The key idea of domain fronting is the use of different domain names at different layers of communication. In an https request, the destination domain name appears in three relevant places. Ordinarily, the same domain name appears in all three places. In a domain-fronted request, however, the DNS query and SNI carry one name while the HTTP Host header, hidden from the censor by encryption, carries another. post
Broadly speaking, there are three main challenges in proxy-based circumvention: blocking by content, blocking by address, and active probing. Blocking by content is based on what you say, blocking by address is based on whom you talk to, and active probing means the censor acts as a client. A savvy censor will employ all these techniques, and effective circumvention requires countering them all.