The initial HTTPS session established presents the hostname unencrypted, that's how you can have multiple websites on a single IP address, until TLS1.3 gets wide adoption *and* sysadmins know to enable the features *and* browsers use them. Then, just tracking the ports on each side of the connection will let you know at least how much traffic is sent and pulled from what hostname. They absolutely know how long you visited the site, because either the established session maintains on the established ports during the initial handshake, or you have to establish a new handshake each time and the hostname again goes out plaintext.
If your $50 linksys can keep track of a session, you ISP can as well.
Now your ISP *and* CloudFlare know you're on Zillow, that's twice as many people to sell your information to advertisers.