Technology security reports

A

Automattic

gravatar.com

69

Gravatar, operated by Automattic, is a well-established global avatar and profile service that enables users to maintain a consistent online identity across millions of websites. The service offers free personal profiles, link-in-bio pages, and developer APIs, positioning itself as a key player in digital identity management. The website reflects a mature digital presence with professional design, comprehensive multilingual support, and clear branding aligned with Automattic and WordPress.com. Technically, the site employs modern web standards, including HTTPS, JavaScript, and CSS, ensuring fast performance and mobile optimization. Privacy and cookie policies are prominently presented with user consent mechanisms, demonstrating compliance with GDPR and other privacy regulations. Security posture is strong with domain registration protections and secure HTTPS, though explicit security headers and vulnerability disclosure mechanisms could be enhanced. Overall, the site is trustworthy, professional, and well-suited for its target audience of individual users and developers.

L

Leadinfo

leadinfo.eu

67

Leadinfo is a technology company specializing in B2B lead generation and website visitor identification through a SaaS platform. Their service enables businesses to uncover anonymous website visitors, enrich sales funnels, and engage target buyers effectively. The company positions itself as a comprehensive solution for B2B marketing and sales teams, leveraging integrations and automation to enhance lead conversion. Technically, the website is built on WordPress with Elementor, employing modern analytics and tracking tools such as Amplitude, Microsoft Clarity, and Mouseflow, indicating a mature digital infrastructure. The site is well-optimized for SEO, mobile responsiveness, and accessibility, reflecting a professional digital presence. Security-wise, the site enforces HTTPS and cookie consent mechanisms but lacks visible security headers and published incident response policies, suggesting room for improvement in security transparency. The absence of WHOIS registration data reduces domain trustworthiness, although the website content and branding are consistent and credible. Overall, Leadinfo presents a solid business and technical profile with minor gaps in security policy disclosure and domain registration transparency.

R

Rexx Systems

rexx-systems.com

62

Rexx Systems is a well-established German technology company specializing in HR software solutions for medium and large enterprises, including cloud and on-premise offerings. With 25 years of experience and a customer base of approximately 3,000, they provide a comprehensive suite of HR, recruiting, talent management, and AI-powered tools. Their market position is strong within the HR technology sector, targeting international and enterprise clients. Technically, the website is built on WordPress with Elementor, optimized for performance and mobile responsiveness, and employs modern web technologies and SEO best practices. Security posture is solid with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response information are not publicly detailed. The domain WHOIS data is missing, which raises transparency concerns despite the professional and trustworthy appearance of the website. Overall, the site demonstrates a mature digital presence with room for improvement in domain registration transparency and security disclosure.

X

X Corp.

twitter.com

65

X.com is the official website of X Corp., formerly known as Twitter, a leading global social media platform specializing in microblogging and social networking services. The platform targets a general audience and operates on a business model combining advertising and subscription services. The website demonstrates consistent branding and provides comprehensive legal and privacy documentation, reflecting a mature and professional online presence. Technically, the website employs modern web technologies including React, Tailwind CSS, and GraphQL, ensuring a fast and responsive user experience optimized for both desktop and mobile platforms. The infrastructure appears robust, leveraging advanced bot mitigation tools such as Arkose Labs and payment processing via Stripe, indicating a sophisticated digital maturity. From a security perspective, the site enforces HTTPS with strong SSL configurations and domain security measures such as clientDeleteProhibited status flags. However, DNSSEC is not enabled, and explicit security policies or incident response contacts are not publicly available, representing areas for improvement. The cookie consent mechanism and privacy policy indicate good privacy compliance, including GDPR adherence. Overall, the website is trustworthy, professionally designed, and secure, with no indications of adult or explicit content. The domain's long history and registration details further reinforce legitimacy. Strategic recommendations include enabling DNSSEC, publishing a security policy and incident response contacts, and adding a security.txt file to enhance vulnerability disclosure transparency.

A

Axeptio

axept.io

73

Axeptio is a technology company specializing in consent management platforms designed to help businesses comply with GDPR, Law 25, and other international data privacy regulations. Positioned as a Google Gold Certified CMP partner, Axeptio offers a no-code platform with customizable consent banners, contractual consent modules, and mobile SDKs. The company targets businesses seeking to integrate privacy compliance seamlessly into their customer journeys, emphasizing branded and immersive consent experiences. The website reflects a mature digital presence with strong branding and a significant customer base of over 80,000 websites. Technically, the website is built on the HubSpot CMS platform, leveraging HubSpot's marketing and analytics tools alongside Google Tag Manager. The site is well-optimized for performance and mobile responsiveness, with modern JavaScript libraries and a clean, professional design. Security best practices are observed with HTTPS enforced and consent mechanisms implemented, though explicit security headers and policies are not fully documented in the visible content. From a security posture perspective, the site shows good maturity with no evident vulnerabilities or exposed sensitive data. However, the absence of a published privacy policy, terms of service, and clear contact information for security or privacy inquiries represents areas for improvement. The WHOIS data is privacy protected or unavailable, which is justified given the company's focus on privacy solutions. Overall, the domain and website present a trustworthy and professional front with strong compliance and branding signals. Strategically, Axeptio should enhance transparency by publishing comprehensive privacy and security policies and providing clear contact channels for incident response. This will strengthen trust and compliance posture further. The technical infrastructure is solid but could benefit from explicit security header implementation and vulnerability disclosure mechanisms to align with best practices.

