It's more like all non-HSTS traffic, unless you're paying extremely close attention. Otherwise a man in the middle attacker can just pretend the server doesn't support HTTPS and serve the page via HTTP.
And even when you're using HTTPS you're still leaking DNS queries etc.
Even when you're using SSL/TLS the traffic can still be seen on the network. The difference is that a sniffer will see cipher text rather than plain text.
And even when you're using HTTPS you're still leaking DNS queries etc.