Security Directory

M

Momentin Group Oy

momentingroup.com

57

Momentin Group Oy is a Finnish holding company fully owned by the Lehdon family, operating primarily in the hospitality sector with a focus on beverage products and restaurant services. The group comprises approximately 150 experts and leverages over 30 years of industry experience. Their subsidiaries include Brew Seeker, Restaurants, Mallaskoski, eDrinks, Momentin Baltics, and various minority ownerships. The website presents a professional and consistent brand image with good content quality and clear navigation, targeting both B2B and B2C audiences within the hospitality industry in Finland. Technically, the website is built on WordPress with WooCommerce and uses modern frontend technologies such as Bootstrap and jQuery. Hosting is provided via WP Engine with Cloudflare as a CDN and security proxy. SEO is supported by structured data (JSON-LD) and Yoast SEO plugin. However, performance metrics are unavailable, and accessibility is basic. The site is mobile optimized and includes cookie consent mechanisms. From a security perspective, the website has critical deficiencies. There is no valid SSL certificate detected, and no TLS protocols are enabled, resulting in a lack of HTTPS protection. Security headers are partially implemented but could be improved. DNS security features such as DNSSEC and CAA records are missing, and no DMARC record is present for email protection. These issues expose the site to potential interception and phishing risks. Overall, the site scores moderately on content and business credibility but poorly on security posture. Strategic improvements in SSL/TLS deployment, DNS security, and privacy compliance are recommended to enhance trust and protect user data.

C

Center for Technology & Society

cts.wien

50

The Center for Technology & Society (CTS) is an inter-university and interdisciplinary cooperation platform based in Vienna, Austria, involving prominent academic institutions such as TU Wien, FH Campus Wien, FH Technikum Wien, and Universität Wien. It focuses on research, teaching, and societal engagement addressing technological and social challenges like climate change and digital transformation. The platform supports researchers, students, and societal stakeholders through networking, coordination, and participatory approaches. Technically, the website is built using the Hugo static site generator and leverages multiple JavaScript libraries including jQuery, Bootstrap, and Leaflet for interactive maps. However, the site suffers from a lack of HTTPS security, with no valid SSL certificate and no modern TLS protocols enabled, which significantly impacts its security posture. The site also lacks privacy and cookie policies, which affects compliance with data protection regulations. Performance is slow with a high load time and large page size, though mobile responsiveness and navigation are well implemented. Overall, the site presents a professional academic presence but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

A

Association Française du génie Parasismique

afps-seisme.org

40

The Association Française du génie Parasismique (AFPS) is a French non-profit organization dedicated to seismic engineering, risk prevention, and post-earthquake response. The website serves as a comprehensive resource for professionals and members involved in seismic risk management, offering detailed information on missions, training, publications, and events. The association maintains partnerships with governmental bodies and other organizations, reinforcing its position as a key player in seismic risk mitigation in France. Technically, the website is built on Drupal 7 with a range of JavaScript libraries for UI and interactivity, hosted on OVH infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, exposing it to security risks. Security headers are minimal but present, and a cookie consent mechanism compliant with GDPR is implemented. Overall, the site provides good content quality and professional presentation but requires urgent security improvements to protect user data and enhance trust.

I

IMT Mines Albi-Carmaux Alumni

mines-albi.org

40

IMT Mines Albi-Carmaux Alumni operates as a non-profit alumni association serving graduates, students, and recruiters connected to the IMT Mines Albi-Carmaux engineering school in France. The website provides comprehensive services including news updates, event management, career resources, and an extensive alumni directory with nearly 40,000 registered members. The platform targets alumni and community members seeking networking and professional development opportunities. Technically, the website employs a traditional tech stack with jQuery, Bootstrap, slick carousel, and integrates hCaptcha for form security and tarteaucitron.js for cookie consent management. However, the site suffers from a critical lack of valid SSL/TLS certificates, resulting in no HTTPS support and no modern TLS protocols enabled, which significantly undermines its security posture. Despite this, the site maintains GDPR compliance through cookie consent and privacy policies, and offers a good user experience with clear navigation and responsive design. The overall risk is moderate due to security gaps, particularly the absence of HTTPS and security headers, which should be prioritized for remediation.

E

ESCP Business School

escp.eu

40

ESCP Business School is a prestigious, top-ranked European business school established in 1819, operating a unique multi-campus model across six European cities. It offers a broad portfolio of degree programs including Bachelor, Master in Management, MBA, Executive MBA, specialized Masters, doctoral programs, and executive education. The school targets students, professionals, and corporate clients seeking high-quality business education and leadership development. Technically, the website is built on Drupal 10, hosted on Amazon AWS infrastructure, and integrates numerous modern web technologies and marketing analytics tools. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The site employs extensive tracking and advertising scripts, managed via a consent platform, indicating a mature marketing approach but raising privacy considerations. Overall, the website is professionally designed with excellent content quality and user experience but requires urgent security improvements to enable HTTPS and implement security headers to protect user data and enhance trust.

