Question
I have implemented HSTS in my webserver configuration, and this is working as expected for domain URLs. However, when I test for HSTS availability using an IP address URL such as https://203.0.113.5/, HSTS is not available. Why is this?
Answer
Per RFC 6797, HSTS hosts are identified by domain names. Identification by IP addresses is not available.
Further reading in this regard can be found below:
RFC 6797 - HTTP Strict Transport Security (HSTS)