See: http://app.webinspector.com/public/reports/show_website?site=https%3A%2F%2Fkerzenkiste.de
I get an
Error Occured! For htxps://kerzenkiste.de

Error Reason:Moved Temporarily
Redirected-to : htxp://www.kerzenkiste.de/xt_commerce2/
See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.kerzenkiste.de%2Fxt_commerce2%2F&useragent=Fetch+useragent&accept_encoding=

WAVE report: http://wave.webaim.org/report#/https%3A%2F%2Fkerzenkiste.de

Vulnerable to HeartBleed for particular browsers.
Site: kerzenkiste dot de
Server software: Apache
Was vulnerable: Possibly (known use OpenSSL, but might be using a safe version)
SSL Certificate: Possibly Unsafe (created 9 months ago at Jul 22 00:00:00 2013 GMT) Additional checks SSL certificate yielded current certificate first seen (4 months ago) – has not been reissued.
Assessment: It’s not clear if it was vulnerable so wait for the company to say something publicly, if you used the same password on any other sites, update it now.

XTCSID is being “drawn” into that URL.

pol