E

ESCP Business School

escpeurope.eu

40

ESCP Business School is a prestigious, top-ranked European business school established in 1819, offering a wide range of degree programs including bachelor, master, MBA, executive education, and doctoral programs across six European campuses. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content targeting students and professionals seeking business education. Technically, the site is built on Drupal 10 with modern JavaScript libraries and integrates marketing and analytics tools such as Google Tag Manager and Consent Manager. However, the security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which significantly impacts the overall security score. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS implementation to secure user data and improve trust.

Maison des Ponts is a small non-profit alumni association based in Paris, France, providing a prestigious venue for its members and hosting professional and private events. The website presents clear business information, contact details, and partner organizations, targeting alumni and event clients. Technically, the site uses common web technologies such as Apache, jQuery, and hCaptcha but lacks modern security configurations, notably missing HTTPS and security headers, which critically impacts its security posture. The absence of privacy and cookie policies further reduces compliance confidence. Overall, the website is functional with good content quality and navigation but requires urgent security improvements to protect user data and enhance trust.

Concours Passerelle operates as an educational admissions platform facilitating entry into prestigious French business schools for candidates holding bac+2 or higher. The website provides detailed information about admissions pathways, exam modalities, and school options, targeting prospective students seeking higher education in commerce and management. The platform leverages modern web technologies and integrates marketing and analytics tools such as Google Tag Manager. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Security headers are well configured but cannot compensate for the lack of proper encryption. Privacy compliance is minimal, with no cookie consent mechanism or explicit GDPR adherence visible. Overall, the site is functional and professionally designed but requires urgent security and privacy improvements to meet modern standards.

S

SIA "Juridiskā koledža"

jk.lv

40

Juridiskā koledža is a Latvian educational institution specializing in legal and related professional studies. The website presents a comprehensive offering of study programs, courses, and international cooperation such as ERASMUS. The institution positions itself as a provider of qualified specialists with practical and theoretical knowledge for the labor market in Latvia and abroad. Technically, the website is built on WordPress with common libraries like jQuery and Bootstrap, but suffers from slow performance and lacks a valid SSL certificate, which impacts security and user trust. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DMARC records, although SPF is correctly configured. Privacy compliance is minimal with no visible privacy or cookie policies or consent mechanisms. Contact information and certifications are clearly presented, supporting business credibility. Overall, the site is functional but requires significant improvements in security and privacy to meet modern standards.

I

IMT Nord Europe

imt-nord-europe.fr

40

IMT Nord Europe is a French graduate engineering school affiliated with the Institut Mines-Télécom and partnered with the University of Lille. Positioned strategically in northern France, it serves as a key educational and research institution focusing on energy, ecological, digital, and industrial transitions. The website presents a professional and content-rich platform targeting students, researchers, and industry partners, offering a wide range of engineering programs and continuous training. Technically, the site is built on WordPress with modern plugins and frameworks but lacks a valid SSL certificate, which impacts its security posture. While security best practices such as hCaptcha and cookie consent are implemented, the absence of HTTPS and minimal security headers present significant vulnerabilities. Overall, the site is functional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

S

Safran

safran.com

53

Safran is a UK-based medium-sized company specializing in project management software and risk analytics solutions, serving industries such as energy, aerospace, defense, and construction. Positioned as a global leader, Safran offers integrated tools for project planning, risk management, and execution, supported by professional services including consulting, training, and partner services. The website is professionally designed, content-rich, and targets project managers and risk professionals. Technically, the site is built on HubSpot CMS with multiple modern JavaScript libraries and integrates various analytics and marketing tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which critically impacts HTTPS security. Privacy policies and terms of service are present and comprehensive, but no cookie consent mechanism is detected. Social media presence and customer testimonials enhance business credibility. Overall, the site is functional and professional but requires urgent SSL/TLS remediation to improve security and trust.

Net.Com is a specialized digital agency focused on providing web solutions for the public sector in France, including government agencies, hospitals, educational institutions, and social housing organizations. With over 27 years of experience and more than 500 projects completed, the company offers services such as Drupal and WordPress development, UX design, SEO, and agile development methodologies. The website reflects a professional and well-structured digital presence with comprehensive client references and testimonials. Technically, the site uses modern JavaScript libraries and frameworks but lacks HTTPS support, which is a critical security deficiency. The absence of SSL/TLS and security headers exposes the site and its users to potential risks. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the business demonstrates strong credibility and a clear market niche but must urgently address its security posture to protect its reputation and client data.

E

Excelia Group

excelia-group.com

64

Excelia Group is a reputable French higher education institution offering a wide range of undergraduate and postgraduate programs in business, tourism, communication, and related fields. Founded in 1988 and co-founded by regional chambers and councils, it holds prestigious triple accreditation and ranks well internationally. The website reflects a mature digital presence with a comprehensive program overview, multilingual support, and strong branding. Technically, the site is built on Drupal with modern libraries and hosted behind Cloudflare, though performance could be improved. Security posture is solid with HTTPS and SPF/DMARC email protections, but lacks HSTS and DNSSEC. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Overall, Excelia demonstrates strong business credibility and digital maturity.

