HTTP Headers Analysis for https://auth.rvhsolutions.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Cache-Control

Caching

no-cache, private

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

nginx

CORS Headers

1 headers

Access-Control-Allow-Origin

Cors

rvhsolutions.com

Cookies Headers

1 headers

Set-Cookie

Cookies

rvh_authentication_session=eyJpdiI6ImxDaGtwK3JSWUdQNGxkRCt4ZTVMelE9PSIsInZhbHVlIjoicENtbmx3Y1ByRHhrUTJGd1F3MUNUa2dlK2I2d2dZUXRxMjRMa1IrbGM1MmI3dVlTVWk3elFURWpLRzhhazhaamtkS2lFZnlOU0ZxYTBzbUdlMW9rcmwzUjJ1dTJOR3VqRW5OODJ2ZS9xZ1p4VkQzdXJCQlMvakJnVzhjeXVsMWwiLCJtYWMiOiJiYWUzNDAzYzczNzA2ZjA5N2MxMDVmZjExZTkwMTk3ZTJmYWZmNTE4ODQ5ZDE4NGYyNTI2NzljZjBjMDVhZTc3IiwidGFnIjoiIn0%3D; expires=Mon, 19 Jan 2026 04:48:49 GMT; Max-Age=216000; path=/; secure; httponly; samesite=lax

Other Headers

1 headers

Date

Other

Fri, 16 Jan 2026 16:48:49 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance