Security Directory

The Energy Efficiency 4 HORECA website represents a European Union co-funded project focused on promoting energy efficiency and renewable energy adoption within the HORECA sector. The project is coordinated by Eurochambres, a Brussels-based organization, and offers capacity building, expert assistance, and funding guidance to companies in the hospitality and catering industries. The website is built on WordPress using the OceanWP theme and Elementor page builder, featuring a professional design and clear navigation. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines user trust and data security. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site provides valuable content and services but requires urgent security improvements to meet modern standards.

E

Eurochambres

eulep.eu

40

EULEP is a European Union co-funded project platform led by Eurochambres, focusing on enhancing vocational education and training (VET) excellence across multiple European countries. The platform emphasizes innovative subjects such as artificial intelligence, virtual reality, and social innovation to promote lifelong learning tailored to enterprise needs. The website serves as a collaborative hub for 20 organizations from 8 countries, providing resources, partner information, and news related to VET development. Technically, the site is built on WordPress with Elementor and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and lack of security headers represent significant security weaknesses. Privacy and cookie policies are present with consent mechanisms, reflecting basic GDPR compliance. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

E

EU Business Hub

eubusinesshub.eu

44

The EU Business Hub website serves as an EU-funded platform supporting European companies in the green, digital, and healthcare sectors to access the markets of Japan and the Republic of Korea. It offers business missions, coaching, networking, and logistical support to facilitate market entry and partnerships. The site is built on Drupal 10 and uses modern web technologies including Matomo for analytics. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear cookie policies and consent mechanisms. The business model is credible and well-aligned with EU initiatives, but contact information is limited to web forms without direct emails or phone numbers.

A

Akciju sabiedrība “Olpha”

olpha.eu

40

Olpha is a leading pharmaceutical manufacturer based in Latvia with a strong regional presence across more than 60 markets. The company offers a broad portfolio of pharmaceutical products, active pharmaceutical ingredients, and contract manufacturing services. Their website reflects a mature digital presence built on WordPress with multilingual support and advanced accessibility features, demonstrating a commitment to inclusivity and user experience. The site is professionally designed with clear navigation and comprehensive content tailored to healthcare professionals, business partners, and the general public. Security posture is solid with HTTPS enabled and SPF/DMARC email protections, though improvements in HTTPS hardening and DNS security are recommended. Privacy and cookie policies are well implemented and GDPR compliant. Overall, Olpha presents a trustworthy and credible business with a modern digital infrastructure.

A

Akciju sabiedrība “Olpha”

olainfarm.com

67

Olpha is a well-established Latvian pharmaceutical company with over 50 years of experience and a strong regional presence across more than 60 markets. The company specializes in manufacturing a wide range of pharmaceutical products including active ingredients, finished dosage forms, and nutritional supplements. Their business model includes contract manufacturing and licensing, supported by a large team of specialists. The website reflects a mature digital presence with multilingual support, comprehensive accessibility features, and professional branding. Technically, the site is built on WordPress with modern plugins and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Security posture is solid with HTTPS and no critical vulnerabilities detected, though improvements in email security and SSL configurations are recommended. Overall, Olpha demonstrates a credible and professional online presence aligned with its business stature.

A

Akciju sabiedrība “Olpha”

olpha.lv

40

Olpha is a leading pharmaceutical manufacturer based in Latvia, serving over 60 markets with a broad portfolio of pharmaceutical products, active ingredients, and nutritional supplements. The company operates through multiple subsidiaries across Eastern Europe and Central Asia, emphasizing contract manufacturing and pharmaceutical co-development. Their website reflects a mature digital presence with multilingual support, professional design, and a strong focus on accessibility, ensuring compliance with WCAG 2.1 AA standards. Technically, the site is built on WordPress with modern plugins and tracking tools, although performance could be improved due to high resource count and page size. Security posture is adequate with HTTPS and modern TLS protocols, but lacks some advanced configurations such as HSTS, DNSSEC, and DMARC, which are recommended for enhanced protection. Privacy compliance is strong with clear policies and consent mechanisms. Overall, Olpha presents a trustworthy and professional online presence aligned with its business stature.

I

ICEHOTEL

icehotel.com

58

ICEHOTEL is a unique hospitality business based in Sweden offering an iconic ice and snow hotel experience combined with art exhibitions and Arctic adventures. The company holds a strong market position as a niche Arctic tourism provider with a medium-sized operation and a history dating back to 1989. The website is professionally designed with excellent content quality and clear navigation, targeting tourists seeking unique Arctic experiences. Technically, the site uses Drupal 10 CMS with modern JavaScript frameworks and libraries, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security flaw. Security headers are partially implemented, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. Social media presence is robust across major platforms, enhancing trust and engagement.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunanap.com

