Security Directory

H

Human Rights Watch

humanrightswatch.org

0

Human Rights Watch is a globally recognized non-profit organization dedicated to defending human rights in over 100 countries. The website serves as a comprehensive platform for advocacy, research, and public mobilization, featuring news, reports, videos, and multilingual support. The organization maintains a strong market position as a leading human rights watchdog with a large global audience. Technically, the site is built on Drupal 10, employs modern analytics and tracking tools, and demonstrates excellent performance and mobile optimization. Security posture is robust with HTTPS, security headers, and consent mechanisms, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the domain appears legitimate despite privacy-protected WHOIS data, consistent with a non-profit's need for privacy. The site is safe, professional, and trustworthy.

The People Pledge website is a small-scale, non-commercial initiative aimed at promoting social respect and anti-discrimination through a voluntary pledge. The site provides textual content encouraging users to commit to treating others fairly and offers downloadable badges to display this commitment. The website is simple, with a clean design and good mobile optimization, but lacks advanced technical features or integrations. The absence of privacy, cookie, and terms of service policies, as well as contact information, limits its compliance and trustworthiness. The WHOIS data is unavailable, which reduces domain legitimacy confidence but may be due to privacy protection or registrar issues. Overall, the site is accessible, safe, and focused on social advocacy without collecting user data or employing tracking technologies.

Vrijwilligerscentrum Haarlem & omstreken is a small non-profit organization focused on volunteer coordination in the Haarlem region of the Netherlands. The website analyzed is a transitional placeholder page informing visitors that from October 1st, the organization's activities and information will be found on a new domain, Haarlemvoorelkaar.nl. This indicates a consolidation or migration of their web presence to a presumably more modern platform. The business operates locally and targets volunteers and community members in the Haarlem area. The domain is well-established, having been registered since 2001, which aligns with the organization's longevity and local presence. Technically, the website is minimalistic, using basic HTML and jQuery for a countdown animation and redirect. There is no evidence of a CMS or advanced frameworks. The site lacks privacy, cookie, and terms of service policies, and no contact information or forms are present. DNSSEC is enabled, which is a positive DNS security indicator, but no security headers or HTTPS status were provided. The site performance and mobile optimization are basic, reflecting the simple nature of the page. From a security perspective, the site shows limited maturity. The absence of privacy and cookie policies, lack of security headers, and minimal technical implementation suggest room for improvement. However, no vulnerabilities or malicious content were detected. The domain registration data is consistent and trustworthy, supporting the legitimacy of the organization. Overall, the site serves as a simple redirect notice rather than a full operational website. The overall risk is low given the nature of the content and the absence of sensitive data collection. Strategic recommendations include implementing HTTPS if not already done, adding privacy and cookie policies, improving security headers, and providing clear contact information to enhance trust and compliance.

S

S.V. ALLIANCE '22

alliance22.nl

0

S.V. ALLIANCE '22 is a well-established non-profit football club based in Haarlem-Zuid West, Netherlands, with a rich history dating back to 1922. The club serves a broad community audience including youth, senior, and veteran football players, and actively engages in community and volunteer activities. The website reflects a mature digital presence with comprehensive content, structured data, and active social media integration. Technically, the site is built on WordPress using WPBakery Page Builder, with modern technologies such as Google Analytics and Tag Manager for tracking. Security posture is strong with HTTPS and security headers implemented, though improvements can be made in privacy compliance by adding cookie consent and incident response information. Overall, the site is professional, trustworthy, and well-aligned with the club's community-oriented mission.

E

Evangelical Council for Financial Accountability

ecfa.org

0

The Evangelical Council for Financial Accountability (ECFA) is a well-established non-profit organization dedicated to promoting financial transparency, integrity, and accountability among churches and ministries. With over 2,700 accredited members and a significant reach to donors and the public, ECFA positions itself as a trusted leader in evangelical financial stewardship. Their services include accreditation, coaching, and providing resources to enhance trust between ministries and donors. The website reflects a professional and consistent brand image, targeting ministries, churches, and donors primarily in the United States. Technically, the website employs a mature technology stack including ASP.NET WebForms, Bootstrap 5, jQuery, and modern analytics and marketing tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. The site is mobile optimized and demonstrates good performance and SEO practices, although accessibility features could be improved. Security posture is strong with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and published security policies. From a security and compliance perspective, the site does not display a cookie consent mechanism despite using tracking scripts, which may impact GDPR compliance. WHOIS data is unavailable or malformed, limiting domain registration trust assessment. However, the website content and branding strongly indicate legitimacy. No adult or questionable content is present, making the site safe for general audiences. Overall, ECFA's website is a credible and professional platform supporting its mission. Strategic improvements in privacy compliance, security transparency, and WHOIS data availability would enhance trust and compliance posture further.

L

lipu tenpo

liputenpo.org

0

lipu tenpo is a registered association based in Germany that provides a cultural and educational platform primarily in the Toki Pona language. The website hosts a collection of articles and multimedia content licensed under CC BY-SA 4.0, targeting a general audience interested in this niche language and culture. The organization engages its community through Discord, Patreon, and Linktree, indicating active outreach and support mechanisms. The domain was registered in 2021, consistent with the association's founding timeline. Technically, the website is built with standard HTML5 and CSS3, utilizing Google Fonts and GoatCounter for lightweight, privacy-conscious analytics. The hosting is managed via Name.com, with no CMS or major frameworks detected, suggesting a custom or static site approach. The site is mobile-optimized with good navigation and SEO practices, though accessibility features are basic. Performance is moderate, with no blocking or WAF detected. From a security perspective, the site uses HTTPS and has domain transfer protections enabled, but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. There is no visible privacy or cookie policy, nor incident response or vulnerability disclosure information, which are areas for improvement. No sensitive data exposure or vulnerabilities were detected in the content. Overall, the security posture is moderate but could be enhanced with standard best practices. The overall risk assessment is low to moderate, with no critical issues found. Strategic recommendations include implementing DNSSEC, adding security headers, publishing privacy and cookie policies, and providing incident response contacts to improve compliance and trust. The site is trustworthy for its intended educational and cultural purpose but would benefit from enhanced security and privacy transparency.

#

#HalfMyDAF

halfmydaf.com

0

The #HalfMyDAF website is a non-profit initiative focused on encouraging donors with donor advised funds to increase charitable giving by offering matching grants. The site is professionally designed using the Squarespace platform and provides clear instructions and resources for both donors and nonprofits. It partners with the Amalgamated Foundation, which sponsors the matching grants and promotes the initiative. Technically, the site uses modern web technologies and is mobile optimized with good SEO practices. Security posture is strong with HTTPS and HSTS enabled, though some security headers could be improved. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. The domain WHOIS data is missing or unavailable, which is unusual and slightly reduces trust, but the website content and partner association support legitimacy. Overall, the site is a credible and well-maintained platform serving a niche non-profit market.

G

Gold Coast Community Fund

gccommunityfund.org

0

The Gold Coast Community Fund is a small non-profit organization focused on providing financial assistance and support to individuals and charities in the Gold Coast region of Australia. Established since 2000, the organization operates through community fundraising events, donations, and volunteer efforts. Their website serves as a platform for applications for assistance, donation processing, volunteer registration, and event promotion. The organization maintains a consistent brand presence and leverages social media channels such as Facebook and LinkedIn to engage with the community. Technically, the website is built on WordPress using Elementor and WooCommerce, with integrations for Stripe and PayPal for payment processing. The site is mobile-optimized and demonstrates good SEO practices, though accessibility features are basic. Security posture is adequate with HTTPS enforced and nonce tokens in forms, but lacks visible security headers and published security policies. Privacy and cookie policies are not found, indicating a gap in compliance. WHOIS data is malformed and incomplete, limiting domain trust verification, but the website content and social presence support legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security transparency.

A

Amalgamated Charitable Foundation

amalgamatedfoundation.org

0

Amalgamated Charitable Foundation is a US-based nonprofit organization specializing in philanthropic fund management, including donor advised funds, combined impact funds, and rapid response funds. The foundation has moved over $1 billion since 2018 to support social justice and equity causes. The website is professionally designed using Drupal 9, with moderate performance and good mobile optimization. It integrates common third-party tools such as Google Analytics and AddToAny for sharing. Security posture is adequate with HTTPS and domain transfer protections, but lacks DNSSEC and security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website is trustworthy and credible but could improve compliance and security transparency.

S

Suicide Call Back Service

suicidecallbackservice.org.au

0

Suicide Call Back Service is a government-funded, non-profit organization providing free, 24/7 telephone and online counselling services for individuals affected by suicide in Australia. The service targets people feeling suicidal, those worried about someone at risk, bereaved individuals, and health professionals. Delivered by Lifeline, it holds a strong market position as a trusted national mental health support provider. The website is well-branded, professionally designed, and content-rich, offering extensive resources and support information. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, Google Analytics, Facebook Pixel, Hotjar, and Genesys Messenger for chat support. It demonstrates good mobile optimization, accessibility, and SEO practices. Performance is moderate, with room for optimization. Security measures include HTTPS, reCAPTCHA, and secure integration of third-party scripts, though some security headers could be improved. The security posture is solid with no evident vulnerabilities or exposed sensitive data. Privacy compliance is good, with clear privacy and cookie policies and GDPR considerations. However, WHOIS data is incomplete and malformed, which slightly impacts trust but is likely due to registry restrictions rather than malicious intent. Overall, the website is trustworthy, professional, and serves a critical public health function. Strategic recommendations include enhancing security headers, publishing an incident response policy, and adding a vulnerability disclosure mechanism to further strengthen trust and security culture.

MensLine Australia is a well-established non-profit organization providing free 24/7 telephone and online counselling services targeted at Australian men facing mental health, relationship, anger management, family violence, and stress challenges. The service is government funded and delivered by Lifeline, positioning it as a trusted national resource. The website reflects a professional and consistent brand with comprehensive content and clear navigation tailored to its audience. Technically, the site is built on WordPress with modern frameworks and integrates multiple analytics and tracking tools, indicating a mature digital infrastructure. Security posture is strong with HTTPS, reCAPTCHA, and Cloudflare DNS, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism. Overall, the site is trustworthy and functional, serving its mission effectively.

D

Dgroups Foundation

dgroups.io

0

The Dgroups Foundation operates a non-profit collaboration platform primarily serving international development organizations and communities. Their core offering is an email-based group and community management system hosted on the groups.io platform, facilitating inclusive dialogue and partnerships. The foundation is established with a domain registered in 2019 and a substantial member base, indicating a stable market presence. Technically, the website employs modern JavaScript libraries including TinyMCE and HTMX, with a custom or proprietary CMS platform. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. However, there is room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS and has implemented JavaScript error reporting, but lacks DNSSEC and explicit security headers. Privacy and cookie policies are absent, which impacts compliance posture. No incident response or vulnerability disclosure information is provided, limiting transparency in security management. Overall, the website is trustworthy and professional with a moderate security posture. Strategic improvements in privacy compliance, DNS security, and security policy transparency would enhance the foundation's risk management and user trust.

I

Inspired Adventures

inspiredadventures.com.au

0

Inspired Adventures is a well-established Australian adventure fundraising agency operating since 2004, specializing in connecting charities with individuals seeking life-changing adventure challenges. The company holds a strong market position as a leading provider in Australia and New Zealand, with a philanthropic B Corp certification underscoring its commitment to social impact. Their services include comprehensive event management, fundraising support, and bespoke adventure challenges for charities, corporates, and private groups. The website reflects a professional and trustworthy brand with consistent messaging and strong trust signals such as extensive charity partnerships and significant funds raised. Technically, the website is built on WordPress with a modern tech stack including Beaver Builder, HubSpot forms, and multiple analytics and marketing integrations such as Google Analytics, Facebook Pixel, Hotjar, and LinkedIn Insight Tag. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate likely due to extensive tracking scripts. Hosting is managed via Melbourne IT, consistent with the domain registration data. Security posture is solid with HTTPS enforced and no obvious vulnerabilities detected in the front-end code. However, security headers are not explicitly confirmed, and no public security policy or incident response information is available. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms in place. The WHOIS data is transparent and consistent with the business claims, enhancing legitimacy. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation. Strategic improvements could focus on enhancing security headers, publishing incident response and vulnerability disclosure policies, and optimizing performance to reduce tracking overhead.

S

Sun Run

sunrun.com.au

0

Sun Run is a community-focused event website promoting the annual Sun Run race presented by Bioglan in Northern Beaches, Australia. The site serves as an information hub for participants and supporters, providing event details, fundraising opportunities, race results, and partner acknowledgments. The business model centers on event organization and charity fundraising, targeting runners and local community members. The website demonstrates a good level of digital maturity with modern web technologies such as Webflow CMS, Google Tag Manager, and Facebook Pixel integrated for analytics and marketing purposes. From a security perspective, the website benefits from HTTPS encryption and does not expose sensitive data in its HTML content. However, it lacks several security headers and visible privacy or cookie policies, which are important for compliance and user trust. The WHOIS data is minimal and privacy-protected, which is common for community event sites but limits transparency. No security incidents or vulnerabilities were detected in the content or scripts. Overall, the website is well-designed, user-friendly, and safe for general audiences. It effectively supports its business goals but should improve privacy compliance and security best practices to enhance trust and regulatory adherence.

U

USM Events Pty Ltd

city2surf.com.au

0

Voltaren City2Surf is a well-established, large-scale annual fun run event based in Sydney, Australia, with a strong focus on community participation and charity fundraising. The event attracts tens of thousands of participants globally and has raised significant funds for various charities since 2008. The website reflects a professional and consistent brand image, supported by a robust technical infrastructure leveraging modern web technologies and third-party integrations for analytics, marketing, and fundraising. Technically, the site uses Bootstrap for responsive design, integrates Google Tag Manager, Hotjar, and Google Optimize for analytics and optimization, and employs Cloudflare services for hosting and security. The website is mobile-optimized and SEO-friendly, with good performance indicators. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Security posture is good with HTTPS enforced and some security best practices observed, though explicit security headers and incident response information are not clearly present. WHOIS data confirms the legitimacy of the domain and its alignment with the business entity, USM Events Pty Ltd, based in Australia. No critical vulnerabilities or suspicious patterns were detected. Overall, the website demonstrates a mature digital presence with strong business credibility and good privacy compliance, suitable for its role as a major charity event platform.

D

Decolonize Palestine

decolonizepalestine.com

0

Decolonize Palestine is a small educational resource website founded in 2021, focused on providing information and resources about Palestine. The site uses WordPress with the Divi theme and integrates Google Analytics for visitor tracking. The technical infrastructure is modern and hosted on Nexcess, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks advanced security headers and formal privacy or cookie policies. No contact or incident response information is provided, limiting transparency and compliance. Overall, the website is safe, professional, and serves a niche educational purpose but would benefit from enhanced privacy and security measures to improve trust and compliance.

Y

yourtown

yourtownprizehomes.com.au

0

yourtown is an Australian community-funded charity operating a prize draw platform offering luxury homes, prestige cars, and gold prizes to raise funds supporting Kids Helpline. The website is professionally designed with clear navigation and calls to action, targeting general public and charity supporters. The technical infrastructure leverages modern web technologies including Next.js, React, and Azure hosting, with integration of multiple third-party analytics and advertising tools. Security posture is adequate with HTTPS enforced but lacks some recommended security headers and explicit security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website demonstrates a solid business credibility and trustworthy presence in the non-profit sector.

D

Dgroups Foundation

dgroups.info

0

Dgroups Foundation is a small non-profit organization based in the Netherlands, focused on facilitating online communication, collaboration, and community platforms for the international development sector. Established originally as a project in 2002 and formalized as a foundation in 2009, it provides services such as platform facilitation, brokerage for preferential access, capacity building, and hosting online discussions. The website reflects a professional and consistent brand presence with clear target audiences including development organizations, projects, and investors. Technically, the site is built on WordPress with Elementor, leveraging modern libraries like jQuery and Google Charts, hosted by Greenhost. Performance and mobile optimization are good, with basic accessibility and SEO practices in place. Security posture is solid with HTTPS enforced and domain transfer restrictions, though DNSSEC is not enabled and some security headers could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is limited to email, with no phone or physical address disclosed. Overall, the site is trustworthy and well-maintained, with no signs of blocking or WAF interference.

K

Kids Helpline

kidshelplinegivingday.com.au

0

Kids Helpline Giving Day website is a professionally designed fundraising campaign supporting Kids Helpline, Australia's established 24/7 counselling service for young people. The site effectively communicates the mission to raise $500,000 to answer 9,000 calls from young Australians in crisis. The technical infrastructure is based on Squarespace CMS with integrations to Grassrootz for donation processing, ensuring a modern and functional platform. Security posture is strong with HTTPS and HSTS enabled, though privacy and cookie policies are absent, representing a compliance gap. Overall, the site is trustworthy and well-positioned within the non-profit sector, targeting donors and supporters with clear calls to action.

Y

yourtown

yourtown.com.au

0

yourtown is a well-established Australian non-profit organization dedicated to creating brighter futures for children and young people through community services and fundraising prize draws. The website reflects a mature digital presence with clear navigation, consistent branding, and a focus on user engagement via donations and support services. The organization maintains GDPR compliance, notably restricting ticket sales to EU and UK residents, demonstrating awareness of international data protection regulations. Technically, the site leverages Drupal CMS with modern libraries such as jQuery and Bootstrap, supported by multiple analytics and marketing tools including Google Tag Manager, Facebook Pixel, and Hotjar. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers could be improved. Overall, the site projects professionalism and trustworthiness appropriate for a large non-profit entity.

A

Australian Red Cross

humanitech.org.au

0

Humanitech is a humanitarian technology initiative operated by the Australian Red Cross, focusing on leveraging technology to address humanitarian challenges and promote safe, equitable, and inclusive use of data and technology. The website reflects a professional and well-branded presence with clear messaging targeting leaders, start-ups, institutions, and advocates in the humanitarian sector. Technically, the site uses modern frameworks such as React and Episerver CMS, with analytics implemented via Google Tag Manager and Azure Application Insights. The security posture is generally good with HTTPS enforced, but lacks explicit security headers and published security policies. Privacy compliance is weak due to absence of visible privacy and cookie policies. Overall, the site is trustworthy and safe for general audiences, with a strong affiliation to a reputable parent organization.

K

Kids Helpline

kidshelpline.com.au

0

Kids Helpline is a well-established Australian non-profit organization providing free, confidential counselling and support services to children, teens, young adults, parents, and schools. The website offers multiple communication channels including phone, webchat, email, and a peer support community, positioning itself as a leading youth support service in Australia. The site is professionally designed with consistent branding and clear navigation, targeting a broad youth demographic and their caregivers. The parent organization is yourtown, a recognized entity in the non-profit sector.

Lifeline Australia is a prominent national non-profit charity dedicated to providing 24/7 crisis support and suicide prevention services to Australians experiencing emotional distress. The organization offers multiple support channels including telephone, online chat, and text messaging, supported by a strong digital presence and community engagement initiatives such as volunteering and fundraising. Their market position is well-established as a leading mental health support provider in Australia. Technically, the website is built on a modern CMS platform (likely Umbraco) and integrates a comprehensive set of analytics and marketing tools including Google Tag Manager, Microsoft Clarity, Facebook Pixel, LinkedIn Insight Tag, Hotjar, and Fathom Analytics. The site demonstrates good mobile optimization, accessibility features, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs standard security best practices, though there is room for improvement in HTTP security headers such as Content-Security-Policy and X-Frame-Options. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Overall, Lifeline Australia presents a trustworthy, professional, and secure online presence consistent with its mission as a non-profit mental health charity. The domain WHOIS data is privacy protected but aligns with legitimate Australian domain registration practices. The site is free from adult or questionable content, making it safe for general audiences.

A

Australian Red Cross

redcross.org.au

0

Australian Red Cross is a leading humanitarian non-profit organization in Australia, dedicated to mobilizing the power of humanity to support people and communities in times of need. The website clearly communicates their mission, services, and opportunities for public involvement such as volunteering and donations. Their market position is strong as part of the global Red Cross network, with a large audience including donors, volunteers, and beneficiaries. Technically, the website employs a modern technology stack including React, Episerver CMS, and various analytics and marketing tools, hosted on reliable cloud infrastructure. The site is well optimized for performance, mobile responsiveness, and accessibility. Security posture is robust with HTTPS, security headers, and CAPTCHA protections, although there is room for improvement in public vulnerability disclosure and incident response transparency. Overall, the website is professional, trustworthy, and compliant with privacy regulations, making it a reliable digital presence for the organization.

The Global Shapers Community website represents a large, globally recognized youth empowerment initiative affiliated with the World Economic Forum. The site focuses on community building, youth engagement, and social change, targeting young people worldwide. The business model is non-profit and community-driven, with a strong emphasis on policy influence and lasting impact. Technically, the website uses modern frameworks such as Angular and integrates third-party services like LoginRadius for authentication and Google Tag Manager for analytics. The site is well-designed, mobile-optimized, and provides a good user experience, although some accessibility features could be improved. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks explicit security headers and published security policies. Privacy compliance is limited due to missing explicit privacy and cookie policies in the provided content, though a consent mechanism is present. WHOIS data is unavailable, which limits domain legitimacy verification, but the professional presentation and affiliation with a reputable organization support trustworthiness. Overall, the website is professional and secure but would benefit from enhanced transparency and compliance documentation.

S

Stowarzyszenie Lambda Warszawa

lambdawarszawa.org

0

Lambda Warszawa is a well-established non-profit organization based in Poland, dedicated to supporting and advocating for the LGBTQIA+ community for over 27 years. The organization offers a wide range of services including helpline support, legal and psychological counseling, intervention hostels, anti-discrimination support, and educational workshops. Their website reflects a professional and consistent brand image, targeting the LGBTQIA+ community and allies with clear communication and accessible resources. The organization maintains a strong market position as a trusted community resource in Warsaw and beyond. Technically, the website is built on the Webflow platform, utilizing modern web technologies such as jQuery and custom JavaScript libraries for smooth scrolling and interactive features. The site is mobile-optimized, fast-loading, and accessible, with good SEO practices and structured navigation. However, some security best practices like security headers and cookie consent mechanisms are missing, which could be improved to enhance compliance and protection. From a security perspective, the site enforces HTTPS and uses secure forms, with no visible vulnerabilities or exposed sensitive data. The lack of WHOIS data due to privacy protection is justified given the organization's non-profit status and community focus. Overall, the website demonstrates a solid security posture but would benefit from additional security headers and privacy compliance features. The overall risk assessment is low, with the site being trustworthy and professional. Strategic recommendations include implementing security headers, adding cookie consent for GDPR compliance, publishing security policies, and maintaining regular audits of third-party scripts to ensure ongoing security and privacy compliance.

K

Kolektyw „Rada Języka Neutralnego”

transcember.net

0

The website 'Transcember' is a newly launched non-profit initiative by the Kolektyw „Rada Języka Neutralnego” focused on raising awareness about transgender health issues in Poland. It aims to address gaps in healthcare access, discrimination, and promote safe and reimbursed transition-related medical treatments. The site provides educational content, references reputable LGBTQ+ organizations, and encourages community engagement through sharing experiences and spreading awareness. Technically, the site is built on modern frameworks like Nuxt.js and Bootstrap, hosted with Cloudflare DNS, and optimized for mobile devices with good performance and accessibility. Security posture is decent with HTTPS and domain transfer protection, but lacks DNSSEC and some security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy and professional but should improve compliance and security practices to enhance user trust and legal adherence.

UNHCR, the UN Refugee Agency, operates a comprehensive and professionally designed global website focused on refugee protection, humanitarian aid, and emergency response. The site serves a diverse international audience including refugees, donors, partners, and the global humanitarian community. It provides extensive resources, multilingual content, and clear navigation to support its mission. Technically, the website is built on Drupal 9 with modern frameworks like Bootstrap and integrates major analytics and marketing tools such as Google Tag Manager and Facebook Pixel. Security posture is strong with HTTPS, security headers, and secure form handling, though public security policies and incident response contacts are not explicitly published. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the domain and website exhibit high trustworthiness and legitimacy consistent with a major UN agency.

H

Human Rights Careers

humanrightscareers.com

0

Human Rights Careers is a specialized platform dedicated to providing comprehensive information and resources for individuals pursuing careers in human rights, humanitarian action, and international development. The website offers a variety of services including educational content, online courses, paid internships, job listings, and e-book sales, targeting changemakers and professionals globally. With a strong social media presence and a significant monthly audience, it holds a reputable position in its niche. Technically, the website is built on WordPress and leverages modern SEO tools such as Yoast SEO Premium, along with multiple advertising and analytics platforms including Google Analytics, AdThrive, and MailerLite. The site demonstrates good mobile optimization, accessibility, and performance, supported by structured data for enhanced search engine visibility. From a security perspective, the site enforces HTTPS and employs consent management for privacy compliance, although explicit privacy and cookie policies are not directly found. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS data for the domain raises some concerns about domain registration transparency, despite the professional and established nature of the website content. Overall, the website presents a low-risk profile with strong content quality and technical maturity, but would benefit from improved transparency in privacy policies and domain registration information to enhance trust and compliance.

P

Public Organization “Support Ukraine Now”

supportukrainenow.org

0

Support Ukraine Now (SUN) is a Ukrainian registered non-profit organization founded in 2022, dedicated to facilitating international support for Ukraine through donations, volunteer matching, and social initiatives. The website serves as an informational and engagement platform targeting foreigners and organizations willing to help Ukraine. It is supported by reputable entities such as Global Shapers and the World Economic Forum, enhancing its credibility. Technically, the website is built on modern frameworks like Next.js and hosted on Vercel, ensuring good performance and mobile optimization. However, it lacks explicit privacy and cookie policies, which are critical for GDPR compliance and user trust. Security-wise, HTTPS is enforced, but the absence of security headers and DNSSEC indicates room for improvement. Tracking technologies from Google and Facebook are used, implying moderate user tracking. Overall, the site is trustworthy and professional but should enhance privacy compliance and security practices.

B

Blackbaud

blackbaud.com

0

Blackbaud is a leading cloud software company specializing in solutions for nonprofits, education, CSR, and grantmaking. Their extensive product portfolio and market presence position them as a dominant player in the social good technology sector. The website reflects a mature digital presence with comprehensive content targeting nonprofit organizations, educational institutions, and corporate social responsibility programs. Technically, the site leverages modern web technologies including WordPress CMS, JavaScript frameworks, and advanced analytics and marketing tools such as Marketo, Tealium, and New Relic, ensuring a robust and performant user experience. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response information are not publicly detailed. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness, though transparency could be improved by publishing WHOIS data and security policies.

K

Kolektyw „Rada Języka Neutralnego”

zaimki.pl

0

Zaimki.pl is a Polish-language, community-driven educational platform focused on non-binary, gender-neutral, and inclusive language. It is managed by the queer collective "Rada Języka Neutralnego" and offers comprehensive resources including a pronoun compendium, blogs, and personal pronoun cards. The website enjoys a strong position within its niche, serving the LGBTQ+ community and allies with educational content and social engagement. Technically, the site is built on modern frameworks such as Nuxt.js and Vue.js, with good performance and mobile optimization. Security posture is solid with HTTPS and security headers, though DNSSEC is not enabled and formal security policies are not published. Privacy compliance is generally good, but the absence of a cookie consent mechanism is a notable gap. Overall, the site is trustworthy, professional, and well-maintained, with transparent WHOIS data and active community involvement.

T

The Green Web Foundation

greenweb.org

0

The Green Web Foundation is a small, independent non-profit organization dedicated to promoting a fossil-free internet by 2030. They provide tools, datasets, and training to help organizations and developers measure and reduce the carbon footprint of digital products. Supported by reputable foundations and organizations, they hold a strong market position in the digital sustainability space. Their website is professionally designed, mobile-optimized, and rich in relevant content, targeting sustainability advocates, hosting providers, and developers. Technically, the website is built on WordPress with modern plugins and libraries, hosted by Cloudflare and 34SP.com, ensuring good performance and security. The site uses HTTPS and secure form handling but could improve by adding explicit security headers and a vulnerability disclosure policy. Security posture is strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is good with a comprehensive privacy policy and GDPR adherence, although no cookie consent mechanism was detected. Business credibility is high with clear contact addresses and trust signals from partnerships and awards. Overall, the website presents a low-risk profile with strong alignment between business claims and technical implementation, making it a trustworthy source for digital sustainability information.

