Security Directory

M

Mines Plus

mines-plus.org

40

Mines Plus is an alumni association website serving graduates of the Mines d'Albi, Alès, and Douai engineering schools in France. It offers networking, career services, event information, and regional group management for its members. The site targets alumni, students, and recruiters connected to these institutions. Technically, the website uses a custom CMS with a PHP/Apache backend and front-end technologies including jQuery, Bootstrap, and various JavaScript libraries. It integrates cookie consent management and social login options. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, and no TLS protocols are enabled, which severely impacts secure HTTPS access. Security headers are well implemented, but the lack of proper SSL/TLS undermines overall security. Privacy compliance is addressed with a cookie policy and consent mechanism, but no explicit privacy policy or terms of service pages are clearly found. Contact information is limited to an email address in the footer and a contact page link, with no phone numbers or physical addresses visible. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and trust.

I

IMT Nord Europe Alumni

imt-lille-douai.org

40

IMT Nord Europe Alumni is a French non-profit alumni association serving graduates and students of IMT Nord Europe. The website provides a comprehensive platform for alumni networking, career services, events, and publications. It targets alumni, students, recruiters, and partners, positioning itself as a key community hub for the institution's graduates. The site is professionally designed with consistent branding and good content relevance, supporting a medium-sized organization in the education sector. Technically, the website uses a traditional LAMP stack with Apache and PHP, enhanced by modern JavaScript libraries such as jQuery, Bootstrap, and TinyMCE. The site is mobile-optimized and includes accessibility and SEO best practices, although performance is moderate. Hosting appears to be on a standard provider with no advanced CDN or cloud infrastructure detected. From a security perspective, the site implements several important HTTP security headers and a comprehensive Content Security Policy. However, it lacks a valid SSL certificate and proper TLS configuration, which is a critical vulnerability impacting user trust and data security. Cookie consent and privacy policies are implemented, indicating good privacy compliance, but no explicit security policy or incident response information is available. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS deployment and security posture to protect user data and maintain trust. Strategic enhancements in incident response and vulnerability disclosure policies would further strengthen its security maturity.

I

ICB Solutions

valoans.com

61

VALoans.com is a specialized VA home loan education and lender comparison website operated by ICB Solutions, a division of Neighbors Bank. The platform targets veterans and active military personnel seeking VA home loans by providing educational content, tools, and a network of partnered mortgage lenders. The business model centers on lead generation and marketing services rather than direct loan offerings. Technically, the website uses a PHP-based backend with Apache server hosting on AWS infrastructure, integrating multiple third-party marketing and analytics tools such as Google Tag Manager, Marketo, and LeadID. While the site offers good content quality and user experience with mobile optimization and clear navigation, its security posture is weakened by an invalid SSL certificate and incomplete HTTPS enforcement. Security headers are present but could be enhanced with proper HSTS configuration and DNS security measures. Privacy compliance is basic, with a cookie consent banner and privacy policy but lacking explicit GDPR compliance indicators. Overall, the site is functional and professional but requires urgent improvements in SSL and DNS security to protect user data and trust.

Maison des Ponts is a small non-profit alumni association based in Paris, France, providing a prestigious venue for its members and hosting professional and private events. The website presents clear business information, contact details, and partner organizations, targeting alumni and event clients. Technically, the site uses common web technologies such as Apache, jQuery, and hCaptcha but lacks modern security configurations, notably missing HTTPS and security headers, which critically impacts its security posture. The absence of privacy and cookie policies further reduces compliance confidence. Overall, the website is functional with good content quality and navigation but requires urgent security improvements to protect user data and enhance trust.

A

Amicale des Ingénieurs Généraux des Ponts, des Eaux et des Forêts

aigpef.org

40

The website aigpef.org represents the Amicale des Ingénieurs Généraux des Ponts, des Eaux et des Forêts, a French professional association focused on engineers from the IPEF corps. It provides member services including a directory, events, publications, and a private member area. The site targets members and alumni of this engineering corps and operates as a small non-profit entity within the government/association sector. Technically, the site uses a traditional LAMP stack with Apache, PHP, jQuery, and Bootstrap, and is likely hosted by OVH. While the site has a professional design and good content quality, it suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Security headers and cookie consent mechanisms are well implemented, and analytics tools like Google Analytics and Hotjar are used with privacy compliance in mind. Overall, the site is functional and professional but requires urgent SSL remediation to improve security and user trust.

U

Union des Ingénieurs des Ponts, des Eaux et des Forêts

unipef.org

40

UnIPEF is a French professional association serving engineers specialized in civil engineering, water management, and forestry sectors. It offers membership services including networking, career support, events, and publications. The website is well-structured, content-rich, and targets primarily French-speaking engineering professionals. The association maintains partnerships with several related organizations and provides multiple channels for member engagement.

A

Association Forum Ensai

forum-ensai.com

50

Association Forum Ensai is a student-run non-profit organization based in France that facilitates connections between students and the professional world, particularly in data science and statistics. The website serves as an information hub for the association's activities, events, and contact points. The site is built on WordPress with popular plugins such as Yoast SEO and Elementor, and integrates Google Analytics for visitor tracking. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which exposes users to potential risks. Privacy compliance is minimal, with no visible privacy or cookie policies and no consent mechanisms for tracking. Business credibility is moderate, supported by consistent branding and a clear focus on its educational mission, but lacking in formal certifications or detailed contact information.

I

Institut Mines-Télécom Business School (IMT Business School)

imt-bs.eu

34

Institut Mines-Télécom Business School (IMT-BS) is a French public business school specializing in commerce, management, and digital transformation education. It holds a strong market position with multiple prestigious accreditations such as AACSB, AMBA, and CGE, and is part of the Institut Mines-Télécom group. The school offers a range of programs including Bachelor, Grande Ecole, Masters of Science, Executive Education, and doctoral partnerships, targeting students, enterprises, and international audiences. Technically, the website is built on WordPress with Elementor and several modern plugins, but suffers from slow performance and lacks a valid SSL certificate, which impacts security and user trust. Security posture is moderate with some best practices like SPF and DKIM for email, but critical issues exist due to missing HTTPS and TLS protocols. Privacy compliance is good with clear policies and consent mechanisms, and accessibility is excellently addressed with a dedicated plugin and detailed accessibility statement. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and modern TLS protocols.

X

XMP-Consult

xmp-consult.org

40

XMP-Consult operates as a network of independent consultants primarily serving French-speaking business leaders and members seeking consulting services. The website provides a membership platform, events calendar, publications, and a newsletter to engage its community. The business model focuses on connecting consultants with clients and fostering professional development through events and shared resources. Technically, the site is hosted on OVH with Apache server, uses a variety of JavaScript libraries including jQuery, Bootstrap, and TinyMCE, and employs a CMS likely based on NetAssoc. While the site is content-rich and well-structured with good mobile optimization, performance is slow and SEO is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, despite good security headers and cookie consent mechanisms. Privacy compliance is strong with GDPR-aligned cookie policies and consent banners. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

P

Packet Clearing House

pch.net

55

Packet Clearing House (PCH) is a well-established intergovernmental organization focused on supporting critical Internet infrastructure such as Internet Exchange Points (IXPs) and the Domain Name System (DNS). The organization has a strong global presence and is recognized as a pioneer in DNS anycast and IXP support, serving a technical audience including ISPs, network operators, and governance bodies. The website content is professionally presented with clear navigation and detailed service descriptions, targeting technical and governance stakeholders in the Internet ecosystem. Technically, the website uses a modern frontend stack including Bootstrap and JavaScript libraries like jQuery and D3.js, but lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are partially implemented but undermined by the invalid SSL setup. Privacy policies are present but lack explicit consent mechanisms, and no terms of service or incident response policies are found. Overall, the website is functional and informative but requires urgent improvements in security and compliance to enhance trust and protect users.

T

Turbine UI

turbineui.com

39

Turbine UI is a small technology-focused business offering a Laravel Blade and Tailwind CSS UI component library aimed at web developers building Laravel projects. The website presents a professional and consistent brand image with clear descriptions of its UI components and themeable styles. Technically, the site uses modern frontend technologies including Laravel, Tailwind CSS, Font Awesome, and Livewire, hosted likely on DigitalOcean. However, the website lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No privacy or cookie policies are present, and no explicit contact information is provided, which affects compliance and trust. Analytics are implemented via Google Tag Manager, indicating moderate user tracking. Overall, the site is functional and visually appealing but requires critical security and compliance improvements.

P

Polytechnique.org

polytechnique.org

40

Polytechnique.org operates as a specialized online portal dedicated to connecting students and alumni of the École Polytechnique. It offers a mix of public and private services including an online directory, forums, lifetime email addresses, and career-related resources through a partner platform. The site targets a niche educational community and maintains partnerships with related organizations such as the alumni association (AX) and recruitment platform Wats4U. Technically, the site runs on an Apache server with PHP and uses legacy JavaScript libraries, indicating a need for modernization. Critically, the site lacks a valid SSL certificate and HTTPS support, exposing users to security risks and undermining trust. Privacy compliance is minimal, with no cookie consent mechanism detected despite cookie usage. Overall, the site provides valuable community services but requires urgent security and technical improvements to meet modern standards.

E

ENSTA Paris

ensta-paristech.fr

40

ENSTA Paris is a prestigious French engineering school and a founding member of the Institut Polytechnique de Paris. It offers a wide range of engineering education programs including engineering cycles, masters, specialized masters, doctoral studies, and executive education. The institution focuses on sectors such as transport, energy, defense, robotics, and artificial intelligence, positioning itself as a key player in education and research within these domains. The website reflects a strong brand presence with comprehensive content and clear navigation, targeting prospective students, researchers, and industry partners. Technically, the site is built on Drupal 9 and uses Apache with mod_pagespeed for optimization, but lacks HTTPS which is a critical security shortfall. Matomo analytics is used for user tracking, indicating a moderate level of user data collection with reasonable privacy compliance. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers, exposing the site to potential risks. Business credibility is supported by multiple certifications and trust labels, but contact information is not prominently displayed, which could impact user trust and engagement. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and data.

M

MAIF

maif-evenements.fr

40

MAIF Evénements is a French event listing platform affiliated with the MAIF insurance group, focusing on promoting local community events across France. The website provides an interactive map and search functionality for users to find events by department and date. It leverages WordPress CMS with a variety of plugins and scripts to deliver a responsive and SEO-optimized user experience. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly impacts its security posture. While privacy and cookie policies are referenced, they reside on the main MAIF domain rather than this subdomain. Social media links connect to official MAIF accounts, enhancing trust. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and ensure compliance.

P

PLANETE CSCA

planetecsca.fr

40

PLANETE CSCA is a professional syndicate representing insurance brokers in France, providing advocacy, legal assistance, training, and operational tools to its members. The website is well-structured, content-rich, and targets insurance professionals and brokers. Technically, it is built on WordPress with modern technologies such as PHP 8.3, Apache, and integrates SEO and search optimization tools like Yoast SEO and Algolia. The site uses HTTPS with TLS 1.3 and 1.2 protocols, but lacks some advanced SSL security features such as HSTS and OCSP stapling. Privacy and cookie policies are present with consent mechanisms, indicating good GDPR compliance. Contact information is available primarily through a contact page, with no direct emails or phone numbers exposed. Social media presence is active, enhancing trust and engagement. Overall, the site demonstrates a good balance of business professionalism, technical implementation, and security posture.

W

Wevioo

wevioo.com

40

Wevioo is an international consulting company specializing in digital transformation, IoT, and innovation, serving major clients in banking, insurance, industry, logistics, and public sectors. The website is built on Drupal 8 and hosted on OVH infrastructure, leveraging modern web technologies such as Bootstrap and jQuery. While the site offers good content quality, clear navigation, and social media integration, it critically lacks HTTPS support, exposing visitors to security risks. The presence of cookie consent and privacy policies indicates some GDPR compliance, but absence of terms of service and security policies reduces overall trust. Strategic improvements in security posture and SSL implementation are essential to enhance user trust and compliance.

S

Switzerland Innovation Park Basel Area AG

sip-baselarea.com

40

Switzerland Innovation Park Basel Area AG operates a comprehensive innovation hub and coworking space platform focused on healthcare, life sciences, and technology sectors in Switzerland. The company provides flexible workspace solutions including ready-made offices, coworking spaces, lab spaces, and customizable workspaces tailored to startups, SMEs, and research institutions. Positioned as a key player in the Basel Area innovation ecosystem, it supports collaboration and growth through community building and event hosting. Technically, the website is built on WordPress with modern plugins and tracking tools, but lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. The site is professionally designed with excellent content quality and user experience, though performance data is limited. Security weaknesses include missing HTTPS, HSTS, DMARC, DNSSEC, and vulnerability disclosure mechanisms, which should be prioritized to improve trust and compliance. Overall, the business demonstrates strong market positioning and digital maturity but requires urgent security enhancements to protect user data and maintain credibility.

All Channels Communication Austria GmbH is a medium-sized marketing and communication agency operating primarily in Austria and the CEE region. The company offers a comprehensive range of services including campaign management, brand management, PR, digital strategies, and social media marketing. Positioned as one of the fastest growing and most awarded agencies in its region, it targets businesses seeking integrated multi-channel marketing solutions. The website content is well-structured and professionally presented in German, with clear navigation and mobile optimization. Technically, the site uses a modern tech stack including Bootstrap, jQuery, and Google Analytics, but suffers from a lack of a valid SSL certificate, impacting security and trust. Security posture is basic with no advanced headers or policies implemented, and privacy compliance is minimal with only a basic disclaimer modal and cookie consent banner. Contact information is clearly provided including phone, email, physical address, and a contact form. Overall, the website is functional and professional but requires significant improvements in security and privacy compliance to meet modern standards.

K

KTHE | Team Farner

kthe.at

40

KTHE | Team Farner is a medium-sized Austrian communications company offering a comprehensive range of communication services including brand design, campaigns, PR concepts, and platforms. They position themselves as a leading provider in the Austrian market with a strong emphasis on creativity and international outlook. The website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and Yoast SEO, but suffers from slow performance and basic accessibility. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, lack of security headers, and missing DNS security features. Privacy compliance is basic with a privacy policy and cookie notice present but no advanced GDPR indicators. Business credibility is moderate with clear contact information and social media presence but lacks certifications or detailed policies. Overall, the site is functional and professional but requires urgent security improvements.

L

Lansons

lansons.com

63

Lansons is a communications and reputation management consultancy operating primarily in the media sector with offices in London and New York. It is part of the larger Team Farner group, positioning itself as an established player offering a wide range of services including public relations, financial communications, crisis management, and sustainability advisory. The website content is professionally presented, targeting organizations and individuals seeking expert communications consultancy. Technically, the site uses modern JavaScript frameworks such as Alpine.js and GSAP, is built on Craft CMS, and is hosted by UKFast. However, performance metrics indicate slow loading times, and the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are well configured, but the absence of HTTPS significantly reduces the overall security posture. Privacy compliance is strong with a clear privacy policy and cookie consent mechanism. Contact information including email and phone number is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent SSL/TLS implementation to improve security and user trust.

S

Skills

skills.at

40

Skills is a well-established Austrian public relations and communication consultancy agency founded in 1984. The company specializes in full-service PR and communication consulting, focusing on sensitive and complex topics. It serves a broad business audience seeking expert communication services, supported by a strong network and quality certifications. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress with common frameworks like Bootstrap and uses jQuery and Yoast SEO for enhanced functionality and SEO. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. Privacy compliance is partially addressed with a privacy policy and DMARC/SPF email protections, but lacks a cookie consent mechanism. Overall, the site is functional and credible but requires urgent security improvements to protect user data and enhance trust.

Kirchhoff Consult GmbH is a specialized consulting firm focused on financial communication, corporate communications, sustainability, ESG, investor relations, and IPO advisory services. The company targets capital markets professionals and corporate clients seeking expert guidance in reporting and sustainability communication. The website reflects a strong market position supported by multiple industry awards and a consistent, professional brand presence. Technically, the site is built on TYPO3 CMS with Apache and PHP 8.3, but lacks proper HTTPS configuration, which is a critical security gap. Security posture is moderate with valid SPF and DMARC records but no SSL/TLS encryption, no HSTS, and no DNSSEC. Privacy compliance is partial with a comprehensive privacy policy but no cookie consent mechanism. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

The domain mein-check-in.de hosts a minimal website that immediately redirects visitors to an external recruiting solutions page at www.mein-helix.de. The site appears to represent a product or service named CHECK-IN by Perbility, targeting recruiting professionals or businesses. The business model is likely B2B software or service provision in the technology sector, specifically recruiting solutions. However, the website itself contains no substantive content, contact information, or legal disclosures, limiting insight into market position or company size. Technically, the site is hosted on an Apache server with DNS managed by noris.net. The SSL configuration is critically deficient, with no valid certificate and no TLS protocols enabled, resulting in an insecure HTTP-only connection despite the presence of HSTS headers. Security headers such as X-Frame-Options and X-Content-Type-Options are present, but the lack of HTTPS severely undermines security posture. Performance data is unavailable, but the immediate redirect and minimal content suggest a very lightweight site. Security posture is weak due to missing HTTPS and malformed DNS CAA records. No privacy, cookie, or terms policies are present, and no contact or incident response information is available. The site does not employ analytics or tracking technologies, indicating minimal user data collection. Overall, the site functions primarily as a redirect placeholder rather than a full-featured business website. Strategic recommendations include obtaining and properly configuring a valid SSL certificate to enable HTTPS, correcting DNS CAA records, implementing DMARC for email security, and publishing privacy and cookie policies to improve compliance and trust. Adding clear contact and business information would enhance credibility and user confidence.

D

DMT GROUP

dmt-group.com

53

DMT GROUP is a well-established global engineering services and consulting company with a history dating back to 1737. It operates primarily in the energy, infrastructure, mining, and engineering sectors, offering a broad range of services including engineering, consulting, geotechnics, exploration, and critical infrastructure protection. The company is part of the TÜV NORD GROUP, which enhances its market credibility and access to resources. The website reflects a professional and comprehensive digital presence with clear business information, structured data, and rich content targeting industrial clients worldwide. Technically, the website is built on TYPO3 CMS and uses common web technologies such as Apache server, Google Analytics, and LinkedIn Insight Tag for analytics and marketing. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. The absence of modern TLS protocols and security headers further weakens its security posture. Performance is rated slow due to missing SSL and possibly other optimizations. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Security-wise, the site has configured SPF and DMARC records for email security and shows no signs of common vulnerabilities like Heartbleed or POODLE. However, the lack of HTTPS and security headers significantly reduces the overall security score. There is no explicit incident response or vulnerability disclosure information available on the site. Overall, the website is professional and content-rich but requires urgent improvements in security infrastructure, especially SSL/TLS implementation, to protect user data and enhance trust. Privacy compliance could also be improved by adding cookie consent mechanisms. Strategic recommendations include implementing HTTPS, enhancing security headers, and improving privacy transparency.

U

Unikontor

unikontor.de

40

Unikontor is the official online shop of Universität Hamburg, providing a diverse range of high-quality, sustainable merchandising products such as hoodies, T-shirts, bags, and conference materials. The website targets students, staff, tourists, and supporters of the university, positioning itself as a trusted provider of university-branded merchandise with a strong emphasis on sustainability and fair production practices. Technically, the site is built on the Shopware CMS platform, running on modern PHP and Apache servers, with good performance and mobile optimization. Security measures include HTTPS with strong TLS protocols, essential security headers, and OCSP stapling, though improvements like DNSSEC and CAA records could enhance security further. Privacy compliance is addressed with a visible cookie consent mechanism and a privacy policy, although some areas could be more comprehensive. Overall, the site demonstrates a good balance of business credibility, technical implementation, and security posture, making it a reliable and professional e-commerce platform for university merchandise.

The website hfmt-hamburg.de currently serves a 404 error page indicating that no site configuration is found, suggesting the site is either offline or not properly configured. The site is powered by TYPO3 CMS and hosted on infrastructure associated with Technische Universität Hamburg. There is no accessible business content, contact information, or policies available, which severely limits the ability to assess the business or its services. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks. The absence of security headers and modern TLS protocols further weakens its security posture. Overall, the site is not operational from a user or security perspective, resulting in a very low trust and quality rating.

N

Next Big Idea Club

heleo.com

61

Next Big Idea Club operates a subscription-based nonfiction book club curated by renowned authors, targeting readers and professionals seeking curated knowledge. The platform offers physical book deliveries, digital content including audio and video courses, and exclusive events, positioning itself as a niche leader in the media sector. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and integrates multiple marketing and analytics tools such as Mixpanel, Google Tag Manager, and ProfitWell. Hosting is on Amazon AWS with a valid SSL certificate ensuring secure HTTPS connections. Security posture is solid but could be enhanced by implementing additional security headers and DNSSEC. Privacy compliance is adequate with a clear privacy policy and terms of service, though cookie consent mechanisms are lacking. Overall, the website is professional, content-rich, and trustworthy, with extensive user tracking for marketing purposes.

The website sparkassen-mediacenter.de serves as a centralized media management platform primarily targeting the Sparkassen-Finanzgruppe, a major financial group in Germany. It offers a suite of services including video content management, podcasts, interactive videos, and playlist creation, aimed at enhancing digital content distribution within the group's online platforms. The platform is positioned as an internal tool to streamline media content handling and ensure secure access to both public and internal video assets. Technically, the site is built on a traditional Apache server with standard HTML, CSS, and JavaScript assets. However, it lacks modern security infrastructure, notably missing a valid SSL/TLS certificate and HTTPS support, which significantly undermines its security posture. The site includes multiple JavaScript libraries and CSS bundles but does not leverage modern frameworks or CMS platforms. Security headers are partially implemented, but critical HTTPS and TLS configurations are absent. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a phone number and support ticket instructions, with no email addresses or social media presence. Overall, the site demonstrates moderate business credibility and good content relevance but suffers from critical security shortcomings that must be addressed to protect user data and maintain trust.

A

AkzoNobel Paints

hammerite.co.uk

62

Hammerite.co.uk is the official website for Hammerite, a brand specializing in metal protection paints and coatings, operating under the large multinational AkzoNobel Paints. The site offers detailed product information, advice, and store locator services targeting DIY enthusiasts and professional painters in the UK market. Technically, the website is built on Adobe Experience Manager CMS, hosted on AWS infrastructure, and uses modern web technologies including jQuery and Adobe Launch for tag management. The site is mobile optimized and SEO friendly with structured data implemented. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, which critically impacts HTTPS enforcement and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Business credibility is moderate due to the lack of direct contact details and explicit security policies. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

A

Austrian Business Agency

investinaustria.at

40

The Austrian Business Agency operates the website investinaustria.at to promote Austria as a prime investment destination. It provides comprehensive information and free consulting services to international investors and companies interested in establishing or expanding their business in Austria. The agency emphasizes Austria's innovation, research capabilities, skilled workforce, and stable economic environment. Technically, the website is built on modern frameworks including TYPO3 CMS and Nuxt.js, hosted behind Cloudflare for performance and security. The SSL certificate is valid but lacks advanced HTTPS security headers like HSTS. Privacy compliance is partially addressed with a clear privacy policy but lacks a cookie consent mechanism. Contact information and social media presence are well established, enhancing business credibility. Overall, the site is professional, content-rich, and user-friendly, suitable for its government agency role.

N

Next Big Idea Club

nextbigideaclub.com

49

Next Big Idea Club operates as a subscription-based nonfiction book club curated by renowned authors, targeting readers and professionals seeking curated knowledge. The platform offers physical book deliveries, digital content via a mobile app, and exclusive community engagement opportunities. Technically, the site is built on WordPress, hosted on AWS infrastructure, and integrates multiple marketing and analytics tools such as Mixpanel, Google Tag Manager, and ProfitWell. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, representing a critical security vulnerability. The absence of a cookie consent mechanism and minimal security headers further weaken its security posture. Business credibility is supported by strong branding, testimonials, and social media presence, but privacy compliance could be improved. Overall, the site provides good content and user experience but requires urgent security enhancements.

C

Calls for Transfer

callsfortransfer.de

31

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

O

ODAV AG - Lehrinstitut für Informatik

odav-lehrinstitut.de

40

ODAV AG - Lehrinstitut für Informatik is a well-established educational institution based in Straubing, Germany, specializing in IT training and professional development. With over 40 years of experience, it offers a variety of courses, firm seminars, and funding options targeting IT professionals and companies seeking to enhance digital competencies. The website reflects a professional and content-rich platform with clear navigation, testimonials, and detailed course information. Technically, the site uses Apache server, jQuery, Bootstrap, and a proprietary ODAV CMS, with Matomo analytics integrated under cookie consent management. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken its security posture. Security headers are partially implemented, but critical improvements are needed to ensure secure communications and compliance. Overall, the site is trustworthy and user-friendly but requires urgent security enhancements to protect user data and improve trust.

D

DIZ | Digitales Innovationszentrum GmbH

digitalhub-ai.de

40

Digital Hub Applied Artificial Intelligence Karlsruhe is a regional technology ecosystem hub focused on advancing artificial intelligence and cybersecurity in Karlsruhe, Germany. It serves as a network facilitator offering services such as events, workshops, startup programs, and expert access to foster innovation and collaboration. The website presents a professional and consistent brand image targeting businesses and individuals interested in AI and cybersecurity. Technically, the site is built on the Contao CMS platform, using Apache server and common web libraries like jQuery and Leaflet. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. Security headers are present but insufficient without proper HTTPS. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy page, but GDPR compliance indicators and incident response information are missing. Overall, the site demonstrates moderate digital maturity with room for improvement in security and privacy practices.

L

Landitec GmbH

landitec.com

53

Landitec GmbH is a medium-sized German company specializing in high-quality, flexible, and high-performance appliance solutions and services for the B2B sector. They focus on customized IT security appliances and software solutions, including network hardware, edge AI, 5G, and industrial applications. The company holds a strong market position as an OPNsense Platinum Partner and collaborates with notable partners such as SECUDOS and Barracuda. Their offerings include both hardware and software appliances, tailored to customer needs from initial concept to final product delivery. Technically, the website is built on Joomla CMS with the Helix Ultimate framework, utilizing modern libraries like jQuery and Bootstrap. The site is well-structured, mobile-optimized, and includes SEO best practices. However, the absence of a valid SSL certificate and HTTPS significantly impacts their security posture. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating good privacy compliance. Analytics usage is moderate, primarily via Google Analytics and Tag Manager. Security-wise, the lack of valid HTTPS is a critical issue that lowers the overall security score. Other security best practices such as HSTS, OCSP stapling, and session resumption are not implemented. No explicit security policy or incident response information is found. The company provides clear contact information and maintains a professional online presence, but should prioritize securing their website with valid SSL certificates to enhance trust and compliance. Overall, Landitec GmbH presents a professional and credible business with solid technical infrastructure but requires urgent improvements in security configuration to meet modern standards and ensure customer trust.

I

Inland Southern California Climate Collaborative

iscclimatecollaborative.org

38

The Inland Southern California Climate Collaborative (ISC3) is a regional, cross-sectoral network focused on advancing equitable climate resilience solutions in Inland Southern California. The organization facilitates collaboration among agencies, organizations, and institutions to address climate risks such as heat, drought, and wildfires. The website serves as an informational platform providing resources, membership information, and regional climate reports. Technically, the site is built on WordPress with common plugins and libraries but suffers from a lack of a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication DNS records. Privacy compliance is minimal, with no privacy or cookie policies detected. Business credibility is moderate, supported by university facilitation and government partnerships, but could be improved with more transparent policies and contact information. Overall, the site is functional and content-rich but requires significant security and privacy improvements to enhance trust and compliance.

A

Akzo Nobel N.V.

international-pc.com

52

International-pc.com is the official website for AkzoNobel's International Protective Coatings brand, specializing in protective and fire protection coatings for industrial sectors such as energy, offshore oil and gas, wind power, mining, and infrastructure. The site presents a professional and content-rich experience with detailed case studies, product applications, and technical support information, targeting industrial B2B clients globally. Technically, the site is built on Adobe Experience Manager CMS and uses modern JavaScript frameworks including React and jQuery, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, significantly impacting its security posture. While security headers are partially implemented, the absence of HTTPS is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is reinforced by strong branding, social media presence, and detailed content. Overall, the site scores moderately due to excellent content and business credibility but suffers from critical security configuration issues.

B

BCS Eventos

bcseventos.com.br

45

BCS Eventos is a Brazilian company specializing in intelligent solutions for events such as fairs, congresses, and shows. Established in 1997, it has served over 1,000 events and offers a comprehensive event management platform called SIGEVENT, alongside technical support and equipment rental services. The company targets event organizers and managers, positioning itself as an experienced and reliable provider in the event technology sector. Technically, the website is hosted on KingHost with an Apache server and uses modern JavaScript libraries and Google Fonts, but lacks HTTPS security and advanced security headers. The site is professionally designed with good content quality and navigation, though performance data is limited. Security posture is weak due to missing SSL certificate and security headers, posing risks to user data and trust. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is functional and professional but requires significant security improvements to enhance trust and compliance.

L

Landitec GmbH

scope7.de

40

scope7.de is the online presence of Landitec GmbH's scope7® brand, specializing in hardware appliances tailored for open source solutions such as OPNsense®, flexiWAN, IPFire, Untangle®, and FRRouting. The company positions itself as a provider of powerful, cost-effective, and ready-to-use hardware platforms that are pre-installed with popular open source firewall and routing software. Their market position is strengthened by official certifications and partnerships, notably as an OPNsense Platinum Partner and flexiWAN certified hardware provider. The website reflects a professional and consistent brand image targeting businesses and professionals seeking vendor-independent open source security appliances. Technically, the site is built on Joomla CMS with modern frontend libraries and extensions, delivering good performance and mobile optimization. Security posture is solid with HTTPS enforced, HSTS header present, and no detected SSL vulnerabilities, though improvements like OCSP stapling and DNSSEC could enhance security further. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is available with a clear company phone number and contact forms, supporting business credibility. Overall, the website demonstrates a mature digital presence with strong business and security fundamentals.

P

Papoo Software & Media GmbH

epccm19.com

66

Papoo Software & Media GmbH operates the CCM19 Cookie Consent Manager, a comprehensive European alternative for cookie consent management software. The company offers multiple deployment options including on-premise, cloud, and agency versions, emphasizing data sovereignty by hosting all infrastructure in Germany. The website demonstrates a strong market position with extensive features, multilingual support, and a clear focus on compliance with GDPR, TDDDG, and other privacy regulations. The business targets website owners, agencies, and enterprises requiring robust consent management solutions. Technically, the site uses a modern stack with Apache, PHP, jQuery, and Foundation framework, hosted by Your-Server.de. Security posture is solid with HTTPS, security headers, and no known vulnerabilities, though some improvements like enhanced HSTS and CSP headers are recommended. Overall, the site is professional, well-structured, and trustworthy, with clear contact information and certifications. The privacy and cookie policies are comprehensive and GDPR compliant, supporting a positive privacy compliance score.

R

Railteam

railteam.eu

40

Railteam is a European rail alliance providing high-speed train services across more than 100 destinations in Europe. The alliance emphasizes sustainable travel, passenger comfort, and additional services such as lounges and flexible travel options like HOTNAT. The website is professionally designed with good content quality and clear navigation, targeting European rail travelers seeking efficient and environmentally friendly transport. Technically, the site uses Sweet CMS and common frontend libraries but suffers from critical security issues due to lack of a valid SSL certificate and absence of HTTPS, which severely impacts its security posture. Privacy policies and cookie consent mechanisms are present, but no direct contact information or security policies are found. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Innovation

hamburginnovation.de

35

Hamburg Innovation GmbH is a medium-sized innovation and technology transfer company based in Hamburg, Germany, founded in 2004. It serves as a bridge between academic research and practical application by connecting universities with businesses, policymakers, and society to foster innovation. The company offers consulting, mediation, and coordination services to support knowledge transfer, spin-offs, and new technologies. Technically, the website is built on WordPress with Elementor and Slider Revolution, providing a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly provided. The site uses Matomo for analytics, indicating a privacy-conscious approach. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

F

Forschungsfabrik Mikroelektronik Deutschland

fmd-insight.de

33

FMD.insight is a specialized news platform operated by the Forschungsfabrik Mikroelektronik Deutschland, focusing on microelectronics research and innovation in Germany. It provides news, interviews, tutorials, and a virtual showroom to engage its target audience of researchers and industry professionals. The website is built on WordPress and uses various plugins including Matomo for analytics. While the content quality and user experience are good, the site lacks HTTPS support, which is a critical security deficiency. No cookie consent mechanism is present despite the use of tracking analytics, indicating partial privacy compliance. Contact information is available but email is obfuscated to prevent scraping. Overall, the site is professional but requires urgent security improvements.

