Security Directory

Julkaisufoorumi is a Finnish non-profit platform operated by the Tieteellisten seurain valtuuskunta, providing a publication channel classification system to support research quality evaluation within the Finnish scientific community. The website targets researchers and academic institutions, offering classification data and related news updates. The platform is positioned as a trusted resource within Finland's education and research sectors, with partnerships linked to responsible science and research ethics organizations. Technically, the site is built on Drupal 9 with responsive design and accessibility features, but suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak due to missing security headers and outdated SSL/TLS configurations. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires significant security and performance improvements to meet modern standards.

Avoin tiede is a Finnish national coordination secretariat focused on promoting open science and research practices. It operates under the Tieteellisten seurain valtuuskunta organization and serves researchers, academic institutions, and policy makers by providing guidelines, organizing events, and advocating for open science principles. The website is built on Drupal 9 and uses Matomo for analytics, reflecting a moderate level of digital maturity. However, the site lacks a valid SSL certificate, which impacts its security posture significantly. Privacy policies and contact information are clearly provided, supporting GDPR compliance. The site’s content is rich and professionally presented, targeting Finnish-speaking audiences interested in open science.

T

Tieteellisten seurain valtuuskunta

tieteessatapahtuu.fi

40

Tieteessä tapahtuu is a Finnish scientific magazine published by Tieteellisten seurain valtuuskunta, serving as a platform for interdisciplinary science articles, news, and discussions on science and science policy. The website targets Finnish-speaking academics, researchers, and the general public interested in science. It offers a variety of content including articles, news, series, and reviews, positioning itself as a reputable source in the Finnish science media landscape. Technically, the site is built on Drupal 10 with Bootstrap and jQuery, and uses Matomo for analytics. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak with missing security headers, no HSTS, and no DMARC records. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism despite tracking usage. Contact information is available via email and physical address, but no phone numbers or contact forms are present. Overall, the site is professionally designed with good content quality but requires significant improvements in security and privacy compliance to enhance trust and user safety.

Tieteen päivät is a Finnish non-profit organization that organizes science events aimed at the general public interested in research and science communication. The website serves as an information portal for upcoming events, news, and archives related to the Tieteen päivät event series. The organization positions itself as a key player in science outreach in Finland, hosting events at prominent venues such as the University of Helsinki. The business model focuses on free public engagement with science through events and digital content. Technically, the website is built on Drupal 7 with a range of contributed modules and libraries including jQuery, Nivo Slider, and Colorbox. The site uses Matomo for analytics with cookies disabled to respect privacy. However, the site suffers from slow performance and lacks modern optimizations. Mobile responsiveness and accessibility are basic but functional. From a security perspective, the site has critical deficiencies including the absence of a valid SSL certificate and no HTTPS support, which severely impacts user trust and data security. There are no advanced security headers or email authentication records such as DMARC. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Contact information is available but limited to email and physical address. Overall, the site is functional and informative but requires urgent security improvements to protect users and improve trust. Strategic recommendations include deploying HTTPS, enhancing privacy compliance, and improving site performance and accessibility.

T

Tieteellisten seurain valtuuskunta (TSV)

tieteidentalo.fi

40

Tieteiden talo, operated by Tieteellisten seurain valtuuskunta (TSV), is a Finnish non-profit organization providing rental event spaces in Helsinki to support scientific activities. The website targets event organizers and the scientific community, offering multiple services including venue rental, catering, and streaming. The site is built on Drupal 10 with Bootstrap and uses Matomo for analytics. While content quality and business credibility are good, the technical implementation suffers from slow load times and an invalid SSL certificate, resulting in no HTTPS protection. Security posture is weak due to missing HTTPS, lack of security headers, and no cookie consent mechanism despite tracking usage. Overall, the site is functional but requires significant security and privacy improvements to meet modern standards.

T

Tieteellisten seurain valtuuskunta

tiedekirja.fi

40

Tiedekirja is a Finnish e-commerce bookstore specializing in scientific and academic publications, operated under the auspices of Tieteellisten seurain valtuuskunta (TSV). The website serves a niche market of researchers, students, and science enthusiasts primarily in Finland, offering both online sales and a physical store in Helsinki. The business model focuses on retailing scientific books, journals, and related products, supported by a newsletter and social media presence to engage its audience. Technically, the website is built on the Magento platform, utilizing RequireJS, jQuery, and KnockoutJS for frontend interactivity. It integrates Matomo for analytics and Campaign Monitor for newsletter management. Despite a rich content offering and good mobile optimization, the site suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. From a security perspective, the absence of HTTPS and security headers is a significant vulnerability, exposing users to potential risks. The site does not display explicit security or incident response policies, and DNS security features like DNSSEC and CAA are not enabled. However, privacy compliance is addressed with a cookie consent mechanism and a privacy policy, aligning with GDPR requirements. Overall, while the business is credible and well-positioned in its market, the technical and security shortcomings present risks that should be addressed promptly. Enhancing SSL implementation, security headers, and performance will improve user trust and compliance posture.

T

Tieteellisten seurain valtuuskunta

tsv.fi

40

Tieteellisten seurain valtuuskunta (TSV) is a Finnish non-profit organization dedicated to supporting scientific societies and promoting open science practices within Finland. The website serves as an information portal for their services including grant funding, event organization, and scientific communication targeted primarily at the academic and research community. The organization holds a key position nationally as a facilitator of scientific collaboration and open knowledge dissemination. Technically, the website is built on Drupal 7 CMS with a traditional jQuery-based frontend and uses Matomo for analytics. The site is moderately performant with a page load time around 4 seconds and is mobile responsive with good navigation clarity. However, the SSL/TLS configuration is currently invalid, resulting in insecure HTTPS connections, which is a significant security concern. The site lacks modern security headers and cookie consent mechanisms, although DNS email security records like SPF and DMARC are properly configured. From a security perspective, the site demonstrates basic best practices in email security and tracking transparency but falls short in SSL implementation and HTTP security headers. No incident response or vulnerability disclosure policies are publicly available. Contact information is clearly presented, enhancing business credibility. Overall, the site is functional and professional but requires urgent improvements in SSL security and privacy compliance to meet modern standards.

H

HPP Attorneys

hppattorneys.com

53

HPP Attorneys is a medium-sized Finnish business law firm specializing in comprehensive legal services for domestic and international clients, with a strong focus on cross-border transactions, green transition, and renewable energy projects. The firm holds a reputable market position supported by international legal rankings and a professional online presence. Technically, the website is built on WordPress with Elementor and integrates advanced search and analytics tools, but suffers from slow loading times and lacks a valid SSL certificate, which critically impacts security posture. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the firm demonstrates strong business credibility but must urgently address security vulnerabilities to protect client data and maintain trust.

T

Tieteen termipankki

tieteentermipankki.fi

40

Tieteen termipankki is an open, collaborative terminology database serving all scientific disciplines in Finland, coordinated by the University of Helsinki and integrated into the national Fin-Clariah research infrastructure. The website provides a multilingual platform for researchers, students, and the public to access and contribute to scientific terminology. Technically, the site is built on MediaWiki with Semantic MediaWiki extensions and uses Matomo for analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security vulnerability. Privacy compliance is limited, with no cookie consent mechanism despite user tracking. Contact information is minimal, limited to a single email address. Overall, the site offers valuable academic content but requires urgent security and privacy improvements.

H

HPP Asianajotoimisto

hpp.fi

40

HPP Asianajotoimisto Oy is a specialized Finnish law firm focusing on business law, serving leading Finnish and international companies. The firm offers a broad range of legal services including corporate transactions, financing, taxation, dispute resolution, technology law, and environmental law, positioning itself as a key player in green transition and technology-related legal matters. The website is professionally designed using WordPress and Elementor, featuring comprehensive content, clear navigation, and multi-language support. Technical infrastructure includes modern plugins and analytics tools such as Matomo and Leadfeeder, with hosting provided by Seravo and DNS managed by Hetzner. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support despite HSTS headers, which is a critical vulnerability. Privacy compliance is well addressed with a detailed cookie consent mechanism and a comprehensive privacy policy. Contact information is clearly presented with multiple channels including email, phone, and a contact form protected by reCAPTCHA. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements.

A

AFTES - Association Française des Tunnels et de l'Espace Souterrain

aftes.fr

35

AFTES is a French non-profit association specializing in the field of tunnels and underground spaces, representing all trades involved in the design and construction of such infrastructures. The organization provides a range of services including training, publications, events, and working groups to advance knowledge and techniques in underground construction. The website is professionally designed, targeting industry professionals and organizations in transportation and energy sectors. Technically, the site is built on WordPress with Elementor and WooCommerce, hosted on OVH, and uses various modern web technologies and analytics tools. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. Cookie consent and privacy policies are well implemented, reflecting good GDPR compliance. Overall, the site is content-rich and trustworthy but requires urgent improvements in its security posture.

S

Statview

statview.app

50

Statview is a technology-focused SaaS platform offering a centralized dashboard solution for developers and project managers using Laravel and Filament PHP frameworks. The platform aims to consolidate project statistics and management features into a single interface, currently in beta trial phase. The website content is professionally designed and clearly communicates the product's value proposition and key features, targeting a niche developer audience. Technically, the site uses Laravel and Filament frameworks and integrates Matomo analytics for user tracking. However, the website suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which critically undermines user trust and data security. Additionally, the lack of privacy and cookie policies and absence of contact information further reduce compliance and credibility. Overall, the site is functional but requires urgent improvements in security and privacy compliance to meet industry standards and user expectations.