The Alabama Transgender Rights Action Coalition (ALTRAC) is a small non-profit advocacy organization focused on protecting and advancing transgender rights within Alabama. Their website serves as an informational hub providing legislative updates, community mobilization opportunities, and ways to engage with local advocacy efforts. The organization targets transgender individuals and allies in Alabama, positioning itself as a regional advocacy group with a clear mission and community focus. Technically, the website is built using standard web technologies including HTML, CSS, and JavaScript, hosted likely via Porkbun LLC based on registrar and nameserver data. The site is moderately optimized for mobile devices and SEO, with a clean and consistent design. However, there is no evidence of a CMS or advanced frameworks, indicating a relatively simple technical infrastructure. From a security perspective, the site lacks several best practices such as DNSSEC, security headers, and explicit SSL/TLS configuration details. No privacy or cookie policies are present, which impacts compliance with GDPR and other privacy regulations. The domain registration uses privacy protection, which is justified given the organization's advocacy nature. No critical vulnerabilities or suspicious patterns were detected, but improvements are recommended to enhance security posture and privacy compliance. Overall, the website is functional, trustworthy, and relevant to its audience but would benefit from enhanced security measures and formalized privacy documentation to improve compliance and user trust.

T

Twipped Media

genderdysphoria.fyi

0

The website 'That's Gender Dysphoria, FYI' operated by Twipped Media is a specialized educational resource focused on providing comprehensive information about gender dysphoria and transgender experiences. It targets individuals questioning their gender identity, those on a gender journey, and allies seeking to understand transgender issues. The site offers multilingual content, downloadable resources, and maintains an open-source codebase on GitHub, reflecting transparency and community engagement. The business model is non-profit and community-driven, supported by Patreon and Ko-Fi donations. Technically, the website is built with standard web technologies including HTML5, CSS3, and JavaScript, leveraging Google Fonts and hosted on AWS DNS infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, though it does not use a CMS. Performance is moderate with good navigation and content structure. From a security perspective, the site enforces HTTPS but lacks advanced security headers and published security policies. No forms or data collection mechanisms are present, reducing attack surface. Privacy compliance is partial; a privacy policy exists but no cookie consent mechanism is implemented. No incident response or vulnerability disclosure information is provided, which could be improved to enhance trust. Overall, the site is safe, trustworthy, and professionally presented with a strong focus on content quality and user experience. Strategic recommendations include implementing security headers, adding cookie consent, publishing security and incident response policies, and providing contact information to improve compliance and user trust.

N

Negate

nonbinary.wiki

0

Nonbinary Wiki is a community-driven educational platform dedicated to nonbinary gender identities. Founded in 2017, it serves a niche audience within the LGBTQ+ community by providing a comprehensive wiki with nearly 1,000 articles. The site is maintained by a small group of contributors and supported through donations. Technically, the website runs on MediaWiki, hosted and DNS-managed by Cloudflare, with Matomo analytics for user tracking. The site is accessible, uses HTTPS, and has basic privacy and cookie policies, though lacks formal terms of service and detailed security policies. Security posture is adequate but could be improved by enabling DNSSEC and adding security headers. Overall, the website is trustworthy, safe, and professionally maintained, with a clear focus on community engagement and education.

E

Electromagnetic Field

emfcamp.org

0

Electromagnetic Field is a UK-based non-profit organization that hosts an annual camping festival focused on technology, creativity, and maker culture. The event attracts a niche audience of hackers, artists, scientists, and engineers interested in diverse topics ranging from computer security to crafts. The organization operates primarily through volunteer efforts and sponsorships, providing attendees with amenities such as fast internet and power. The website reflects a well-branded, content-rich platform that effectively communicates the event's purpose and community spirit. Technically, the website employs standard modern web technologies including HTML5, CSS3, and JavaScript, hosted by a reputable UK provider, Sargasso Networks. The site is mobile-optimized with good SEO practices but lacks some advanced accessibility features and security headers. HTTPS is enabled, ensuring secure communications, and forms are implemented securely. However, the absence of a cookie consent mechanism and security policy pages indicates room for improvement in privacy compliance. From a security perspective, the site shows a moderate security posture with HTTPS and secure form handling but lacks explicit security headers and incident response information. The WHOIS data is unavailable or privacy-protected, which is common for non-profit events but limits domain trust verification. No vulnerabilities or malicious content were detected. Overall, the site is trustworthy and safe for general audiences. Strategically, the organization should focus on enhancing privacy compliance by adding cookie consent and publishing security policies. Implementing security headers and a vulnerability disclosure program would strengthen security posture. Improving accessibility and providing clearer contact information would enhance user trust and inclusivity. These steps will support the organization's credibility and protect its community as it grows.

T

The Repair Association

repair.org

0

The Repair Association is a non-profit advocacy organization dedicated to fighting for consumers' right to repair their digital products. Positioned as a leading coalition in the right to repair movement, the organization targets consumers, advocates, and policymakers interested in digital product repair rights. Their business model revolves around advocacy, membership, donations, and information dissemination, primarily operating within the United States. Technically, the website is built on the Squarespace platform, leveraging modern web technologies and integrations such as Google Analytics, Facebook Pixel, Hotjar, Mailchimp, and HubSpot for marketing and analytics. The site is well-optimized for mobile devices, has good SEO practices, and maintains a moderate performance profile. The presence of SSL and HSTS indicates a strong commitment to secure communications. From a security perspective, the site enforces HTTPS with HSTS and employs secure forms with CAPTCHA to prevent abuse. However, it lacks some advanced security headers and does not publish explicit security or incident response policies. The WHOIS data is privacy protected, which is typical for non-profits, and no suspicious patterns were detected. Privacy compliance is basic but includes a privacy policy and cookie consent mechanisms. Overall, the website presents a low-risk profile with good business credibility and technical implementation. Strategic recommendations include enhancing security headers, publishing vulnerability disclosure and incident response information, and improving privacy compliance transparency.

