Security Directory

B

Bombardier

bombardier.com

52

Bombardier is a mature enterprise specializing in the design, manufacture, and maintenance of ultra-long-range business jets and specialized defense aircraft. The company targets discerning individuals, businesses, and governments globally, maintaining a strong market position with a comprehensive portfolio of aircraft and support services. The website reflects a high level of professionalism, rich multimedia content, and consistent branding aligned with Bombardier's industry stature. Technically, the site leverages Drupal CMS, modern JavaScript frameworks, and monitoring tools like New Relic, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. However, the absence of HTTPS and security headers presents significant vulnerabilities. Overall, the domain registration is consistent with the business history, reinforcing legitimacy. Strategic improvements in SSL deployment and security configurations are essential to enhance trust and compliance.

K

Kontron Technologies GmbH

secureguard.eu

23

Kontron Technologies GmbH is a medium-sized Austrian technology company specializing in Industrial IoT, digitalization, and smart energy solutions. With over 20 years of experience, they provide tailored software development, workforce management, and expert services to optimize business processes. The website is professionally designed, content-rich, and targets B2B clients seeking innovative technology solutions. Technically, the site runs on Drupal 10 with Apache but lacks a valid SSL certificate, exposing it to security risks. Cookie consent and privacy policies are well implemented, ensuring GDPR compliance. However, the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Overall, the domain registration data aligns well with the business claims, indicating legitimacy. Strategic improvements in SSL deployment and security headers are recommended to enhance trust and protect user data.

The British Council is a globally recognized UK-based non-profit organization specializing in cultural relations and educational opportunities. With a presence in over 100 countries and a history spanning 90 years, it offers a broad range of services including English language learning, exams such as IELTS, study and work abroad programs, and arts and cultural initiatives. The website reflects a mature, professional digital presence with excellent content quality and clear navigation tailored to a diverse international audience.

T

TTTech Auto

tttech-auto.com

40

TTTech Auto is a leading Austrian technology company specializing in system solutions and network hardware for software-defined vehicles, focusing on safety-critical automotive applications. The company holds a strong market position as a platform product and service provider with a comprehensive portfolio including software products, hardware products, and consulting services. Their target audience primarily includes automotive manufacturers and developers seeking advanced safety and security solutions for next-generation vehicles. Technically, the website is built on Drupal 10 and protected by Sucuri Cloudproxy, with modern web design and good SEO and accessibility features. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken the security posture, exposing the site to risks and reducing trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding, structured data, and transparent contact information.

S

SCIA

scia.net

40

SCIA is a well-established company specializing in structural engineering software solutions, holding a leading market position in Europe. The company offers a range of products including SCIA Engineer and BIM solutions, supported by local expert teams and a comprehensive webshop. The website reflects a mature digital presence with professional design, clear navigation, and rich content targeting structural engineers and construction professionals. Technically, the site uses Drupal 9 CMS, Bootstrap framework, and is hosted behind Cloudflare, leveraging modern marketing and analytics tools such as Google Tag Manager and Marketo. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Privacy compliance is partially met with a clear privacy policy but lacks a cookie consent mechanism despite active tracking. Business credibility is strong with visible certifications, testimonials, and clear contact information. Overall, SCIA demonstrates a solid business and technical foundation but must urgently address security and privacy shortcomings to enhance trust and compliance.

A

ATP Koncernen

atp.dk

34

ATP Koncernen is a large Danish financial and governmental entity focused on securing economic welfare through pension management and welfare administration for Danish citizens. The website reflects a strong market position with comprehensive services including lifelong pension and welfare benefits administration. The digital infrastructure is built on Drupal CMS with integrations for cookie consent and analytics, demonstrating a mature technical setup. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing the site to risks and reducing trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to align with best practices.

N

NTS Retail

ntsretail.com

28

NTS Retail is a specialized B2B software provider offering smart commerce and retail management solutions primarily for telecommunications operators and specialist retailers. The company positions itself as a preferred partner for leading telco brands worldwide, delivering unified commerce platforms and tailored retail management services. Their website reflects a professional and consistent brand image with strong client references and active social media engagement. Technically, the website is built on Drupal CMS, hosted on Azure DNS infrastructure, and utilizes Apache server technology. It incorporates modern JavaScript libraries and analytics tools such as Matomo and Google Tag Manager. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the security posture and user trust. Security-wise, while some security headers are implemented, the lack of HTTPS, HSTS, and incident response information exposes the site to risks and compliance gaps. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site demonstrates good business credibility but requires urgent security improvements. Strategically, the company should prioritize securing its website with HTTPS, implement comprehensive privacy and cookie consent mechanisms, and publish clear security policies and incident response contacts to enhance trust and compliance.

École polytechnique is a prestigious French engineering school offering a wide range of educational programs including Bachelor, Master, Doctorate, and Executive Education. It is a founding member of the Institut polytechnique de Paris and focuses on research, innovation, and entrepreneurship. The website targets students, researchers, entrepreneurs, alumni, and corporate partners, providing comprehensive information about academic programs, research labs, innovation centers, and community engagement. Technically, the site is built on Drupal CMS with modern frontend technologies but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms. Social media presence is strong with official accounts on Facebook, YouTube, LinkedIn, and Instagram. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and modern TLS protocols.

K

Kontron AG

escat.at

37

ESCAT, now part of Kontron AG, provides advanced document management, digitalization, and managed print services primarily targeting Austrian businesses. The website presents a professional and well-structured digital presence built on Drupal 10, with clear navigation and relevant content tailored to its B2B audience. However, the absence of a valid SSL/TLS certificate critically undermines the security posture, exposing users to risks associated with unencrypted communications. While cookie consent and privacy policies are implemented, the site lacks explicit security and incident response disclosures. The technical infrastructure is modern but requires urgent security upgrades to meet industry standards.

zeb.rolfes.schierenbeck.associates gmbh is a leading European strategy, management, and IT consulting firm specializing in the financial services industry. The company offers a broad range of consulting services including transformation, regulatory compliance, and corporate education, targeting banks, insurance companies, and financial technology specialists. Their market position is strong within Europe, supported by multiple subsidiary domains and partner sites across key financial markets. The website is professionally designed with excellent content quality and clear navigation, supporting a positive user experience and strong brand consistency. Technically, the website is built on Drupal 11 with modern frameworks such as Bootstrap and integrates analytics tools like Matomo and Google Tag Manager. Accessibility features and cookie consent mechanisms are implemented, reflecting good digital maturity. However, the website suffers from critical security issues due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts the security posture and overall trustworthiness. Security headers are well configured, but the lack of TLS protocols and OCSP stapling are notable vulnerabilities. Privacy compliance is strong, with comprehensive privacy and cookie policies and GDPR adherence. The company maintains active social media channels and provides clear contact information, enhancing business credibility. Overall, while the business and content aspects are excellent, urgent improvements in SSL/TLS configuration are necessary to elevate the security posture and user trust.

The website dondusang.net represents the official French public blood service, Etablissement français du sang (EFS). It provides comprehensive information and services related to blood, plasma, and platelet donations across France. The site is well-branded, content-rich, and targets donors, associations, and the general public with clear calls to action and partner engagement. Technically, the site is built on Drupal CMS, uses modern tracking and analytics tools, and integrates multiple partner domains. However, it lacks HTTPS support, which is a critical security flaw exposing users to risks. Security headers are well configured but cannot compensate for the absence of SSL/TLS. Privacy policies and cookie consent mechanisms are present and GDPR compliant. Overall, the site demonstrates a high level of professionalism and trustworthiness but requires urgent security improvements.

x-tention is a medium-sized Austrian IT company specializing in comprehensive IT solutions for the healthcare and social sectors. Founded in 2001 and part of the xt Unternehmensgruppe, it offers consulting, software development, data science, managed services, and cybersecurity. The company targets healthcare providers and social organizations, emphasizing innovative and secure digital health solutions. The website is professionally designed, content-rich, and well-structured, supporting multiple languages and providing clear contact and support channels. Technically, the site uses Drupal 10 and modern web technologies, but suffers from critical security issues due to the absence of a valid SSL certificate and HTTPS support, severely impacting its security posture. Privacy compliance is strong with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the business credibility is high, but urgent improvements in SSL/TLS implementation are needed to secure user data and trust.

D

dwarfs and Giants eG

dwarfsandgiants.org

40

dwarfs and Giants eG is a small Austrian cooperative consultancy specializing in organizational development and new work methodologies. Their website, built on Drupal 10, offers comprehensive content including workshops, client stories, and toolboxes aimed at helping organizations improve work culture and self-organization. The site is well-designed, mobile-optimized, and provides clear navigation and professional content. However, the technical infrastructure lacks a valid SSL certificate and does not support modern TLS protocols, significantly weakening the security posture. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the business presents itself as credible and trustworthy, but the lack of HTTPS is a critical security gap that must be addressed.

