For all browsers made in the last 10 years, SNI is sent as part of the SSL/TLS handshake, so the hostname of the site you are trying to connect to is included in the ClientHello and is visible to anyone that can monitor the network.
This is a common and dangerous mistake. The size and timing of requests is visible, as is the hostname. It is straightforward to watch a cafe and identify all the requests corresponding to Wikipedia, and within those the Tienenman Square page.
HTTPS is designed to protect secrets, not privacy. That means short random bitstrings, given that the adversary knows you're passing short random bitstrings---TLS just keeps him from figuring out the actual random content.