diff --git a/pkg/util/vhost/https_proxy.go b/pkg/util/vhost/https_proxy.go
index e4b96f7c..9c199b2b 100644
--- a/pkg/util/vhost/https_proxy.go
+++ b/pkg/util/vhost/https_proxy.go
@@ -1,4 +1,4 @@
-// Copyright 2024 Satyajeet Singh, jeet.0733@gmail.com
+// Copyright 2025 Satyajeet Singh, jeet.0733@gmail.com
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -113,16 +113,13 @@ func (rp *HTTPSReverseProxy) getVhost(domain string) (*Router, bool) {
 
 	domain = strings.ToLower(domain)
 
-	// First we check the full hostname
-	// if not exist, then check the wildcard_domain such as *.example.com
+	// Check the full hostname, if not exist, check the wildcard_domain such as *.example.com
 	vr, ok := findRouter(domain)
 	if ok {
 		return vr, ok
 	}
 
-	// e.g. domain = test.example.com, try to match wildcard domains.
-	// *.example.com
-	// *.com
+	// e.g. domain = test.example.com, try to match wildcard domains. *.example.com, *.com
 	domainSplit := strings.Split(domain, ".")
 	for len(domainSplit) >= 3 {
 		domainSplit[0] = "*"
diff --git a/server/group/https.go b/server/group/https.go
index a22c2996..099664cb 100644
--- a/server/group/https.go
+++ b/server/group/https.go
@@ -1,4 +1,4 @@
-// Copyright 2024 Satyajeet Singh, jeet.0733@gmail.com
+// Copyright 2025 Satyajeet Singh, jeet.0733@gmail.com
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -101,7 +101,28 @@ func (g *HTTPSGroup) Register(
 	defer g.mu.Unlock()
 	if len(g.createFuncs) == 0 {
 		// the first proxy in this group
-		tmp := routeConfig // copy object
+		// Create a deep copy to avoid shared state
+		tmp := vhost.RouteConfig{
+			Domain:          routeConfig.Domain,
+			Location:        routeConfig.Location,
+			RewriteHost:     routeConfig.RewriteHost,
+			Username:        routeConfig.Username,
+			Password:        routeConfig.Password,
+			RouteByHTTPUser: routeConfig.RouteByHTTPUser,
+		}
+		// Deep copy maps to avoid shared state
+		if routeConfig.Headers != nil {
+			tmp.Headers = make(map[string]string, len(routeConfig.Headers))
+			for k, v := range routeConfig.Headers {
+				tmp.Headers[k] = v
+			}
+		}
+		if routeConfig.ResponseHeaders != nil {
+			tmp.ResponseHeaders = make(map[string]string, len(routeConfig.ResponseHeaders))
+			for k, v := range routeConfig.ResponseHeaders {
+				tmp.ResponseHeaders[k] = v
+			}
+		}
 		tmp.CreateConnFn = g.createConn
 		tmp.ChooseEndpointFn = g.chooseEndpoint
 		tmp.CreateConnByEndpointFn = g.createConnByEndpoint
diff --git a/server/proxy/https.go b/server/proxy/https.go
index 374e6570..b46e6a68 100644
--- a/server/proxy/https.go
+++ b/server/proxy/https.go
@@ -54,7 +54,7 @@ func NewHTTPSProxy(baseProxy *BaseProxy) Proxy {
 
 func (pxy *HTTPSProxy) Run() (remoteAddr string, err error) {
 	xl := pxy.xl
-	routeConfig := vhost.RouteConfig{
+	routeConfig := &vhost.RouteConfig{
 		CreateConnFn: pxy.GetRealConn,
 	}
 
@@ -76,17 +76,19 @@ func (pxy *HTTPSProxy) Run() (remoteAddr string, err error) {
 
 		// handle group
 		if pxy.cfg.LoadBalancer.Group != "" {
-			err = pxy.rc.HTTPSGroupCtl.Register(pxy.name, pxy.cfg.LoadBalancer.Group, pxy.cfg.LoadBalancer.GroupKey, routeConfig)
+			err = pxy.rc.HTTPSGroupCtl.Register(pxy.name, pxy.cfg.LoadBalancer.Group, pxy.cfg.LoadBalancer.GroupKey, *routeConfig)
 			if err != nil {
 				return
 			}
 
-			pxy.closeFuncs = append(pxy.closeFuncs, func() {
-				pxy.rc.HTTPSGroupCtl.UnRegister(pxy.name, pxy.cfg.LoadBalancer.Group, tmpRouteConfig)
-			})
+			pxy.closeFuncs = append(pxy.closeFuncs, func(cfg vhost.RouteConfig) func() {
+				return func() {
+					pxy.rc.HTTPSGroupCtl.UnRegister(pxy.name, pxy.cfg.LoadBalancer.Group, cfg)
+				}
+			}(*tmpRouteConfig))
 		} else {
 			// no group - use direct muxer
-			l, errRet := pxy.rc.VhostHTTPSMuxer.Listen(pxy.ctx, &routeConfig)
+			l, errRet := pxy.rc.VhostHTTPSMuxer.Listen(pxy.ctx, routeConfig)
 			if errRet != nil {
 				err = errRet
 				return
@@ -106,17 +108,19 @@ func (pxy *HTTPSProxy) Run() (remoteAddr string, err error) {
 
 		// handle group
 		if pxy.cfg.LoadBalancer.Group != "" {
-			err = pxy.rc.HTTPSGroupCtl.Register(pxy.name, pxy.cfg.LoadBalancer.Group, pxy.cfg.LoadBalancer.GroupKey, routeConfig)
+			err = pxy.rc.HTTPSGroupCtl.Register(pxy.name, pxy.cfg.LoadBalancer.Group, pxy.cfg.LoadBalancer.GroupKey, *routeConfig)
 			if err != nil {
 				return
 			}
 
-			pxy.closeFuncs = append(pxy.closeFuncs, func() {
-				pxy.rc.HTTPSGroupCtl.UnRegister(pxy.name, pxy.cfg.LoadBalancer.Group, tmpRouteConfig)
-			})
+			pxy.closeFuncs = append(pxy.closeFuncs, func(cfg vhost.RouteConfig) func() {
+				return func() {
+					pxy.rc.HTTPSGroupCtl.UnRegister(pxy.name, pxy.cfg.LoadBalancer.Group, cfg)
+				}
+			}(*tmpRouteConfig))
 		} else {
 			// no group - use direct muxer
-			l, errRet := pxy.rc.VhostHTTPSMuxer.Listen(pxy.ctx, &routeConfig)
+			l, errRet := pxy.rc.VhostHTTPSMuxer.Listen(pxy.ctx, routeConfig)
 			if errRet != nil {
 				err = errRet
 				return