HTTP Headers Analysis for https://kroll.com

Detected Technologies from Headers

See all in URL Inspect 3

Cloudflare CDN

Netlify

Next.js

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Present

accelerometer=(self), camera=(self), geolocation=(self); +5 more

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

Accept-Encoding

connection: close
transfer-encoding: chunked
vary: Accept-Encoding

Caching Headers

Age

Caching

971

Cache-Control

Caching

public,max-age=0,must-revalidate

age: 971
cache-control: public,max-age=0,must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

cloudflare

X-Powered-By

Server

Next.js

server: cloudflare
x-powered-by: Next.js

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: sc_site=Kroll; Path=/; Secure; HttpOnly; SameSite=none
__cf_bm=_4vlC7v_G93FOYQl7W0Vj0GV0gNmHIUOlWo6kxgXMeQ-1778450119.659063-1.0.1.1-91hq9c180TERXf8tfeG8ES8J1OAZ1naS2.AepfhcBCDl.2fbC_sWNltpsY5cbe3uHqljvi3fc1nPsvciSJtulYsL789R1Hrz3QKzDmDHR9hSj7ltSg_xQUvaYBaxl0L9; HttpOnly; Secure; Path=/; Domain=kroll.com; Expires=Sun, 10 May 2026 22:25:19 GMT

Other Headers

Cache-Status

Other

"Netlify Edge"; hit, "Netlify Edge"; hit;detail=p1

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9f9c2fffdd4c77fd-IAD

Date

Other

Sun, 10 May 2026 21:55:19 GMT

Netlify-Vary

Other

X-Middleware-Next

Other

1

X-Middleware-Rewrite

Other

/en/_site_Kroll?sc_site=Kroll

X-Nextjs-Date

Other

Sun, 10 May 2026 17:58:31 GMT

X-Nf-Request-Id

Other

01KR9Y6F32SYM2APFE80F28GEV

X-Sc-Rewrite

Other

/_site_Kroll/

cache-status: "Netlify Edge"; hit, "Netlify Edge"; hit;detail=p1
cf-cache-status: DYNAMIC
cf-ray: 9f9c2fffdd4c77fd-IAD
date: Sun, 10 May 2026 21:55:19 GMT
netlify-vary: query=__nextDataReq|_rsc,header=x-nextjs-data|x-next-debug-logging|next-router-prefetch|next-router-segment-prefetch|next-router-state-tree|next-url|rsc|accept-encoding,cookie=__prerender_bypass|__next_preview_data
x-middleware-next: 1
x-middleware-rewrite: /en/_site_Kroll?sc_site=Kroll
x-nextjs-date: Sun, 10 May 2026 17:58:31 GMT
x-nf-request-id: 01KR9Y6F32SYM2APFE80F28GEV
x-sc-rewrite: /_site_Kroll/

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology