That's the big thing that pushed me to add LetsEncrypt to my blog. I was on some Belgium sim card and the ISP injected some crap via JavaScript at the top of my website. I couldn't even read it; didn't properly detect language/locale, but it looked like some warning about being near my data limit.