Security Directory

C

CSEM

csem.ch

58

CSEM is a Swiss public-private, non-profit technology innovation center founded in 1984, headquartered in Neuchâtel, with over 600 employees and multiple locations across Switzerland. It specializes in developing and transferring disruptive technologies with high societal impact across sectors such as precision manufacturing, digitalization, ultra-low-power electronics, AI, optical elements, and sustainable energy. The organization collaborates extensively with universities, research institutes, and industry partners, supporting innovation and economic growth in Switzerland. Technically, the website is built on modern frameworks like Nuxt.js and uses Prismic CMS, hosted on Netlify, but suffers from a critical security weakness due to the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts secure communications. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is comprehensive, including email, phone, and physical address. The site demonstrates strong business credibility with testimonials, certifications, and active participation in industry events. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to protect user data and maintain trust.

I

Invest in Nouvelle Aquitaine

invest-in-nouvelle-aquitaine.fr

40

Invest in Nouvelle Aquitaine is a regional business support network in France, specializing in assisting companies with their implantation projects in the Nouvelle-Aquitaine region. The organization offers personalized and free services including real estate search, administrative procedures, public funding, and networking with regional experts. The website is built on WordPress using the Avada theme and integrates various plugins for enhanced functionality and user experience. Despite a professional design and good content quality, the site lacks a valid SSL certificate, which impacts its security posture significantly. Additionally, there is no cookie consent mechanism or DMARC record, indicating partial privacy compliance. The presence of Google Analytics and Matomo Tag Manager shows moderate user tracking. Overall, the website serves its business purpose well but requires critical security improvements to enhance trust and compliance.

A

Agence Locale Pour la Coopération Européenne (ALPC)

europe-en-nouvelle-aquitaine.eu

40

The website europe-en-nouvelle-aquitaine.eu serves as the official digital presence of the Europe office for the Nouvelle-Aquitaine region in France. It provides comprehensive information and support related to European funding, project submission, and regional development initiatives. The site targets a diverse audience including regional businesses, public entities, associations, and individual beneficiaries seeking European aid and partnership opportunities. The business model is that of a public regional agency facilitating access to European funds and promoting regional cooperation. Technically, the website is built on the Drupal CMS platform, utilizing common web technologies such as Bootstrap, jQuery, Google Fonts, and Google Maps API. While the site is mobile-optimized and offers good navigation and content relevance, its performance is slow with a page load time exceeding 12 seconds. SEO and accessibility are basic but functional. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS protection. No security headers or DNS security features like DNSSEC or CAA records are implemented. Cookie consent is present, but privacy and security policies are basic. The absence of HTTPS and security headers significantly lowers the security posture, posing risks to user data confidentiality and integrity. Overall, the website is professionally designed and serves its informational purpose well but requires urgent improvements in security infrastructure, especially SSL implementation and security headers. Enhancing performance and accessibility would also benefit user experience and trustworthiness.

A

Altæ Technopole Niort Deux-Sèvres

altae-technopole.fr

32

Altæ Technopole Niort Deux-Sèvres is a regional innovation and entrepreneurship hub based in the Deux-Sèvres region of France. The organization focuses on catalyzing innovation and supporting startups and entrepreneurs through ecosystem animation, tailored accompaniment programs, and promoting territorial attractiveness. The website is built on WordPress using Elementor and Yoast SEO, with a modern but basic technical infrastructure hosted likely on OVH. While the site offers good content quality and SEO optimization, it lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security gap. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is limited to a contact form, with no explicit emails or phone numbers found. Social media presence includes LinkedIn and YouTube. The site integrates Piwik PRO analytics and uses WP Rocket for performance optimization, though performance data indicates slow loading. Security posture is weak due to missing HTTPS and lack of security headers. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, adding security headers, and improving privacy compliance. Overall, the site is functional and professional but requires significant security improvements to meet modern standards.