Desmet is a well-established global engineering company specializing in custom plants and equipment for the food, feed, and biofuel industries. With a large workforce and multiple brands, it holds a strong market position supported by extensive experience and a professional digital presence. The website is content-rich, well-structured, and uses modern technologies, but critically lacks HTTPS/SSL, which severely impacts its security posture. While security headers are implemented, the absence of valid SSL/TLS and related configurations exposes the site to risks. Privacy compliance is partially addressed with visible privacy and cookie policies, but no explicit consent mechanism is detected. Business credibility is high due to clear branding, contact information, and WHOIS consistency. Strategic improvements in security infrastructure and incident response readiness are recommended.

S

Suntory Global Spirits

beamsuntory.com

40

Suntory Global Spirits is a leading global manufacturer and marketer of premium spirits, including whiskey, tequila, vodka, and gin. The company emphasizes quality craftsmanship, sustainability, and cultural heritage, targeting a global audience of premium spirit consumers and industry professionals. The website is professionally designed, content-rich, and consistent with the brand's market position and values. Technically, the site uses Drupal 10 CMS with modern JavaScript libraries and Google Tag Manager for analytics and marketing. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy compliance. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

D

Dr. Schär AG / SPA

drschaer.com

29

Dr. Schär is a well-established company specializing in products for people with special nutritional needs, particularly in gluten-free and related dietary areas. The company has a strong market position with over 100 years of experience and multiple specialized brands. Their website reflects a professional and consistent brand image, targeting consumers and healthcare professionals. Technically, the site is built on Drupal 9 with the Thunder distribution and incorporates modern web technologies and marketing tools such as Google Tag Manager. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that significantly impacts the site's security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

P

Phoron Group GmbH

phoron.com

27

Phoron Group GmbH is an established international SAP consulting firm founded in 2004, specializing in SAP Cloud ERP, technology consulting, and sustainability solutions. The company targets medium and large enterprises, offering a comprehensive portfolio of SAP-related services. The website is professionally designed, content-rich, and consistent with the company's business model and market positioning. Technically, the site runs on Drupal 10 with Apache server and integrates Google Tag Manager and Sendinblue for marketing and analytics. However, a critical security weakness is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Business credibility is supported by trust indicators such as certifications and social media presence, though direct contact emails and phone numbers are not publicly visible. Overall, the site demonstrates strong business and content quality but requires urgent security improvements.

F

FRANZ OBERNDORFER GmbH & Co KG

oberndorfer.at

27

FRANZ OBERNDORFER GmbH & Co KG is Austria's largest precast concrete manufacturer with over 100 years of experience in planning, development, and production of concrete elements. The company holds a leading market position in Austria, offering a comprehensive product portfolio and full-service solutions including logistics and assembly. Their website reflects a mature digital presence built on Drupal 9, with good content quality and clear navigation targeting B2B customers in construction and real estate sectors. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap that undermines user trust and data protection. While cookie compliance and privacy policies are well implemented, the lack of explicit security policies and incident response information indicates room for improvement in security governance. Overall, the business is credible and professional, but urgent action is needed to secure the website infrastructure.

M

Mundipharma International Limited

mundipharma.com

40

Mundipharma International Limited operates a global healthcare website focused on pharmaceutical and consumer health products with a strong patient-centric approach. The website targets healthcare professionals, patients, and partners, providing corporate information, career opportunities, and media resources. The digital infrastructure is built on Drupal CMS with integrations including Google Analytics, Hotjar, and various marketing and tracking tools, hosted behind Cloudflare CDN. While the website content is professionally presented with good navigation and mobile optimization, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which are critical issues that must be addressed to ensure secure communications and user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, the website is credible and professionally maintained but requires urgent SSL/TLS remediation to improve security and trust.

A

Air Liquide

airliquide.com

40

Air Liquide is a global leader in gases, technologies, and services for industry and healthcare, operating in 60 countries with a large workforce and millions of customers. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding. However, the technical security posture is weak due to an invalid SSL certificate and disabled TLS protocols, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. The absence of direct contact information and vulnerability disclosure policies suggests areas for improvement in transparency and incident response readiness. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy.

