From f144424bb8bfd2f100f19bed76171dc94bd3232b Mon Sep 17 00:00:00 2001
From: Wlayzz <34021743+wlayzz@users.noreply.github.com>
Date: Sun, 11 Jan 2026 23:50:45 +0100
Subject: [PATCH] fix: update Host header for favicon requests after redirects

When FollowRedirects is enabled and the target redirects to a different host
(e.g., hackerone.com -> www.hackerone.com), the favicon URL is correctly
resolved to the final host, but the cloned request's Host header still
contains the original host. This causes the server to return 404 because
the Host header doesn't match the URL.

This fix updates the Host header to match the resolved URL host before
making the favicon request.
---
 runner/runner.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/runner/runner.go b/runner/runner.go
index 2a202652..57208110 100644
--- a/runner/runner.go
+++ b/runner/runner.go
@@ -2611,6 +2611,10 @@ func (r *Runner) HandleFaviconHash(hp *httpx.HTTPX, req *retryablehttp.Request,
 		}
 
 		clone.SetURL(resolvedURL)
+		// Update Host header to match resolved URL host (important after redirects)
+		if resolvedURL.Host != "" && resolvedURL.Host != clone.Host {
+			clone.Host = resolvedURL.Host
+		}
 		respFav, err := hp.Do(clone, httpx.UnsafeOptions{})
 		if err != nil || len(respFav.Data) == 0 {
 			tries++