Security Directory

S

SOS-Kinderdorf Österreich

sos-kinderdorf.at

40

SOS-Kinderdorf Österreich is a well-established non-profit organization dedicated to providing loving homes and support to children in need both in Austria and globally. Founded in 1949, it operates in 138 countries and relies on donations, sponsorships, and volunteer engagement to fulfill its mission. The website reflects a professional and consistent brand presence with comprehensive content and clear navigation targeting donors, volunteers, and families in need. Technically, the site uses ASP.NET WebForms with Kentico CMS, integrates modern libraries like jQuery and FontAwesome, and employs a consent management platform for GDPR compliance. However, a critical security gap exists due to the absence of HTTPS and a valid SSL certificate, exposing users to potential risks. Privacy policies and cookie consent mechanisms are well implemented, supporting regulatory compliance. Overall, the site demonstrates strong business credibility and user trust but requires urgent security improvements.

B

BI plus GmbH

biplus.at

36

BI plus GmbH is a specialized business analytics and corporate performance management consulting firm based in Austria with additional presence in Germany. The company offers a range of services including consulting, installation, configuration, training, and support, positioning itself as a leading expert in its field and an IBM Silver Business Partner. The website reflects a professional business with clear service offerings and contact information targeting corporate clients in Austria and Germany. Technically, the website uses common JavaScript libraries and tracking tools but lacks a valid SSL certificate, which is a significant security concern. The absence of HTTPS impacts the overall security posture and user trust. Privacy compliance is addressed with a cookie consent banner and GDPR-related policies, though no explicit security or incident response policies are found. The domain registration and DNS records are consistent with the business claims, supporting legitimacy. Strategic recommendations include immediate SSL implementation, enhanced security headers, and improved email security policies to strengthen trust and compliance.

V

Vienna Beef

viennabeef.com

40

Vienna Beef operates a well-established e-commerce website specializing in Chicago style hot dogs and related food products. The company has a strong market position with a rich history dating back to 1893 and offers a variety of products including hot dogs, sausages, deli meats, condiments, soups, and branded merchandise. The website targets both consumers and foodservice businesses, providing online shopping, educational programs like Hot Dog University, and store locator services. Technically, the site is built on the BigCommerce platform with modern web technologies and integrates multiple marketing and analytics tools such as Google Analytics 4, Hotjar, and Klaviyo. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The absence of direct contact emails or phone numbers on the site is a minor concern. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and enhance trust.

B

Bacher Systems EDV GmbH

bacher.at

40

Bacher Systems EDV GmbH is a medium-sized Austrian IT services company specializing in managed services, cybersecurity, data analytics, and digital identity solutions. The company targets large enterprises, including numerous Top 100 companies in Austria, positioning itself as a trusted partner for IT infrastructure and security needs. The website reflects a professional and comprehensive digital presence with clear service offerings and client references. Technically, the site is built on Silverstripe CMS and integrates modern marketing and analytics tools, but suffers from critical SSL/TLS configuration issues that undermine its security posture. Security headers and privacy compliance are well implemented, including GDPR-aligned privacy and cookie policies with consent mechanisms. WHOIS data confirms the legitimacy and consistency of the domain registration with the company's Austrian base. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS to ensure secure communications.

N

Nussmüller Architekten ZT GmbH

nussmueller.at

23

Nussmüller Architekten ZT GmbH is a small Austrian architecture firm specializing in residential, educational, urban development, cultural, and commercial projects. The company has a solid regional presence with multiple awards and a professional website showcasing their portfolio and services. The website is built on WordPress and uses common web technologies such as nginx, jQuery, and FontAwesome. However, the site lacks HTTPS encryption, which is a critical security vulnerability. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information is limited to a physical address and implied contact forms, with no explicit emails or phone numbers visible. Overall, the business presents itself professionally but needs to address key security and privacy gaps to improve trust and compliance.

C

Celerion

celerion.com

40

Celerion is a well-established clinical research organization specializing in translational medicine and early drug development services. The company offers a broad range of clinical research solutions, bioanalytical sciences, and regulatory affairs support, targeting pharmaceutical and biotech companies globally. Their website reflects a mature business with consistent branding, good content quality, and a clear focus on their specialized healthcare sector. Technically, the site is built on WordPress and hosted on Pantheon, utilizing modern marketing and analytics tools such as Google Tag Manager, Pardot, and LinkedIn Insight Tag. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are present with consent mechanisms, but no explicit security or incident response policies are found. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, while the business and content quality are strong, the lack of proper SSL/TLS security is a major concern that should be addressed promptly.

I

ICSL GmbH

icsl.at

35

ICSL GmbH is a specialized provider of secure communication systems, focusing on high-quality, NATO-approved solutions such as Silentel and SecuSUITE. With over 20 years of experience and 13 years dedicated to secure communication, ICSL positions itself as a trusted partner for government and enterprise clients requiring robust security. The website reflects a professional and consistent brand image, targeting a niche market with a clear business model centered on consulting and secure communication services. Technically, the site is built on WordPress with a modern plugin ecosystem, but suffers from critical security shortcomings due to an invalid SSL certificate and lack of HTTPS, which significantly impacts its security posture. Privacy and legal compliance are well addressed with accessible policies and cookie consent mechanisms. Overall, ICSL demonstrates strong business credibility but must urgently address its SSL/TLS configuration to enhance trust and security.

V

Van Wagner

vanwagner.com

37

Van Wagner is a prominent full-service sports advertising and entertainment agency specializing in creating, connecting, and selling on behalf of world-class sports leagues, teams, colleges, and brands. The company offers a broad range of services including TV-visible signage, event production, college marketing, aerial advertising, and broadcast control center solutions. Their market position is strong, supported by partnerships with major sports leagues and Fortune 500 companies. The website reflects a mature digital presence with professional design, rich content, and effective SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. The site leverages modern web technologies and is hosted on a reputable platform, but performance could be improved. Overall, the business demonstrates credibility and professionalism but must address fundamental security issues to enhance trust and protect visitors.

L

LEITNER

leitner-ropeways.com

40

LEITNER is a well-established company specializing in the manufacturing and supply of ropeway systems and components, serving sectors such as winter sports, urban transportation, tourism, and material transport. Founded in 1888 and part of the HTI Group, LEITNER holds a strong market position with a global footprint and a comprehensive portfolio of products and services including after-sales support and training. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates marketing and analytics tools such as Google Analytics and Microsoft Clarity. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is comprehensive and includes multiple phone numbers, emails, and forms. Overall, LEITNER's website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

Ingraphics Soluções & Imagens is a small digital marketing agency based in the ABC region of São Paulo, Brazil. The company offers a range of services including digital marketing, web design, graphic design, illustration, and campaign management. Their website demonstrates a professional approach with clear service offerings and client testimonials, targeting businesses seeking to improve their digital presence and marketing effectiveness. Technically, the website is built on WordPress using Elementor and integrates marketing tools such as ActiveCampaign and Yoast SEO, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are present but basic, with no explicit GDPR compliance or incident response information. Overall, the site is functional and informative but requires urgent security improvements to meet modern standards.

Primetals Technologies is a global leader in metallurgical plant solutions, offering a comprehensive portfolio of services and technologies across the steel production value chain. Their website reflects a mature enterprise-level business with a strong focus on innovation, digitalization, and sustainability, including green steel initiatives. The company targets industrial clients and professionals in the steel and metallurgical sectors, providing automation, lifecycle services, and integrated plant solutions. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and includes multilingual support and professional design. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines data protection and user trust. Security headers are well implemented, but the lack of encryption and modern TLS protocols significantly lowers the security posture. Privacy compliance is well addressed with Cookiebot and Google Consent Mode integration, ensuring GDPR alignment. Overall, the site demonstrates high business credibility and professionalism but requires urgent security improvements to meet modern standards.

J

JUDO.eu

judo.eu

26

JUDO.eu is a well-established German company specializing in water treatment solutions, with a history dating back to 1936. The company offers a broad range of products including protective filters, softening systems, lime protection, dosing pumps, leakage protection, wellness, heating protection, and smart home water solutions. Their market position is strong with a focus on innovation and sustainability, targeting both professional and consumer markets internationally. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and various plugins for SEO, cookie management, and user interaction. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security weakness. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

F

Flint Group

flintgrp.com

40

Flint Group is a global enterprise specializing in manufacturing print consumables for the packaging and printing industries. The company emphasizes sustainable innovation, customer support, and ethical business practices, positioning itself as a global leader in its sector. The website reflects a professional and comprehensive digital presence with extensive content, clear navigation, and a focus on sustainability and corporate responsibility. Technically, the site uses modern analytics and tracking tools but lacks HTTPS support due to an invalid or missing SSL certificate, which is a significant security concern. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, Flint Group demonstrates strong business credibility but must address its SSL/TLS configuration to improve security posture and user trust.

Scheidt & Bachmann GmbH is a globally recognized provider of innovative system solutions in the transportation and energy retail sectors. Their offerings include parking management, rail signalling, fare collection systems, and energy retail solutions, serving a broad range of mobility providers worldwide. The company positions itself as a market leader with a strong focus on integrated modular solutions and sustainability. Technically, the website is built on TYPO3 CMS with a professional design and good navigation, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, while the business credibility and content quality are strong, the security posture requires urgent improvement to protect user data and enhance trust.