TDK Corporation is a leading global manufacturer of electronic components and devices, specializing in high magnetics technology. The company maintains a strong market position with a comprehensive corporate website offering detailed information on its business, sustainability efforts, investor relations, and career opportunities. The website is professionally designed, multilingual, and targets investors, customers, and job seekers worldwide. Technically, the site is built on Drupal CMS with modern JavaScript libraries such as jQuery, Swiper.js, and GSAP, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS and security headers, though privacy and cookie policies are present with consent mechanisms, indicating good privacy compliance. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

H

Holcim

lafargeholcim.com

40

Holcim is a globally recognized enterprise specializing in innovative and sustainable building materials and solutions. The company positions itself as a leader in decarbonizing construction with a broad portfolio including low-carbon cement, concrete, roofing, and insulation products. Their website reflects a mature, well-established business with a strong emphasis on sustainability, innovation, and corporate responsibility. The target audience includes construction professionals, architects, investors, and sustainability advocates worldwide. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and employs modern web technologies and SEO best practices. However, a critical security gap exists due to the absence of HTTPS/SSL, which severely impacts the site's security posture. While security headers are properly configured, the lack of encryption exposes users to risks. Privacy and cookie policies are comprehensive and GDPR compliant, indicating good privacy governance. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

P

PageGroup

page.com

40

PageGroup is a well-established global recruitment consultancy operating since 1976 with a strong market position and multiple specialist brands. The website reflects a professional corporate presence with comprehensive content targeting job seekers, employers, and investors. Technically, the site uses a mature Drupal CMS platform with modern front-end libraries and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which critically impact secure communications. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy but requires urgent security improvements to protect user data and maintain credibility.

R

Randstad Austria GmbH

randstad.at

40

Randstad Austria GmbH operates as a leading personnel service provider in Austria, offering staffing, recruitment, and HR solutions. The company is part of the global Randstad N.V. group and targets job seekers and companies within Austria. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. Technically, the site uses Drupal CMS with React components, hosted on AWS infrastructure with CloudFront CDN. However, a critical security gap exists as the website lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Security headers are well implemented, but the absence of HTTPS significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact and company registration information provided. Social media presence is robust, enhancing trust and engagement.

P

Pierre Fabre Laboratories

pierre-fabre.com

40

Pierre Fabre Laboratories is a well-established French pharmaceutical and dermocosmetics group with a global presence and a strong portfolio of brands. The company focuses on developing innovative healthcare and beauty solutions inspired by patients and consumers. Their website reflects a mature digital presence with comprehensive content, multilingual support, and clear business information. However, the technical infrastructure shows weaknesses, particularly in security, as the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical issue for user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism implemented via OneTrust. Overall, the website is professional and trustworthy but requires urgent security improvements to meet modern standards.

T

TEST-FUCHS GmbH

test-fuchs.com

40

TEST-FUCHS GmbH is a well-established manufacturing company specializing in test systems and aerospace systems, with a history dating back to 1946. The company has grown into a medium-sized enterprise with a global presence and over 600 employees. Their website reflects a professional corporate identity with clear navigation and relevant business content targeting industrial B2B clients. Technically, the website is built on Drupal CMS with modern JavaScript libraries, but lacks HTTPS security, which is a significant risk. The absence of a valid SSL certificate and modern TLS protocols exposes visitors to potential data interception and undermines trust. Privacy compliance is addressed with a cookie consent mechanism and a basic GDPR-compliant privacy policy. However, no explicit security policies or incident response contacts are published, and no vulnerability disclosure mechanisms are present. Overall, the website is functional and professional but requires urgent security improvements to protect users and enhance credibility.

T

TransPerfect

transperfect.com

40

TransPerfect is a leading global provider of translation and localization services, serving a wide range of industries including technology, healthcare, finance, retail, and media. The company operates an enterprise-grade website built on Drupal 10, featuring extensive content, client case studies, and multiple subsidiary domains. The technical infrastructure includes modern web technologies and CDN services, ensuring good performance and mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a critical risk to secure communications. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website reflects a mature, professional enterprise with strong business credibility but requires urgent remediation of SSL/TLS issues to improve security and trust.

N

NOVOMATIC AG

novomatic.com

40

NOVOMATIC AG is a leading global gaming technology company headquartered in Austria, founded in 1980. It operates as a full-service provider in the gaming industry, offering a broad portfolio including gaming cabinets, games, platforms, and additional products. The company has a strong market position as one of the largest gaming technology corporations worldwide and the clear market leader in Europe. The website reflects a professional corporate presence targeting industry partners, casino operators, and job seekers, with comprehensive contact information and multilingual support. Technically, the website is built on Drupal 10 CMS and leverages modern JavaScript libraries and analytics tools such as Matomo. It is hosted behind Sucuri Cloudproxy WAF, ensuring some level of protection. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that significantly lowers the security posture. The site implements security headers and content security policies but must urgently address SSL/TLS configuration to protect user data and maintain trust. Privacy compliance is well addressed with GDPR-compliant privacy and cookie policies, including a consent mechanism. The company demonstrates business credibility through detailed contact information, licensing by the UK Gambling Commission, and consistent WHOIS data. Overall, the site is content-rich, professionally designed, and trustworthy but requires immediate security improvements regarding SSL/TLS. Strategic recommendations include obtaining and properly configuring SSL certificates, enabling modern TLS protocols, enhancing OCSP stapling and session resumption, and maintaining strong security header policies. These steps will improve security, user trust, and compliance with industry standards.

D

Danish e-Infrastructure Consortium (DeiC)

deic.dk

40

DeiC (Danish e-Infrastructure Consortium) is a government-affiliated consortium established in 2011 that provides critical e-infrastructure services to Danish universities and research institutions. Their offerings include high-performance computing, data management, quantum infrastructure, and research network connectivity. The organization targets academic and research communities in Denmark, positioning itself as a national leader in research infrastructure. The website reflects a mature and professional digital presence with comprehensive content and clear navigation, built on Drupal 9 with modern web technologies. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no proper HTTPS support. This significantly impacts the security posture and user trust. Privacy and cookie policies are well implemented and GDPR compliant, with Matomo analytics used responsibly. Contact information is clearly provided, enhancing business credibility. Overall, DeiC's website demonstrates strong business and content quality but requires urgent security improvements to meet modern standards.

S

San Francisco State University

sfsu.edu

40

San Francisco State University is a large public educational institution offering a wide range of undergraduate and graduate programs. The website serves a diverse audience including prospective and current students, faculty, staff, and alumni. It is part of the California State University system and maintains a strong regional presence with comprehensive academic, student life, and community engagement content. The site is built on Drupal 9 and uses modern web technologies such as Bootstrap and Google Tag Manager, reflecting a mature digital infrastructure. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken its security posture. While privacy policies are present, cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent security improvements to protect user data and enhance trust.

The Latin America IP SME Helpdesk is an official European Commission service providing free intellectual property assistance to SMEs from the EU and SMP-associated countries targeting the Latin American market. It offers confidential advice, training, and resources to improve global competitiveness. The website is professionally designed, content-rich, and well-structured, targeting SMEs seeking IP support in Latin America. Technically, the site is built on Drupal 10 and hosted by Level27 bv, with moderate performance and good mobile and accessibility features. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies, and contact information is transparent and institutional. Overall, the site is trustworthy but urgently needs to address its SSL/TLS configuration to improve security posture and user trust.

kozadattar.hu is an official Hungarian government website supporting the Közadat program, which mandates public institutions to publish metadata about public interest data sets online. The platform facilitates registration and data provision for these institutions and offers free applications to assist in compliance. The target audience includes government bodies and citizens interested in transparency and public data access. The website is operated under the auspices of NISZ Nemzeti Infokommunikációs Szolgáltató Zrt., a government-affiliated entity. Technically, the website is built on Drupal 7 with jQuery and related modules. It is hosted on government infrastructure with DNS and mail servers under gov.hu domains. However, the site suffers from slow performance and lacks modern web optimizations. Mobile responsiveness and accessibility are basic, and SEO features are minimal. From a security perspective, the site has critical deficiencies: it lacks a valid SSL certificate and does not support any TLS protocols, exposing users to insecure connections. No security headers or DNS security features are implemented. The outdated Drupal 7 CMS may pose additional risks if not properly maintained. Privacy and cookie policies are absent, indicating compliance gaps with GDPR and related regulations. Overall, while the site fulfills an important government transparency function, its technical and security posture is weak. Immediate improvements in SSL deployment, security headers, and privacy compliance are recommended to enhance trust and protect users.

L

Lepida S.c.p.A.

cup2000.it

39

Lepida S.c.p.A. is a well-established regional ICT consortium founded in 1997, serving the Emilia-Romagna region in Italy. It provides a broad range of digital infrastructure and software services primarily targeting public administration, healthcare, and social assistance sectors. The company holds multiple ISO certifications, indicating a strong commitment to quality, security, and environmental standards. The website reflects a mature digital presence with comprehensive content, clear navigation, and good user experience. However, the lack of a valid SSL certificate and HTTPS implementation is a significant security gap that undermines the overall security posture. Privacy and cookie policies are well implemented with consent mechanisms, and the use of Matomo analytics shows a privacy-conscious approach to user tracking. The domain is mature and consistent with the business claims, enhancing trustworthiness. Strategic improvements in SSL/TLS deployment and enhanced security configurations are recommended to elevate the security and trust levels.

P

Petroliam Nasional Berhad (PETRONAS)

petronas.com

39

PETRONAS is a leading Malaysian national oil and gas company with a strong global presence and diversified energy portfolio. The website reflects a mature enterprise with comprehensive information on its business units, sustainability initiatives, investor relations, and corporate governance. The technical infrastructure is modern, leveraging Drupal 9 CMS, Algolia search, and Azure hosting, with good mobile optimization and SEO practices. However, the security posture is critically weakened by the absence of a valid SSL certificate and HTTPS support, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to improve security and user confidence.

O

Oma Säästöpankki Oyj

omasp.fi

40

Oma Säästöpankki Oyj operates as a Finnish savings bank providing comprehensive banking services to both individual and corporate customers. The company emphasizes personalized customer service through digital channels, direct phone contact, and physical branches. Their market position is that of a trusted, customer-centric financial institution with a strong local presence in Finland. Key services include loans, savings, investments, and digital banking solutions. The website reflects a mature digital infrastructure built on Drupal CMS, hosted on AWS, and integrates modern marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is robust with HTTPS enforced, strong cipher suites, and OCSP stapling, though improvements like TLS 1.3 and HSTS could enhance security further. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the website is professional, trustworthy, and user-friendly, though performance optimization could be improved due to a relatively slow load time.

T

Tieteellisten seurain valtuuskunta

tsv.fi

40

Tieteellisten seurain valtuuskunta (TSV) is a Finnish non-profit organization dedicated to supporting scientific societies and promoting open science practices within Finland. The website serves as an information portal for their services including grant funding, event organization, and scientific communication targeted primarily at the academic and research community. The organization holds a key position nationally as a facilitator of scientific collaboration and open knowledge dissemination. Technically, the website is built on Drupal 7 CMS with a traditional jQuery-based frontend and uses Matomo for analytics. The site is moderately performant with a page load time around 4 seconds and is mobile responsive with good navigation clarity. However, the SSL/TLS configuration is currently invalid, resulting in insecure HTTPS connections, which is a significant security concern. The site lacks modern security headers and cookie consent mechanisms, although DNS email security records like SPF and DMARC are properly configured. From a security perspective, the site demonstrates basic best practices in email security and tracking transparency but falls short in SSL implementation and HTTP security headers. No incident response or vulnerability disclosure policies are publicly available. Contact information is clearly presented, enhancing business credibility. Overall, the site is functional and professional but requires urgent improvements in SSL security and privacy compliance to meet modern standards.

L

Liberty Mutual Strategic Ventures

lmstrategicventures.com

62

Liberty Mutual Strategic Ventures operates as the corporate venture capital arm of Liberty Mutual Insurance, focusing on early-stage investments in software, platform, and service companies that innovate within the (re)insurance sector. The fund primarily invests in the US and Europe, targeting strategic areas such as mobility, PropTech, FinTech, InsurTech, and enterprise solutions. The website provides detailed information about investment strategy, portfolio companies, team members, and exits, positioning LMSV as a significant player in insurance-related venture capital backed by a large insurance parent company. Technically, the website is built on Drupal 10 and integrates marketing and analytics tools such as Adobe Launch and Tealium. The site is hosted behind Akamai DNS servers but lacks a valid SSL certificate and HTTPS support, which is a critical security concern. Performance is slow with a large page size and many resources. Accessibility and SEO are basic to good, with mobile optimization rated good. Security posture is weak due to missing HTTPS, lack of security headers, and no DNSSEC or CAA records. Privacy compliance is moderate with a clear privacy policy linked from the parent company but no cookie consent mechanism detected. Business credibility is strong given the detailed content, team bios, and trust signals linking to Liberty Mutual corporate resources. Overall, the site is informative and professional but requires urgent security improvements, especially SSL/TLS implementation, to ensure secure user interactions and compliance with modern web security standards.