48

Dunanap.com is the official website for the DUNA NAPOK cultural festival scheduled for May 30 to June 1, 2025, in Hungary. The site promotes a variety of cultural and entertainment events including concerts, children's programs, exhibitions, running races, and culinary competitions. The business behind the site is Duna Médiaszolgáltató Nonprofit Zrt., a medium-sized media and nonprofit entity focused on cultural event organization. The website targets festival attendees, families, and cultural enthusiasts primarily in Hungary. Technically, the site is built on WordPress using Elementor and Yoast SEO, hosted by Websupport. While the site is mobile optimized and has good content quality, it suffers from slow load times and lacks advanced accessibility features. Security posture is weak due to an invalid SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or domain protection locks. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

Banca Agricola Commerciale

bacinvestments.sm

40

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking and financial services to both private individuals and businesses. The website reflects a mature and professional organization with a strong local presence and a history dating back to 1920. The business model focuses on traditional banking services complemented by digital tools such as mobile apps and online account management. BAC maintains a consistent brand image and offers comprehensive information about its products, subsidiaries, and news updates. Technically, the website is built on WordPress with modern web technologies and includes SEO and accessibility features, although performance is moderate. Security posture is a significant concern due to the absence of a valid SSL certificate and HTTPS support, which exposes users to risks and undermines trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration data supports the legitimacy of the business, but technical security improvements are urgently needed.

The General Authority of Civil Aviation (GACA) is the official Saudi government entity responsible for civil aviation regulation and services. The website serves as a comprehensive platform offering information on aviation policies, passenger rights, safety reporting, and electronic services. It targets citizens, travelers, and aviation stakeholders within Saudi Arabia, positioning itself as the national authority in the transportation sector. The site features a professional design with consistent branding and a strong social media presence, enhancing trust and engagement. Technically, the website employs modern web technologies including Bootstrap, jQuery, and Swiper.js, and is likely powered by the Sitecore CMS. Accessibility and digital experience tools are integrated, though performance is hindered by slow load times and a large page size. The SSL/TLS configuration is currently invalid or missing, which significantly impacts the security posture. Security-wise, the site lacks a valid HTTPS certificate and security headers, which are critical for protecting user data and ensuring secure communications. No explicit incident response or vulnerability disclosure mechanisms are evident. Privacy and cookie policies exist but are basic, with limited GDPR compliance indicators. The domain registration aligns with the Saudi government entity, supporting legitimacy. Overall, the website is functional and professional but requires urgent improvements in security configuration and performance optimization to enhance user trust and compliance with modern standards.

P

Professional Provident Society Insurance Company

pps.co.za

40

PPS (Professional Provident Society Insurance Company) is a mature South African financial services provider specializing in insurance, investment, and healthcare solutions tailored for graduate professionals. The company operates on a mutuality model, allowing members to share in profits, and maintains a strong market position supported by professional associations and comprehensive service offerings. The website is built on Drupal 10 with modern frontend libraries and hosted behind Cloudflare, demonstrating a moderate level of digital maturity. However, the absence of a valid SSL/TLS certificate and lack of HTTPS significantly undermine the security posture. While security headers are partially implemented, critical vulnerabilities exist due to missing encryption and lack of advanced security features. Privacy compliance is basic, with no explicit cookie consent mechanism and limited GDPR indicators. Overall, the site presents professional content and good business credibility but requires urgent security improvements to protect user data and enhance trust.

B

Biemme Srl

biemmebiagiotti.com

26

Biemme Srl is an established Italian manufacturing company specializing in innovative construction and industrial products, serving both national and international markets since 1983. The company offers a broad portfolio of products including structural reinforcements, insulation materials, and technical support services, supported by a professional and content-rich website. Technically, the website is built on WordPress with WooCommerce and Oxygen Builder, leveraging modern JavaScript libraries and SEO plugins, but suffers from performance issues and lacks a valid SSL certificate, impacting security and user trust. The security posture is weak due to missing HTTPS and security headers, although privacy compliance is well addressed through Iubenda policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance credibility.

W

Webfuse

webfuse.com

55

Webfuse is an enterprise-grade SaaS platform specializing in augmented web proxy technology that enables developers and organizations to modify and extend web applications without altering source code. The platform targets developers and enterprises seeking flexible, no-code web augmentation solutions, offering features such as virtual web sessions, automation workflows, multi-factor authentication, and real-time collaboration. The website presents a professional and consistent brand image, emphasizing compliance with major security frameworks like SOC 2, GDPR, ISO 27001, and HIPAA, and claims trust from Fortune 500 companies and global organizations. Technically, the website is built on Webflow CMS and integrates modern JavaScript libraries such as Vimeo Player API, Swiper.js, and analytics tools including Segment, Google Tag Manager, and Plausible Analytics. Hosting and CDN services are provided via Cloudflare and AWS infrastructure. While the site is mobile-optimized and accessible with good SEO practices, performance metrics indicate slow loading times, possibly due to large media assets and third-party scripts. From a security perspective, the site implements several HTTP security headers and cookie flags, but critically lacks a valid SSL certificate and proper TLS protocol support, severely undermining HTTPS security. No vulnerability disclosure or incident response contact information is provided, and privacy and cookie policies are absent, which impacts compliance posture. DNS records and WHOIS data indicate a legitimate and consistent domain registration without privacy protection, supporting the business's credibility. Overall, Webfuse demonstrates strong business credibility and technical sophistication but must urgently address SSL/TLS implementation and privacy compliance to improve security posture and user trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, publishing privacy and cookie policies, and adding explicit contact information for security incidents.

S

Surfly

surfly.com

55

Surfly is a technology company specializing in universal co-browsing software that enables real-time web collaboration without requiring code changes or downloads. The platform targets enterprises across industries such as insurance, banking, healthcare, and e-commerce, offering APIs and integrations with major CRM and contact center software. Surfly positions itself as a market leader with over 3,000 organizations using its services, emphasizing ease of integration, security, and compliance. Technically, the website is built on Webflow CMS, uses modern JavaScript libraries like Swiper.js and jQuery, and is hosted behind Cloudflare CDN. The site is well-designed, mobile-optimized, and includes comprehensive privacy and cookie consent mechanisms. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. The company demonstrates strong compliance with ISO 27001, SOC, and HIPAA standards, reinforcing trust for enterprise customers. Overall, the website is professional and credible but requires urgent remediation of SSL issues to ensure secure user interactions.

S

SIA SkanaGaisma.lv

skanagaisma.lv

40

SkanaGaisma.lv is a Latvian company specializing in the rental of sound and lighting equipment, stages, tents, and event furniture, providing full technical support for events across Latvia since 2012. The company targets event organizers, private individuals, and businesses, offering a comprehensive range of services from sound and lighting to live streaming and stage setups. Their market position is strong within the local event rental sector, supported by a professional website and active social media presence. Technically, the website is built on OpenCart with a modern theme and integrates popular analytics and marketing tools, though performance is somewhat slow. Security is adequate with HTTPS and strong cipher suites but lacks advanced configurations like HSTS and DMARC, which are recommended for improvement. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the website is professional and trustworthy, with clear contact information and positive customer testimonials.

F

Fietsvoordeelshop.nl

fietsvoordeelshop.nl

40

Fietsvoordeelshop.nl is a mature and well-established Dutch bicycle retailer offering a wide range of bicycles including electric, city, cargo, and sports bikes, supported by 33 physical stores across the Netherlands. The business model combines e-commerce with brick-and-mortar retail, targeting consumers seeking quality bicycles and accessories. The website demonstrates excellent content quality, professional design, and clear navigation, supported by strong trust signals such as customer testimonials and Trustpilot integration. Technically, the site uses a modern tech stack including Laravel, nginx, Google Tag Manager, and various JavaScript libraries. Hosting is provided by Amazon AWS, and the site is mobile-optimized with good SEO practices. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Security headers are properly configured, and security best practices like CSRF tokens and reCAPTCHA are implemented, but the lack of HTTPS and TLS protocols is a major vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Contact information is available, though no explicit security or incident response policies are published. Overall, the website is trustworthy and professional but requires urgent remediation of SSL/TLS issues to protect user data and improve security compliance.

B

BikeFriend

bikefriend.com

54

BikeFriend is a mature e-commerce and retail business specializing in bicycles and related accessories, operating primarily in Belgium and the Netherlands. The company combines an extensive online catalog with physical stores offering test rides and maintenance services, positioning itself as a significant player in the regional bicycle market. Technically, the website uses modern frontend technologies and is hosted on Amazon AWS infrastructure, but lacks a valid SSL certificate, which critically impacts its security posture. The site includes standard privacy and cookie policies but lacks a visible consent mechanism and explicit security or incident response policies. Overall, the business shows strong domain registration practices and trust signals but must urgently address HTTPS implementation to improve security and user trust.

L

lempire

lempire.com

65

lempire is a mature technology company offering a suite of SaaS products focused on sales and marketing automation, including cold email outreach, email deliverability, meeting scheduling, and social media personal branding tools. The company targets SMBs and sales teams globally, boasting over 125,000 users and a consistent brand presence. Technically, the website is built on modern web technologies such as Webflow CMS, jQuery, and Swiper.js, with Cloudflare DNS hosting. While the site delivers excellent content quality, user experience, and SEO, its security posture is weakened by an invalid SSL certificate and lack of HTTPS support, which poses a significant risk. Privacy compliance is well addressed with clear privacy and cookie policies and user consent mechanisms. Overall, the business credibility is strong, supported by domain age, testimonials, and partner integrations.

R

Railsware Products Studio LLC

titanapps.io

62

TitanApps is a technology company specializing in productivity tools designed for professional teams using Jira and monday.com platforms. Positioned as a trusted Atlassian Platinum Marketplace Partner, TitanApps offers a suite of smart tools including checklists, templates, hierarchy visualization, productivity dashboards, and AI-powered release notes. Their market presence is supported by a client base of over 4000 organizations, including major enterprises such as Cisco, Microsoft, and Amazon. The company operates under the parent organization Railsware Products Studio LLC, based in the US, and was founded in 2022. Technically, the website is built using modern web technologies such as Astro, Google Tag Manager, Microsoft Clarity, and Cookiebot for consent management. Hosting is provided via Amazon AWS infrastructure. While the site demonstrates good mobile optimization, accessibility, and SEO practices, performance is currently slow, likely due to a large page size and resource count. The site integrates multiple analytics and marketing tools, reflecting a mature digital marketing strategy. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data security. Other security best practices such as HSTS, OCSP stapling, and security headers are missing or minimal. Email authentication is partially configured with SPF and DMARC (policy none). Privacy compliance is strong, with clear privacy and cookie policies and an active consent mechanism. Business credibility is high, supported by professional content, clear contact information, and trust signals. Overall, TitanApps presents a professional and trustworthy business with a strong market position and comprehensive privacy compliance. However, the lack of HTTPS and weak SSL/TLS configuration represent significant security risks that should be addressed immediately to protect users and maintain reputation.

C

Caddle

askcaddle.com

57

Caddle is a Canadian-based market research and consumer insights company specializing in mobile-first data collection and analysis. Positioned as the largest daily active survey panel in Canada, it serves CPG and retail professionals with services including consumer research, ratings and reviews, user-generated content, and receipt data. The company leverages a modern WordPress-based website with integrated HubSpot forms and social media channels to engage its audience. However, the website currently lacks a valid SSL certificate and proper HTTPS configuration, which poses a critical security risk. While the content quality and business credibility are high, the technical implementation and security posture require significant improvements to meet industry standards. Privacy compliance is moderate, with a privacy policy present but no explicit cookie consent mechanism detected. Overall, Caddle demonstrates strong market positioning and professional digital presence but must address security vulnerabilities to enhance trust and compliance.

주

주식회사 에이비일팔공

ab180.co

66

AB180 is a Korean technology company specializing in data-driven marketing solutions and consulting services. The company offers a full funnel marketing platform including proprietary and partner solutions such as Airbridge for mobile marketing attribution, Braze for marketing automation, and Amplitude for product analytics. Positioned as a leading marketing technology provider in South Korea, AB180 serves top domestic enterprises and emphasizes comprehensive consulting from data collection to strategy execution. The website is professionally designed, content-rich, and targets marketing professionals and enterprises seeking advanced marketing analytics and automation tools. Technically, the site leverages modern web technologies including Webflow CMS, Google Analytics, Facebook Pixel, and various JavaScript libraries. While the site uses HTTPS with modern TLS protocols and has valid SPF and DMARC DNS records, it lacks some security headers and HSTS, which could be improved to enhance security posture. Privacy compliance is partial, with a clear privacy policy but no visible cookie consent mechanism. The domain is mature and registered via privacy protection, which is common for tech companies but slightly reduces transparency. Overall, AB180 presents a credible, professional, and technically competent online presence with room for security and privacy enhancements.

A

AB180 Inc.

airbridge.io

51

Airbridge is a technology company specializing in mobile measurement platform (MMP) solutions that unify attribution across multiple platforms including Android, iOS, web, PC, and console. Positioned as a transparent and cost-effective alternative to major competitors, Airbridge offers comprehensive services such as predictive LTV analytics, fraud protection, deep linking, and real-time marketing analytics. The company targets app marketers and developers seeking granular insights without paywalls or upsells. Technically, the website is built on Webflow and integrates modern JavaScript libraries and analytics tools like Google Tag Manager and Amplitude, demonstrating a mature digital infrastructure. However, a critical security concern is the invalid SSL certificate and lack of TLS protocol support, which significantly impacts the security posture. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the business presents a professional and trustworthy front but must urgently address SSL and TLS issues to ensure secure user interactions.

T

twoday

twoday.dk

40

twoday is a large Danish technology company specializing in digital transformation, AI, software engineering, business applications, and cloud platform services. With over 3,000 specialists and more than 8,000 customers across the Nordic region, twoday positions itself as a leading Microsoft Solution Partner delivering comprehensive IT consulting and digital solutions for private and public sectors. The website is professionally designed, content-rich, and well-branded, targeting organizations seeking advanced technology services. Technically, the site leverages HubSpot CMS and modern JavaScript libraries but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are present but cannot compensate for the missing SSL/TLS configuration. Privacy compliance is strong with clear privacy and cookie policies and a consent mechanism. Overall, the site demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

T

twoday

twoday.no

56

twoday is a leading Nordic IT solutions provider specializing in digital transformation, data-driven technologies, and consultancy services for both public and private sectors. The company offers a broad range of services including Data & AI, Software Engineering, Digital Experiences, Business Applications, and Cloud Platforms and Security. Their market position is strong, supported by strategic partnerships with government agencies and recognition as a top employer. Technically, the website is built on HubSpot CMS with modern JavaScript libraries and frameworks, hosted via Cloudflare, and integrates multiple marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled HTTPS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a professional and trustworthy image but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

T

twoday

twoday.com

74

twoday is a large Nordic IT services company specializing in software development, data & AI solutions, consulting, and digital transformation services for public and private sector clients. The company holds a strong market position as a Nordic leader in AI and data engineering, reinforced by strategic acquisitions such as Kaito Insight and major contracts with government agencies. Their website reflects a mature digital presence built on HubSpot CMS, leveraging modern JavaScript libraries and cloud hosting via Cloudflare. Security posture is strong with HTTPS enforcement, security headers, and no detected vulnerabilities, though improvements in HSTS and transparency compliance are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, twoday demonstrates a professional, trustworthy, and technically sound online presence suitable for its B2B audience.

T

twoday

twoday.fi

40

twoday.fi is the official website of twoday, a large Finnish technology consulting company specializing in digital transformation, data and AI solutions, business applications, and software development. The company serves Finnish enterprises and public sector clients, positioning itself as a leading Nordic technology partner with a strong workforce of 3000 experts. The website is built on HubSpot CMS, hosted behind Cloudflare, and employs modern web technologies and security best practices. Security headers and HTTPS are properly configured, with minor recommendations for enhancement. Privacy and cookie policies are comprehensive and GDPR compliant, supported by a consent mechanism. The site features rich content including client case studies, blog posts, and news updates, reflecting a mature digital presence. Overall, the website demonstrates a high level of professionalism, technical maturity, and security awareness, making it a trustworthy platform for its target audience.

J

JAGGAER

jaggaer.com

59

JAGGAER is an enterprise-level provider of AI-powered source-to-pay and supplier collaboration software solutions. The company targets procurement, finance, IT, and supply chain professionals across multiple industries including education, manufacturing, healthcare, and financial services. Their platform integrates a comprehensive suite of tools covering category management, contracts, invoicing, payments, and supply chain collaboration, positioning them as a leading player in the procurement software market. Technically, the website is built on WordPress with the Divi theme and leverages modern JavaScript libraries and plugins for enhanced user experience and content management. While the site employs Cloudflare for CDN and security, the SSL certificate appears invalid or misconfigured, which is a significant security concern. Security headers such as HSTS and CSP are implemented, indicating a good security posture, but the SSL issues reduce the overall security score. The site demonstrates good privacy compliance with clear privacy and cookie policies, including consent mechanisms. Overall, the website is professionally designed, content-rich, and well-structured, supporting a high level of business credibility and trustworthiness.

H

H/Advisors Global Ltd

h-advisors.global

54

H Advisors is a global strategic communications consultancy specializing in enhancing corporate reputation, trust, and impact. The company offers a broad range of services including crisis management, corporate communications, digital strategy, investor relations, litigation support, M&A advisory, public affairs, sustainability, and transformation. With over 40 offices and 1500+ people across 20+ countries, H Advisors positions itself as a trusted partner for organizations navigating complex financial, legal, and regulatory environments. The website reflects a professional and consistent brand image targeting corporate and institutional clients. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as Swiper.js and Choices.js for UI components, along with Friendly Captcha and Tarteaucitron for privacy and consent management. However, the site suffers from a lack of a valid SSL certificate and does not enable HTTPS or modern TLS protocols, which is a critical security deficiency. Performance is slow with a load time exceeding 8 seconds, and no security headers are present, indicating room for significant improvement in security posture. From a security perspective, the absence of HTTPS and security headers exposes visitors to potential risks, undermining trust and compliance with modern web security standards. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is limited to a contact form, with no direct emails or phone numbers publicly listed. The site uses Google Analytics for user tracking with moderate tracking levels. Overall, while the business and content quality are excellent, the technical and security shortcomings significantly impact the website's trustworthiness and user safety. Strategic improvements in SSL deployment, security headers, and performance optimization are recommended to enhance the site's security posture and user experience.

B

Banque Commune d'Épreuves (BCE)

concours-bce.com

50

The Banque Commune d'Épreuves (BCE) website serves as the official portal for organizing and managing entrance exams to 18 major French business schools and 3 associated schools. Operated by the Direction des Admissions et Concours of the CCI Paris-Ile-de-France, it targets prospective students seeking access to prestigious management programs. The site provides comprehensive information on exam schedules, registration, and candidate resources, positioning itself as a key educational service provider in France. Technically, the website is built on Drupal 10 with Bootstrap and FontAwesome, featuring modern UI components and a cookie consent mechanism compliant with GDPR. However, the absence of HTTPS and security headers significantly undermines its security posture, exposing users to potential risks. Performance is notably poor with a high load time and large page size, which could impact user experience. Privacy compliance is well addressed through explicit policies and consent management, and analytics are handled via privacy-focused Matomo Cloud. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

