I tried to improve security with HTTP response header.
We can test how well we are doing with Observatory.
I made my WordPress return response header like following.
strict-transport-security:max-age=31536000; includeSubDomains; preload x-content-type-options:nosniff x-frame-options:DENY x-xss-protection:1; mode=block
I developed a WordPress plugin to output those headers.
The test score of this site becomes “B” for now.