You might want to update this response with The truth that TLS one.three encrypts the SNI extension, and the biggest CDN is accomplishing just that: web site.cloudflare.com/encrypted-sni Not surprisingly a packet sniffer could just do a reverse-dns lookup for the IP addresses you might be connecting to.This could adjust in future with encrypted SNI