B

Base-IT GmbH

baseit.at

22

Base-IT GmbH is an Austrian IT service provider specializing in consulting, planning, installation, and maintenance of IT systems, with a strong focus on cybersecurity and managed services for small and medium enterprises (KMU). The company holds recognized ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications, underscoring its commitment to information security and data privacy. Their market position is supported by a portfolio of diverse IT services and a visible client base, including references and social media presence. Technically, the website is built on a SilverStripe CMS platform with modern JavaScript libraries such as jQuery, MDBootstrap, Owl Carousel, and Swiper. The hosting appears to be provided by Hetzner. While the site is mobile-optimized and well-structured with good SEO practices, performance data is lacking, and accessibility is basic. The site uses a cookie consent mechanism compliant with GDPR and integrates Google Analytics for performance and user tracking. From a security perspective, the absence of HTTPS and a valid SSL/TLS certificate is a critical vulnerability, severely impacting the overall security posture. Other security best practices such as HSTS, OCSP stapling, and security headers are missing. The company demonstrates good security governance through certifications but lacks visible incident response or vulnerability disclosure policies on the website. Overall, the website is professional and content-rich but requires urgent security improvements to enable HTTPS and enhance security headers. Strategic recommendations include implementing SSL/TLS, publishing incident response policies, and enhancing security controls to improve trust and compliance.

T

Trayport Limited

visotech.at

35

Trayport Limited operates a comprehensive energy trading platform connecting traders, brokers, and exchanges globally, with a strong focus on power, gas, and carbon markets. Their flagship product, Joule, offers extensive market access and analytics, positioning them as a key player in the energy trading software sector. The website reflects a mature digital presence with rich content and clear navigation tailored to energy market participants. Technically, the site leverages modern web technologies including WordPress, Alpine.js, and Mapbox for interactive features, but lacks HTTPS support, which is a critical security shortfall. Security posture is weak due to the absence of SSL/TLS and security headers, exposing users to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business appears legitimate and professionally presented, but urgent improvements in security infrastructure are recommended.

I

iC Consulenten Ziviltechniker GesmbH

ic-group.org

22

iC Consulenten Ziviltechniker GesmbH is a well-established Austrian engineering consultancy firm specializing in integrative solutions across construction, transportation, environment, and energy sectors. With over 22 years of operation and multiple international offices, the company serves clients requiring complex, interdisciplinary project management and engineering expertise. Their website reflects a professional presence with detailed service offerings and a strong partner network. Technically, the site is built on TYPO3 CMS with modern frontend technologies but lacks HTTPS, which is a critical security deficiency. The absence of SSL/TLS exposes visitors to significant risks and undermines trust. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, though incident response and vulnerability disclosure mechanisms are absent. Business legitimacy is strong, supported by consistent WHOIS data and trust indicators such as certifications and social media presence. Strategic improvements in security posture, especially enabling HTTPS and enhancing security headers, are essential to protect users and improve overall trust.

U

USound

usound.com

37

USound is a technology company specializing in MEMS speaker technology designed for integration into advanced audio devices such as TWS earbuds, headphones, AR/VR glasses, audio glasses, and hearing aids. The company positions itself as an innovator in the audio technology market, offering products with superior form factors, low power consumption, and high audio fidelity. Their website provides comprehensive product catalogs, technical documentation, and application insights targeting manufacturers and developers in the wearable and hearable device sectors. Technically, the website is built on WordPress with a modern tech stack including React, jQuery, and various plugins for enhanced user experience. However, the site lacks HTTPS, which is a critical security vulnerability. The security posture is basic with no advanced headers or SSL configuration, but no known vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent security improvements to enable HTTPS and enhance security headers.

V

VDEL

vdel.com

31

VDEL is an established software company founded in 1993, specializing in customized software solutions including document and process management, blockchain, big data, and AI. The company operates internationally with subsidiaries in Belgrade and Katowice and serves businesses seeking integrated IT solutions. Their business model includes distribution and multilingual support, leveraging partnerships such as Software United. Technically, the website uses Bitrix CMS with common web technologies and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of privacy and cookie policies indicate significant security and compliance gaps. The security posture is weak due to missing HTTPS and security policies, exposing users to risks. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

