Security score is F but I have ssl

I have SSL installed for my website but the security score is F what’s wrong with it?

My website :

How to improve it?

If you click on the grade, you get taken to a results page from Snyk explaining the issues.

It looks like they’re flagging you for some missing security headers, as well as a few vulnerable JS libraries.

Personally, I don’t find WPT’s Security Score at all useful.

Snyk is constantly complaining about vulnerable jQuery on WP sites even though that old version was patched ages ago in WP’s distribution. Anyway, you should upgrade to jQuery 3.5 if you can, and Bootstrap 1.11.2.

Also you do have problems with your cert:

And… yes you probably should consider implementing at least HSTS and ideally CSP too.

HSTS doesn’t work over redirects. Many web admins set up a redirect in .htaccess for https (and often canonical together, in the same redirect), which is generally faster than leaving the SSL/https to be handled by the server certificate configuration.

In such cases HSTS is pointless (especially if also the http-only flag header is sent), and doesn’t work anyway. There is too much of hype around it, for a really minor issue, and it shouldn’t even be part of security checks/scores.