Compare the https everywhere version of the site, secure!

See: https://www.eff.org/https-everywhere/atlas/domains/skinflint.co.uk.html
Compare htxp://skinflint.co.uk/ to htxps://skinflint.co.uk/
or http://toolbar.netcraft.com/site_report?url=http://skinflint.co.uk to
http://toolbar.netcraft.com/site_report?url=https://skinflint.co.uk
Good News! This site is safe from the Logjam attack. It supports ECDHE, and does not use DHE.
Scan results
SKINFLINT.CO.UK:443 (85.124.84.234) - NOT VULNERABLE to Poodle
I use KB SSL enforcer inside Google Chrome,this extension enforces encryption for websites that support it as much as currently possible in Chrome.
Linux GH probably patched against https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability
DOM XSS 1 source found == document.location.protocol
No “break out” of document.title=AttackerString where AttackerString is a javascript variable with data (the string value) controlled by you.

Again, you can’t exploit escape(AttackerString) but you can exploit something like <? echo 'escape("' .$_GET['AttackerString']. '");' ?> by simply bypass the javascript function: &AttackerString=“); alert(“xss in the case the html output would be: escape(””); alert(“xss”); * (info credits stackexchange’s Nicolai)

http://www.domxssscanner.com/scan?url=https%3A%2F%2Fskinflint.co.uk%2F

polonus (volunteer website security analyst and website error-hunter)