Mustafa Al-Bassam created this list. He deserves all the credit. I just converted it to a table and sorted by Heartbleed vulnerability status. According to Musalbas, this list was valid as of April 8, 2014 12:00 UTC. Vulnerability status may have changed since then. To check if a site is still vulnerable, use this tool.
Jump to: vulnerable | not vulnerable | no SSL | resources
[stripe html_class=”light-grey”]Websites Affected by Heartbleed Bug
These websites were identified as vulnerable by Musalbas’ list. As noted, they may have updated their software and may no longer be vulnerable. Please use the above tool to verify.
Notable
- 500px.com
- addthis.com
- archive.org
- duckduckgo.com
- elegantthemes.com
- entrepreneur.com
- eventbrite.com
- flickr.com
- imgur.com
- okcupid.com
- slate.com
- squidoo.com
- stackexchange.com
- stackoverflow.com
- usmagazine.com
- wetransfer.com
- yahoo.com
Full List
| 123rf.com | vulnerable |
| 500px.com | vulnerable |
| addthis.com | vulnerable |
| adf.ly | vulnerable |
| amung.us | vulnerable |
| archive.org | vulnerable |
| avazutracking.net | vulnerable |
| avito.ru | vulnerable |
| beeg.com | vulnerable |
| digitalpoint.com | vulnerable |
| dreamstime.com | vulnerable |
| duckduckgo.com | vulnerable |
| elegantthemes.com | vulnerable |
| entrepreneur.com | vulnerable |
| eventbrite.com | vulnerable |
| flickr.com | vulnerable |
| fool.com | vulnerable |
| hidemyass.com | vulnerable |
| imgur.com | vulnerable |
| kaskus.co.id | vulnerable |
| kickass.to | vulnerable |
| leo.org | vulnerable |
| m-w.com | vulnerable |
| okcupid.com | vulnerable |
| outbrain.com | vulnerable |
| pch.com | vulnerable |
| petflow.com | vulnerable |
| picmonkey.com | vulnerable |
| popads.net | vulnerable |
| redtube.com | vulnerable |
| scoop.it | vulnerable |
| seznam.cz | vulnerable |
| sh.st | vulnerable |
| slate.com | vulnerable |
| sogou.com | vulnerable |
| squidoo.com | vulnerable |
| stackexchange.com | vulnerable |
| stackoverflow.com | vulnerable |
| steamcommunity.com | vulnerable |
| suning.com | vulnerable |
| usmagazine.com | vulnerable |
| web.de | vulnerable |
| wetransfer.com | vulnerable |
| xda-developers.com | vulnerable |
| yahoo.com | vulnerable |
| yts.re | vulnerable |
| zeobit.com | vulnerable |
| zoho.com | vulnerable |
Jump to: vulnerable | not vulnerable | no SSL | resources
Websites Not Vulnerable
According to Musalbas’ test, these websites are not vulnerable, presumably because they do not use OpenSSL. You’ll notice Facebook and every Google and Amazon property on this list. Good news for most casual web users.
Notable
- abcnews.go.com
- adobe.com
- amazon.com
- americanexpress.com
- android.com
- bankofamerica.com
- basecamp.com
- bbc.com
- blogger.com
- bloomberg.com
- businessinsider.com
- capitalone.com
- chase.com
- constantcontact.com
- craigslist.org
- deviantart.com
- disney.go.com
- dropbox.com
- espn.go.com
- etsy.com
- facebook.com
- fedex.com
- foursquare.com
- foxnews.com
- gawker.com
- github.com
- google.com
- groupon.com
- hootsuite.com
- hostgator.com
- hulu.com
- instagram.com
- intuit.com
- jquery.com
- mailchimp.com
- mashable.com
- nbcnews.com
- pandora.com
- paypal.com
- pinterest.com
- quora.com
- reddit.com
- salesforce.com
- shopify.com
- southwest.com
- spotify.com
- squarespace.com
- stumbleupon.com
- t.co (twitter)
- techcrunch.com
- ted.com
- ticketmaster.com
- tripadvisor.com
- tumblr.com
- twitter.com
- wordpress.com
- wordpress.org
- wsj.com
- youtube.com
Full List
| 1und1.de | not vulnerable |
| 4dsply.com | not vulnerable |
| 4shared.com | not vulnerable |
| 56.com | not vulnerable |
| 9gag.com | not vulnerable |
| abcnews.go.com | not vulnerable |
| acesse.com | not vulnerable |
| ad6media.fr | not vulnerable |
| adcash.com | not vulnerable |
| adobe.com | not vulnerable |
| aftonbladet.se | not vulnerable |
| agoda.com | not vulnerable |
| ahrefs.com | not vulnerable |
| amazon.ca | not vulnerable |
| amazon.cn | not vulnerable |
| amazon.co.jp | not vulnerable |
| amazon.co.uk | not vulnerable |
| amazon.com | not vulnerable |
| amazon.de | not vulnerable |
| amazon.es | not vulnerable |
| amazon.fr | not vulnerable |
| amazon.in | not vulnerable |
| amazon.it | not vulnerable |
| ameba.jp | not vulnerable |
| americanexpress.com | not vulnerable |
| android.com | not vulnerable |
| answers.com | not vulnerable |
| att.com | not vulnerable |
| avast.com | not vulnerable |
| aweber.com | not vulnerable |
| badoo.com | not vulnerable |
| bankofamerica.com | not vulnerable |
| basecamp.com | not vulnerable |
| battle.net | not vulnerable |
| bbc.co.uk | not vulnerable |