U

UserScape, Inc.

helpspot.com

45

HelpSpot, operated by UserScape, Inc., is a specialized help desk software provider focused on transforming chaotic email support into an efficient, unified system. Established in 2005, the company targets businesses and organizations that require streamlined customer support solutions. Their offerings include email ticketing, automation, reporting, and self-service portals, available as both cloud-hosted and on-premise deployments. The website demonstrates strong branding, comprehensive content, and a professional user experience, positioning HelpSpot as an affordable and customizable alternative in the help desk software market. Technically, the site uses modern web technologies such as Alpine.js, Livewire, and Cloudflare CDN, hosted on AWS infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation significantly impacts the security posture. Security headers are present, but critical TLS protocols and encryption are missing, exposing the site to potential risks. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are not evident. Overall, while the business and technical maturity are solid, the lack of HTTPS is a critical vulnerability that must be addressed to ensure trust and security.

U

URL Networks

url.net.au

49

URL Networks is an Australian telecommunications provider specializing in business telephony and internet services, including hosted cloud PBX, SIP trunking, and various internet connectivity plans. The company positions itself as a trusted provider for businesses seeking stress-free telecommunications solutions. Their website is built on WordPress with modern plugins and tools, targeting Australian business customers with a focus on cloud and virtualized telephony services. The site includes detailed service descriptions and multiple contact channels, including phone, email, and social media. Technically, the website uses a WordPress CMS with Elementor, Yoast SEO, and several marketing and analytics tools such as Google Tag Manager and Chatlio live chat. Hosting appears to be on AWS infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Performance data is missing, and no cookie consent mechanism is present, indicating limited privacy compliance. Security posture is weak due to the absence of HTTPS, no security headers, and no modern TLS protocols enabled. While no active vulnerabilities like Heartbleed or POODLE are detected, the lack of encryption exposes users to significant risks. Privacy policy is present and comprehensive but GDPR compliance is uncertain due to missing cookie consent. Incident response and security policies are not published. Overall, the website is functional and professionally designed but requires urgent security improvements, especially enabling HTTPS and implementing security best practices. Privacy compliance should be enhanced with cookie consent mechanisms. Business credibility is supported by clear contact information and social media presence, but security gaps reduce trustworthiness.

U

UserScape, Inc.

userscape.com

65

UserScape, Inc. is a small technology company founded in 2005 that specializes in developing software products such as HelpSpot (help desk software), LaraJobs (Laravel job board), and Thermostat (NPS survey software). They are deeply embedded in the Laravel PHP community, organizing official conferences and job boards, positioning themselves as a niche player with a strong community focus. The website reflects a professional and consistent brand with good content quality and clear navigation, targeting businesses and developers within the Laravel ecosystem. Technically, the website uses modern frontend technologies including Tailwind CSS and ES modules, hosted behind Cloudflare. However, the site suffers from a lack of a valid SSL certificate and does not support HTTPS, which is a critical security flaw. Performance is moderate, and mobile optimization is good, but accessibility and SEO optimizations are basic. No CMS or advanced analytics tools were detected. From a security perspective, while email security is well configured with SPF and DMARC policies, the absence of HTTPS, security headers, and other best practices significantly lowers the security posture. No incident response or security policy information is available, and no cookie or privacy consent mechanisms are implemented, indicating gaps in privacy compliance. Overall, the site is functional and professional but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect user data.

E

EnviDat

envidat.ch

53

EnviDat is a specialized open-source platform dedicated to environmental research data management and publication, primarily serving researchers affiliated with Swiss institutions such as the Swiss Federal Institute for Forest, Snow and Landscape WSL and the ETH Domain. The platform supports FAIR data principles and integrates with major international data repositories to enhance data discoverability and reuse. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuetify, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS, absence of security headers, and no evident incident response or vulnerability disclosure policies. Privacy compliance is partial, with a cookie consent banner present but no explicit privacy policy found. Overall, the site is professional and trustworthy in content but requires significant improvements in security and privacy compliance to meet modern standards.

L

Laracon Australia

laracon.au

57

Laracon AU is a prominent technology conference focused on the Laravel PHP framework, organized in collaboration with Laravel, Inc. The event is scheduled for November 2025 in Brisbane, Australia, targeting Laravel developers and the broader PHP community. The website serves as a comprehensive platform for event information, ticket sales, speaker announcements, and sponsorship opportunities. Technically, the site employs modern frontend technologies such as Alpine.js and Livewire, hosted behind Cloudflare DNS services. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Privacy and cookie policies are not explicitly presented, indicating potential compliance gaps. Overall, the site demonstrates good business credibility and content quality but requires urgent improvements in security and privacy compliance to enhance trust and user safety.

C

Cloud IAM

cloud-iam.com

71

Cloud IAM is a technology company specializing in managed identity and access management (IAM) solutions based on the open-source Keycloak platform. Founded in 2018 and based in France, the company offers a fully managed Keycloak SaaS and consulting services with a strong emphasis on security, reliability, and compliance, including ISO 27001 certification and a 99.95% SLA uptime guarantee. Their target audience includes developers and organizations seeking scalable, secure, and customizable IAM solutions without the complexity of self-hosting Keycloak. The website demonstrates a mature digital presence with professional design, clear navigation, and comprehensive content about their services and security posture. Technically, the site uses modern web technologies including Webflow CMS, HubSpot marketing and analytics tools, Matomo analytics, and Google reCAPTCHA for bot protection. The SSL configuration is good with TLS 1.3 support, though improvements such as enabling HSTS and DNSSEC could enhance security further. Privacy compliance is well addressed with a comprehensive privacy policy and strong email authentication records (SPF, DMARC). Overall, Cloud IAM presents a trustworthy and professional service with a solid security foundation and transparent business practices.

S

swissuniversities

swissuniversities.ch

63

swissuniversities.ch is the official website of swissuniversities, the umbrella organisation representing Swiss universities. It serves as a central platform to promote cooperation and coordination among Swiss higher education institutions, providing information on policies, scholarships, research, and international relations. The website targets academic institutions, students, researchers, and stakeholders in the Swiss education sector. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Klaro for cookie consent and Matomo for analytics. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a significant security concern. The site is well-structured with good navigation, accessibility, and SEO, but performance is slow with a page load time exceeding 6 seconds. Security posture is weak due to missing HTTPS and limited security headers, though SPF and DMARC records are properly configured. Privacy compliance is good with clear privacy and cookie policies. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration and performance optimization.

T

The PHP Foundation

thephp.foundation

55

The PHP Foundation is a non-profit collective dedicated to supporting, advancing, and developing the PHP programming language. It operates as a key steward of the PHP ecosystem by providing financial support and organizational guidance to PHP developers and contributors. The foundation is supported by a range of sponsors and members from the technology sector, positioning itself as an important entity within the open-source and developer community. The website reflects a professional and consistent branding approach with clear messaging targeted at PHP users and contributors. Technically, the site leverages modern frontend technologies such as Alpine.js and Highlight.js, and uses analytics tools like Matomo and Fathom to monitor user engagement. However, the site suffers from an invalid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. While email authentication protocols like SPF and DMARC are properly configured, the absence of a cookie policy and direct contact emails or phone numbers limits privacy compliance and user trust. Overall, the website is functional and informative but requires critical improvements in security and privacy compliance to enhance trust and professionalism.

A

Applied Behavioural Science Academy by Affective Advisory Ltd.

behavioralscience.academy

40

The Applied Behavioural Science Academy by Affective Advisory Ltd. is a specialized education provider offering a unique three-day executive program in applied behavioural science and behavioural economics. The program targets executives, policy makers, and project leaders seeking practical insights to drive sustainable change. The academy operates with a small, exclusive cohort model, emphasizing quality and networking in a prestigious Zurich location. Technically, the website is built on Squarespace, leveraging modern web technologies and Google services for analytics and security. While the site is well-designed and content-rich, performance is somewhat slow due to large page size and resource count. Security posture is good with strong TLS configurations but lacks some advanced headers like HSTS and DMARC. Privacy compliance is basic with a cookie banner and privacy policy present but no explicit GDPR certification. Overall, the site projects high professionalism and trustworthiness, with clear contact channels and social media presence.

