They do via the SNI header, but Firefox already includes support for encrypted SNI. So if the server supports that, all the ISP gets is the IP of the server you're connecting to. If that IP only hosts a single domain, then they can still tell, but in other cases (think sites behind Cloudflare, or using shared load balancers), they can't.
Or actually, they might still, using side-channel attacks, but it's significantly harder to accomplish, especially at scale.
Or actually, they might still, using side-channel attacks, but it's significantly harder to accomplish, especially at scale.