Security Directory

V

VPG Vienna PASS GmbH

viennapass.de

40

VPG Vienna PASS GmbH operates the Vienna Pass website, offering sightseeing passes for tourists visiting Vienna. The business provides two main products: the Vienna PASS with access to up to 90 attractions and the Flexi PASS with a flexible number of visits. The website is built on TYPO3 CMS and integrates modern marketing and payment technologies such as Google Tag Manager, Usercentrics for consent management, and Adyen for payments. The site demonstrates good content quality, clear navigation, and mobile optimization, targeting tourists and culture enthusiasts. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture and trustworthiness. Privacy and cookie policies are present and GDPR compliant, with active social media engagement and trust signals like Trustpilot and money-back guarantees enhancing business credibility.

W

WienTourismus

viennacitycard.at

40

The website viennacitycard.at serves as the official platform for the Vienna City Card, a tourism product offering public transport access and discounts in Vienna. It is operated by WienTourismus and targets tourists seeking convenient mobility and sightseeing benefits. The site features a modern TYPO3 CMS infrastructure with Alpine.js for interactivity, hosted behind Cloudflare. While the site is content-rich, well-branded, and professionally designed with good mobile optimization and accessibility, it suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy compliance is strong, with a clear privacy policy, cookie consent via Usercentrics, and GDPR adherence. The site integrates Matomo analytics and Google Tag Manager for tracking, balanced with user privacy controls. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to ensure secure user interactions.

T

TÜV NORD

tuev-nord.de

40

TÜV NORD is a well-established enterprise-level company specializing in safety, certification, and training services across multiple sectors including energy, transportation, real estate, healthcare, and technology. The website presents a professional and consistent brand image with comprehensive content targeting both private and business customers. The technical infrastructure is based on TYPO3 CMS with integration of modern marketing and analytics tools, though performance metrics indicate room for improvement. Security posture is weakened by the absence of a valid SSL certificate and HTTPS, which is a critical issue. Privacy compliance is well addressed with consent management and GDPR-aligned policies. Overall, the site is trustworthy but requires urgent security enhancements to protect user data and improve trust.

F

freenet Internet

freenet-internet.de

40

freenet Internet is a German telecommunications provider specializing in flexible internet tariffs that can be managed entirely via a mobile app. Their offerings include DSL and 5G internet services with monthly cancellable contracts, targeting customers who value freedom and simplicity. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and hosted on Amazon Web Services infrastructure, leveraging CloudFront CDN for content delivery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The presence of SPF and DMARC records indicates some email security awareness, but no advanced security headers or mechanisms are implemented. Privacy and terms of service documents are present and appear comprehensive, but no cookie consent mechanism is detected. Overall, the site provides good content quality and user experience but requires urgent improvements in security posture to protect users and enhance trust.

I

IXOPAY GmbH

tokenex.com

70

IXOPAY GmbH operates a sophisticated enterprise payment orchestration and tokenization platform designed to streamline global payments for merchants and enterprises. The company positions itself as a scalable and flexible solution provider, offering a wide range of payment modules and services that enhance authorization rates, PCI compliance, and payment data management. Their market focus includes fintech, e-commerce, and financial services sectors, targeting businesses that require advanced payment orchestration capabilities. The website content is professionally designed, well-structured, and optimized for user experience and SEO, reflecting a mature digital presence. Technically, the website leverages modern JavaScript frameworks and integrates third-party tools such as Sentry for error tracking, Google Tag Manager for analytics, and ChiliPiper for lead routing. Hosting is provided via Cloudflare, ensuring robust CDN and security features. Performance is fast, and the site is mobile-optimized with good accessibility standards. Structured data in JSON-LD format enhances search engine understanding and business credibility. From a security perspective, the site enforces HTTPS with strong security headers and OCSP stapling, though HSTS is not fully enabled according to SSL info. No critical vulnerabilities were detected in SSL/TLS configuration. However, the absence of a visible cookie consent mechanism and a formal incident response or vulnerability disclosure policy indicates areas for compliance and security posture improvement. No direct contact emails or phone numbers are publicly listed, with contact primarily via forms and legal pages. Overall, IXOPAY demonstrates a strong business and technical foundation with a high level of professionalism and trustworthiness. Strategic enhancements in privacy compliance and security transparency would further strengthen their market position and customer confidence.

B

Bertelsmann Marketing Services

bertelsmann-marketing-services.com

50

Bertelsmann Marketing Services is a large, Germany-based media and marketing services company, operating as a 100% subsidiary of Bertelsmann. The company specializes in direct marketing, printing services, and multi-channel campaign management, serving a broad range of clients including retail, industrial, and publishing sectors. The website is professionally designed, content-rich, and well-structured, supporting both German and English languages. Technically, the site uses TYPO3 CMS and is hosted on infrastructure managed by Arvato Systems. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. Security headers are partially implemented but insufficient to mitigate risks fully. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism in place. Business credibility is high, supported by certifications and active communication through press releases and social media.