F

Font Awesome

fontawesome.com

72

Font Awesome is a leading technology company specializing in providing a comprehensive icon library and toolkit widely used by designers, developers, and content creators globally. Established in 2012, the company offers a freemium business model with free icons and paid Pro and Pro+ subscription plans that unlock additional icon packs and features. The website demonstrates a strong market position with millions of users and a professional, consistent brand presence. Technically, the site leverages modern web technologies including Vue.js, SVG, and optimized assets hosted on AWS infrastructure, ensuring fast performance and excellent mobile responsiveness. Security posture is robust with HTTPS, CSRF protection, reCAPTCHA integration, and privacy compliance mechanisms including GDPR-aligned policies and cookie consent. No critical vulnerabilities or suspicious indicators were found. Overall, Font Awesome presents a trustworthy, mature, and well-managed digital presence with clear business credibility and user-focused design.

C

Cloudflare, Inc.

cloudflare.com

54

Cloudflare, Inc. is a leading global technology company specializing in cloud-based security, performance, and networking services. Their platform enables enterprises, small businesses, and developers to connect, protect, and build applications and networks with enhanced speed and security. Cloudflare holds a strong market position as a trusted provider of CDN, DDoS protection, zero trust security, DNS, and serverless computing services. The company targets a broad audience including enterprises, SMBs, developers, and partners, offering scalable and comprehensive solutions to modernize and secure digital infrastructure. Technically, Cloudflare's website and platform leverage modern web technologies including the Astro framework, Cloudflare Workers, and advanced consent management tools like OneTrust. The site is hosted on Cloudflare's own infrastructure, ensuring fast performance, excellent mobile optimization, and good accessibility. The use of Google Tag Manager, Adobe Launch, and Zaraz Tag Manager indicates a mature digital marketing and analytics setup with privacy-conscious consent mechanisms. From a security perspective, Cloudflare demonstrates a robust posture with HTTPS enforcement, comprehensive security headers, and adherence to industry standards such as ISO 27001, SOC 2, PCI DSS, and FedRAMP. The company maintains an active vulnerability disclosure program and incident response team, with clear contact channels for security issues. No vulnerabilities or suspicious patterns were detected in the website content or configuration, reflecting a high level of security maturity. Overall, Cloudflare presents a low-risk profile with strong business credibility, technical sophistication, and compliance adherence. The domain is well-established and consistent with the company's history. Privacy protection in WHOIS is justified given the enterprise nature. Strategic recommendations include continuous monitoring of third-party scripts, enhancing transparency on data retention, and ongoing security training to maintain leadership in cloud security services.

O

OneTrust

cookielaw.org

79

OneTrust is a leading technology company specializing in privacy, security, and governance software solutions. Their Cookie Consent product enables organizations to manage cookie consent across their web properties, ensuring compliance with global data privacy regulations such as GDPR. The company targets enterprises and businesses requiring robust privacy management tools, positioning itself as a market leader with a comprehensive platform and strong trust signals including ISO 27001 and SOC 2 certifications. Technically, the website is built on Adobe Experience Manager, leveraging modern JavaScript libraries and Adobe's marketing and analytics tools. The site demonstrates good performance, mobile optimization, and accessibility features. Security is well addressed with HTTPS, security headers, and bot protection via Cloudflare Turnstile captcha. Privacy compliance is evident through detailed privacy and cookie policies and consent mechanisms. The security posture is strong with no visible vulnerabilities or exposed sensitive data. However, the absence of a public incident response page and vulnerability disclosure program suggests areas for improvement. Overall, the website and company present a professional, trustworthy, and mature digital presence suitable for enterprise clients. Strategic recommendations include enhancing transparency with a dedicated incident response and vulnerability disclosure page, expanding data retention policy disclosures, and continuing to maintain and communicate strong security certifications to reinforce trust.

H

Hotjar Ltd.

hotjar.com

68

Hotjar Ltd. is a leading SaaS provider specializing in website heatmaps, behavior analytics, session recordings, surveys, and user feedback tools. Recently integrated into Contentsquare, Hotjar offers a powerful experience intelligence platform that serves over 1.3 million websites globally. The company targets businesses and digital teams aiming to optimize user experience and conversion rates through data-driven insights. Their business model is subscription-based with free and paid tiers, supported by strong branding and customer testimonials. Technically, Hotjar employs a modern web stack including React and Next.js, with Contentful as their CMS. They integrate analytics tools such as Heap Analytics and Google Tag Manager, ensuring fast performance and excellent mobile optimization. The website is well-structured, SEO-optimized, and accessible, reflecting a mature digital presence. From a security perspective, Hotjar enforces HTTPS, implements key security headers, and maintains secure data collection practices. While no critical vulnerabilities were detected, the absence of explicit incident response and vulnerability disclosure policies suggests room for improvement. Privacy compliance is robust, with comprehensive privacy and cookie policies aligned with GDPR and CCPA standards. Overall, Hotjar demonstrates a high level of professionalism, security, and compliance, making it a trustworthy platform for digital experience analytics. Strategic recommendations include publishing explicit security policies, enhancing transparency on data retention, and maintaining rigorous third-party script audits to sustain their strong security posture.

G

Google

safety.google

67

The Google Safety Center website serves as an official platform by Google LLC to educate users on online safety, privacy, and cybersecurity. It highlights Google's commitment to protecting users across its broad range of products including Search, Gmail, Chrome, YouTube, and more. The site targets a general audience with a focus on family safety, content safety, and cybersecurity advancements. The business model is service-oriented, leveraging Google's extensive technology ecosystem and market leadership in the technology sector. The website is part of the enterprise-level digital presence of Google, a subsidiary of Alphabet Inc., founded in 1998 in the United States.

C

Cookiebot

cookiebot.com

73

Cookiebot, a product by Usercentrics, is a leading consent management platform (CMP) focused on helping businesses comply with GDPR and other privacy regulations. The company offers a SaaS solution that automates consent signaling and manages user consent preferences, targeting primarily SMBs and enterprises requiring privacy compliance. The website reflects a mature digital presence with multiple language support, clear navigation, and professional branding. Technically, the site is built on WordPress with modern JavaScript integrations, Google Analytics, and Tag Manager for tracking and performance optimization. Security posture is strong with HTTPS enforcement and standard security headers, though explicit security policies and incident response details are not publicly disclosed. The absence of WHOIS data reduces transparency but does not detract significantly from the overall trustworthiness given the company's established market position and branding. Strategic recommendations include publishing detailed security and incident response policies and adding vulnerability disclosure mechanisms to enhance trust further.

