Before changing your password keep this in mind.
If a site may have been affected it is not safe until it updates the SSL certificate after it has patched and restarted all of its affected machines.
Think of the SSL certificate as a padlock (which is why most browsers show a padlock icon).
The actual vulnerability that the tools are checking for allow attackers to make a copy of the key to the lock. If a site was vulnerable, simply patching the deployed version of OpenSSL fixes the bug, and prevents attackers from making any new copies of the key.
But people may still have copies of the key. The next step is to change the lock. If a site does not have a new SSL certificate then don’t use them until they do.