I

IMT Mines Albi

imt-mines-albi.fr

40

IMT Mines Albi is a reputable French engineering school specializing in generalist engineering education and research, operating under the Institut Mines-Télécom group. The website presents a professional and content-rich platform targeting prospective students, researchers, and industry partners. Technically, the site is built on Drupal 10 with modern frontend technologies and includes cookie consent mechanisms. However, the absence of HTTPS and a valid SSL certificate is a critical security flaw that undermines user trust and data protection. The site shows good design, navigation, and accessibility but lacks explicit privacy and terms of service documentation. Security headers are partially implemented but insufficient without HTTPS. Overall, the site is functional and credible but requires urgent security improvements.

I

IMT Atlantique

imt-atlantique.fr

40

IMT Atlantique is a prestigious French engineering school specializing in generalist engineering education with a strong focus on digital technologies, energy, and environmental sciences. It holds a significant market position as evidenced by its high ranking and membership in the Institut Mines-Télécom network. The website reflects a mature digital presence with comprehensive content targeting students, researchers, academic partners, and enterprises. Technically, the site is built on Drupal 10 with modern front-end libraries and good SEO and accessibility practices. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing users to risks and undermining trust. The site implements GDPR-compliant cookie consent and privacy policies, but lacks visible terms of service and incident response information. Social media integration and partner affiliations enhance its credibility and outreach.

E

ENSTA Bretagne

ensta-bretagne.fr

40

ENSTA Bretagne is a reputable French engineering school specializing in advanced technologies for defense, maritime, and high-tech industries. It offers a range of educational programs including engineering degrees, masters, specialized masters, and doctoral studies. The institution maintains strong partnerships with government defense bodies and leading industry players, reinforcing its market position as a Grande École with a focus on innovation and applied research. Technically, the website is built on Drupal 10 with modern JavaScript libraries and includes a cookie consent mechanism compliant with GDPR. However, the site suffers from critical security shortcomings, notably the absence of SSL/TLS encryption, which severely impacts its security posture. Performance is suboptimal with slow load times, though mobile optimization and content quality are good. Security-wise, the lack of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and institutional reputation. Strategic recommendations include immediate implementation of valid SSL certificates, enhancement of security headers, and performance optimization to improve user experience and security compliance.

E

Excelia Group

excelia-group.com

64

Excelia Group is a reputable French higher education institution offering a wide range of undergraduate and postgraduate programs in business, tourism, communication, and related fields. Founded in 1988 and co-founded by regional chambers and councils, it holds prestigious triple accreditation and ranks well internationally. The website reflects a mature digital presence with a comprehensive program overview, multilingual support, and strong branding. Technically, the site is built on Drupal with modern libraries and hosted behind Cloudflare, though performance could be improved. Security posture is solid with HTTPS and SPF/DMARC email protections, but lacks HSTS and DNSSEC. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Overall, Excelia demonstrates strong business credibility and digital maturity.

G

Globant

globant.com

59

Globant is a leading global IT and software development company specializing in AI-driven business transformation and digital innovation. Operating across multiple countries, Globant offers a subscription-based AI Pods model alongside enterprise AI solutions, software engineering, and design services. The company is recognized as a top IT services brand with strong market positioning and a broad industry reach including finance, healthcare, media, and retail. Technically, the website is built on Drupal CMS, leveraging modern libraries and Google services for analytics and security. However, the site currently lacks a valid SSL/TLS certificate, which significantly impacts its security posture. Despite this, Globant implements strong security headers and privacy policies, including GDPR compliance and cookie consent mechanisms. The website demonstrates excellent content quality, professional design, and clear navigation, supporting a high level of business credibility. Strategic improvements in SSL/TLS configuration and enhanced security practices are recommended to elevate the overall security and trustworthiness.

É

École polytechnique

polytechnique.edu

51

École polytechnique is a prestigious French engineering school that combines research, education, and innovation at the highest scientific and technological levels. It operates as a leading educational institution within the Institut polytechnique de Paris, offering a wide range of programs including Bachelor, Master, Doctorate, and Executive education. The school maintains strong partnerships with industry and alumni networks, supporting entrepreneurship and technology transfer. Technically, the website is built on Drupal CMS with modern frontend libraries, but suffers from slow performance and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the institution presents a professional and trustworthy digital presence, though improvements in security and performance are recommended.

E

Excelia Group

excelia-group.fr

40

Excelia Group is a well-established French higher education institution founded in 1988, offering a broad portfolio of programs across business, tourism, communication, real estate, health, and languages. It holds prestigious triple accreditation (EQUIS, AACSB, AMBA) and is recognized in global rankings, positioning it as a reputable player in the education sector. The website reflects a professional and content-rich digital presence, targeting students, parents, professors, and corporate partners with comprehensive program details and support services. Technically, the site is built on Drupal CMS with modern JavaScript libraries and integrates marketing and analytics tools such as Matomo and Crisp chat. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS enforcement, which undermines user trust and data security. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. Overall, the site demonstrates strong business credibility and user engagement but requires urgent security improvements to protect users and enhance trust.

A

Agence Locale Pour la Coopération Européenne (ALPC)

europe-en-nouvelle-aquitaine.eu

40

The website europe-en-nouvelle-aquitaine.eu serves as the official digital presence of the Europe office for the Nouvelle-Aquitaine region in France. It provides comprehensive information and support related to European funding, project submission, and regional development initiatives. The site targets a diverse audience including regional businesses, public entities, associations, and individual beneficiaries seeking European aid and partnership opportunities. The business model is that of a public regional agency facilitating access to European funds and promoting regional cooperation. Technically, the website is built on the Drupal CMS platform, utilizing common web technologies such as Bootstrap, jQuery, Google Fonts, and Google Maps API. While the site is mobile-optimized and offers good navigation and content relevance, its performance is slow with a page load time exceeding 12 seconds. SEO and accessibility are basic but functional. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS protection. No security headers or DNS security features like DNSSEC or CAA records are implemented. Cookie consent is present, but privacy and security policies are basic. The absence of HTTPS and security headers significantly lowers the security posture, posing risks to user data confidentiality and integrity. Overall, the website is professionally designed and serves its informational purpose well but requires urgent improvements in security infrastructure, especially SSL implementation and security headers. Enhancing performance and accessibility would also benefit user experience and trustworthiness.

A

ADI Nouvelle-Aquitaine

adi-na.fr

40

ADI Nouvelle-Aquitaine is a regional development and innovation agency focused on supporting businesses and territories in the Nouvelle-Aquitaine region of France. The organization provides services including innovation support, project financing, business acceleration, and partner networking to foster sustainable economic growth and transitions. The website reflects a strong regional presence with comprehensive content, clear navigation, and multiple trust signals such as testimonials and partner logos. Technically, the website is built on Drupal CMS, served by nginx, and integrates modern JavaScript libraries like Splide.js and Matomo for analytics. The site is mobile-optimized and accessible, with good SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, limiting the site's security posture. Security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options are present, but the lack of TLS protocols and HSTS reduces overall security. Privacy compliance is well addressed with visible privacy and cookie policies and a consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

Healthy Blue of South Carolina is a Medicaid health insurance provider operating under BlueChoice HealthPlan, an independent licensee of the Blue Cross Blue Shield Association. The website serves South Carolina residents eligible for Medicaid, offering enrollment, benefits information, provider resources, and member services. It positions itself as a large network with unique wellness programs and a trusted brand affiliation. Technically, the site is built on Drupal 10 with integrations for member login and analytics, but suffers from slow performance and lacks HTTPS security. The security posture is weak due to the absence of a valid SSL certificate and missing security headers, exposing users to potential risks. Privacy policies and terms of service are present, but cookie consent mechanisms are missing despite tracking scripts. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

V

Verein für Konsumenteninformation (VKI)

europakonsument.at

40

Europakonsument.at is the official website of the European Consumer Centre Austria, operated by the Verein für Konsumenteninformation (VKI). It provides free advice and assistance to consumers facing cross-border issues within the EU, UK, Norway, and Iceland. The site offers complaint forms, consumer rights information, and updates on relevant topics such as travel, online shopping, and warnings. The organization is government-backed and co-funded by the EU, positioning it as a trusted non-profit consumer advocacy entity in Austria. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses Matomo for analytics. While the site is content-rich and well-structured with good mobile optimization and accessibility, it suffers from a lack of a valid SSL certificate, resulting in a basic security posture. Privacy compliance is strong with a clear cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is professional and trustworthy but requires urgent improvements in SSL and security headers to enhance user trust and security.

V

Verein für Konsumenteninformation (VKI)

verbraucherrecht.at

40

The website Verbraucherrecht.at is operated by the Verein für Konsumenteninformation (VKI), a prominent Austrian non-profit organization focused on consumer rights and legal information. It provides comprehensive resources including news, legal judgments, collective actions, and educational offerings targeted at Austrian consumers. The site is well-branded, consistent, and supported by the Austrian Ministry of Social Affairs, reinforcing its authoritative position in the consumer protection sector. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses modern web technologies including Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly undermines user trust and security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site offers valuable content and services but requires urgent security improvements to meet modern standards.