TikTok is a leading global social media platform specializing in short-form video content, offering users a dynamic and engaging way to discover and share videos. The platform targets a broad general audience and provides key services including video sharing, live streaming, and advertising solutions. TikTok maintains a strong market position as a dominant player in the technology and media sectors. Technically, TikTok's website leverages modern web technologies such as React, advanced video players, and secure content delivery networks to ensure fast performance and excellent mobile optimization. The platform demonstrates a mature digital infrastructure with comprehensive SEO and accessibility features. From a security perspective, TikTok employs robust HTTPS encryption, modern security headers, and secure form handling, reflecting a high security maturity level. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant, indicating strong privacy compliance. However, the lack of publicly available WHOIS data limits domain registration transparency. Overall, TikTok's website is professional, secure, and user-friendly, with no critical vulnerabilities detected. Strategic recommendations include enhancing transparency around domain registration, maintaining vigilance on third-party scripts, and establishing a public vulnerability disclosure program to further strengthen security posture.

B

BitNinja Security

bitninja.io

75

BitNinja Security is a technology company specializing in AI-powered server security solutions primarily targeting Linux servers. Their offerings include an AI-driven malware scanner, IP reputation management, Web Application Firewall (WAF), and spam detection, delivered via a centralized dashboard. The company appears to have a solid market position as a provider of advanced server security tools, catering to IT professionals and hosting providers. The website is built on a modern WordPress platform with integrations for analytics and marketing, demonstrating a mature digital infrastructure. Security posture is strong with HTTPS enforced and domain registration consistent with the business age, though some security best practices like DNSSEC and security headers could be improved. Privacy compliance is partially met with a cookie consent mechanism but lacks explicit privacy and terms of service documentation. Overall, the website is professional, trustworthy, and safe for general audiences.

W

WordPress

w.org

67

WordPress.org is the official website for the WordPress open source content management system, a leading platform powering millions of websites globally. It offers a comprehensive ecosystem including themes, plugins, blocks, and extensive community and developer resources. The site targets a broad audience from individual creators and small businesses to large enterprises and developers. Technically, the website is built on WordPress CMS with the modern Gutenberg block editor, leveraging JavaScript, SVG, and Google Tag Manager for analytics. The site is well-optimized for performance, mobile responsiveness, and accessibility, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforced and domain protections in place, though there is room for improvement in DNSSEC and security headers. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the website demonstrates high professionalism, trustworthiness, and business credibility.

X

X Corp.

x.com

70

X.com is the official website of X Corp., a leading global social media platform formerly known as Twitter. The platform offers real-time news, entertainment, sports, and political commentary, targeting a broad general audience. It operates a large-scale social networking service with advertising and subscription revenue models. The website demonstrates a high level of digital maturity, employing modern web technologies such as React and GraphQL, and delivering a fast, mobile-optimized user experience. Security measures include HTTPS enforcement, multiple security headers, and bot mitigation via Arkose Labs. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. The domain's WHOIS data confirms a long-standing, legitimate registration consistent with the company's history. Overall, the site presents a professional, trustworthy, and secure digital presence.

LinkedIn is a leading global professional networking platform that enables users to manage their professional identity, build networks, access job opportunities, and engage with industry content. The website demonstrates a high level of digital maturity with a modern tech stack including OAuth integrations for authentication, responsive design, and comprehensive privacy and cookie policies. Security posture is strong with HTTPS enforcement, secure forms, and cookie consent mechanisms, although explicit security policy and incident response contacts are not publicly detailed. Overall, LinkedIn presents a trustworthy and professional online presence consistent with its market position as a top enterprise in the technology sector.

D

Datwyler IT Infra

datwyler.com

68

Datwyler IT Infra is a well-established provider of IT and OT infrastructure solutions, specializing in data centres, fibre networks, and intelligent building systems. The company operates globally, offering a broad range of services including managed services, software solutions, and turnkey projects. Their market position is strong, supported by comprehensive governance and sustainability commitments. Technically, the website employs modern technologies such as Craft CMS, Google Tag Manager, and Imgix for image delivery, ensuring a responsive and professional user experience. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though there is room for improvement in security headers and incident response transparency. Overall, the website reflects a mature digital presence aligned with corporate standards.

C

Customer Alliance

customer-alliance.com

61

Customer Alliance operates a SaaS platform focused on simplifying customer feedback and review management for businesses. The company positions itself as a provider of stress-free review management software, targeting businesses that want to streamline customer reviews, surveys, and satisfaction metrics. The website is professionally designed using WordPress and modern plugins, supporting multiple languages and optimized for SEO and mobile devices. The technical infrastructure includes popular tools such as Google Tag Manager, Microsoft Clarity, and WP Rocket, indicating a mature digital presence. Security posture is generally good with HTTPS enforced and cookie consent implemented, but lacks explicit security policies and headers. The absence of WHOIS data and registrant information introduces some uncertainty about domain legitimacy, though the website content and technical setup suggest a legitimate business. Overall, the site is well-structured and trustworthy from a user perspective but would benefit from enhanced transparency and security disclosures.

D

Deutsche Gesellschaft für Barrierefreiheit

accessgo.de

57

AccessGO is a German-based technology company specializing in web accessibility compliance solutions, targeting small and medium-sized enterprises. Their flagship offering is a SaaS platform that includes a website plugin, AI-driven auto-optimization, audit and monitoring tools, and a barrier-free declaration generator to help clients meet legal requirements effective from June 2025. The company positions itself as a trusted provider with thousands of customers and positive reviews on recognized software review platforms. Technically, the website is built on WordPress with Elementor and Yoast SEO, leveraging modern web technologies and integrating cookie consent management and analytics tools. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and incident response policies are not evident. Overall, the site is professional, well-structured, and compliant with privacy regulations, though it lacks explicit privacy and terms of service pages in the analyzed content.