| bbc.com | not vulnerable |
| bestbuy.com | not vulnerable |
| bhaskar.com | not vulnerable |
| bhphotovideo.com | not vulnerable |
| biblegateway.com | not vulnerable |
| billdesk.com | not vulnerable |
| bitly.com | not vulnerable |
| bleacherreport.com | not vulnerable |
| blogger.com | not vulnerable |
| bloglovin.com | not vulnerable |
| blogspot.com | not vulnerable |
| blogspot.com.ar | not vulnerable |
| blogspot.com.br | not vulnerable |
| blogspot.com.es | not vulnerable |
| blogspot.com.tr | not vulnerable |
| blogspot.de | not vulnerable |
| blogspot.in | not vulnerable |
| blogspot.jp | not vulnerable |
| blogspot.ru | not vulnerable |
| bloomberg.com | not vulnerable |
| bluehost.com | not vulnerable |
| bodybuilding.com | not vulnerable |
| booking.com | not vulnerable |
| box.com | not vulnerable |
| businessinsider.com | not vulnerable |
| capitalone.com | not vulnerable |
| careerbuilder.com | not vulnerable |
| cbslocal.com | not vulnerable |
| change.org | not vulnerable |
| chase.com | not vulnerable |
| chaturbate.com | not vulnerable |
| chron.com | not vulnerable |
| clarin.com | not vulnerable |
| clickbank.com | not vulnerable |
| clixsense.com | not vulnerable |
| clkmon.com | not vulnerable |
| cnbc.com | not vulnerable |
| conduit.com | not vulnerable |
| constantcontact.com | not vulnerable |
| cracked.com | not vulnerable |
| craigslist.org | not vulnerable |
| csdn.net | not vulnerable |
| css-tricks.com | not vulnerable |
| custhelp.com | not vulnerable |
| dafont.com | not vulnerable |
| dailymotion.com | not vulnerable |
| deezer.com | not vulnerable |
| delta.com | not vulnerable |
| detik.com | not vulnerable |
| deviantart.com | not vulnerable |
| dict.cc | not vulnerable |
| digg.com | not vulnerable |
| disney.go.com | not vulnerable |
| disqus.com | not vulnerable |
| domaintools.com | not vulnerable |
| doubleclick.com | not vulnerable |
| doublepimp.com | not vulnerable |
| dropbox.com | not vulnerable |
| ehowenespanol.com | not vulnerable |
| elance.com | not vulnerable |
| empowernetwork.com | not vulnerable |
| ensonhaber.com | not vulnerable |
| espn.go.com | not vulnerable |
| etsy.com | not vulnerable |
| ettoday.net | not vulnerable |
| europa.eu | not vulnerable |
| evernote.com | not vulnerable |
| examiner.com | not vulnerable |
| extratorrent.cc | not vulnerable |
| ezinearticles.com | not vulnerable |
| eztv.it | not vulnerable |
| facebook.com | not vulnerable |
| fbcdn.net | not vulnerable |
| fc2.com | not vulnerable |
| fedex.com | not vulnerable |
| feedly.com | not vulnerable |
| fhserve.com | not vulnerable |
| fidelity.com | not vulnerable |
| files.wordpress.com | not vulnerable |
| firedrive.com | not vulnerable |
| fiverr.com | not vulnerable |
| flipkart.com | not vulnerable |
| focus.de | not vulnerable |
| fotolia.com | not vulnerable |
| foursquare.com | not vulnerable |
| foxnews.com | not vulnerable |
| free-tv-video-online.me | not vulnerable |
| free.fr | not vulnerable |
| freelancer.com | not vulnerable |
| gameforge.com | not vulnerable |
| gamespot.com | not vulnerable |
| gawker.com | not vulnerable |
| getresponse.com | not vulnerable |
| github.com | not vulnerable |
| gizmodo.com | not vulnerable |
| glassdoor.com | not vulnerable |
| gome.com.cn | not vulnerable |
| goo.gl | not vulnerable |
| goodreads.com | not vulnerable |
| google.ae | not vulnerable |
| google.at | not vulnerable |
| google.az | not vulnerable |
| google.be | not vulnerable |
| google.bg | not vulnerable |
| google.by | not vulnerable |
| google.ca | not vulnerable |
| google.ch | not vulnerable |
| google.cl | not vulnerable |
| google.co.hu | not vulnerable |
| google.co.id | not vulnerable |
| google.co.il | not vulnerable |
| google.co.in | not vulnerable |
| google.co.jp | not vulnerable |
| google.co.kr | not vulnerable |
| google.co.nz | not vulnerable |
| google.co.th | not vulnerable |
| google.co.uk | not vulnerable |
| google.co.ve | not vulnerable |
| google.co.za | not vulnerable |
| google.com | not vulnerable |
| google.com.ar | not vulnerable |
| google.com.au | not vulnerable |
| google.com.bd | not vulnerable |
| google.com.br | not vulnerable |
| google.com.co | not vulnerable |
| google.com.do | not vulnerable |
| google.com.ec | not vulnerable |
| google.com.eg | not vulnerable |
| google.com.hk | not vulnerable |
| google.com.kw | not vulnerable |
| google.com.ly | not vulnerable |
| google.com.mx | not vulnerable |
| google.com.my | not vulnerable |
| google.com.ng | not vulnerable |
| google.com.pe | not vulnerable |
| google.com.ph | not vulnerable |
| google.com.pk | not vulnerable |
| google.com.sa | not vulnerable |
| google.com.sg | not vulnerable |
| google.com.tr | not vulnerable |
| google.com.tw | not vulnerable |
| google.com.ua | not vulnerable |
| google.com.vn | not vulnerable |
| google.cz | not vulnerable |
| google.de | not vulnerable |
| google.dk | not vulnerable |
| google.dz | not vulnerable |
| google.es | not vulnerable |
| google.fi | not vulnerable |
| google.fr | not vulnerable |
| google.gr | not vulnerable |
| google.hr | not vulnerable |
| google.ie | not vulnerable |
| google.it | not vulnerable |
| google.kz | not vulnerable |
| google.lk | not vulnerable |
| google.nl | not vulnerable |
| google.no | not vulnerable |
| google.pl | not vulnerable |
| google.pt | not vulnerable |
| google.ro | not vulnerable |
| google.rs | not vulnerable |
| google.ru | not vulnerable |
| google.se | not vulnerable |
| google.sk | not vulnerable |
| grooveshark.com | not vulnerable |
| groupon.com | not vulnerable |
| gstatic.com | not vulnerable |
| gtmetrix.com | not vulnerable |
| gutefrage.net | not vulnerable |
| hardsextube.com | not vulnerable |
| hatena.ne.jp | not vulnerable |
| heise.de | not vulnerable |
| hespress.com | not vulnerable |
| histats.com | not vulnerable |
| hootsuite.com | not vulnerable |
| hostgator.com | not vulnerable |
| houzz.com | not vulnerable |
| hp.com | not vulnerable |
| hubpages.com | not vulnerable |
| hulu.com | not vulnerable |
| ilivid.com | not vulnerable |
| imageshack.us | not vulnerable |
| indeed.com | not vulnerable |
| informer.com | not vulnerable |
| infusionsoft.com | not vulnerable |
| instagram.com | not vulnerable |
| instructables.com | not vulnerable |
| interia.pl | not vulnerable |
| intuit.com | not vulnerable |
| issuu.com | not vulnerable |
| istockphoto.com | not vulnerable |
| ixxx.com | not vulnerable |
| jabong.com | not vulnerable |
| japanpost.jp | not vulnerable |
| java.com | not vulnerable |
| jeuxvideo.com | not vulnerable |
| jquery.com | not vulnerable |
| jvzoo.com | not vulnerable |
| kickstarter.com | not vulnerable |
| kinopoisk.ru | not vulnerable |
| kohls.com | not vulnerable |
| kwejk.pl | not vulnerable |
| lapatilla.com | not vulnerable |
| leadpages.net | not vulnerable |
| leagueoflegends.com | not vulnerable |
| lefigaro.fr | not vulnerable |
| lemonde.fr | not vulnerable |
| lenovo.com | not vulnerable |
| letitbit.net | not vulnerable |
| life.com.tw | not vulnerable |
| lifehacker.com | not vulnerable |
| likes.com | not vulnerable |
| list-manage.com | not vulnerable |
| liveinternet.ru | not vulnerable |
| livejournal.com | not vulnerable |
| lockerdome.com | not vulnerable |
| lowes.com | not vulnerable |
| m2newmedia.com | not vulnerable |
| macys.com | not vulnerable |
| magentocommerce.com | not vulnerable |
| mail.ru | not vulnerable |
| mailchimp.com | not vulnerable |
| majesticseo.com | not vulnerable |
| makemytrip.com | not vulnerable |
| manta.com | not vulnerable |
| mashable.com | not vulnerable |
| media-fire.org | not vulnerable |
| media.tumblr.com | not vulnerable |
| mediafire.com | not vulnerable |
| meetup.com | not vulnerable |
| mega.co.nz | not vulnerable |
| mgid.com | not vulnerable |
| motherless.com | not vulnerable |
| moz.com | not vulnerable |
| mozilla.org | not vulnerable |
| mpnrs.com | not vulnerable |
| myfitnesspal.com | not vulnerable |
| myntra.com | not vulnerable |
| mysearchdial.com | not vulnerable |
| mysql.com | not vulnerable |
| nairaland.com | not vulnerable |
| namecheap.com | not vulnerable |
| naukri.com | not vulnerable |
| nba.com | not vulnerable |
| nbcnews.com | not vulnerable |
| neobux.com | not vulnerable |
| news.com.au | not vulnerable |
| nfl.com | not vulnerable |
| nifty.com | not vulnerable |
| nike.com | not vulnerable |
| ning.com | not vulnerable |
| nouvelobs.com | not vulnerable |
| npr.org | not vulnerable |
| nypost.com | not vulnerable |
| odesk.com | not vulnerable |
| odnoklassniki.ru | not vulnerable |
| onclickads.net | not vulnerable |
| onet.pl | not vulnerable |
| openadserving.com | not vulnerable |
| oracle.com | not vulnerable |
| ouedkniss.com | not vulnerable |
| ovh.com | not vulnerable |
| pandora.com | not vulnerable |
| payoneer.com | not vulnerable |
| paypal.com | not vulnerable |
| php.net | not vulnerable |
| pingdom.com | not vulnerable |
| pinterest.com | not vulnerable |
| pixiv.net | not vulnerable |
| pixlr.com | not vulnerable |
| plugrush.com | not vulnerable |
| pof.com | not vulnerable |
| popcash.net | not vulnerable |
| pornhub.com | not vulnerable |
| pr-cy.ru | not vulnerable |
| prestashop.com | not vulnerable |
| priceline.com | not vulnerable |