A

Arvato SE

arvato.com

53

Arvato SE is a global enterprise specializing in third-party logistics (3PL), supply chain management, and digital logistics solutions. The company serves a diverse range of industries including e-commerce, B2B, and transportation, offering services such as warehousing, fulfillment, transport management, and digital customer experience solutions. Their market position is strong with a broad international footprint and multiple regional subsidiaries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed service descriptions. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Security-wise, the absence of HTTPS and security headers are critical issues, though cookie consent and privacy compliance are well implemented. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

R

RTL Group

rtlgroup.com

54

RTL Group is a major European entertainment company with a broad portfolio of TV channels, streaming services, radio stations, and content production subsidiaries. The company is publicly traded and majority owned by Bertelsmann, with a strong market position in multiple European countries. The website presents comprehensive business information, investor relations, career opportunities, and corporate responsibility content, reflecting a mature and professional digital presence. Technically, the site uses nginx and a custom CMS, with Google Tag Manager for analytics. However, a critical security weakness is the lack of a valid SSL certificate and absence of HTTPS, which severely impacts the security posture. Privacy and cookie policies are not explicitly found, though a consent mechanism is present. Overall, the site is well-designed and content-rich but requires urgent security improvements.

B

Bertelsmann SE & Co. KGaA

bertelsmann.com

52

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating through multiple divisions such as RTL Group, Penguin Random House, BMG, and Arvato Group. The company provides a wide range of media, publishing, entertainment, and service offerings targeting journalists, investors, applicants, and the general public. The website reflects a mature digital presence with comprehensive corporate, investor, and media information, supported by strong branding and consistent content quality. Technically, the site uses established technologies like jQuery, Bootstrap, and Cookiebot for consent management, hosted on AWS CloudFront CDN. However, the absence of a valid SSL/TLS certificate and disabled HTTPS protocols represent critical security gaps. Security headers and content security policies are implemented but cannot compensate for the lack of HTTPS, which is essential for protecting user data and trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

B

Bertelsmann

createyourowncareer.de

40

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

R

Roca Sanitario S.A.U.

roca.com

64

Roca Sanitario S.A.U. is a global leader in bathroom products with a presence in over 170 countries. The company offers a wide range of innovative, sustainable bathroom solutions targeting both consumers and professionals. Their website reflects a mature digital presence built on Liferay DXP, featuring rich content including product collections, professional resources, and corporate information. The site is well-branded and professionally designed, with good navigation and mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user trust and data security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via forms and social media, with no direct emails or phone numbers exposed. Overall, the website is functional and credible but requires urgent security improvements to protect users and enhance trust.

L

Landitec GmbH

landitec.com

53

Landitec GmbH is a medium-sized German company specializing in high-quality, flexible, and high-performance appliance solutions and services for the B2B sector. They focus on customized IT security appliances and software solutions, including network hardware, edge AI, 5G, and industrial applications. The company holds a strong market position as an OPNsense Platinum Partner and collaborates with notable partners such as SECUDOS and Barracuda. Their offerings include both hardware and software appliances, tailored to customer needs from initial concept to final product delivery. Technically, the website is built on Joomla CMS with the Helix Ultimate framework, utilizing modern libraries like jQuery and Bootstrap. The site is well-structured, mobile-optimized, and includes SEO best practices. However, the absence of a valid SSL certificate and HTTPS significantly impacts their security posture. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating good privacy compliance. Analytics usage is moderate, primarily via Google Analytics and Tag Manager. Security-wise, the lack of valid HTTPS is a critical issue that lowers the overall security score. Other security best practices such as HSTS, OCSP stapling, and session resumption are not implemented. No explicit security policy or incident response information is found. The company provides clear contact information and maintains a professional online presence, but should prioritize securing their website with valid SSL certificates to enhance trust and compliance. Overall, Landitec GmbH presents a professional and credible business with solid technical infrastructure but requires urgent improvements in security configuration to meet modern standards and ensure customer trust.

