I disagree. Most HTTP configs I've seen use virtual hosts, which means that the correct Host header is the only way to get the server to send the request to the right site.
(When dealing with SSL, then things are different, because you can't authenticate the connection until you get the cert, you can't send data until the connection is authenticated, and the server can't give you the right cert until it gets the Host. Fundamental conflict, leading to one-IP-per-domain-name, or a pricey wildcard certificate. So in that case, the server doesn't care much about Host anymore, but you are still protected because the domain name that the browser sees has to match the one in the cert, or the browser gives you the OH NOES dialog. But I digress.)
(When dealing with SSL, then things are different, because you can't authenticate the connection until you get the cert, you can't send data until the connection is authenticated, and the server can't give you the right cert until it gets the Host. Fundamental conflict, leading to one-IP-per-domain-name, or a pricey wildcard certificate. So in that case, the server doesn't care much about Host anymore, but you are still protected because the domain name that the browser sees has to match the one in the cert, or the browser gives you the OH NOES dialog. But I digress.)