First off, I am a complete NOOB, And I have only been up a couple months.
I have been working on tightening up security as I figure it out...
I have been using Zap along with Securi Site's online scanner to check my progress.
Just scanning my site (Excluding my PhPBB directory) I only had an alert about X-XSS protection not being enabled and showing Robots.txt, and Sitemap.xml.
Since upgrading earlier from 3.23 to PhPbb 3.24 earlier today I am now getting X-XSS not enabled alerts on 15 more files that are all related to PhPBB,
and are not even in my Public_Html folder even though Zap lists them as being so..
I don't quite understand what happened with the new security changes, BUT this seems like a step back