diff --git a/CHANGELOG.md b/CHANGELOG.md
index 320ba697..a7ff32fa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,6 +78,7 @@ software like OAuth2 Proxy more secure for everyone.
 - [#3381](https://github.com/oauth2-proxy/oauth2-proxy/pull/3381) fix: do not log error for backend logout 204 (@artificiosus)
 - [#3327](https://github.com/oauth2-proxy/oauth2-proxy/pull/3327) fix: improve logging when session refresh token is missing (@yosri-brh)
 - [#2767](https://github.com/oauth2-proxy/oauth2-proxy/pull/2767) fix: propagate errors during route building (@sybereal)
+- [#3323](https://github.com/oauth2-proxy/oauth2-proxy/pull/3323) fix: сorrect handling of multiple X-Forwarded-Host values (@kukubadze)
 
 # V7.15.0
 
diff --git a/pkg/requests/util/util.go b/pkg/requests/util/util.go
index 568ebcc6..d43c1297 100644
--- a/pkg/requests/util/util.go
+++ b/pkg/requests/util/util.go
@@ -30,6 +30,12 @@ func GetRequestHost(req *http.Request) string {
 	host := req.Header.Get(XForwardedHost)
 	if !CanTrustForwardedHeaders(req) || host == "" {
 		host = req.Host
+	} else {
+		// Handle multiple hosts in X-Forwarded-Host (comma-separated)
+		// Take only the first host as common implementation convention
+		if hosts := strings.Split(host, ","); len(hosts) > 0 {
+			host = strings.TrimSpace(hosts[0])
+		}
 	}
 	return host
 }
diff --git a/pkg/requests/util/util_test.go b/pkg/requests/util/util_test.go
index c4185b35..3569b322 100644
--- a/pkg/requests/util/util_test.go
+++ b/pkg/requests/util/util_test.go
@@ -67,6 +67,16 @@ var _ = Describe("Util Suite", func() {
 				req.Header.Add("X-Forwarded-Host", "external.oauth2proxy.text")
 				Expect(util.GetRequestHost(req)).To(Equal("external.oauth2proxy.text"))
 			})
+
+			It("returns the first X-Forwarded-Host when multiple hosts are present", func() {
+				req.Header.Add("X-Forwarded-Host", "first.host,second.host,third.host")
+				Expect(util.GetRequestHost(req)).To(Equal("first.host"))
+			})
+
+			It("returns the first X-Forwarded-Host when multiple hosts are present with extra spaces", func() {
+				req.Header.Add("X-Forwarded-Host", "  first.host  ,  second.host  ,  third.host  ")
+				Expect(util.GetRequestHost(req)).To(Equal("first.host"))
+			})
 		})
 	})