Security Directory

T

TBC, Inc.

tbc.us

53

TBC, Inc. is a well-established full-service advertising and marketing agency based in Baltimore, Maryland. The company offers a comprehensive suite of services including digital advertising, brand and content strategy, broadcast and multi-media, social media, design, public relations, and data analytics. Their market position is strong, serving a diverse range of industries such as education, financial services, retail, tourism, health & wellness, casinos & gaming, and associations. The agency emphasizes a data-driven and AI-augmented approach to marketing, aiming to deliver targeted strategies and measurable results for their clients. Technically, the website is built using modern frameworks like Vue.js and Nuxt.js, hosted likely on AWS infrastructure, and integrates multiple analytics and tracking tools such as Google Analytics, Hotjar, Microsoft Clarity, and FullStory. The site is well-optimized for mobile devices, accessible, and SEO-friendly, reflecting a mature digital presence. From a security perspective, the website employs HTTPS with strong SSL configuration and includes essential security headers. There are no visible vulnerabilities or exposed sensitive data. However, the site lacks a cookie consent mechanism and explicit security or incident response policies, which are areas for improvement. Overall, the website presents a professional, trustworthy, and comprehensive digital footprint for TBC, Inc., with strong business credibility and technical implementation. The main risks relate to privacy compliance enhancements and formalizing security policies to align with best practices.

M

MW SERVICES LIMITED

rolla.com

43

Rolla.com operates as a free-play social casino platform offering a wide variety of slot games and social gaming features targeted primarily at American users. The business is positioned as a leading new entrant in the social casino market, emphasizing daily bonuses, VIP rewards, and a strong community experience. The company behind the site is MW SERVICES LIMITED, registered in Gibraltar, which aligns with the business claims and provides legitimacy to the operation. The website is professionally designed with consistent branding and good content quality, supporting a positive user experience.

S

Sartori Cheese

sartoricheese.com

52

Sartori Cheese is a fourth-generation family-owned artisan cheese manufacturer based in Wisconsin, USA, with a rich heritage dating back to 1939. The company produces a wide range of award-winning cheeses, including their signature BellaVitano line, and serves both retail consumers and foodservice partners. Their business model combines traditional craftsmanship with modern e-commerce and foodservice solutions, positioning them as a respected leader in the artisan cheese market. The website reflects a mature digital presence with comprehensive content, including product details, recipes, company history, and educational resources. Technically, the site leverages modern frameworks like Nuxt.js and Vue.js, integrated with a headless CMS (Storyblok), and employs best practices in security and privacy compliance. Security posture is strong with HTTPS, security headers, and secure forms, though no explicit security policy or incident response page was found. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance, supporting Sartori's market position as a premium cheese brand.

J

Jumbo Supermarkten

jumbo.com

62

Jumbo Supermarkten is a leading Dutch supermarket chain offering a wide range of groceries with a strong emphasis on low prices, home delivery, and customer service. The website provides comprehensive services including online ordering, recipe inspiration, and personalized offers, positioning itself as a major player in the Dutch retail market. The technical infrastructure is modern, leveraging Nuxt.js and Vue.js frameworks, GraphQL APIs, and advanced analytics and monitoring tools such as Google Tag Manager, Datadog RUM, and SiteSpect. Security measures are robust with enforced HTTPS, responsible disclosure policies, and no visible vulnerabilities. The site is well-optimized for performance, mobile use, and accessibility, ensuring a high-quality user experience. Overall, the website reflects a mature digital presence aligned with the company's business goals and customer expectations.

Fast Track is a specialized CRM platform designed exclusively for the iGaming industry, offering advanced AI-powered player engagement and automation tools. The company positions itself as a leader in providing multi-channel, real-time data-driven solutions that enhance player retention, compliance, and operational efficiency. Their platform integrates seamlessly with various industry tools and supports multi-brand management, making it a comprehensive solution for online casino operators. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, leveraging a robust tech stack including Font Awesome Pro, Google reCAPTCHA, and analytics tools like Hotjar and Google Tag Manager. The site demonstrates excellent performance, mobile optimization, and accessibility, reflecting a mature digital infrastructure. From a security perspective, the site employs HTTPS, security headers, and bot protection mechanisms, indicating a strong security posture. However, explicit security policies and incident response contacts are not publicly disclosed, suggesting areas for improvement. Privacy compliance is well addressed with clear privacy and cookie policies, including GDPR adherence. Overall, Fast Track presents a professional, trustworthy, and technologically advanced presence in the iGaming CRM market. The absence of critical security issues and the presence of multiple trust indicators support a high legitimacy score. Strategic recommendations include enhancing security transparency and expanding incident response information to further strengthen trust and compliance.

Sunlab GmbH is a well-established performance marketing agency based in Germany, specializing in SEO, SEA, Paid Social, Affiliate Marketing, Data Consulting, and Marketing Technologies. With over a decade of experience since its founding in 2011, Sunlab holds a strong market position supported by certifications from major platforms like Google, Microsoft, Amazon, and Meta. The company targets businesses aiming to scale their online presence and optimize digital marketing strategies. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with a robust CMS backend via Strapi, ensuring fast performance and excellent mobile optimization. Security practices are strong, with HTTPS enforced and appropriate security headers in place, though the absence of a cookie consent mechanism is a notable gap in privacy compliance. Overall, the site reflects a professional, trustworthy, and technically mature digital presence.

Muscat Mizzi Advocates is a boutique law firm based in Malta, specializing in Compliance, Dispute Resolution, and Transaction Law. The firm targets business sector clients who value creativity and efficiency in legal services. Their market position is that of a reputed boutique firm with a focus on delivering tailored legal solutions. The website reflects a professional and consistent brand image with clear service offerings and active engagement in industry events. Technically, the website is built using modern frameworks such as Nuxt.js and TailwindCSS, hosted behind Cloudflare, and employs Google Analytics for tracking. The site is mobile-optimized and performs moderately well, with good SEO and basic accessibility features. Security measures include HTTPS enforcement and Cloudflare Turnstile captcha to mitigate automated abuse. From a security perspective, the site demonstrates good practices with no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policies, incident response contacts, and comprehensive privacy documentation, which are areas for improvement. The domain registration details are consistent with the business claims, enhancing trustworthiness. Overall, the website presents a low-risk profile with strong business credibility but would benefit from enhanced privacy and security policy transparency to improve compliance and user trust.

S

Serenata

serenataflowers.com

54

Serenata Flowers is a well-established UK-based online florist specializing in flower and plant delivery services. The company offers a wide range of floral arrangements, including bouquets, letterbox flowers, and gifts, with a strong emphasis on freshness, quality, and customer satisfaction. Their market position is supported by extensive customer reviews and a comprehensive product catalog. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted behind Cloudflare for performance and security. The site is mobile-optimized, fast, and accessible, with good SEO practices including structured data. Security posture is strong with HTTPS enforced and appropriate security headers, though explicit security policies and incident response information are not publicly available. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the website presents a professional, trustworthy, and user-friendly experience for customers seeking floral products online.

S

SIA "Izdevniecība Rīgas Viļņi"

jauns.tv

57

Jauns.tv is a Latvian video news portal operated by SIA "Izdevniecība Rīgas Viļņi", providing a wide range of video content including news, entertainment, sports, business, health, and recipes. The site targets Latvian-speaking audiences interested in up-to-date video news and broadcasts. The business model is primarily media publishing with monetization through advertising networks and partnerships. Technically, the site uses modern web technologies such as Nuxt.js and Vue.js, integrates multiple analytics and advertising platforms, and implements GDPR-compliant consent mechanisms. Security posture is strong with HTTPS enforcement and no visible vulnerabilities, though explicit security policies are not published. Overall, the site presents a professional and trustworthy media platform with good content quality and user experience.

P

pj101

pj101.net

42

pj101.net is a Japanese website focused on providing comprehensive food event coordination, vendor support, and transportation logistics services. The company targets event organizers, convention centers, and facilities, aiming to streamline food event operations through integrated logistics solutions. The website uses modern web technologies including Nuxt.js and Vue.js, hosted on Google Cloud Storage, and demonstrates good mobile optimization and SEO practices. However, it lacks explicit privacy, cookie, and terms of service policies, and does not provide direct contact emails or phone numbers, relying solely on a contact form for communication. Security posture is moderate with HTTPS enabled but missing security headers and incident response information. Overall, the site is professional and functional but could improve transparency and compliance.

S

Study in Latvia

studyinlatvia.lv

64

Study in Latvia is a comprehensive national portal dedicated to promoting higher education opportunities in Latvia to international students. It provides detailed information on study programmes, scholarships, admission procedures, and student life, supported by the Latvian government and multiple higher education institutions. The website is well-structured, mobile-optimized, and integrates modern web technologies including Vue.js and Nuxt.js, ensuring a smooth user experience. Security measures such as HTTPS and security headers are properly implemented, and privacy compliance is evident with clear policies and consent mechanisms. The platform actively engages with its audience through events, webinars, and social media, enhancing its reach and trustworthiness.

Diakrit AB is a well-established company specializing in innovative real estate marketing and technical platforms, serving leading real estate agents globally. The company positions itself as an industry leader with a strong focus on enhancing the property transaction experience through advanced technology and services. Their website reflects a mature digital presence with a modern tech stack including Vue.js, Nuxt.js, and Vuetify, hosted on AWS infrastructure. Security measures such as HTTPS and security headers are properly implemented, indicating a strong security posture. Privacy compliance is evident with comprehensive privacy and cookie policies and consent mechanisms. However, explicit security policies and incident response contacts are not found, suggesting areas for improvement. Overall, the website is professional, trustworthy, and well-optimized for users.

W

Western Provident Association Limited

wpa.org.uk

72

Western Provident Association Limited (WPA) is a well-established, specialist UK not-for-profit health insurer founded in 1901. The company offers award-winning private medical insurance solutions tailored for individuals, families, and businesses of all sizes. WPA holds a unique market position as the only Which? Recommended Private Medical Insurance provider for two consecutive years and maintains high customer satisfaction as evidenced by excellent Trustpilot ratings. Their key services include personal and family health insurance, business health insurance, health cash plans, and digital health services such as remote GP consultations and mental health support. The company emphasizes customer choice and expert service, leveraging over a century of experience in the healthcare insurance sector.

S

Safe Solutions AB

safesolutionsab.com

55

Safe Solutions AB is a Swedish technology company specializing in advanced digital surveillance solutions branded as 'Den Digitala Väktaren'. They provide real-time event analysis and alarm services integrated with police response, leveraging proprietary software and intelligent thermal camera technology. Established in 2009, they hold a unique market position as the sole global provider of this solution. The website reflects a professional and consistent brand image targeting businesses seeking enhanced security monitoring. Technically, the site is built on modern frameworks such as Vue.js and Nuxt.js, with a headless WordPress CMS backend. It incorporates comprehensive cookie consent management via Cookiebot and integrates multiple marketing and analytics tools with user consent. Security posture is strong with HTTPS and secure cookie practices, though explicit security policies and headers could be improved. Overall, the site is well-structured, GDPR compliant, and trustworthy, supporting the company's credibility and market presence.

S

Session Map AB

session.nu

51

Session Map AB operates a professional e-commerce platform specializing in hair and beauty products, primarily targeting salons and industry professionals in Sweden. The website showcases a well-structured product catalog with detailed descriptions, pricing, and promotional campaigns, reflecting a mature market presence. The company emphasizes customer engagement through events, education, and integrated support services.

Best Transport AB is a leading transport company in Sweden and the Nordic region, specializing in flexible, fast, and reliable transport services for businesses. Their offerings include express deliveries, distribution, healthcare logistics compliant with GDP regulations, service logistics, and warehousing solutions. The company emphasizes sustainability with a largely fossil-free vehicle fleet and aims for full electrification. The website reflects a mature digital presence with a modern tech stack including Nuxt.js, Prismic CMS, and Tailwind CSS, ensuring fast performance, mobile optimization, and good SEO. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response contacts are not found. Overall, the site is professional, trustworthy, and well-aligned with the company's business claims.

Finax AB is a Swedish company specializing in gluten-free food products, including flour mixes and müsli, targeting health-conscious consumers and those with gluten intolerance. The company has a strong market presence in Sweden with a well-structured website offering product information, recipes, and sustainability content. The technical infrastructure is based on modern web technologies such as Nuxt.js and Vue.js, with content managed likely via Storyblok CMS. The website includes cookie consent mechanisms and basic privacy policy compliance, but lacks explicit terms of service and detailed security policies. Security posture is moderate with room for improvement in security headers and SSL configuration verification. Overall, the website is professional, user-friendly, and trustworthy, supporting the company's retail business model effectively.

F

FOSSi Foundation

fossi-foundation.org

48

The FOSSi Foundation is a small, international non-profit organization dedicated to promoting and protecting the open source silicon chip movement. It serves as a custodian for the Free and Open Source Silicon community, organizing key events such as Latch-Up and ORConf, publishing a monthly newsletter, and fostering collaboration among developers and contributors. The foundation's website reflects a strong community focus with clear navigation, professional design, and mobile optimization. Technically, the site is built using modern frameworks like Nuxt.js and Vue.js, hosted likely on Netlify, and employs efficient performance and accessibility practices. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks some security headers and formal policies such as privacy and cookie policies, which are important for compliance and trust. Overall, the website is trustworthy and professional, though it would benefit from enhanced privacy compliance and explicit security documentation.

Wilson Creative is a well-established digital agency based in Sweden with offices in Stockholm and Kalmar. The company offers a comprehensive suite of services including web development, digital marketing, branding, and film production. They serve a diverse client base across Sweden and have received multiple awards and positive client testimonials, positioning them as a reputable player in the digital communications market. Their website reflects a modern, professional design with clear navigation and strong branding consistency. Technically, the site leverages modern frameworks such as Nuxt.js and Vue.js, integrates with Prismic CMS, and employs Cookiebot for GDPR-compliant cookie management. Security practices are robust with HTTPS enforced and appropriate security headers present. However, explicit security policies and incident response contacts are not published, which could be improved. Overall, the site demonstrates a high level of digital maturity and compliance, supporting Wilson Creative's market position as a trusted digital partner.

L

Leaseonline Sweden AB

leaseonline.se

39

Leaseonline Sweden AB operates a professional online car leasing platform primarily targeting private and corporate customers in Sweden. The website offers a broad selection of vehicles, flexible leasing contracts, and integrates secure identity verification via BankID. The company has been active since 2015 and positions itself as a trusted intermediary between customers and vehicle financing partners. Technically, the site is built on modern JavaScript frameworks such as Vue.js and Nuxt.js, with Google Analytics for tracking. The design is responsive and user-friendly, providing a good user experience. Security posture is adequate with HTTPS and secure identity verification, but lacks some security headers and explicit incident response policies. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are missing. Overall, the site is legitimate, well-structured, and trustworthy, with room for improvement in security and privacy transparency.

Nordisk Film is a prominent Nordic entertainment company specializing in film and series production, gaming, and cinema operations. It holds a leading market position in the Nordic and Baltic regions, supported by its affiliation with the Egmont group. The website demonstrates a mature digital infrastructure leveraging modern frameworks such as Nuxt.js and Vue.js, ensuring a responsive and performant user experience. Security measures include HTTPS enforcement and a Content Security Policy, alongside a comprehensive cookie consent mechanism that aligns with GDPR requirements. While contact information is not explicitly listed, the site maintains professional content and clear business representation. Overall, the risk profile is low with recommendations to enhance security headers and publish a vulnerability disclosure policy.

L

Lindex

lindex.com

59

Lindex is a well-established Scandinavian fashion retailer with a strong presence in Europe, operating both physical stores and an extensive e-commerce platform. The company offers a wide range of products including women's wear, kids' wear, lingerie, and cosmetics, targeting primarily European consumers. Their market position is solid as one of Europe's leading fashion brands with a large store network and a comprehensive online presence. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with a robust content management system (Hygraph) and utilizes advanced analytics and marketing tools including Cookiebot for consent management and Google Tag Manager. The site is optimized for performance, mobile responsiveness, and accessibility, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, implements comprehensive security headers, and employs a detailed cookie consent mechanism ensuring GDPR compliance. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a public security.txt file and explicit incident response contact information, which are recommended for enhanced security posture. Overall, Lindex demonstrates a high level of professionalism, security, and compliance, making it a trustworthy and reliable online retailer. Strategic improvements in transparency around security policies and incident response could further strengthen their security culture and customer trust.

T

Telenor Group

telenor.com

56

Telenor Group is a leading multinational telecommunications company connecting customers across the Nordics and Asia. The company offers a broad range of telecom services including mobile and fixed networks, with a strong emphasis on innovation such as sovereign AI infrastructure. Their website reflects a mature digital presence with comprehensive investor relations, ESG initiatives, and corporate governance information. Technically, the site uses modern frameworks like Vue.js and Nuxt.js, supported by tag management tools such as Tealium and Google Tag Manager, ensuring a performant and responsive user experience. Security posture is strong with HTTPS enforcement, security headers, and a clear cookie consent mechanism, though explicit security policies and incident response contacts are not publicly detailed. Overall, Telenor demonstrates high business credibility and digital maturity, positioning itself as a trustworthy and professional entity in the telecommunications sector.

D

duva.se

duva.se

39

Duva.se is a small Swedish technology company specializing in tech, software, and cloud solutions with 15 years of experience. Their business model focuses on delivering turnkey products and custom-developed software services and integrations targeting businesses seeking specialized technology solutions. The website content is minimal but clearly communicates their expertise and service offerings. Technically, the website is built using modern JavaScript frameworks such as Nuxt.js and Vue.js, indicating a contemporary and modular infrastructure. The site is mobile optimized and performs moderately well, though accessibility features are basic. SEO is adequately addressed through meta tags and structured data. From a security perspective, the site uses HTTPS but lacks visible security headers and formal security policies. No privacy, cookie, or terms of service policies are present, and no contact information or incident response details are provided. There are no detected vulnerabilities or exposed sensitive data, but the absence of key compliance and security documentation reduces the overall security posture. Overall, the website is functional and professional but lacks comprehensive privacy and security compliance features. Strategic improvements in policy transparency, security headers, and contact information would enhance trust and compliance.

B

Bill.me LTD

bill.me

80

Bill.me LTD operates a comprehensive electronic bill management and payment platform targeting both individual customers and business clients, including cooperation partners such as property management and utility service providers. The company offers a modern SaaS solution with features like bill aggregation, one-click and automatic payments, meter reading submissions, and direct communication channels with service providers. The platform is accessible via web and mobile applications, supporting multiple app stores. Technically, Bill.me employs modern frameworks such as Nuxt.js and Vue.js, integrates Google Tag Manager, reCAPTCHA, and Cookiebot for analytics, security, and privacy compliance. The security posture is strong with HTTPS enforcement, bot protection, and cookie consent management, though some security headers could be enhanced. Privacy policies are comprehensive and GDPR compliant, with a designated Data Protection Officer contact provided. Overall, the website is professional, well-branded, and trustworthy, with clear business information and active social media presence.

C

Certific OÜ

certific.co

68

Certific OÜ operates a specialized healthcare communication platform designed to improve patient care and reduce administrative burdens in primary care settings. The platform offers features such as automated medical summaries, task management, and secure doctor-patient communication, targeting healthcare providers and patients primarily in Estonia and the UK.

M

Mirantis

mirantis.com

79

Mirantis is an established enterprise technology company specializing in AI infrastructure management and Kubernetes-based solutions. The company offers a comprehensive suite of products and services designed to manage AI workloads across cloud, on-premises, hybrid, and edge environments. Recognized as a leader and challenger in the container management space by Gartner and Omdia, Mirantis targets MLOps professionals, platform engineers, and enterprise customers seeking scalable, secure, and flexible AI infrastructure solutions. The website reflects a mature digital presence with strong branding, clear navigation, and extensive content tailored to its target audience. Technically, the website leverages modern frameworks such as Nuxt.js and Bootstrap, with a headless CMS (Storyblok) for content management. It is hosted on a Fastly CDN, ensuring fast load times and global availability. The site is mobile-optimized and includes accessibility features, contributing to a positive user experience. SEO practices are well implemented with comprehensive meta tags and structured data. From a security perspective, the site employs HTTPS with a valid SSL certificate supporting modern TLS protocols. Security headers like X-Frame-Options and HSTS (though not fully enabled) are present, and no vulnerable cipher suites or subdomain takeover risks were detected. However, improvements such as enabling HSTS fully and implementing OCSP stapling could enhance security further. Privacy compliance is supported by a comprehensive privacy policy, though explicit cookie consent mechanisms are not evident. Overall, Mirantis demonstrates a strong security posture, professional business credibility, and a well-executed technical infrastructure. The risk level is low, with recommendations focusing on enhancing security headers and privacy mechanisms to maintain compliance and trust.

2

20i Ltd.

20i.com

40

20i Ltd. is a UK-based technology company specializing in high-performance web hosting services including reseller hosting, managed cloud hosting, managed WordPress hosting, VPS, and domain registration. The company positions itself as a premium hosting provider with a focus on speed, reliability, and expert 24/7 support, supported by multiple industry awards and positive customer testimonials. Their technical infrastructure leverages modern cloud platforms such as AWS, Google Cloud, and their proprietary 20iCloud, utilizing advanced technologies like Redis, ElasticSearch, and autoscaling to deliver high availability and performance. The website is built on modern frameworks including Nuxt.js and Vue.js, with a responsive design and good SEO practices. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS, which is a critical issue. While security headers and content security policies are in place, the lack of proper SSL/TLS configuration significantly impacts the overall security score. The company provides comprehensive contact information, including email, phone, and physical address, and maintains a strong social media presence. Strategic recommendations include immediate implementation of valid SSL certificates, enabling modern TLS protocols, and enhancing privacy compliance mechanisms. Overall, 20i presents a professional and trustworthy web hosting service with room for critical security improvements.

woom GmbH is an Austrian company specializing in the design and sale of ergonomic, lightweight children's bikes tailored to various age groups and sizes. Founded in 2013 by two fathers who sought better bike options for their children, the company has grown to serve over 37 countries with a strong international presence. Their product range includes bikes, helmets, accessories, and a Riders Club membership, supported by a 10-year warranty and a 30-day money-back guarantee. The website reflects a mature e-commerce platform with a modern tech stack including Nuxt.js, TailwindCSS, and Shopify integration, ensuring a fast, responsive, and accessible user experience. Security best practices are observed with HTTPS, security headers, and no visible vulnerabilities, although explicit security and incident response policies are not found. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations.

A

Asteas GmbH

iacbox.com

51

IACBOX, operated by Asteas GmbH, is a well-established provider of internet hotspot and authentication systems, serving a broad range of sectors including hospitality, healthcare, and transportation. The company has a strong market presence with over 8,500 deployments worldwide since 2003, offering both subscription and permanent licensing models. Their solutions emphasize secure, user-friendly WiFi access for guests, employees, and customers, supported by cloud-based management portals. Technically, the website leverages modern frameworks such as Nuxt.js and Vue.js, ensuring fast performance, mobile optimization, and good SEO practices. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities. However, explicit security policies and incident response information are not publicly detailed. Overall, the website and business demonstrate high professionalism, trustworthiness, and compliance with GDPR regulations.

Adjust GmbH operates a leading mobile measurement and analytics platform designed to accelerate app growth through comprehensive attribution, fraud prevention, and marketing automation solutions. The company targets app marketers and developers globally, offering a suite of products including Measure, Analyze, Engage, Recommend, Automate, and Protect. Hosting on Vercel with a modern Nuxt.js and Vue.js frontend, the website demonstrates strong digital maturity and internationalization with multiple language support. However, a critical security issue is present due to an invalid or missing SSL certificate, significantly impacting the security posture. While security headers are mostly configured, the lack of valid HTTPS undermines trust and data protection. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism was detected. Contact information is primarily via forms, with no explicit emails or phone numbers visible. Overall, the site is professional and content-rich, but urgent remediation of SSL issues is recommended to improve security and user trust.

B

Billa BG

billa.bg

40

BILLA Bulgaria operates as a major retail supermarket chain with a strong presence in the Bulgarian market, offering a wide range of food and non-food products, including own brands and partner brands. The company emphasizes customer loyalty through its BILLA Card program and engages actively in social responsibility initiatives. Technically, the website is built on modern frameworks such as Vue.js and Nuxt.js, hosted on Google Cloud, and integrates payment services like Payone. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy compliance. Overall, the website is professional and content-rich but requires urgent security improvements to ensure safe user interactions.

A

Atlantic Grupa d.d.

atlanticgrupa.com

29

Atlantic Grupa d.d. is a prominent regional leader in the fast-moving consumer goods sector, specializing in the production and distribution of popular food and beverage brands across Southeast Europe. The company maintains a strong market position with a comprehensive distribution network and a focus on sustainability and corporate responsibility. Their website reflects a professional digital presence with detailed investor relations and sustainability content, targeting regional consumers, investors, and partners. Technically, the site leverages modern JavaScript frameworks such as Nuxt.js and Vue.js and is hosted behind Cloudflare, ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy and cookie policies are well implemented, indicating GDPR compliance. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and maintain trust.

H

hokify GmbH

hokify.at

37

hokify GmbH operates a mobile-first job platform primarily serving the Austrian and German-speaking job market. The company offers a user-friendly job search portal and mobile app with over 11,000 job listings, emphasizing ease of application without the need for traditional cover letters. Technically, the website is built on modern JavaScript frameworks such as Vue.js and Nuxt.js, hosted on Amazon CloudFront CDN, and optimized for mobile devices. However, the site currently lacks a valid SSL certificate, which is a critical security concern. Privacy policies are comprehensive and GDPR compliant, and the company maintains active social media engagement. Overall, hokify presents a professional and trustworthy business with room for security improvements.

E

Evides N.V.

evides.nl

40

Evides N.V. is a large, established public utility company providing reliable and sustainable drinking water services to approximately 2.5 million consumers and businesses in the southwest Netherlands. The company operates a comprehensive digital infrastructure including a customer portal (Mijn Evides), extensive self-service options, and detailed information resources. Their market position is strong with a focus on quality, sustainability, and customer engagement. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, hosted on Microsoft Azure, and integrates analytics and marketing tools such as Google Analytics, Hotjar, and Google Tag Manager. Security measures are in place including a strict Content Security Policy and multiple security headers; however, the SSL certificate is currently invalid and no modern TLS protocols are enabled, representing a critical security risk. Privacy compliance is robust with comprehensive GDPR-aligned policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions.

CEVA Logistics is a leading global supply chain management and freight company offering a broad range of logistics services including air, ocean, ground, contract logistics, and customs brokerage. The company operates worldwide with a large workforce and is part of the CMA CGM Group. The website demonstrates a mature digital presence with comprehensive content, multiple language support, and active news and career sections. Technically, the site uses modern frameworks like Nuxt.js and Vue.js and is hosted behind Cloudflare, but critically lacks a valid SSL certificate and proper HTTPS configuration, which severely impacts its security posture. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces security effectiveness. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and maintain trust.

F

Festspielhaus St. Pölten

festspielhaus.at

36

Festspielhaus St. Pölten is a prominent cultural venue in Austria specializing in dance, music, and architectural events. The website serves as a comprehensive platform for event information, ticket sales, subscriptions, and educational programs, targeting a diverse audience including families, schools, and cultural enthusiasts. The business is well-positioned regionally with a strong brand presence and partnerships with local institutions. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is basic with no advanced headers or HTTPS, though privacy compliance is well addressed with detailed cookie and privacy policies. Overall, the site is professional and content-rich but requires urgent security improvements to enhance trust and compliance.

E

Excellence AG

excellence.ag

39

Excellence AG is an international technology partner specializing in engineering and IT services with a strong focus on green technology and sustainability. The company operates multiple offices across Germany and the Netherlands, offering green tech job opportunities and supporting sustainable projects in energy and transportation sectors. Their website is professionally designed, content-rich, and targets professionals interested in green technology careers and partnerships. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, integrated with Google Tag Manager and social login plugins for LinkedIn and Xing. The hosting appears to be on AWS infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Performance metrics are not available, but the site shows good mobile optimization and SEO practices. From a security perspective, the absence of HTTPS and modern TLS protocols significantly lowers the security posture. No advanced security headers or incident response policies are evident. Privacy compliance is partially met with a comprehensive privacy policy and GDPR consent statements on forms, but no cookie consent mechanism is detected. Business credibility is supported by ISO 9001 certification, multiple office locations, and professional content. Overall, the website presents a trustworthy and professional business front but requires urgent security improvements, especially enabling HTTPS and enhancing security headers, to protect user data and improve trustworthiness. Strategic recommendations include SSL implementation, security header enhancements, and adding explicit cookie consent mechanisms to align with privacy regulations.

B

Belimed INC.

belimed.com

40

Belimed INC. is a large healthcare-focused company specializing in medical and surgical instrument sterilization, disinfection, and cleaning products and services. The company positions itself as a trusted partner in advancing medical care and protecting patient and staff safety, with a global presence and over 1,000 employees across nine countries. Their business model is primarily B2B, serving sterile processing departments and healthcare providers with a comprehensive portfolio including washer-disinfectors, sterilizers, digitalization solutions, and training services. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with Tailwind CSS for styling. It integrates multiple analytics and marketing tools including Google Analytics, Facebook Connect, LinkedIn Pixel, and Calendly. The site is well-optimized for mobile and accessibility, with clear navigation and professional design. However, the SSL certificate is invalid or missing, which significantly impacts the security posture. From a security perspective, the site implements several important HTTP security headers and a restrictive Content-Security-Policy, but the lack of a valid SSL certificate and incomplete HSTS implementation are critical weaknesses. No explicit security or incident response policies are found, and there is no vulnerability disclosure or security.txt file. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the website is professional and trustworthy from a business and content perspective but requires urgent remediation of SSL issues to improve security and user trust. Strategic improvements in security policy transparency and incident response readiness are also recommended.

The Doppelmayr Group website for the Automated People Mover system presents a business focused on transportation solutions, specifically cable liner automated people movers designed to manage high visitor flows efficiently. The company appears to be a large, established entity in the transportation sector based in Austria, with a consistent brand presence and clear business focus. The website content is basic but includes well-structured SEO metadata and social sharing tags, indicating some digital marketing maturity. Technically, the site uses modern frameworks such as Nuxt.js and WordPress CMS, hosted behind Cloudflare CDN. However, the absence of a valid SSL certificate and lack of HTTPS severely undermine the security posture. Performance metrics are unavailable, but the presence of many prefetch and preload scripts suggests an attempt at optimization, though the lack of HTTPS is a critical flaw. Mobile optimization and accessibility are basic, with room for improvement. Security analysis reveals significant vulnerabilities: no SSL/TLS encryption, no HSTS, no DMARC, DNSSEC, or CAA records, and no security.txt or vulnerability disclosure policies. Tracking and advertising scripts are present without accompanying privacy or cookie policies, indicating poor privacy compliance. No contact or incident response information is provided, limiting transparency and trust. Overall, the website's risk profile is elevated due to missing HTTPS and privacy compliance gaps. Strategic improvements in security infrastructure, privacy policies, and contact transparency are recommended to enhance trust and compliance.

OBI is a leading German home improvement and garden retailer with a strong online and physical presence. The website offers a comprehensive range of products and services including project planning, rental services, and loyalty programs. Technically, the site uses modern frameworks like Vue.js and Nuxt.js, hosted on AWS CloudFront, with extensive use of third-party analytics and marketing tools. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user data protection. The site is well-structured, mobile-optimized, and provides clear contact and business information, supporting a high level of trustworthiness. Strategic improvements in security and privacy compliance are recommended to enhance overall risk posture.

Kontron is a global leader in IoT and embedded computing technology, offering a broad range of smart IoT solutions and electronics manufacturing services. The company targets industrial and technology sectors with a focus on innovation, sustainability, and advanced technology integration. The website is professionally designed using modern frameworks such as Nuxt.js and hosted on Hetzner infrastructure. However, the security posture is weak due to the absence of a valid SSL/TLS certificate and lack of HTTPS enforcement, which poses a significant risk to user data and trust. Privacy compliance is partially addressed through the use of Cookiebot for cookie consent, but no explicit privacy policy or terms of service are found. Overall, the website reflects a credible business but requires urgent security improvements.

Shotview is a well-established artist management agency founded in 2002, specializing in representing photographers, stylists, casting professionals, and other creatives in the media and fashion industries. With offices in Berlin, Paris, and Vienna, the company offers strategic guidance, production expertise, and a platform for artists to showcase their work internationally. The website reflects a professional and visually rich portfolio showcasing featured projects and artists. Technically, the site uses modern frameworks such as Vue.js and Nuxt.js, hosted on Heroku and served via Cloudflare CDN. However, the absence of a valid SSL certificate is a critical security flaw, exposing users to risks and undermining trust. Additionally, the lack of privacy, cookie, and security policies indicates compliance gaps that should be addressed to meet GDPR and general best practices. Contact information is clearly provided, including multiple office addresses, emails, and phone numbers, supporting business credibility.

E

Evangelical Free Church of America

efca.org

37

The Evangelical Free Church of America (EFCA) operates as a large non-profit religious association focused on uniting and supporting approximately 1,600 evangelical congregations across the United States. Their website serves as a central hub for ministry resources, church networking, events, and informational content aimed at their faith community and interested individuals. The organization maintains a strong market position within the evangelical sector, supported by trust indicators such as ECFA accreditation and active social media engagement. Technically, the website leverages modern frontend frameworks including Vue.js and Nuxt.js, delivering a visually appealing and accessible user experience. However, the site suffers from slow load times and lacks a content delivery optimization strategy. Hosting is provided by DreamHost, and the site integrates third-party services such as Mailchimp for newsletter subscriptions and Vimeo for video content. From a security perspective, the site exhibits critical vulnerabilities, most notably the absence of a valid SSL/TLS certificate, resulting in no HTTPS support. This severely undermines user trust and data security. Additionally, the lack of security headers, HSTS, and other best practices further exposes the site to potential risks. Privacy compliance is limited, with no cookie consent mechanism detected and only a basic privacy policy present. Overall, while the EFCA website is professionally designed and content-rich, its security posture is weak and requires urgent remediation to protect users and maintain organizational credibility. Strategic improvements in SSL implementation, security headers, and privacy compliance will significantly enhance the site's trustworthiness and resilience.