P

Persistent Systems

persistent.com

59

Persistent Systems is a well-established technology services company specializing in AI, digital engineering, and enterprise modernization. The company positions itself as a trusted partner for enterprises seeking to transform their AI journey and digital capabilities. Their website reflects a mature digital presence with comprehensive service offerings, a strong partner ecosystem, and extensive client success stories. The company targets large enterprises across multiple industries, leveraging a B2B business model with a focus on innovation and technology leadership. Technically, the website is built on WordPress and employs a modern tech stack including jQuery, Bootstrap, and various marketing and analytics tools such as Google Tag Manager, Pardot, and CookiePro. Hosting is via AWS CloudFront CDN, ensuring global content delivery. The site is well-optimized for SEO and accessibility, with multilingual support and responsive design. However, performance metrics are not explicitly available. From a security perspective, the site has several security headers configured and uses HttpOnly cookies and a detailed Content Security Policy. However, a critical issue is the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Other TLS protocols and features like OCSP stapling and session resumption are not enabled. DNS CAA records appear malformed, which could affect certificate issuance policies. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a high level of professionalism and business credibility but suffers from a critical security gap due to missing HTTPS. Strategic remediation of SSL/TLS configuration is essential to improve trust and security compliance.

G

Globant

globant.com

59

Globant is a leading global IT and software development company specializing in AI-driven business transformation and digital innovation. Operating across multiple countries, Globant offers a subscription-based AI Pods model alongside enterprise AI solutions, software engineering, and design services. The company is recognized as a top IT services brand with strong market positioning and a broad industry reach including finance, healthcare, media, and retail. Technically, the website is built on Drupal CMS, leveraging modern libraries and Google services for analytics and security. However, the site currently lacks a valid SSL/TLS certificate, which significantly impacts its security posture. Despite this, Globant implements strong security headers and privacy policies, including GDPR compliance and cookie consent mechanisms. The website demonstrates excellent content quality, professional design, and clear navigation, supporting a high level of business credibility. Strategic improvements in SSL/TLS configuration and enhanced security practices are recommended to elevate the overall security and trustworthiness.

É

École polytechnique

polytechnique.edu

51

École polytechnique is a prestigious French engineering school that combines research, education, and innovation at the highest scientific and technological levels. It operates as a leading educational institution within the Institut polytechnique de Paris, offering a wide range of programs including Bachelor, Master, Doctorate, and Executive education. The school maintains strong partnerships with industry and alumni networks, supporting entrepreneurship and technology transfer. Technically, the website is built on Drupal CMS with modern frontend libraries, but suffers from slow performance and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the institution presents a professional and trustworthy digital presence, though improvements in security and performance are recommended.

E

Excelia Group

excelia-group.fr

40

Excelia Group is a well-established French higher education institution founded in 1988, offering a broad portfolio of programs across business, tourism, communication, real estate, health, and languages. It holds prestigious triple accreditation (EQUIS, AACSB, AMBA) and is recognized in global rankings, positioning it as a reputable player in the education sector. The website reflects a professional and content-rich digital presence, targeting students, parents, professors, and corporate partners with comprehensive program details and support services. Technically, the site is built on Drupal CMS with modern JavaScript libraries and integrates marketing and analytics tools such as Matomo and Crisp chat. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS enforcement, which undermines user trust and data security. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. Overall, the site demonstrates strong business credibility and user engagement but requires urgent security improvements to protect users and enhance trust.

G

Guidewire Software, Inc.

guidewire.com

68

Guidewire Software, Inc. is a leading enterprise technology company specializing in Property and Casualty (P&C) insurance software and cloud platforms. Founded in 2001 and headquartered in the United States, Guidewire offers a comprehensive suite of products including InsuranceSuite for policy administration, claims management, and billing, as well as InsuranceNow, a cloud-based platform designed for rapid deployment. The company serves a global market with customers in over 40 countries and maintains a strong presence through partnerships, professional services, and an extensive marketplace ecosystem. Guidewire is recognized as a market leader with multiple industry awards and a robust social media presence. Technically, Guidewire's website leverages modern web technologies such as Next.js and React, hosted on Vercel, and managed via Sitecore CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, providing a professional and user-friendly experience. The use of Marketo forms and integration with marketing and analytics tools like Google Tag Manager and Cookiebot indicates a mature digital marketing infrastructure. From a security perspective, the site employs several security headers and enforces HTTPS, although the SSL certificate is currently invalid, which is a critical issue. The absence of full HSTS enforcement and OCSP stapling are areas for improvement. The company provides clear security and privacy policies, including incident response contact information, reflecting a responsible security posture. No major vulnerabilities or exposed sensitive data were detected. Overall, Guidewire presents a strong business and technical profile with excellent content quality and business credibility. The primary risk lies in the SSL certificate status, which should be promptly addressed to maintain trust and security. Strategic recommendations include enhancing SSL management, fully enabling HSTS, and continuing to strengthen privacy compliance and security best practices.

I

innovAARE AG

parkinnovaare.ch

36

innovAARE AG operates the Park Innovaare, a high-tech innovation and industrial park in Switzerland focused on accelerating deep-tech research and commercialization. The park provides modern office, laboratory, and specialized research spaces, along with community and networking services to startups, SMEs, and R&D departments. The website is professionally designed, content-rich, and well-structured, targeting innovation ecosystem participants. Technically, the site uses TYPO3 CMS with modern frontend libraries and is hosted by cyon AG. However, a critical security gap is the lack of HTTPS/SSL, exposing users to risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Business credibility is strong with clear contact details and legal information.

O

Open-Xchange

open-xchange.com

72

Open-Xchange is a leading global provider of open and trusted software solutions primarily focused on email platforms for service providers, telcos, and hosters. With over 220 million users, it holds a strong market position as the largest independent email provider worldwide. Their product portfolio includes cloud and on-premises email solutions, DNS products, and IMAP server platforms, targeting enterprise and public sector customers. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation.

L

Laracon Australia

laracon.au

57

Laracon AU is a prominent technology conference focused on the Laravel PHP framework, organized in collaboration with Laravel, Inc. The event is scheduled for November 2025 in Brisbane, Australia, targeting Laravel developers and the broader PHP community. The website serves as a comprehensive platform for event information, ticket sales, speaker announcements, and sponsorship opportunities. Technically, the site employs modern frontend technologies such as Alpine.js and Livewire, hosted behind Cloudflare DNS services. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Privacy and cookie policies are not explicitly presented, indicating potential compliance gaps. Overall, the site demonstrates good business credibility and content quality but requires urgent improvements in security and privacy compliance to enhance trust and user safety.

K

KTHE | Team Farner

kthe.at

40

KTHE | Team Farner is a medium-sized Austrian communications company offering a comprehensive range of communication services including brand design, campaigns, PR concepts, and platforms. They position themselves as a leading provider in the Austrian market with a strong emphasis on creativity and international outlook. The website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and Yoast SEO, but suffers from slow performance and basic accessibility. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, lack of security headers, and missing DNS security features. Privacy compliance is basic with a privacy policy and cookie notice present but no advanced GDPR indicators. Business credibility is moderate with clear contact information and social media presence but lacks certifications or detailed policies. Overall, the site is functional and professional but requires urgent security improvements.

I

iwoca Ltd

iwoca.co.uk

75

iwoca Ltd is a UK-based fintech company specializing in providing flexible business loans ranging from £1,000 to £1,000,000 to small and medium-sized enterprises. Established in 2012, iwoca has grown to serve over 150,000 companies and is recognized as one of the fastest-growing business lenders in Europe. The company offers fast loan approvals, flexible repayment options, and no early repayment fees, positioning itself as a customer-centric alternative to traditional banks. The website reflects a professional, user-friendly design with clear navigation and strong trust signals including customer testimonials and regulatory certifications. Technically, the site is built on Webflow, hosted on AWS, and integrates modern technologies such as Google Tag Manager, VWO, and HubSpot for marketing and analytics. Security posture is solid with HTTPS enforced, SPF and DMARC email protections, and no detected SSL vulnerabilities, though improvements like enabling HSTS and OCSP stapling are recommended. Privacy compliance is robust with comprehensive privacy and cookie policies and a consent mechanism implemented via OneTrust. Overall, iwoca demonstrates a mature digital presence with strong business credibility and a good security baseline.

DZ PRIVATBANK S.A. is a specialized private banking and asset servicing institution operating primarily within the cooperative banking group Genossenschaftliche FinanzGruppe Volksbanken Raiffeisenbanken. The company offers a broad range of financial services including private banking, fund services, currency loans, and wealth management solutions. With headquarters in Luxembourg and multiple locations in Germany and Switzerland, it combines local presence with international expertise. The website reflects a professional business model targeting private banking clients, fund initiators, and institutional investors. Technically, the site employs modern JavaScript libraries and integrates consent management and tracking tools, but suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak due to missing HTTPS and security headers, though privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

VRM operates as a regional media company serving the Rhein-Main and Mittelhessen areas in Germany, offering a broad portfolio of newspapers, magazines, subscription services, advertising platforms, and travel packages. The website meine-vrm.de acts as a central hub linking to various VRM services and portals, targeting regional readers and subscribers. The business model focuses on media publication, subscription sales, and advertising revenue, positioning VRM as a leading regional media provider with a strong local presence and diversified service offerings. Technically, the website employs common web technologies such as jQuery, Foundation framework, and slick carousel for UI components, alongside Google Tag Manager and DoubleClick for analytics and advertising. Hosting is managed via Versatel nameservers. However, the site suffers from a lack of HTTPS support, with no valid SSL certificate installed, which significantly impacts security posture and user trust. Performance is suboptimal with a slow load time and a large number of resources. Security-wise, the absence of HTTPS, missing security headers, and lack of advanced TLS protocols represent critical vulnerabilities. While no active WAF or blocking mechanisms are detected, the site does not implement modern security best practices, exposing users to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent banner, and GDPR adherence via consentmanager.net integration. Overall, VRM's website demonstrates solid business credibility and content quality but requires urgent security improvements, particularly SSL/TLS implementation, to protect user data and enhance trust. Strategic investments in security and performance optimization will strengthen VRM's digital maturity and safeguard its market position.

B

BlueChoice HealthPlan of South Carolina

bluechoicesc.com

49

BlueChoice HealthPlan of South Carolina is a regional healthcare insurance provider affiliated with the Blue Cross Blue Shield Association. The company offers diversified and affordable health coverage plans targeting individuals, families, employers, agents, and providers primarily within South Carolina. Their services include annual health plans, Medicaid, wellness incentive programs, and digital member tools such as My Health Toolkit. The website is built on Drupal 10 and integrates modern JavaScript libraries and marketing tools, reflecting a moderate level of digital maturity. However, the site suffers from slow performance and lacks a valid SSL certificate, which significantly impacts its security posture. While SPF and DMARC email authentication are properly configured, the absence of HTTPS and security headers exposes the site to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the website presents a professional and trustworthy business front but requires urgent security improvements to protect user data and enhance trust.

V

Vision 6 Pty Ltd

vision6.com

71

Vision 6 Pty Ltd operates the Vision6 platform, a leading Australian SaaS provider specializing in email and SMS marketing solutions tailored for sectors such as government, higher education, finance, and healthcare. The company positions itself as Australia's most reliable and compliant communications platform, offering a comprehensive suite of services including email marketing, text message marketing, CRM and reporting, lead generation, and transactional email APIs. Their market presence is supported by strong trust indicators such as ISO 27001 certification and GDPR compliance, reinforcing their commitment to data security and privacy. Technically, the website is built on WordPress hosted on AWS infrastructure, leveraging modern web technologies and extensive third-party marketing and analytics tools. While the site is content-rich and professionally designed, performance optimization could be improved due to a relatively slow load time and large page size. Security posture is robust with enforced DMARC policies, valid SPF records, and TLS 1.3 support, though enhancements like HSTS and OCSP stapling are recommended. Overall, Vision6 demonstrates a mature digital presence with strong compliance and security practices, making it a trustworthy platform for its target audience.

A

Amtsverwaltung Büchen

amt-buechen.de

40

Amt Büchen operates as a local government administration serving 15 municipalities in the Herzogtum Lauenburg district of Schleswig-Holstein, Germany. The website provides comprehensive citizen services, public announcements, and administrative information primarily targeting residents and local businesses. The site is built on TYPO3 CMS and uses common frontend technologies such as Bootstrap and jQuery, hosted by Hetzner. Despite good content quality and clear navigation, the site lacks a valid SSL certificate, which impacts security posture and user trust. Cookie consent mechanisms are implemented, supporting GDPR compliance. Contact information is clearly presented, enhancing business credibility. However, the absence of security headers and slow page load times indicate areas for technical improvement.

A

Amtsverwaltung Büchen

amt-buechen.eu

40

Amt Büchen is a regional government administration serving 15 municipalities in the Herzogtum Lauenburg district of Schleswig-Holstein, Germany. The website provides citizens with access to public services, administrative information, announcements, and digital portals such as appointment booking and citizen services. The site targets local residents and stakeholders, offering a comprehensive overview of the Amt's functions and community resources. Technically, the website is built on TYPO3 CMS with Bootstrap and jQuery, hosted by Hetzner. While the site is well-structured and mobile-optimized, it suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Other security best practices such as security headers, DMARC, and HSTS are also missing. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page, but no terms of service or security policy pages are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

D

DMT GROUP

dmt-group.com

53

DMT GROUP is a well-established global engineering services and consulting company with a history dating back to 1737. It operates primarily in the energy, infrastructure, mining, and engineering sectors, offering a broad range of services including engineering, consulting, geotechnics, exploration, and critical infrastructure protection. The company is part of the TÜV NORD GROUP, which enhances its market credibility and access to resources. The website reflects a professional and comprehensive digital presence with clear business information, structured data, and rich content targeting industrial clients worldwide. Technically, the website is built on TYPO3 CMS and uses common web technologies such as Apache server, Google Analytics, and LinkedIn Insight Tag for analytics and marketing. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. The absence of modern TLS protocols and security headers further weakens its security posture. Performance is rated slow due to missing SSL and possibly other optimizations. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Security-wise, the site has configured SPF and DMARC records for email security and shows no signs of common vulnerabilities like Heartbleed or POODLE. However, the lack of HTTPS and security headers significantly reduces the overall security score. There is no explicit incident response or vulnerability disclosure information available on the site. Overall, the website is professional and content-rich but requires urgent improvements in security infrastructure, especially SSL/TLS implementation, to protect user data and enhance trust. Privacy compliance could also be improved by adding cookie consent mechanisms. Strategic recommendations include implementing HTTPS, enhancing security headers, and improving privacy transparency.

H

Hochschule für bildende Künste Hamburg (HFBK Hamburg)

hfbk-hamburg.de

40

The website represents the Hochschule für bildende Künste Hamburg (HFBK Hamburg), a medium-sized public art university in Germany focused on fine arts education, exhibitions, and research. It targets prospective and current students, artists, and the art community with comprehensive content on academic programs, events, and projects. The site is professionally designed with consistent branding and rich content, supporting an excellent user experience and clear navigation. Technically, the site uses a modern JavaScript stack including jQuery, Masonry, and Klaro for cookie consent, but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security headers are well configured but ineffective without HTTPS. Privacy compliance is partially addressed with a privacy policy and cookie consent mechanism, though GDPR compliance is not fully evident. The site uses Matomo analytics with user consent. Overall, the security posture is weak due to missing HTTPS, which is a critical issue. The site is accessible without WAF or blocking mechanisms.

O

Ost-Ausschuss der Deutschen Wirtschaft e.V.

ost-ausschuss.de

40

The Ost-Ausschuss der Deutschen Wirtschaft e.V. is a medium-sized non-profit association based in Germany that facilitates economic cooperation and business relations between German companies and Eastern European and Central Asian markets. The organization provides services such as policy advocacy, networking events, delegations, and publishes relevant economic updates and reports. The website is professionally designed using Drupal 10 and integrates modern web technologies and analytics tools, targeting business stakeholders and policymakers. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly weakens its security posture. Privacy and cookie policies are present and include consent mechanisms, reflecting good compliance with GDPR requirements. Contact information is clearly provided, enhancing business credibility.

L

Landitec GmbH

scope7.de

40

scope7.de is the online presence of Landitec GmbH's scope7® brand, specializing in hardware appliances tailored for open source solutions such as OPNsense®, flexiWAN, IPFire, Untangle®, and FRRouting. The company positions itself as a provider of powerful, cost-effective, and ready-to-use hardware platforms that are pre-installed with popular open source firewall and routing software. Their market position is strengthened by official certifications and partnerships, notably as an OPNsense Platinum Partner and flexiWAN certified hardware provider. The website reflects a professional and consistent brand image targeting businesses and professionals seeking vendor-independent open source security appliances. Technically, the site is built on Joomla CMS with modern frontend libraries and extensions, delivering good performance and mobile optimization. Security posture is solid with HTTPS enforced, HSTS header present, and no detected SSL vulnerabilities, though improvements like OCSP stapling and DNSSEC could enhance security further. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is available with a clear company phone number and contact forms, supporting business credibility. Overall, the website demonstrates a mature digital presence with strong business and security fundamentals.

P

Papoo Software & Media GmbH

epccm19.com

66

Papoo Software & Media GmbH operates the CCM19 Cookie Consent Manager, a comprehensive European alternative for cookie consent management software. The company offers multiple deployment options including on-premise, cloud, and agency versions, emphasizing data sovereignty by hosting all infrastructure in Germany. The website demonstrates a strong market position with extensive features, multilingual support, and a clear focus on compliance with GDPR, TDDDG, and other privacy regulations. The business targets website owners, agencies, and enterprises requiring robust consent management solutions. Technically, the site uses a modern stack with Apache, PHP, jQuery, and Foundation framework, hosted by Your-Server.de. Security posture is solid with HTTPS, security headers, and no known vulnerabilities, though some improvements like enhanced HSTS and CSP headers are recommended. Overall, the site is professional, well-structured, and trustworthy, with clear contact information and certifications. The privacy and cookie policies are comprehensive and GDPR compliant, supporting a positive privacy compliance score.

V

vaay

vaay.com

69

vaay is a German-based e-commerce company specializing in high-quality CBD and hemp-derived products. The company operates under Sanity Care GmbH and maintains a strong market position by focusing on product quality, transparency, and customer education. Their product range includes CBD oils, vape pens, sleep sprays, active gels, massage oils, and bath bombs, targeting wellness and lifestyle consumers. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content in German with some English options. Technically, vaay leverages Shopify as its platform, enhanced with various marketing, analytics, and customer support tools such as Klaviyo, Usercentrics, Reamaze, and Littledata. Security measures include valid SSL, strong security headers, and secure cookie practices, although HSTS could be further strengthened. Privacy compliance is robust with clear policies and consent mechanisms. Overall, vaay demonstrates a mature digital presence with good security posture and privacy awareness, making it a trustworthy and professional online retailer in the CBD sector.

I

Incepa

banheirosincepa.com.br

38

Incepa is a Brazilian manufacturing company specializing in bathroom and kitchen sanitary products, including ceramic sanitary ware, accessories, and complementary items. The company has recently integrated with the Roca brand, enhancing its market position. The website serves as a product catalog and brand promotion platform targeting residential customers, hotels, construction companies, and public environments. Technically, the site uses an Apache server with PHP 7.3.33 and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and OneTrust for cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The website content is well-structured and professionally designed, but privacy and security policies are missing or not clearly presented. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance.

6

6WIND

6wind.com

59

6WIND is a technology company specializing in virtualized and secure networking software solutions. Their offerings target communication service providers, mobile network operators, cloud providers, and enterprises worldwide. The company positions itself as a trusted provider of high-performance, scalable, and cost-effective networking software, including virtual service routers, host accelerators, and cloud-native solutions. The website reflects a professional and consistent brand with rich content, including testimonials, case studies, and video resources. Technically, the site is built on WordPress with the Avada theme and integrates modern libraries and marketing tools such as Google Analytics, Pardot, and LinkedIn widgets. However, the security posture is weakened by an invalid or missing SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications and trust. Privacy compliance is well-handled with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates good digital maturity but requires immediate attention to its SSL configuration to improve security and user trust.

S

SECUDOS GmbH

secudos.de

40

SECUDOS GmbH is a German-based technology company specializing in innovative IT security solutions aimed at ensuring digital sovereignty and high-performance network infrastructures for businesses. Their product portfolio includes secure data exchange software (Qiata), a hardened operating system (DOMOS), and recovery technology for hardware appliances (SDR). The company positions itself as a reliable and experienced partner with over 20 years of expertise in complex network environments, serving a broad range of corporate clients. Technically, the website is built on Joomla CMS with modern frameworks like Bootstrap and jQuery, offering good mobile optimization and user experience. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken the security posture, despite proper email authentication records and GDPR compliance. Overall, the site demonstrates good business credibility and privacy practices but requires urgent improvements in SSL/TLS implementation to enhance security and trust.

V

VTT Technical Research Centre of Finland Ltd.

vtt.fi

40

VTT Technical Research Centre of Finland Ltd. is a leading European research institute providing visionary research, development, and innovation services across multiple sectors including energy, transportation, technology, manufacturing, and healthcare. The company offers a broad portfolio of advanced services such as 6G hardware technologies, quantum computing, cybersecurity, and sustainable development solutions. Their market position is strong, supported by extensive partnerships and a large expert community. Technically, the website is built on Drupal CMS with modern technologies and demonstrates good performance and accessibility. Security posture is solid with HTTPS, valid SPF, and OCSP stapling, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well managed with comprehensive cookie consent via Cookiebot and a detailed privacy policy. Overall, the website reflects a professional, trustworthy, and mature digital presence.

D

Diondo GmbH

diondo.com

51

Diondo GmbH is a German-based manufacturer and service provider specializing in industrial computed tomography (CT) and X-ray inspection systems. The company offers a comprehensive portfolio of products including compact CT systems for battery module inspection, flexible CT systems with advanced manipulation capabilities, and user-friendly CT software solutions. Diondo positions itself as a market leader in industrial CT solutions, targeting industrial clients in research, development, production, and quality assurance sectors. The website content is professionally presented, with clear navigation and detailed product descriptions, supported by certifications such as ISO 9001 and ISO 14001. Technically, the site is built on Joomla CMS with modern frameworks and includes user consent mechanisms for privacy compliance. However, the absence of a valid SSL certificate and HTTPS significantly weakens the security posture, exposing users to potential risks. The site uses Google Analytics for tracking and integrates social media channels for broader engagement. Overall, Diondo demonstrates a solid business presence with room for improvement in security infrastructure to enhance trust and compliance.

W

WSD

solvians.com

60

WSD is a technology company specializing in full automation solutions for structured products, serving a global clientele primarily in the financial sector. The company positions itself as a critical infrastructure provider in the structured products value chain, offering cloud-based, scalable, and resilient technology solutions. Their website reflects a professional and consistent brand with strong industry partnerships and certifications such as ISO and EcoVadis. Technically, the site is built on WordPress with Elementor and uses various modern JavaScript libraries and plugins, but suffers from slow load times and lacks HTTPS encryption, which is a significant security concern. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. However, the absence of SSL and security headers lowers the overall security posture. The company provides multiple contact channels including email, phone, and a detailed contact form, supporting good business credibility. Strategic recommendations include immediate implementation of HTTPS, enhancement of security headers, and performance optimization to improve user experience and security.

Ansys Inc is a leading enterprise in the technology sector specializing in engineering simulation and 3D design software. The company offers a comprehensive suite of products and services targeting industries such as aerospace, automotive, energy, healthcare, and manufacturing. Their global presence and strong partner ecosystem position them as a market leader in digital engineering solutions. The website demonstrates excellent content quality, professional design, and clear navigation, catering to a diverse audience including students, educators, and industry professionals. Technically, the site leverages modern technologies such as Adobe Experience Manager, Coveo Search, and Akamai CDN, but suffers from significant security shortcomings including the absence of a valid SSL certificate and lack of modern TLS protocols. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, while the business credibility and content quality are high, the security posture requires urgent improvements to ensure secure user interactions and data protection.

A

ABD – Associação Brasileira de Designers de Interiores

abd.org.br

46

ABD – Associação Brasileira de Designers de Interiores is a well-established Brazilian professional association serving over 15,000 members for more than 44 years. The organization focuses on supporting interior designers through professional development, consulting services, exclusive benefits, educational courses, and events. Their digital presence is built on WordPress with Elementor, providing a modern and user-friendly website experience. However, the site suffers from slow performance and lacks critical security configurations such as a valid SSL certificate and security headers. Analytics and marketing tools like Google Tag Manager and Facebook Pixel are actively used, indicating a moderate level of digital maturity. Despite a strong brand presence and social media engagement, the absence of privacy and cookie policies, as well as security policies, represents compliance and trust gaps.

G

GBM

gbm.com

57

GBM is a leading financial services company in Mexico offering a broad range of investment products, trading platforms, and advisory services targeting both individual and institutional investors. The company positions itself as a comprehensive investment ecosystem with strong market presence and a wide product portfolio including stocks, ETFs, bonds, and alternative investments. Their digital platform is supported by WordPress CMS with advanced SEO and marketing integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Marketing and analytics tools are extensively used, indicating a mature digital marketing strategy but raising privacy considerations. Legal and privacy documentation is comprehensive and available in Spanish, supporting regulatory compliance. However, explicit security policies and incident response information are not publicly disclosed.

C

Contentserv

contentserv.com

63

Contentserv is an enterprise-level technology company specializing in AI-powered Product Experience Management (PXM) cloud solutions. Recently acquired by Centric Software, Contentserv offers a comprehensive suite of services including Product Information Management, Digital Asset Management, and Multichannel Publishing, targeting marketers, product teams, and IT professionals. The website is built on HubSpot CMS and integrates multiple marketing and analytics tools, demonstrating a mature digital infrastructure. However, the current SSL/TLS configuration is invalid, posing a significant security risk. While privacy and cookie policies are present and GDPR compliant, there is no explicit security policy or incident response information publicly available. Overall, the company maintains a strong market position with excellent branding and content quality but should urgently address its SSL/TLS issues and enhance transparency around security practices.

S

SOCIAL POINTS gemeinnützige GmbH

sops.de

51

SOCIAL POINTS gemeinnützige GmbH operates the SOPS platform, a German-language online service dedicated to supporting and promoting non-profit organizations, especially community and social engagement groups. The platform enables non-profits to present themselves, receive digital donations, and build a community with features like messaging and a social points system. The company holds a strong position in the German non-profit sector, supported by partnerships with reputable foundations and local government entities. Technically, the website is built on TYPO3 CMS with common web technologies such as jQuery and Slick Carousel, but suffers from performance issues and lacks a valid SSL certificate, which impacts security and user trust. The site implements GDPR-compliant cookie consent and uses Google Analytics and Google Tag Manager for analytics and marketing purposes. Security posture is weak due to missing HTTPS and modern security headers, though DNS records show good email authentication practices.

J

Johann Oberauer GmbH

medien-camp.com

48

Medien Camp is a well-established event platform focused on careers in the media industry, primarily targeting young talents and aspiring media professionals. The company operates under Johann Oberauer GmbH and organizes sessions, workshops, AMAs, career forums, and media tours to connect attendees with media professionals and provide insights into media careers. The website demonstrates strong SEO and content quality, supported by a professional design and consistent branding. Technically, the site is built on WordPress with modern performance optimizations but has room for improvement in security configurations such as DNSSEC, HSTS, and DMARC. The security posture is moderate with no critical vulnerabilities detected but lacks explicit security policies or incident response information. Overall, the site is trustworthy and professionally managed, with good privacy and cookie compliance.

G

GBM

gbm.com.mx

57

GBM is a leading Mexican financial services company offering a broad range of investment products, trading platforms, and advisory services to both individual and institutional clients. The company positions itself as a comprehensive investment ecosystem with over 6,000 financial instruments and a strong advisory network. Their website reflects a mature digital presence with extensive content, multiple service tiers, and integrated marketing and analytics tools. However, the site suffers from critical security shortcomings, notably the lack of a valid SSL certificate and absence of modern TLS protocols, which undermines user trust and data security. While privacy and cookie policies are present, explicit security policies and incident response information are not found, indicating potential compliance gaps. Overall, GBM demonstrates strong market positioning and digital maturity but requires urgent security improvements to safeguard client data and maintain regulatory compliance.

R

Readly

readly.com

70

Readly is a digital media company offering a subscription-based magazine app that provides unlimited access to thousands of magazines globally. The company has a strong market position with a broad international footprint, targeting consumers who prefer digital reading experiences with features like offline access and family sharing. Technically, the website is built on Ruby on Rails and leverages modern web technologies and cloud hosting via AWS, with moderate performance and good mobile optimization. Security-wise, Readly employs strong TLS configurations, SPF and DMARC email protections, but lacks some advanced security features such as HSTS and OCSP stapling. Privacy and cookie policies are comprehensive and GDPR compliant, with a clear cookie consent mechanism. Overall, the company demonstrates a mature digital presence with room for security enhancements.