O

OpenAgenda

openagenda.com

53

OpenAgenda is a well-established French technology company specializing in event agenda management solutions. The platform caters to organizations, federations, territories, and large event organizers by providing tools to create, interconnect, and moderate event agendas. It supports event export, integration, and offers dedicated support, positioning itself as a reliable SaaS provider in the event management space. The company has a solid market presence with notable clients and media partnerships, reflecting a mature business model and a medium-sized operational scale. Technically, the website employs a moderately modern tech stack including jQuery, Bootstrap, Matomo analytics, and Crisp chat for customer interaction. Hosting appears to be on Amazon AWS infrastructure, inferred from DNS servers. The site is mobile optimized with good SEO and accessibility basics, though some modernization opportunities exist, especially in upgrading JavaScript libraries and enhancing accessibility features. From a security perspective, the site uses HTTPS and includes script integrity hashes, but lacks visible security headers and DNSSEC is not enabled. There is no explicit security policy or incident response information published, which could be improved. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, but no cookie consent mechanism was detected. Overall, the security posture is moderate with room for enhancements. The overall risk assessment is low, with no critical vulnerabilities or suspicious indicators found. Strategic recommendations include implementing security headers, enabling DNSSEC, publishing security and incident response policies, and adding cookie consent mechanisms to improve GDPR compliance and user trust.

W

Wide Agency

wideagency.ch

63

Wide Agency is a Swiss-based digital communication agency specializing in creating and managing digital strategies that strengthen brands and enhance business growth. The company offers a range of services including design systems, Drupal and Wordpress development, digital marketing, change management, and strategic creation. The website reflects a professional and consistent brand image with multilingual support, targeting businesses seeking comprehensive digital solutions. Technically, the site is built on Drupal 8, uses modern JavaScript libraries, and integrates marketing and analytics tools such as Google Tag Manager and Pardot. Security posture is good with HTTPS and cookie consent mechanisms in place, though there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is well-structured, accessible, and compliant with GDPR, indicating a mature digital presence.

E

Ergopix Sàrl

ergopix.com

54

Ergopix Sàrl is a small Swiss web agency based in Vevey specializing in custom web design and development of web tools, primarily using WordPress and Drupal CMS platforms. The company targets businesses and organizations seeking bespoke digital solutions, positioning itself as a niche local expert with a professional online presence. The website demonstrates a modern technical infrastructure leveraging WordPress, Bootstrap, jQuery, and performance optimization tools like WP Rocket, resulting in fast loading times and good mobile responsiveness. Security posture is solid with HTTPS enforced and no exposed sensitive data, though improvements are recommended in security headers and incident response transparency. Privacy compliance is adequate with a privacy policy present, but lacks a cookie consent mechanism. WHOIS data is missing or unavailable, which slightly reduces trust but the active, professional website mitigates concerns. Overall, the site is well-designed, functional, and trustworthy with room for enhanced security and compliance documentation.

S

SECUTIX

secutix.com

79

SECUTIX is a well-established global leader in digital ticketing technology, offering a comprehensive SaaS platform that serves a wide range of event types including sports, festivals, and cultural institutions. The company emphasizes secure, mobile-first ticketing solutions, access control, and business intelligence to maximize revenue and enhance fan engagement. Their market position is reinforced by numerous partnerships with major sports federations and venues, as well as industry awards. Technically, the website is built on modern frameworks such as React and Next.js, with strong SEO, mobile optimization, and performance. Security posture is robust with HTTPS, security headers, bot protection partnerships, and consent management, although explicit security and incident response policies are not publicly detailed. WHOIS data is not publicly available, likely due to privacy protection, which slightly impacts trust but is common for businesses of this nature. Overall, SECUTIX presents a professional, secure, and compliant digital presence aligned with its business objectives.

V

VNV SA

vnv.ch

61

VNV SA is a Swiss IT company founded in 2001, specializing in software engineering, IT managed services, cloud solutions, and business strategy consulting. The company positions itself as a reliable IT service provider with a strong focus on efficiency, pragmatism, and realism. It serves business clients seeking comprehensive IT and software solutions, leveraging strategic partnerships with major technology vendors such as Lenovo, Cisco, Microsoft, and Palo Alto Networks. The website reflects a mature digital presence built on WordPress with modern technologies and SEO optimization.

U

Universe

universe.com

66

Universe is a large-scale online event ticketing and management platform that enables event organizers to create, manage, and sell tickets for general admission and timed-entry events. The platform is integrated with Ticketmaster, leveraging a vast distribution network and marketing expertise to expand event reach globally. Universe offers advanced tools for customer data ownership, checkout customization, and marketing optimization, targeting event hosts and ticket buyers worldwide. Technically, Universe employs modern web technologies including Webflow CMS, Google Tag Manager, Transifex for localization, and ContentSquare for UX analytics. The site is well-optimized for performance, mobile responsiveness, and accessibility, hosted on AWS Cloudfront CDN. Security is robust with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response policies are not publicly detailed. The security posture is strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is comprehensive, with clear privacy and cookie policies and GDPR adherence. However, the absence of WHOIS registration data for the domain www.universe.com is unusual and warrants further investigation to confirm domain legitimacy. Overall, the site presents a professional, trustworthy, and user-friendly experience with strong business credibility. Strategic recommendations include enhancing security transparency by publishing a security policy and incident response contacts, implementing additional security headers, and clarifying domain registration details to improve trust and compliance visibility.

D

Devillard Holding SA

devillard.ch

47

Devillard Holding SA is a well-established Swiss technology company founded in 1958, specializing in IT infrastructure, printing systems, document management (GED), and interactive screens. It holds a leading market position in Suisse Romande, targeting SMEs with comprehensive technology solutions and premium maintenance services. The company operates multiple physical locations across the region, emphasizing proximity and high-quality customer service. The website reflects a mature digital presence with professional design, clear navigation, and relevant content tailored to its business audience. Technically, the site is built on WordPress with modern plugins and integrates Google Analytics and Tag Manager for performance monitoring. Security posture is strong with HTTPS, captcha protections, and cookie consent mechanisms, though some security headers could be improved. Privacy compliance is robust with a detailed privacy policy and cookie banner. Overall, the website and business demonstrate high credibility and trustworthiness.

E

Epwise AG

wise.swiss

46

Wise.swiss, operated by Epwise AG, is a Swiss-based technology company specializing in AI-enhanced software solutions for event and real estate co-ownership assembly management. Their product suite includes Eventwise and Estatewise, designed to streamline invitations, registrations, check-ins, document sharing, and voting processes. The company targets Swiss organizations, including public agencies, SMEs, and large groups, emphasizing data sovereignty and compliance with Swiss data protection laws. The website reflects a professional and consistent brand image with strong trust signals such as customer testimonials and Swiss Made Software certification. Technically, the site uses modern web technologies including HubSpot forms, Google Tag Manager, and Bootstrap, hosted by Infomaniak Network SA. Performance and mobile optimization are good, with clear navigation and SEO best practices. Security posture is solid with HTTPS enforced and clientTransferProhibited domain status, though DNSSEC is not enabled and security headers are not explicitly detected in the HTML. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website and business present a credible, secure, and mature digital presence.

D

Darest Informatic SA

darest.com

61

Darest Informatic SA is a well-established Swiss IT solutions provider founded in 1978, specializing in delivering innovative and personalized IT and digital services to SMEs and large enterprises in the Suisse Romande region. Their offerings include IT infrastructure management, cybersecurity, telephony, printing, digitalization, AI solutions, and IT staff delegation. The company positions itself as a trusted partner with a strong regional presence and a portfolio of recognized certifications and partnerships with major technology vendors. Technically, the website is built on WordPress using modern tools such as Elementor and Yoast SEO, supporting multilingual content and optimized for performance and mobile devices. Security posture is good with HTTPS and reCAPTCHA integration, though explicit privacy and cookie policies are not found, indicating room for compliance improvement. The absence of WHOIS registration data reduces transparency but does not contradict the professional business presentation. Overall, the company demonstrates a mature digital presence with solid business credibility and moderate security maturity.

S

StorifyMe GmbH

storifyme.com

69

StorifyMe GmbH operates a technology platform specializing in mobile-native storytelling formats such as Stories, Shorts, Snaps, and Ads, designed to enhance user engagement and monetization for apps and websites. The company targets a broad range of clients from startups to large enterprises, positioning itself as a leader in visual content creation and distribution. The website demonstrates strong branding, client trust signals, and a comprehensive suite of services aimed at digital marketing and content innovation. Technically, the site leverages modern web technologies including Webflow CMS, GSAP animations, and integrates multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and HubSpot, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response policies are not publicly disclosed. The absence of WHOIS data introduces some uncertainty regarding domain registration legitimacy, but the overall professional presentation and client endorsements support a trustworthy business profile. Strategic recommendations include enhancing security transparency, publishing incident response contacts, and improving direct contact availability to further strengthen trust and compliance.

V

VeronaLabs

wp-statistics.com

64

WP Statistics is a mature and well-established WordPress plugin developed by VeronaLabs, specializing in privacy-friendly website analytics that comply with GDPR, CCPA, and PECR regulations. The company positions itself as a leader in privacy-centric analytics for WordPress users, boasting over 600,000 active users and offering a comprehensive suite of features including content analytics, author performance tracking, marketing campaign insights, and geographical reporting. The business model revolves around plugin sales, add-ons, and an affiliate program, targeting website owners, bloggers, and marketers who prioritize privacy and data ownership.

J

Jooce Digital Agency

jooce.ch

60

Jooce Digital Agency is a small, local digital agency based in Geneva, Switzerland, specializing in web development, IT assistance, and digital solutions tailored for local businesses. The company positions itself as a trusted local partner emphasizing Swiss quality and personalized service. Their website is professionally designed using modern technologies such as React and Next.js, hosted on Vercel, and optimized for performance and mobile devices. Structured data is well implemented to enhance SEO and local business visibility. However, the website lacks critical compliance and security documentation such as privacy policies, cookie consent mechanisms, and incident response information. No contact emails or phone numbers are explicitly provided, which may impact user trust and business credibility. Overall, the site is secure with HTTPS and no visible vulnerabilities, but improvements in privacy compliance and transparency are recommended.

E

EveryWare AG

ewcs.ch

64

EveryWare AG operates an Open Cloud Authentication Service, providing identity and access management solutions primarily targeting enterprise clients. The website analyzed is a login portal leveraging modern authentication protocols such as OpenID Connect and technologies including Keycloak and PatternFly. The site is designed for secure user authentication but lacks publicly accessible information such as privacy policies, terms of service, or contact details on this page. Technically, the site uses a modern tech stack with React-based UI components and standard security practices like disabling autocomplete on password fields. However, no explicit security headers were detected, and privacy compliance indicators are absent, which could be improved to enhance trust and security posture. Overall, the site is functional and professional but minimalistic in public content.

C

Cloudinary

cloudinary.com

70

Cloudinary is a leading cloud-based media management platform founded in 2011, specializing in image and video upload, storage, optimization, and delivery via APIs and CDN. The company targets developers, IT teams, marketers, and enterprises across various industries, providing scalable and AI-powered media solutions. The website reflects a mature digital presence with comprehensive product information, strong branding, and clear navigation. Technically, the site leverages modern web technologies including WordPress CMS, Bootstrap framework, and integrates analytics and marketing tools such as Google Analytics and LinkedIn Insight Tag. Security posture is solid with HTTPS enforced and no exposed sensitive data, though some security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR indicators. Overall, Cloudinary demonstrates a high level of professionalism, technical maturity, and business credibility.

R

Rexx Systems

rexx-recruitment.com

62

Rexx Systems is a well-established German technology company specializing in HR software solutions tailored for medium and large enterprises. With over 25 years of experience and a customer base of approximately 3,000 clients, the company offers modular, cloud-based and on-premise HR software products including recruiting, talent management, digital personnel files, and AI-enhanced tools. Their market position is strong within the HR technology sector, supported by consistent branding and professional digital presence. Technically, the website is built on WordPress with Elementor and leverages modern web technologies such as jQuery and Google Tag Manager. The site is optimized for performance, mobile responsiveness, and SEO, reflecting a mature digital infrastructure. Security measures include HTTPS enforcement and standard security headers, although there is room for improvement in public vulnerability disclosure and incident response transparency. The security posture is solid with no evident vulnerabilities or exposed sensitive data. Privacy compliance is good, with comprehensive privacy and cookie policies and consent mechanisms in place. However, the absence of WHOIS registration data introduces some uncertainty regarding domain registration transparency, though this is likely due to privacy protection. Overall, Rexx Systems presents a trustworthy and professional business with a secure and well-implemented web presence. Strategic recommendations include enhancing security transparency through vulnerability disclosure and incident response information, and maintaining rigorous audits of third-party scripts and data retention policies.

E

EveryWare AG

everyware.ch

71

EveryWare AG is a well-established Swiss IT service provider specializing in cloud, hosting, datacenter, network, and managed IT services. The company positions itself as a leading provider in Switzerland with over 25 years of experience, offering comprehensive business IT solutions focused on public, hybrid, and private cloud environments. Their services cater primarily to Swiss businesses and IT organizations seeking secure, scalable, and sovereign cloud and IT infrastructure solutions. The website reflects a professional and consistent brand image with detailed service offerings and customer success stories, reinforcing their market position. Technically, the website is built on the TYPO3 CMS platform, leveraging modern web technologies including Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is mobile-optimized, well-structured, and performs moderately well. Privacy and cookie policies are clearly presented with consent mechanisms in place, demonstrating good compliance with GDPR requirements. However, explicit security policies and incident response contacts are not publicly available, which could be improved. From a security perspective, the site enforces HTTPS and uses privacy-focused tools but lacks visible advanced security headers and a dedicated vulnerability disclosure policy. No vulnerabilities or suspicious content were detected. WHOIS data confirms the legitimacy of the domain registration, consistent with the company’s Swiss identity and business history. Overall, EveryWare AG’s website presents a trustworthy, professional, and compliant digital presence suitable for its target market. Strategic improvements in security transparency and incident response communication would further enhance their security posture and customer trust.

E

ELCA Security

elcasecurity.ch

85

ELCA Security is a Swiss-based cybersecurity company specializing in securing IT infrastructure, identities, and business operations for both businesses and government entities. The company positions itself as a robust security solutions provider with a focus on anticipating, protecting, detecting, and defending against cyber threats. Their website reflects a professional and modern digital presence, leveraging advanced web technologies such as Next.js and React, and integrating reputable third-party services like Stripe for payments and Matomo for privacy-focused analytics. The site is well-optimized for mobile devices and includes comprehensive cookie consent management via Cookiebot, demonstrating a commitment to privacy compliance.

B

bbv Software Services AG

bbv-software.de

59

bbv Software Services AG is a well-established Swiss software and consulting company specializing in digital consulting, software engineering, and digital transformation services. Founded in 1995, the company serves a broad range of clients, focusing on delivering scalable digital businesses, innovative digital experiences, and sustainable software products. Their market position is strong within Switzerland, supported by a medium-sized team and a comprehensive portfolio of services including AI consulting, cloud services, cybersecurity, and data management. The website reflects a professional and consistent brand image with multilingual support and rich content tailored to business clients. Technically, the website is built on WordPress with modern plugins and tools such as WPBakery Page Builder, Google Tag Manager, HubSpot, and LinkedIn Insight Tag. It employs standard web technologies including JavaScript and jQuery, and integrates multiple analytics and marketing tools with a robust cookie consent mechanism ensuring GDPR compliance. The site demonstrates good performance, mobile optimization, and accessibility features. From a security perspective, the site uses HTTPS with strong SSL configuration and employs Google reCAPTCHA to protect forms from spam. While some security headers are not explicitly detected, the overall security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a comprehensive privacy policy and cookie management system. However, the site could improve by publishing explicit security policies and incident response contacts. Overall, bbv Software Services AG presents a trustworthy and professional online presence with strong business credibility, good technical implementation, and solid privacy and security practices. The risk level is low, and the company is well-positioned to maintain compliance and security in its digital operations.

J

JobCloud

jobcloud.ch

80

JobCloud AG operates as Switzerland's leading job portal and recruitment technology provider, serving over 30,000 Swiss companies. The company offers a comprehensive suite of services including job ads, programmatic job ads, employer branding, international recruitment, and candidate management. Their market position is strong, supported by well-known subsidiary portals jobs.ch and jobup.ch, and a clear focus on the Swiss recruitment market. The website is professionally designed with consistent branding and clear messaging targeting Swiss employers and recruiters.

