> As far as I know they haven't injected anything into my SSL/TLS traffic... yet.

You say that as if it were even possible. Or are you referring to the use of SSL stripping?

HSTS preloading (or visiting a site with HSTS headers that you've previously visit) will protect you from even that.