You may want to update this answer with the fact that TLS one.3 encrypts the SNI extension, and the largest CDN is accomplishing just that: weblog.cloudflare.com/encrypted-sni Of course a packet sniffer could just do a reverse-dns lookup with the IP addresses you might be connecting to. Observe however (as also https://https-jdmengineforsale-co68774.bloggazza.com/36543985/the-best-side-of-https-jdmengineforsale-com-product-jdm-mitsubishi-turbo-4g63t-engine-for-sale