Use false SNI fields, DNS requests for all outgoing connections to cdn-hosted websites
if all https requests for sites known to use a specific cdn would be sent to only one domain and use the host header to connect to the real target website, an attacker would only be able to know the cdn but not the actual website the user is accessing.
Trac:
Username: elypter