S

Start EAD

startmoodle.com

40

Start EAD is a Brazilian SaaS platform offering a fully customizable virtual store integrated with the Moodle LMS for online course sales and management. The platform targets content creators, educators, and entrepreneurs seeking control over their EAD projects without high platform commissions. Technically, the site is built on WordPress with Elementor and uses various plugins for SEO and marketing. However, the site lacks HTTPS, which severely impacts its security posture. Marketing tools like Facebook Pixel and Google Tag Manager are used, but privacy and cookie policies are absent, indicating compliance gaps. Overall, the business presents a professional front with good content and user experience but requires urgent security and privacy improvements.

I

Incepa

banheirosincepa.com.br

38

Incepa is a Brazilian manufacturing company specializing in bathroom and kitchen sanitary products, including ceramic sanitary ware, accessories, and complementary items. The company has recently integrated with the Roca brand, enhancing its market position. The website serves as a product catalog and brand promotion platform targeting residential customers, hotels, construction companies, and public environments. Technically, the site uses an Apache server with PHP 7.3.33 and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and OneTrust for cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The website content is well-structured and professionally designed, but privacy and security policies are missing or not clearly presented. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance.

H

Hospital Geral de Caxias do Sul

hgcs.com.br

46

Hospital Geral de Caxias do Sul is a large healthcare institution in Brazil providing a comprehensive range of medical services including oncology, radiotherapy, intensive care, and specialized treatments. The hospital is a regional reference in high complexity care and is accredited by the ONA, reflecting its commitment to quality and safety. The website serves patients, healthcare professionals, and the local community, also offering educational programs such as medical residency and permanent education. Technically, the site uses a modern tech stack including Apache server, Laravel framework, and various JavaScript libraries for UI and analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are minimal, and no privacy or cookie policies are found, indicating compliance gaps. The site includes multiple contact phone numbers, a physical address, and social media links, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

E

edu.za

edu.za

45

The edu.za domain is associated with the education sector in South Africa, likely serving as a domain registry or portal for educational institutions. However, the website is currently non-functional, displaying a database connection error that prevents access to any meaningful content or services. The technical infrastructure is minimal, running on Apache with PHP 7.4.33, but lacks modern security configurations such as a valid SSL certificate and TLS support. The absence of security headers, DNSSEC, and email authentication mechanisms further weakens the security posture. There are no visible privacy or cookie policies, contact information, or business details, indicating a lack of transparency and user engagement. Overall, the site exhibits poor performance, accessibility, and security maturity, posing risks to users and stakeholders.

A

AEARV - Associação dos Engenheiros e Arquitetos Região Vinhedos

aearv.com.br

65

AEARV is a small regional professional association based in Brazil, serving engineers and architects in the Região dos Vinhedos area. The website provides information about membership, benefits, events, and congresses, targeting local professionals and supporters. The digital infrastructure is built on WordPress with common plugins and hosted by Locaweb. However, the site lacks a valid SSL certificate and modern security configurations, exposing it to risks related to data confidentiality and integrity. No privacy or cookie policies are present, which may impact compliance with data protection regulations. The contact information is clearly presented, including phone, email, and physical address, along with social media links to Facebook, Instagram, and WhatsApp.

S

Ströer

plakate-buchen.de

57

Plakate-Buchen.de is an online advertising booking platform operated by Ströer, focusing on poster and campaign advertising across Germany. The platform offers access to over 300,000 advertising locations with daily updated availability and convenient online payment options, targeting businesses seeking to promote their stores or campaigns locally. The website is primarily in German and provides a phone contact for customer inquiries but lacks visible email contacts or terms of service. Technically, the site runs on an Apache server with modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager for analytics and tracking. Security headers such as Strict-Transport-Security and X-Content-Type-Options are present, but improvements are needed in HSTS configuration, OCSP stapling, DMARC, DNSSEC, and certificate transparency compliance. The site implements cookie consent with express consent type, aligning with basic GDPR requirements but lacks comprehensive privacy and security policies. Overall, the platform demonstrates a moderate security posture with room for enhancement in email security and transport layer protections.