E

Evon Technologies

evontech.com

40

Evon Technologies Pvt. Ltd. is a well-established software development company based in India, with over 17 years of experience serving a global clientele. The company offers a broad range of services including custom web and app development, AI and machine learning solutions, cloud consulting, ERP/CRM implementations, and staff augmentation. Their market position is strengthened by certifications such as CMMI Level 5 and ISO 27001:2022, and a diverse client portfolio featuring technology heavyweights and startups. Technically, the website is built on Joomla CMS, hosted likely on AWS infrastructure, and integrates modern marketing and analytics tools. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security gap. Privacy and cookie policies are present with consent mechanisms, supporting basic GDPR compliance. Contact information is comprehensive and accessible via multiple channels.

cargo-partner is a midsized logistics and transportation company specializing in integrated supply chain solutions including air, sea, rail, and road freight, as well as warehousing and SCM services. The company targets businesses requiring comprehensive logistics support and operates with a pan-European and global presence. The website reflects a professional business with consistent branding and a clear service offering. Technically, the site is built on TYPO3 CMS with PHP backend and uses modern web technologies including Friendly Captcha and Cookiebot for privacy compliance. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness, exposing users to potential risks. Security headers are partially implemented but lack a proper Content-Security-Policy. Privacy compliance is supported by a clear privacy policy and cookie consent mechanism. Overall, the website is functional but requires urgent security improvements to protect user data and enhance trust.

Austro Control GmbH is the Austrian national air navigation service provider responsible for ensuring aviation safety, air traffic control, and aeronautical information management. The company serves a broad audience including pilots, airlines, airports, and government agencies, positioning itself as a key player in the transportation and government sectors. Their services include air traffic control, pilot licensing, flight weather services, and drone regulation. The website reflects a professional and comprehensive digital presence with strong branding and trust signals such as industry awards and certifications. Technically, the site uses modern web technologies like Bootstrap and jQuery but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of TLS protocol support, which undermines secure communications. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Overall, the site is trustworthy and authoritative but requires urgent improvements in SSL/TLS security to protect users and maintain credibility.

A

A&N GesbR

an-gesbr.com

34

A&N GesbR is a small partnership business based in Linz, Austria, represented by Philipp Asanger and Manuel Nobis. The website serves primarily as an informational portal with links to partner sites and basic company details including a physical address and VAT number. The business appears to operate in a retail or tools-related sector, though no explicit service descriptions are provided. Technically, the website is built on WordPress using Elementor and common web technologies such as jQuery and Bootstrap. However, the site lacks HTTPS, which is a critical security deficiency. No privacy or cookie policies are present, and no contact emails or phone numbers are provided, limiting user engagement and compliance with data protection regulations. The overall security posture is weak, with no advanced security headers or protections implemented. Performance data is missing, but the site likely suffers from slow loading due to lack of optimization. The domain registration data aligns well with the website content and business location, indicating legitimacy. Strategic improvements in security, privacy compliance, and contact transparency are recommended to enhance trust and professionalism.

U

United Nations Office on Drugs and Crime

unodc.org

40

The United Nations Office on Drugs and Crime (UNODC) operates as a key intergovernmental agency focused on combating illicit drugs, crime, corruption, and terrorism globally. It provides extensive research, policy guidance, and technical assistance to member states and partners, positioning itself as a leading authority in its domain. The website reflects a mature, well-branded digital presence with comprehensive content and multi-language support targeting governments, NGOs, researchers, and the public. Technically, the site uses a modern tech stack including Apache, AngularJS, Bootstrap, and Google Tag Manager, hosted on UN Vienna infrastructure. While the site is moderately performant and mobile-optimized, it lacks a valid SSL certificate and modern TLS support, which critically undermines its security posture. Security headers are well implemented, but the absence of HTTPS and session security features are significant vulnerabilities. From a security perspective, the site demonstrates good header policies but fails to provide encrypted transport, OCSP stapling, or session resumption. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite tracking scripts. Business credibility is high given the official UN affiliation and consistent WHOIS data. Overall, the site is authoritative and professional but requires urgent security improvements, especially SSL deployment, to ensure trust and compliance. Strategic recommendations include obtaining valid HTTPS certificates, enabling modern TLS protocols, implementing cookie consent, and enhancing incident response visibility.

V

Valneva

valneva.com

35

Valneva is a specialty vaccine company focused on the development, manufacturing, and commercialization of prophylactic vaccines addressing infectious diseases with unmet medical needs. The company has a strong market position with multiple commercialized vaccines and a robust pipeline targeting diseases such as chikungunya, Lyme disease, Shigella, and Zika. The website reflects a professional corporate presence with comprehensive investor relations and media resources, targeting healthcare professionals, investors, and partners globally. Technically, the website is built on WordPress with modern SEO and marketing tools, including Google Tag Manager and social media integrations. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses significant risks to data confidentiality and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of SSL/TLS issues to improve security and trust.

P

pbbr | Sociedade de Advogados RL, Lda.

pbbr.pt

40

pbbr | Sociedade de Advogados RL, Lda. is a small full service law firm based in Lisbon, Portugal, established in 2006. The firm offers comprehensive legal advice and assistance with a national and international client base. Their website reflects a professional and consistent brand image, targeting clients seeking high-quality legal services. The firm maintains a presence on LinkedIn and provides newsletter subscriptions to engage clients and partners. Technically, the website uses a modern tech stack including nginx, PHP, Bootstrap, Google Tag Manager, and Cookiebot for consent management. The site is mobile optimized and SEO friendly, though performance metrics are unavailable. Hosting is managed via host-redirect.com DNS servers. However, the website lacks a valid SSL certificate, resulting in no proper HTTPS support, which is a significant security concern. Security posture is moderate with good use of security headers and content security policies, but the absence of valid SSL/TLS and modern TLS protocols severely undermines security. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. Contact information is limited to forms, with no explicit emails or phone numbers displayed. Overall, the website is functional and professional but requires urgent remediation of SSL/TLS issues to improve security and trustworthiness. Strategic improvements in security and contact transparency will enhance the firm's digital maturity and client confidence.

U

UAB Toode

toode.lt

40

UAB Toode is a medium-sized Lithuanian company specializing in manufacturing and retailing steel roofing materials and accessories, with a strong presence in the Baltic region supported by factories in Estonia, Latvia, and Finland. The company holds recognized certifications such as ISO 9001 and CE marking, reinforcing its market position as a reputable supplier in the construction sector. Their website provides comprehensive product catalogs, customer testimonials, and multiple contact channels, targeting construction professionals and retail customers. Technically, the website is built on WordPress with WooCommerce, leveraging common web technologies and marketing tools like Google Analytics and Tag Manager. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which critically undermines user trust and data protection. Privacy compliance is addressed through GDPR-aligned cookie consent and a privacy policy document, but terms of service and explicit security policies are missing. Overall, the website demonstrates good business credibility and content quality but requires urgent improvements in security infrastructure and performance optimization to enhance user trust and operational resilience.

U

UVdata A/S

uvdata.dk

37

UVdata A/S is a Danish software company specializing in providing comprehensive software solutions for private and free schools, afterschools, and educational institutions in Denmark. Their product portfolio includes school management systems, payroll solutions, guidance software, and time management tools, positioning them as a key player in the Danish education technology sector. The company operates under the parent company KMD, enhancing its market credibility and reach. The website content is well-structured, primarily in Danish, and targets educational institutions with relevant services and support information. Technically, the website is built on WordPress using the Avada theme and integrates several JavaScript libraries and plugins, including Matomo for analytics. However, the site suffers from performance issues with slow load times and a large number of resources. Security-wise, the website lacks a valid SSL certificate, serving content without HTTPS, which is a critical vulnerability. Additionally, it lacks essential security headers and advanced SSL features such as HSTS and OCSP stapling. Privacy compliance is addressed with clear privacy and cookie policies and a consent mechanism, aligning with GDPR requirements. Overall, while the business and content aspects are strong and credible, the technical and security posture require significant improvements to ensure user trust and data protection.

P

Partnership for European Environmental Research

peer.eu

36

The website peer.eu represents the Partnership for European Environmental Research (PEER), a collaborative network focused on environmental research and sustainable development. The site targets researchers and policymakers, providing information on research projects, publications, and strategic research areas. The business model centers on knowledge sharing and policy support within the environmental research sector. Technically, the site is built on TYPO3 CMS with a professional design and structured content, but suffers from moderate performance and lacks a valid SSL certificate, which is a critical security flaw. The security posture is weak due to the absence of HTTPS, security headers, and modern TLS protocols. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is limited to a contact form, with no direct emails or phone numbers provided. Overall, the site is credible but requires urgent security improvements to protect user data and enhance trust.

S

Smelt by Polaria

smeltbypolaria.no

50

Smelt by Polaria is a Norwegian e-commerce retailer specializing in sustainable, locally sourced interior and lifestyle products. The company targets environmentally conscious consumers in Norway, offering a broad product range from Nordic and European suppliers. Their business model focuses on online sales with additional services like click-and-collect and flexible payment options. The website demonstrates good content quality, clear navigation, and consistent branding, supported by trust signals such as certifications and customer reviews. Technically, the site uses modern JavaScript libraries and frameworks but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which severely impacts security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and build trust.

N

NILU

nilu.com

57

NILU is a well-established independent non-profit research institute based in Norway, specializing in climate and environmental research. Founded in 1969, it holds a strong market position as an internationally leading research organization offering services such as laboratory analysis, environmental solutions, and scientific publications. The website reflects a professional and consistent brand image targeting researchers, industry stakeholders, and policymakers. Technically, the site is built on WordPress with a modern tech stack including Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS and modern TLS protocols, although HSTS is enabled. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information and certifications are clearly presented, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements.

N

NORIN

norin.no

53

NORIN is a Norwegian research alliance comprising three prominent institutes: IFE, NIVA, and NILU. The alliance focuses on advancing research in energy, environment, climate, digitalization, and societal security. The website presents a professional and consistent brand image, targeting stakeholders in research, policy, and environmental sectors. Technically, the site is built on WordPress with Elementor and several plugins, hosted likely by ProISP. However, the site lacks a valid SSL certificate, resulting in HTTP-only access, which is a significant security concern. The cookie consent mechanism is implemented and appears GDPR compliant, but no privacy policy or terms of service are found, which may affect compliance and user trust. Security headers are missing, and performance is slow with a high load time and large page size. Overall, the site is functional and informative but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

N

Nofim AS

nofima.com

40

Nofima is a Norwegian government-affiliated research institute specializing in applied research within fisheries, aquaculture, and food systems. It serves a broad audience including industry actors, research partners, and public sector entities. The organization is large with over 380 employees and is positioned as a leading institute in its sector in Norway. The website reflects a professional and comprehensive digital presence with rich content, structured navigation, and multilingual support. Technically, the site is built on WordPress with modern libraries and plugins, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DMARC and DNSSEC configurations. Privacy compliance is partial, with privacy and cookie policies present but no active consent mechanism. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

N

Nofima AS

nofima.no

57

Nofima AS is a leading Norwegian food research institute specializing in research and development for the aquaculture, fisheries, and food industries. The organization serves a broad audience including food producers, government agencies, and scientific communities. Their business model focuses on providing research services, knowledge dissemination, and training to support sustainable food production. The website is professionally designed, content-rich, and well-branded, reflecting a strong market position in the government sector. Technically, the site is built on WordPress with modern plugins and libraries, hosted behind Cloudflare, and uses Matomo for privacy-conscious analytics. However, the security posture is weakened by an invalid SSL certificate and lack of TLS support, which is a critical risk. Privacy compliance is good with clear privacy and cookie policies, though no explicit terms of service or security policies are published. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain credibility.

N

Norsk institutt for naturforskning

nina.no

40

Norsk institutt for naturforskning (NINA) is a well-established independent research foundation in Norway focused on nature and the interaction between nature and society. The organization provides research, environmental monitoring, consulting, and evaluation services with a multidisciplinary team of natural and social scientists. Their website reflects a mature digital presence with rich content including news, blogs, and service information targeting researchers, policymakers, and the public interested in biodiversity and sustainability. Technically, the site is built on the DNN CMS platform using ASP.NET and integrates several third-party modules and services. However, the website suffers from a critical security shortfall due to the lack of a valid SSL certificate and proper HTTPS configuration, exposing users to potential risks. Privacy compliance is basic with no visible cookie consent mechanisms, and no explicit security or incident response policies are published. Overall, the site is credible and professional but requires urgent improvements in security and privacy compliance to meet modern standards.

N

Norsk Polarinstitutt

npolar.no

63

Norsk Polarinstitutt is a Norwegian government research institute specializing in scientific knowledge and advisory services related to the Arctic and Antarctic regions. The organization operates research programs, logistics, and manages research stations and vessels. The website reflects a mature and established institution with a clear focus on polar science and environmental monitoring. The target audience includes Norwegian authorities, researchers, and the public interested in polar topics. Technically, the site is built on WordPress using the Enfold theme, with a moderate level of digital maturity but suffers from slow performance and an invalid SSL certificate, which impacts security and user trust. Security posture is weak due to the lack of a valid SSL certificate and disabled TLS protocols, although cookie consent and privacy policies are properly implemented, indicating good privacy compliance. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

A

Archdiocese of Washington

adwcatholicschools.org

40

The Archdiocese of Washington Catholic Schools website serves as a comprehensive informational portal for a network of 90 Catholic educational institutions ranging from preschool to high school across Washington D.C. and surrounding Maryland counties. The site effectively communicates the organization's mission, educational offerings, and community engagement, targeting families seeking faith-based education. The business model is non-profit and education-focused, with a medium-sized regional presence and a well-established brand identity. Technically, the website is built on WordPress with common libraries such as jQuery and FontAwesome, and integrates marketing and analytics tools including Google Analytics, Facebook Pixel, and LiveChat. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. SEO and mobile optimization are handled well, but accessibility features are basic. From a security perspective, the absence of HTTPS and modern TLS protocols is a major vulnerability. No security headers or consent mechanisms for cookies are present, exposing the site to potential data privacy compliance issues, especially under GDPR. Contact information is clearly provided, but no dedicated security or incident response policies are visible. Overall, while the website is content-rich and professionally presented, the lack of fundamental security measures and privacy compliance mechanisms poses significant risks. Strategic improvements in SSL deployment, security headers, and privacy policies are essential to enhance trust and protect user data.

P

Plena inclusión España

plenainclusion.org

35

Plena inclusión España is a well-established non-profit organization dedicated to advocating for the rights and inclusion of people with intellectual and developmental disabilities and their families in Spain. The organization operates a comprehensive digital presence with rich content, including news, projects, training, and support services, targeting individuals, families, and federations across Spain. Their market position is strong as a leading confederation in this sector, supported by multiple certifications and a consistent brand identity. Technically, the website is built on WordPress using Elementor and several modern plugins, providing a good user experience and mobile optimization. However, performance is slow, and there is room for improvement in speed and technical optimization. The site integrates analytics and marketing tools such as Google Analytics, Pardot, and Complianz for GDPR compliance. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. Other security headers and best practices are partially implemented, but the absence of HTTPS significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the website is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, and enhancing security headers. The domain registration data aligns well with the organization's identity, reinforcing legitimacy.

H

Hopscotch Groupe

hopscotchgroupe.com

49

Hopscotch Groupe is a French communication agency specializing in creative communication and relational capital services. The company targets businesses seeking expertise in public relations, event management, and specialized agency services. The website presents a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress and uses common web technologies such as jQuery, Mapbox, and Google Tag Manager. However, the site lacks HTTPS, which is a critical security vulnerability. Security headers are minimal, and no advanced security frameworks or incident response policies are evident. Privacy compliance is supported by comprehensive privacy and cookie policies with consent mechanisms. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

S

Svalbard Integrated Arctic Earth Observing System

sios-svalbard.org

53

SIOS (Svalbard Integrated Arctic Earth Observing System) is an established international research infrastructure focused on long-term Earth system science measurements in the Svalbard region. The organization operates a mature website providing access to data portals, research infrastructure information, and community resources targeting scientists and researchers in Arctic studies. The website is built on Drupal 10 with modern frontend libraries, offering a good user experience and clear navigation. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Privacy and cookie policies are present and GDPR compliant, reflecting attention to regulatory requirements. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect users and data.

A

Archdiocese of Washington

adw.org

39

The Archdiocese of Washington operates a comprehensive website serving over 667,000 Catholics across Washington, D.C., and surrounding Maryland counties. The site provides extensive information on parishes, schools, faith formation, vocations, social concerns, and community events, positioning itself as a key religious and community resource. The business model is non-profit and community-focused, with a large established presence supported by a mature domain and consistent branding. Technically, the website is built on WordPress with modern plugins and libraries, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of HTTPS and security headers exposes users to potential risks. Privacy policies and terms of service are present but basic, with no cookie consent mechanism detected, indicating partial privacy compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent security improvements to protect users and enhance trust.

S

San Francisco State University

sfsu.edu

40

San Francisco State University is a large public educational institution offering a wide range of undergraduate and graduate programs. The website serves a diverse audience including prospective and current students, faculty, staff, and alumni. It is part of the California State University system and maintains a strong regional presence with comprehensive academic, student life, and community engagement content. The site is built on Drupal 9 and uses modern web technologies such as Bootstrap and Google Tag Manager, reflecting a mature digital infrastructure. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken its security posture. While privacy policies are present, cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent security improvements to protect user data and enhance trust.

H

HP Hood LLC

hphood.com

37

HP Hood LLC operates a well-established website promoting its dairy products brand, Hood®, with a history dating back to 1846. The website offers comprehensive product information, recipes, and store locator features targeting consumers in the United States. The site is professionally designed with consistent branding and good user experience, including mobile optimization and clear navigation. Technically, the site uses Microsoft IIS, Bootstrap, jQuery, and other modern frontend libraries, but lacks a valid SSL certificate and HTTPS support, which is a critical security gap. Cookie consent is implemented via OneTrust, and Google Tag Manager is used for analytics and tracking. Security posture is weak due to missing HTTPS and limited security headers, and no explicit security or incident response policies are found. Overall, the domain registration data aligns well with the business, indicating legitimacy. Strategic improvements in SSL/TLS deployment and security headers are recommended to enhance trust and compliance.

