You might want to update this answer with The truth that TLS 1.3 encrypts the SNI extension, and the most important CDN is doing just that: website.cloudflare.com/encrypted-sni Not surprisingly a packet sniffer could just do a reverse-dns lookup with the IP addresses you're connecting to. You can use OpenDNS with https://oliverm345fyo7.popup-blog.com/profile
