Domain Fronting

Domain Fronting is a powerful tool for evading detection. When a connection is encrypted with TLS the host header can't be viewed until after the handshake has been completed. Instead the SNI is set with the destination host name. The server uses the SNI to send the appropriate certificate, after the certificate has been exchanged the server can view the host header and route traffic to the specified host.

This logic can than be applied to popular CDN's which can't be blocked without crippling the networks access to the internet.