W

Wikimedia UK

wikimedia.org.uk

0

Wikimedia UK is a well-established UK charity founded in 2005, dedicated to promoting open access to knowledge and supporting the Wikimedia movement. The organization operates primarily in the non-profit sector, focusing on education, cultural partnerships, community engagement, and advocacy for open knowledge. Their website reflects a professional and consistent brand image, targeting a broad audience including volunteers, educational institutions, and the general public interested in free knowledge. Technically, the website is built on WordPress with modern plugins and tools such as Yoast SEO and Smart Slider 3, hosted by Fasthosts Internet Ltd. It demonstrates good mobile optimization, accessibility, and SEO practices, although there is room for improvement in security headers and explicit vulnerability disclosure mechanisms. Security posture is strong with HTTPS enforced and privacy compliance evident through a comprehensive privacy policy and cookie consent mechanism. Contact information is clearly provided, including email, phone, and physical address, enhancing business credibility. No critical security issues or content safety concerns were detected, and the domain registration is consistent with the organization's profile, indicating high legitimacy and trustworthiness.

The website auri.gay represents a personal and community-focused presence for an individual known as ␇-707570 or aurora, a robot-dog entity who actively volunteers at the German non-profit Queer Lexikon and engages with various social platforms. The site serves primarily as a contact and social hub rather than a commercial or corporate business, targeting a general audience interested in queer community and personal expression. Technically, the website is built with basic HTML and CSS, hosted by OVH sas, and shows moderate performance and basic mobile optimization. There is no evidence of advanced frameworks or CMS usage. The site lacks HTTPS status information and security headers, which limits its security posture. No forms or data collection mechanisms are present, reducing privacy risks but also limiting interactivity. From a security perspective, the domain is registered with OVH and protected against unauthorized deletion or transfer, indicating a reasonable level of domain security. However, the absence of HTTPS confirmation and security headers, as well as missing privacy and cookie policies, represent compliance and security gaps. No vulnerabilities or malicious content were detected, and the content is safe for general audiences. Overall, the site is a well-maintained personal presence with good content quality and moderate technical implementation but requires improvements in security and privacy compliance to enhance trust and protection for visitors.

R

Regine Sixt Children’s Aid Foundation - Drying Little Tears

drying-little-tears.org

0

The Regine Sixt Children’s Aid Foundation, operating under the domain drying-little-tears.org, is a German non-profit organization focused on child welfare projects worldwide. Established in 2019 and backed by the parent company Sixt SE, the foundation runs over 400 projects in more than 65 countries, emphasizing education, healthcare, emergency aid, and social care. The website reflects a professional and consistent brand image, targeting donors, partners, and beneficiaries interested in charitable child aid initiatives. Technically, the website is built on WordPress with Elementor and uses modern tools such as Smart Slider 3, Google Analytics, and Usercentrics for consent management. Hosting is via Amazon AWS infrastructure, ensuring reliable performance and availability. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Security posture is good with HTTPS enforced and domain transfer protection, but lacks advanced security headers and explicit security policies. From a security and compliance perspective, the site does not expose sensitive data and implements cookie consent mechanisms, but lacks visible privacy and terms of service pages. WHOIS data is consistent with the business claims, enhancing trustworthiness. No WAF or blocking mechanisms were detected, allowing full content access. Overall, the site is safe, professional, and trustworthy, with room for improvement in security headers and privacy documentation. Strategic recommendations include enabling DNSSEC, adding comprehensive privacy and security policies, implementing security headers, and conducting regular security audits to maintain and enhance trust and compliance.

F

Funraise

funraise.io

0

Funraise is a SaaS company providing a comprehensive nonprofit fundraising platform designed to simplify donor management and fundraising activities. Their platform includes a wide array of features such as donation forms, peer-to-peer fundraising, event ticketing, donor CRM, automated communications, and AI-powered tools. Positioned as an easy-to-use and innovative solution, Funraise targets nonprofit organizations seeking to enhance their fundraising capabilities and donor engagement. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to nonprofit users. Technically, the website is built on Webflow CMS and leverages modern web technologies including Google Tag Manager, Facebook Pixel, HubSpot, Microsoft Clarity, and reCAPTCHA for analytics, marketing, and security. The site is well-optimized for performance and mobile responsiveness, with strong SEO and accessibility considerations. Security best practices are observed with HTTPS enforcement, security headers, and cookie consent mechanisms. From a security standpoint, Funraise demonstrates a solid posture with no visible vulnerabilities or exposed sensitive data. However, the absence of a public vulnerability disclosure policy and incident response contact information suggests areas for improvement in transparency and readiness. Privacy compliance is strong, with a comprehensive privacy policy and GDPR-aligned cookie consent. Overall, Funraise presents a trustworthy and professional online presence suitable for its nonprofit audience. The lack of WHOIS data due to privacy protection does not detract from the legitimacy indicated by the website's quality and security measures. Strategic recommendations include enhancing security transparency and incident response communications to further build trust.

N

National Cartoonists Society Foundation

cartoonistfoundation.org

0

The National Cartoonists Society Foundation is a small US-based non-profit organization dedicated to supporting cartoonists through charitable programs and scholarships. Established in 2005, it operates as the charitable arm of the National Cartoonists Society, providing educational opportunities and financial aid to students in the cartooning arts. The website reflects this mission with clear scholarship information, donation options, and educational content targeted at cartoonists and supporters. Technically, the website is built on WordPress and uses modern front-end technologies such as the Foundation CSS framework, jQuery, and Google reCAPTCHA v3 for form security. Hosting is provided by SiteGround, a reputable provider. The site is mobile-optimized with good navigation and design quality, although accessibility features are basic. SEO is implemented at a basic level with meta tags and Open Graph data. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms from spam. However, it lacks DNSSEC and important security headers, which are recommended to enhance security posture. No privacy or cookie policies are present, indicating compliance gaps with GDPR and other privacy regulations. No incident response or vulnerability disclosure information is published. Overall, the website is trustworthy and professional, with a strong business credibility score. The main risks relate to privacy compliance and security best practices. Strategic improvements in these areas would enhance user trust and regulatory adherence.

