It is on the web server side (not your local PC). Sites you use could be compromised (around 500 million sites?). See: http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html
Make that “half a million” not 500 million...sorry.