It is never easy to know how to react, communicate, or at times, even feel, during something as heartbreaking and real as the struggles that our fellow humans face through no fault of their own. As Herokai, we stand in solidarity with the Black Lives Matter movement and want to share some of our thoughts on the struggle, as well as some actions and resources that we find helpful.

We will be keeping this post updated and would love to include your voice. Please send us any thoughts that you’d like to share at: feedback@heroku.com.


“Many, if not all, of us are watching the civil rights movement taking place around the world. We are hurting, we are angry, and many of us are asking, “How...


Using HTTP Headers to Secure Your Site

engineering , Lead Support Engineer

Observatory by Mozilla helps websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.

Let's take a look at the scores Observatory gives for a fairly straightforward Static Buildpack app, https://2017.keeprubyweird.com.

Test Scores

Test Pass Score Explanation
Content Security Policy -25 Content Security Policy (CSP) header not implemented
Cookies 0 No cookies detected
Cross-origin Resource Sharing 0 Content is not visible via cross-origin resource sharing (CORS) files or headers
HTTP Public Key Pinning 0 HTTP Public Key Pinning (HPKP) header not implemented (optional)
HTTP Strict Transport...

Jekyll on Heroku

engineering , Lead Support Engineer

Jekyll, the static website generator written in Ruby and popularized by GitHub, is a great candidate for being run on Heroku. Originally built to run on GitHub Pages, running Jekyll on Heroku allows you to take advantage of Jekyll’s powerful plugin system to do more than convert Markdown to HTML. On my blog, I have plugins to download my Goodreads current and recently read books and to generate Open Graph images for posts. That said, it’s not straightforward to get up and running on Heroku without using jekyll serve to do the heavy lifting. jekyll serve uses Ruby’s built-in, single threaded web server WEBrick, but a public site should be using a web server more suited for production, like...


Subscribe to the full-text RSS feed for Caleb Hearth.