What the various HEARTBLEED BUG checkers can do is determine what server software is using for https access to the server. For example, in the case of https://paypal.com this is the report Detected server software of Apache-Coyote/1.1 That server is known to use OpenSSL and could have been vulnerable. The SSL certificate for www.paypal.com valid 2 months ago at Feb 19 00:00:00 2014 GMT. This is before the heartbleed bug was published, it may need to be regenerated. It is incumbent on Paypal to report the facts.
... View more