Security Directory

The Lucille Werner Foundation is a small Dutch non-profit organization dedicated to improving the visibility and inclusion of people with disabilities through media, events, and labor market initiatives. The website reflects this mission with clear content and navigation but lacks critical compliance elements such as privacy and cookie policies. Technically, the site is built on the JouwWeb CMS platform and hosted on Google Cloud infrastructure, but it suffers from an invalid SSL certificate, resulting in no proper HTTPS security. Security headers are partially implemented, and minimal user tracking is done via Plausible Analytics, indicating some privacy awareness. Overall, the security posture is weak due to missing HTTPS and lack of advanced security configurations. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic improvements in SSL configuration, privacy compliance, and contact transparency are recommended to enhance trust and security.

J

Job-TransFair gemeinnützige GmbH

jobtransfair.at

0

Job-TransFair gemeinnützige GmbH is a Vienna-based non-profit organization dedicated to supporting disadvantaged individuals in the labor market by facilitating permanent employment opportunities. The organization collaborates with a large network of partner companies and receives financial support from the AMS Wien and the City of Vienna. Their website provides comprehensive information about their services, success stories, and job offers, targeting both job seekers and employers. The content is well-structured, professionally presented, and primarily in German. Technically, the site is built on the Contao CMS platform with modern frontend technologies like Bootstrap and jQuery, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy compliance is strong, with Cookiebot implemented for consent management and clear privacy and cookie policies. The site also integrates Google Tag Manager for analytics and marketing purposes. Overall, the business is credible and transparent, with clear contact information and trust indicators such as certifications and partnerships.

Nástupište 1-12 is a Slovak non-profit cultural organization dedicated to contemporary culture with a focus on music, art, presentations, and educational activities. The website serves as a platform to announce events, workshops, exhibitions, and artistic residencies primarily targeting the local cultural community and children. The organization maintains a consistent brand presence and provides comprehensive event information with good use of structured data for SEO and social media integration. Technically, the website is built on the Smartweb CMS platform, utilizing various JavaScript libraries such as jQuery and Owl Carousel, and is hosted by Smartweb providers. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the site is functional and content-rich but requires urgent security improvements.

A

American Austrian Foundation

aaf-online.org

0

The American Austrian Foundation is a well-established non-profit organization dedicated to fostering knowledge transfer and experience exchange in medicine, culture, and media through fellowship programs and bilateral exchanges. The website reflects a professional and consistent brand with clear program offerings and international reach. Technically, the site is built on WordPress with Elementor and uses modern web technologies, but suffers from a critical lack of HTTPS, which undermines security and user trust. The security posture is weak due to the absence of a valid SSL certificate and missing security headers, although no major vulnerabilities were detected. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Business credibility is strong, supported by trust badges and consistent WHOIS data. Overall, the site is functional and informative but requires urgent security improvements to protect users and enhance trust.

GMB Union is a well-established UK trade union with a mature domain and a large membership base exceeding 500,000. The website serves as a comprehensive platform for union campaigns, news, member benefits, and sector-specific advice, targeting workers across public and private sectors. The technical infrastructure is based on MODX Revolution CMS, hosted on a Plesk platform with nginx web server, and uses modern JavaScript libraries for enhanced user experience. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a significant security concern. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent improvements in its security posture to protect user data and enhance trust.

A

Ashoka

ashoka.org

0

Ashoka is a globally recognized non-profit organization dedicated to supporting social entrepreneurs and changemakers. The website reflects a mature digital presence with comprehensive content, clear calls to action, and a strong community focus. The technical infrastructure leverages Drupal 10 CMS and Cloudflare for hosting and delivery, ensuring good performance and accessibility. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the site demonstrates high professionalism and business credibility but requires urgent security improvements to meet modern standards.

S

Salzburg Global Seminar, Inc.

salzburgglobal.org

0

Salzburg Global Seminar, Inc. is a well-established non-profit organization founded in 1947, dedicated to convening global leaders for breakthrough conversations on pressing global issues. The organization operates internationally with offices in Austria and the USA, providing leadership programs, fellowships, and global convenings. The website is built on TYPO3 CMS and uses standard web technologies including jQuery and Google reCAPTCHA for form security. While the site offers comprehensive content and clear navigation, it lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. Privacy and cookie policies are present and include consent mechanisms, reflecting good privacy compliance. Contact information and social media presence are robust, enhancing business credibility. Overall, the site demonstrates a solid business and content foundation but requires urgent improvements in security infrastructure.

O

Open Knowledge Maps

openknowledgemaps.org

0

Open Knowledge Maps is a well-established non-profit organization founded in 2014, focused on revolutionizing scientific knowledge discovery through AI-based search and visualization tools. Their platform serves researchers and the scientific community by providing an accessible and open infrastructure for literature search and concept identification. Technically, the website uses modern frontend technologies such as Bootstrap, jQuery, and D3.js, and is hosted on Contabo servers. However, the absence of HTTPS is a critical security gap that undermines user trust and data protection. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms, alongside the use of privacy-respecting analytics (Matomo). Business credibility is supported by testimonials, awards, and open source transparency. Overall, the site is content-rich and professionally designed but requires urgent security improvements.

E

Evangelical Free Church of America

efca.org

0

The Evangelical Free Church of America (EFCA) operates as a large non-profit religious association focused on uniting and supporting approximately 1,600 evangelical congregations across the United States. Their website serves as a central hub for ministry resources, church networking, events, and informational content aimed at their faith community and interested individuals. The organization maintains a strong market position within the evangelical sector, supported by trust indicators such as ECFA accreditation and active social media engagement. Technically, the website leverages modern frontend frameworks including Vue.js and Nuxt.js, delivering a visually appealing and accessible user experience. However, the site suffers from slow load times and lacks a content delivery optimization strategy. Hosting is provided by DreamHost, and the site integrates third-party services such as Mailchimp for newsletter subscriptions and Vimeo for video content. From a security perspective, the site exhibits critical vulnerabilities, most notably the absence of a valid SSL/TLS certificate, resulting in no HTTPS support. This severely undermines user trust and data security. Additionally, the lack of security headers, HSTS, and other best practices further exposes the site to potential risks. Privacy compliance is limited, with no cookie consent mechanism detected and only a basic privacy policy present. Overall, while the EFCA website is professionally designed and content-rich, its security posture is weak and requires urgent remediation to protect users and maintain organizational credibility. Strategic improvements in SSL implementation, security headers, and privacy compliance will significantly enhance the site's trustworthiness and resilience.

L

Light for the world INTERNATIONAL

light-for-the-world.org

0

Light for the World International is a well-established non-profit organization founded in 2004, focused on disability rights and eye health globally. The organization operates multiple country-specific websites, indicating a broad international presence and a strong commitment to inclusive education, economic empowerment, and humanitarian action. Their website content is rich, professionally designed, and regularly updated, targeting individuals and organizations interested in disability inclusion and health advocacy. Technically, the website is built on WordPress with modern SEO plugins and accessibility features, providing a good user experience and mobile optimization. However, the hosting environment lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Other security headers and best practices are partially implemented but require improvement. The security posture is currently weak due to missing HTTPS and related configurations, posing risks to user data confidentiality and trust. Privacy compliance is well addressed with GDPR-compliant cookie consent mechanisms and a comprehensive privacy policy. Business credibility is high, supported by transparent WHOIS data, trust seals, and clear contact information. Overall, the website is functional and trustworthy from a business and content perspective but requires urgent security enhancements to protect users and improve trustworthiness. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, and strengthening security headers and protocols.

G

Greater Europe Mission

gemission.org

0

Greater Europe Mission is a well-established Christian missions non-profit organization focused on disciple-making and evangelism throughout Europe. The organization has a mature online presence with a professionally designed WordPress website that clearly communicates its mission, values, and ministry areas. The website targets Christian communities, churches, missionaries, and donors interested in European missions. It offers resources, contact options, and donation capabilities to support its mission. Technically, the site uses modern web technologies including WordPress, Beaver Builder, and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate and HTTPS support, which is a significant security concern. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. Overall, the site is credible and trustworthy but requires urgent security improvements to protect user data and enhance trust.

B

Blühendes Österreich – BILLA gemeinnützige Privatstiftung

bluehendesoesterreich.at

0

Blühendes Österreich is a well-established non-profit foundation founded in 2015 by BILLA AG and BirdLife Österreich, dedicated to promoting biodiversity and protecting endangered habitats in Austria. The website serves as a comprehensive platform for nature experiences, educational content, and community engagement, targeting Austrian municipalities, nature enthusiasts, and farmers. Technically, the site is built on Drupal 10, uses modern analytics and messaging tools, and is protected by Sucuri Cloudproxy WAF. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to insecure connections. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Business credibility is high, supported by strong partnerships and trust indicators. Strategic improvements in SSL deployment and security hardening are recommended to enhance user trust and security posture.

IMC-Austria operates as a small non-profit meditation center focused on Vipassana meditation in the Theravada Buddhist tradition. The website provides informational content about meditation courses, the tradition of Sayagyi U Ba Khin, and links to related international centers. The target audience includes individuals interested in meditation and spiritual growth. Technically, the website is basic and static, using JavaScript, CSS, and Google services such as Analytics and Custom Search. However, the site suffers from slow load times and lacks modern web technologies or CMS platforms. Security posture is weak due to the absence of HTTPS, no valid SSL certificate, and missing security headers, exposing visitors to potential risks. Privacy compliance is poor, with no privacy or cookie policies and no consent mechanisms for tracking. Business credibility is moderate based on consistent WHOIS data and clear organizational identity but is weakened by lack of contact information and security best practices. Overall, the website requires significant improvements in security, privacy compliance, and technical modernization to enhance trust and user experience.

F

Florida Association of Insurance Agents

faia.com

0

The Florida Association of Insurance Agents (FAIA) operates as a non-profit membership organization dedicated to supporting Florida insurance agents through education, advocacy, and industry services. The website reflects a mature association with a broad offering of educational programs, advocacy resources, membership benefits, and preferred provider partnerships. The target audience is primarily insurance agents and agencies within Florida, with a focus on professional development and market access. The business model centers on membership dues, educational offerings, and partnerships with service providers. Technically, the website is built on Microsoft IIS with ASP.NET and Kentico CMS, utilizing common JavaScript libraries such as jQuery and Bootstrap. While the site is content-rich and professionally designed with clear navigation, it lacks a valid SSL certificate, which is a critical security deficiency. The absence of HTTPS undermines user trust and exposes visitors to potential risks. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism. Analytics tools like Google Analytics and Microsoft Clarity are used, indicating moderate user tracking. Overall, the website is functional and credible but requires urgent security improvements to align with best practices.

A

African Diaspora Youth Forum in Europe (ADYFE)

adyfe.eu

0

The African Diaspora Youth Forum in Europe (ADYFE) is a well-established non-profit platform founded in 2014, serving nearly 110 youth organizations across 31 to 41 European countries. It focuses on empowering African diaspora youth through entrepreneurship, employability, and civic engagement initiatives. The website is built on WordPress with a modern tech stack including Bootstrap and popular plugins for galleries and forms. However, the site suffers from a critical security issue: the lack of a valid SSL certificate, resulting in no proper HTTPS support. Security headers are partially implemented but ineffective without SSL. Privacy compliance is weak, with no visible privacy or cookie policies, and no incident response or vulnerability disclosure mechanisms. Contact information is available via email and contact forms, and social media presence is active on major platforms. Overall, the site presents good content and business credibility but requires urgent security and compliance improvements.

F

Film Independent

filmindependent.org

0

Film Independent is a well-established non-profit arts organization dedicated to championing independent filmmakers. The website serves as a comprehensive platform offering information on events, awards, educational programs, and resources tailored to filmmakers and the arts community. The organization has a mature online presence with a domain age of 20 years, reflecting its longstanding role in the independent film sector. The site targets independent filmmakers and film enthusiasts, providing memberships, donations, and community engagement opportunities.

S

SOS-Kinderdorf Österreich

sos-kinderdorf.at

0

SOS-Kinderdorf Österreich is a well-established non-profit organization dedicated to providing loving homes and support to children in need both in Austria and globally. Founded in 1949, it operates in 138 countries and relies on donations, sponsorships, and volunteer engagement to fulfill its mission. The website reflects a professional and consistent brand presence with comprehensive content and clear navigation targeting donors, volunteers, and families in need. Technically, the site uses ASP.NET WebForms with Kentico CMS, integrates modern libraries like jQuery and FontAwesome, and employs a consent management platform for GDPR compliance. However, a critical security gap exists due to the absence of HTTPS and a valid SSL certificate, exposing users to potential risks. Privacy policies and cookie consent mechanisms are well implemented, supporting regulatory compliance. Overall, the site demonstrates strong business credibility and user trust but requires urgent security improvements.

F

FLOCERT GmbH

flocert.net

0

FLOCERT GmbH is a globally recognized certification and social auditing body, primarily serving as the sole certifier for Fairtrade products. Established in 2003 and based in Germany, FLOCERT offers a comprehensive suite of services including Fairtrade and EDGE certification, social audits, and customized sustainability programs. Their mission centers on promoting fairness in global trade, ensuring ethical business practices, and supporting sustainable development across diverse sectors. The website reflects a mature digital presence with rich content, multi-language support, and strong branding aligned with their non-profit sector focus. Technically, the site is built on WordPress with modern SEO and marketing tools, but currently lacks a valid SSL certificate, which significantly impacts its security posture. Despite this, the site maintains good privacy compliance with clear policies and consent mechanisms. The absence of HTTPS and modern TLS protocols is a critical security gap that should be addressed promptly to protect user data and enhance trust. Overall, FLOCERT demonstrates a strong market position and credible business model, but must improve its technical security to align with best practices.

O

One Collective

iteams.us

0

One Collective is a US-based non-profit organization dedicated to creating sustainable and lasting change in marginalized communities worldwide through a faith-inspired, collaborative model. Their approach centers on empowering local leaders and fostering holistic community development. The website is hosted on Squarespace and integrates modern web technologies including PostHog for analytics and Termly for cookie consent management. While the site presents well-structured content and clear navigation, it suffers from a critical security issue due to an invalid SSL certificate, which undermines user trust and security. Privacy compliance is basic, with no explicit privacy policy or terms of service pages found, though cookie consent mechanisms are in place. The organization maintains active social media channels and uses a donation platform to support its mission. Overall, the website demonstrates moderate digital maturity but requires urgent improvements in security and privacy transparency to enhance trustworthiness and compliance.