P

Proton AG

simplelogin.co

68

SimpleLogin is a privacy-focused technology company offering an open source email alias service that enables users to protect their inboxes from spam and phishing by using anonymous email aliases. The company operates under Proton AG, a reputable Swiss privacy-centric organization, and targets privacy-conscious users seeking enhanced email anonymity. The website demonstrates strong branding, excellent content quality, and a comprehensive feature set including browser extensions and mobile apps. Technically, the site uses modern web technologies and is hosted on privacy-respecting infrastructure. However, the scanned domain lacks a valid SSL certificate and HTTPS enforcement, which is a critical security gap. The security posture is otherwise solid with SPF and DMARC configured, but improvements are needed in SSL/TLS configuration and security headers. Privacy compliance is good with a clear privacy policy and GDPR alignment, though cookie consent mechanisms are absent. Overall, the business credibility is high with transparent WHOIS data and strong domain protection. Strategic recommendations include immediate SSL certificate deployment, enabling HSTS, and adding cookie consent to enhance security and compliance.

F

Fincom Teh Ltd.

digiseller.com

57

Digiseller is an e-commerce platform specializing in the sale of digital goods such as video games, activation codes, files, and ebooks. The platform targets digital goods sellers and buyers, offering a marketplace with multiple payment options, an affiliate program, and automation tools for sellers. The business operates under Fincom Teh Ltd., based in Bulgaria, and is powered by Sellane Limited. The website presents a professional design with good content relevance and user experience, supported by a moderate-sized user base and partner ecosystem.

EnergyEfficiency4SMEs is an EU co-funded project coordinated by Eurochambres, focused on increasing energy efficiency uptake in SMEs across sectors such as Accommodation and Food services, Agri-food, and Metalwork. The project delivers capacity building, energy audits, financial guidance, and scoping studies to support SMEs in improving energy efficiency. The website is built on WordPress using the OceanWP theme and Elementor, featuring a moderate level of technical maturity but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Contact information and partner logos are clearly presented, enhancing business credibility. However, the absence of HTTPS and security headers exposes the site to risks and undermines user trust.

SEB Eesti operates as a major banking institution in Estonia, providing a broad spectrum of financial services including retail, corporate, and private banking. The website reflects a mature and professional digital presence with comprehensive content targeting private individuals and business clients. The technical infrastructure is based on Drupal CMS with modern frontend technologies, offering good mobile optimization and accessibility. However, the security posture is significantly weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability for a financial services website. Privacy compliance is well addressed with clear cookie and privacy policies, and the domain registration is consistent and trustworthy. Strategic improvements in SSL/TLS configuration and security headers are urgently recommended to protect user data and maintain trust.

SEB.lv is the official website of SEB bank in Latvia, a major financial institution offering comprehensive banking services to private individuals, businesses, and large enterprises. The website provides extensive information on daily banking, loans, investments, insurance, and private banking, supported by a professional and well-structured Drupal-based platform. Multilingual support and clear navigation enhance user experience. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. DNS configurations show good email security practices with SPF and DMARC policies in place. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting strong privacy awareness. Overall, the site demonstrates a mature digital presence but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

A

A2Z Events

mya2zevents.com

49

A2Z Events is a well-established event management software provider offering a comprehensive platform tailored for trade shows, conferences, and corporate events. With over 25 years of industry presence and backing by Personify Corporation, it holds a strong market position supported by a robust suite of event management tools and services. The website demonstrates professional design, rich content, and clear navigation targeting event professionals seeking scalable solutions. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates multiple marketing and analytics tools, reflecting a mature digital infrastructure. However, the security posture is currently weak due to the absence of a valid SSL certificate and missing security headers, which poses risks to user data confidentiality and trust. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is credible and professional but requires urgent security improvements to align with best practices and user expectations.

E

European Flying Disc Federation

efdf.org

29

The European Flying Disc Federation (EFDF) is a well-established non-profit organization dedicated to the promotion and governance of flying disc sports across Europe. The website serves as an informational hub for multiple flying disc disciplines, providing news, event updates, and organizational details. The domain is mature and consistent with the organization's history, reinforcing its legitimacy. Technically, the site is built on WordPress with a standard theme and common libraries, but suffers from slow load times and lacks modern security configurations such as HTTPS. Security posture is weak due to the absence of a valid SSL certificate, missing security headers, and lack of DNSSEC. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Contact information is not explicitly provided, which may hinder user trust and compliance. Overall, the site is functional and informative but requires significant improvements in security and privacy to meet modern standards.