> they still see the URL so they can get the content if they want it

That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.

▲

pc86 an hour ago | parent [-]

Surely your ISP can see every URL you visit if they have a reason to? They're routing the traffic.

	▲	rnhmjoj an hour ago \| parent \| next [-]
		No they can't. They obviously know the IP addresses, but that's not terribly useful since everything is behind a cloudflare proxy nowadays. The server hostname may provide some more information, if the server doesn't support ECH [1], but the full URL is encrypted. https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...
	▲	NetMageSCW an hour ago \| parent \| prev [-]
		Routing only shows the server IP address, which isn’t very useful if it is AWS or Azure or CloudFlare or some other CDN.