Domain Fronting Attack

As want to connect to www.google.co.uk, instead connect to www.google.com.au

$ curl -H "host: www.google.com.au" www.google.co.uk

Fakely connect to baik.com, but actually connect to jahat.com, This can be done if baik.com use same CDN as jahat.com

$ curl -H "host: jahat.com" https://baik.com

ref:   https://digi.ninja/blog/domain_fronting.php