| privatehomeclips.com | not vulnerable |
| prntscr.com | not vulnerable |
| probux.com | not vulnerable |
| quikr.com | not vulnerable |
| quora.com | not vulnerable |
| r10.net | not vulnerable |
| rambler.ru | not vulnerable |
| rapidgator.net | not vulnerable |
| reddit.com | not vulnerable |
| rediff.com | not vulnerable |
| reuters.com | not vulnerable |
| rightmove.co.uk | not vulnerable |
| rottentomatoes.com | not vulnerable |
| rt.com | not vulnerable |
| salesforce.com | not vulnerable |
| sape.ru | not vulnerable |
| sapo.pt | not vulnerable |
| savefrom.net | not vulnerable |
| scribd.com | not vulnerable |
| searchengineland.com | not vulnerable |
| searchengines.ru | not vulnerable |
| sears.com | not vulnerable |
| seekingalpha.com | not vulnerable |
| seesaa.net | not vulnerable |
| semrush.com | not vulnerable |
| sexlog.com | not vulnerable |
| sfgate.com | not vulnerable |
| shaadi.com | not vulnerable |
| sharelive.net | not vulnerable |
| shopclues.com | not vulnerable |
| shopify.com | not vulnerable |
| siteadvisor.com | not vulnerable |
| sitepoint.com | not vulnerable |
| slickdeals.net | not vulnerable |
| sohu.com | not vulnerable |
| soundcloud.com | not vulnerable |
| sourceforge.net | not vulnerable |
| southwest.com | not vulnerable |
| sporx.com | not vulnerable |
| spotify.com | not vulnerable |
| squarespace.com | not vulnerable |
| stagram.com | not vulnerable |
| statcounter.com | not vulnerable |
| steampowered.com | not vulnerable |
| stumbleupon.com | not vulnerable |
| sueddeutsche.de | not vulnerable |
| surveymonkey.com | not vulnerable |
| t.co | not vulnerable |
| tablica.pl | not vulnerable |
| taboola.com | not vulnerable |
| taleo.net | not vulnerable |
| taringa.net | not vulnerable |
| techcrunch.com | not vulnerable |
| ted.com | not vulnerable |
| teebik.com | not vulnerable |
| telegraph.co.uk | not vulnerable |
| telexfree.com | not vulnerable |
| templatemonster.com | not vulnerable |
| terra.com.br | not vulnerable |
| thepiratebay.se | not vulnerable |
| ticketmaster.com | not vulnerable |
| tickld.com | not vulnerable |
| time.com | not vulnerable |
| tinyurl.com | not vulnerable |
| tistory.com | not vulnerable |
| tmz.com | not vulnerable |
| torrentz.eu | not vulnerable |
| traidnt.net | not vulnerable |
| tripadvisor.com | not vulnerable |
| tumblr.com | not vulnerable |
| turbobit.net | not vulnerable |
| tutsplus.com | not vulnerable |
| twitter.com | not vulnerable |
| typepad.com | not vulnerable |
| united.com | not vulnerable |
| uploaded.net | not vulnerable |
| ups.com | not vulnerable |
| upworthy.com | not vulnerable |
| ustream.tv | not vulnerable |
| viadeo.com | not vulnerable |
| vice.com | not vulnerable |
| vk.com | not vulnerable |
| vk.me | not vulnerable |
| vube.com | not vulnerable |
| webhostingtalk.com | not vulnerable |
| weebly.com | not vulnerable |
| weheartit.com | not vulnerable |
| wellsfargo.com | not vulnerable |
| whitepages.com | not vulnerable |
| who.is | not vulnerable |
| wideinfo.org | not vulnerable |
| wikia.com | not vulnerable |
| wikimedia.org | not vulnerable |
| wikipedia.org | not vulnerable |
| wiktionary.org | not vulnerable |
| wiocha.pl | not vulnerable |
| wired.com | not vulnerable |
| wmmail.ru | not vulnerable |
| woorank.com | not vulnerable |
| woothemes.com | not vulnerable |
| wordpress.com | not vulnerable |
| wordpress.org | not vulnerable |
| wsj.com | not vulnerable |
| xe.com | not vulnerable |
| xhamster.com | not vulnerable |
| xiaomi.com | not vulnerable |
| xing.com | not vulnerable |
| xtube.com | not vulnerable |
| xuite.net | not vulnerable |
| yandex.com.tr | not vulnerable |
| yandex.kz | not vulnerable |
| yandex.ru | not vulnerable |
| yandex.ua | not vulnerable |
| yellowpages.com | not vulnerable |
| yelp.com | not vulnerable |
| youdao.com | not vulnerable |
| youm7.com | not vulnerable |
| youporn.com | not vulnerable |
| youtube.com | not vulnerable |
| z5x.net | not vulnerable |
| zanox.com | not vulnerable |
| zedo.com | not vulnerable |
| zendesk.com | not vulnerable |
| zillow.com | not vulnerable |
| zing.vn | not vulnerable |
| zippyshare.com | not vulnerable |
| zulily.com | not vulnerable |
Jump to: vulnerable | not vulnerable | no SSL | resources
Websites Without SSL
According to Musalbas’ test, these websites do not use SSL. As one commenter pointed out below, it’s extremely unlikely that these websites have no form of SSL at all. In testing them, it appears that if sites use third-party services like VeriSign, as Walmart and Verizon do, the HTTPS data is processed at VeriSign’s hostname, not Walmart or Verizon’s.
In addition, some of these sites like Apple host route their secure traffic through subdomains. In Apple’s case, that’s https://secure1.store.apple.com. In Apple’s case and a few others, Filippo’s tool returns an error trying to test the SSL cert. The most common error I found was broken pipe. As Filippo puts it, “It might mean that the server is safe, we just can’t be 100% sure!”
Update: this post was first published without any explanation of “websites without SSL.” My apologies if this was misleading to any readers. My thanks to an anonymous commenter for highlighting that point of confusion.
Notable
- accuweather.com
- amazonaws.com
- ancestry.com
- aol.com
- apple.com
- baidu.com
- bing.com
- buzzfeed.com
- cbs.com
- cbsnews.com
- cbssports.com
- cnet.com
- cnn.com
- comcast.com
- comcast.net
- drudgereport.com
- ebay.com
- foxsports.com
- github.io
- godaddy.com
- huffingtonpost.com
- icloud.com
- imdb.com
- kayak.com
- linkedin.com
- match.com
- netflix.com
- nytimes.com
- outlook.com
- skype.com
- walmart.com
- washingtonpost.com
- weather.com
- webmd.com
- zappos.com
Full List
| 0427d7.se | no SSL |
| 104.com.tw | no SSL |
| 163.com | no SSL |
| 17ok.com | no SSL |
| 2345.com | no SSL |
| 24h.com.vn | no SSL |
| 2ch.net | no SSL |
| 360.cn | no SSL |
| 39.net | no SSL |
| 4399.com | no SSL |
| 51fanli.com | no SSL |
| 55bbs.com | no SSL |
| 58.com | no SSL |
| 6.cn | no SSL |
| 6park.com | no SSL |
| 9gag.tv | no SSL |
| abc.es | no SSL |
| about.com | no SSL |
| abril.com.br | no SSL |
| accuweather.com | no SSL |
| addmefast.com | no SSL |
| adnxs.com | no SSL |
| adscale.de | no SSL |
| adultfriendfinder.com | no SSL |
| aili.com | no SSL |
| airtel.in | no SSL |
| aizhan.com | no SSL |
| akamaihd.net | no SSL |
| alarabiya.net | no SSL |
| alibaba.com | no SSL |
| aliexpress.com | no SSL |
| alipay.com | no SSL |
| all-free-download.com | no SSL |
| allegro.pl | no SSL |
| allocine.fr | no SSL |
| allrecipes.com | no SSL |
| almanar.com.lb | no SSL |
| altervista.org | no SSL |
| amazonaws.com | no SSL |
| ameblo.jp | no SSL |
| ancestry.com | no SSL |
| anyoption.com | no SSL |
| aol.com | no SSL |
| aparat.com | no SSL |
| apple.com | no SSL |
| appledaily.com.tw | no SSL |
| as.com | no SSL |
| ashleyrnadison.com | no SSL |
| ask.com | no SSL |
| ask.fm | no SSL |
| asos.com | no SSL |
| autohome.com.cn | no SSL |
| avg.com | no SSL |
| awesomehp.com | no SSL |
| azlyrics.com | no SSL |
| b5m.com | no SSL |
| babycenter.com | no SSL |
| babylon.com | no SSL |
| babytree.com | no SSL |
| backpage.com | no SSL |
| baidu.com | no SSL |
| bankmellat.ir | no SSL |
| baomihua.com | no SSL |
| behance.net | no SSL |
| bestblackhatforum.com | no SSL |
| bestusefuldownloads.com | no SSL |
| bet365.com | no SSL |
| beytoote.com | no SSL |
| biglobe.ne.jp | no SSL |
| bild.de | no SSL |
| bing.com | no SSL |
| bitauto.com | no SSL |
| blackhatworld.com | no SSL |
| blogfa.com | no SSL |
| bongacams.com | no SSL |
| bp.blogspot.com | no SSL |
| brainyquote.com | no SSL |
| businessweek.com | no SSL |
| buzzfeed.com | no SSL |
| ca.gov | no SSL |
| caijing.com.cn | no SSL |
| cam4.com | no SSL |
| canadaalltax.com | no SSL |
| cbc.ca | no SSL |
| cbs.com | no SSL |
| cbsnews.com | no SSL |
| cbssports.com | no SSL |
| ccb.com | no SSL |
| ce.cn | no SSL |
| chexun.com | no SSL |
| china.com | no SSL |
| china.com.cn | no SSL |
| chinabyte.com | no SSL |
| chinanews.com | no SSL |
| chinatimes.com | no SSL |
| chinaz.com | no SSL |
| chip.de | no SSL |
| ci123.com | no SSL |
| citibank.com | no SSL |
| citrixonline.com | no SSL |
| cj.com | no SSL |
| ck101.com | no SSL |
| clicksvenue.com | no SSL |
| cloob.com | no SSL |
| cloudfront.net | no SSL |
| cnet.com | no SSL |
| cnn.com | no SSL |
| cntv.cn | no SSL |
| cnzz.com | no SSL |
| coccoc.com | no SSL |
| codecanyon.net | no SSL |
| comcast.com | no SSL |
| comcast.net | no SSL |
| commentcamarche.net | no SSL |
| corriere.it | no SSL |
| coupons.com | no SSL |
| cpmterra.com | no SSL |
| cy-pr.com | no SSL |
| dailymail.co.uk | no SSL |
| dantri.com.vn | no SSL |
| daum.net | no SSL |
| dealshark.com | no SSL |
| dell.com | no SSL |
| delta-homes.com | no SSL |
| delta-search.com | no SSL |
| digikala.com | no SSL |
| directrev.com | no SSL |
| dmm.co.jp | no SSL |
| dmm.com | no SSL |
| dmoz.org | no SSL |
| doorblog.jp | no SSL |
| douban.com | no SSL |
| drtuber.com | no SSL |
| drudgereport.com | no SSL |
| dubizzle.com | no SSL |
| eastday.com | no SSL |
| eastmoney.com | no SSL |
| eazel.com | no SSL |
| ebay.co.uk | no SSL |
| ebay.com | no SSL |
| ebay.com.au | no SSL |
| ebay.de | no SSL |
| ebay.fr | no SSL |
| ebay.in | no SSL |
| ebay.it | no SSL |
| echo.msk.ru | no SSL |
| ehow.com | no SSL |
| elmundo.es | no SSL |
| elpais.com | no SSL |
| eluniversal.com.mx | no SSL |
| enet.com.cn | no SSL |
| engadget.com | no SSL |
| eonline.com | no SSL |
| ero-advertising.com | no SSL |
| espncricinfo.com | no SSL |
| espnfc.com | no SSL |
| etao.com | no SSL |
| exoclick.com | no SSL |
| expedia.com | no SSL |
| eyny.com | no SSL |
| facenama.com | no SSL |
| farsnews.com | no SSL |
| fastdailyfind.com | no SSL |
| fatakat.com | no SSL |
| filehippo.com | no SSL |
| firstpost.com | no SSL |
| fishcod.com | no SSL |
| flipora.com | no SSL |
| foodnetwork.com | no SSL |
| forbes.com | no SSL |
| force.com | no SSL |
| forexfactory.com | no SSL |
| forobeta.com | no SSL |
| foxsports.com | no SSL |
| gamefaqs.com | no SSL |
| gamer.com.tw | no SSL |
| gap.com | no SSL |
| gateable.com | no SSL |
| gazeta.pl | no SSL |
| gazeta.ru | no SSL |
| gc.ca | no SSL |
| getbootstrap.com | no SSL |
| gismeteo.ru | no SSL |
| github.io | no SSL |
| globo.com | no SSL |
| gmw.cn | no SSL |
| gmx.net | no SSL |
| go.com | no SSL |
| goal.com | no SSL |
| godaddy.com | no SSL |
| goo.ne.jp | no SSL |
| goodgamestudios.com | no SSL |
| google.cn | no SSL |
| googleusercontent.com | no SSL |
| gotomeeting.com | no SSL |
| graphicriver.net | no SSL |
| gsmarena.com | no SSL |
| gulfup.com | no SSL |
| gumtree.com | no SSL |
| haber7.com | no SSL |
| haberler.com | no SSL |
| haberturk.com | no SSL |
| habrahabr.ru | no SSL |
| hao123.com | no SSL |
| hdfcbank.com | no SSL |
| hindustantimes.com | no SSL |
| hm.com | no SSL |
| homedepot.com | no SSL |
| homeway.com.cn | no SSL |
| hongkiat.com | no SSL |
| hotels.com | no SSL |
| howstuffworks.com | no SSL |
| hstpnetwork.com | no SSL |
| huanqiu.com | no SSL |
| hubspot.com | no SSL |
| hudong.com | no SSL |
| huffingtonpost.com | no SSL |
| hupu.com | no SSL |
| hurriyet.com.tr | no SSL |
| hypergames.net | no SSL |
| ibm.com | no SSL |
| icicibank.co.in | no SSL |
| icicibank.com | no SSL |
| icloud.com | no SSL |
| idnes.cz | no SSL |
| ifeng.com | no SSL |
| ig.com.br | no SSL |
| ign.com | no SSL |
| ikea.com | no SSL |
| ileehoo.com | no SSL |
| imagebam.com | no SSL |
| imdb.com | no SSL |
| iminent.com | no SSL |
| immobilienscout24.de | no SSL |
| in.com | no SSL |
| independent.co.uk | no SSL |
| india.com | no SSL |
| indiamart.com | no SSL |
| indianrail.gov.in | no SSL |
| indiatimes.com | no SSL |
| infobae.com | no SSL |
| internethaber.com | no SSL |
| intoday.in | no SSL |
| iqiyi.com | no SSL |
| irctc.co.in | no SSL |
| irs.gov | no SSL |
| it168.com | no SSL |
| jd.com | no SSL |
| jimdo.com | no SSL |
| jobrapido.com | no SSL |
| joomla.org | no SSL |
| jqw.com | no SSL |
| jrj.com.cn | no SSL |
| justdial.com | no SSL |
| kakaku.com | no SSL |
| kayak.com | no SSL |
| keepvid.com | no SSL |
| keezmovies.com | no SSL |
| kijiji.ca | no SSL |
| kioskea.net | no SSL |
| klikbca.com | no SSL |
| kompas.com | no SSL |
| kooora.com | no SSL |
| ku6.com | no SSL |
| lady8844.com | no SSL |
| lanacion.com.ar | no SSL |
| latimes.com | no SSL |
| leboncoin.fr | no SSL |
| lenta.ru | no SSL |
| lequipe.fr | no SSL |
| libero.it | no SSL |
| linkbucks.com | no SSL |
| linkedin.com | no SSL |
| linksynergy.com | no SSL |
| linkwithin.com | no SSL |
| linternaute.com | no SSL |
| live.com | no SSL |
| livedoor.com | no SSL |
| livejasmin.com | no SSL |
| liveleak.com | no SSL |
| livescore.com | no SSL |
| loading-delivery1.com | no SSL |
| mackolik.com | no SSL |
| mama.cn | no SSL |
| mapquest.com | no SSL |
| marca.com | no SSL |
| marketwatch.com | no SSL |
| match.com | no SSL |
| mbc.net | no SSL |
| mediaset.it | no SSL |
| mercadolibre.com.ar | no SSL |
| mercadolibre.com.mx | no SSL |
| mercadolibre.com.ve | no SSL |
| mercadolivre.com.br | no SSL |
| merdeka.com | no SSL |
| microsoft.com | no SSL |
| microsoftonline.com | no SSL |
| mihanblog.com | no SSL |
