I had no clue the URL was encrypted too. So how does DNS work? Or does it send through plaintext the name of the server, and the rest of the URL has to be encrypted by the endpoint.
The domain name is not encrypted, but the path and querystring are.
So, a spy watching your https traffic knows that you're interacting with news.ycombinator.com (and possibly other things), but they don't know anything that goes after the `/`: which thread, whether you're POSTing or GETting, or of course any of the content.
So, a spy watching your https traffic knows that you're interacting with news.ycombinator.com (and possibly other things), but they don't know anything that goes after the `/`: which thread, whether you're POSTing or GETting, or of course any of the content.