diff --git a/pyghmi/ipmi/oem/lenovo/imm.py b/pyghmi/ipmi/oem/lenovo/imm.py
index 1a1febb0..d9f4ba5f 100644
--- a/pyghmi/ipmi/oem/lenovo/imm.py
+++ b/pyghmi/ipmi/oem/lenovo/imm.py
@@ -965,22 +965,20 @@ class XCCClient(IMMClient):
             return None
         if not login:
             return wc
-        srv = self.imm
-        if ':' in srv:
-            srv = '[{0}]'.format(self.imm)
-        referer = 'https://{0}/'.format(srv)
         adata = json.dumps({'username': self.username,
                             'password': self.password
                             })
         headers = {'Connection': 'keep-alive',
-                   'Referer': referer,
+                   'Referer': 'https://xcc/',
+                   'Host': 'xcc',
                    'Content-Type': 'application/json'}
         wc.request('POST', '/api/login', adata, headers)
         rsp = wc.getresponse()
         if rsp.status == 200:
             rspdata = json.loads(rsp.read())
             wc.set_header('Content-Type', 'application/json')
-            wc.set_header('Referer', referer)
+            wc.set_header('Referer', 'https://xcc/')
+            wc.set_header('Host', 'xcc')
             wc.set_header('Authorization', 'Bearer ' + rspdata['access_token'])
             if '_csrf_token' in wc.cookies:
                 wc.set_header('X-XSRF-TOKEN', wc.cookies['_csrf_token'])
diff --git a/pyghmi/redfish/oem/lenovo/xcc.py b/pyghmi/redfish/oem/lenovo/xcc.py
index de62a58f..cea4e181 100644
--- a/pyghmi/redfish/oem/lenovo/xcc.py
+++ b/pyghmi/redfish/oem/lenovo/xcc.py
@@ -463,12 +463,13 @@ class OEMHandler(generic.OEMHandler):
             return None
         if not login:
             return wc
-        referer = 'https://{0}/'.format(wc.thehost)
+        referer = 'https://xcc/'
         adata = json.dumps({'username': self.username,
                             'password': self.password
                             })
         headers = {'Connection': 'keep-alive',
                    'Referer': referer,
+                   'Host': 'xcc',
                    'Content-Type': 'application/json'}
         wc.request('POST', '/api/login', adata, headers)
         rsp = wc.getresponse()
@@ -477,6 +478,7 @@ class OEMHandler(generic.OEMHandler):
             wc.set_header('Content-Type', 'application/json')
             wc.set_header('Authorization', 'Bearer ' + rspdata['access_token'])
             wc.set_header('Referer', referer)
+            wc.set_header('Host', 'xcc')
             if '_csrf_token' in wc.cookies:
                 wc.set_header('X-XSRF-TOKEN', wc.cookies['_csrf_token'])
             return wc
diff --git a/pyghmi/util/webclient.py b/pyghmi/util/webclient.py
index d9e92aee..7994a467 100644
--- a/pyghmi/util/webclient.py
+++ b/pyghmi/util/webclient.py
@@ -141,7 +141,7 @@ class SecureHTTPConnection(httplib.HTTPConnection, object):
             self.cert_reqs = ssl.CERT_NONE  # use custom validation
         else:
             self.cert_reqs = ssl.CERT_REQUIRED  # use standard validation
-        if '[' not in host and '%' in host:
+        if '[' not in host and '%' in host and 'Host'not in self.stdheaders:
             self.stdheaders['Host'] = '[' + host[:host.find('%')] + ']'
 
     def dupe(self):