Tools to scan and secure your website

SSL server test: https://www.ssllabs.com/ssltest/

Mozilla Observatory: https://observatory.mozilla.org/analyze/

Firefox plugin to generate content-security-policy (simply browse your website for it to work): https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/

Sample nginx configuration for good security https://gist.github.com/plentz/6737338