HTTP Headers Analysis for https://static.zensourcer.com

Detected Technologies from Headers

See all in URL Inspect 26

AWS CloudFront

amCharts

Amplitude

Avature

BootstrapCDN

Cloudflare CDNJS

Facebook

Font Awesome

Fullstory

Google Analytics

Google Cloud Storage

Google DoubleClick

Google Fonts

Google Tag Manager

Greenhouse

hCaptcha

Heroku

HubSpot

HubSpot Analytics

jsDelivr

Lever

OptinMonster

Sentry

unpkg

Zendesk

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; style-src; +12 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-cache

cache-control: no-cache

Content Headers

Content-Length

Content

0

Content-Type

Content

text/html; charset=utf-8

content-length: 0
content-type: text/html; charset=utf-8

Server Headers

Server

Heroku

server: Heroku

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

Set-Cookie

Cookies

set-cookie: ili=0; Secure; Path=/; SameSite=None
_gem_user=None; Domain=gem.com; Secure; Path=/; SameSite=Lax
cssessionkey=-n8w-5Np_xh1Y-eRPeSjh-cPUKQdkdBdRRhOyAPpw8Edr9Z_vaVtidlBM0jjORlmgm1c1LBqrL4QXkwtjB-gwQ; Secure; Path=/; SameSite=None
session=cPzC9tNNZBklEhdc6GDKyH3H-KGeUvdrp20o4sxeHC1M6AoLy2zQX8ri75SH4Wohv6YGLv4VSO7mwDTMKR670A; Expires=Mon, 25 May 2026 20:29:07 GMT; Secure; HttpOnly; Path=/; SameSite=None

Other Headers

Date

Other

Sat, 25 Apr 2026 20:29:07 GMT

Nel

Other

Report-To Group heroku-nel max-age: 1h

success: 1.0% failure: 10.0%

Report-To

Other

Group heroku-nel max-age: 1h

Endpoint 1 https://nel.heroku.com/reports?s=EVaHrv6e0%2B9EMuNB4a7DQTwZR5ZD6PFkh7IFQSNq9GY%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1777148947

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=EVaHrv6e0%2B9EMuNB4a7DQTwZR5ZD6PFkh7IFQSNq9GY%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1777148947"

Via

Other

1.1 heroku-router

X-Request-Id

Other

6b240b07-fa60-b8c6-5a2a-30f14320090f

date: Sat, 25 Apr 2026 20:29:07 GMT
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=EVaHrv6e0%2B9EMuNB4a7DQTwZR5ZD6PFkh7IFQSNq9GY%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1777148947"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=EVaHrv6e0%2B9EMuNB4a7DQTwZR5ZD6PFkh7IFQSNq9GY%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1777148947"
via: 1.1 heroku-router
x-request-id: 6b240b07-fa60-b8c6-5a2a-30f14320090f

Recommendations

Enable compression (gzip/brotli) to improve performance