B

Big Brothers Big Sisters of America

bbbs.org

0

Big Brothers Big Sisters of America is a large, well-established non-profit organization dedicated to youth mentoring across the United States. The website provides comprehensive information about their programs, impact, and notable individuals associated with the organization. The technical infrastructure is based on WordPress with modern web technologies and analytics tools, hosted on Pantheon. While the site is professionally designed and content-rich, it suffers from a critical security issue due to the lack of a valid SSL/TLS certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy compliance is basic, with no clear cookie consent mechanism detected. Overall, the site is trustworthy and authoritative in its domain but requires urgent security improvements.

CARE Österreich is a well-established non-profit organization focused on humanitarian aid and sustainable development in over 100 countries. The website reflects a professional and content-rich platform targeting donors, partners, and beneficiaries. The technical infrastructure is based on WordPress hosted on WP Engine, utilizing modern plugins and tracking tools with GDPR-compliant cookie consent. However, the absence of a valid SSL/TLS certificate is a critical security flaw that exposes users to risks and undermines trust. While privacy policies and contact information are comprehensive and transparent, the lack of incident response and security policy pages indicates room for improvement in security governance. Overall, the site demonstrates strong business credibility and user experience but requires urgent security enhancements.

The website rccglivingspring.org is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful content or business information. The domain is registered and uses Cloudflare for DNS and security services but lacks a valid SSL certificate, resulting in no HTTPS support. The site does not present any privacy, cookie, or terms of service policies, nor does it provide contact information or forms for user interaction. The technical infrastructure relies heavily on Cloudflare, but the absence of a valid certificate and the blocking of content severely limit the ability to assess the site's digital maturity or business credibility. Security headers are present but basic, and no advanced security features like HSTS are enabled. Overall, the site scores low on content quality, privacy compliance, and business credibility due to the lack of accessible content and security shortcomings.

H

Heller Consulting

teamheller.com

0

Heller Consulting is a mature and reputable technology consulting firm specializing in nonprofit and higher education sectors. They provide tailored technology strategies and implementations focusing on platforms such as Salesforce, Microsoft, and Blackbaud. The company has a strong market position supported by client testimonials, certifications like Certified B Corporation, and partnerships with major technology providers. Technically, the website is built on WordPress with modern plugins and SEO tools, offering good mobile optimization and accessibility. However, the absence of HTTPS is a critical security gap, exposing users to potential risks. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. Overall, the business credibility is high, but security posture needs urgent improvement to protect user data and enhance trust.

J

Jugend am Werk Steiermark GmbH

jaw.or.at

0

Jugend am Werk Steiermark GmbH is a leading non-profit organization in Austria's Steiermark region, providing a broad range of social services including support for people with disabilities, youth, families, and adults with mental health challenges. Their offerings encompass housing, employment, education, and community integration, positioning them as a key social service provider with a strong regional presence and multiple certifications and awards that underscore their credibility and commitment to quality. The website is built on TYPO3 CMS, hosted on a provider associated with the domain's DNS records, and employs modern web technologies such as Swiper.js and Matomo analytics. While the site is rich in content, well-structured, and accessible, it suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts the security posture score. Privacy and cookie policies are comprehensive and GDPR compliant, with a clear consent mechanism in place. Contact information is prominently displayed and verified, enhancing business credibility. Overall, the site demonstrates strong business and content quality but requires urgent security improvements to protect user data and maintain trust.

V

VIER PFOTEN International – gemeinnützige Privatstiftung

four-paws.org

0

FOUR PAWS International is a globally recognized non-profit animal welfare organization dedicated to protecting animals under human influence. The organization operates multiple country offices and campaigns worldwide, focusing on rescue missions, veterinary care, sterilization of stray animals, and advocacy against animal cruelty. Their website reflects a professional and comprehensive digital presence, targeting animal welfare supporters, donors, and volunteers. Technically, the site is built on the Neos CMS platform using the Flow PHP framework, incorporating modern JavaScript libraries such as Splide.js and Google Tag Manager for analytics and marketing. However, a critical security weakness is the absence of a valid SSL certificate and lack of TLS protocol support, which significantly undermines the site's security posture. Privacy and cookie policies are well implemented and GDPR compliant, enhancing user trust. Overall, the site demonstrates strong business credibility and content quality but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

Pride Houston® is a well-established non-profit organization dedicated to organizing the official Houston LGBT Pride Celebration® annually. The website serves as a comprehensive portal for event information, registration, sponsorship, volunteer opportunities, and media resources targeting the LGBTQ+ community and allies in Houston, Texas. The organization enjoys a mature domain age and a consistent brand presence with multiple reputable sponsors and partners. Technically, the site is built on WordPress with Elementor and hosted on WP Engine behind Cloudflare CDN, leveraging Google Analytics for user tracking. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. Privacy and cookie policies are not found, indicating compliance gaps. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and enhance trust.

T

Trees for the Future

trees2024impact.org

0

Trees for the Future is a well-established non-profit organization dedicated to sustainable agroforestry and land restoration, as evidenced by their 2024 Impact Report website. The organization focuses on empowering farmers in challenging environments through their Forest Garden Approach, which promotes environmental restoration, food security, and economic growth. The website demonstrates a strong market position with notable recognitions such as the UN World Restoration Flagship Award and a clear commitment to community and environmental impact. Technically, the website is built using modern technologies like Framer and supports secure protocols such as TLS 1.3, but it suffers from slow load times and lacks some advanced security features like HSTS and OCSP stapling. Security posture is good with no critical vulnerabilities detected, but privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site is professional and trustworthy, though it would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

Trees for the Future is a well-established nonprofit organization dedicated to land restoration and sustainable agriculture in developing communities worldwide. The organization is recognized as a United Nations World Restoration Flagship, highlighting its leadership in ecosystem restoration efforts. Their business model relies on donations, corporate partnerships, and community engagement to support farmers and combat hunger, poverty, and environmental degradation. The website effectively communicates their mission, impact, and opportunities for involvement, targeting donors, environmental advocates, and strategic partners. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, Google Analytics, and various marketing and fundraising tools. While the site is well-structured, mobile-optimized, and SEO-friendly, it suffers from slow load times and lacks a valid SSL certificate, which is a critical security deficiency. The absence of HTTPS and security headers exposes the site and its users to potential risks. From a security perspective, the site has significant vulnerabilities including no active SSL/TLS encryption, no HSTS, no DNSSEC, and no security headers. Although privacy and cookie policies are present with consent mechanisms, the site uses multiple third-party trackers which may impact user privacy. The domain is mature and protected by privacy proxy services, which is justified for a nonprofit entity. Overall, the security posture is weak and requires urgent improvements. The overall risk assessment indicates a trustworthy and professional nonprofit with excellent content and business credibility but with critical security gaps. Strategic recommendations include immediate SSL deployment, enhanced security headers, DNS security improvements, and a formal vulnerability disclosure policy to strengthen trust and compliance.

T

The Horatio Alger Association of Canada, Inc.

horatioalger.ca

0

The Horatio Alger Association of Canada is a mature, medium-sized non-profit organization dedicated to providing scholarships and support services to young Canadians overcoming adversity. The website reflects a professional and consistent brand with clear messaging and a focus on education and empowerment. Technically, the site is built on WordPress with common plugins and tracking tools, but suffers from slow load times and lacks a valid SSL certificate, which significantly impacts security posture. Privacy policies are present but lack a cookie consent mechanism, indicating partial compliance with privacy regulations. Overall, the domain registration and WHOIS data align well with the organization's identity, supporting legitimacy. Strategic improvements in security and privacy compliance would enhance trust and user safety.

H

Horatio Alger Association

horatioalger.org

0

The Horatio Alger Association is a well-established 501(c)(3) non-profit organization dedicated to promoting the American Dream through scholarships and support services for students facing adversity. With a mature domain dating back to 1997 and a strong market position as one of North America's largest need-based scholarship providers, the organization demonstrates a clear commitment to education and philanthropy. The website reflects a professional and consistent brand image, targeting students, donors, and supporters with rich content and multimedia elements. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Google Site Kit, leveraging Cloudflare for hosting and CDN services. While the site is mobile-optimized and SEO-friendly, performance metrics are not fully available. Security posture is currently weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy compliance is partially met with the presence of privacy and legal policies, but lacks a cookie consent mechanism and explicit GDPR compliance indicators. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to align with best practices. Strategic recommendations include immediate SSL/TLS implementation, enabling modern security headers and protocols, and introducing cookie consent mechanisms to improve privacy compliance and user trust.

F

Framsenteret Drift AS

framforum.com

0

Framforum is a specialized online publication operated by Framsenteret Drift AS, focusing on climate, environment, and people in the High North, particularly the Arctic region. The website serves as a communication platform for research notes, profiles, retrospectives, and editorials related to Arctic environmental research, targeting researchers, journalists, and interested public. The business operates as a non-profit entity with a clear affiliation to the Fram Centre, a recognized research center in Norway. Technically, the website is built on WordPress, utilizing common web technologies such as jQuery, Font Awesome, and Google Fonts, with Matomo and Google Tag Manager for analytics. However, the site suffers from a critical security shortfall: it lacks a valid SSL certificate and does not serve content over HTTPS, which undermines user trust and data security. While HSTS is enabled, it is ineffective without proper SSL/TLS configuration. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and enhance trust.

