You may want to update this reply with The point that TLS 1.3 encrypts the SNI extension, and the greatest CDN is accomplishing just that: weblog.cloudflare.com/encrypted-sni Not surprisingly a packet sniffer could just do a reverse-dns lookup with the IP addresses you're connecting to. Note on the other hand (as https://joshual736omk8.homewikia.com/user
