If you already use paid dynamos (for example, hashing hosts), you can save some costs by using Heroku SSL for free in your application, instead of paying for SSL Endpoint add . This assumes that your application does not need to support really old browsers (see Minimum supported browser versions .
These add-ons mainly provide protocol support for your SSL application with your private domain.
However, no matter which of the above 2 you choose, you still need to purchase an SSL certificate. There are all sorts of different offers for the actual certificate, including free certificates, for example. from Allow Encryption .
See here for instructions on using the free Let Encrypt certificate on Heroku with Heroku SSL.
On the bottom line: if you already use paid dynodes, you can add full SSL support for your Heroku custom domain for free.
If you think this is too confusing, you can pay a few dollars for a service such as Fast SSL , which gives you a certificate (for a monthly fee) and takes care of the whole issue of installing it and updating it on Heroku.