HTTP Headers Analysis for https://rm.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Weak

upgrade-insecure-requests

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Cache-Control

Caching

s-maxage=36000, max-age=5

Last-Modified

Caching

Fri, 30 Jan 2026 11:52:51 GMT

Content Headers

1 headers

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

cloudflare

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_cfuvid=J9hYSaYU8kSDfA_9WVSRgI1RMI7_W7TL1hhiBRATM2o-1769821904576-0.0.1.1-604800000; path=/; domain=.www.rm.com; HttpOnly; Secure; SameSite=None

Other Headers

13 headers

Alt-Svc

Other

h3=":443"; ma=86400

Cf-Ray

Other

9c6556373bccf280-IAD

Date

Other

Sat, 31 Jan 2026 01:11:44 GMT

Edge-Cache-Tag

Other

CT-284344186051,CG-5094373,P-5094373,CW-278534759626,CW-278550858957,CW-278550858969,CW-278550893769,CW-284389583090,CW-286289132762,CW-290370713793,CW-304447531194,E-278534758638,E-278534760654,E-278534760656,E-278549490923,E-278549491921,E-278549493987,E-278550855915,E-290472721622,RA-286287643860,PGS-ALL,SW-0,B-13678002763,GC-278546698488,TS-278550855869

Link

Other

<https://use.typekit.net/hbw5jfi.css>; rel=preload; as=style,<https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css>; rel=preload; as=style,<https://www.rm.com/hubfs/hub_generated/template_assets/1/278550855915/1769773453179/template_main.min.css>; rel=preload; as=style,<https://www.rm.com/hubfs/hub_generated/template_assets/1/278549490923/1769773445495/template_theme-overrides.min.css>; rel=preload; as=style,<https://www.rm.com/hubfs/hub_generated/module_assets/1/278534759626/1764692603181/module_primary-header-module.min.css>; rel=preload; as=style,<https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css>; rel=preload; as=style,<https://www.rm.com/hubfs/hub_generated/module_assets/1/278550858969/1768690728214/module_standard-content-module.min.css>; rel=preload; as=style,<https://www.rm.com/hubfs/hub_generated/module_assets/1/286289132762/1768690601383/module_RM-card.min.css>; rel=preload; as=style

X-Hs-Cache-Config

Other

BrowserCache-5s-EdgeCache-180s

X-Hs-Cache-Control

Other

s-maxage=36000, max-age=0

X-Hs-Cf-Cache-Status

Other

HIT

X-Hs-Cfworker-Meta

Other

{"contentType":"SITE_PAGE","resolver":"PreRenderedContentResolver"}

X-Hs-Content-Id

Other

284344186051

X-Hs-Hub-Id

Other

5094373

X-Hs-Portal-Id

Other

5094373

X-Hs-Prerendered

Other

Fri, 30 Jan 2026 11:52:51 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance