Angela Pan

No — the domain name is usually not encrypted in standard HTTPS.

What HTTPS does encrypt

Once a secure connection is established, HTTPS encrypts:

The URL path (e.g., /login, /dashboard)
Query parameters
Headers
Request and response body (like passwords, form data, etc.)

What is not encrypted

Before encryption begins, the browser has to set up the connection. During this phase:

A DNS lookup reveals the domain name
The domain is also sent during the TLS handshake using SNI (Server Name Indication)

Because of this, observers (like ISPs or network admins) can still see:

Which website you’re visiting (the domain name)
But not what you’re doing on the site

Is this improving?

Yes. A newer feature called Encrypted Client Hello (ECH) aims to encrypt the domain name during the TLS handshake. However, it’s still not widely adopted yet.

The takeaway

HTTPS protects your data, but it doesn’t fully hide the destination — at least for now.