This extension provides some additional passive Scanner checks:

• DOM-based XSS (regular expressions are based on those from https://code.google.com/p/domxsswiki/wiki/FindingDOMXSS)
• Missing HTTP headers:
  • Strict-Transport-Security
  • X-Content-Type-Options: nosniff
  • X-XSS-Protection
• Multiple occurrences of the checked headers
• Redirection from HTTP to HTTPS

All checks can be enabled separately in an extension tab and a default config can be stored.