I

Interstices

interstices.info

53

Interstices.info is a French-language educational platform dedicated to explaining and disseminating research in computer science and applied mathematics. It is operated under the auspices of Inria, a major French national research institution, positioning it as a reputable source in the digital sciences education sector. The website offers a variety of content types including articles, podcasts, videos, dossiers, quizzes, and newsletters, targeting researchers, students, and professionals interested in digital sciences. The platform is well-branded and maintains consistent, high-quality content with a clear focus on education and research communication. Technically, the site is built on WordPress and leverages several modern web technologies and plugins such as FacetWP for filtering, Relevanssi for search, MailOptin for newsletter subscriptions, and Matomo for privacy-conscious analytics. However, the site suffers from a critical security shortfall: it lacks a valid SSL certificate and does not enforce HTTPS, exposing users to potential risks. Performance is suboptimal with slow load times and a large page size, though mobile optimization and SEO practices are good. Accessibility is basic but present. From a security perspective, the absence of HTTPS and security headers significantly lowers the site's security posture. There are no detected vulnerabilities or subdomain takeover risks, but the lack of modern TLS protocols and HSTS is a concern. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms in place. Contact information is limited to a contact form, with no direct emails or phone numbers provided. Overall, while Interstices.info excels in content quality and educational value, it requires urgent improvements in security infrastructure to protect its users and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling HTTPS with HSTS, adding security headers, and optimizing performance. These steps will strengthen the site's security posture and align it with best practices for privacy and user protection.

A

AlumnForce

alumnforce.com

49

AlumnForce is a French-based company providing a comprehensive SaaS platform for managing alumni networks, career centers, mentoring programs, and corporate alumni solutions. The company is well-positioned in the education sector with over 350 client networks and a strong market presence supported by partnerships and client testimonials. Technically, the website is built on WordPress with Elementor and integrates multiple marketing and analytics tools such as HubSpot, Matomo, and Google Tag Manager. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which poses a significant risk. Privacy compliance is partial with cookie consent mechanisms but no explicit privacy policy found. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

S

Sweet Punk

sweetpunk.com

50

Sweet Punk is a medium-sized creative agency based in France with offices in Paris and Montpellier. It operates as part of the Ekstend Group and offers a comprehensive suite of branding, digital marketing, advertising, and content production services. The agency has a strong market position supported by multiple industry awards and a diverse client portfolio. Technically, the website is built on WordPress with modern marketing and analytics tools integrated, but suffers from critical security shortcomings due to the lack of a valid SSL certificate and absence of HTTPS, which significantly impacts its security posture. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Business credibility is high, supported by clear contact information, professional content, and trust signals such as awards and client logos.

W

WebBuilds B.V.

filapanel.com

63

Filapanel is a specialized SaaS platform designed to accelerate Laravel and Filament project development by automating code generation and admin panel creation. The company, WebBuilds B.V., operates primarily in the technology sector with a focus on developer tools and SaaS solutions. The website presents a professional and well-branded interface targeting Laravel developers and SaaS builders, supported by partner endorsements and testimonials. Technically, the platform leverages modern frontend technologies such as Alpine.js and Tailwind CSS, and is hosted behind Cloudflare DNS services. However, the absence of a valid SSL certificate critically undermines the security posture, despite the presence of strong HSTS policies and DMARC email protections. Privacy compliance is partial, with terms of service present but no explicit cookie policy or consent mechanism. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to ensure trust and compliance.

I

Institut Mines-Télécom

mines-telecom.fr

40

Institut Mines-Télécom is the leading public group of engineering and management Grandes Écoles in France, providing education, research, and innovation services focused on industrial, digital, energy, and ecological challenges. The website reflects a mature digital presence with professional design, multilingual support, and strong SEO integration. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL/TLS certificate and lack of HTTPS, which severely impacts the security posture. While privacy and cookie policies are well implemented and GDPR compliant, the site lacks explicit security policies and incident response information. Overall, the website is trustworthy and professional but requires urgent security improvements to protect user data and maintain credibility.

W

WebBuilds B.V.

documentator.io

40

Documentator is a technology SaaS company providing a documentation platform designed to simplify the creation and management of product and developer documentation. Positioned as an affordable alternative to established documentation tools, it targets developers and product teams seeking an easy-to-use, flexible solution with features like custom domains, translation support, and analytics. The business operates under WebBuilds B.V., founded in 2020, and offers tiered subscription plans with a free trial to attract users. Technically, the website employs modern JavaScript frameworks (likely Vue.js), Cloudflare DNS services, and Matomo analytics configured for privacy. However, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Performance is moderate to slow, with good mobile optimization and basic accessibility features. Security-wise, the absence of HTTPS, missing security headers, and lack of DNS security records (DMARC, CAA) present vulnerabilities that could expose users to risks. Privacy compliance is reasonably addressed with a comprehensive privacy policy and GDPR references, but no cookie consent mechanism is implemented. Business credibility is supported by clear policies, testimonials, and transparent pricing. Overall, Documentator is a functional and professional SaaS platform with solid business fundamentals but requires urgent improvements in security infrastructure to protect user data and enhance trust.

I

Institut Mines-Télécom Business School (IMT Business School)

imt-bs.eu

34

Institut Mines-Télécom Business School (IMT-BS) is a French public business school specializing in commerce, management, and digital transformation education. It holds a strong market position with multiple prestigious accreditations such as AACSB, AMBA, and CGE, and is part of the Institut Mines-Télécom group. The school offers a range of programs including Bachelor, Grande Ecole, Masters of Science, Executive Education, and doctoral partnerships, targeting students, enterprises, and international audiences. Technically, the website is built on WordPress with Elementor and several modern plugins, but suffers from slow performance and lacks a valid SSL certificate, which impacts security and user trust. Security posture is moderate with some best practices like SPF and DKIM for email, but critical issues exist due to missing HTTPS and TLS protocols. Privacy compliance is good with clear policies and consent mechanisms, and accessibility is excellently addressed with a dedicated plugin and detailed accessibility statement. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and modern TLS protocols.

I

IMT Mines Alès

imt-mines-ales.fr

40

IMT Mines Alès is a recognized French engineering school affiliated with the IMT group, offering a broad range of engineering and management education programs with a strong emphasis on creativity, innovation, and environmental and societal responsibility. The institution targets engineering students, researchers, and industry partners, positioning itself as a national leader in engineering education with a medium-sized footprint. Technically, the website is built on Drupal 10 with modern web components such as Swiper sliders and Plyr video players, but suffers from a critical lack of HTTPS and valid SSL certificates, which severely impacts its security posture. The site implements cookie consent mechanisms and uses Matomo for analytics, reflecting moderate privacy compliance. However, the absence of a security policy, incident response contacts, and vulnerability disclosure reduces its overall security maturity. Strategic improvements in SSL/TLS deployment and security policy transparency are recommended to enhance trust and compliance.

N

NetAnswer

netanswer.fr

40

NetAnswer is a French technology company specializing in community management platforms, primarily targeting alumni networks, professional associations, foundations, and companies with donor communities. With over 20 years of experience and a client base exceeding 300 organizations, NetAnswer offers a comprehensive, modular SaaS solution that supports community engagement, event management, donation processing, and career support. The website reflects a professional and consistent brand presence, showcasing client testimonials and partner logos to build trust. Technically, the site is built on WordPress with the Divi theme and leverages various plugins and libraries such as jQuery, Swiper Carousel, and Matomo Analytics. However, the site lacks a valid SSL certificate and does not properly implement HTTPS, which is a critical security shortfall. Email security is well managed with valid SPF and DMARC policies. Privacy compliance is basic but includes cookie consent mechanisms. Overall, the website is content-rich and user-friendly but requires urgent improvements in security infrastructure to meet modern standards.

E

ENSAI

ensai.fr

40

ENSAI is a French grande école specializing in data science education, offering a range of programs from engineering degrees to doctorates and continuing education. It holds a strong market position due to its unique academic model and historical ties with INSEE and public statistics. The website reflects a professional and comprehensive digital presence targeting students, researchers, and public sector professionals. Technically, the site is built on WordPress with common plugins and libraries, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Security weaknesses include missing HTTPS, lack of security headers, and no explicit security or incident response policies. Overall, the site is trustworthy and professional but requires urgent improvements in security infrastructure to protect user data and enhance trust.

N

Naval Group

naval-group.com

55

Naval Group is a leading European naval defence company serving over 50 navies worldwide. The company specializes in the design, construction, integration, and support of submarines and surface ships, positioning itself as an international player in the naval defence sector. The website reflects a mature business with comprehensive content targeting customers, candidates, journalists, suppliers, and employees. Technically, the site is built on Drupal 10 with modern JavaScript libraries and includes a cookie consent mechanism and Matomo analytics for user tracking. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. No advanced security headers or session management features are implemented, exposing the site to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and consent management. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

E

ENSTA Bretagne

ensta-bretagne.fr

40

ENSTA Bretagne is a reputable French engineering school specializing in advanced technologies for defense, maritime, and high-tech industries. It offers a range of educational programs including engineering degrees, masters, specialized masters, and doctoral studies. The institution maintains strong partnerships with government defense bodies and leading industry players, reinforcing its market position as a Grande École with a focus on innovation and applied research. Technically, the website is built on Drupal 10 with modern JavaScript libraries and includes a cookie consent mechanism compliant with GDPR. However, the site suffers from critical security shortcomings, notably the absence of SSL/TLS encryption, which severely impacts its security posture. Performance is suboptimal with slow load times, though mobile optimization and content quality are good. Security-wise, the lack of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and institutional reputation. Strategic recommendations include immediate implementation of valid SSL certificates, enhancement of security headers, and performance optimization to improve user experience and security compliance.

W

WebBuilds B.V.

ploi.io

73

Ploi.io is a technology company specializing in server management tools designed to simplify server provisioning, site deployments, and server management for developers and businesses. Positioned as a competitive alternative to popular platforms like Laravel Forge and ServerPilot, Ploi offers a subscription-based SaaS model with tiered pricing plans targeting developers and small to medium-sized businesses. The platform provides key services such as server installation, site management, load balancing, team collaboration, and API access, supported by partnerships with major cloud providers like UpCloud, DigitalOcean, Linode, and Hetzner. Technically, the website employs modern web technologies including JavaScript ES modules, Tailwind CSS, and privacy-focused Matomo analytics. The site is hosted behind Cloudflare DNS and CDN services, ensuring global availability. While the site is mobile-optimized and accessible with good SEO practices, performance is hindered by slow load times. The backend likely uses Laravel, inferred from feature references. Security posture reveals a critical issue with an invalid or missing SSL certificate despite strong HSTS policies and no detected vulnerable libraries. Other TLS features like OCSP stapling and session resumption are missing, and DNS CAA records are malformed. Privacy compliance is strong with comprehensive policies and GDPR adherence, and user tracking is minimal and privacy-conscious. Overall, Ploi.io presents a professional, trustworthy, and feature-rich platform with room for improvement in SSL configuration and site performance. Addressing these security and technical issues will enhance user trust and operational reliability.