N

Neoweb

neoweb.fr

40

Neoweb is a French digital agency established in 2004, specializing in custom web and mobile application development, consulting, and accessibility services. The company targets startups, enterprises, and institutions primarily in Lille and Paris, leveraging technologies such as React, Symfony, WordPress, and Directus. Their website reflects a mature digital presence with professional design, rich content, and structured data enhancing SEO and user experience. Technically, the site is built on WordPress with Elementor and Gravity Forms, incorporating modern JavaScript libraries and optimization tools like WP Rocket. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support and lack of modern TLS protocols, which significantly impacts the site's security posture. Privacy compliance is well addressed with GDPR-aligned cookie consent and privacy policies. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

S

Sciences Po Alumni

sciencespo-alumni.fr

39

Sciences Po Alumni is a well-established alumni association serving the students and graduates of Sciences Po in France. The website offers a comprehensive platform for networking, career services, events, and publications, targeting alumni, students, and recruiters. The platform leverages a custom CMS likely provided by AlumnForce and integrates modern web technologies including Vue.js, Backbone.js, and Google services. Despite a rich content offering and good user experience, the website suffers from a critical security flaw due to the absence of a valid SSL certificate, severely impacting its security posture. Privacy and cookie policies are present and GDPR compliance is indicated, but could be enhanced. Overall, the site is professional and functional but requires urgent security improvements to protect user data and trust.

I

Intelsat

intelsat.com

70

Intelsat is a leading global satellite communications provider, combining the world's largest satellite backbone with terrestrial networks to deliver secure, reliable connectivity across land, sea, and air. Their extensive service portfolio targets governments, telecommunications companies, media, and various industries, positioning them as a key player in the telecommunications sector. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding. Technically, the site is built on WordPress with modern plugins and frameworks, supported by Cloudflare for DNS and CDN services. Performance is moderate, with room for optimization. Security posture is solid with valid SSL, SPF, and DMARC records, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is robust, featuring detailed policies and OneTrust consent mechanisms. Overall, Intelsat's website demonstrates professionalism, trustworthiness, and a commitment to compliance, supporting their enterprise-level market position.

E

ENSAI

ensai.fr

40

ENSAI is a French grande école specializing in data science education, offering a range of programs from engineering degrees to doctorates and continuing education. It holds a strong market position due to its unique academic model and historical ties with INSEE and public statistics. The website reflects a professional and comprehensive digital presence targeting students, researchers, and public sector professionals. Technically, the site is built on WordPress with common plugins and libraries, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Security weaknesses include missing HTTPS, lack of security headers, and no explicit security or incident response policies. Overall, the site is trustworthy and professional but requires urgent improvements in security infrastructure to protect user data and enhance trust.

A

Anqa IT-Security GmbH

anqa-itsecurity.de

39

Anqa IT-Security GmbH is a German-based Managed Security Service Provider specializing in comprehensive IT security solutions including UTM firewalls, pentesting, endpoint protection, dark web monitoring, and cyber security awareness trainings. The company serves over 7,000 businesses and partners with more than 500 IT system houses, positioning itself as a trusted and experienced player in the German IT security market. Their offerings are designed to be flexible with monthly cancellable contracts and include a free managed service component, enhancing customer value and operational reliability. Technically, the website is built on WordPress with modern plugins for SEO and GDPR compliance, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers represents a significant vulnerability that should be addressed immediately. Privacy compliance is strong, with clear cookie consent mechanisms and a comprehensive privacy policy. Business credibility is supported by certifications such as ISO27001 and TÜV, testimonials, and a professional online presence. Overall, while the business model and content quality are excellent, the technical security shortcomings reduce the overall risk rating and require urgent remediation.

G

Greenerwave

greenerwave.com

37

Greenerwave is a technology company specializing in advanced electromagnetic wave control solutions, including next-generation electronically steerable antennas and reconfigurable intelligent surfaces for satellite communications and telecom sectors. Positioned as an innovative player, it partners with major aerospace and finance organizations, targeting B2B clients in satellite and telecom industries. The website is built on WordPress with modern front-end technologies but lacks HTTPS, which is a critical security gap. The absence of cookie consent mechanisms and privacy compliance features indicates room for improvement in regulatory adherence. Security posture is weak due to missing SSL/TLS and security headers, exposing the site to potential risks. Overall, the digital presence is professional with good content quality and clear navigation but requires urgent security enhancements to protect user data and improve trust.

N

Niort Séminaires

niort-seminaires.com

47

Niort Séminaires is a regional hospitality and event facilitation service focused on professional and corporate events in the Niort and Marais Poitevin area of France. The website positions itself as a destination marketing platform offering seminars, congresses, team building, and other corporate event services. The business targets companies and event organizers seeking turnkey or customized event solutions. The site demonstrates a moderate level of digital maturity with a WordPress CMS, modern JavaScript libraries, and structured data for SEO. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness, exposing visitors to potential risks and undermining trust. The site includes basic privacy and cookie policies but lacks explicit security or incident response documentation. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the website is functional and professionally designed but requires urgent security improvements to meet modern standards.

Tighten is a specialized software development firm focused on Laravel and modern frontend technologies such as Livewire, Vue.js, and React. They position themselves as expert Laravel developers providing web and mobile app development and consulting services. The company demonstrates strong community engagement through sponsorships, podcasts, and authored content, including a canonical Laravel book by a co-founder. Their market position is that of a trusted, medium-sized technology firm with a consistent brand and high-quality content. Technically, the website uses a modern tech stack with frameworks and libraries aligned with their service offerings. However, the SSL/TLS configuration is currently incomplete or missing, which is a critical security concern. Security headers are present but insufficient without proper HTTPS. Privacy compliance is good with a comprehensive privacy policy, but no cookie consent mechanism was detected. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS deployment to ensure secure communications and improve security posture.

P

Planet

weareplanet.com

52

Planet is a large, established technology company specializing in integrated payment solutions, hospitality and retail software, and global VAT refund services. The company targets retail, hospitality, and travel sectors with a comprehensive suite of products including payments, property management software, booking engines, and tax free solutions. With over 35 years of experience and a global presence in 120+ markets, Planet positions itself as a leading provider offering a unified platform for payments and software. Technically, the website is built on Drupal 10 with modern JavaScript libraries and integrates multiple third-party analytics and marketing tools. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that significantly impacts the security posture. Privacy and cookie policies are present and include consent mechanisms, supporting GDPR compliance. Contact information is primarily via a contact form, with no explicit emails or phone numbers listed. Overall, the website is professionally designed, content-rich, and user-friendly but requires urgent security improvements to protect user data and enhance trust.

I

Immobilière Atlantic Aménagement

atlantic-amenagement.com

39

Immobilière Atlantic Aménagement is a well-established real estate company based in France's Nouvelle-Aquitaine region, specializing in affordable, eco-friendly housing solutions and related social services. With over 60 years of history, it holds a significant market position as a major regional housing actor managing over 18,000 housing units. The company emphasizes innovation, sustainability, and social inclusion in its business model, targeting residents and tenants seeking quality housing and supportive services. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. Security posture is weak due to missing HTTPS, lack of security headers, and minimal email protection policies. Privacy compliance is basic with a cookie consent mechanism and a privacy policy present, but no advanced GDPR indicators or data protection officer information. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

F

France FinTech

francefintech.org

40

France FinTech is a prominent French fintech association dedicated to supporting and representing the fintech ecosystem in France. The website serves as a hub for news, events, member information, and initiatives such as educational programs and fintech panoramas. It targets fintech companies, investors, and ecosystem stakeholders, positioning itself as a key national player in fintech advocacy and networking. Technically, the site is built on WordPress using the Divi theme, integrating various plugins for content display, social media feeds, and newsletter management. While the site offers good content quality and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS enforcement, which undermines user trust and data security. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy or terms of service policies. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

P

PLANETE CSCA

planetecsca.fr

40

PLANETE CSCA is a professional syndicate representing insurance brokers in France, providing advocacy, legal assistance, training, and operational tools to its members. The website is well-structured, content-rich, and targets insurance professionals and brokers. Technically, it is built on WordPress with modern technologies such as PHP 8.3, Apache, and integrates SEO and search optimization tools like Yoast SEO and Algolia. The site uses HTTPS with TLS 1.3 and 1.2 protocols, but lacks some advanced SSL security features such as HSTS and OCSP stapling. Privacy and cookie policies are present with consent mechanisms, indicating good GDPR compliance. Contact information is available primarily through a contact page, with no direct emails or phone numbers exposed. Social media presence is active, enhancing trust and engagement. Overall, the site demonstrates a good balance of business professionalism, technical implementation, and security posture.

S

Switzerland Innovation Park Basel Area AG

sip-baselarea.com

40

Switzerland Innovation Park Basel Area AG operates a comprehensive innovation hub and coworking space platform focused on healthcare, life sciences, and technology sectors in Switzerland. The company provides flexible workspace solutions including ready-made offices, coworking spaces, lab spaces, and customizable workspaces tailored to startups, SMEs, and research institutions. Positioned as a key player in the Basel Area innovation ecosystem, it supports collaboration and growth through community building and event hosting. Technically, the website is built on WordPress with modern plugins and tracking tools, but lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. The site is professionally designed with excellent content quality and user experience, though performance data is limited. Security weaknesses include missing HTTPS, HSTS, DMARC, DNSSEC, and vulnerability disclosure mechanisms, which should be prioritized to improve trust and compliance. Overall, the business demonstrates strong market positioning and digital maturity but requires urgent security enhancements to protect user data and maintain credibility.

