Increased user concern over security and privacy on the Internet has led towidespread adoption of HTTPS, the secure version of HTTP. HTTPS authenticatesthe communicating end points and provides confidentiality for the ensuingcommunication. However, as with any security solution, it does not come forfree. HTTPS may introduce overhead in terms of infrastructure costs,communication latency, data usage, and energy consumption. Moreover, given theopaqueness of the encrypted communication, any in-network value added servicesrequiring visibility into application layer content, such as caches and virusscanners, become ineffective.This paper attempts to shed some light on these costs. First, taking advantageof datasets collected from large ISPs, we examine the accelerating adoption ofHTTPS over the last three years. Second, we quantify the direct and indirectcosts of this evolution. Our results show that, indeed, security does not comefor free. This work thus aims to stimulate discussion on technologies that canmitigate the costs of HTTPS while still protecting the user’s privacy.