Why Can’t You Access a Website Directly by Its IP? The Hidden Role of the Host Header

When you visit a website, the client first resolves the domain name to an IP address and then uses that IP for HTTP communication.

One might wonder: if the IP is already known, can the DNS lookup be skipped and the site be accessed directly via the IP?

Using Baidu as an example, a ping to its domain returns the IP 14.119.104.189 . Trying to open https://14.119.104.189 in a browser results in a rejection.

The failure occurs because the HTTP request sent by the client differs when using a domain name versus an IP address, allowing the server to detect the direct‑IP access.

To investigate, HTTPS traffic was captured with Fiddler, revealing the request headers for both methods.

First, a request to the domain was made, then a request to the IP address. Comparing the two captures shows only two header fields differ: Host and Cookie.

The discrepancy in the Host header is the key factor.

Using Postman to send a request to https://14.119.104.189 returns a 403 error. Modifying the Host header in Postman to www.baidu.com and resending the request succeeds.

Thus, the client includes the target server address in the Host header. When a domain name is used, the header contains the domain; when an IP address is used, it contains the IP. The server uses this header to determine whether the request came via a domain or directly via an IP.

Finally, accessing https://14.119.104.189 in a browser triggers an SSL warning because the certificate presented is for www.baidu.com, not the IP address.