1. Check header / cookies
https://securityheaders.com/
2. Check CSP policies and recommendations
https://csp-evaluator.withgoogle.com/
3. Server SSL test
https://www.ssllabs.com/ssltest/
4. Check vulnerable Javascript libraries
https://geekflare.com/tools/js-vulnerability-scanner https://github.com/lirantal/is-website-vulnerable