diff --git a/ws/src/session.rs b/ws/src/session.rs
index eef7b0e9..58110bda 100644
--- a/ws/src/session.rs
+++ b/ws/src/session.rs
@@ -182,6 +182,10 @@ impl<M: core::Metadata, S: core::Middleware<M>> Session<M, S> {
 		req.header("origin").map(|x| &x[..])
 	}
 
+	fn read_host<'a>(&self, req: &'a ws::Request) -> Option<&'a [u8]> {
+		req.header("host").map(|x| &x[..])
+	}
+
 	fn verify_origin(&self, origin: Option<&[u8]>) -> Option<ws::Response> {
 		if !header_is_allowed(&self.allowed_origins, origin) {
 			warn!(
@@ -194,8 +198,7 @@ impl<M: core::Metadata, S: core::Middleware<M>> Session<M, S> {
 		}
 	}
 
-	fn verify_host(&self, req: &ws::Request) -> Option<ws::Response> {
-		let host = req.header("host").map(|x| &x[..]);
+	fn verify_host(&self, host: Option<&[u8]>) -> Option<ws::Response> {
 		if !header_is_allowed(&self.allowed_hosts, host) {
 			warn!(
 				"Blocked connection to WebSockets server with untrusted host: {:?}",
@@ -229,9 +232,10 @@ where
 			}
 		}
 
+		let host = self.read_host(req);
 		if action.should_verify_hosts() {
 			// Verify host header.
-			if let Some(response) = self.verify_host(req) {
+			if let Some(response) = self.verify_host(host) {
 				return Ok(response);
 			}
 		}