How To Enable DNS over HTTPS on Windows 11 and Prevent Anyone from Seeing What You Visit

Leave a Comment / Windows-11 / / By

1.🚨 Incognito Mode Is Not Enough: Your Browsing Is Still Exposed

Many users believe that: Incognito mode = privacy,  HTTPS (the lock icon) = full security. But this is only partially true. Even with HTTPS:  Your DNS requests are still sent in plain text. This means:

  1. Routers can log your activity
  2. Public WiFi admins can track visited domains
  3. Attackers can intercept your browsing patterns

👉 Conclusion: HTTPS protects content, but not your destination.

2. 🧠 Understanding DNS: The Hidden Privacy Leak

Let’s simplify DNS with an analogy:

  1. Website domain = Restaurant name
  2. DNS server = Food delivery platform
  3. IP address = Actual location

When you browse:

  1. You ask DNS: “Where is this website?”
  2. DNS responds with an IP
  3. Your browser connects

The problem:

  1. 👉 Your request to DNS is NOT encrypted
  2. So others can see:  “This user is visiting this specific website”

3. 🔐 The Built-in Solution: DNS over HTTPS (DoH)

Windows 11 includes a powerful feature: 👉 DNS over HTTPS (DoH)

What it does:

  1. Encrypts DNS queries
  2. Hides domain names
  3. Prevents tracking and spying

Key advantages:

  1. Works system-wide
  2. No extra software needed
  3. More reliable than browser extensions
  4. Completely free

👉 Conclusion: DoH hides where you are going online.

4. 🛠️ Step-by-Step Guide to Enable DoH on Windows 11

Step 1: Open Network Settings

  1. Open “Settings”
  2. Go to “Network & Internet”

Step 2: Select Your Network

  1. Ethernet → Click “Ethernet”
  2. WiFi → Click “WLAN”

Then open the detailed settings page

Step 3: Edit DNS Settings

  1. Find “DNS server assignment”
  2. Click “Edit”
  3. Switch to “Manual”
  4. Enable: IPv4,  IPv6 (optional but recommended)

Step 4: Configure DoH DNS

  1. Enter: Preferred DNS: `1.1.1.1`
  2. Alternate DNS: `1.0.0.1`
  3. Then: Set “DNS over HTTPS” to: Automatic (encrypted)
  4. IMPORTANT: Turn off  “Fallback to unencrypted requests”👉 This prevents privacy leaks

Step 5: Save Changes

  1. Click “Save” — setup complete.

5. 🔍 Verification: See the Difference Yourself

Using a packet capture tool:

Before DoH:

  1. Domain names visible (e.g., google.com)
  2. DNS queries in plain text

After DoH:

  1. No domain names visible
  2. Only encrypted HTTPS traffic (port 443)

👉 Conclusion: Your browsing targets are now invisible.

6. 🎯 Final Takeaway: Real Privacy Without VPN

With this setup, you achieve:

  1. ✅ Encrypted DNS queries
  2. ✅ Protection on public WiFi
  3. ✅ System-wide security
  4. ✅ Zero cost

👉 Final thought: You don’t need a VPN to significantly improve your privacy—Windows 11 already gives you the tools.

7. Demo Video

You can watch the following demo video by select the subtitle to your preferred subtitle language.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.