Server trusts to Host: header in CONNECT request.
vulners.com/securityvulns/securityvulns:doc:27921
vulners.com/securityvulns/securityvulns:doc:27922