N

Netural Group GmbH

netural-group.com

55

Netural Group GmbH is a well-established digital services holding company based in Austria, operating primarily in the DACH region. Founded in 1998, it encompasses one of the longest-standing digital service providers and a company building entity focused on digital business models. The company emphasizes sustainable digital transformation and product development, with a clear market position as a pioneer in the digital space. The website reflects a professional and consistent brand image, targeting businesses seeking digital innovation and company formation services. Technically, the site leverages modern frameworks such as Nuxt.js and Tailwind CSS, hosted on Amazon CloudFront with nginx, ensuring a moderate performance and good mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of advanced security headers, which should be addressed promptly to protect user data and enhance trust. Privacy compliance is adequate with a GDPR-compliant privacy policy, though cookie consent mechanisms are absent. Overall, the site is credible and functional but requires improvements in security and privacy transparency to reach higher trust and compliance levels.

L

Lamb Weston

lambweston.eu

40

Lamb Weston is a globally recognized leader in the frozen potato products industry, offering a wide range of products including fries, specialties, and appetizers. The company targets foodservice professionals and retail customers primarily in the EMEA region, providing innovative and high-quality potato solutions. Their website reflects a strong market position with comprehensive content, multiple language support, and a focus on sustainability. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, hosted on AWS infrastructure, and demonstrates good mobile optimization and SEO practices. However, the absence of a valid SSL certificate significantly impacts the security posture, exposing the site to potential risks. Privacy and legal policies are well documented, but the lack of a cookie consent mechanism is a compliance gap. Overall, the website is professional and trustworthy but requires urgent security improvements to ensure safe user interactions.

G

GOLDBECK RHOMBERG GmbH

goldbeck-rhomberg.com

40

GOLDBECK RHOMBERG GmbH is a well-established construction and real estate services company with over 50 years of experience, primarily operating in Austria and Europe. The company offers comprehensive services including the turnkey construction of logistics and industrial halls, office buildings, parking garages, and residential buildings, positioning itself as an integrated provider in the real estate sector. Their business model focuses on delivering end-to-end solutions from design to operation, including parking services. Technically, the website is built on modern frameworks such as Nuxt.js and Express, hosted on Vercel, and uses TYPO3 CMS for content management. The site is well-optimized for SEO, mobile responsiveness, and accessibility, with a professional design and clear navigation. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of enabled TLS protocols, which is a critical issue that needs immediate remediation. Privacy compliance is strong, with comprehensive privacy and cookie policies and consent mechanisms in place. Overall, the website reflects a credible and professional business presence but requires urgent security improvements to protect user data and maintain trust.

F

Frauscher Sensor Technology USA Inc.

frauscher.com

40

Frauscher Sensor Technology USA Inc. is a leading provider of highly reliable train detection and wayside object control solutions, serving rail operators and system integrators globally. The company offers a comprehensive portfolio including hardware components like wheel sensors and axle counters, software solutions, and smart life cycle services. With a strong market position and a global footprint, Frauscher is recognized for its innovation and quality in the transportation sector. Technically, the website is built on modern frameworks such as Nuxt.js and uses Storyblok CMS, hosted on AWS CloudFront. The site is well-optimized for mobile and SEO, with good accessibility features. However, performance is moderate and could be improved. From a security perspective, the site employs several security headers and has a proactive PSIRT program. However, the SSL certificate is currently invalid, which is a critical issue that impacts the overall security posture. Other security best practices are in place, but improvements in SSL configuration and CSP are recommended. Overall, the website presents a professional and trustworthy image, with comprehensive privacy and cookie policies in place. The domain registration is consistent with the business claims, enhancing credibility. Strategic recommendations include fixing SSL issues, enhancing security headers, and maintaining strong privacy compliance to further strengthen trust and security.

REWE International AG operates a comprehensive career website for its retail group in Austria, including brands such as BILLA, PENNY, BIPA, and ADEG. The company is a major employer offering diverse job opportunities across retail stores, logistics, and corporate offices. The website is professionally designed with clear navigation and rich content targeting job seekers interested in retail careers. Technically, the site uses modern frameworks like Nuxt.js and Vue.js, hosted likely on AWS infrastructure, and managed via the Storyblok CMS. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and credible but urgently needs to address its SSL/TLS configuration to protect users and improve security.

B

Brenntag

brenntag.com

40

Brenntag is a global enterprise specializing in chemical distribution, logistics, and value-added services tailored to customer needs. The website serves as a multilingual portal with a splash page for country and language selection, indicating a broad international presence. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js and integrates with Google Tag Manager and OneTrust for analytics and cookie consent management. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. No explicit privacy policy, terms of service, or contact information are readily available on the splash page, which may affect user trust and compliance. Overall, Brenntag's website reflects a professional business with good design and user experience but requires improvements in security and privacy compliance to enhance trust and regulatory adherence.