A

Affective Advisory GmbH

affective-advisory.com

54

Affective Advisory GmbH is a specialized behavioural science consultancy based in Switzerland, founded in 2017. The company applies scientific insights from behavioural economics, psychology, and decision science to design strategy and policy solutions aimed at human behaviour change. Their clientele includes governments and private organizations globally, positioning them as a leading consultancy in their niche. The website is professionally designed using Squarespace CMS, featuring client testimonials and partner logos that enhance trust and credibility. However, the site suffers from a lack of a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols exposes the site to potential risks and undermines user trust. Privacy compliance is basic, with a cookie consent banner present but no comprehensive GDPR indicators or detailed privacy policies. Contact information is clearly provided, including email, phone, and physical addresses, supporting business credibility.

S

South Carolina Department of Health and Human Services

scdhhs.gov

63

The South Carolina Department of Health and Human Services (SCDHHS) operates the Healthy Connections Medicaid program, providing health coverage to eligible residents of South Carolina. The website serves as a comprehensive portal for Medicaid members, providers, and partners, offering detailed information on eligibility, provider enrollment, claims, communications, and legal notices. The site is well-branded and consistent with government standards, targeting a broad audience including Medicaid recipients and healthcare providers. Technically, the site is built on Drupal 10 and utilizes modern monitoring and analytics tools such as New Relic and Google Tag Manager. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers like SPF and DMARC are configured, but DNSSEC and CAA are missing, and no advanced TLS protocols are enabled. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and comply with best practices.

F

Fuerte Arts Movement

fuerte.org

39

Fuerte Arts Movement is a small non-profit organization focused on leveraging art and culture to drive collective action on social issues such as voting rights, housing justice, and environmental justice, with a focus on Arizona women of color and LGBTQ perspectives. The website serves as a community hub featuring advocacy campaigns, events, a zine library, and multimedia content. Technically, the site is built on WordPress with various plugins for event management and media display, but suffers from slow performance and lacks a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication records. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is content-rich and professionally designed but requires urgent improvements in security and privacy to protect users and build trust.

C

Connecticut Democratic Party

ctdems.org

59

The Connecticut Democratic Party website serves as the official online presence for the state-level Democratic Party organization. It focuses on voter engagement, volunteer recruitment, fundraising, and disseminating party information. The site targets Connecticut residents interested in Democratic politics and activism, providing resources such as voter registration links, event calendars, and donation portals. The party positions itself as a key political actor within the state, aiming to mobilize support and fight GOP extremism. Technically, the website is built on WordPress with a modern but somewhat heavy tech stack including jQuery, DataTables, and Google services. However, performance is slow with a large page size and long load times. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, and missing security headers, exposing users to potential risks. Privacy compliance is minimal with no cookie consent mechanism despite tracking scripts. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to protect users and enhance trust.

L

Los Angeles Walks

losangeleswalks.org

53

Los Angeles Walks is a small non-profit organization dedicated to promoting safe and walkable communities in Los Angeles. The organization focuses on community training, policy advocacy, and pedestrian safety initiatives, supported by donations and partnerships, notably with Community Partners as their fiscal sponsor. Their target audience includes local residents, families affected by traffic violence, and community advocates. Technically, the website is built on Webflow, uses Cloudflare CDN, and integrates Google Fonts and jQuery. The site is mobile optimized with good design and navigation but lacks advanced SEO and accessibility features. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

A

ActiveSGV

activesgv.org

53

ActiveSGV is a small non-profit organization dedicated to promoting sustainability, mobility, climate action, health, and wellness in the San Gabriel Valley region. The website serves as a community hub showcasing projects, events, and advocacy efforts, targeting local residents and stakeholders interested in environmental and social improvements. The organization positions itself as a regional leader in community-driven green infrastructure and transit initiatives. Technically, the website is built on Webflow, leveraging modern web fonts, Google Tag Manager for analytics, and a translation service for accessibility. However, the site suffers from a critical security misconfiguration with no valid SSL certificate despite using Cloudflare CDN and HSTS headers, which undermines user trust and security. Privacy compliance is basic, with a privacy policy and terms of service present but lacking cookie consent mechanisms and GDPR indicators. Social media integration is strong, enhancing community engagement. Overall, the site is professionally designed with good content quality but requires urgent security improvements to ensure safe user interactions.