S

Standout GmbH

standout.ch

55

Standout GmbH is a Swiss-based online marketing agency established in 2012, specializing in services such as SEO, Google Ads, social media marketing, lead generation, e-commerce marketing, and digital recruiting. The company holds reputable certifications including Google Premier Partner and Meta Business Partner, positioning it as a credible player in the Swiss digital marketing sector. Their website reflects a professional and modern design with clear navigation and comprehensive service offerings tailored to businesses seeking to enhance their online visibility and lead acquisition. Technically, the website leverages a modern technology stack including Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, and Cookiebot for privacy compliance. The use of Craft CMS is inferred from security cookies. The site is mobile-optimized, accessible, and SEO-friendly, with good performance metrics. Cookie consent mechanisms are robust, ensuring GDPR compliance. From a security perspective, the site enforces HTTPS with strong SSL configuration and implements security best practices such as CSRF protection and security headers. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a dedicated security policy or incident response contact is noted. Overall, the website demonstrates a high level of professionalism, security, and privacy compliance, making it a trustworthy digital presence for Standout GmbH. Strategic recommendations include publishing a security policy, providing incident response contacts, and establishing a vulnerability disclosure program to further enhance trust and security posture.

H

Hoststar - Multimedia Networks AG

hoststar.ch

73

Hoststar - Multimedia Networks AG is a Swiss-based web hosting and domain registration provider established since 2013. The company offers a wide range of hosting solutions including shared hosting, reseller hosting, virtual servers, SSL certificates, and security services such as SiteLock and VPN. Their market position is that of a reputable mid-sized hosting provider serving individuals and businesses primarily in Switzerland. The website is professionally designed with good content quality and clear navigation, targeting customers seeking reliable and affordable hosting services. Technically, the website is built on Drupal CMS and integrates multiple third-party marketing and analytics tools including Google Analytics, Facebook Pixel, Intercom, and SalesManago. The site is mobile optimized and performs moderately well, though there is room for improvement in accessibility and security headers. HTTPS is properly implemented, ensuring secure communications. From a security perspective, the site follows basic best practices such as HTTPS and offers security-related products. However, it lacks visible security policies, incident response contacts, and comprehensive security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is weak due to the absence of explicit privacy and cookie policies, which is a notable compliance gap. Overall, the website is trustworthy and legitimate, supported by consistent WHOIS data showing transparent Swiss company ownership and an appropriate domain age. The risk level is moderate, primarily due to privacy compliance shortcomings and limited security policy disclosures. Strategic recommendations include implementing clear privacy and cookie policies, enhancing security headers, and publishing incident response information to improve trust and compliance.

M

Mautic

mautic-vr.ch

44

The website at mautic-vr.ch/s/login serves as a login portal for the Mautic marketing automation platform. It targets users such as marketers and administrators who utilize Mautic's services. The site is minimalistic, focusing on user authentication without providing extensive business or policy information. The technical infrastructure is based on the Mautic CMS platform, utilizing JavaScript and Froala editor libraries. The site shows basic mobile optimization and accessibility but lacks SEO optimization and comprehensive metadata. Security measures include CSRF tokens and password input masking; however, no explicit security headers or HTTPS status were provided, indicating room for improvement in security posture. Privacy and compliance policies are absent from this page, limiting transparency and GDPR compliance indicators. Overall, the site is functional but basic in content and security maturity.

B

billbox AG

billbox.com

55

billbox AG is a Swiss-based technology company specializing in digital invoice management and financial process automation. With over two decades of experience, the company offers web-based software solutions that enable businesses to digitize and control their financial workflows efficiently. Their services include business partner management, reporting, and integration with various ERP and accounting systems, positioning them as a trusted partner for companies seeking digital transformation in financial operations. The website reflects a mature, professional business with a clear focus on innovation, security, and customer-centric services. Technically, the site employs modern web technologies such as Bootstrap, jQuery, and Google reCAPTCHA, ensuring a responsive and secure user experience. Security practices include HTTPS enforcement and data encryption, although some improvements like DNSSEC and security headers could enhance their posture. Overall, the domain's long history and consistent WHOIS data support the company's legitimacy. The site is fully accessible without WAF or blocking mechanisms, and privacy compliance is addressed through a privacy policy and cookie consent banner.

A

ALEKS & SHANTU GmbH

aleksundshantu.com

53

ALEKS & SHANTU GmbH is a Berlin-based full-stack digital agency specializing in web development, design, animation, film production, and digital marketing services. With over 30 employees and a portfolio of more than 1000 projects, the company serves clients across diverse sectors including art, culture, industry, medicine, TV, and technology. The agency emphasizes high aesthetic standards, scalability, and technical precision, positioning itself as a trusted partner for digital-first movers and brands seeking impactful online presence. Technically, the website leverages modern frameworks such as Next.js and React, incorporates advanced multimedia elements like Lottie animations and video content, and demonstrates strong SEO and accessibility practices. The site is mobile-optimized and performs well, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, includes key security headers, and maintains secure contact forms with clear privacy policies. However, the absence of a published security policy and incident response contacts suggests room for improvement in formal security governance. No vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional, trustworthy, and well-structured digital presence. The main risk factor is the lack of WHOIS domain registration data, which raises questions about domain legitimacy and registration transparency. This should be investigated further to ensure full trustworthiness.

The website ospedaledelgiocattolo.ch currently displays a PHP version unsupported error page managed by Hostpoint AG, the largest Swiss web hosting provider. The site lacks any accessible business content, contact information, or compliance policies, indicating it is either under maintenance or misconfigured. The technical infrastructure relies on an outdated PHP version and includes jQuery 3.6.0, with no visible modern frameworks or CMS. Security posture is weak due to the unsupported PHP version and absence of security headers or HTTPS enforcement. Privacy compliance is non-existent, with no privacy or cookie policies found. Overall, the site presents a low trust profile and poor user experience.

