Well, web security is tricky. However, Mozilla can go to the rescue! They have the observatory ( https://observatory.mozilla.org/) It can scan a webpage for you and give it a bit of a rating. Its just a static check, on headers, etc. But it shows how far you've narrowed down your attack surface. Of course, it doesn't say anything against actual attacks (get ZAP for that)
This is a simple blog to help me remember those cool code snippets which I used. Either by copy, or by cobbling... I do not intend this to be read by people except for me and my bad mind.