Ensuring against HTTP HOST Header assaults
From January 2015, trusted host patterns support by Drupal 8 where you can use a set of regular expression in which domain and other request should match. Configuration in setting.php in Drupal are as below:
$settings['trusted_host_patterns'] = [
'^localhost$',
'^192\.168\.10\.42$',
'^127\.0\.0\.1$',
'^drupal8$',
'^www\.example\.com$',
];
You can use any of the expression according to your domain requirements.