Trusted Host Settings Not enabled The trusted_host_patterns setting is not configured in settings.php. This can lead to security vulnerabilities. It is highly recommended that you configure this. See Protecting against HTTP HOST Header attacks for more information.
Drupal 8 supports “trusted host patterns”, where you can specify a set of regular expressions, which the domains on incoming requests must match.
Example configuration in the settings.php file would read:
$settings['trusted_host_patterns'] = array( '^www\.example\.com$', );
Read more on Protecting against HTTP HOST Header attacks (prevent your site from thinking it is someone else), at Drupal.org.