From https://wikitech.wikimedia.org/wiki/HTTPS/domains, extracting just the Fundraising ones and going into details. Note the only issues of high importance here are the HSTS headers, and frdata's lack of any HTTPS redirect. The rest are mostly nit-picking, but would be nice to have.
* benefactorevents
* //(note: 3rd party hosted)//
* Need HSTS headers (`strict-transport-security:max-age=31536000; includeSubDomains; preload`)
* HTTP->HTTPS redirect is 302, should be 301
* HTTP->HTTPS should be to self first (as in http://benefactorevents -> https://benefactorevents before redirecting to some other name - currently http://benefactorevents redirects immediately to some other name)
* eventdonations
* //(note: 3rd party hosted)//
* Need HSTS headers (`strict-transport-security:max-age=31536000; includeSubDomains; preload`)
* HTTP->HTTPS redirect is 302, should be 301
* civicrm
* Need HSTS headers (`strict-transport-security:max-age=31536000; includeSubDomains; preload`)
* frdata
* Lacks HTTP->HTTPS redirect
* Need HSTS headers (`strict-transport-security:max-age=31536000; includeSubDomains; preload`)
* fundraising
* Need HSTS headers (`strict-transport-security:max-age=31536000; includeSubDomains; preload`)
* HTTP->HTTPS redirect should be to self first (currently it redirects to ``//wikimediafoundation.org`` directly from each proto at the root)
* payments / payments-listener
* Fix HSTS headers (`strict-transport-security:max-age=31536000; includeSubDomains; preload`) //(has existing HSTS, but 180d without sub/pre)//