indexo.dev

forestfuturealliance.org

.org user

First seen 2026-05-15 · Last seen 2026-05-15 · ok HTTP/1.1 200 392 ms crawled 2026-05-15

IE · 52.50.21.92 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector nonprofit type homepage

HTML metadata

Title
Forest Future Alliance | Home
Description
The Forest Future Alliance (FFA) enables the private sector and philanthropic organisations to undertake socially, economically and ecologically responsible action for forest landscapes. FFA supports credible action in both rural and urban forests, to advance thriving ecosystems and communities globally.
Language
en
Canonical
https://www.forestfuturealliance.org/home

Open Graph

url
https://www.forestfuturealliance.org/home
title
Forest Future Alliance | Home
description
The Forest Future Alliance (FFA) enables the private sector and philanthropic organisations to undertake socially, economically and ecologically responsible action for forest landscapes. FFA supports credible action in both rural and urban forests, to advance thriving ecosystems and communities globally.

Technology

CDN
Amazon CloudFront
Server
Heroku
Analytics
  • Google Tag Manager

Third-party hosts loaded (4)

  • auth-widgets.weforum.org×2
  • auth.lrcontent.com×1
  • fast.appcues.com×1
  • www.googletagmanager.com×1

Registration

Registrar
Amazon Registrar, Inc.
Created
2025-11-19
Expires
2026-11-19 182 days left
Updated
2025-11-24
Name servers
  • ns-1151.awsdns-15.org
  • ns-1746.awsdns-26.co.uk
  • ns-349.awsdns-43.com
  • ns-801.awsdns-36.net

DNS records live

NS
  • ns-1151.awsdns-15.org
  • ns-1746.awsdns-26.co.uk
  • ns-349.awsdns-43.com
  • ns-801.awsdns-36.net

Email authentication no MX

SPF
v=spf1 -all
strict (-all)
DMARC
v=DMARC1;p=reject;rua=mailto:dmarc_rua@emaildefense.proofpoint.com;ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;fo=1
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

Amazon RSA 2048 M04
from 2026-01-20 to 2027-02-19
Expires in 274 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.forestfuturealliance.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin
x-frame-options
sameorigin
x-content-type-options
nosniff
content-security-policy
default-src https: 'self' 'unsafe-inline' blob:;font-src https: 'self' data:;style-src https: 'self' 'unsafe-inline' service.force.com fast.appcues.com hcaptcha.com *.hcaptcha.com;img-src blob: https: 'self' data: *.weforum.org *.amazonaws.com weforum.widen.net;upgrade-insecure-requests;script-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline' service.force.com api.mixpanel.com *.salesforceliveagent.com fast.appcues.com www.googletagmanager.com www.google-analytics.com hcaptcha.com *.hcaptcha.com;child-src 'self' mailto: *.weforum.org consentcdn.cookiebot.com *.weforum.org *.amazonaws.com mixpanel.com service.force.com my.appcues.com webcasts.weforum.org www.google.com *.force.com *.salesforce.com *.vimeo.com www.youtube.com player.vimeo.com www.powr.io cdn.jwplayer.com public.tableau.com view.genial.ly view.genially.com airtable.com app.powerbi.com wefglobal.eu.qualtrics.com hcaptcha.com *.hcaptcha.com gkhzyudi.chat.qbusiness.eu-west-1.on.aws;connect-src 'self' wss: https: *.livest
strict-transport-security
max-age=31536000