| milanuncios.com | no SSL |
| milliyet.com.tr | no SSL |
| mirror.co.uk | no SSL |
| mlb.com | no SSL |
| mmbang.com | no SSL |
| mobile.de | no SSL |
| mobile01.com | no SSL |
| moneycontrol.com | no SSL |
| monster.com | no SSL |
| movie4k.to | no SSL |
| mp3skull.com | no SSL |
| msn.com | no SSL |
| myfreecams.com | no SSL |
| mynet.com | no SSL |
| mysearchresults.com | no SSL |
| myspace.com | no SSL |
| mywebsearch.com | no SSL |
| narod.ru | no SSL |
| naver.com | no SSL |
| naver.jp | no SSL |
| ndtv.com | no SSL |
| netflix.com | no SSL |
| newegg.com | no SSL |
| nhl.com | no SSL |
| nicovideo.jp | no SSL |
| nih.gov | no SSL |
| nikkei.com | no SSL |
| nokia.com | no SSL |
| nordstrom.com | no SSL |
| novinky.cz | no SSL |
| nownews.com | no SSL |
| nuvid.com | no SSL |
| nydailynews.com | no SSL |
| nytimes.com | no SSL |
| olx.in | no SSL |
| oneindia.in | no SSL |
| online.sh.cn | no SSL |
| onlinesbi.com | no SSL |
| opensiteexplorer.org | no SSL |
| optmd.com | no SSL |
| orange.fr | no SSL |
| orf.at | no SSL |
| outlook.com | no SSL |
| over-blog.com | no SSL |
| overstock.com | no SSL |
| ovh.net | no SSL |
| p5w.net | no SSL |
| pantip.com | no SSL |
| pcbaby.com.cn | no SSL |
| pcgames.com.cn | no SSL |
| pchome.net | no SSL |
| pcmag.com | no SSL |
| pconline.com.cn | no SSL |
| pcpop.com | no SSL |
| people.com | no SSL |
| people.com.cn | no SSL |
| persianblog.ir | no SSL |
| peyvandha.ir | no SSL |
| photobucket.com | no SSL |
| pinimg.com | no SSL |
| pixnet.net | no SSL |
| porn.com | no SSL |
| postimg.org | no SSL |
| pravda.com.ua | no SSL |
| premierleague.com | no SSL |
| primewire.ag | no SSL |
| qinbei.com | no SSL |
| qq.com | no SSL |
| qtrax.com | no SSL |
| qvo6.com | no SSL |
| rakuten.co.jp | no SSL |
| rakuten.com | no SSL |
| rbc.ru | no SSL |
| realtor.com | no SSL |
| rednet.cn | no SSL |
| reference.com | no SSL |
| renren.com | no SSL |
| repubblica.it | no SSL |
| retailmenot.com | no SSL |
| reverso.net | no SSL |
| ria.ru | no SSL |
| rutor.org | no SSL |
| rutracker.org | no SSL |
| sahadan.com | no SSL |
| sahibinden.com | no SSL |
| sakura.ne.jp | no SSL |
| samsung.com | no SSL |
| sberbank.ru | no SSL |
| screencast.com | no SSL |
| searchenginewatch.com | no SSL |
| searchfun.in | no SSL |
| secureserver.net | no SSL |
| sex.com | no SSL |
| shareasale.com | no SSL |
| shutterstock.com | no SSL |
| sina.com.cn | no SSL |
| sky.com | no SSL |
| skype.com | no SSL |
| skysports.com | no SSL |
| slideshare.net | no SSL |
| smh.com.au | no SSL |
| snapdeal.com | no SSL |
| snapdo.com | no SSL |
| so.com | no SSL |
| sofanti.com | no SSL |
| softonic.com | no SSL |
| softpedia.com | no SSL |
| soku.com | no SSL |
| soso.com | no SSL |
| souq.com | no SSL |
| sozcu.com.tr | no SSL |
| spankwire.com | no SSL |
| speedtest.net | no SSL |
| spiegel.de | no SSL |
| staples.com | no SSL |
| statigr.am | no SSL |
| stockstar.com | no SSL |
| streamcloud.eu | no SSL |
| subito.it | no SSL |
| subscene.com | no SSL |
| sulekha.com | no SSL |
| swagbucks.com | no SSL |
| systweak.com | no SSL |
| t-online.de | no SSL |
| tabelog.com | no SSL |
| tabnak.ir | no SSL |
| tagged.com | no SSL |
| taobao.com | no SSL |
| target.com | no SSL |
| theblaze.com | no SSL |
| thefreecamsecret.com | no SSL |
| thefreedictionary.com | no SSL |
| theguardian.com | no SSL |
| thehindu.com | no SSL |
| themeforest.net | no SSL |
| theverge.com | no SSL |
| tianya.cn | no SSL |
| timeanddate.com | no SSL |
| tinypic.com | no SSL |
| tmall.com | no SSL |
| tokobagus.com | no SSL |
| tomshardware.com | no SSL |
| tradedoubler.com | no SSL |
| tribunnews.com | no SSL |
| trovigo.com | no SSL |
| trulia.com | no SSL |
| tube8.com | no SSL |
| tudou.com | no SSL |
| tukif.com | no SSL |
| twimg.com | no SSL |
| twitch.tv | no SSL |
| twoo.com | no SSL |
| ucoz.ru | no SSL |
| udn.com | no SSL |
| uimserv.net | no SSL |
| uol.com.br | no SSL |
| urbandictionary.com | no SSL |
| usatoday.com | no SSL |
| usps.com | no SSL |
| v1.cn | no SSL |
| varzesh3.com | no SSL |
| vcommission.com | no SSL |
| verizon.com | no SSL |
| verizonwireless.com | no SSL |
| vesti.ru | no SSL |
| video-one.com | no SSL |
| vimeo.com | no SSL |
| viralnova.com | no SSL |
| virgilio.it | no SSL |
| vnexpress.net | no SSL |
| w3.org | no SSL |