E

Excelia Group

excelia-group.com

64

Excelia Group is a reputable French higher education institution offering a wide range of undergraduate and postgraduate programs in business, tourism, communication, and related fields. Founded in 1988 and co-founded by regional chambers and councils, it holds prestigious triple accreditation and ranks well internationally. The website reflects a mature digital presence with a comprehensive program overview, multilingual support, and strong branding. Technically, the site is built on Drupal with modern libraries and hosted behind Cloudflare, though performance could be improved. Security posture is solid with HTTPS and SPF/DMARC email protections, but lacks HSTS and DNSSEC. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Overall, Excelia demonstrates strong business credibility and digital maturity.

W

WeWard

wewardapp.com

69

WeWard is a medium-sized company operating a popular walking rewards app that incentivizes users globally to walk more by converting steps into financial rewards, gifts, and charitable donations. The company has a strong market presence with 20 million users across 29 countries and is certified as a B Corp, indicating commitment to social and environmental responsibility. The website is professionally designed, mobile-optimized, and provides clear navigation and rich content that supports user engagement and trust. Technically, the site leverages modern web technologies including Webflow CMS, Matomo analytics, and Rive animations, hosted on Cloudflare CDN for performance and reliability. Security posture is good with HTTPS, modern TLS protocols, and key security headers, though improvements like enabling HSTS and OCSP stapling are recommended. Privacy compliance is supported by comprehensive privacy and cookie policies, though no explicit cookie consent mechanism was detected. Contact is primarily via a Typeform-based contact form, with no direct emails or phone numbers publicly listed. Overall, the site demonstrates a mature digital presence with good security hygiene and user trust indicators.

T

Télécom Paris

telecom-paris.fr

40

Télécom Paris is a prestigious French engineering school specializing in digital and technological education and research. As a founding member of the Institut Polytechnique de Paris and part of the Institut Mines-Télécom, it holds a strong market position in higher education and innovation. The institution offers a wide range of programs including engineering degrees, masters, specialized masters, doctoral studies, and continuing education, supported by active research laboratories and a vibrant innovation ecosystem. Its target audience includes students, researchers, and industry partners, with a significant international presence. Technically, the website is built on WordPress with modern JavaScript libraries and plugins such as jQuery and RoyalSlider. It employs Matomo for privacy-conscious analytics and implements a comprehensive GDPR-compliant cookie consent mechanism. However, the site currently lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security deficiency. The site is well-structured, mobile-optimized, and provides rich, relevant content with clear navigation. From a security perspective, the presence of HSTS is positive, but the absence of valid SSL/TLS and modern encryption protocols significantly undermines the site's security posture. No critical vulnerabilities or malware were detected in the content. Privacy policies and data protection officer contact information are clearly provided, indicating good compliance with GDPR requirements. Overall, while the business and content aspects of the site are excellent, the critical lack of HTTPS and valid SSL/TLS certificate severely impacts the security score and poses risks to user data confidentiality and trust. Strategic improvements in SSL/TLS deployment and security configurations are urgently recommended.

E

ENSTA Paris

ensta-paristech.fr

40

ENSTA Paris is a prestigious French engineering school and a founding member of the Institut Polytechnique de Paris. It offers a wide range of engineering education programs including engineering cycles, masters, specialized masters, doctoral studies, and executive education. The institution focuses on sectors such as transport, energy, defense, robotics, and artificial intelligence, positioning itself as a key player in education and research within these domains. The website reflects a strong brand presence with comprehensive content and clear navigation, targeting prospective students, researchers, and industry partners. Technically, the site is built on Drupal 9 and uses Apache with mod_pagespeed for optimization, but lacks HTTPS which is a critical security shortfall. Matomo analytics is used for user tracking, indicating a moderate level of user data collection with reasonable privacy compliance. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers, exposing the site to potential risks. Business credibility is supported by multiple certifications and trust labels, but contact information is not prominently displayed, which could impact user trust and engagement. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and data.

I

Immobilière Atlantic Aménagement

atlantic-amenagement.com

39

Immobilière Atlantic Aménagement is a well-established real estate company based in France's Nouvelle-Aquitaine region, specializing in affordable, eco-friendly housing solutions and related social services. With over 60 years of history, it holds a significant market position as a major regional housing actor managing over 18,000 housing units. The company emphasizes innovation, sustainability, and social inclusion in its business model, targeting residents and tenants seeking quality housing and supportive services. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. Security posture is weak due to missing HTTPS, lack of security headers, and minimal email protection policies. Privacy compliance is basic with a cookie consent mechanism and a privacy policy present, but no advanced GDPR indicators or data protection officer information. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

T

Tanlib

tanlib.com

36

Tanlib operates as the public transportation network for the Niort Agglomeration in France, providing a free bus service across Niort and 45 surrounding communes. The website offers comprehensive information on routes, schedules, mobility services including bike rentals and carpooling, and real-time traffic alerts. The business is positioned as a key local transportation provider with partnerships including Niort Agglo and Transdev. Technically, the site is built on a PHP backend with modern JavaScript libraries and integrates third-party widgets such as Moovit for route planning and Matomo for privacy-conscious analytics. However, the lack of a valid SSL certificate and HTTPS implementation is a significant security shortfall. Privacy and cookie policies are well documented and include consent mechanisms, reflecting good GDPR compliance. Overall, the site is user-friendly, accessible, and professionally maintained but requires urgent improvements in security infrastructure.

C

Communauté d'Agglomération du Niortais

niortagglo.fr

40

Communauté d'Agglomération du Niortais operates as a regional government authority serving 40 communes in the Niort area of France. The organization provides a broad range of public services including urban planning, transportation, waste management, cultural activities, and economic development. The website serves as an official portal for residents, businesses, and visitors, offering information, services, and news relevant to the community. The site is built on TYPO3 CMS and leverages modern web technologies such as Bootstrap and jQuery, with integrated Matomo analytics and GDPR-compliant cookie consent mechanisms. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Other security headers and best practices are also missing, reducing the overall security posture. Despite these issues, the site maintains good content quality, clear navigation, and strong business credibility through official contact information and social media presence.

A

Agence de Développement et d'Innovation Nouvelle-Aquitaine

accel-na.fr

40

Accel-NA is a regional business accelerator focused on supporting small and medium enterprises (PME) and intermediate-sized enterprises (ETI) primarily in the Nouvelle-Aquitaine and Charente regions of France. The website presents multiple acceleration programs tailored to companies of varying sizes and revenue thresholds, offering structured support, seminars, and workshops to foster business growth. The site includes testimonials, news updates, and partner references, indicating an active engagement with its target audience. Technically, the website is built on WordPress using the Avada theme and Fusion Builder, integrating common web technologies such as jQuery, YouTube embeds, and Matomo analytics. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of modern TLS protocols, resulting in insecure HTTP connections. Security headers and email authentication records are also missing or incomplete, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanism or explicit GDPR indicators. Overall, the website is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

A

ADI Nouvelle-Aquitaine

adi-na.fr

40

ADI Nouvelle-Aquitaine is a regional development and innovation agency focused on supporting businesses and territories in the Nouvelle-Aquitaine region of France. The organization provides services including innovation support, project financing, business acceleration, and partner networking to foster sustainable economic growth and transitions. The website reflects a strong regional presence with comprehensive content, clear navigation, and multiple trust signals such as testimonials and partner logos. Technically, the website is built on Drupal CMS, served by nginx, and integrates modern JavaScript libraries like Splide.js and Matomo for analytics. The site is mobile-optimized and accessible, with good SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, limiting the site's security posture. Security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options are present, but the lack of TLS protocols and HSTS reduces overall security. Privacy compliance is well addressed with visible privacy and cookie policies and a consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

I

Institut Polytechnique de Paris

ip-paris.fr

40

Institut Polytechnique de Paris is a leading French higher education and research institution that unites five prestigious engineering schools to deliver world-class science and technology education. The website reflects a strong focus on education, research, innovation, and entrepreneurship, targeting students, researchers, entrepreneurs, and companies. The digital infrastructure is built on Drupal 10 with modern PHP and includes integrations for analytics and consent management. However, the security posture is weakened by the absence of a valid SSL certificate and proper HTTPS configuration, which is a critical vulnerability. Privacy compliance is well addressed with clear cookie management and privacy policies. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

P

Pix

pix.org

40

Pix.org is a multilingual website offering localized content primarily in English and French, including regional variants for Belgium and France. The site appears to be an educational or informational platform branded as 'Pix', targeting a broad audience seeking language-specific access. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js and a headless CMS (Prismic), with analytics provided by Matomo and Plausible. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which critically undermines user trust and data protection. Additionally, no privacy, cookie, or terms of service policies are present, indicating poor compliance with data protection regulations. The website's performance is slow, and DNS configurations reveal misconfigured CAA records and lack of DNSSEC. Overall, while the site demonstrates modern technical choices and multilingual support, its security posture and privacy compliance require urgent improvement to meet industry standards and user expectations.

W

WSL Institute for Snow and Avalanche Research SLF

whiterisk.ch

54

White Risk is a comprehensive avalanche prevention platform developed and published by the WSL Institute for Snow and Avalanche Research SLF in partnership with Suva and the Swiss Red Cross. It offers a suite of modules including avalanche knowledge resources, e-learning lessons, tour planning tools, and presentation software aimed at winter mountain tour participants and avalanche educators. The platform is well-established in the Swiss market and provides valuable educational and safety services. Technically, the website is built on a modern Angular framework with rich interactive content and multimedia integration, supporting both web and mobile platforms. However, the current lack of a valid SSL certificate and HTTPS implementation is a critical security weakness that undermines user trust and data protection. Privacy and legal compliance are well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to meet modern standards.

F

Free Pro

freepro.com

55

Free Pro is a French B2B telecommunications and IT services provider, a subsidiary of Groupe iliad, offering a broad portfolio of fixed and mobile telecom products and cloud/managed IT solutions tailored for enterprises of all sizes. The company positions itself as a trusted partner delivering expertise, competitive pricing, and proximity service across France with multiple regional offices. Technically, the website is built on WordPress with modern analytics and consent management tools, but suffers from a critical lack of valid SSL/TLS configuration, impacting security posture. While DNS email security is well configured with SPF and DMARC, the absence of HTTPS and security headers exposes the site to risks. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

C

Cloud IAM

cloud-iam.com

71

Cloud IAM is a technology company specializing in managed identity and access management (IAM) solutions based on the open-source Keycloak platform. Founded in 2018 and based in France, the company offers a fully managed Keycloak SaaS and consulting services with a strong emphasis on security, reliability, and compliance, including ISO 27001 certification and a 99.95% SLA uptime guarantee. Their target audience includes developers and organizations seeking scalable, secure, and customizable IAM solutions without the complexity of self-hosting Keycloak. The website demonstrates a mature digital presence with professional design, clear navigation, and comprehensive content about their services and security posture. Technically, the site uses modern web technologies including Webflow CMS, HubSpot marketing and analytics tools, Matomo analytics, and Google reCAPTCHA for bot protection. The SSL configuration is good with TLS 1.3 support, though improvements such as enabling HSTS and DNSSEC could enhance security further. Privacy compliance is well addressed with a comprehensive privacy policy and strong email authentication records (SPF, DMARC). Overall, Cloud IAM presents a trustworthy and professional service with a solid security foundation and transparent business practices.

S

swissuniversities

swissuniversities.ch

63

swissuniversities.ch is the official website of swissuniversities, the umbrella organisation representing Swiss universities. It serves as a central platform to promote cooperation and coordination among Swiss higher education institutions, providing information on policies, scholarships, research, and international relations. The website targets academic institutions, students, researchers, and stakeholders in the Swiss education sector. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Klaro for cookie consent and Matomo for analytics. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. The site is well-structured with good navigation, accessibility, and SEO, but performance is slow with a page load time exceeding 6 seconds. Security posture is weak due to missing HTTPS and limited security headers, though SPF and DMARC records are properly configured. Privacy compliance is good with clear privacy and cookie policies. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration and performance optimization.

S

Swiss Federal Institute for Forest, Snow and Landscape Research WSL

wsl.ch

48

The Swiss Federal Institute for Forest, Snow and Landscape Research WSL is a prominent Swiss federal research institute focused on environmental sciences including forest, landscape, biodiversity, natural hazards, and snow and ice. It operates under the ETH Domain and serves a broad audience including researchers, forestry experts, policymakers, and the public. The website reflects a professional government research entity with comprehensive content and consistent branding. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, hosted likely by switch.ch. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. No privacy or cookie policies are explicitly found, and security headers are absent, indicating gaps in security best practices. Overall, the site is content-rich and trustworthy but requires urgent security improvements.

T

The PHP Foundation

thephp.foundation

55

The PHP Foundation is a non-profit collective dedicated to supporting, advancing, and developing the PHP programming language. It operates as a key steward of the PHP ecosystem by providing financial support and organizational guidance to PHP developers and contributors. The foundation is supported by a range of sponsors and members from the technology sector, positioning itself as an important entity within the open-source and developer community. The website reflects a professional and consistent branding approach with clear messaging targeted at PHP users and contributors. Technically, the site leverages modern frontend technologies such as Alpine.js and Highlight.js, and uses analytics tools like Matomo and Fathom to monitor user engagement. However, the site suffers from an invalid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. While email authentication protocols like SPF and DMARC are properly configured, the absence of a cookie policy and direct contact emails or phone numbers limits privacy compliance and user trust. Overall, the website is functional and informative but requires critical improvements in security and privacy compliance to enhance trust and professionalism.

P

PAIR Finance GmbH

pairfinance.com

59

PAIR Finance GmbH operates in the finance sector specializing in digital debt collection and receivables management. The company positions itself as an innovator offering transparent, fair, and efficient digital inkasso services targeting both businesses and consumers. The website content is professionally presented in German with multiple language alternatives, reflecting a medium-sized enterprise founded in 2019 and based in Germany. The business model focuses on leveraging digital technologies to modernize traditional debt collection processes. Technically, the website is built on WordPress with SEO optimization via Yoast and uses Consentmanager for cookie compliance and Matomo for analytics. Hosting is on Amazon AWS infrastructure. However, the website suffers from slow load times and lacks a valid SSL certificate, which impacts user trust and security. Security posture is weak due to missing HTTPS, absence of security headers, and a subdomain takeover vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR alignment. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust.

A

Atruvia AG

fiduciagad.de

40

Atruvia AG operates as a large IT service provider focused on banking digital transformation, consulting, IT outsourcing, and related services primarily in Germany. The website presents a professional and consistent brand image with clear navigation and relevant content targeting professionals, students, and customers in the finance and technology sectors. Technically, the site uses modern web technologies including JavaScript modules and Craft CMS, but suffers from a lack of valid SSL/TLS configuration, resulting in no HTTPS support and weak security posture. The cookie consent mechanism and privacy policy indicate good privacy compliance, although no explicit incident response or vulnerability disclosure policies are found. Overall, the site is functional and trustworthy but requires urgent security improvements.

V

VR Smart Finanz AG

bonitaetsmanager.de

40

Bonitaetsmanager.de is a German-language online platform operated by VR Smart Finanz AG, offering business credit score monitoring and optimization services primarily for SMEs and self-employed individuals in Germany. The platform integrates credit data from major agencies like Creditreform and SCHUFA and provides tools for improving business creditworthiness and comparing financing options. The website is built on modern technologies such as React and Next.js, with a focus on user experience and mobile optimization. However, the site suffers from significant security shortcomings, including an invalid SSL certificate and lack of modern TLS protocols, which pose risks to user data confidentiality and trust. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site presents a professional and trustworthy business service but requires urgent security improvements to enhance its posture and user confidence.

V

VR Smart Guide GmbH

vr-smart-guide.de

40

VR Smart Guide GmbH is a small-sized German company specializing in AI-powered financial management solutions tailored for small businesses and partner banks. Their offerings include invoice creation, online banking integration, receipt management, and bookkeeping, supported by the FinCheck app which provides real-time financial forecasting. The company positions itself as a niche player within the finance sector, leveraging partnerships with established financial institutions such as Volksbanken Raiffeisenbanken and others. Technically, the website is built on WordPress with Elementor and integrates multiple marketing and analytics tools including HubSpot, Matomo, and Google Tag Manager. While the site employs HTTPS with modern TLS protocols and has SPF and DMARC configured, it lacks advanced security headers and DNSSEC, indicating room for improvement in security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and trustworthy but exhibits slow performance and could benefit from enhanced security measures.

V

VR Payment GmbH

vr-payment.de

40

VR Payment GmbH is a specialized payment solutions provider serving the Volksbanken Raiffeisenbanken network and their merchants. The company offers a broad range of services including card readers, terminals, cashless payment methods, e-commerce payment integration, and value-added services such as digital receipt management and mobile payment solutions. The website reflects a professional and consistent brand presence targeting merchants, banks, and resellers within the financial and payment technology sectors in Germany. The company maintains a medium-sized market presence with a focus on innovation and customer-centric payment solutions. Technically, the website is built on the Contao CMS platform and leverages modern JavaScript libraries such as jQuery, jQuery UI, and Swipe.js for UI interactions. It uses Matomo for analytics and Usercentrics for consent management, indicating a mature approach to user privacy and data tracking. However, the website suffers from a critical security deficiency due to an invalid or missing SSL certificate and lack of enabled TLS protocols, which severely undermines HTTPS security and user trust. From a security perspective, while the site has HSTS enabled with preload and a valid SPF record, the absence of a valid SSL certificate and TLS support is a major vulnerability. No incident response or explicit security policy information is found, and no vulnerability disclosure or security.txt file is present. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is readily available through multiple channels including email, phone, and detailed contact forms. Overall, the website is content-rich, professionally designed, and privacy-conscious but critically impaired by its SSL/TLS configuration issues. Immediate remediation of the SSL certificate and enabling modern TLS protocols is essential to restore security posture and trustworthiness.

V

VR Equitypartner

vrep.de

40

VR Equitypartner is a leading equity financing provider specializing in tailored capital solutions for medium-sized enterprises in Germany, focusing on succession, shareholder changes, and growth financing. The company positions itself as a reliable partner offering both direct investments and mezzanine financing, enabling businesses to realize growth and transition plans while maintaining operational independence. The website reflects a mature digital presence built on WordPress with Elementor, integrating advanced SEO, accessibility, and privacy compliance features. Security posture is strong with HTTPS, modern TLS protocols, and proper email authentication mechanisms, although improvements like enabling HSTS and DNSSEC could enhance protection further. Overall, the site demonstrates professionalism, trustworthiness, and compliance, supporting VR Equitypartner's market position effectively.

Really Simple Plugins is a technology company specializing in WordPress plugin development, focusing on security and privacy compliance solutions. Their key offerings include the Really Simple Security plugin, ranked as the 12th most-used WordPress plugin, and the Complianz Privacy Suite, which supports compliance with international privacy legislation and boasts over 1 million users worldwide. The company targets WordPress users and website owners seeking easy-to-use security and privacy tools. Their business model revolves around plugin development and distribution, positioning them as an important player in the WordPress ecosystem since 2016. Technically, the website is built on WordPress using Elementor and Yoast SEO, with additional plugins for cookie consent management (Complianz) and analytics (Matomo). Hosting and DNS are managed via Cloudflare, providing robust DNS infrastructure. Performance is moderate with a page load time of approximately 3.8 seconds. The site is mobile optimized and has good SEO practices, though accessibility features are basic. From a security perspective, the site lacks a valid SSL certificate and does not enable modern TLS protocols, which is a significant risk. No HTTP security headers are detected, and advanced SSL features like OCSP stapling and HSTS are not enabled. DNS records show proper SPF and DMARC configurations, reducing email spoofing risks. Cookie consent is managed properly with opt-in mechanisms, supporting GDPR compliance. However, the absence of a valid SSL certificate and security headers lowers the overall security posture. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS configuration and security headers to enhance trust and protect user data. Privacy compliance is well addressed through the Complianz plugin and clear privacy and cookie policies. Business credibility is moderate due to limited direct contact information and absence of terms of service. Strategic security enhancements and better transparency would improve the site's risk profile and user confidence.