Tools to scan and secure your website
SSL server test: https://www.ssllabs.com/ssltest/
Mozilla Observatory: https://observatory.mozilla.org/analyze/
Firefox plugin to generate content-security-policy (simply browse your website for it to work): https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/
Sample nginx configuration for good security https://gist.github.com/plentz/6737338