forwarded-Port)

Answer 1

Since there might be multiple proxies involved in resolving a connection the X-Forwarded-Host-Header is the one you should use in the service-application.

The header X-Forwarded-Server gets overwritten by each proxy, which is involved in the communication, with the current proxy's hostname.