HTTP Headers Analysis for https://kroo.com

Detected Technologies from Headers

See all in URL Inspect 19

AWS CloudFront

Datadog

Entrust Identity Verification

Facebook

Forethought

Google AdSense

Google Analytics

Google Cloud Functions

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Optimize

Google Search

Google Tag Manager

Hotjar

Next.js

Trustpilot

Vimeo

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31104000; includeSubDomains; preload

Content-Security-Policy

Good

connect-src; default-src; font-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

fullscreen=(self "https://*.onfido.com" "https://sdk.onfido.com"), payment=(), sync-xhr=(); +7 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Etag

Caching

"qf1097kfw07v1a"

etag: "qf1097kfw07v1a"

Content Headers

Content-Length

Content

366828

Content-Type

Content

text/html; charset=utf-8

content-length: 366828
content-type: text/html; charset=utf-8

Server Headers

X-Powered-By

Server

Next.js

x-powered-by: Next.js

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Date

Other

Sat, 02 May 2026 22:16:55 GMT

Via

Other

1.1 9bce423254194c16408d5cf7234126e2.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

nSR1YPepuWyWLCiHxggkqD9lPvoVj1d5yPhfF3EbuMhz3I03sgAOtA==

X-Amz-Cf-Pop

Other

IAD61-P10

X-Cache

Other

Miss from cloudfront

X-Download-Options

Other

noopen

alt-svc: h3=":443"; ma=86400
date: Sat, 02 May 2026 22:16:55 GMT
via: 1.1 9bce423254194c16408d5cf7234126e2.cloudfront.net (CloudFront)
x-amz-cf-id: nSR1YPepuWyWLCiHxggkqD9lPvoVj1d5yPhfF3EbuMhz3I03sgAOtA==
x-amz-cf-pop: IAD61-P10
x-cache: Miss from cloudfront
x-download-options: noopen

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology