[janfry]

For some security specific checks, take a look at:

1. Mozilla Observatory https://observatory.mozilla.org

2. SSLLabs https://www.ssllabs.com/ssltest/

3. Security Headers https://securityheaders.io/

For a comprehensive appsec checklist see OWASP ASVS https://www.owasp.org/index.php/Category:OWASP_Application_S...

[egeozcan]

+ HSTS Preload: https://hstspreload.org

Which makes it practically impossible for your site to be MITMd for the users of many major browsers.