It's not impossible to determine which of your visitors has login cookies to other sites, such as internal.gitlab.com, and provide different content to them.

I would imagine they would be using some sort of company vpn to access the files they need to use.

Most companies I’ve encountered have moved towards split-tunneled VPNs so an employee clicking on a phish page would traverse the employees gateway, not corporates.

My experience is the opposite: Part of the justification for moving away from standards-based VPNs is to prevent split-tunneling.

My present employer's VPN client goes a step further and mangles the routing table to deny access to my own LAN while connected.

I can’t decide if I hate that more or less than what I’ve seen: client-side blocking of DNS resolution and driving all queries through Cisco Umbrella or friends.

I guess they both suck pretty hard.

interesting, i heard that some employers did set the default route to go through their vpn, havent had that experience myself either though.

it was always only the 10.0.0.0/8 and some /24 ranges from 192.168.0.0/16 at my current job

liberty mutual, the largest insurance provider, is in the process of moving from default route on the vpn to no vpn at all and zero trust networks for their apps.