DoH how safe is it on a CloudFlare website?

[polonus]

Checked a random: https://urlscan.io/result/2469a9a7-049e-4128-b2d9-6d3a47467c0b/
Advise through linting: https://webhint.io/scanner/ba1b1456-729b-4dec-96d2-a6a7f7eeb25a (115 recommendations).
See scan on the server it is on: https://toolbar.netcraft.com/site_report?url=server368.snel.com
See: https://webcookies.org/cookies/www.snel.com/4194442
See: https://www.shodan.io/host/68.70.205.3
49 linting recommendations: https://webhint.io/scanner/b81c389d-a250-4e8b-b4d5-3c9d452f8abd

Main header security flaws to mention here are:- no header set for acess-control-allow-origin; cache-control;
x-xss-protection; content-security-policy. No page meta security headers being set.
-cfuid no secure attribute set, no host only attrribute set.

Will the CloudFlare DoH & Google DoH brings us better security or is this another partial solution,
that will further benefit the interests of CloudFlare's and Google's?

polonus (volunteer 3rd part cold recon website security analyst and website error-hunter)

[polonus]

Secure but a gigantic amount of improvement recommendations to follow.

Where, see: https://urlscan.io/result/00baa7d6-917a-4e96-9a06-9fcbe2b60926/
Also: https://webcookies.org/cookies/www.voordeelvanger.nl/28572590?548825
Re: https://webhint.io/scanner/7070f20d-15db-43cc-8ede-d57e4cb6c59f
Re: https://sitecheck.sucuri.net/results/www.voordeelvanger.nl
Re: https://www.shodan.io/host/159.69.141.105
Also 2 vulnerable jQuery libraries: https://retire.insecurity.today/#!/scan/c1a128785acdee19a41c9f267eb9b4b2d7d9fe6aee0c4f245aeef4bd0be0a1a1
Site opens up to:  https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.1.1/socket.io.js
uMatrix blocks this for me: -https://bat.bing.com/bat.js

pol