Security Directory

S

Statens geotekniska institut

swedgeo.se

52

Statens geotekniska institut (SGI) is a Swedish government expert agency specializing in geotechnical issues, focusing on safe and sustainable construction and land use. The website serves as a comprehensive resource for government bodies, municipalities, researchers, and professionals in construction and environmental sectors. SGI maintains a strong market position as a national authority with active research, consultancy, and public service offerings. The site features extensive content including news, guidance, maps, and laboratory services, reflecting a mature digital presence. Technically, the website employs modern JavaScript modules, Cookiebot for consent management, and Piwik PRO and Vizzit for analytics, indicating a well-structured and privacy-conscious infrastructure. Security posture is solid with HTTPS usage and cookie consent mechanisms, though explicit security headers and incident response policies are not evident. Overall, the site demonstrates high professionalism, accessibility, and compliance with GDPR, supporting trustworthiness and user confidence.

D

DNB Bank ASA

dnb.no

55

DNB Bank ASA is Norway's largest financial institution, offering a comprehensive range of banking and financial services to both private individuals and businesses. The website reflects a strong market position with clear navigation and extensive service offerings including loans, savings, insurance, pensions, and investment solutions. The company maintains a consistent and professional brand image across its digital presence. Technically, the site is built on modern frameworks such as React and Gatsby, with performance optimizations and mobile responsiveness. Security measures include HTTPS, use of security headers, and secure form handling, with no visible vulnerabilities or exposed sensitive data. Privacy compliance is robust, featuring comprehensive privacy and cookie policies with active consent mechanisms. Overall, the site demonstrates a high level of professionalism, trustworthiness, and digital maturity.

S

Socialstyrelsen

socialstyrelsen.se

51

Socialstyrelsen is the Swedish National Board of Health and Welfare, serving as the authoritative knowledge agency for healthcare and social services in Sweden. The website provides comprehensive access to guidelines, statistics, educational resources, and application services aimed at healthcare professionals, social workers, and the general public. It holds a strong market position as a government entity ensuring equitable access to quality care and social support. The digital infrastructure is modern, leveraging React and Episerver CMS, with good mobile optimization and accessibility features. Security posture is robust with HTTPS enforcement, security headers, and cookie consent mechanisms, though explicit security and incident response policies are not publicly detailed. Overall, the site is professional, trustworthy, and well-maintained, reflecting its role as a key government resource.

I

IT informa AB

itinforma.se

30

IT informa AB is a small Swedish IT consulting company specializing in the development and maintenance of business-critical IT systems. Their website presents a professional image with clear descriptions of their services, regional focus in the Öresund area, and a consistent brand presence. The company leverages WordPress with modern plugins such as Yoast SEO and Astra theme to deliver a well-structured and SEO-optimized site. Social media presence on Facebook and LinkedIn supports their business credibility. Technically, the site is well implemented with HTTPS and modern web standards, though some security headers are missing. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the security posture is good but can be improved with additional policies and headers. The WHOIS data aligns well with the website's claims, indicating legitimacy and consistency.

Stockholms stad operates an official municipal website serving over 960,000 residents and approximately 40,000 employees. The website provides comprehensive access to city services, including education, family support, cultural activities, traffic information, and business resources. It targets residents, businesses, and visitors, positioning itself as the authoritative digital portal for Stockholm city government. The site is well-branded, professionally designed, and offers clear navigation and accessibility features. Technically, the website employs modern web technologies including JavaScript, SVG icons, React components, and Piwik PRO analytics. The presence of Episerver CMS is inferred from script paths. The site is mobile-optimized and demonstrates good SEO and accessibility practices. Performance is moderate, with asynchronous script loading and structured content. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms with granular controls, and avoids exposing sensitive data. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not found. Security headers are not explicitly detected in the HTML content, suggesting room for improvement. Overall, the website is trustworthy, professionally maintained, and compliant with GDPR requirements. The domain registration data aligns with the official city ownership, reinforcing legitimacy. No blocking or WAF interference was detected, allowing full content access and analysis.

A

Affinity Group Limited

affinity.co.im

38

Affinity Group Limited is a well-established corporate and private wealth services provider founded in 2004 and headquartered in the Isle of Man. The company offers a broad range of services including corporate services, private wealth management, regulated industry support, and specialized sectors such as yachting, aviation, and sports professionals. Their market position is strong, supported by multi-award-winning recognition and trusted asset management exceeding £2 billion. The website reflects a mature digital presence built on the Webflow platform, featuring modern design, multimedia content, and clear navigation. However, the absence of explicit privacy and cookie policies, as well as security headers, indicates areas for improvement in compliance and security transparency. Overall, the company demonstrates a high level of professionalism and trustworthiness with a global footprint.

