diff --git a/core/modules/system/src/Tests/System/TrustedHostsTest.php b/core/modules/system/src/Tests/System/TrustedHostsTest.php
new file mode 100644
index 0000000..aac720f
--- /dev/null
+++ b/core/modules/system/src/Tests/System/TrustedHostsTest.php
@@ -0,0 +1,62 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\system\Tests\System\TrustedHostsTest.
+ */
+
+namespace Drupal\system\Tests\System;
+
+use Drupal\Core\Site\Settings;
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests output on the status overview page.
+ *
+ * @group system
+ */
+class TrustedHostsTest extends WebTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() {
+    parent::setUp();
+
+    $admin_user = $this->drupalCreateUser(array(
+      'administer site configuration',
+    ));
+    $this->drupalLogin($admin_user);
+  }
+
+  /**
+   * Tests that the status page shows a warning when the trusted host setting
+   * is missing from settings.php
+   */
+  public function testStatusPageWithoutConfiguration() {
+    $this->drupalGet('admin/reports/status');
+
+    $this->assertRaw(t('Trusted Host Settings'));
+    $this->assertRaw(t('The trusted_host_patterns setting is not configured in settings.php.'));
+  }
+
+  /**
+   * Tests that the status page shows a warning when the trusted host setting
+   * is missing from settings.php
+   */
+  public function testStatusPageWithConfiguration() {
+    $settings['settings']['trusted_host_patterns'] = (object) array(
+      'value' => array('^' . preg_quote(\Drupal::request()->getHost()) . '$'),
+      'required' => TRUE,
+    );
+
+    $this->writeSettings($settings);
+
+    $this->drupalGet('admin/reports/status');
+    $this->assertResponse(200, 'The status page is reachable.');
+
+    $this->assertRaw(t('Trusted Host Settings'));
+    $this->assertNoRaw(t('The trusted_host_patterns setting is not configured in settings.php.'));
+  }
+
+}
diff --git a/core/modules/system/system.install b/core/modules/system/system.install
index c9ae4c1..4ff27f3 100644
--- a/core/modules/system/system.install
+++ b/core/modules/system/system.install
@@ -611,6 +611,27 @@ function system_requirements($phase) {
       );
     }
   }
+
+  // See if trusted hostnames have been configured, and warn the user if not
+  // set.
+  if ($phase == 'runtime') {
+    $trusted_host_patterns = Settings::get('trusted_host_patterns');
+    if (empty($trusted_host_patterns)) {
+      $requirements['trusted_host_patterns'] = array(
+        'title' => t('Trusted Host Settings'),
+        'value' => t('Not enabled'),
+        'description' => t('The trusted_host_patterns setting is not configured in settings.php. This can lead to security vulnerabilities. It is <strong>highly recommended</strong> that you configure this. See <a href="@url">Protecting against HTTP HOST Header attacks</a> for more information.', array('@url' => 'https://www.drupal.org/node/1992030')),
+        'severity' => REQUIREMENT_WARNING,
+      );
+    }
+    else {
+      $requirements['trusted_host_patterns'] = array(
+        'title' => t('Trusted Host Settings'),
+        'value' => t('Enabled'),
+      );
+    }
+  }
+
   return $requirements;
 }