Website is used to scan for retirable jQuery code libraries, but as we see here it itself has two Stylesheets issues:
https://sritest.io/#report/3f0c7e4f-a980-47f1-a1b0-d9686f6e6795
and so accordingly a C-Status.
But this bad in this case: HTTP Strict Transport Security (HSTS) header cannot be set for sites not available over https
as this is the best security against a MiM attack as HSTS is TOFU (Trust On First Use).
Not all is well however: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fretire.insecurity.today%2F%23
like: Results from scanning URL: http://retire.insecurity.today/vendor/jquery-3.2.1.min.js
Number of sources found: 35
Number of sinks found: 15
So this online security scanner does not reach further than a D+ Status here: https://observatory.mozilla.org/analyze.html?host=retire.insecurity.today
Just wanted to let you all know, only trust what you have tested to be trustworthy yourself. TOFU the way to go.
polonus (volunteer website security analyst and website error hunter)