C

Catholic Foundation of Southwest Iowa

catholicfoundationiowa.org

0

The Catholic Foundation of Southwest Iowa is a mature, regionally focused non-profit organization dedicated to faith-based investing and planned giving within the Diocese of Des Moines. The foundation supports individuals, parishes, schools, and Catholic organizations by managing endowment funds, distributing grants, and providing philanthropic resources. The website reflects a well-structured and content-rich platform with clear navigation and active social media engagement. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and HTTPS enforcement, which poses significant risks to user trust and data protection. The foundation uses a WordPress CMS with multiple plugins and integrates Google Analytics and Stripe for payments, indicating a moderate level of digital maturity. Despite the lack of explicit privacy and security policies, the organization demonstrates transparency through annual reports and board information. Overall, the site is functional and professional but requires urgent security improvements to align with best practices and regulatory expectations.

C

Catholic Charities of Des Moines

catholiccharitiesdm.org

0

Catholic Charities of Des Moines is a well-established non-profit organization dedicated to serving individuals and families in need across southwest Iowa. With a history dating back to 1924 and over one million people helped, the organization offers a range of services including community resource coordination, counseling, emergency shelter, and food pantry support. Their mission is inclusive, serving people regardless of religion or demographic, and they maintain partnerships with local civic and religious entities to enhance their impact. The website reflects a professional and consistent brand presence with good content quality and clear navigation, targeting donors, volunteers, and those seeking assistance. Technically, the website is built on WordPress and leverages modern web technologies such as jQuery, Slick Carousel, and a CDN for content delivery. However, performance is currently slow with a high load time and large page size. Mobile optimization is good, and SEO practices are adequately implemented. Accessibility features are basic but present. From a security perspective, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are enabled, and there is no evidence of advanced security frameworks or incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Business credibility is strong with clear contact information, social media presence, and trust signals such as COA accreditation. Overall, the site is functional and credible but requires urgent security improvements, especially regarding SSL/TLS implementation and security headers, to protect user data and enhance trust. Performance optimization and privacy compliance enhancements would further strengthen the website's digital maturity and user confidence.

F

FEADCV

feadcv.es

0

FEADCV is a non-profit federation representing entities that provide services to people with intellectual disabilities and their families in the Comunitat Valenciana, Spain. The organization focuses on advocacy, negotiation with government consellerías, and promoting social inclusion and autonomy for its target audience. The website clearly communicates its mission, vision, and values, positioning itself as a key sector representative. Technically, the site is built on WordPress with common plugins like Yoast SEO and WPBakery, hosted likely by 1&1 IONOS. However, performance is slow with a large page size and load time exceeding 8 seconds. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no advanced email authentication beyond SPF. Privacy policies exist but lack strong GDPR compliance indicators. Contact information is limited to an email address and social media links, with no phone numbers or physical addresses explicitly provided. Overall, the site is functional and informative but requires urgent security improvements to protect users and enhance trust.

P

Plena inclusión España

plenainclusion.org

0

Plena inclusión España is a well-established non-profit organization dedicated to advocating for the rights and inclusion of people with intellectual and developmental disabilities and their families in Spain. The organization operates a comprehensive digital presence with rich content, including news, projects, training, and support services, targeting individuals, families, and federations across Spain. Their market position is strong as a leading confederation in this sector, supported by multiple certifications and a consistent brand identity. Technically, the website is built on WordPress using Elementor and several modern plugins, providing a good user experience and mobile optimization. However, performance is slow, and there is room for improvement in speed and technical optimization. The site integrates analytics and marketing tools such as Google Analytics, Pardot, and Complianz for GDPR compliance. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. Other security headers and best practices are partially implemented, but the absence of HTTPS significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the website is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, and enhancing security headers. The domain registration data aligns well with the organization's identity, reinforcing legitimacy.

A

Asociación APSA

latiendainimaginable.com

0

La Tienda Inimaginable is an e-commerce platform operated by Asociación APSA, a Spanish non-profit organization dedicated to improving the quality of life for people with different abilities. The website offers handcrafted and personalized products, supporting social and labor inclusion. The platform is built on Shopify and integrates various marketing and analytics tools such as Google Ads, Facebook Pixel, Klaviyo, and Mailchimp. The site is professionally designed with clear navigation and relevant content targeting Spanish-speaking customers. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS protection, which significantly impacts the site's security posture. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided, enhancing business credibility.

F

Fondazione Bambino Gesù ETS

donaora.it

0

The website donaora.it serves as a fundraising platform for Fondazione Bambino Gesù ETS, a non-profit organization focused on pediatric healthcare support in Italy. The site aims to facilitate donations to support scientific research, medical care, and assistance to children and their families. The business model revolves around charitable giving and donor engagement, targeting individuals interested in supporting pediatric health causes. The organization is mature, with a domain age of 17 years, aligning with its founding date in 2007. Technically, the website employs basic modern web technologies such as Google Tag Manager and Google Fonts, with integration of GestPay for payment processing. However, the site suffers from significant performance issues, including a very slow load time and large page size. Mobile optimization and accessibility are basic, and SEO practices are minimal. The absence of a valid SSL certificate and HTTPS support is a critical flaw, exposing users to security risks. From a security perspective, the website lacks essential protections such as HTTPS, HSTS, DMARC, DNSSEC, and domain protection locks. The presence of exposed sensitive tokens or API keys in the HTML source is a severe vulnerability that could lead to exploitation. No privacy, cookie, or terms of service policies are present, indicating poor privacy compliance. The WHOIS data confirms the domain is mature and consistent with the organization's profile but highlights a high expiry risk and lack of domain locks. Overall, the website's risk profile is elevated due to critical security shortcomings and poor privacy compliance. Strategic improvements in SSL implementation, security headers, privacy policies, and domain management are urgently recommended to enhance trustworthiness and protect donor data.

