Only attackers and automated intrusion tools connect to a webserver without sending a valid HTTP Host: header.