Same here

put the arbitrary host header first, then the correct one, i got it to work this way

I stumbled on this same issue and eventually created a new `Get` request from the browser and noticed the second host now worked. Comparing and testing both requests it appears with the addition of the `Cookie: session:...; _lab:...` header the request now worked with the added second Host. Why this is, I have no idea.

a web server you control