
Using HTTPS? The URL may not be fully encrypted, hence can be tracked - sci_c0
https://stackoverflow.com/a/38727920
======
sci_c0
When request is made over HTTPS, the server name in the URL may not be
encrypted, only the path to the resource will be encrypted.

i.e.

if you type
[https://www.example.com/path/to/my/resource?show=pretty](https://www.example.com/path/to/my/resource?show=pretty)
then the www.example.com may be sent in plain text only the path part will be
encrypted.

------
Piskvorrr
TL;DR: SNI sends _hostname_ (not whole URL) in plaintext, ESNI (encrypted) is
not widely supported (not in Chrome, off by default in Firefox, visited domain
also needs to support it).

