Observatory by Mozilla is a security checkup tool for websites and web apps that both assesses your website in terms of HTTP security measures and best practices and also suggests approaches and techniques for further improving security.
Observatory’s goal is to provide developers with insights as to their applications’ security standards as well as to educate developers about HTTP security options such as the Content Security Policy or HTTP Strict Transport Security headers and the respective standards and policies they implement.
Observatory is a highly useful tool that allows you to find out about the low-hanging fruit in terms of website security. Most of the techniques and best practices recommended by Observatory can be implemented by applying a simple HTTP response header. Doing so in many cases will result in a vastly improved security profile.