HTTP Headers Analysis for https://www.kroo.com

Detected Technologies from Headers

See all in URL Inspect 19

AWS CloudFront

Datadog

Entrust Identity Verification

Facebook

Forethought

Google AdSense

Google Analytics

Google Cloud Functions

Google Conversion Tracking

Google DoubleClick

Google Fonts

Google Optimize

Google Search

Google Tag Manager

Hotjar

Next.js

Trustpilot

Vimeo

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31104000; includeSubDomains; preload

Content-Security-Policy

Good

connect-src; default-src; font-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

fullscreen=(self "https://*.onfido.com" "https://sdk.onfido.com"), payment=(), sync-xhr=(); +7 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Etag

Caching

"643a2ddjjl7v1a"

etag: "643a2ddjjl7v1a"

Content Headers

Content-Length

Content

366828

Content-Type

Content

text/html; charset=utf-8

content-length: 366828
content-type: text/html; charset=utf-8

Server Headers

X-Powered-By

Server

Next.js

x-powered-by: Next.js

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Alt-Svc

Other

h3=":443"; ma=86400

Date

Other

Tue, 28 Apr 2026 14:45:19 GMT

Via

Other

1.1 ae045a09c544d6454a994246a7c445b6.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

hG1cyHd4Ab9AlffBEELJEc2mgMYE6E4dh3Y-qc_6MGG2xmx5-7Rzxw==

X-Amz-Cf-Pop

Other

IAD61-P10

X-Cache

Other

Miss from cloudfront

X-Download-Options

Other

noopen

alt-svc: h3=":443"; ma=86400
date: Tue, 28 Apr 2026 14:45:19 GMT
via: 1.1 ae045a09c544d6454a994246a7c445b6.cloudfront.net (CloudFront)
x-amz-cf-id: hG1cyHd4Ab9AlffBEELJEc2mgMYE6E4dh3Y-qc_6MGG2xmx5-7Rzxw==
x-amz-cf-pop: IAD61-P10
x-cache: Miss from cloudfront
x-download-options: noopen

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology