Open
Cached
·
just now
13
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; script-src; style-src; +12 more
default-src 'self' https://beta-static.zensourcer.com/scripts/ https://beta-static.gem.com/; script-src https://cdnjs.cloudflare.com/ https://www.amcharts.com/lib/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://fullstory.com/s/ https://edge.fullstory.com/s/ https://rs.fullstory.com/ https://cdn.ravenjs.com/ https://cdn.jsdelivr.net/npm/[email protected]/ https://cdn.jsdelivr.net/npm/[email protected]/ https://cdn.jsdelivr.net/npm/[email protected]/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://analytics.gem.com/analytics.js/v1/ https://analytics.gem.com/analytics-next/bundles/ https://analytics.gem.com/next-integrations/integrations/ https://analytics.gem.com/next-integrations/actions/ https://boards.greenhouse.io/ https://data.nuxguides.gem.com/ https://content.nuxguides.gem.com/ https://pendo-io-static.storage.googleapis.com https://pendo-static-5669404840427520.storage.googleapis.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.googletagmanager.com/ https://cdn.amplitude.com/ https://app.getmacha.com https://connect.facebook.net/en_US/sdk.js https://beta-static.zensourcer.com/scripts/ https://beta-static.gem.com/ 'nonce-XNKWWkzMkkCTMU0EpvRL5kU-Wl6QkGeTYIPbQvtscibvhgInWRsPLAVRhgMFw1R3vPzPzuSiav-R2Cm0MOdwCg' about: 'report-sample' https://hcaptcha.com https://*.hcaptcha.com https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://a.omappapi.com; style-src https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://www.amcharts.com/lib/ https://unpkg.com/ https://use.fontawesome.com/releases/ https://cdn.jsdelivr.net/npm/[email protected]/ https://data.nuxguides.gem.com/ https://content.nuxguides.gem.com/ https://pendo-static-5669404840427520.storage.googleapis.com https://www.googletagmanager.com/ https://app.getmacha.com/app/styles.css https://usercontent.zscdn.net/fonts/ https://beta-static.zensourcer.com/scripts/ https://beta-static.gem.com/ 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdnjs.cloudflare.com/; img-src 'self' https: data: blob:; font-src 'self' https://static.gem.com/ https://maxcdn.bootstrapcdn.com/ 'self' https://fonts.gstatic.com/ https://use.fontawesome.com/releases/ https://usercontent.zscdn.net/fonts/ data:; connect-src https: wss://widget-mediator.zopim.com/ https://data.nuxguides.gem.com/ https://pendo-static-5669404840427520.storage.googleapis.com http://www.testglobal.net/ data: blob: https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hire.lever.co https://*.avature.net https://boards.greenhouse.io/ https://hcaptcha.com https://*.hcaptcha.com https://bid.g.doubleclick.net/; manifest-src 'self' https://beta-static.zensourcer.com/scripts/ https://beta-static.gem.com/; media-src https://beta-static.zensourcer.com/scripts/ https://beta-static.gem.com/ https://static.zdassets.com/web_widget/; worker-src blob: https://beta-static.zensourcer.com/scripts/ https://beta-static.gem.com/; report-uri /api/csp_log; child-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.linkedin.com
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
close
Caching Headers
0 headers
No caching headers found
Content Headers
2 headers
Content-Length
Content
13249
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Heroku
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
session=mla1SEgPeUeWhVR2d9Lx69c2T40mX2LLXKhelC6YY-ZZ_NGxmDwafotiMSg6ffiBj3qdF-kAcrbvntOuz-gHyg; Expires=Sun, 01 Feb 2026 15:33:20 GMT; Secure; HttpOnly; Path=/; SameSite=None
Other Headers
6 headers
Date
Other
Fri, 02 Jan 2026 15:33:20 GMT
Nel
Other
{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To
Other
{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=t58hyC06GhWudNEjtSz8CR%2BWBSDV6B9wpo7oFJTfoUM%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1767368000"}],"max_age":3600}
Reporting-Endpoints
Other
heroku-nel="https://nel.heroku.com/reports?s=t58hyC06GhWudNEjtSz8CR%2BWBSDV6B9wpo7oFJTfoUM%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1767368000"
Via
Other
1.1 heroku-router
X-Request-Id
Other
8aeaaa9f-1587-b972-f215-176fc6e4392e
Recommendations
Enable compression (gzip/brotli) to improve performance
Add Cache-Control header to optimize caching