| w3schools.com | no SSL |
| walmart.com | no SSL |
| warriorforum.com | no SSL |
| washingtonpost.com | no SSL |
| watchseries.lt | no SSL |
| weather.com | no SSL |
| webmd.com | no SSL |
| webmoney.ru | no SSL |
| webs.com | no SSL |
| website-unavailable.com | no SSL |
| weibo.com | no SSL |
| welt.de | no SSL |
| wikihow.com | no SSL |
| wix.com | no SSL |
| wmtransfer.com | no SSL |
| wordreference.com | no SSL |
| worldstarhiphop.com | no SSL |
| wow.com | no SSL |
| wp.pl | no SSL |
| wunderground.com | no SSL |
| xcar.com.cn | no SSL |
| xgo.com.cn | no SSL |
| xinhuanet.com | no SSL |
| xnxx.com | no SSL |
| xunlei.com | no SSL |
| xvideos.com | no SSL |
| xywy.com | no SSL |
| y8.com | no SSL |
| ya.ru | no SSL |
| yac.mx | no SSL |
| yahoo.co.jp | no SSL |
| yaolan.com | no SSL |
| yesky.com | no SSL |
| yoka.com | no SSL |
| youboy.com | no SSL |
| youjizz.com | no SSL |
| youku.com | no SSL |
| youth.cn | no SSL |
| youtube-mp3.org | no SSL |
| youyuan.com | no SSL |
| zappos.com | no SSL |
| zimbio.com | no SSL |
| zol.com.cn | no SSL |
Jump to: vulnerable | not vulnerable | no SSL | resources
Resources
- Heartbleed.com — a dedicated resource specifically for information on this bug. This website is a hub of answers and other resources. Start here.
- LastPass Tool — a tool to check if your website or any other are vulnerable to this bug
- CloudFlare Blog Post — announcement from one of the largest SSL termination points online with active connections the security industry.
- New York Times — article on Heartbleed bug and general password security
- Reddit — active discussion about Heartbleed by an internet security community (see r/netsec for general discussion)
eh… sorry to question the veracity of this, but walmart.com and verizonwireless.com have no SSL? You do know they sell products, so either some of the largest commercial sites in the world transmit credit cards in clear text, or this test isn’t all that valid. They might obviously direct secure communications to some other domain (e.g. walma.rt or vzwireless.com or something like that), but the list still seems awfully misleading at the least.
Hi Nope. I’m sorry you felt you had to use a false name. To address your comment:
(1) I didn’t compile this list, as noted. But I did spot-check using the liked tool and another tool by a different author.
(2) You’ve got it right I think when you say they pass secure communication to another domain. In both cases, they use VeriSign which, according to Symantec, processes secure data at their domain.
So I see your point. I hope the simple “no SSL” label isn’t misleading. Maybe it’s oversimplified and should say “external SSL” or something similar. A good point and I’ll look into updating the list to be more accurate.
Thanks for your comment.
Thanks for that comprehensive list. This bug (or was it intentional? And will we ever know …) has kept me on my toes the last days. Found seven sites in your list I have dealings with that were all not vulnerable, thank God. Other than that I think this was a timely wake-up call for everyone to keep renewing passwords every so often as a matter of course …
Pingback: Heartbleed - Betroffene Systeme - sichere Passwörter | Ralf Seybold über Internet Marketing
I don’t get it. Does no SSL mean “SAFE” or “NOT SAFE”?
Hi Riley, thanks for your comment. Technically, no SSL would mean safe in this case. The Heartbleed bug only effected the SSL connections used to secure information. If a site does not use SSL, it was not susceptible to the bug. However, as noted above, this “no SSL” list could be misunderstood if you’re not careful. Websites like Walmart.com definitely use SSL, they just process those transactions on slightly different domains. So when reading the No SSL section, please take that list with a grain of salt. It’s safest to test each site you visit individually. Several browser plugins have also been developed to automatically notify you if any site you visit is still susceptible: Chromebleed and Foxbleed, for Google Chrome and Firefox respectively.
This list is very misleading!!! The “not vulnerable” list should be “not vulnerable NOW.” Many of these sites were vulnerable. Change your passwords on the not vulnerable sites and wait for the vulnerable sites to patch their SSL.