securedrop.org

.org crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 989 ms crawled 2026-05-18

US · 104.20.24.68 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Share and accept documents securely
Description: SecureDrop is an open-source whistleblower submission system that media organizations can install to securely accept documents from anonymous sources. It was originally coded by the late Aaron Swartz and is now managed by Freedom of the Press Foundation.
Language: en

Open Graph

url: https://securedrop.org/
title: Share and accept documents securely
site name: SecureDrop
description: SecureDrop is an open-source whistleblower submission system that media organizations can install to securely accept documents from anonymous sources. It was originally coded by the late Aaron Swartz and is now managed by Freedom of the Press Foundation.

Technology

CDN: Cloudflare
CMS: Gatsby

Third-party hosts loaded (1)

analytics.freedom.press×1

Social

Registration

Registrar

Gandi SAS

Created

2013-10-05

Expires

2026-10-05 138 days left

Updated

2025-08-11

Name servers

abby.ns.cloudflare.com
jake.ns.cloudflare.com

DNS records live

NS

abby.ns.cloudflare.com
jake.ns.cloudflare.com

MX

10 in1-smtp.messagingengine.com
20 in2-smtp.messagingengine.com

TXT

google-site-verification=xUZZFhf5GhgmORYQo0Vh31aRXVNaj_cp7T0ntm8G3q0
google-site-verification=hm6BHu6XCwxzKi1t462s-mZX8oLwjrxxyii4DJr_tXQ

Email authentication partial

SPF: v=spf1 include:spf.messagingengine.com include:mailgun.org include:_spf.google.com ~all
softfail (~all)
DMARC: v=DMARC1; p=none; rua=mailto:8dfc6d74@mxtoolbox.dmarc-report.com; ruf=mailto:8dfc6d74@forensics.dmarc-report.com; fo=1
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

WE1

from 2026-04-24 to 2026-07-23

Expires in 65 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://securedrop.org/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy

findings

missing Permissions Policy

Header values

referrer-policy: same-origin
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: media-src 'self' media.securedrop.org; base-uri 'self'; script-src 'self' 'unsafe-eval' analytics.freedom.press; object-src 'self' media.securedrop.org; style-src-attr 'self' 'unsafe-hashes' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-RjGXttEfn3lP8F5dx3vtPdu6djlmub1vrGRYYEoYmk0='; connect-src 'self' analytics.freedom.press media.securedrop.org; img-src 'self' analytics.freedom.press media.securedrop.org; frame-src 'self' media.securedrop.org; form-action 'self'; default-src 'self'; frame-ancestors 'self'; style-src 'self' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin