What Can Your ISP See? Everything Your Internet Provider Knows (and How to Hide It)

You have probably heard that your internet provider "tracks everything you do." You have also probably heard that HTTPS and incognito mode keep you private. Both claims are half-true, and the gap between them is exactly where most people misunderstand their own privacy.

This guide explains, in plain terms, what your ISP can actually see, what it can't, and the few steps that genuinely close the gap — without the fear-mongering that VPN ads usually wrap it in.

Quick answer

Your ISP can see every domain you connect to (like netflix.com or your-bank.com), when you connected, how much data you used, and how long you stayed connected — even on HTTPS sites and even in incognito mode. It cannot see the specific pages, messages, passwords, or content on any properly encrypted (HTTPS) site. The single most effective way to hide your activity from your ISP is a VPN, which replaces all of that visible detail with one encrypted connection.

Curious which company is actually your ISP right now? The What Is My ISP tool shows the provider, network type, and ASN behind your connection the way the outside world sees it.

What your ISP can see

Your ISP sits between your device and the rest of the internet. Every request leaves your home through their equipment, so a certain amount of metadata is unavoidable. Here is the full picture:

The key idea: HTTPS hides the what, not the where. Your provider knows you visited a domain and how much you downloaded — it just can't read what happened inside the encrypted session.

Why incognito doesn't help

Incognito or private browsing only stops your own browser from saving history, cookies, and form data on your device. The network request still travels through your ISP identically. Incognito protects you from the next person to use your laptop — not from your provider. We break this down further in what can someone do with your IP address.

The DNS leak most people miss

Even with HTTPS everywhere, your device usually asks a DNS resolver to turn example.com into an IP address — and by default that resolver belongs to your ISP. That lookup is a plain-text record of every domain you visit. You can see which resolver is answering your queries with the What Is My DNS tool, and learn how encrypted DNS closes this gap in DNS resolution and DNS-over-HTTPS explained.

What your ISP cannot see

To keep this proportionate, here is what your provider does not get, as long as you stick to HTTPS sites (which is virtually all major sites in 2026):

• The content of your messages, emails, or chats on encrypted services.
• Your passwords or what you type into a secure login form.
• The specific pages you read on a site — only that you visited the domain.
• Anything inside an app's encrypted traffic — only which servers it talks to.

So the honest summary is: your ISP builds a map of where you go, not a transcript of what you do.

Does your ISP actually store and sell this?

This depends heavily on where you live:

Even where selling is restricted, many countries have data-retention laws that require ISPs to keep connection metadata for months or years, available to law enforcement on request. That's the same legal pathway covered in what can someone do with your IP address: your ISP is the one party that can tie an IP and a browsing trail to your real identity.

How to hide your activity from your ISP

There is a clear hierarchy here. Most of the privacy comes from the first step.

1. Use a VPN (the single biggest win)

A VPN wraps all your traffic in an encrypted tunnel to the VPN's server. Your ISP then sees one thing: an encrypted connection to a VPN. The domains, the timing detail, the per-site bandwidth — all of it disappears into that single tunnel. This is the one step that turns your ISP's "map of where you go" into a blank page. Learn exactly how it works in what is a VPN and how it changes your IP.

2. Confirm your VPN isn't leaking

A VPN only helps if it actually carries everything. DNS leaks and WebRTC leaks can quietly send some requests around the tunnel, straight to your ISP. Run the VPN/DNS leak test to confirm your real IP and DNS aren't slipping through, and fix any leaks with how to fix a VPN leak.

3. Use encrypted DNS even without a VPN

If you don't want a full VPN, switching to DNS-over-HTTPS (DoH) hides your domain lookups from your ISP, removing the easiest part of their visibility. It doesn't hide the connection itself, but it closes the plainest-text leak. See DNS resolution and DNS-over-HTTPS explained.

4. Make sure you're on HTTPS

Modern browsers default to HTTPS, but if a site loads over plain http://, your ISP can read the full content. Stick to HTTPS and avoid entering sensitive data on any page without the lock icon.

A quick way to sanity-check your setup

The fastest reality check takes ten seconds:

1. Open the What Is My ISP tool. It shows your current provider and whether the network looks like a normal residential ISP or a VPN/datacenter.
2. Turn on your VPN and refresh. The ISP name should change to the VPN's hosting company and the network classification should flip to datacenter / hosting — that confirms your traffic is routing through the tunnel.
3. Run the VPN/DNS leak test to confirm nothing leaks around it.

If step 2 still shows your home broadband, your VPN isn't routing your browser traffic — and your ISP can still see everything.

The bottom line

Your ISP can see the domains, timing, and volume of your traffic, even on HTTPS and even in incognito — but not the content of encrypted sites. Incognito mode does nothing against your provider; HTTPS hides the what but not the where; and a leak-free VPN is the one tool that genuinely hides your activity. Start by seeing what your connection reveals on the What Is My ISP tool, then lock it down with the VPN/DNS leak test.