A

Archdiocese of Washington

adw.org

0

The Archdiocese of Washington operates a comprehensive website serving over 667,000 Catholics across Washington, D.C., and surrounding Maryland counties. The site provides extensive information on parishes, schools, faith formation, vocations, social concerns, and community events, positioning itself as a key religious and community resource. The business model is non-profit and community-focused, with a large established presence supported by a mature domain and consistent branding. Technically, the website is built on WordPress with modern plugins and libraries, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of HTTPS and security headers exposes users to potential risks. Privacy policies and terms of service are present but basic, with no cookie consent mechanism detected, indicating partial privacy compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent security improvements to protect users and enhance trust.

I

Iglesia Cristiana El Lugar de Su Presencia

supresencia.com

0

Iglesia Cristiana El Lugar de Su Presencia is a medium-sized non-profit religious organization based in Bogotá, Colombia. The website serves as the official digital presence for the church, providing information about services, community groups, children's ministry, radio broadcasting, and donation options. The target audience is primarily Spanish-speaking Christians in Colombia. The organization maintains a multimedia presence including live streaming and social media engagement, supported by several subsidiary domains related to radio, media production, and community outreach. Technically, the website is built on Drupal 7 with common web technologies such as jQuery and Bootstrap, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security shortfall. Privacy policies exist but lack comprehensive GDPR compliance and cookie consent mechanisms. Security headers are partially implemented but TLS protocols and modern security features are missing, exposing the site to potential risks. Overall, the website is functional and professionally presented but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

H

Holy Apostles Catholic Parish

hanb.org

0

Holy Apostles Catholic Parish and School is a well-established non-profit religious and educational organization serving the New Berlin, Wisconsin community since 1855. The website provides comprehensive information about mass times, sacraments, faith formation, community events, and school activities, targeting local parishioners and families. The digital infrastructure is built on the Wix platform, utilizing modern web technologies such as React and various Wix apps for enhanced user experience. However, the site currently lacks a valid SSL certificate, which poses a significant security risk. Additionally, no explicit privacy or cookie policies are present, indicating potential compliance gaps. The domain registration is consistent with the organization's identity and history, enhancing trustworthiness. Strategic improvements in security and privacy compliance are recommended to strengthen the site's overall posture.

D

Diocese of Des Moines

dmdiocese.org

0

The Diocese of Des Moines website serves as the official online presence for the Catholic Diocese in southwest Iowa, providing comprehensive information about its ministries, schools, events, and community services. The site targets the local Catholic community and families interested in faith formation and education. It offers key services such as Catholic schooling, mental health ministry, worship schedules, and charitable giving opportunities. The organization maintains a consistent brand and provides clear contact information, enhancing its credibility as a regional non-profit religious entity. Technically, the website is built on an ASP.NET framework with modern JavaScript libraries like jQuery and uses Google Tag Manager for analytics. The site employs asynchronous script loading and lazy loading for images, indicating a focus on performance and user experience. However, performance data is missing, and the site is rated as slow based on available indicators. Mobile optimization and SEO practices are good, but accessibility is basic. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. While several security headers are present, the absence of HTTPS and weak SSL configuration significantly reduce the site's security posture. There are no visible privacy policies, cookie consent mechanisms, or incident response contacts, indicating compliance gaps with GDPR and other privacy regulations. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to protect users and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS, adding privacy and cookie policies, and establishing incident response protocols.

A

Asociación APSA

asociacionapsa.com

0

Asociación APSA is a well-established Spanish non-profit organization focused on providing comprehensive services for individuals with disabilities across various life stages including education, transition to adulthood, adult occupational and residential care, and elderly services. The organization has a mature online presence with a domain registered since 2003 and a consistent brand identity. Their website is built on WordPress using Elementor and related plugins, offering good content quality, clear navigation, and accessibility features. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The organization maintains active social media channels and partnerships with recognized entities, enhancing trust and outreach. Strategic improvements in SSL implementation, security headers, and domain protection are recommended to elevate security and user trust.

