If I have example.com in my DNS suffix search list and I open a browser and type www then the browser will talk to the OS which will talk to DNS; if www fails to resolve, my OS will append the items from my suffix search list until one succeeds; www.example.com succeeds so I get an IP which my request will be sent to.
However, looking at the request my browser sends, the host header is set to www as that's what was typed in the address bar, even though that's not the FQDN that was eventually resolved to the IP. This means that if the web server uses hostname binding it has to listen for www as well as the FQDN of www.example.com, or it will fail to recognise the request as being one it should handle.
Do any browsers have functionality to automatically get the resolved FQDN back from the OS / are there any settings that can be tweaked to enable this? If there isn't such functionality, is there a reason (e.g. perhaps the OS doesn't expose info on the FQDN which successfully resolved for some security reason?), or is this scenario just too niche for anyone to have implemented?
I'd say it is too niche, but also, a security reason. The host name from the user-provided URL isn't only used for the HTTP Host header; it is also used to match the server's TLS certificate and to select the server's Kerberos principal – two features where the goal is to prevent impersonation of the server by active network attackers.
When you consider that Windows attempts the DNS suffix even with names one would consider qualified (e.g. it will expand www.google.com to www.google.com.example.com), you can see where this might lead – a rogue DNS server redirects you to a different server that has a certificate for www.google.com.example.com and the browser would accept it, even though that's not what the user visited?
(The usual system resolver does provide the full name, e.g. ai_canonname in getaddrinfo(), and actually Unix Kerberos still trusts DNS for this – mitigated only by the closed nature of Kerberos principal registration – but the point still holds for TLS and for Windows Kerberos.)