The last note about configuring hosts to credentials is an excellent idea, and one I did not think to do. Currently I'm just doing a replace on any that matches in the request. This adds an extra layer of security to it. Much appreciated.