Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
frame-ancestors; frame-src; style-src-attr; +13 more
frame-ancestors 'none'; frame-src 'self' td.doubleclick.net www.youtube.com www.googletagmanager.com; style-src-attr fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' src.nlx.org dalia-cdn.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com 'unsafe-inline' api.mapbox.com stackpath.bootstrapcdn.com cdn.form.io fonts.googleapis.com; base-uri 'self'; default-src 'self'; form-action 'self'; object-src 'none'; img-src 'self' cdn.gcs.daliajobs.com www.google-analytics.com www.googletagmanager.com www.google.com ryder.icims.com dalia-cdn.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com seo.nlx.org src.nlx.org google.com maps.gstatic.com maps.googleapis.com data:; style-src 'self' fonts.googleapis.com/css 'nonce-29eb49df465a12460307553a95692a24' ryder.icims.com cdn.gcs.daliajobs.com www.google.com dalia-cdn.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com; font-src 'self' fonts.googleapis.com/css fonts.gstatic.com src.nlx.org; connect-src 'self' src.nlx.org t.jobsyn.org www.google-analytics.com prod-search-api.jobsyn.org microsites.dejobs.org maps.googleapis.com forms.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com ipv4.icanhazip.com www.google.com google.com api.ipify.org analytics.google.com; media-src 'self' seo.nlx.org forms.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com src.nlx.org s7.addthis.com googleads.g.doubleclick.net maps.googleapis.com dalia-cdn.daliajobs.com www.google-analytics.com forms.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com; script-src-attr 'self' 'unsafe-inline' dalia-cdn.daliajobs.com *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com www.googletagmanager.com; script-src 'strict-dynamic' *.daliajobs.com *.mixpanel.com *.bootstrapcdn.com *.form.io *.mapbox.com 'nonce-29eb49df465a12460307553a95692a24' 'unsafe-eval'
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=("https://*.recruitrooster.com" "https://jobs.ryder.com" "http://localhost:*")
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
4 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin
Caching Headers
3 headers
Cache-Control
Caching
max-age=0
Etag
Caching
"ae2d4e6193bba31bd38016ba962a2bde"
Last-Modified
Caching
Tue, 13 Jan 2026 19:12:31 GMT
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
openresty
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cache-Status
Other
MISS
Date
Other
Tue, 20 Jan 2026 13:26:34 GMT
Req-Id
Other
00007a0001a8793044500031
Via
Other
1.1 4e09350ff1875b4ac1eea36187d8827e.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
NFHkg9sL-FhRUdDpWkkpbDtfxiy2xRROaGgI86KKrPaZlyYrYzwcTA==
X-Amz-Cf-Pop
Other
IAD55-P9
X-Amz-Replication-Status
Other
COMPLETED
X-Amz-Server-Side-Encryption
Other
AES256
X-Amz-Version-Id
Other
b0HAwimfuPvdc4_yA7O6eeUOzY1zKBuB
X-Cache
Other
RefreshHit from cloudfront
Recommendations
Enable compression (gzip/brotli) to improve performance