I have some simple self-hosted services running on a small Linode VPS (mostly as a useful hobby). If you are in a similar boat (one-person hobby sysadmin), I’d like to share some useful web tools I have discovered during my dabbling with my web server setup.
It is a good idea to serve your web-site over HTTPS as soon as you have any kind of authorization/server-side logic (and even if it’s a completely static site, it’s still a good practice to provide users with confidence in the page integrity: plain unencrypted HTTP can be messed up by any intermediate host/proxy/cache). Nowadays, HTTPS is very simple to set up using Let’s Encrypt: it’s a one-off setup procedure with automated renewal of certificates later and no beaurocracy whatsoever (compared to free, but manual and rather beaurocratic procedure of getting StartSSL certificates which I used before).
On the other hand, TLS (the base of HTTPS security) is a complicated protocol with a lot of subtleties to get right: e.g. the server should send the full chain of authority certificates (ideally excluding the root certficate authority which is installed in the OS/browser anyway, to optimize performance), the server should use reliable, modern ciphers and key exchange methods without known vulnerabilites. There are also higher-level attacks like downgrading TLS version by a middleman.
SSLLabs HTTPS test provides a good starting point for learning about these intricacies and vulnerabilities and gives helpful advice for improving the HTTPS setup.
Mozilla HTTP Observatory is a very helpful tool to check how well your HTTP server setup is equipped against common security hazards: does it send security-relevant HTTP headers, does it have HTTPS redirections from HTTP, etc.
If you have RSS feeds, it’s a good idea to verify it for compliance to standards: https://validator.w3.org/feed/.
If you want your site to have modern look and good performance, particularly on mobile (which are essential for e.g. good ranking in search results), Google has a helpful tool: PageSpeed Insights.
PageSpeed Insights provides advice about page/assets size (minification of HTML/CSS/JS/images), server response time, page rendering delays, caching and compression setup of the web server and other useful things.