S

Shaftesbury (operating name of Livability)

livability.org.uk

0

Shaftesbury, operating under the charity Livability, is a well-established UK-based non-profit organization focused on providing disability support services including care, education, and rehabilitation. The website reflects a mature digital presence with comprehensive content, clear navigation, and multiple trust indicators such as certifications and social media presence. Technically, the site is built on WordPress with a modern tech stack but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The absence of HTTPS impacts user trust and security posture significantly. Privacy and cookie policies are present and indicate good compliance with GDPR standards. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and enhance trust.

Opus Dei is a well-established non-profit Catholic prelature focused on spiritual formation and evangelization. The website serves as a comprehensive resource hub offering spiritual texts, news, multimedia content, and subscription services targeted at the Catholic faithful and spiritual seekers. The organization maintains a strong digital presence with official social media channels and multilingual support. Technically, the website employs modern web technologies including service workers and progressive enhancement features, hosted behind Cloudflare DNS. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Privacy policies are comprehensive and GDPR compliant, with clear data protection officer contact information. The website's performance is slow, but mobile optimization and accessibility are good. Overall, the site is professional and trustworthy but requires urgent security improvements.

U

Union of Steward Employee Owners

useo.uk

0

The Union of Steward Employee Owners (USEO) is a UK-based non-profit membership organization dedicated to transforming business ownership by acquiring companies and transitioning them to employee ownership. Their innovative model leverages philanthropic pledges from companies and individual supporters to fund acquisitions and support employee ownership transitions, aiming to create fairer wealth distribution and stronger communities. The website is professionally designed using modern web technologies such as Nuxt.js and Tailwind CSS, providing a rich content experience with clear navigation and mobile optimization. However, the absence of an SSL certificate and HTTPS support is a critical security vulnerability that undermines user trust and data protection. Additionally, the lack of security headers and cookie consent mechanisms indicates room for improvement in security and privacy compliance. WHOIS data confirms the legitimacy and consistency of the domain registration with the organization's mission and UK location. Strategic recommendations include immediate implementation of HTTPS, enhancement of security headers, and introduction of cookie consent to improve privacy compliance and overall security posture.

G

GIZ

diaspora2030.de

0

Diaspora2030 is a German-based non-profit platform supported by GIZ and BMZ that empowers people with migration backgrounds to contribute to sustainable development in their countries of origin. The platform facilitates diaspora professionals, organizations, entrepreneurs, and networks by providing support, co-financing, and knowledge exchange opportunities. The website is professionally designed, content-rich, and targets diaspora communities and development stakeholders. Technically, the site is built on TYPO3 CMS and hosted by kasserver.com, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy compliance is well addressed with a consent management platform and clear policies. Overall, the site is trustworthy but requires urgent security improvements.

O

ORGANIZZAZIONE INTERNAZIONALE ITALO-LATINOAMERICANA

iilapatrimonioculturale.org

0

The website represents the Organizzazione Internazionale Italo-Latinoamericana (IILA) focused on the protection and enhancement of Latin American cultural heritage through training, restoration, and international cooperation. The organization offers specialized courses, supports legislation against illicit trafficking, and promotes cultural management. The site is built on WordPress with WooCommerce and uses common web technologies such as jQuery and Slider Revolution. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which significantly impacts security posture. The site is accessible and well-structured with clear contact information and active social media presence, but lacks privacy and cookie policies, reducing privacy compliance. The domain is relatively new compared to the organization's claimed history and uses privacy protection, which is common but reduces transparency. Overall, the site is functional and professional but requires urgent security improvements and privacy policy implementation to enhance trust and compliance.

A

ANOLF - Associazione Nazionale Oltre Le Frontiere ETS

anolf.it

0

ANOLF is a well-established Italian non-profit organization dedicated to supporting immigrants and refugees through advocacy, education, and community services. The website reflects a mature digital presence with comprehensive content targeting immigrants, social activists, and the general public interested in immigration and social justice. The organization maintains active social media channels and provides multiple engagement points including newsletters and multimedia content. Technically, the site is built on WordPress with a range of plugins and integrations such as Google Analytics and Facebook SDK, hosted likely on Aruba infrastructure. While the site is mobile-optimized and professionally designed, performance is hindered by a large page size and high resource count. Security posture is moderate with HTTPS enabled and no critical vulnerabilities detected, but lacks advanced security headers and HSTS enforcement. Privacy and cookie policies are present and GDPR compliant, enhancing trust and compliance. Overall, the site is credible and trustworthy but could benefit from technical and security improvements.

S

sequa gGmbH

sequa.de

0

sequa gGmbH is a German non-profit development organization specializing in private sector development and vocational training projects worldwide. The website provides comprehensive information about their projects, partnerships, and services, targeting chambers, associations, and stakeholders involved in development cooperation. The site is built on TYPO3 CMS and uses modern frontend technologies but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a GDPR-compliant privacy policy and cookie consent mechanism. However, contact information is primarily available via forms rather than direct emails or phone numbers. The WHOIS data aligns well with the organization's profile, showing consistent registration without privacy protection, supporting transparency. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.