Jsabelle Forrer is a small Swiss-based design service provider specializing in graphic, web, and app design as well as illustration. The website presents a professional design with clear focus on delivering quality design experiences to consumers. The technical infrastructure is based on BaseKit CMS and hosted by Hoststar, utilizing modern web fonts and iconography. However, the site lacks critical privacy and cookie policies, contact information, and security disclosures, which impacts its compliance and trustworthiness. Security posture is minimal with no detected security headers or incident response information. Overall, the website is functional and professional but requires improvements in privacy compliance and security best practices to enhance trust and regulatory adherence.

I

INWX

inwx.de

68

INWX is a well-established domain registrar based in Germany, operating since 2004 with a strong market presence and over 100,000 customers worldwide. The company offers comprehensive domain registration services, including real-time registration, provider changes, and domain management via their Domain Robot platform. Their service portfolio also includes SSL certificates and hosting solutions, targeting businesses and individuals seeking domain-related services. The website is professionally designed, multilingual, and provides extensive TLD options with transparent pricing. Technically, the site uses a modern JavaScript stack with jQuery, Slick Carousel, and Matomo analytics, hosted behind Cloudflare for performance and security. Security posture is strong, with HTTPS, two-factor authentication, Whois privacy, DNSSEC, and Anycast DNS. However, explicit privacy and cookie policies are not found in the provided content, which is a compliance gap. No direct contact emails or phone numbers are visible, which may affect user trust and support accessibility. Overall, the domain registration data aligns well with the website content, indicating high legitimacy and trustworthiness.

L

LeanData, Inc

leandata.com

66

LeanData, Inc is a technology company specializing in intelligent go-to-market orchestration solutions designed to improve buyer experience, accelerate revenue, and enhance operational alignment for B2B companies. The company positions itself as an established player in the GTM orchestration space, offering SaaS-based services that integrate with sales and marketing operations. The website reflects a mature digital presence with professional design, clear messaging, and comprehensive privacy and cookie policies, indicating a strong commitment to user experience and compliance. Technically, the website is built on WordPress with a modern tech stack including jQuery, HubSpot, Clearbit, and Cookiebot for marketing, analytics, and consent management. SEO is well implemented with Yoast SEO and structured data (JSON-LD) for enhanced search visibility. Performance is moderate with good mobile optimization and basic accessibility features. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security headers and publicly available security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the analyzed content. The absence of WHOIS registrant data slightly reduces trust but is common for commercial entities using privacy protection. Overall, LeanData's website demonstrates a solid business and technical foundation with good privacy compliance and marketing sophistication. Recommendations include enhancing security headers, publishing security policies, and providing clearer direct contact information to improve trust and security posture.

D

Dept (formerly Hinderling Volkart)

hinderlingvolkart.com

67

The website represents the rebranding of Hinderling Volkart as part of the global digital agency Dept. It positions itself as a leading full-service digital agency in Switzerland with a broad range of services from strategy to experience design. The site is professionally designed with modern technologies such as Vue.js and Nuxt.js, and integrates analytics and marketing tools like Google Analytics and Google Tag Manager. Security posture is good with HTTPS enabled and no visible vulnerabilities, but lacks some security headers and explicit privacy and terms policies. The missing WHOIS data is a concern but the website's professional appearance and parent company affiliation mitigate trust issues. Overall, the site is a credible digital agency landing page with room for improvement in compliance transparency and security hardening.

T

ti&m AG

ti8m.com

76

ti&m AG is a Swiss-based technology company specializing in digital solutions and security products, serving clients primarily in Switzerland and the European Union. Positioned as a market leader, the company focuses on innovation projects and digital transformation services. Their website reflects a professional and modern digital presence, emphasizing their expertise and leadership in the technology sector. The company targets business clients seeking advanced digital and security solutions, leveraging certifications such as ISO 27001 to reinforce trust and credibility. The technical infrastructure of the website includes modern web technologies and multiple analytics tools such as Google Analytics, Microsoft Clarity, Hotjar, and LinkedIn Insight Tag, integrated with a consent management platform (OneTrust) to ensure GDPR compliance. The site is mobile-optimized, accessible, and SEO-friendly, indicating a mature digital strategy. However, the absence of explicit CMS or hosting provider details limits full infrastructure transparency. From a security perspective, the website enforces HTTPS with strong SSL configuration and employs privacy-conscious tracking practices like IP anonymization. While security headers are implied, explicit implementation details are not fully visible. The presence of ISO 27001 certification suggests a robust internal security framework, though the lack of a dedicated security policy or incident response page indicates room for improvement in transparency and readiness. Overall, the website presents a trustworthy and professional image with good privacy compliance and security posture. The main risk factor is the lack of WHOIS data, which raises questions about domain registration transparency. Strategic recommendations include enhancing security header implementation, publishing detailed security policies, and establishing clear incident response contacts to further strengthen trust and compliance.

P

Puzzle ITC

puzzle.ch

70

Puzzle ITC is a Swiss-based technology company specializing in open source software and sustainable IT solutions. They offer a broad range of services including digital transformation, software development, platform engineering, cloud infrastructure, AI, IT security, and mobility IT services. Their market presence is focused on Switzerland and parts of Germany, targeting businesses and organizations seeking innovative and sustainable IT solutions. The company demonstrates a solid market position with reputable client partnerships and a professional online presence. Technically, the website is built on WordPress with modern technologies such as Yoast SEO, Matomo analytics, and Google reCAPTCHA, indicating a mature digital infrastructure. The site is mobile-optimized and SEO-friendly, though accessibility features could be improved. Performance is moderate, and the site uses structured data for enhanced search engine understanding. From a security perspective, the site enforces HTTPS and uses privacy-conscious analytics (Matomo). However, it lacks explicit security policies, incident response contacts, and security headers, which are areas for improvement. Privacy compliance is partial, with no visible privacy or cookie policies and no consent mechanisms, which could pose compliance risks. Overall, Puzzle ITC presents a trustworthy and professional business with a good security posture but should enhance privacy and security transparency to meet higher compliance standards and user trust expectations.