It works at the DNS level, i.e. DNS requests to ad network domains are blocked. It is not able to block first party tracking requests like ad blocking browser extensions can.
As a general rule of thumb, I consider DNS-level blocking like pi-hole a defense-in-depth strategy only. It's great for situations where you cannot install a regular blocker plugin (e.g. IoT, or webpages inside applications instead of in a browser), but if you can, you absolutely want to use a dedicated tracking blocker in addition to pi-hole.
Pi-hole can block websites on HTTPS. The only inconvenience is that you will not get an informative 'block page', but you get a standard browser-generated error page instead. Pi-hole does not generate SSL certificates on the fly like intercepting proxies do.