Web Cache Poisoning leads to Stored XSS

@bombon reported to us a web cache poisoning issue that led to caching of gdToken(Anti-CSRF token) across different Glassdoor pages and in some instances could be chained to perform XSS by caching the XSS payload. This has now been resolved using CF web cache armor and cache-control headers explicitly set across the app. We thank @bombon for the detailed finding, patience, and co-operation with the various PoCs and explanations. Looking forward to more findings from you @bombon keep up the good work.