W

Wirtschaftskammer Österreich (WKO)

wkoecg.at

40

The website wkoecg.at serves as an official business directory for Austrian companies, operated by the Wirtschaftskammer Österreich (WKO), the Austrian Chamber of Commerce. It provides a comprehensive and up-to-date listing of over 600,000 Austrian businesses, targeting business users and the general public seeking company information. The platform offers additional services such as ECG compliance support and eServices, positioning itself as a central hub for business-related information in Austria. Technically, the site is built on an ASP.NET WebForms framework with modern JavaScript enhancements, including Google Tag Manager and a consent management platform to comply with privacy regulations. The site demonstrates good accessibility and SEO practices, with structured navigation and mobile optimization. However, performance metrics are unavailable, and the hosting provider is not explicitly identified. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS availability, which is a critical vulnerability exposing users to potential data interception. While security headers such as HSTS, X-Frame-Options, and secure cookie flags are implemented, the absence of HTTPS severely undermines the overall security posture. Privacy policies and cookie consent mechanisms are present and appear comprehensive, supporting GDPR compliance. Overall, the site is a credible and authoritative business resource with strong content and privacy compliance but suffers from a critical security flaw due to missing valid HTTPS. Addressing this issue is paramount to protect user data and maintain trust. Strategic improvements in SSL deployment and ongoing security audits are recommended to elevate the site's security and user confidence.

B

BENTELER

benteler.de

47

BENTELER is a well-established enterprise specializing in metal processing with a strong focus on automotive and industrial sectors. Founded in 1876, the company has a significant global presence with 90 locations worldwide, offering a diverse range of products including automotive components, steel/tube products, mechanical engineering, and glass processing equipment. The website reflects a mature business model targeting industrial clients and partners, with a clear emphasis on sustainability and innovation. Technically, the website is built on TYPO3 CMS, utilizing modern web technologies such as ES6 JavaScript modules, lazy loading, and SVG icons. It demonstrates excellent mobile optimization, accessibility, and SEO practices, ensuring a fast and user-friendly experience. The presence of comprehensive meta tags, structured data, and multi-language support further enhance its digital maturity. From a security perspective, the site enforces HTTPS, employs Google reCaptcha for bot prevention, and implements a granular cookie consent mechanism compliant with GDPR. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policy and incident response contact details are not prominently available, suggesting areas for improvement. Overall, BENTELER's website is professional, secure, and compliant, reflecting its enterprise status and global operations. Strategic enhancements in security transparency and incident response readiness could further strengthen its trustworthiness and compliance posture.

L

LSRT Associates

lsrtassociates.com

43

LSRT Associates is a small consulting firm specializing in Veracross software implementation, philanthropic consulting, and fractional CIO services primarily targeting independent schools and philanthropic organizations in the Saint Louis area. The website presents a professional and consistent brand image with clear service offerings but lacks direct contact details such as emails or phone numbers, relying on a contact form instead. The technical infrastructure is based on a modern WordPress CMS hosted on GoDaddy, utilizing contemporary plugins and themes with good mobile optimization and moderate performance. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though it lacks important security headers and formal privacy or cookie policies, indicating room for compliance improvement. Overall, the site is accessible without WAF or blocking mechanisms, but privacy compliance and security policy transparency are areas needing enhancement.

Hexagon AB is a global leader in industrial measurement technologies and digital solutions, serving a wide range of sectors including manufacturing, energy, transportation, and government. The website reflects the integration of Intergraph into Hexagon, highlighting divisions such as Asset Lifecycle Intelligence and Safety, Infrastructure & Geospatial. The company offers comprehensive products and services aimed at improving operational efficiency, safety, and sustainability. The digital infrastructure is modern, leveraging technologies like Bootstrap, Sitecore CMS, and advanced analytics tools with strong privacy compliance mechanisms. Security posture is robust with HTTPS enforcement and cookie consent management, though explicit security headers should be verified. Overall, the website demonstrates a mature digital presence aligned with enterprise standards.

ExpiredDomains.com operates as a specialized platform aggregating expired and expiring domain names, providing users with advanced search and filtering tools, domain metrics, and real-time data. The platform targets domain investors, SEOs, marketers, and businesses seeking valuable domain assets. It holds a strong market position as a leading expired domain marketplace aggregator, leveraging partnerships with registrars like GoDaddy to facilitate domain purchases. Technically, the website employs modern web standards with a custom-built interface, SVG icons, and JavaScript enhancements. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. Security-wise, the platform uses HTTPS and CSRF tokens for form protection and implements cookie consent mechanisms, but lacks published security policies or advanced security headers. No critical vulnerabilities or blocking mechanisms were detected, indicating a stable security posture. Overall, the website is professional, trustworthy, and compliant with basic privacy regulations, though there is room for improvement in formal security disclosures and accessibility.

T

tipp3 Sportwetten Österreich

tipp3.at

40

tipp3.at is a well-established Austrian sports betting platform, operating since 2001 and owned by Österreichische Lotterien. It offers a wide range of sports betting options including live betting, classic bets, and special bet types, targeting primarily Austrian sports bettors. The website features a professional design with clear navigation and extensive content covering numerous sports and events. Technically, the platform uses modern JavaScript frameworks and integrates with Sportradar for live data, but lacks a valid SSL certificate and proper TLS support, which is a significant security concern. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the site is trustworthy and professional but needs urgent improvements in its security infrastructure.

plenum AG Management Consulting is a well-established German management consulting firm specializing in transformation advisory services primarily for the finance, insurance, and energy sectors. With over 35 years of experience, the company holds a strong market position supported by industry awards and a professional digital presence. The website reflects a mature digital infrastructure built on TYPO3 CMS, featuring comprehensive content, clear navigation, and multi-channel engagement including social media and newsletters. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, exposing the site to risks and undermining user trust. Privacy policies and cookie consent mechanisms are well implemented, aligning with GDPR requirements. Overall, the business demonstrates high credibility and professionalism but must urgently address its HTTPS deficiency to improve security posture and user confidence.

A

Allnex GMBH

allnex.com

40

Allnex GmbH is a global leader in the manufacturing of industrial coating resins, adhesives, sealants, and specialty coatings. The company targets industrial manufacturers and formulators in the chemical and coatings industries, offering a broad portfolio of products and technical support. The website reflects a mature enterprise-grade digital presence with comprehensive content, clear navigation, and multi-language support, indicating a global market reach. Technically, the site is built on ASP.NET with Kentico CMS, hosted likely on Microsoft Azure, and employs modern web technologies including lazy loading and SVG icons. However, the security posture is weak due to an invalid SSL certificate and lack of TLS protocol support, which critically impacts trust and data protection. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to ensure safe user interactions and data protection.

H

Helvetia Versicherungen AG

helvetia.at

40

Helvetia Versicherungen AG is a well-established insurance provider in Austria with over 165 years of experience and a large customer base exceeding 650,000. The company offers a wide range of insurance and pension products tailored to private customers, including accident, vehicle, household, and life insurance. The website is professionally designed, content-rich, and provides comprehensive navigation and contact options, reflecting a mature digital presence. Technically, the site uses Adobe Experience Manager CMS and integrates Adobe DTM for analytics and marketing. However, a critical security gap exists as no valid SSL certificate is detected, resulting in no HTTPS support, which significantly impacts the security posture. Security headers are properly configured, but the lack of HTTPS is a major vulnerability. Privacy and cookie policies are present and comprehensive, indicating good compliance with GDPR. Overall, the website is trustworthy and credible but requires urgent security improvements to protect user data and maintain trust.

C

Ceramiche Atlas Concorde S.p.A.

atlasconcorde.com

40

Atlas Concorde is a well-established Italian manufacturer specializing in ceramic and porcelain tiles for floors, walls, outdoor spaces, furniture, and related products. The company has a mature market presence with 25 years of experience and offers a comprehensive product system including various collections and innovative technologies. The website demonstrates a high level of digital maturity with a modern tech stack based on Next.js and Vercel hosting, providing a professional and user-friendly experience across multiple languages. Security measures are in place with several HTTP security headers configured; however, the absence of a valid SSL certificate and lack of advanced SSL features like OCSP stapling reduce the overall security posture. Privacy and cookie policies are comprehensive and GDPR compliant, supporting strong privacy practices. Overall, the website reflects a credible and professional business with a solid online presence.

D

Die Wiener Volkshochschulen GmbH

vhs.at

40

Die Wiener Volkshochschulen GmbH operates the largest adult education platform in Vienna, offering a wide range of courses including languages, health, arts, and professional development. The website is well-designed, content-rich, and targets adult learners, families, and seniors in Vienna. It maintains a strong market position as a non-profit educational institution with official certifications and a comprehensive course catalog. Technically, the site uses Apache server technology, JavaScript modules, and integrates Cookiebot for consent management and Matomo for analytics. Accessibility and SEO are well addressed, with responsive design and clear navigation. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which is a critical issue for user trust and data protection. Privacy compliance is strong with GDPR-aligned policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS security to enhance protection and user confidence.

P

POLOPLAST GmbH & Co KG

poloplast.com

40

POLOPLAST GmbH & Co KG is a well-established Austrian manufacturer specializing in plastic pipe systems with a strong presence across Europe. The company emphasizes sustainability, innovation, and quality, offering a broad range of products including multilayer pipe systems, building drainage, and wastewater disposal solutions. Their market position is that of a technology leader with a large operational scale and a parent company affiliation with Wietersdorfer. The website reflects a professional business with clear contact information and comprehensive privacy and cookie policies, supporting GDPR compliance. Technically, the website is built on TYPO3 CMS and uses modern web technologies including Bootstrap for responsive design. However, the site suffers from slow performance and lacks HTTPS support, which is a critical security concern. The absence of SSL/TLS encryption and security headers exposes the site to potential risks and undermines user trust. Analytics and tracking tools such as Google Analytics and LeadFeeder are used with appropriate cookie consent mechanisms. Security posture is weak due to the lack of HTTPS and security headers, though no active vulnerabilities or malware were detected. Privacy compliance is strong with clear policies and consent banners. Business credibility is high given the detailed company information and social media presence. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate implementation of a valid SSL certificate, addition of security headers, performance optimization, and enhancement of incident response information to strengthen security culture and compliance.

D

Dr. Schär AG / SPA

drschaer.com

29

Dr. Schär is a well-established company specializing in products for people with special nutritional needs, particularly in gluten-free and related dietary areas. The company has a strong market position with over 100 years of experience and multiple specialized brands. Their website reflects a professional and consistent brand image, targeting consumers and healthcare professionals. Technically, the site is built on Drupal 9 with the Thunder distribution and incorporates modern web technologies and marketing tools such as Google Tag Manager. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that significantly impacts the site's security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

555photography is a small professional photography business specializing in wedding, family, engagement, and event photography. The business leverages the SmugMug platform to showcase its portfolio and manage client galleries, positioning itself as a niche service provider in the media sector. The website content is relevant and well-structured, targeting individuals and families seeking professional photography services. The business model relies on online presence and client engagement through SmugMug's infrastructure. Technically, the website is hosted on SmugMug's infrastructure using nginx and Amazon CloudFront CDN, with modern JavaScript frameworks and responsive design ensuring good mobile optimization and user experience. However, performance metrics are limited, and some technical debt is evident in the use of older YUI libraries alongside modern modules. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data protection. While some security headers are present, the absence of HTTPS and other advanced security features significantly lowers the security posture. Privacy policies and terms of service are available on the SmugMug domain, indicating compliance with GDPR and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website presents a moderate risk profile primarily due to missing HTTPS and limited direct business contact information. Strategic improvements in SSL implementation, security policy publication, and direct contact channels would enhance trust and compliance.

K

Knorr-Bremse AG

knorr-bremse.com

40

Knorr-Bremse AG is a global leader in manufacturing braking systems and safety-critical sub-systems for rail and commercial vehicles. With a history spanning over 28 years, the company holds a strong market position as an innovator in mobility and transport technologies. Their business model focuses on delivering advanced braking and safety solutions, complemented by comprehensive investor relations and career development programs. Technically, the website is built on a modern Angular framework, hosted on Nginx and Amazon CloudFront, with good SEO and accessibility features. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the security posture. The site implements strong security headers and content policies but lacks advanced SSL configurations and session management. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent SSL deployment to enhance security and user trust.

D

DIETZEL GmbH

dietzel-univolt.com

28

Dietzel Univolt is a medium-sized, independent family-owned manufacturing and distribution company specializing in electrical installation materials and related civil engineering products. With production facilities in Austria, Slovakia, and China, the company serves professional customers internationally, including regional subsidiaries in the UK and Hungary. The website reflects a professional and consistent brand presence with comprehensive product and service information, supporting a strong market position in manufacturing. Technically, the site uses a modern CMS and common web technologies but suffers from critical security shortcomings due to the lack of a valid SSL certificate and HTTPS support, which exposes users to risks. Privacy compliance is well addressed with clear cookie consent and privacy policies, aligning with GDPR requirements. Overall, the site is functional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

A

Amgen Inc.

amgen.com

40

Amgen Inc. is a leading global biotechnology company focused on developing innovative biologic medicines to treat serious illnesses. The website reflects a mature enterprise with comprehensive content covering its science, products, corporate responsibility, and investor relations. The target audience includes healthcare professionals, patients, investors, and partners. The business model centers on research, development, manufacturing, and delivery of biologic therapeutics, positioning Amgen as a pioneer in biotechnology with a strong market presence. Technically, the website employs modern JavaScript libraries such as jQuery and Slick Carousel, uses lazy loading for images, and integrates Google Tag Manager and Cookiebot for analytics and privacy compliance. Hosting is via Amazon CloudFront CDN, supporting global content delivery. The site is mobile optimized with good SEO and accessibility basics, though some accessibility features could be enhanced. From a security perspective, the site implements several security headers including Content Security Policy and X-Frame-Options. However, a critical issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. No TLS protocols are enabled, and HSTS is not properly configured. These gaps expose users to potential risks and undermine trust. Overall, the website is professionally designed and content-rich, but the lack of HTTPS and valid SSL certificate is a major security concern. Strategic improvements in SSL/TLS deployment and enhanced security configurations are essential to protect user data and maintain trust. Privacy compliance is well addressed with Cookiebot and clear privacy and cookie policies. Business credibility is high, supported by consistent branding and comprehensive corporate information.

Salzburg AG operates a comprehensive utility and telecommunications service platform primarily serving the Salzburg region in Austria. The company offers high-speed internet services under the CableLink brand, including fiber and wireless options, alongside TV and telephony services. It also provides energy supply and transportation services, positioning itself as a regional market leader with a large operational footprint. The website reflects a mature digital presence with extensive content, clear navigation, and multiple customer engagement channels. Technically, the site uses modern web technologies and analytics tools, though it currently lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well managed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but should address SSL issues to enhance security and user trust.

W

Wüstenrot

wuestenrot.at

38

Wüstenrot is a well-established Austrian financial services provider with a 100-year history, offering integrated banking, insurance, and savings products. The website reflects a mature digital presence with professional design, comprehensive content, and clear navigation tailored to private customers in Austria. Technically, the site is built on Adobe Experience Manager and uses modern web technologies and analytics tools. However, a critical security gap exists due to the absence of a valid SSL certificate and enabled TLS protocols, exposing users to potential risks. Privacy compliance is strong with GDPR-aligned cookie consent and detailed privacy policies. Overall, the business is credible and trustworthy, but urgent security improvements are needed to protect user data and maintain trust.

D

DONAU Versicherung AG Vienna Insurance Group

donauversicherung.at

40

DONAU Versicherung AG Vienna Insurance Group is a large Austrian insurance company offering a broad range of insurance products including health, pension, car, home, and legal protection insurance for private and business customers. The website is professionally designed with excellent content quality, clear navigation, and good mobile optimization. It uses TYPO3 CMS and integrates modern tools such as TagCommander for tag management and Empathy Portal for live chat support. Despite these strengths, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and security. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. The company demonstrates strong business credibility with certifications and high customer ratings. Overall, the site is functional and trustworthy but requires urgent SSL certificate remediation to improve security posture.

Swiss Post Ltd is a mature, enterprise-level national postal and logistics service provider in Switzerland, offering a broad range of physical and digital services including mail, parcels, financial services, and business solutions. The website reflects a professional and consistent brand presence with clear navigation and comprehensive service information targeting both private and business customers. Technically, the site uses modern JavaScript libraries, Sitecore CMS, and integrates advanced search and monitoring tools, but suffers from a critical SSL certificate issue that undermines its security posture. Security headers are well implemented, but the lack of a valid SSL certificate and absence of cookie consent mechanisms are notable gaps. The domain registration data is consistent and trustworthy, supporting the legitimacy of the business. Overall, the website is functional and credible but requires urgent security improvements to ensure user trust and compliance.

K

Krystal Hosting Ltd

katapult.io

63

Katapult, operated by Krystal Hosting Ltd, is a cloud infrastructure provider focused on delivering high-speed, reliable, and scalable virtual infrastructure solutions tailored for developers and teams. The company emphasizes ease of use, transparency, and sustainability, positioning itself as a competitive player in the cloud technology sector with a strong commitment to renewable energy and certified business practices. The website presents a professional and comprehensive overview of its services, targeting technology professionals and businesses seeking cloud infrastructure with pay-as-you-go pricing. Technically, the website is built on modern frameworks such as Next.js and React, with good mobile optimization and accessibility features. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the security posture and user trust. Privacy and cookie policies are well implemented with consent mechanisms, and the site uses Google Tag Manager for analytics and marketing. Security-wise, while no major vulnerabilities or exposed sensitive data were detected, the lack of HTTPS and security headers is a major concern. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are present. The domain registration data is consistent and mature, supporting the legitimacy of the business. Overall, Katapult demonstrates strong business credibility and technical maturity but must urgently address its SSL/TLS configuration to improve security and trust. Strategic recommendations include installing a valid SSL certificate, enabling security headers, and publishing security policies to enhance compliance and incident readiness.

W

Wijzer in geldzaken

geldlessen.nl

40

Geldlessen.nl is a Dutch educational platform operated by Wijzer in geldzaken, dedicated to improving financial literacy among school-aged children and youth in the Netherlands. The platform offers a comprehensive range of educational materials, teacher training, podcasts, and subsidy information to support financial education across primary, secondary, and vocational education sectors. It holds a strong market position as a trusted non-profit initiative with consistent branding and a clear mission. Technically, the website is built on a modern stack using nginx, JavaScript modules, and integrates Google Tag Manager and ReadSpeaker for accessibility and analytics. The hosting appears to be on DigitalOcean. The site is well-structured, mobile-optimized, and SEO-friendly, providing an excellent user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. From a security perspective, the site lacks a valid SSL/TLS certificate, uses no modern TLS protocols, and has malformed CAA DNS records. While some security headers like HSTS are present, the overall security posture is weak, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is a credible and professional educational resource but requires urgent security improvements, particularly in SSL/TLS deployment, to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, DNS record corrections, and publishing security policies to strengthen the security posture and compliance.

C

Centraal Beheer

centraalbeheer.nl

40

Centraal Beheer is a well-established Dutch insurance and financial services provider with over 115 years of history, operating under the parent company Achmea. The website offers a comprehensive range of services including insurance products, investment options, savings accounts, pensions, and mortgages, targeting both private individuals and businesses. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, the website uses a modern tech stack including Sitecore CMS, Azure hosting, and various marketing and analytics tools, though performance metrics are not available. Security posture is moderate; while several security headers are implemented, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which poses a significant risk. Privacy compliance is good with clear privacy and cookie policies and GDPR adherence. Overall, the domain registration and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.

C

Camif

camif.fr

40

Camif is a French e-commerce company specializing in sustainable and locally manufactured furniture and home decor. The website presents a professional and well-branded platform targeting consumers interested in eco-responsible products. The company emphasizes French and European manufacturing, supported by certifications such as B Corp and Entreprise à mission. The site features a rich product catalog, promotional offers, and strong social media presence. Technically, the site uses modern JavaScript libraries, analytics, and marketing tools, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces the security posture significantly. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Contact information is available primarily via phone and contact forms, with no explicit emails found in the content. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain compliance.

GENO Broker GmbH operates as a specialized online brokerage service affiliated with DZ BANK and the cooperative financial group in Germany. The company offers flexible and cost-efficient online depot models tailored to various investor profiles, including beginners, active traders, and young adults. Their services include online brokerage accounts, ETF and stock savings plans, derivatives trading, and a mobile trading app. The website reflects a professional and consistent brand image with comprehensive content and clear navigation aimed at private investors. Technically, the site uses modern JavaScript frameworks and SVG icons, hosted likely on German infrastructure, but suffers from slow load times and lacks HTTPS security, which is a critical vulnerability. Privacy compliance is strong with detailed policies and cookie consent mechanisms in place. Contact information is readily available through multiple channels, enhancing business credibility.

T

TÜV NORD GROUP

tuev-nord-group.com

53

The TÜV NORD GROUP is a well-established enterprise headquartered in Germany, specializing in safety, certification, inspection, and consulting services across multiple sectors including energy and transportation. With over 150 years of experience and a global presence in more than 100 countries, the company positions itself as a trusted provider of quality and safety solutions. The website reflects a professional and comprehensive digital presence, targeting businesses and organizations seeking expert services in safety and compliance. Technically, the site is built on TYPO3 CMS and utilizes modern JavaScript libraries and consent management tools, although performance is hindered by slow load times and an invalid SSL certificate. Security posture is weakened by the lack of a valid SSL certificate and absence of security headers, which poses risks to user trust and data protection. Privacy compliance is strong, with clear GDPR-aligned policies and cookie consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to enhance user confidence and compliance.

F

Freie und Hansestadt Hamburg

karriere.hamburg

56

The website karriere.hamburg serves as the official career portal for the Freie und Hansestadt Hamburg, offering a wide range of job opportunities, training programs, and career entry options in the public sector. It targets job seekers, students, and professionals interested in working for the city government. The site is well-branded and professionally presented with clear navigation and relevant content in German. Technically, the site uses modern HTML5 and responsive design techniques but lacks a valid SSL certificate, which is a critical security flaw. Security headers are partially implemented but some settings reduce protection. Privacy compliance is limited, with no cookie consent mechanism despite the presence of tracking scripts. Overall, the site is functional and credible but requires urgent security improvements to protect user data and trust.

1

11FREUNDE

11freunde.de

40

11FREUNDE is a well-established German digital magazine focused on football culture, providing comprehensive news, live tickers, video content, and subscription services. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, responsive design, and extensive content catering to football enthusiasts. However, the absence of a valid SSL/TLS certificate significantly impacts the site's security posture, exposing users to potential risks. While privacy and cookie policies are comprehensive and GDPR compliant, the lack of HTTPS and related security best practices are critical vulnerabilities. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

C

Coral

coral.com.br

53

Coral is a prominent Brazilian paint brand operating under the parent company AkzoNobel. The website serves as a comprehensive platform offering paint products, color inspiration tools, and professional services such as painter finders and online shopping. Technically, the site is built on Adobe Experience Manager and integrates modern marketing and analytics tools like Google Tag Manager and OneTrust for cookie consent. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are well implemented and GDPR compliant, the lack of security headers and email domain protections like DMARC present vulnerabilities. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

B

BHW Bausparkasse AG

bhw-partner.de

55

BHW Bausparkasse AG operates the BHW Partner portal, a dedicated platform for partners and financial advisors offering building savings and financing products in Germany. The website provides product information, tools, forms, and partner support services, positioning itself as a key player in the German finance sector specializing in Bausparen and Baufinanzierung. The site is professionally designed with consistent branding and good content quality, targeting financial partners and advisors. Technically, the website is built on Adobe Experience Manager CMS and integrates Webtrekk analytics for user tracking. However, the site currently lacks a valid SSL certificate and modern TLS configurations, which is a significant security concern. The presence of strong SPF and DMARC policies indicates good email security practices. Overall, the security posture is basic with room for improvement in SSL/TLS deployment and security headers. The website complies with GDPR and provides clear privacy and cookie policies with consent mechanisms. Strategic recommendations include upgrading SSL/TLS, enabling HSTS, and enhancing DNS security to improve trust and compliance.

D

dogado.partners

dogado.partners

65

dogado.partners is a specialized cloud and hosting service provider targeting system houses, web agencies, and ITK companies primarily in Germany. As part of the dogado.group, it leverages over 20 years of experience to offer tailored cloud infrastructure, cybersecurity, backup, and collaboration services through various partner programs. The company positions itself as a reliable partner enabling businesses to build and expand their own cloud and hosting offerings with expert support and flexible solutions. Technically, the website employs modern web standards including TLS 1.3, Google Tag Manager for analytics, and a comprehensive cookie consent mechanism ensuring GDPR compliance. Security posture is solid with ISO 27001 certification and no known SSL vulnerabilities, though improvements such as enabling HSTS, DNSSEC, and DMARC could enhance protection. The site demonstrates high professionalism, excellent content quality, and strong trust signals including a high Trustpilot rating. Overall, dogado.partners presents a mature digital presence aligned with its business goals and compliance requirements.

R

RTL+

rtlplus.de

61

RTL+ is a major German media streaming platform offering a wide range of entertainment content including live TV, movies, series, podcasts, music, and audiobooks. It operates under RTL interactive GmbH and provides tiered subscription packages to cater to diverse customer needs. The platform is well-positioned in the German media market with a strong brand presence and extensive content library. Technically, RTL+ utilizes modern web technologies such as Angular, Google Tag Manager, and Sourcepoint for consent management, hosted on EuroDNS infrastructure. The website demonstrates good SEO, mobile optimization, and accessibility standards, though performance is moderate due to resource load. Security-wise, the site employs TLS 1.2 with strong cipher suites and has valid SPF and DMARC records, but lacks TLS 1.3, HSTS, and OCSP stapling, which are recommended for enhanced security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, RTL+ presents a professional, trustworthy, and user-friendly streaming service with room for security enhancements.

B

BHW Bausparkasse AG

bhw.de

58

BHW Bausparkasse AG is a well-established German financial institution specializing in building savings and home financing products. The company operates a comprehensive website offering detailed information on its products, services, and customer support, targeting private customers interested in real estate financing and savings. The website is built on Adobe Experience Manager and integrates Webtrekk analytics for user tracking and marketing optimization. Security measures include a valid SSL certificate with TLS 1.2 and strong cipher suites, SPF and DMARC email authentication, and multiple domain verification records, although improvements such as enabling HSTS, OCSP stapling, and TLS 1.3 are recommended. The company maintains GDPR-compliant privacy and cookie policies with explicit consent mechanisms. Contact information is clearly provided with phone numbers and contact forms, but no explicit data protection officer contact or security policy page was found. Overall, the website demonstrates a mature digital presence with good usability and trust indicators, supported by strategic partnerships with Deutsche Bank and Postbank.

P

profihost

profihost.de

57

Profihost is a well-established German managed hosting provider specializing in e-commerce hosting solutions tailored for online shops of various sizes. With 25 years of experience and strategic partnerships with platforms like Shopware, OXID, and Pimcore, they offer a comprehensive portfolio including managed servers, clusters, security services, and performance optimization. Their market position is strong within the German e-commerce hosting niche, supported by verified customer testimonials and a partner program. Technically, the website employs modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager and Consent Manager for analytics and privacy compliance. However, performance is somewhat slow with a load time over 8 seconds. Security posture is basic with no HSTS, OCSP stapling, DNSSEC, or DMARC records, though no critical vulnerabilities were detected. Overall, the company demonstrates a professional and trustworthy online presence with room for security enhancements.

E

Energy Intelligence Group, Inc.

energyintel.com

54

The website's overall security posture is currently poor, with multiple critical and high-severity issues that pose significant risks to both data protection and regulatory compliance. The absence of HTTPS encryption is the most critical vulnerability, exposing user data to interception and undermining trust. Compliance with GDPR and NIS2 regulations is severely lacking, including missing cookie policies, consent mechanisms, and essential security governance documentation. While email security and network security appear strong, fundamental web security headers and DNS configurations require improvement. The failure to implement proper incident response and business continuity plans further increases operational risk. Immediate remediation is essential to protect sensitive customer information, maintain regulatory compliance, and safeguard the organization's reputation. Without urgent action, the business risks data breaches, legal penalties, and loss of customer confidence.

L

Lloyds Bank plc

lloydsbank.com

48

The website's security posture is currently inadequate, with critical vulnerabilities that pose significant risks to business operations and compliance. The absence of HTTPS encryption is a major flaw, undermining data confidentiality and trust. GDPR compliance is severely lacking, with no privacy or cookie policies, and no consent mechanisms, exposing the business to regulatory penalties. The lack of key security headers like Content-Security-Policy increases the risk of cross-site scripting attacks. Additionally, the organization has not implemented fundamental NIS2 cybersecurity requirements, including incident response and security policy frameworks, which jeopardizes operational resilience. While network security and email security show some strengths, critical gaps remain that could lead to data breaches or service disruptions. Immediate action is necessary to safeguard customer data, maintain regulatory compliance, and protect the brand reputation. Overall, the security maturity is low, especially in encryption and governance controls, requiring urgent remediation.

R

Roshan

roshan.af

67

The website demonstrates a moderate security posture with no critical vulnerabilities detected; however, multiple high and medium severity issues significantly increase its risk profile. Key deficiencies include missing essential security headers, absence of GDPR compliance mechanisms such as privacy and cookie policies, and lack of comprehensive information security governance aligned with NIS2 directives. These gaps expose the business to legal, reputational, and operational risks, including potential data breaches and regulatory penalties. While email security and underlying SSL/TLS configurations are relatively strong, foundational controls like HSTS and DNSSEC are not fully implemented. The presence of an exposed SSH service further amplifies attack surfaces if not properly managed. Immediate attention to governance policies, regulatory compliance, and core web security headers is critical to safeguard customer trust and ensure business continuity. Overall, the assessment underscores a need for a holistic security strategy integrating technical controls and policy frameworks.

The website https://sfari.org currently exhibits significant security and compliance gaps, particularly around regulatory adherence and security governance frameworks. While network and email security postures are strong, critical deficiencies in GDPR compliance, security policy documentation, and HTTP security headers expose the organization to legal, reputational, and operational risks.

W

WUSF

wusf.org

68

The wusf.org website currently exhibits significant security gaps across multiple critical areas including web security headers, GDPR compliance, and organizational security frameworks, resulting in an overall unknown risk rating. While network and email security postures are strong, the absence of key policies and security controls exposes the business to regulatory risks, data breaches, and operational disruptions. Addressing these vulnerabilities promptly will protect user data, ensure compliance, and strengthen stakeholder trust.

A

Ayvens Bank

ayvensbank.nl

65

Ayvensbank.nl currently exhibits significant security and compliance deficiencies, particularly in data privacy and information security governance, which expose the business to regulatory penalties and reputational risk. While network and email security show strengths, critical gaps such as missing privacy policies, inadequate incident response, and absent key security headers undermine trust and increase vulnerability to cyber threats.