U

UserScape, Inc.

helpspot.com

45

HelpSpot, operated by UserScape, Inc., is a specialized help desk software provider focused on transforming chaotic email support into an efficient, unified system. Established in 2005, the company targets businesses and organizations that require streamlined customer support solutions. Their offerings include email ticketing, automation, reporting, and self-service portals, available as both cloud-hosted and on-premise deployments. The website demonstrates strong branding, comprehensive content, and a professional user experience, positioning HelpSpot as an affordable and customizable alternative in the help desk software market. Technically, the site uses modern web technologies such as Alpine.js, Livewire, and Cloudflare CDN, hosted on AWS infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation significantly impacts the security posture. Security headers are present, but critical TLS protocols and encryption are missing, exposing the site to potential risks. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are not evident. Overall, while the business and technical maturity are solid, the lack of HTTPS is a critical vulnerability that must be addressed to ensure trust and security.

N

Niort Numeric

innn.fr

39

The website innn.fr represents Niort Numeric's flagship event focused on digital innovation, InsurTech, and risk management, held in Niort, France. It serves as a platform for networking, showcasing startups, and hosting conferences, targeting professionals and decision-makers in the insurance and technology sectors. The site is well-branded, content-rich, and optimized for SEO with structured data and social media integration. Technically, it is built on WordPress with modern JavaScript libraries for UI components and uses OVH as the hosting provider. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. The site implements cookie consent via Piwik PRO, indicating good privacy compliance practices. Overall, the site is professional and functional but requires urgent security improvements.

L

LaraJobs

larajobs.com

59

LaraJobs is a specialized job board dedicated to Laravel developers and related technology professionals. It serves as a platform for job listings, consultant listings, and industry articles, targeting Laravel developers and employers seeking talent in this niche. The website positions itself as a trusted resource within the Laravel community, supported by testimonials and endorsements from notable companies. Technically, the site employs modern web technologies including Laravel, VueJS, Livewire, and TailwindCSS, and is hosted behind Cloudflare DNS services. However, the SSL certificate is invalid or missing, resulting in no HTTPS support, which is a significant security concern. The site lacks privacy and cookie policies, which impacts its compliance posture. Advertising and analytics tools such as Google Ads and Google Tag Manager are used, indicating moderate user tracking. Overall, the site offers good content quality and user experience but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Q

Quarkslab

quarkslab.com

50

Quarkslab is a cybersecurity company specializing in offensive and defensive security solutions, combining consulting, R&D, and proprietary software to help organizations protect their digital assets. The company is recognized in the Gartner Emerging Tech report and serves a target audience of companies and governmental organizations seeking advanced cyber defense. Technically, the website is built on WordPress with Elementor and integrates multiple analytics and marketing tools. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. While email authentication is well configured with SPF and DMARC, the absence of HTTPS and security headers exposes the site to risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

L

Lansons

lansons.com

63

Lansons is a communications and reputation management consultancy operating primarily in the media sector with offices in London and New York. It is part of the larger Team Farner group, positioning itself as an established player offering a wide range of services including public relations, financial communications, crisis management, and sustainability advisory. The website content is professionally presented, targeting organizations and individuals seeking expert communications consultancy. Technically, the site uses modern JavaScript frameworks such as Alpine.js and GSAP, is built on Craft CMS, and is hosted by UKFast. However, performance metrics indicate slow loading times, and the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are well configured, but the absence of HTTPS significantly reduces the overall security posture. Privacy compliance is strong with a clear privacy policy and cookie consent mechanism. Contact information including email and phone number is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent SSL/TLS implementation to improve security and user trust.

V

VRM

vrm-trauer.de

40

VRM-Trauer.de is a regional German online platform specializing in obituary and mourning announcements, serving regions such as Rhein-Main, Rheinhessen, Südhessen, and Mittelhessen. The website offers comprehensive services including obituary searches, placing ads, memorial pages, grief support, and a directory of funeral service providers. It targets individuals seeking regional mourning information and related services. The platform demonstrates a consistent brand presence and good content quality with clear navigation and mobile optimization. Technically, it employs common web technologies such as jQuery, Bootstrap, and Select2, hosted on Versatel infrastructure. However, the website critically lacks HTTPS support, exposing users to security risks. Cookie consent and privacy policies are well implemented, reflecting GDPR compliance. Overall, the site is functional but requires urgent security improvements.

V

VRM

vrm-immo.de

40

VRM-Immo.de operates as a regional real estate marketplace focused on the Rhein-Main area in Germany, providing property listings for rent and purchase, along with expert advice and valuation services. The platform targets individuals and investors interested in residential and commercial properties within this economically significant region. The business is positioned as a trusted regional leader affiliated with the Rhein Main Presse media group, offering a comprehensive digital real estate service. Technically, the website employs modern JavaScript libraries and advertising/tracking tools such as Google Tag Manager, Google Analytics, Cxense, and Yieldlove, but suffers from a lack of HTTPS security due to an invalid or missing SSL certificate, which significantly impacts its security posture. The site is mobile-optimized and provides a good user experience, though performance is slow with a high page load time. Privacy compliance is strong with clear cookie consent mechanisms and comprehensive privacy policies. Overall, the site demonstrates moderate business credibility but requires urgent security improvements to protect user data and enhance trust.