Security Directory

W

Wijzer in geldzaken

financieelfittewerknemers.nl

40

Financieel fitte werknemers is a Dutch government-backed initiative by the Ministry of Finance aimed at helping employers support employees with financial wellbeing. The website provides informational resources, toolkits, e-learning, and guidance to recognize and address financial stress in the workplace. It targets employers and HR professionals in the Netherlands, positioning itself as a niche government platform with consistent branding and good content quality. Technically, the site is hosted on a DigitalOcean IP, served by nginx, and uses modern web technologies including Google Tag Manager and ReadSpeaker for accessibility. However, the site suffers from critical security issues including an invalid or missing SSL certificate and no enabled TLS protocols, which severely impact its security posture. Performance is slow, but mobile optimization and accessibility are good. SEO practices are well implemented. Security-wise, while some best practices like HSTS header presence exist, the lack of valid SSL and TLS support is a major vulnerability. No incident response or security policy pages are found, and DNSSEC is not enabled. Privacy compliance is strong with clear cookie consent and privacy policies aligned with GDPR. Overall, the site is a credible government resource with good content and user experience but requires urgent security improvements to protect user data and trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, fixing DNS CAA records, and enhancing security headers and incident response readiness.

W

Wijzer in geldzaken

weekvanhetgeld.nl

40

Week van het geld is a Dutch national initiative focused on promoting financial literacy among children and youth through educational programs and partnerships with government and financial sector entities. The website serves as an information hub offering thematic packages, guest lessons, explainer videos, and toolkits for schools and parents. The initiative is positioned as a trusted, government-related non-profit with a clear target audience in the education sector. Technically, the website uses a modern stack including nginx, Google Tag Manager, and accessibility tools like ReadSpeaker. However, it suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. The site is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security-wise, the lack of HTTPS and proper SSL configuration is a major vulnerability. While other security headers are partially present, the site does not implement advanced protections such as OCSP stapling or session resumption. No explicit security or incident response policies are published, which could be improved to enhance trust. Overall, the website is functional and professional but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, fixing DNS CAA records, and publishing security policies to improve compliance and user confidence.

A

airfocus

airfocus.com

53

airfocus is a modular product management SaaS platform designed to help product teams manage strategy, prioritize roadmaps, and align stakeholders effectively. The company positions itself as an enterprise-ready solution with strong integrations such as Jira, targeting product managers and teams seeking flexible and scalable product management tools. The website content is rich, professionally designed, and includes multiple trust indicators such as certifications and customer testimonials, reflecting a mature business presence. Technically, the website is built using modern technologies including React and Gatsby, hosted on Google Cloud infrastructure. While the site demonstrates good SEO and mobile optimization, performance metrics are not explicitly available. Security headers are implemented, but the SSL/TLS configuration is critically flawed with an invalid certificate and no TLS protocols enabled, significantly impacting the security posture. The security posture shows strengths in header implementation and compliance certifications (ISO 27001, SOC2, GDPR), but the lack of a valid SSL certificate and missing cookie consent mechanisms are notable weaknesses. No incident response or vulnerability disclosure information is publicly available, which could be improved to enhance trust. Overall, the website is professional and trustworthy from a business perspective but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and compliance with best practices. Strategic recommendations include fixing the SSL certificate, enabling modern TLS protocols, implementing cookie consent, and publishing incident response details to strengthen security and privacy compliance.

W

Wijzer in geldzaken

wijzeringeldzaken.nl

40

Wijzer in geldzaken is a Dutch government-backed platform dedicated to providing reliable financial information and education to the public. It targets a broad audience including children, youth, families, workers, and retirees, offering tools, tips, and educational content to improve financial literacy. The platform is supported by the Ministry of Finance and partners from various sectors, establishing it as an authoritative source in the Netherlands for financial guidance. Technically, the website uses standard web technologies with integrations such as Google Tag Manager for analytics. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, while the content and business credibility are strong, the lack of HTTPS and slow performance are key risks that need urgent remediation.

A

Achmea Investment Management

achmeainvestmentmanagement.nl

40

Achmea Investment Management is a prominent Dutch asset management firm specializing in fiduciary management and impact investing for institutional and private clients. The company operates under the Achmea brand, one of the largest financial services groups in the Netherlands, and offers portfolio construction, risk management, and asset management solutions. The website reflects a professional presence with clear business focus and relevant content targeted at institutional investors and private individuals. Technically, the website is hosted on Amazon AWS infrastructure and uses standard web technologies such as JavaScript, CSS, and HTML5. However, the site suffers from slow load times and lacks modern performance optimizations. Mobile optimization and accessibility are basic but functional. SEO practices are present but could be improved. From a security perspective, the website has critical shortcomings. It lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts user trust and security posture. No security headers or advanced TLS protocols are enabled, and DNS records show malformed CAA entries and missing domain protection locks. Cookie and privacy policies are present and GDPR compliant, but incident response and vulnerability disclosure mechanisms are absent. Overall, the website is functional and professional but requires urgent security improvements, especially enabling HTTPS and correcting DNS configurations, to enhance trustworthiness and compliance.

L

Lucid Software Inc.

lucidchart.com

62

Lucid Software Inc. operates Lucidchart, a leading SaaS platform specializing in intelligent diagramming and visual collaboration. The company targets enterprise and team users seeking to optimize processes and systems through AI-powered diagramming and integrations with popular enterprise tools. The website reflects a mature digital presence with comprehensive content, strong branding, and a wide range of integrations and resources. Technically, the site is built on modern frameworks like Gatsby and React, hosted via Akamai, and employs security headers and privacy compliance mechanisms. However, a critical security concern is the invalid SSL certificate, which undermines the overall security posture. Despite this, the company maintains good privacy policies and legal documentation, supporting GDPR compliance. Overall, Lucidchart presents a professional and trustworthy platform with room for security improvements.

S

Shopify

handshake.com

72

Shopify is a leading global e-commerce platform that empowers entrepreneurs and businesses to create, manage, and grow online stores with a comprehensive suite of tools including wholesale and B2B capabilities. The website content reflects a mature, well-established business with a strong market position and a focus on providing value to both small and large retailers. Technically, the site leverages modern frameworks such as React and is hosted on Cloudflare, ensuring fast performance and good accessibility. Security measures are robust with TLS 1.3 support and essential security headers, though improvements in HSTS configuration and certificate transparency compliance are recommended. The site maintains comprehensive privacy and legal policies, demonstrating good privacy compliance. Overall, the risk profile is low, with strong domain legitimacy and no detected vulnerabilities or blocking mechanisms.

Y

Yelp

yelp.ch

56

Yelp.ch is a localized German-language website serving the Swiss market, providing user-generated reviews and recommendations for local businesses such as restaurants, shopping, nightlife, and wellness services. The platform operates under Yelp Inc., a well-established company founded in 2004, with a strong market position as a leading local business review platform. The website offers extensive business listings, search functionality, and advertising services for business owners. Technically, the site uses modern web technologies including React and GraphQL, hosted primarily on Amazon AWS infrastructure. However, performance is hindered by slow load times and a large page size. Security posture is weakened by an invalid SSL certificate and lack of HTTPS enforcement, absence of security headers, and no HSTS policy, which are critical areas for improvement. Privacy compliance is strong, with comprehensive privacy and cookie policies and GDPR adherence. Overall, the site is professional, trustworthy, and content-rich but requires urgent security enhancements to protect users and maintain trust.

B

BikeFriend

bikefriend.com

54

BikeFriend is a mature e-commerce and retail business specializing in bicycles and related accessories, operating primarily in Belgium and the Netherlands. The company combines an extensive online catalog with physical stores offering test rides and maintenance services, positioning itself as a significant player in the regional bicycle market. Technically, the website uses modern frontend technologies and is hosted on Amazon AWS infrastructure, but lacks a valid SSL certificate, which critically impacts its security posture. The site includes standard privacy and cookie policies but lacks a visible consent mechanism and explicit security or incident response policies. Overall, the business shows strong domain registration practices and trust signals but must urgently address HTTPS implementation to improve security and user trust.

C

Cloudflare

cloudflarestatus.com

68

Cloudflare is a leading enterprise technology company specializing in web performance and security services delivered via a global intelligent network. The company provides a broad range of services including CDN, DNS, DDoS protection, serverless computing, and Zero Trust security solutions. Their system status page offers transparent, real-time insights into the operational status of their extensive global infrastructure, reflecting a mature and customer-focused approach to service reliability. The website is well-designed, mobile-optimized, and uses modern technologies such as jQuery and Atlassian Statuspage, hosted on Cloudflare's own infrastructure with strong security headers and HTTPS enforcement. However, some improvements can be made in privacy compliance, such as explicit cookie policies and enhanced HSTS settings. The domain registration data is consistent with the company's identity, showing no signs of suspicious activity or privacy protection that would obscure legitimacy. Overall, Cloudflare demonstrates a strong technical and security posture with clear communication and operational transparency.

T

twoday Oy

signom.com

65

Signom is a Finnish electronic signature service operated by twoday Oy, providing users with a platform to sign documents digitally using bank credentials. The service targets Finnish-speaking individuals and businesses seeking a quick and easy way to sign documents electronically. The website offers basic content with language options and clear navigation for login and registration. Technically, the site uses standard web technologies including jQuery and Google Fonts, hosted on Google Cloud infrastructure. Performance is moderate with some room for optimization. Security posture is adequate with HTTPS enabled and valid SPF and DMARC DNS records; however, improvements are needed in security headers, HSTS, and certificate transparency compliance. Privacy and cookie policies are present but lack advanced consent mechanisms. Overall, the site is functional and trustworthy but would benefit from enhanced security and privacy features to improve compliance and user trust.

K

Kesko Oyj

k-business.fi

40

K-Business.fi is a Finnish corporate credit card service website operated under Kesko Oyj and issued by Oma Säästöpankki Oyj. The site promotes the K-Business Credit card, which combines Visa credit capabilities with Plussa loyalty benefits and partner discounts. The target audience is Finnish businesses seeking flexible payment solutions with integrated loyalty rewards. The website is built on modern web technologies including Next.js and Contentful CMS, providing a professional and content-rich user experience. However, the site lacks a valid SSL certificate and does not support TLS protocols, which severely impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, but direct contact information such as emails or phone numbers is not explicitly provided, relying instead on contact forms and external links. Overall, the site demonstrates strong business credibility and branding but requires urgent security improvements to protect user data and ensure trust.

B

Budget Sport

budgetsport.fi

40

Budget Sport is a Finnish-based large retail e-commerce platform specializing in affordable sportswear and equipment. It operates under the parent company Intersport Finland Oy and targets Finnish consumers with a broad product range including running, cycling, football, and golf gear. The website is well-structured with clear navigation, multiple product categories, and a consistent brand presence. Technical infrastructure includes modern web technologies such as lazy loading and templating, hosted via Cloudflare with integration of Google Tag Manager and Google Maps API. However, the site currently suffers from a critical security issue: the SSL certificate is invalid or missing, and TLS protocols are disabled, severely impacting the security posture. Despite this, privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site scores well on content quality and business credibility but requires urgent remediation of SSL/TLS configuration to improve security and trust.

T

Taikala Oy

myclub.fi

40

Taikala Oy operates the myClub platform, a leading Finnish SaaS solution designed to streamline sports club management by providing integrated tools for membership management, billing, event organization, communication, and attendance tracking. The company holds a strong market position as the most popular and fastest-growing membership service in Finland, targeting sports clubs and their members. The platform emphasizes ease of use, data protection, and comprehensive service offerings tailored to the sports community. Technically, the website is built using modern frameworks such as Gatsby and React, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear policies and consent mechanisms. However, the absence of key security headers and an invalid SSL certificate reduce the overall security posture. Strategic improvements in SSL management and security hardening are recommended to enhance trust and compliance.

I

Intersport Finland

intersport.fi

40

Intersport Finland operates as a leading sports retail brand offering a wide range of sportswear, equipment, and leisure products through both online and physical stores. The company leverages a membership club model to enhance customer loyalty and provides extensive product categories targeting consumers interested in sports and outdoor activities. The website demonstrates a strong market position in Finland with a comprehensive product catalog and active social media presence. Technically, the site uses modern JavaScript libraries and is hosted behind Cloudflare, but lacks a valid SSL certificate, which is a significant security concern. Privacy and cookie policies are well-presented and indicate GDPR compliance. Overall, the site is professional and user-friendly but requires urgent improvements in its security posture to protect user data and build trust.

T

Tieteen termipankki

tieteentermipankki.fi

40

Tieteen termipankki is an open, collaborative terminology database serving all scientific disciplines in Finland, coordinated by the University of Helsinki and integrated into the national Fin-Clariah research infrastructure. The website provides a multilingual platform for researchers, students, and the public to access and contribute to scientific terminology. Technically, the site is built on MediaWiki with Semantic MediaWiki extensions and uses Matomo for analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security vulnerability. Privacy compliance is limited, with no cookie consent mechanism despite user tracking. Contact information is minimal, limited to a single email address. Overall, the site offers valuable academic content but requires urgent security and privacy improvements.

T

TopCV

topcv.com

65

TopCV is a leading global professional CV writing service operating under the parent company Talent Inc. The company offers a comprehensive suite of career services including CV writing, cover letter creation, LinkedIn profile optimization, and interview preparation. Their market position is strong, supported by extensive customer testimonials and high Trustpilot ratings. Technically, the website is built on a modern Next.js and React stack, hosted on AWS CloudFront, ensuring good performance and mobile optimization. However, the security posture is weakened by an invalid SSL certificate, despite the presence of HSTS headers and other security best practices. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with room for improvement in SSL management and advanced security headers.

Policygenius operates as an online insurance marketplace and brokerage platform primarily serving consumers seeking insurance products in the United States. The website content is minimal, focusing on a notice restricting personal information submission from EU and UK users, with contact details provided for further inquiries. The business model centers on insurance comparison and brokerage services, positioning Policygenius as an established player in the finance sector. From a technical perspective, the website is hosted on Fastly's CDN infrastructure, serving static HTML and CSS content with no detected CMS or advanced frameworks. Performance is slow with a load time exceeding 7 seconds, and the site lacks modern SEO and accessibility features. Mobile optimization is basic, and no JavaScript or analytics scripts are present. Security posture is weak due to the absence of a valid SSL/TLS certificate, lack of HTTPS support, and missing security headers. No advanced security mechanisms such as HSTS, OCSP stapling, or session resumption are enabled. The site does not provide privacy or cookie policies, nor does it demonstrate GDPR compliance, which is critical given the explicit restriction on EU/UK user data submission. Overall, the website presents significant risks related to security and privacy compliance. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, implementing security headers, and publishing comprehensive privacy and cookie policies. Enhancing content quality, SEO, and user experience will also improve business credibility and trustworthiness.

I

IoT Smart Space Research Team (IoT-s2o)

s2labs.org

39

The website represents an academic research group led by Marc-Oliver Pahl, focusing on autonomous control and management in heterogeneous networks, specifically IoT Smart Space Orchestration. The group is affiliated with the Technical University of Munich and Institut Mines Telecom, targeting researchers, students, and industry partners interested in IoT technologies and smart spaces. The site serves as an informational and educational platform, offering research insights, teaching activities, project showcases, and open positions for students. Technically, the website is hosted on an Apache server running on Ubuntu, using a custom minimalistic CMS (miniCMS). The site lacks modern security implementations such as HTTPS, HSTS, and DNSSEC, and does not employ advanced web frameworks or performance optimizations. The content is primarily static HTML with embedded multimedia and social media widgets. Performance data is unavailable, and mobile optimization is basic. From a security perspective, the absence of HTTPS and valid SSL certificates is a critical vulnerability, exposing users to potential data interception risks. No security policies, incident response contacts, or vulnerability disclosure mechanisms are published. The site does not implement cookie consent or privacy compliance features beyond a basic privacy policy page. Analytics usage is minimal and disabled, reducing privacy concerns but also limiting insights. Overall, the website functions adequately as an academic informational resource but requires urgent security upgrades and privacy compliance improvements to protect users and enhance trustworthiness. Strategic recommendations include implementing HTTPS, adding security headers, publishing comprehensive privacy and security policies, and improving technical infrastructure for better performance and accessibility.

T

Technische Universität Wien

tuwien.at

40

Technische Universität Wien (TU Wien) is a leading technical university in Austria, providing comprehensive education, research, and cooperation services primarily in the technology and engineering sectors. The website reflects a mature digital presence with a professional design, clear navigation, and strong accessibility and privacy compliance measures. However, the security posture is weakened by the absence of a valid SSL/TLS certificate and lack of modern TLS protocol support, which poses significant risks to user data confidentiality and trust. The university employs TYPO3 CMS and integrates multiple analytics and marketing tools, demonstrating a high level of digital maturity but with room for security improvements. Overall, the website is content-rich and trustworthy but requires urgent remediation of its SSL configuration to meet modern security standards.

B

Blue Cross and Blue Shield of Illinois

bcbsil.com

61

Blue Cross and Blue Shield of Illinois (BCBSIL) is a major health insurance provider serving the entire state of Illinois with a broad range of health plans including individual, family, Medicare, Medicaid, and employer plans. The company is a large, customer-owned insurer with a significant market presence, serving over 8.9 million members. The website reflects a mature digital presence with comprehensive content, clear navigation, and integration of multiple health insurance products and member resources. Technically, the site is built on Adobe Experience Manager and leverages various Adobe marketing and analytics tools, but suffers from a critical security issue due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Privacy compliance is basic with a privacy policy present but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

杉山労務管理事務所 is a small, regionally focused social insurance labor consultant office based in Saitama Prefecture, Japan. The company provides labor management services including labor risk assessment, employment regulation creation and revision, and support for administrative investigations. Their target audience is primarily small to medium businesses in the Kanto region. The website content is primarily in Japanese and offers free labor risk diagnostic tools via external links. Technically, the website is basic with no CMS detected, minimal JavaScript and CSS usage, and no advanced frameworks. Performance data is missing but inferred slow. Critically, the site lacks HTTPS support and a valid SSL certificate, exposing users to security risks. No privacy or cookie policies are present, and no security best practices such as security headers or incident response information are published. Contact information is clearly provided including phone, email, physical address, and a contact form embedded via iframe. Overall, the site is functional but lacks modern security and privacy compliance measures, which significantly impacts trust and security posture.

B

Barkhausen Institut

barkhauseninstitut.org

55

The Barkhausen Institut is an independent research institute based in Dresden, Germany, specializing in trustworthy networked electronic systems and the Internet of Things (IoT). It collaborates closely with the Technical University of Dresden and focuses on research and development of secure, transparent, and sustainable digital technologies. The website targets researchers, academics, and industry professionals interested in IoT and trustworthy digital systems. The business model centers on research, innovation, and public outreach in the technology sector. The institute holds an international reputation with a medium-sized organizational footprint.

Eudonet is a technology company specializing in CRM software solutions, targeting subscribers and clients primarily in France with additional presence in Canada and the UK. The website analyzed is a secure login portal for Eudonet CRM subscribers, offering multi-language support and user authentication features. The business model centers on SaaS CRM services with a focus on client account management. Technically, the site runs on Microsoft IIS with ASP.NET and uses XHTML transitional markup. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but the absence of TLS protocols and certificate transparency compliance significantly weakens the security posture. Privacy and cookie policies are not present, and no contact or business information is provided on this login page, limiting transparency and compliance indicators. Overall, the site demonstrates moderate business credibility and good content quality but suffers from poor security and privacy compliance.

W

WebBuilds B.V.

webbuilds.nl

40

WebBuilds B.V. is a small Dutch technology company specializing in custom web application development and SaaS products. Their offerings include CRM, e-commerce, API integrations, and proprietary SaaS tools such as ploi.io and Documentator. The company targets businesses seeking tailored web solutions and emphasizes quality and precision in development. Technically, the website uses modern frameworks like Laravel and TailwindCSS and is hosted behind Cloudflare. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are present but insufficient without HTTPS. Privacy compliance is minimal, with no visible privacy or cookie policies. The company uses Matomo analytics, indicating some privacy awareness. Overall, the website is professional and well-branded but requires urgent security improvements to protect users and enhance trust.

RETHMANN SE & Co. KG is a well-established German family-owned holding company founded in 1934, operating primarily in the transportation and energy sectors through its subsidiaries REMONDIS, Rhenus, SARIA, and a significant stake in Transdev. The company provides comprehensive services in recycling, logistics, sustainable product manufacturing, and public mobility solutions, targeting industrial clients, municipalities, and private customers. The website is built on TYPO3 CMS, featuring good content quality, clear navigation, and professional design, though it lacks a valid SSL certificate, which is a critical security concern. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism is present. The company demonstrates strong business credibility with detailed contact information and legal disclosures.

D

Daxia

waasabi.io

63

Daxia operates as an embedded finance platform enabling businesses across multiple industries to integrate fintech solutions such as payments, collections, and rewards into their digital ecosystems. Positioned as a fintech accelerator, it offers strategic advisory, API-based fintech services, crypto asset management, and tokenization solutions. The company is affiliated with Globant, a recognized technology consulting firm, enhancing its market credibility. Technically, the website employs modern web technologies including Google Tag Manager and Usercentrics for consent management, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. Security posture is weak due to absence of HTTPS, security headers, and advanced email protection policies. Privacy compliance is basic with presence of privacy and terms policies but no explicit GDPR compliance indicators. Overall, the website demonstrates moderate business credibility but requires urgent security improvements to protect user data and enhance trust.

Ash Allen Design is a small freelance web design and Laravel development business based in Preston, UK. The company offers affordable, high-quality website design and development services tailored to small local businesses and developers. The website presents a professional image with comprehensive service descriptions, client testimonials, and a portfolio, positioning itself as a trusted local provider with a strong digital presence including authored books and free resources. Technically, the site uses modern web technologies such as Bootstrap, Livewire, and Font Awesome, hosted likely on DigitalOcean, with moderate performance and excellent mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy compliance is addressed with a cookie consent mechanism and a clear privacy policy. Overall, the site is professional and credible but requires urgent security improvements to protect user data and enhance trust.

Recurve is a small technology company offering a SaaS time tracking and invoicing tool targeted at freelance developers. The website presents a clear business focus on helping freelancers plan hours, manage clients, and automate invoicing. The technical infrastructure includes a modern JavaScript stack with Livewire and Statamic CMS, hosted behind Cloudflare DNS. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. The security posture is weak with no security headers or HSTS enabled. Privacy compliance is minimal with no visible privacy or cookie policies. The site uses Fathom Analytics for minimal user tracking, indicating some privacy awareness. Overall, the website is functional and professionally designed but requires urgent improvements in security and compliance to build trust and protect user data.

Q

Quad9 Foundation

quad9.net

53

Quad9 Foundation operates a globally recognized public DNS recursive service focused on enhancing Internet security and privacy by blocking malicious domains. The organization is a not-for-profit entity based in Switzerland, leveraging partnerships with major industry players such as IBM and the Global Cyber Alliance. Their service is widely used, with resolver clusters in over 110 countries and millions of daily blocks, positioning them as a key player in the DNS security space. Technically, the website is built using the Hugo static site generator and employs modern web technologies with good mobile optimization and accessibility. However, performance is hindered by slow load times and a high number of resources. The DNS configuration is robust with SPF records but lacks DNSSEC and DMARC, and critically, the SSL/TLS configuration is invalid or missing, exposing the site to security risks. From a security perspective, Quad9 demonstrates strong privacy commitments and transparency, including GDPR compliance and no logging of IP addresses. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No incident response or vulnerability disclosure policies are publicly evident, which could be improved to enhance trust. Overall, Quad9 presents a trustworthy and professional service with excellent content quality and business credibility. The main risk lies in the missing SSL certificate and related security configurations, which should be addressed promptly to protect users and maintain trust.

C

Camif

camif.fr

40

Camif is a French e-commerce company specializing in sustainable and locally manufactured furniture and home decor. The website presents a professional and well-branded platform targeting consumers interested in eco-responsible products. The company emphasizes French and European manufacturing, supported by certifications such as B Corp and Entreprise à mission. The site features a rich product catalog, promotional offers, and strong social media presence. Technically, the site uses modern JavaScript libraries, analytics, and marketing tools, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces the security posture significantly. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Contact information is available primarily via phone and contact forms, with no explicit emails found in the content. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain compliance.

D

Dogfinance

dogfinance.com

61

Dogfinance is a specialized professional social network and job platform targeting finance professionals primarily in France. It offers a comprehensive suite of services including job listings, company profiles, news, events, and networking opportunities tailored to the finance sector. The platform leverages modern web technologies such as React and Next.js, hosted on Google Cloud infrastructure, providing a responsive and professional user experience. Security is implemented with HTTPS using modern TLS protocols, though some improvements are recommended such as enabling HSTS and adding DNS security records. Privacy policies and terms of service are present and comprehensive, indicating a commitment to compliance, although cookie consent mechanisms are not evident. Overall, Dogfinance presents a credible and professional online presence with room for security enhancements.

MeteoSchweiz is the Swiss Federal Office for Meteorology and Climatology, providing authoritative weather forecasts, climate monitoring, and natural hazard warnings for Switzerland. As a government agency, it holds a strong national market position and offers key services including meteorological data, public information, and specialized applications for weather and climate. The website is professionally designed, content-rich, and targets both the general public and specialized users such as government bodies and meteorology professionals. Technically, the site uses modern web technologies and is hosted via Google infrastructure, with good performance and accessibility features. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which undermines secure HTTPS access. Security headers and content policies are well implemented, but the absence of cookie consent mechanisms and some advanced security features reduces privacy compliance. Overall, the site is trustworthy and authoritative but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

G

Groupe iliad

iliad.fr

40

Groupe iliad is a major telecommunications and technology group based in France, operating multiple subsidiaries that provide internet, mobile, and cloud services across Europe. The website reflects a professional and consistent brand presence targeting a broad audience including consumers, investors, and media. The technical infrastructure leverages modern frontend technologies such as React and Material-UI, but suffers from slow load times and lacks a valid SSL certificate, resulting in insecure HTTP connections. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. However, the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

S

Swiss Federal Institute for Forest, Snow and Landscape Research WSL

wsl.ch

48

The Swiss Federal Institute for Forest, Snow and Landscape Research WSL is a prominent Swiss federal research institute focused on environmental sciences including forest, landscape, biodiversity, natural hazards, and snow and ice. It operates under the ETH Domain and serves a broad audience including researchers, forestry experts, policymakers, and the public. The website reflects a professional government research entity with comprehensive content and consistent branding. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, hosted likely by switch.ch. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. No privacy or cookie policies are explicitly found, and security headers are absent, indicating gaps in security best practices. Overall, the site is content-rich and trustworthy but requires urgent security improvements.

K

KnpUniversity

knpuniversity.com

59

KnpUniversity operates the SymfonyCasts website, a specialized online education platform focused on PHP and Symfony tutorial screencasts. The platform offers a subscription-based model with over 125 video tutorial courses and guided learning tracks, targeting developers seeking to enhance their skills in PHP and Symfony frameworks. The website is well-branded, professionally designed, and features rich content including testimonials and code downloads, positioning itself as a trusted resource in the developer education market. Technically, the website is hosted on SymfonyCloud and uses Cloudflare for DNS and nameservers. The tech stack includes modern JavaScript, CSS, and Symfony framework components. However, performance is slow with a high page load time, and accessibility is basic. SEO is adequately addressed with proper meta tags and Open Graph data. Mobile optimization is good, ensuring usability across devices. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are enabled, and there is no evidence of security best practices such as HSTS or OCSP stapling. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a contact form, with no direct emails or phone numbers provided. Overall, the website presents a professional and content-rich platform but suffers from significant security shortcomings that could impact user trust and data protection. Strategic improvements in SSL/TLS implementation, security headers, and privacy compliance are recommended to enhance the security posture and regulatory adherence.

The VR-BankenPortal website is a secure login portal designed for cooperative banks affiliated with DZ BANK AG, one of Germany's leading cooperative central banks. It provides customers and members with access to online banking services, including account management and password reset functionalities. The portal is clearly branded with DZ BANK's identity and targets banking customers within the cooperative banking sector in Germany. The business model focuses on providing secure digital access to banking services rather than direct customer engagement or marketing. From a technical perspective, the website employs modern TLS protocols (TLS 1.3 and 1.2) and is hosted on Google Cloud infrastructure. However, the site exhibits slow load times and lacks advanced security headers and cookie consent mechanisms. The absence of structured data and analytics scripts suggests a minimalistic approach focused solely on secure login functionality. Mobile optimization and accessibility are basic, indicating room for improvement in user experience. Security posture is adequate but not robust. HTTPS is enforced with a valid certificate, but critical security enhancements such as HSTS, OCSP stapling, DMARC records, and security headers are missing. The login form posts credentials securely to a DZ BANK domain, reducing phishing risk. No vulnerabilities or exposed sensitive data were detected, but the lack of certain security best practices lowers the overall security score. Overall, the website is functional and trustworthy for its intended purpose but would benefit from performance optimization, enhanced security configurations, and improved privacy compliance measures. Strategic improvements in these areas would strengthen user trust and regulatory adherence.

A

Atruvia AG

fiduciagad.de

40

Atruvia AG operates as a large IT service provider focused on banking digital transformation, consulting, IT outsourcing, and related services primarily in Germany. The website presents a professional and consistent brand image with clear navigation and relevant content targeting professionals, students, and customers in the finance and technology sectors. Technically, the site uses modern web technologies including JavaScript modules and Craft CMS, but suffers from a lack of valid SSL/TLS configuration, resulting in no HTTPS support and weak security posture. The cookie consent mechanism and privacy policy indicate good privacy compliance, although no explicit incident response or vulnerability disclosure policies are found. Overall, the site is functional and trustworthy but requires urgent security improvements.

R

Red Bull

redbullmusicstudios.com

64

Red Bull Music Studios operates a global network of creative recording studios designed to support artists and producers with state-of-the-art equipment and facilities. The website reflects a professional and consistent brand presence aligned with the larger Red Bull corporate identity. It targets artists worldwide, providing studio spaces in key cities such as Los Angeles, Paris, and Berlin. The business model focuses on offering creative environments rather than direct product sales. Technically, the site is hosted on Amazon AWS infrastructure with valid SSL encryption and uses modern web technologies including JavaScript and CSS. Performance is moderate with room for optimization. Security posture is adequate with valid SSL and strict SPF records, but lacks advanced HTTP security headers and DNSSEC. Privacy compliance is strong, featuring a comprehensive privacy policy and cookie consent mechanism via OneTrust. Overall, the site is trustworthy and professionally maintained, though security enhancements are recommended.

BMW M GmbH operates the official BMW M website, showcasing its high-performance vehicles, motorsport heritage, and driving experiences. The company holds a strong market position in the premium automotive segment, targeting enthusiasts and customers seeking performance and motorsport engagement. The website reflects a mature digital presence with rich multimedia content, clear navigation, and comprehensive legal and privacy documentation. Technically, the site uses modern web technologies, including Adobe Experience Manager CMS, Akamai CDN, and performance monitoring tools, delivering a good user experience across devices. Security posture is solid with HTTPS, SPF, DMARC, and no critical vulnerabilities detected, though improvements like HSTS and additional security headers are recommended. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness.

A

Arvato Systems

arvato-systems.com

68

Arvato Systems is a large, internationally active IT specialist and multi-cloud service provider headquartered in Germany, focused on enabling digital transformation for enterprises across various industries including healthcare, energy, retail, manufacturing, and government. The company offers a broad portfolio of services such as cloud transformation, application modernization, managed services, security services, and SAP solutions. Their market position is reinforced by multiple industry awards and certifications, including ISO 27001. Technically, the website is built on CoreMedia CMS with modern web technologies and provides a good user experience with mobile optimization and clear navigation. However, the security posture is weakened by an invalid or missing SSL certificate and lack of modern TLS protocol support, which are critical issues that should be addressed promptly. Privacy compliance is strong with a comprehensive privacy policy, cookie consent mechanism, and GDPR adherence. Overall, the website demonstrates professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

A

Arvato Systems Schweiz AG

arvato-systems.ch

71

Arvato Systems Schweiz AG is a subsidiary of the international Arvato Systems group, specializing in IT services and digital transformation solutions. The company offers a broad portfolio including digital commerce, cloud services, application modernization, and industry-specific IT solutions targeting enterprises primarily in Switzerland and globally. The website reflects a mature digital presence with comprehensive content, local contact points, and professional branding. Technically, the site uses CoreMedia CMS and modern web technologies but suffers from slow load times and lacks some advanced security configurations such as HSTS and OCSP stapling. Security posture is solid with valid SSL, SPF, and DMARC records, but no explicit security or incident response policies are published. Privacy compliance is well addressed with a cookie consent mechanism and a detailed privacy policy. Overall, the site is professional and trustworthy but could improve performance and security hardening.

The Hill to Sea Corridor website provides informational content about a proposed 28-mile transportation route connecting multiple transit lines and regional amenities. The site targets local residents and commuters interested in regional transit development. The business model appears to be informational or advocacy-focused without commercial transactions or services. Technically, the site uses a modern JavaScript module approach, likely React or a similar framework, hosted on DigitalOcean with DNS managed by DigitalOcean nameservers. However, the site suffers from slow load times and minimal content depth. Security posture is weak, with no valid SSL certificate, no HTTPS enabled, and absence of security headers or best practices. Privacy and compliance policies are missing, and no contact or business information is provided, limiting trust and credibility. Overall, the site is accessible but lacks fundamental security and compliance features, resulting in a low security and trust score.

V

Visa

cardinalcommerce.com

73

Visa Protect is a comprehensive enterprise-wide risk and fraud prevention solution offered by Visa Inc., a global leader in payment technology and security. The website presents detailed information about Visa Protect's capabilities in preventing fraud across multiple payment endpoints using AI and real-time decisioning. The site targets financial institutions, acquirers, issuers, merchants, and large businesses, emphasizing Visa's scale and expertise in securing billions of transactions daily. Technically, the site is built on modern web technologies including Adobe Experience Manager CMS, uses Cloudflare for hosting and security, and employs DigiCert SSL certificates ensuring strong encryption. The site is well-structured with multimedia content and good SEO practices but lacks explicit privacy and cookie policies, which impacts privacy compliance scores. Security headers are robust, and no vulnerabilities were detected in the provided data. Overall, the site demonstrates a strong security posture and professional business credibility but should improve privacy compliance and contact transparency.

V

vitrado

vitrado.de

40

vitrado.de operates as an inhouse affiliate marketing network primarily serving the freenet Group's portfolio of digital lifestyle and telecommunications products. The platform targets affiliate marketers and partners seeking to promote these products through various partner programs and marketing tools. The website presents a professional and consistent brand image aligned with its parent company, freenet Group, and offers a range of partner programs including waipu.tv, klarmobil, and freenet Mobile among others. Technically, the site leverages JavaScript, CSS, and SVG technologies with Cloudflare DNS and hosting, but suffers from slow load times and lacks modern security configurations such as a valid SSL certificate and HTTPS support. Security posture is weak due to missing HTTPS, absent security headers, and disabled DNSSEC, exposing the site to potential risks. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to enhance trust and compliance.

The website sparkassen-mediacenter.de serves as a centralized media management platform primarily targeting the Sparkassen-Finanzgruppe, a major financial group in Germany. It offers a suite of services including video content management, podcasts, interactive videos, and playlist creation, aimed at enhancing digital content distribution within the group's online platforms. The platform is positioned as an internal tool to streamline media content handling and ensure secure access to both public and internal video assets. Technically, the site is built on a traditional Apache server with standard HTML, CSS, and JavaScript assets. However, it lacks modern security infrastructure, notably missing a valid SSL/TLS certificate and HTTPS support, which significantly undermines its security posture. The site includes multiple JavaScript libraries and CSS bundles but does not leverage modern frameworks or CMS platforms. Security headers are partially implemented, but critical HTTPS and TLS configurations are absent. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a phone number and support ticket instructions, with no email addresses or social media presence. Overall, the site demonstrates moderate business credibility and good content relevance but suffers from critical security shortcomings that must be addressed to protect user data and maintain trust.

L

L-Bank

l-bank.info

40

L-Bank is the state development bank of Baden-Württemberg, Germany, providing financial support and services to businesses, municipalities, and individuals within the region. The bank focuses on economic development, housing promotion, family support, education, and social initiatives. It holds a strong market position as a regional government-backed financial institution with a history dating back to 1924. The website reflects a mature digital presence with modern technologies such as Vue.js and Hippo CMS, delivering excellent user experience and accessibility. Security posture is robust with HTTPS, comprehensive security headers, and cookie consent mechanisms, although some improvements like OCSP stapling and HSTS preload could enhance security further. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility.

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

40

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

R

RTL Group

rtlgroup.com

54

RTL Group is a major European entertainment company with a broad portfolio of TV channels, streaming services, radio stations, and content production subsidiaries. The company is publicly traded and majority owned by Bertelsmann, with a strong market position in multiple European countries. The website presents comprehensive business information, investor relations, career opportunities, and corporate responsibility content, reflecting a mature and professional digital presence. Technically, the site uses nginx and a custom CMS, with Google Tag Manager for analytics. However, a critical security weakness is the lack of a valid SSL certificate and absence of HTTPS, which severely impacts the security posture. Privacy and cookie policies are not explicitly found, though a consent mechanism is present. Overall, the site is well-designed and content-rich but requires urgent security improvements.

N

Neste

neste.com

54

Neste is a leading global producer of sustainable aviation fuel and renewable diesel, focusing on mitigating climate change and advancing the circular economy. The company holds a strong market position in the energy and transportation sectors, offering renewable solutions that enable customers to reduce greenhouse gas emissions. The website reflects a mature digital presence with rich multimedia content, multiple language support, and comprehensive corporate disclosures. Technically, the site is built on modern frameworks such as Next.js and React, hosted on Microsoft Azure, and incorporates advanced marketing and consent management tools. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL configuration to ensure secure user interactions.