Your site can be locked-down to some degree by implementing some HTTP headers on your website, providing directives to your site visitor’s web browser.
These directives can help prevent XSS Vulnerabilities.
We won’t go into detail here about implementing each feature, but here is a list of resources you can use to check over your website.
For a rather comprehensive analysis, use the Mozilla Observatory to analyze your site.
Be sure to check their Third-Party Scans list.
Look into implementing HSTS Preloading and register.
Some other sites to check the status of your security-related HTTP Headers, perhaps providing additional information to consider.