C

Cascadia Poetics LAB

cascadiapoeticslab.org

0

Cascadia Poetics LAB is a small non-profit organization based in Seattle focused on poetry and place-based cultural activities in the Cascadia region. Their offerings include community events such as the Poetry Postcard Fest, a podcast series, online workshops, a poetry festival, and related publications. The organization targets poetry enthusiasts and regional community members, operating primarily as a cultural and educational non-profit entity. Technically, the website is built on WordPress using the Divi theme, hosted by InMotion Hosting. It integrates modern web technologies including Google Fonts, reCAPTCHA for form security, and Google Tag Manager for analytics. The site demonstrates good mobile optimization and SEO practices but lacks some advanced accessibility features. From a security perspective, the site uses HTTPS with a good SSL configuration and employs reCAPTCHA to protect forms. However, it lacks DNSSEC, security headers like Content-Security-Policy, and a published security or vulnerability disclosure policy. The domain registration is privacy-protected but consistent with the organization's profile and age. Overall, the website is professionally presented and trustworthy for its niche audience but would benefit from enhanced privacy compliance and security practices to improve user trust and regulatory adherence.

G

Goods Unite Us

goodsuniteus.com

0

Goods Unite Us is a consumer advocacy platform focused on providing political background checks on thousands of brands and companies to help consumers align their spending with their political values. The organization operates primarily as a non-profit entity targeting consumers interested in political transparency and ethical purchasing. Their key services include a mobile app, brand ratings, and tools to influence corporate political expenditures. The website is built on WordPress with a modern tech stack including React components and integrates multiple third-party services for analytics, advertising, and push notifications. Privacy and cookie consent mechanisms are robust and GDPR compliant, reflecting a mature approach to user data protection. Security posture is good with HTTPS enforced and no obvious vulnerabilities, though some security headers could be improved. The absence of WHOIS registration data is a concern for domain legitimacy verification but the professional website and active social media presence support trustworthiness. Overall, the site is well-designed, user-friendly, and serves a clear advocacy purpose.

R

Rise for Freedom

rise4freedom.org

0

Rise for Freedom is a US-based non-profit coalition focused on nationwide mass trainings to promote democracy and civic engagement. The organization offers live online and in-person training sessions, partnering with entities like the ACLU and using platforms such as Mobilize.us to coordinate events. The website reflects a grassroots movement model targeting a broad audience interested in democracy activism. Technically, the site is built on WordPress with common plugins and uses DreamHost for hosting. It employs Google Analytics with an opt-out mechanism, indicating moderate digital maturity. Security posture is adequate with HTTPS enabled but lacks advanced DNS security and explicit security headers. Privacy compliance is limited due to the absence of visible privacy and cookie policies. Overall, the site is professional and trustworthy but could improve transparency and security practices.

R

Run For Something

runforsomething.net

0

Run For Something is a non-profit political action committee focused on recruiting and supporting young progressive leaders to run for state and local offices. The organization provides candidate recruitment, support systems, volunteer coordination, fundraising, and educational resources to build long-term political power. Their market position is niche and specialized within the progressive political landscape. The website is built on WordPress with a modern tech stack including Gravity Forms, Yoast SEO, and multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Mixpanel. Hosting and DNS services are managed via Cloudflare, providing good performance and security. The security posture is generally good with HTTPS enforced and domain transfer protections in place, but lacks DNSSEC and security headers, and does not have a published security or incident response policy. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite extensive tracking. Contact information is available primarily via email and web forms, with no phone numbers or physical addresses listed. Overall, the website is professional, trustworthy, and well-branded, serving its target audience effectively.

E

Election Truth Alliance

electiontruthalliance.org

0

Election Truth Alliance is a small non-profit organization focused on exploring election fraud consequences and advocating for safeguarding the voting process to support a healthy democracy. The website serves as an informational and advocacy platform with integrated donation capabilities to support its mission. The organization maintains an active social media presence across major platforms to engage its target audience interested in election integrity. Technically, the website is built on WordPress using modern plugins and themes, with payment processing integrated via Stripe and PayPal. The site is hosted with reputable providers and uses HTTPS, but lacks DNSSEC and explicit privacy or security policies. Security posture is moderate with domain locking but could be improved with enhanced DNS security and formalized incident response documentation. Overall, the website is professional and functional but would benefit from improved privacy compliance and clearer contact information.

S

Stop Project 2025 Comic

stopproject2025comic.org

0

Stop Project 2025 Comic is a small US-based non-profit initiative focused on political education and advocacy against the Project 2025 agenda associated with a potential second Trump presidency. The website uses comics as a medium to explain complex political issues and encourages voter registration. Technically, the site is built on WordPress with Elementor, hosted by pair Networks, and uses HTTPS, but lacks some security headers and privacy compliance documentation. The security posture is moderate with no critical vulnerabilities detected but could be improved with better policies and headers. Overall, the site is safe, professional, and serves a niche advocacy role with moderate trustworthiness.

A

Activist Handbook

activisthandbook.org

0

Activist Handbook is a non-profit educational platform founded in 2019 and based in the Netherlands, providing over 450 guides and thousands of external resources to support progressive, green, and social activists worldwide. The website offers comprehensive campaigning guides, training resources, and community engagement tools aimed at empowering grassroots movements and preventing activist burnout. It positions itself as a niche leader in activist education with a strong focus on accessibility and inclusivity. Technically, the site is built using modern static site generation technology (VitePress) and hosted on Cloudflare Pages, ensuring fast performance and good mobile optimization. It employs common analytics tools such as Google Analytics and Microsoft Clarity, alongside Google Tag Manager for marketing purposes. The site uses HTTPS with a good SSL configuration but lacks advanced security headers and DNSSEC, which are recommended for enhanced security. From a security perspective, the website demonstrates a moderate security posture with enforced HTTPS and domain status protections but lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms. No direct contact information is provided, which may limit user trust and support accessibility. Advertising practices are limited to Google AdSense and standard tracking pixels, with basic privacy compliance including a privacy policy and cookie consent banner. Overall, the website is professional, trustworthy, and content-rich, serving its target audience effectively. Strategic recommendations include enabling DNSSEC, implementing security headers, publishing security and incident response policies, and providing clear contact information to improve trust and compliance.