X

Xanadu

xanadu.ai

51

Xanadu is a Canadian quantum computing company focused on developing photonic quantum hardware and quantum software tools such as PennyLane and Catalyst. The company positions itself as an innovator in scalable, networked, and modular quantum computers, targeting researchers, developers, and enterprises interested in quantum technologies. Their partnerships with major automotive companies like Volkswagen and BMW highlight their industry collaborations and market relevance. Technically, the website is built on modern frameworks like React and Gatsby, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of security headers, and no advanced TLS configurations. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

V

Valmet

valmet.com

55

Valmet is a global enterprise specializing in technologies, services, and automation solutions for the pulp, paper, tissue, and energy industries. The company positions itself as a reliable technology partner with a comprehensive offering that supports customers' performance improvements. The website reflects a mature digital presence with multi-language support, detailed industry-specific content, and extensive navigation structures. Technically, the site uses modern web technologies including jQuery, Bootstrap, Vue.js, and integrates analytics and marketing tools such as Google Analytics, Microsoft Application Insights, and Pardot. However, a critical security concern is the invalid SSL certificate, which undermines the site's HTTPS security posture despite the presence of security headers and cookie protections. Privacy and cookie policies are well implemented with consent mechanisms, indicating good compliance with GDPR. Overall, the site demonstrates strong business credibility and professional quality but requires urgent remediation of SSL issues to enhance security and trust.

A

Aalto-yliopisto

aalto.fi

40

Aalto-yliopisto is a leading multidisciplinary university in Finland specializing in technology, business, and arts. The website reflects a mature digital presence with comprehensive content targeting students, researchers, staff, and partners. It offers extensive information on education programs, research initiatives, events, and community engagement. The site is multilingual and well-branded, emphasizing sustainability and innovation. Technically, the site is built on Drupal 10 CMS, leveraging modern JavaScript libraries, CDN caching via Fastly, and integrates analytics and consent management tools such as Google Tag Manager and Cookiebot. The site is mobile-optimized, accessible, and SEO-friendly, with fast loading times and clear navigation. Security posture is strong with HTTPS enforced, valid SSL certificates, and multiple security headers. However, DNSSEC and CAA records are not implemented, which could enhance DNS security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is available but lacks explicit security incident response contacts. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing DNS security, publishing vulnerability disclosure information, and improving incident response transparency.

P

PBS SoCal

kcet.org

53

PBS SoCal is a prominent public media organization serving the Greater Los Angeles and Southern California region. As a non-profit entity and a member of the Public Media Group of Southern California, it provides a wide range of PBS programming, local content, and educational resources. The website reflects a strong brand presence with consistent messaging and a focus on community engagement through various media formats including video, news, and educational tools. Technically, the website employs modern web technologies such as Polymer for custom elements, integrates multiple analytics and advertising platforms including Google Tag Manager, Facebook SDK, and Fathom Analytics, and is hosted on Amazon AWS infrastructure. However, the site suffers from a critical security issue due to an invalid or missing SSL certificate, which undermines the security posture and user trust. Performance is moderate with a relatively high page size and load time, but mobile optimization and accessibility are well addressed. From a security perspective, the absence of a valid SSL certificate and lack of security headers are significant vulnerabilities that need immediate remediation. Privacy compliance is well handled with clear privacy and cookie policies, including GDPR compliance indicators and consent mechanisms. Business credibility is strong with clear contact information, social media presence, and trust signals such as PBS Passport membership. Overall, while the site excels in content quality and business credibility, the security shortcomings notably reduce its overall risk posture. Strategic improvements in SSL implementation and security headers are recommended to enhance user trust and compliance.

A

AkzoNobel Powder Coatings

interpon.com

54

AkzoNobel Powder Coatings, represented by the Interpon brand, is a global leader in manufacturing powder coatings tailored for diverse industries such as architectural, automotive, industrial, and agricultural equipment. The company emphasizes innovation, sustainability, and a broad color palette to meet varied customer needs. The website reflects a professional and consistent brand image with comprehensive content and clear navigation, targeting B2B customers in manufacturing sectors. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries and integrates privacy management tools like OneTrust and Google Tag Manager for analytics and consent management. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap, exposing users to potential risks. The site lacks explicit security policies and incident response information, which could be improved to enhance trust and compliance. Overall, the website is content-rich and professionally presented but requires urgent security enhancements to meet modern standards.

R

Redinter

redinter.cl

69

Redinter is a medium-sized energy company operating primarily in northern Chile, specializing in electrical transmission infrastructure. It is part of the larger Redeia group, which enhances its market position and credibility. The company focuses on ensuring secure and continuous electricity supply through its regional concessions and partnerships. The website reflects a professional corporate presence with clear business descriptions, contact information, and social media engagement. Technically, the site is built on Drupal 10, uses modern web technologies, and is hosted behind Imperva CDN, ensuring good performance and availability. Security posture is solid with HTTPS, OCSP stapling, and secure cookies, though improvements like full HSTS enablement and DNSSEC could be made. Privacy compliance is basic with a privacy policy and cookie consent implemented via Cookiebot. Overall, the site is trustworthy and well-maintained, supporting Redinter's business objectives effectively.

R

Redinter

redinter.pe

70

Redinter is a medium-sized energy sector company operating in Peru, specializing in the design, construction, operation, and maintenance of high voltage electrical transmission infrastructure. It is part of the Redeia group, a recognized leader in the energy transmission industry. The website presents a professional and well-structured digital presence with content primarily in Spanish, targeting energy sector clients and stakeholders in Peru. Technically, the site is built on Drupal CMS, uses modern web technologies, and is hosted behind Imperva Incapsula CDN/WAF, ensuring good performance and security. The SSL configuration is robust with OCSP stapling and no known vulnerabilities. Privacy compliance is basic but includes a cookie consent mechanism via Cookiebot. Contact information is clearly provided, enhancing business credibility. Overall, the site demonstrates a good balance of content quality, technical implementation, and security posture.

I

InterNations

internations.org

66

InterNations is a leading global community platform for expatriates, offering networking, events, and destination guides across 420 cities worldwide. The website targets expatriates and global minds seeking connection and information about living abroad. Technically, the site employs modern JavaScript frameworks, Webpack bundling, and integrates monitoring and analytics tools such as New Relic, Google Analytics, and Cookiebot for consent management. Hosting is via Cloudflare CDN, ensuring performance and availability. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header configurations and secure cookie practices. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

H

Hochschule Ruhr West

hs-ruhrwest.de

40

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

B

BG Kliniken – Klinikverbund der gesetzlichen Unfallversicherung gGmbH

bg-kliniken.de

40

BG Kliniken is a large non-profit healthcare organization in Germany specializing in acute care and rehabilitation for severely injured and occupationally ill patients. It operates one of the largest trauma center networks in the country, offering comprehensive medical services, research, and professional training through its BG Kliniken Akademie. The website is professionally designed with clear navigation targeting patients, insurance carriers, referring physicians, and job applicants. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Usercentrics for cookie consent and Google Tag Manager for analytics. However, the site suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. DNS records show well-configured SPF and DMARC policies, enhancing email security. Overall, the site demonstrates strong business credibility and privacy compliance but requires urgent security improvements.

G

Georgetown University

georgetown.edu

61

Georgetown University is a prestigious higher education institution located in Washington, DC, offering a wide range of academic programs, research initiatives, and campus life services. The website reflects a strong brand presence with comprehensive content targeting prospective students, faculty, alumni, and the public. Technically, the site is built on WordPress with modern libraries such as jQuery and Swiper.js, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS and security headers, although no major vulnerabilities like Heartbleed or POODLE were detected. Privacy compliance is moderate with a clear privacy policy but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

A

A1 Telekom Austria Group

a1blog.net

64

A1 Telekom Austria Group operates the website a1blog.net as a content platform focused on internet, smartphones, digital life, and related telecommunications services primarily targeting Austrian consumers. The site serves as a marketing and informational blog, showcasing product news, tips, and corporate social responsibility initiatives. Technically, the site is built on the Liferay CMS platform, leveraging modern JavaScript frameworks including React and Alloy UI, and integrates Google Tag Manager and OneTrust for analytics and cookie consent management. Despite rich content and professional design, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies in German, aligned with GDPR requirements. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

A

A1 Telekom Austria AG

a1click.at

40

A1click.at is an online marketplace operated under the A1 Telekom Austria AG brand, offering a curated selection of digital, entertainment, energy, finance, and insurance products. The platform leverages trusted partnerships and the A1 Trusted Brands certification to provide exclusive deals and services to Austrian consumers. The website features a modern frontend technology stack including Alpine.js and Tailwind CSS, integrated with multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. Despite a professional design and good content quality, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism powered by OneTrust and a clear privacy policy in German. Contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses disclosed. Overall, the website presents a solid business presence with room for improvement in technical security and performance optimization.

N

NoStress Commerce s.r.o.

nostresscommerce.com

68

Koongo, operated by NoStress Commerce s.r.o., is a specialized SaaS platform designed to help online sellers succeed on multiple marketplaces by automating product feed management and order synchronization. The company targets e-commerce businesses seeking to expand their sales channels efficiently, offering integrations with over 500 sales platforms including Amazon, eBay, and Google Shopping. The website presents a professional and consistent brand image with comprehensive content and clear calls to action such as free trials and customer testimonials. Technically, the site is built on WordPress with a modern JavaScript stack and integrates various analytics and marketing tools. While the SSL configuration is functional with TLS 1.2 and strong cipher suites, it lacks TLS 1.3 support and advanced security headers, which could be improved. Privacy compliance is strong, featuring detailed cookie consent mechanisms and a comprehensive privacy policy. Overall, the website demonstrates a mature digital presence with good security posture and privacy practices, though performance optimization is needed due to slow load times and large page size.

S

Spotler

flowmailer.net

48

Spotler is a technology company specializing in data driven marketing software with a strong emphasis on transactional email delivery through its SendPro platform. The company holds a reputable market position in the Netherlands, supported by ISO 27001 certification and trusted by a range of clients from small to large enterprises. The website content is professionally presented, targeting businesses requiring reliable and fast transactional email services integrated with marketing automation capabilities. Technically, the site is built on WordPress with multilingual support and uses modern tools like Google Tag Manager and Cloudflare for performance and security. However, the absence of a valid SSL certificate significantly weakens the security posture, exposing the site to risks and reducing trust in secure communications. Privacy compliance is well addressed with clear privacy and cookie policies, though no explicit consent mechanism was detected. Overall, the site demonstrates good business credibility and technical maturity but requires urgent remediation of SSL/TLS issues to enhance security and user trust.

J

J2 Global Canada, Inc.

smtp.com

55

SMTP.com is an enterprise-level email delivery and relay service operated by J2 Global Canada, Inc., a subsidiary of Ziff Davis. The company offers a comprehensive suite of email services including SMTP relay, transactional email, and email API solutions, targeting businesses and developers with high volume and transactional email needs. The website demonstrates a strong market position with over 20 years of industry experience and a focus on deliverability and reputation management. Technically, the site is built on WordPress with Elementor and uses a variety of marketing and analytics tools such as Visual Website Optimizer and Google Tag Manager. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security vulnerability. Additionally, a subdomain takeover vulnerability exists on staging.smtp.com, posing a risk to brand reputation and security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms in place. Overall, the site presents a professional business front but requires urgent security improvements to protect user data and maintain trust.

K

Kommo

amocrm.com

57

Kommo (amocrm.com) is a technology company providing a cloud-based CRM platform focused on sales automation through messaging apps such as WhatsApp, Instagram, and SMS. The platform targets small businesses and entrepreneurs globally, offering a comprehensive suite of tools including customizable sales pipelines, unified chat inbox, AI-powered chat management, and sales automation bots. The website demonstrates a strong market position with extensive customer testimonials, case studies, and partner badges, indicating a mature and trusted brand in the CRM space. Technically, the site leverages modern JavaScript frameworks, Cloudflare CDN, and integrates multiple third-party marketing and analytics tools. However, a critical security weakness is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR alignment. Overall, the site is professional and user-friendly but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain trust.

I

IXOPAY GmbH

ixopay.com

56

IXOPAY GmbH is a medium-sized enterprise based in Austria specializing in enterprise payment orchestration and tokenization solutions. The company offers a comprehensive platform designed to improve authorization rates, streamline PCI compliance, and unify payment data for merchants and enterprises globally. Their business model focuses on providing modular payment services and connectivity to multiple payment processors, targeting B2B clients in finance and technology sectors. The website demonstrates strong branding consistency, professional content, and trust indicators such as client testimonials and social media presence. Technically, the website leverages modern JavaScript technologies, integrates third-party services like Sentry for error tracking, ChiliPiper for lead routing, and TokenEx for tokenization. It is hosted behind Cloudflare, which provides DNS and CDN services. However, performance is currently slow, and accessibility is basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, while the website implements several important HTTP security headers and secure cookie attributes, it suffers from a critical SSL/TLS misconfiguration with no valid certificate and no enabled TLS protocols. This severely impacts the security posture and trustworthiness of the site. Privacy compliance is generally good with a comprehensive privacy policy and GDPR indicators, but no explicit cookie consent mechanism was detected. Overall, IXOPAY presents a professional and credible business front with strong technical foundations but requires urgent remediation of SSL/TLS issues to ensure secure and trusted operations. Strategic improvements in performance and privacy consent mechanisms would further enhance their digital maturity.

F

freenet DLS GmbH

mobilcom-debitel.de

40

Freenet DLS GmbH operates mobilcom-debitel.de, a major German telecommunications retail website offering mobile tariffs, devices, and related services. The company targets German consumers seeking mobile phone plans and devices, positioning itself as a comprehensive provider with a broad product portfolio. The website demonstrates a mature digital infrastructure leveraging Cloudflare CDN, modern JavaScript libraries, and personalization tools like Kameleoon. Security posture is strong with HTTPS, valid SSL certificates, SPF and DMARC email protections, and secure cookie settings, though some improvements are recommended such as enabling HSTS in SSL config and adding CSP headers. Privacy compliance is moderate due to the absence of explicit privacy and cookie policies or consent mechanisms. Overall, the site is professional, well-branded, and trustworthy with good SEO and user experience.

V

Vayamed GmbH

vayamed.com

56

Vayamed GmbH operates as a specialized healthcare provider focusing on medical cannabis therapies, offering high-quality, natural cannabinoid products and expert consultation services primarily to patients, doctors, and pharmacists in Germany. The company is part of the larger Sanity Group, positioning itself as a reputable player in the medical cannabis market with a medium-sized business footprint. Their digital presence is built on WordPress with WooCommerce, integrating modern marketing and consent management tools. However, the website lacks a valid SSL certificate, which critically impacts its security posture. While security headers are partially implemented, the absence of HTTPS and modern TLS protocols exposes the site to significant risks. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Contact information is prominently displayed, enhancing business credibility. Overall, the site demonstrates good content quality and SEO practices but requires urgent security improvements to protect user data and maintain trust.

V

vaay

vaay.com

69

vaay is a German-based e-commerce company specializing in high-quality CBD and hemp-derived products. The company operates under Sanity Care GmbH and maintains a strong market position by focusing on product quality, transparency, and customer education. Their product range includes CBD oils, vape pens, sleep sprays, active gels, massage oils, and bath bombs, targeting wellness and lifestyle consumers. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content in German with some English options. Technically, vaay leverages Shopify as its platform, enhanced with various marketing, analytics, and customer support tools such as Klaviyo, Usercentrics, Reamaze, and Littledata. Security measures include valid SSL, strong security headers, and secure cookie practices, although HSTS could be further strengthened. Privacy compliance is robust with clear policies and consent mechanisms. Overall, vaay demonstrates a mature digital presence with good security posture and privacy awareness, making it a trustworthy and professional online retailer in the CBD sector.

B

Bertelsmann

createyourowncareer.com

40

CreateYourOwnCareer.com is a career portal operated under the Bertelsmann group, a large multinational media and services conglomerate founded in 1835. The website provides comprehensive career-related content including job listings, graduate programs, internships, and networking events targeting students, graduates, and professionals. The site is built on TYPO3 CMS and hosted via Arvato Systems, reflecting a mature technical infrastructure with modern content management but lacking in SSL/TLS security. While the site includes cookie consent mechanisms and uses Google Analytics and Tag Manager for tracking, it lacks a valid HTTPS configuration, which is a critical security deficiency. The site demonstrates good content quality, branding consistency, and professional design, but the absence of HTTPS and related security best practices significantly lowers its security posture and overall trustworthiness.

A

Acrilys

acrilys.com.br

60

Acrilys is a Brazilian manufacturing company specializing in plastic technologies, particularly injection molding and vacuum forming with proprietary tooling. The company emphasizes sustainability and ecological awareness, investing in people and technology to deliver innovative and efficient solutions. Their market position is strengthened by certifications such as ISO 9001:2015 and IATF 16949:2016, indicating a commitment to quality and automotive industry standards. The website targets industrial clients and businesses requiring plastic manufacturing services, primarily in Brazil. Technically, the website is built on Webflow CMS, hosted and served via Cloudflare, and uses modern web fonts and libraries. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security flaw. The presence of a cookie consent mechanism and privacy policy indicates some privacy compliance, though GDPR compliance is not fully evident. Overall, the security posture is weak due to missing SSL and lack of incident response information. The website is professionally designed with good content quality and navigation but requires urgent security improvements to protect user data and enhance trust.

A

AKZONOBEL LTDA.

coralmatiz.com.br

46

Coral Matiz is a Brazilian loyalty and professional engagement platform operated by AKZONOBEL LTDA., targeting architects, interior designers, and landscapers. The platform offers curated content, professional tools, and a points-based rewards program to enhance user engagement and brand loyalty. The website is well-branded and content-rich, with clear navigation and a focus on professional users and students in the design sector. Technically, the site uses a modern front-end stack including Bootstrap, jQuery, and integrates Google Analytics and Tag Manager for tracking. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to risks when submitting sensitive personal data. Privacy and cookie policies are comprehensive and GDPR/LGPD compliant, with consent mechanisms implemented. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and comply with best practices.

A

Akzo Nobel N.V.

akzonobel.com

72

Akzo Nobel N.V. is a global leader in the manufacturing and distribution of paints and coatings, with a rich history dating back to 1792. The company operates in over 150 countries and manages a portfolio of well-known brands such as Dulux, International, Sikkens, and Interpon. Their business model focuses on providing innovative and sustainable surface solutions to a wide range of industries including manufacturing, energy, and transportation. The website reflects a mature digital presence with comprehensive content aimed at customers, investors, and partners worldwide. Technically, the website is built on Adobe Experience Manager (AEM) and leverages modern web technologies including HTML5, CSS3, JavaScript, and various marketing and analytics tools such as Google Tag Manager and Adobe DTM. Hosting is provided via Amazon AWS infrastructure. While the site is mobile-optimized and accessible, performance is somewhat slow with a load time exceeding 8 seconds, indicating room for optimization. From a security perspective, the site employs HTTPS with a valid SSL certificate, SPF and DMARC email authentication records, and no detected vulnerabilities or subdomain takeover risks. However, security headers like HSTS and OCSP stapling are not enabled, and TLS 1.3 is not supported, suggesting moderate security posture. Privacy compliance is strong with clear privacy and cookie policies and an active consent mechanism, aligning with GDPR requirements. Overall, the website demonstrates a high level of professionalism, trustworthiness, and business credibility. The main risks relate to technical performance and some security hardening opportunities. Strategic recommendations include enhancing SSL configurations, enabling advanced security headers, improving page load times, and maintaining rigorous privacy compliance to sustain trust and regulatory adherence.

I

Incepa

banheirosincepa.com.br

38

Incepa is a Brazilian manufacturing company specializing in bathroom and kitchen sanitary products, including ceramic sanitary ware, accessories, and complementary items. The company has recently integrated with the Roca brand, enhancing its market position. The website serves as a product catalog and brand promotion platform targeting residential customers, hotels, construction companies, and public environments. Technically, the site uses an Apache server with PHP 7.3.33 and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and OneTrust for cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The website content is well-structured and professionally designed, but privacy and security policies are missing or not clearly presented. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance.

B

Baloise Gruppe

baloise.com

55

Baloise Gruppe is a leading European insurance and financial services provider with a strong presence in Switzerland, Germany, Luxembourg, Belgium, and Liechtenstein. The company offers a wide range of insurance products, financial solutions, and career opportunities, targeting both private and institutional customers. Their website reflects a professional and comprehensive digital presence with extensive content, multi-language support, and clear navigation. Technically, the site employs modern web components and integrates various marketing and analytics tools, though it suffers from an invalid SSL certificate which impacts its security posture. The security configuration lacks essential headers and proper SSL, reducing the overall security score. Privacy compliance is well addressed with comprehensive policies and a robust cookie consent mechanism. Overall, the website is professional and trustworthy but requires urgent attention to its SSL configuration to enhance security and user trust.

U

UnternehmerTUM GmbH

unternehmertum.com

51

UnternehmerTUM GmbH is Europe's largest center for innovation and entrepreneurship, based in Germany, founded in 2002. It supports startups, founders, and companies by providing acceleration, incubation, corporate venturing, and networking services. The website is rich in content, professionally designed, and targets startups, researchers, and innovative companies. Technically, the site uses modern JavaScript frameworks, consent management tools, and analytics but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, which severely impacts its security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. Business credibility is high with clear contact information, social media presence, and structured data. Overall, the site is professional and trustworthy but urgently needs to fix its SSL/TLS configuration to improve security and user trust.

F

flexiWAN Ltd.

flexiwan.com

66

flexiWAN Ltd. operates a professional website focused on providing open source SD-WAN and SASE solutions, targeting MSPs and enterprise customers. The company positions itself as an innovator with a SaaS business model and partnerships with major technology players like Google and Intel. The website is built on WordPress with Elementor and WooCommerce, featuring rich content, structured data, and multiple trust signals including testimonials and partner logos. Technically, the site uses modern web technologies but suffers from slow load times and lacks some advanced security headers. The security posture is adequate with valid SSL and SPF/DMARC records but could be improved with HSTS and additional headers. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are missing. Overall, the site is professional and trustworthy but would benefit from performance and security enhancements.

6

6WIND

6wind.com

59

6WIND is a technology company specializing in virtualized and secure networking software solutions. Their offerings target communication service providers, mobile network operators, cloud providers, and enterprises worldwide. The company positions itself as a trusted provider of high-performance, scalable, and cost-effective networking software, including virtual service routers, host accelerators, and cloud-native solutions. The website reflects a professional and consistent brand with rich content, including testimonials, case studies, and video resources. Technically, the site is built on WordPress with the Avada theme and integrates modern libraries and marketing tools such as Google Analytics, Pardot, and LinkedIn widgets. However, the security posture is weakened by an invalid or missing SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications and trust. Privacy compliance is well-handled with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates good digital maturity but requires immediate attention to its SSL configuration to improve security and user trust.

E

Elewit

elewit.ventures

72

Elewit is a technology platform under the Redeia group focused on driving innovation in the energy and telecommunications sectors. The company operates through venture capital investments, innovation challenges, and partnerships with startups and technology providers to accelerate the energy transition and connectivity. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding aligned with its parent company. Technically, the site is built on Drupal CMS with modern libraries and integrates Google Analytics and Cookiebot for tracking and compliance. Security posture is solid with HTTPS, valid SPF and DMARC records, and OCSP stapling, though improvements like HSTS and DNSSEC are recommended. No critical vulnerabilities or exposed sensitive data were detected. Overall, Elewit presents a professional and trustworthy online presence with good privacy compliance and a well-established partner ecosystem.

R

Redinter

redinter.company

73

Redinter is a well-established energy infrastructure company specializing in the construction and management of high voltage electricity transmission networks across Latin America, primarily in Peru, Chile, and Brazil. As a subsidiary of Redeia, it benefits from strong corporate backing and a significant regional presence managing thousands of kilometers of transmission circuits. The company focuses on ensuring reliable and secure electricity supply, contributing to sustainable development in the regions it serves. Technically, the website is built on Drupal CMS, uses modern web technologies, and is hosted behind Imperva CDN/WAF, ensuring good performance and security. The site is well-structured, mobile-optimized, and includes comprehensive privacy and cookie policies with consent mechanisms. Security posture is strong with HTTPS enforcement, security headers, and no detected vulnerabilities. However, explicit security policies and incident response information are not publicly available. Overall, the website and business demonstrate a mature digital presence with good compliance and security practices.

R

Reintel

reintel.es

40

Reintel is the largest neutral operator of dark fiber infrastructure in Spain, operating as a subsidiary of Grupo Red Eléctrica (redeia). The company provides critical telecommunications infrastructure services including long-distance fiber networks, dedicated cables, equipment hosting, and customized connectivity solutions. Their market position is strong within the Spanish energy and telecommunications sectors, serving businesses requiring extensive fiber optic connectivity. The website reflects a mature digital presence built on Drupal 10, integrating modern technologies such as Google Tag Manager, Cookiebot for consent management, and Google Maps API. Despite a slow page load time, the site offers excellent content quality, clear navigation, and good mobile optimization. Security posture is solid with HTTPS, valid SSL certificates, and OCSP stapling, though improvements are recommended in DNS security and HTTP security headers. Privacy compliance is robust with comprehensive privacy and cookie policies and active consent mechanisms. Overall, Reintel demonstrates a professional and trustworthy online presence aligned with its business stature.

R

Red Eléctrica

ree.es

40

Red Eléctrica is the Spanish Transmission System Operator (TSO) responsible for the operation, development, and maintenance of the national electricity grid. The company plays a critical role in ensuring the quality and security of electricity supply across Spain and supports the country's ecological transition by integrating renewable energy sources and developing infrastructure projects. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design, targeting energy sector stakeholders and the general public interested in electricity data and sustainability. Technically, the site is built on Drupal 10 with modern front-end libraries and uses Akamai and Imperva for DNS and CDN services. However, a critical security shortcoming is the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is strong, supported by consistent branding, corporate governance links, and trust signals. Overall, the site scores well in content and business credibility but requires urgent improvements in SSL/TLS security to enhance trust and protect users.

V

VTT Technical Research Centre of Finland Ltd.

vtt.fi

40

VTT Technical Research Centre of Finland Ltd. is a leading European research institute providing visionary research, development, and innovation services across multiple sectors including energy, transportation, technology, manufacturing, and healthcare. The company offers a broad portfolio of advanced services such as 6G hardware technologies, quantum computing, cybersecurity, and sustainable development solutions. Their market position is strong, supported by extensive partnerships and a large expert community. Technically, the website is built on Drupal CMS with modern technologies and demonstrates good performance and accessibility. Security posture is solid with HTTPS, valid SPF, and OCSP stapling, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well managed with comprehensive cookie consent via Cookiebot and a detailed privacy policy. Overall, the website reflects a professional, trustworthy, and mature digital presence.

S

SQS - Software Quality Systems

sqs.es

40

SQS - Software Quality Systems is a medium-sized Spanish company specializing in software testing, quality assurance, certification, and data space services. It serves regulated sectors such as healthcare, pharmaceuticals, railways, and automotive, offering professional consulting, managed testing services, and training. The company holds multiple recognized certifications including ISO 9001, ISO/IEC 27001, and ENS, positioning itself as a trusted provider in the technology and regulated industries. Technically, the website is built on WordPress with Divi theme and integrates modern marketing and analytics tools such as Google Analytics, Hotjar, and reCAPTCHA. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy compliance is well addressed with GDPR cookie consent and a comprehensive privacy policy. Contact information is clearly available, enhancing business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

V

Verivox GmbH

verivox.de

40

Verivox GmbH operates a leading independent comparison portal in Germany, offering consumers the ability to compare tariffs across energy, telecommunications, insurance, and finance sectors. Established in 1998, the company has positioned itself as a market leader with multiple awards and a strong reputation for transparency and customer satisfaction. The website provides comprehensive services including tariff comparisons, calculators, and personalized recommendations, supported by a modern technical infrastructure leveraging advanced JavaScript frameworks and third-party analytics and consent management tools. Despite its strong market presence and user-centric design, the site suffers from an invalid SSL certificate, which poses a significant security risk and undermines user trust. The company demonstrates good privacy compliance with clear policies and consent mechanisms, but should address critical security issues promptly to maintain its high credibility and protect user data.