Host Header Poisoning

Most of the time this isn't an issue. If the HTML of the website needs to link to other pages within the site, it can use relative URLs which don't include the domain. Similarly, tags that import JavaScript, images or CSS files can use relative URLs.

A Relative Link
 <!-- Links within the site don't need the domain specified. -->
<a href="/login">Click here to login</a>

A Relative Import
 <!-- Local imports don't need the domain specified either. -->
<script src="/js/menu.js"></script>