You may want to update this response with The truth that TLS one.3 encrypts the SNI extension, and the largest CDN is undertaking just that: blog site.cloudflare.com/encrypted-sni Naturally a packet sniffer could just do a reverse-dns lookup for the IP addresses you're connecting to.Take note however the DNS resolve in the URL is most likely not en