See where the CMS version is given as oudated: https://www.magereport.com/scan/?s=https://www.grenson.com/
Where it is being hosted and this is not flagged: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.grenson.com%2Fus%2F ssl/hxtp nginx /sendfriend/ /onestepcheckout spdy/3.1 &
|_ http/1.1 E-commerce site still vulnerable to Visbot malware?
F-grade status security and recommendations: https://observatory.mozilla.org/analyze.html?host=www.grenson.com
See: https://aw-snap.info/file-viewer/?protocol=secure&tgt=www.grenson.com&ref_sel=GSP2&ua_sel=ff&fs=1
DOM-XSS vuln. relations for: Results from scanning URL: -https://ushik.ahrq.gov/exitDisclaimer.jsp?system=hitsp&url=http://bbs.saforever.com/home.php?mod=space&uid=243109&do=profile/
Number of sources found: 7
Number of sinks found: 287
and
Results from scanning URL: -https://static-eu.payments-amazon.com/OffAmazonPayments/uk/lpa/js/Widgets.js
Number of sources found: 83
Number of sinks found: 40
Also consider these scan results: https://urlscan.io/result/b08f3364-498b-4cce-85f8-5fbec1501313#summary
17 instances adblocked! Various issues here and server vuln. to lucky13: https://privacyscore.org/site/86503/
polonus (volunteer website security analyst and website error-hunter)