What is SNI (Server Name Indication)?
A TLS extension that reveals which website you're connecting to in plaintext, even when the connection is encrypted.
When you connect to an HTTPS website, SNI tells the server which site you want before encryption begins. This leaks the domain name to anyone watching your traffic.
Why SNI Exists
- Multiple websites can share a single IP address
- The server needs to know which site you want to serve the right certificate
- This negotiation happens before the encrypted tunnel is established
Privacy Impact
- Your ISP can see every HTTPS site you visit via SNI
- Censors can selectively block specific sites while allowing others on the same IP
- A VPN hides SNI from your ISP but the VPN provider can still see it
Encrypted Client Hello (ECH)
- Formerly called ESNI (Encrypted SNI)
- Encrypts the SNI field so observers can't see which site you're connecting to
- Supported in Firefox and Chrome with compatible servers
- Not yet widely deployed
Related Terms
DNS over HTTPS
A protocol for performing DNS resolution via the HTTPS protocol. It encrypts DNS queries, preventing ISPs, network administrators, and attackers from seeing which websites you're trying to visit.
HTTPS
Hypertext Transfer Protocol Secure is the encrypted version of HTTP, the protocol used to transfer data between your browser and websites. HTTPS uses TLS encryption to protect the confidentiality and integrity of data in transit, preventing eavesdropping and tampering.
TLS
Transport Layer Security is a cryptographic protocol designed to provide secure communication over a computer network. TLS encrypts the connection between your browser and web servers, ensuring privacy and data integrity. It's the technology behind HTTPS.
Have more questions?
Use our guided flow to get the right next privacy step for SNI (Server Name Indication).
Open Guided Flow