Comment by rnhmjoj
3 hours ago
> they still see the URL so they can get the content if they want it
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
Surely your ISP can see every URL you visit if they have a reason to? They're routing the traffic.
No they can't. They obviously know the IP addresses, but that's not terribly useful since everything is behind a cloudflare proxy nowadays. The server hostname may provide some more information, if the server doesn't support ECH [1], but the full URL is encrypted.
https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...
Routing only shows the server IP address, which isn’t very useful if it is AWS or Azure or CloudFlare or some other CDN.