The web application or auxiliary systems use values from HTTP headers which leads to SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.
Properly sanitize user input and use a special sandboxed host to access remote resources
Cracking the lens: targeting HTTP's hidden attack-surface
What is Server Side Request Forgery (SSRF)?