If after you have checked your website you see this:
The X-XSS-Protection header is not defined.
Go to httpd.conf and add to the bottom
LoadModule headers_module modules/mod_headers.so
Header set X-XSS-Protection "1; mode=block"
Code language: JavaScript (javascript)
Be shure that Mod_headers is enabled
Restart apache