Security Directory

J

Jung von Matt

jvm.at

40

Jung von Matt is a well-established independent global creative agency specializing in marketing communications and branding services. The company targets brands and businesses seeking innovative and culturally impactful marketing solutions. Their website reflects a strong market position with a professional design, consistent branding, and comprehensive content showcasing their key services and projects. The technical infrastructure leverages modern technologies such as Netlify hosting, Contentful CMS, Matomo analytics, and Usercentrics for consent management, indicating a mature digital presence. However, the website currently suffers from an invalid SSL certificate, which undermines the security posture and user trust. While privacy and cookie policies are well implemented and GDPR compliant, the absence of explicit security policies and incident response information suggests room for improvement in security transparency. Overall, the site is professional and trustworthy but should prioritize fixing SSL issues and enhancing security disclosures to improve its risk profile.

S

SANOVA®

sanova.at

23

SANOVA Pharma GesmbH is a well-established Austrian healthcare company with over 70 years of history, specializing in brand management, medical systems, and logistics services for the healthcare industry. The company operates primarily in Austria with subsidiaries in the Czech Republic and Switzerland, serving additional markets in Eastern Europe and Asia. Their business model focuses on importing valuable healthcare products, providing specialized logistics services, and supporting healthcare professionals with medical technology solutions. The website reflects a professional and consistent brand presence with comprehensive business information and contact details.

V

VRVis GmbH

vrvis.at

29

VRVis GmbH is Austria's largest research institution specializing in Visual Computing, integrating Artificial Intelligence and Simulation to address complex data-driven challenges. With 25 years of experience and strong industry collaborations, VRVis offers research, tailored products, and consulting services primarily targeting industrial and scientific audiences. The website is professionally designed, multilingual, and content-rich, reflecting a mature digital presence. Technically, the site runs on TYPO3 CMS with Matomo analytics, demonstrating a modern but self-managed infrastructure. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is minimal, lacking cookie consent mechanisms and explicit GDPR indicators. Overall, VRVis presents a credible and trustworthy business profile but requires urgent improvements in security and privacy practices to align with modern standards.

H

HOERBIGER

hoerbiger.com

40

HOERBIGER is a large industrial company specializing in emissions solutions and performance-defining components across sectors such as energy, automotive, and hydrogen industries. The company holds a strong market position as a world leader in compression and rotary unions, providing innovative products and services aimed at increasing efficiency, safety, and sustainability. The website reflects a professional and well-branded digital presence, leveraging modern technologies such as Neos CMS and Flow Framework, with multimedia content and clear navigation tailored for industrial clients and partners. Technically, the website employs advanced content security policies, privacy compliance tools like Cookiebot, and analytics via Matomo, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts the site's security posture and user trust. Other security headers are well implemented, but the lack of encryption exposes users to potential risks. Overall, the security posture is weak due to missing HTTPS, but privacy compliance and business credibility are strong. The site is accessible without WAF or blocking mechanisms, allowing full content analysis. Strategic improvements in SSL deployment and enhanced security practices are essential to elevate the site's trustworthiness and compliance. The risk assessment highlights the urgent need for SSL certificate installation and enabling HTTPS to protect data integrity and confidentiality. The company should also consider publishing vulnerability disclosure policies and incident response contacts to further strengthen security culture and transparency.

J

Johannes Kepler Universität Linz

jku.at

36

Johannes Kepler Universität Linz operates as a large public university in Austria, offering a wide range of academic programs including Bachelor, Master, Diplom, and doctoral studies. The institution serves students, researchers, and alumni with comprehensive educational and research services, supported by a well-structured and professionally designed website. The university maintains a strong market position as the largest university in Upper Austria with extensive campus services and international programs. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates analytics and marketing tools such as Google Tag Manager and Matomo. However, the absence of a valid SSL/TLS certificate is a critical security gap, exposing users to risks and lowering the overall security posture. Privacy and cookie policies are well implemented with explicit consent mechanisms, reflecting good GDPR compliance. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and strengthen its security framework.

N

NOVOMATIC AG

novomatic.com

40

NOVOMATIC AG is a leading global gaming technology company headquartered in Austria, founded in 1980. It operates as a full-service provider in the gaming industry, offering a broad portfolio including gaming cabinets, games, platforms, and additional products. The company has a strong market position as one of the largest gaming technology corporations worldwide and the clear market leader in Europe. The website reflects a professional corporate presence targeting industry partners, casino operators, and job seekers, with comprehensive contact information and multilingual support. Technically, the website is built on Drupal 10 CMS and leverages modern JavaScript libraries and analytics tools such as Matomo. It is hosted behind Sucuri Cloudproxy WAF, ensuring some level of protection. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that significantly lowers the security posture. The site implements security headers and content security policies but must urgently address SSL/TLS configuration to protect user data and maintain trust. Privacy compliance is well addressed with GDPR-compliant privacy and cookie policies, including a consent mechanism. The company demonstrates business credibility through detailed contact information, licensing by the UK Gambling Commission, and consistent WHOIS data. Overall, the site is content-rich, professionally designed, and trustworthy but requires immediate security improvements regarding SSL/TLS. Strategic recommendations include obtaining and properly configuring SSL certificates, enabling modern TLS protocols, enhancing OCSP stapling and session resumption, and maintaining strong security header policies. These steps will improve security, user trust, and compliance with industry standards.

S

STYRIA MEDIA GROUP

styria.com

40

STYRIA MEDIA GROUP is a large, established media company operating multiple brands primarily in Austria. The website serves as a digital presence for the group, showcasing its various media brands and services. The technical infrastructure includes a modern JavaScript framework (Vue.js) and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the website lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a significant security concern. The presence of a Content Security Policy in report-only mode and strict transport security headers shows some security awareness but incomplete implementation. Privacy compliance is well addressed with GDPR-compliant policies and consent management tools. Overall, the website is functional but requires urgent security improvements to protect user data and enhance trust.

The website dieangewandte.at represents the Universität für angewandte Kunst Wien, a large educational institution specializing in applied arts. The site offers comprehensive information about academic programs, research, exhibitions, and cultural events targeting students, researchers, and the arts community. The business model is centered on education and cultural dissemination, positioning the university as a key player in Austria's higher education sector for arts. Technically, the site uses a custom CMS with Apache hosting, integrates Matomo analytics, Google Fonts, and jQuery-based UI components. However, the site lacks HTTPS, which is a critical security deficiency. Security posture is weak due to missing SSL/TLS, lack of security headers, and no incident response or vulnerability disclosure policies. Privacy compliance is minimal with no cookie consent mechanism, though Matomo usage suggests some privacy awareness. Overall, the site is professionally designed and content-rich but requires urgent security upgrades to protect users and data.

N

NBS Rekrutēšanas un atlases centrs

klustikaravirs.lv

40

The website klustikaravirs.lv serves as the official recruitment platform for the Latvian National Armed Forces, providing comprehensive information and application options for various military service types including professional service, national defense service, and specialized military education. The site targets Latvian citizens aged 18 to 60 interested in serving their country, positioning itself as a trusted government resource with strong public confidence. Technically, the site is built on Drupal 10, employs Matomo for privacy-conscious analytics, and offers a responsive, accessible user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. Additionally, DNS and email security configurations could be enhanced with DNSSEC and DMARC records. Privacy and cookie policies are present with consent mechanisms, but no terms of service or security policies are published. Overall, the site is functional and professional but requires urgent security improvements to align with best practices.

A

alwaysdata

alwaysdata.com

56

alwaysdata is a French cloud hosting provider established in 2001, offering a range of developer-friendly services including public and private cloud hosting, domain registration, managed databases, and email hosting. The company targets developers, educational institutions, and open-source projects, positioning itself as a niche player focused on ease of use and flexibility. Their platform supports multiple programming languages and provides automated deployment options, appealing to a technical audience. The website is professionally designed with clear navigation and comprehensive content, reflecting a mature digital presence. Technically, alwaysdata utilizes Django as its web framework and integrates Matomo for analytics, emphasizing privacy compliance with cookie consent mechanisms. The site is mobile-optimized and accessible, with good SEO practices. However, the security posture is weakened by the absence of a valid SSL certificate and HTTPS support, alongside missing security headers and advanced TLS features. This represents a significant risk for user data protection and trust. While privacy policies, cookie policies, and terms of service are well documented and GDPR compliant, the lack of SSL undermines overall security. The company maintains a bug bounty program, indicating a proactive approach to vulnerability management. Contact options are clear, including a phone number and detailed contact forms. Overall, alwaysdata presents a strong business and technical profile but must urgently address SSL and HTTPS implementation to enhance security and user trust. Strategic improvements in security headers and TLS configurations are also recommended to align with best practices.

U

UVdata A/S

uvdata.dk

37

UVdata A/S is a Danish software company specializing in providing comprehensive software solutions for private and free schools, afterschools, and educational institutions in Denmark. Their product portfolio includes school management systems, payroll solutions, guidance software, and time management tools, positioning them as a key player in the Danish education technology sector. The company operates under the parent company KMD, enhancing its market credibility and reach. The website content is well-structured, primarily in Danish, and targets educational institutions with relevant services and support information. Technically, the website is built on WordPress using the Avada theme and integrates several JavaScript libraries and plugins, including Matomo for analytics. However, the site suffers from performance issues with slow load times and a large number of resources. Security-wise, the website lacks a valid SSL certificate, serving content without HTTPS, which is a critical vulnerability. Additionally, it lacks essential security headers and advanced SSL features such as HSTS and OCSP stapling. Privacy compliance is addressed with clear privacy and cookie policies and a consent mechanism, aligning with GDPR requirements. Overall, while the business and content aspects are strong and credible, the technical and security posture require significant improvements to ensure user trust and data protection.

U

Ubivox Technologies ApS

ubivox.com

40

Ubivox Technologies ApS operates a GDPR-compliant SaaS platform specializing in newsletters, email campaigns, and transactional emails, targeting companies, webshops, and governmental institutions primarily in Denmark. The company has a strong market presence with over 1,000 clients including notable Danish government bodies. Their platform emphasizes user-friendliness, legal compliance, and integration capabilities with over 1,000 external systems. Technically, the website is built on WordPress with the Avada theme and incorporates modern JavaScript libraries and marketing tools such as Matomo, Facebook Pixel, and LinkedIn Insight Tag. Security measures include TLS 1.3 support and OCSP stapling, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, trustworthy, and well-structured, with a moderate to good security posture and strong business credibility.

Naalakkersuisut.gl is the official government website of Greenland, serving as the primary portal for government news, departmental information, and public resources. The site targets Greenlandic citizens, government officials, and media, providing authoritative and up-to-date information about governmental activities and services. The business model is public service oriented, with a focus on transparency and communication. Technically, the website employs standard web technologies including JavaScript and CSS, and uses Matomo for analytics. The site is moderately performant and mobile-optimized, but lacks modern security implementations such as HTTPS and security headers, which significantly impacts its security posture. From a security perspective, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, exposing users to potential data interception risks. No privacy or cookie policies were found, indicating gaps in compliance with GDPR and other privacy regulations. The site does not display any incident response or security policies, which could affect trust and readiness for security events. Overall, while the website fulfills its role as a government information portal with good content quality and user experience, the lack of fundamental security measures and privacy compliance lowers its trustworthiness and exposes it to risks. Strategic improvements in security infrastructure and privacy transparency are recommended to enhance user trust and regulatory compliance.

O

Oqaasileriffik

kukkuniiaat.gl

41

Oqaasileriffik operates the website kukkuniiaat.gl, providing the Greenlandic spell checker tool Kukkuniiaat. This service supports multiple office platforms including Google Docs, Microsoft Office, Adobe InDesign, LibreOffice, and Apache OpenOffice, targeting Greenlandic language users and institutions. The organization is a government language secretariat, positioning itself as the official provider of Greenlandic language technology and resources. The website content is well-structured, multilingual, and professionally presented, supporting accessibility and user engagement. Technically, the website employs modern front-end technologies such as Bootstrap 5 and jQuery, hosted by Hosting.gl ApS. It integrates Matomo and Google Analytics for user tracking and performance monitoring. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security deficiency. Performance is moderate with a page load time of approximately 4.5 seconds and a moderate number of resources. From a security perspective, the absence of HTTPS and modern TLS protocols significantly undermines user data protection and trust. While SPF and DMARC records are correctly configured for email security, the lack of security headers, HSTS, and OCSP stapling further weakens the security posture. Privacy compliance is basic with a privacy policy present but lacking explicit GDPR compliance statements or cookie consent mechanisms. Overall, the website is functional and credible but requires urgent security improvements, especially SSL/TLS deployment, to protect users and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, implementing security headers, and enhancing privacy compliance to meet regulatory standards.

O

Oqaasileriffik

nutserut.gl

42

Nutserut is a specialized online platform operated by Oqaasileriffik, the Language Secretariat of Greenland, providing machine translation and language learning tools focused on the Greenlandic language. The website offers multiple AI-based translation methods and educational annotation tools aimed at language learners, translators, and researchers interested in Greenlandic. The service is positioned as a niche governmental resource with a clear public service mission. Technically, the website employs modern frontend technologies including Bootstrap 5.3, jQuery, and Matomo analytics. However, the site suffers from slow load times and lacks HTTPS support due to an invalid or missing SSL certificate, which significantly impacts security and user trust. The site is hosted via Hosting.gl ApS with DNS managed through Google Domains, reflecting a stable infrastructure. From a security perspective, the absence of HTTPS and security headers presents a critical vulnerability, exposing users to potential data interception risks. No privacy or cookie policies are present, indicating poor privacy compliance. Analytics tools are used without visible privacy disclosures, and no incident response or security policy information is provided. The domain registration is mature and consistent with the governmental nature of the site, supporting legitimacy. Overall, while the website provides valuable language services with good content and business credibility, its security posture is weak and privacy compliance is lacking. Strategic improvements in SSL deployment, security headers, and privacy policies are essential to enhance trust and protect users.

O

Oqaasileriffik

ordbog.gl

36

Oqaasileriffik operates as the official Language Secretariat of Greenland, providing comprehensive Greenlandic dictionaries and language resources online. The website serves a niche audience including Greenlandic speakers, researchers, and students, offering multiple historical and modern dictionaries in Greenlandic, Danish, and English. The business model is non-commercial and government-supported, positioning it as a key language resource provider in Greenland. Technically, the site employs modern frontend technologies such as Bootstrap, jQuery, and SQL.js, and supports a Progressive Web App for offline access. However, performance is slow with a high page load time and large page size. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, and missing security headers, which significantly impacts user trust and data protection. Privacy compliance is minimal, with no privacy or cookie policies present, and moderate user tracking via Matomo and Google Tag Manager. Overall, the site is legitimate and consistent with its stated purpose but requires urgent improvements in security and privacy to enhance trust and compliance.

Oqaasileriffik is the official Greenlandic Language Secretariat, providing authoritative language resources, terminology, and policy information primarily for the Greenlandic language. The website serves as a central hub for language tools, dictionaries, news, and educational materials targeting Greenlandic speakers, researchers, and government stakeholders. The organization operates as a governmental or non-profit entity focused on language preservation and development. Technically, the website is built on WordPress with Elementor and several plugins, including multilingual support via WPML. The infrastructure uses Apache on Ubuntu, but suffers from critical SSL issues with an invalid certificate and no modern TLS protocols enabled, which undermines secure communications. Performance data is limited, but the site appears content-rich and mobile-optimized with basic accessibility features. Security posture is weak due to the invalid SSL certificate, lack of HSTS, missing security headers, and absence of vulnerability disclosure or security policies. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact information is clearly provided, including email, phone, and physical address, along with active social media channels. Overall, the site is functional and content-rich but requires urgent improvements in SSL configuration, security best practices, and privacy compliance to enhance trust and protect users. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS, publishing privacy and cookie policies, and implementing security headers and vulnerability disclosure mechanisms.

Sullissivik.gl is the official government portal for public services in Greenland, targeting both citizens and businesses. It provides a centralized platform for accessing self-service forms, information on cultural, housing, equality, and transport topics, and digital communication channels. The site is primarily in Greenlandic with options for Danish and English, reflecting its public service nature. The portal is positioned as a key digital interface for government-citizen interaction in Greenland. Technically, the site uses modern JavaScript libraries, SVG icons, and integrates Matomo analytics for user tracking. However, the site suffers from a critical lack of a valid SSL certificate and HTTPS enforcement, which severely impacts its security posture. No advanced security headers or policies are detected, and privacy compliance is basic with only a cookie policy present. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and build trust.

D

Digitaliseringsstyrelsen

digst.dk

40

Digitaliseringsstyrelsen is the Danish government agency responsible for leading the digital transformation of Denmark, aiming to simplify daily life for citizens and businesses while supporting public authorities in delivering quality services. The agency operates a comprehensive website offering information on digital solutions such as MitID, Digital Post, and various support services, targeting both citizens and businesses. The site reflects a strong government presence with clear contact details and compliance with privacy regulations. Technically, the website uses modern tools like Cookiebot for consent management and analytics platforms such as Matomo and Siteimprove, but suffers from a lack of valid SSL certificates and slow load times, which negatively impact security and user experience. Security posture is weak due to missing HTTPS, lack of security headers, and no DNSSEC, although SPF and DMARC are properly configured. Overall, the site is trustworthy and authoritative but requires urgent improvements in security infrastructure to protect user data and enhance trust.

D

Danish e-Infrastructure Consortium (DeiC)

deic.dk

40

DeiC (Danish e-Infrastructure Consortium) is a government-affiliated consortium established in 2011 that provides critical e-infrastructure services to Danish universities and research institutions. Their offerings include high-performance computing, data management, quantum infrastructure, and research network connectivity. The organization targets academic and research communities in Denmark, positioning itself as a national leader in research infrastructure. The website reflects a mature and professional digital presence with comprehensive content and clear navigation, built on Drupal 9 with modern web technologies. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no proper HTTPS support. This significantly impacts the security posture and user trust. Privacy and cookie policies are well implemented and GDPR compliant, with Matomo analytics used responsibly. Contact information is clearly provided, enhancing business credibility. Overall, DeiC's website demonstrates strong business and content quality but requires urgent security improvements to meet modern standards.

S

Sikt

sikt.no

62

Sikt is a Norwegian public agency providing shared digital services and infrastructure to the education and research sectors. The organization offers a broad portfolio of services including network solutions, data sharing, cybersecurity, and research data archiving, positioning itself as a key national service provider. The website reflects a mature digital presence with excellent content quality, clear navigation, and professional design tailored to its target audience of students, researchers, and educational institutions. Technically, the site uses modern frameworks such as Next.js and Drupal CMS, and integrates privacy-conscious analytics tools like Matomo and Siteimprove. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which are critical issues that must be addressed to ensure secure communications and trust. Privacy compliance is well handled with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

S

Sikt

uninett.no

61

Sikt is a Norwegian public agency providing shared digital infrastructure and services to the education and research sectors. The website clearly communicates its role as a key service provider supporting digitalization, data sharing, and open research for knowledge institutions in Norway. The target audience includes students, researchers, and educational organizations. The business model is that of a government agency offering essential infrastructure and services nationally. Technically, the website is built on modern frameworks such as Next.js and Drupal, with good mobile optimization and accessibility. However, performance is moderate and could be improved. Security posture shows critical weaknesses, notably an invalid SSL certificate and lack of modern TLS protocols, which significantly reduce the security score. Privacy compliance is good with clear privacy and cookie policies, though no explicit consent mechanism is observed. Business credibility is high due to consistent branding, professional content, and clear contact channels via forms. Overall, the site is trustworthy but requires urgent SSL and security improvements to protect users and data.

N

Nofim AS

nofima.com

40

Nofima is a Norwegian government-affiliated research institute specializing in applied research within fisheries, aquaculture, and food systems. It serves a broad audience including industry actors, research partners, and public sector entities. The organization is large with over 380 employees and is positioned as a leading institute in its sector in Norway. The website reflects a professional and comprehensive digital presence with rich content, structured navigation, and multilingual support. Technically, the site is built on WordPress with modern libraries and plugins, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DMARC and DNSSEC configurations. Privacy compliance is partial, with privacy and cookie policies present but no active consent mechanism. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

N

Norwegian Geotechnical Institute (NGI)

ngi.no

40

The Norwegian Geotechnical Institute (NGI) operates a professional and content-rich website focused on geotechnical research, consulting, and education primarily serving Norwegian and international engineering and environmental sectors. The site offers detailed information on their research areas, projects, and career opportunities, targeting professionals, researchers, and students in geotechnical and environmental fields. Technically, the website uses modern JavaScript frameworks, Azure Application Insights, Matomo analytics, and is hosted behind Cloudflare, with Episerver CMS indications. However, a critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, severely impacting secure communications and trust. Privacy and cookie policies are implemented with consent mechanisms, but no explicit terms of service or security policy pages were found. Contact information includes a verified company email but lacks explicit phone numbers or physical addresses in the HTML content. Social media presence is active across major platforms. Overall, the website is professionally designed and functional but requires urgent security improvements to meet modern standards.

N

Nofima AS

nofima.no

57

Nofima AS is a leading Norwegian food research institute specializing in research and development for the aquaculture, fisheries, and food industries. The organization serves a broad audience including food producers, government agencies, and scientific communities. Their business model focuses on providing research services, knowledge dissemination, and training to support sustainable food production. The website is professionally designed, content-rich, and well-branded, reflecting a strong market position in the government sector. Technically, the site is built on WordPress with modern plugins and libraries, hosted behind Cloudflare, and uses Matomo for privacy-conscious analytics. However, the security posture is weakened by an invalid SSL certificate and lack of TLS support, which is a critical risk. Privacy compliance is good with clear privacy and cookie policies, though no explicit terms of service or security policies are published. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain credibility.

N

Norsk institutt for bioøkonomi

nibio.no

60

NIBIO (Norsk institutt for bioøkonomi) is a large Norwegian government research institute specializing in bioeconomy, agriculture, environment, and resource management. With approximately 750 employees, it holds a strong market position as a key knowledge provider in sustainable food production, plant health, forestry, and agricultural economics. The website reflects a mature and professional organization with comprehensive content targeting researchers, policymakers, and agricultural stakeholders. Technically, the site employs modern analytics (Matomo), consent management (Cookiebot), and uses frameworks like Bootstrap and Handlebars, hosted likely on Uninett infrastructure. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS, which is a critical vulnerability. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained but urgently needs to address its SSL/TLS configuration to improve security and user trust.

N

Norges geologiske undersøkelse (NGU)

ngu.no

61

Norges geologiske undersøkelse (NGU) is a Norwegian government agency specializing in geological surveying and dissemination of geological knowledge. The website serves as a portal for geologic maps, scientific publications, and news relevant to geology in Norway, targeting researchers, government bodies, and the public. The organization holds a strong national position as the authoritative source for geological data and services. Technically, the website is built on Drupal 10 with Matomo analytics integration, demonstrating a modern but self-hosted infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. While privacy and cookie policies are present, there is no explicit cookie consent mechanism, and no visible terms of service or security policies are published. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in security and performance to meet modern standards.

F

Framsenteret Drift AS

framforum.com

40

Framforum is a specialized online publication operated by Framsenteret Drift AS, focusing on climate, environment, and people in the High North, particularly the Arctic region. The website serves as a communication platform for research notes, profiles, retrospectives, and editorials related to Arctic environmental research, targeting researchers, journalists, and interested public. The business operates as a non-profit entity with a clear affiliation to the Fram Centre, a recognized research center in Norway. Technically, the website is built on WordPress, utilizing common web technologies such as jQuery, Font Awesome, and Google Fonts, with Matomo and Google Tag Manager for analytics. However, the site suffers from a critical security shortfall: it lacks a valid SSL certificate and does not serve content over HTTPS, which undermines user trust and data security. While HSTS is enabled, it is ineffective without proper SSL/TLS configuration. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and enhance trust.

N

Norsk Polarinstitutt

npolar.no

63

Norsk Polarinstitutt is a Norwegian government research institute specializing in scientific knowledge and advisory services related to the Arctic and Antarctic regions. The organization operates research programs, logistics, and manages research stations and vessels. The website reflects a mature and established institution with a clear focus on polar science and environmental monitoring. The target audience includes Norwegian authorities, researchers, and the public interested in polar topics. Technically, the site is built on WordPress using the Enfold theme, with a moderate level of digital maturity but suffers from slow performance and an invalid SSL certificate, which impacts security and user trust. Security posture is weak due to the lack of a valid SSL certificate and disabled TLS protocols, although cookie consent and privacy policies are properly implemented, indicating good privacy compliance. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

F

Framsenteret Drift AS

framsenteret.no

40

Framsenteret Drift AS operates as a Norwegian Arctic research center focused on interdisciplinary climate and environmental research of high international standard. The organization collaborates with numerous research institutions and partners, positioning itself as a key player in Arctic research and policy support. The website serves as a platform for disseminating research findings, hosting events, and providing information about ongoing projects and collaborations. The target audience includes researchers, policymakers, environmental stakeholders, and the general public interested in Arctic issues. Technically, the website is built on WordPress with a modern tech stack including jQuery, Font Awesome, and Matomo analytics for privacy-conscious user tracking. The site is well-structured with good SEO metadata and accessibility features, though performance is slow with a load time exceeding 12 seconds. Mobile optimization is good, and navigation is clear and professional. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols are enabled, and advanced security features like OCSP stapling and session resumption are missing. The site does implement HSTS but without HTTPS, this is ineffective. No explicit security or incident response policies are found, indicating gaps in security governance. Overall, the site is trustworthy and professionally maintained with strong business credibility and content quality. However, the lack of HTTPS and security policies significantly lowers its security posture and overall risk profile. Strategic improvements in SSL/TLS deployment and security governance are recommended to enhance trust and compliance.

Vaticano Imóveis is a well-established real estate agency based in Curitiba, Brazil, with over 30 years of market presence. The company specializes in property sales, rentals, and digital rental services, targeting families and individuals seeking real estate opportunities in Curitiba and surrounding areas. Their business model leverages digital marketing and advanced management strategies to maintain a competitive edge in the local market. The website reflects a professional and consistent brand image with comprehensive service offerings and clear contact channels. Technically, the site is built on the Kenlo CMS platform, utilizing modern web technologies such as Marko.js, Google Tag Manager, and Matomo analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy and cookie policies are well implemented, demonstrating good compliance with data protection regulations. Overall, the site is functional and user-friendly but requires urgent security improvements to meet modern standards.

T

TAS group

tasgroup.eu

40

TAS group is a leading Italian ICT company specializing in digital payment software and services for banks, fintechs, and corporates. The company offers a comprehensive Global Payment Platform and a suite of solutions covering digital payments, capital markets, real-time liquidity, financial networks, and PSD2 compliance. TAS is recognized in the IDC FinTech Top 100 and holds certifications such as UNI/PdR 125:2022, reflecting its commitment to social responsibility and workplace equality. The website targets financial institutions and technology providers, positioning TAS as a trusted partner in the evolving payments ecosystem. Technically, the website is built on WordPress with modern plugins and technologies including Kadence Blocks, HubSpot forms, and advanced analytics tools like Matomo and Plausible. The site is well-optimized for mobile and accessibility, with strong SEO practices and structured data markup enhancing discoverability and user experience. However, performance metrics indicate slow loading times, suggesting room for optimization. From a security perspective, the site implements several important HTTP security headers but lacks a valid SSL certificate and does not support TLS protocols, severely impacting its security posture. The absence of HTTPS and related best practices exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR adherence. Overall, TAS group presents a professional and credible online presence with strong business and technical foundations. The primary risk lies in the lack of proper SSL/TLS configuration, which should be urgently addressed to secure communications and maintain trust. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, and enhancing security configurations to align with industry best practices.

U

UNIS

unis.no

27

UNIS (The University Centre in Svalbard) is a specialized educational and research institution focused on Arctic studies, offering courses and research opportunities in biology, geology, geophysics, technology, and safety. It serves students and researchers interested in polar science and provides comprehensive student support and facilities. The website is professionally designed, content-rich, and well-structured, targeting students and academic researchers. Technically, it is built on WordPress with modern plugins and hosted on Hostinger with LiteSpeed server technology. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Security headers are well implemented, but the absence of HTTPS significantly lowers the security posture. Privacy compliance is moderate with a privacy policy present but no visible cookie consent mechanism. Business credibility is strong with clear contact information, organizational transparency, and social media presence. Overall, the site is trustworthy but requires urgent security improvements to protect user data and enhance trust.

N

Norsk helsenett SF

nhn.no

40

Norsk helsenett SF is a Norwegian state-owned enterprise responsible for delivering and maintaining national ICT infrastructure and e-health solutions for the healthcare sector. The organization is well-established with a domain age of 25 years and operates under the Ministry of Health and Care Services. Their services include healthcare registers, videoconferencing, electronic death notifications, and membership in the national health network, targeting healthcare professionals and Norwegian citizens. The website content is rich, professionally designed, and well-structured, providing clear navigation and relevant information about their offerings and events. Technically, the website uses modern frontend technologies such as Tailwind CSS and Matomo for analytics, hosted on Azure and served via Fastly CDN. The site is mobile-optimized and accessible, though performance is moderate with a page load time of approximately 4.8 seconds. SEO and metadata are well implemented, including Open Graph tags for social sharing. From a security perspective, the website currently lacks a valid SSL certificate, resulting in no HTTPS availability, which is a critical issue. Additionally, no security headers or HSTS are implemented, and TLS protocols are disabled, exposing the site to potential risks. The SPF DNS record is properly configured, and no subdomain takeover vulnerabilities were found. Privacy compliance is good, with a comprehensive privacy policy and cookie policy present, though no explicit cookie consent mechanism is implemented. Contact information is available via a contact page, but no direct emails or phone numbers are exposed on the site. Overall, the website is trustworthy and credible, reflecting its government ownership and mature domain registration. However, the lack of HTTPS and proper SSL configuration significantly impacts its security posture and user trust. Strategic improvements in SSL deployment, security headers, and cookie consent mechanisms are recommended to enhance security and compliance.

Codebase is a mature and established SaaS platform offering Git, Mercurial, and Subversion hosting combined with project management tools tailored for professional development teams. Operated by Krystal Hosting Ltd., the company has a strong UK presence and a user base exceeding 30,000. The website content is professional, well-structured, and targets software development teams seeking integrated code hosting and project management solutions. Technically, the site leverages custom technologies, SVG assets, and Matomo analytics, hosted on Katapult's cloud infrastructure. Performance is moderate with good mobile optimization and SEO practices. However, the absence of a valid SSL certificate critically undermines the security posture, despite HSTS being enabled. No cookie consent mechanism or published security policies were found, indicating gaps in privacy compliance and incident response readiness. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

K

Krystal Hosting Ltd

sirportly.com

60

Sirportly is a customer support ticket system and help desk software offered as a SaaS product by Krystal Hosting Ltd, a UK-based technology company. The platform targets businesses seeking to improve customer support efficiency and satisfaction through a unified interface, automation, and integrations. The website presents a professional and consistent brand image with clear navigation and relevant content aimed at its target audience. Technically, the site is built likely on Ruby on Rails, hosted on Katapult's cloud platform, and uses Matomo for analytics. Performance is moderate with good mobile optimization but lacks advanced accessibility features. Security posture is weak due to the absence of a valid SSL certificate and missing security headers, which exposes users to risks and reduces trust. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Business credibility is supported by consistent WHOIS data, customer testimonials, and clear company information. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance trust.

A

Aruba Business

arubabusiness.it

40

Aruba Business is a well-established Italian IT services provider founded in 2015, offering a comprehensive portfolio of IT solutions including domain registration, hosting, cloud services, and data center solutions. The company targets IT professionals and businesses seeking advanced technological infrastructure and personalized IT services. Their market position is strong within Italy, supported by a mature domain and extensive service offerings. The website reflects a high level of professionalism, with clear navigation, excellent content quality, and consistent branding. Technically, the site uses modern technologies such as Google Tag Manager, Matomo, and Cookiebot, and is hosted within Aruba's own infrastructure. However, a critical security issue is the absence of a valid SSL certificate, which undermines the security posture despite the presence of HSTS and other good practices. Privacy compliance is robust, with comprehensive privacy and cookie policies and an effective consent mechanism. Overall, the site is trustworthy and business credible but requires urgent SSL remediation to improve security and user trust.

E

Eurochambres

eulep.eu

40

EULEP is a European Union co-funded project platform led by Eurochambres, focusing on enhancing vocational education and training (VET) excellence across multiple European countries. The platform emphasizes innovative subjects such as artificial intelligence, virtual reality, and social innovation to promote lifelong learning tailored to enterprise needs. The website serves as a collaborative hub for 20 organizations from 8 countries, providing resources, partner information, and news related to VET development. Technically, the site is built on WordPress with Elementor and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and lack of security headers represent significant security weaknesses. Privacy and cookie policies are present with consent mechanisms, reflecting basic GDPR compliance. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

E

EU Business Hub

eubusinesshub.eu

44

The EU Business Hub website serves as an EU-funded platform supporting European companies in the green, digital, and healthcare sectors to access the markets of Japan and the Republic of Korea. It offers business missions, coaching, networking, and logistical support to facilitate market entry and partnerships. The site is built on Drupal 10 and uses modern web technologies including Matomo for analytics. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear cookie policies and consent mechanisms. The business model is credible and well-aligned with EU initiatives, but contact information is limited to web forms without direct emails or phone numbers.

E

Eurochambres, BEUC and SMEunited

consumerlawready.eu

38

ConsumerLawReady.eu is an EU-backed educational platform focused on providing consumer law training for Small and Medium Enterprises (SMEs) and consumer law trainers across the European Union. The website offers dedicated portals for each EU country, supporting multilingual content and localized training resources. The project is implemented by reputable organizations including Eurochambres, BEUC, and SMEunited on behalf of the European Commission, establishing strong trust and legitimacy in the market. The platform targets legal experts, SME owners, and employees seeking to enhance their knowledge of consumer law.

P

Programme AL-INVEST Verde

alinvest-verde.eu

32

Programme AL-INVEST Verde is a European Union funded initiative aimed at fostering sustainable growth and job creation in Latin America by supporting the transition to a low-carbon, resource-efficient economy. The program operates across 12 Latin American countries, engaging both public and private sectors, with a focus on innovation, technical assistance, and intellectual property rights. The website serves as an information hub, providing news, events, and resources related to the program's activities. Technically, the site is built on WordPress with Elementor and several plugins for events and membership management. It integrates marketing and analytics tools such as Brevo and Matomo, and supports multilingual content. However, the site lacks a valid SSL certificate, which is a critical security vulnerability, exposing users to potential risks. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms. Overall, while the content and business credibility are strong, the security posture requires urgent improvement to protect user data and enhance trust.

I

INTERNATIONAL CHAMBER OF COMMERCE

iccwbo.org

65

The International Chamber of Commerce (ICC) is a globally recognized organization representing the voice of world business. It provides advocacy, practical trade tools, dispute resolution services, and professional development to a diverse audience including multinational corporations, small businesses, government representatives, and chambers of commerce. The website reflects ICC's authoritative market position and comprehensive service offerings. Technically, the site is built on WordPress with modern SEO and analytics tools, though performance is moderate. Security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, despite HSTS being enabled. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is professional, trustworthy, and content-rich but requires urgent SSL remediation to improve security and user trust.

B

BAUER Group

bauer.de

40

The BAUER Group is a globally recognized enterprise specializing in specialist foundation engineering, manufacturing, and environmental services. With a history spanning over two centuries, the company maintains a strong market position as a leader in construction and mechanical engineering sectors. Their business model integrates manufacturing of specialized equipment and provision of geotechnical and resource-related services, targeting construction professionals, investors, and job seekers worldwide. Technically, the website is built on Drupal 10 with modern web technologies and demonstrates good mobile optimization, accessibility, and SEO practices. However, the absence of a valid SSL/TLS certificate and HTTPS support significantly undermines the security posture. Security headers and policies are well implemented, but the lack of encryption exposes users to risks. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site reflects a professional and trustworthy business presence but requires urgent security improvements to protect user data and maintain trust.

S

Studio Leonardo snc

studioleonardo.com

35

Studio Leonardo is a small Italian web agency established in 1996, specializing in communication, marketing, web solutions, and SEO services primarily targeting small and large companies. The website is built on WordPress with a modern but somewhat dated technology stack including jQuery, Bootstrap, and various WordPress plugins. While the site has good SEO metadata, structured data, and a consistent brand presence, it lacks critical security infrastructure such as a valid SSL certificate, which severely impacts its security posture. Cookie consent is managed via Cookiebot, indicating some level of privacy compliance, but no privacy policy or terms of service pages were found. Contact information is clearly provided, including phone numbers, physical address, and contact forms.

A

ALMA MATER STUDIORUM - Università di Bologna

unibo.it

39

The Università di Bologna (University of Bologna) is a historic and prestigious public university based in Italy, recognized as the oldest university in the Western world. The website serves as a comprehensive portal offering extensive academic programs, research information, student services, and community engagement resources. It targets students, researchers, academic staff, and the general public, positioning itself as a leading institution in higher education. The business model focuses on education, research, and societal contribution, with a large organizational size and a strong market position in the education sector. Technically, the website is built on the Plone CMS platform, served by an Nginx server on Ubuntu, and utilizes modern web technologies including jQuery, Leaflet.js for maps, Splide.js for carousels, and Font Awesome for icons. Analytics are handled primarily via Matomo and Contentsquare, indicating a moderate level of user tracking with privacy compliance measures in place. The site is well-structured, mobile-optimized, accessible, and SEO-friendly, providing an excellent user experience. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Other security headers like X-Frame-Options and X-Content-Type-Options are present, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. No WAF or content blocking mechanisms are detected, and no immediate vulnerabilities or exposed sensitive data are found. Overall, the site is highly credible and professional, with strong business legitimacy and comprehensive content. However, the lack of proper SSL/TLS configuration poses a significant risk that should be addressed promptly to protect user data and maintain trust.

T

Traderlink Italia s.r.l.

traderlink.it

39

Traderlink Italia s.r.l. operates a mature and comprehensive financial information website focused on stock market quotes, news, analysis, and educational content primarily for the Italian and international financial markets. The platform targets investors, traders, and financial professionals, offering a wide range of services including market data, trading signals, video analysis, and portfolio management tools. The business model is based on providing valuable financial content supported by advertising and possibly subscription services. The company is well-established with a domain age of 28 years and clear legal presence in Italy. Technically, the website uses a modern tech stack including Bootstrap, jQuery, Vue.js, and integrates Google Tag Manager, Google Ads, and Matomo analytics. Hosting and DNS services are provided by Cloudflare, ensuring reliable performance, although the site suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw. The site is mobile-optimized and SEO-friendly with good navigation and content structure. From a security perspective, the site has SPF and DMARC records configured properly, indicating good email security practices. However, the absence of a valid SSL certificate and HTTPS support severely undermines the security posture, exposing users to risks such as data interception. Other security best practices like HSTS, OCSP stapling, and modern TLS protocols are missing. Privacy compliance is strong, with comprehensive GDPR-compliant privacy and cookie policies implemented via Iubenda, including consent mechanisms. Overall, the website is trustworthy and professional in its business presentation and content quality but requires urgent improvements in SSL/TLS security to protect user data and maintain credibility. Strategic recommendations include immediate installation of a valid SSL certificate, enabling HTTPS, and enhancing security headers and DNS security features.

C

CAD IT S.p.A.

caditgroup.com

33

CAD IT S.p.A. is an established Italian company specializing in software solutions for the banking, finance, public administration, and industrial sectors. Controlled by Cedacri S.p.A., a leading IT services provider for financial institutions in Italy, CAD IT holds a strong market position with a focus on financial instrument brokerage software and IT outsourcing services. The website reflects a professional business model targeting banks, financial institutions, and public entities, offering a broad portfolio of software products and services. The company is mature with over 24 years of domain registration and a large operational size.

Vastuullinentiede.fi is a Finnish government-supported platform dedicated to promoting responsible science, research ethics, and open science within the Finnish research community. It serves as a coordination and informational hub linking several authoritative Finnish scientific and ethical organizations. The website targets researchers, academic institutions, and policymakers, providing articles, events, and guidelines to foster responsible research practices. Technically, the site is built on Drupal 9 with responsive design and uses Matomo for analytics with cookies disabled, reflecting a moderate level of digital maturity. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No privacy or cookie policies were found, and security headers are absent, indicating gaps in compliance and security best practices. Overall, the site is professionally presented with good content relevance and navigation but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Tutkimuseettinen neuvottelukunta (TENK) is a Finnish government expert body under the Ministry of Education and Culture focused on promoting good scientific practice and research ethics. The website serves as an authoritative source for research ethics guidelines, news, events, and publications targeted primarily at researchers and academic institutions in Finland. The site is built on Drupal 9 and uses Matomo analytics with cookies disabled, reflecting a moderate level of digital maturity. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Additionally, no cookie consent mechanism is implemented, which may impact GDPR compliance. The site provides clear contact information and maintains consistent branding, supporting its credibility as a government-affiliated entity.

Tiedonjulkistamisen neuvottelukunta (TJNK) is a Finnish government-affiliated organization focused on promoting the societal use of reliable scientific information, freedom of speech, and public trust in science. The website serves as an information hub for their activities including state awards, grants, and ethical guidelines for science communication. The target audience includes researchers, experts, science communicators, and the general public interested in science and research in Finland. Technically, the site is built on Drupal 9 with responsive design and uses Matomo for analytics, but suffers from slow load times and lacks HTTPS security. The absence of a valid SSL certificate and security headers represents a critical security vulnerability, impacting user trust and data protection. Privacy policy is present and likely GDPR compliant, but no cookie consent mechanism or terms of service were found. Overall, the site is professionally designed and content-rich but requires urgent security improvements.