diff --git a/lib/plug_signature/conn_test.ex b/lib/plug_signature/conn_test.ex
index 6990df1..c400bd9 100644
--- a/lib/plug_signature/conn_test.ex
+++ b/lib/plug_signature/conn_test.ex
@@ -82,7 +82,6 @@ defmodule PlugSignature.ConnTest do
 
     conn =
       conn
-      |> maybe_add_host_header()
       |> put_req_header("date", date)
 
     request_target =
@@ -107,6 +106,7 @@ defmodule PlugSignature.ConnTest do
           "(created)" -> "(created): #{created}"
           "(expires)" -> "(expires): #{expires}"
           "date" -> "date: #{date}"
+          "host" -> "host: #{conn.host}"
           header -> "#{header}: #{get_req_header(conn, header) |> Enum.join(",")}"
         end)
       end)
@@ -222,18 +222,6 @@ defmodule PlugSignature.ConnTest do
     to_string(now + validity)
   end
 
-  defp maybe_add_host_header(%Plug.Conn{host: host} = conn) when is_binary(host) do
-    case get_req_header(conn, "host") do
-      [] ->
-        put_req_header(conn, "host", host)
-
-      _ ->
-        conn
-    end
-  end
-
-  defp maybe_add_host_header(conn), do: conn
-
   defp raise_on_missing_phoenix_conntest! do
     Code.ensure_loaded?(Phoenix.ConnTest) ||
       raise "endpoint testing requirs Phoenix.ConnTest"
diff --git a/lib/plug_signature/signature_string.ex b/lib/plug_signature/signature_string.ex
index 51fb966..0dce2c9 100644
--- a/lib/plug_signature/signature_string.ex
+++ b/lib/plug_signature/signature_string.ex
@@ -3,7 +3,9 @@ defmodule PlugSignature.SignatureString do
 
   def build(conn, signature_opts, algorithm, header_list) do
     signature_string =
-      Enum.map_join(header_list, "\n", &header_part(conn, signature_opts, algorithm, &1))
+      header_list
+      |> Enum.map(&String.downcase/1)
+      |> Enum.map_join("\n", &header_part(conn, signature_opts, algorithm, &1))
 
     {:ok, signature_string}
   rescue
@@ -30,10 +32,11 @@ defmodule PlugSignature.SignatureString do
     "(expires): #{Keyword.fetch!(signature_opts, :expires)}"
   end
 
-  defp header_part(conn, _signature_opts, _algorithm, header)
-       when header not in ["(created)", "(expires)"] do
-    header_name = String.downcase(header)
+  defp header_part(conn, _signature_opts, _algorithm, "host") do
+    "host: #{conn.host}"
+  end
 
+  defp header_part(conn, _signature_opts, _algorithm, header_name) do
     values =
       conn.req_headers
       |> Enum.filter(&match?({^header_name, _}, &1))
diff --git a/test/plug_signature/signature_string_test.exs b/test/plug_signature/signature_string_test.exs
index 09591ee..64ffe11 100644
--- a/test/plug_signature/signature_string_test.exs
+++ b/test/plug_signature/signature_string_test.exs
@@ -255,7 +255,14 @@ defmodule PlugSignature.SignatureStringTest do
         [path, query] -> {path, query}
       end
 
+    host =
+      case List.keyfind(headers, "host", 0) do
+        {"host", host} -> host
+        nil -> nil
+      end
+
     %Plug.Conn{
+      host: host || "www.example.com",
       method: method,
       request_path: request_path,
       query_string: query_string,
diff --git a/test/plug_signature_test.exs b/test/plug_signature_test.exs
index 9ce9fc3..58d4ca1 100644
--- a/test/plug_signature_test.exs
+++ b/test/plug_signature_test.exs
@@ -206,7 +206,7 @@ defmodule PlugSignatureTest do
         conn =
           conn()
           |> with_signature(key, key_id, config)
-          |> put_req_header("host", "example.org")
+          |> Map.put(:host, "example.org")
           |> PlugSignature.call(PlugSignature.init(config))
 
         assert conn.halted