P

PennyLane

pennylane.ai

50

PennyLane is an open-source Python framework focused on quantum machine learning, quantum chemistry, and quantum computing. It is designed by researchers for research, positioning itself as a leading tool in the quantum computing software space. The website reflects a professional and well-structured digital presence, leveraging modern web technologies such as React and Gatsby, hosted on Amazon S3 and delivered via CloudFront. The site integrates analytics and monitoring tools including Google Tag Manager, Hotjar, Sentry, and New Relic, indicating a mature approach to performance and user experience monitoring. However, the absence of a valid SSL certificate and HTTPS support is a significant security concern, exposing users to potential risks and undermining trust. Additionally, the lack of visible privacy and cookie policies, as well as contact information, suggests gaps in compliance and user support. Strategic improvements in security configuration and transparency would enhance the overall trustworthiness and compliance posture of the site.

C

Calls for Transfer

callsfortransfer.de

31

Calls for Transfer (C4T) is a specialized funding program based in Hamburg, Germany, designed to support innovative projects emerging from the city's state universities and scientific research institutions. The program offers up to 35,000 Euro in funding for a 12-month project period, aiming to facilitate the transfer of knowledge and technology from academia to practical applications. The website presents a professional and well-structured portal with clear navigation, targeting researchers and innovators in Hamburg. Technically, the site is built on WordPress with popular plugins such as Elementor and LayerSlider, but it suffers from critical security shortcomings including the absence of a valid SSL certificate and disabled TLS protocols, which significantly impact its security posture. Privacy compliance is well addressed with a cookie consent mechanism and links to privacy and terms of service hosted on the parent organization's domain. Overall, while the business and content aspects are strong, the lack of HTTPS and modern security configurations pose a significant risk that should be urgently addressed.

I

Inland Southern California Climate Collaborative

iscclimatecollaborative.org

38

The Inland Southern California Climate Collaborative (ISC3) is a regional, cross-sectoral network focused on advancing equitable climate resilience solutions in Inland Southern California. The organization facilitates collaboration among agencies, organizations, and institutions to address climate risks such as heat, drought, and wildfires. The website serves as an informational platform providing resources, membership information, and regional climate reports. Technically, the site is built on WordPress with common plugins and libraries but suffers from a lack of a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication DNS records. Privacy compliance is minimal, with no privacy or cookie policies detected. Business credibility is moderate, supported by university facilitation and government partnerships, but could be improved with more transparent policies and contact information. Overall, the site is functional and content-rich but requires significant security and privacy improvements to enhance trust and compliance.

P

Project Liberty

ourbiggestfight.com

54

OurBiggestFight.com is a professionally developed WordPress website dedicated to promoting the book 'OUR BIGGEST FIGHT: Reclaiming Liberty, Humanity, and Dignity in the Digital Age' authored by Frank H. McCourt, Jr. and Michael J. Casey. The site serves as a platform to advocate for a healthier internet and supports the Project Liberty initiative, a 501(c)(3) non-profit organization focused on responsible technology development and digital rights. The website features rich content including testimonials from notable figures, event listings, media coverage, and calls to action such as book purchases and newsletter signups. Technically, the site uses modern web technologies including WordPress Gutenberg blocks, Yoast SEO, Matomo analytics, and HubSpot forms, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DMARC records, exposing the site to potential risks. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism despite active tracking. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect users and enhance trust.

B

BCS Eventos

bcseventos.com.br

45

BCS Eventos is a Brazilian company specializing in intelligent solutions for events such as fairs, congresses, and shows. Established in 1997, it has served over 1,000 events and offers a comprehensive event management platform called SIGEVENT, alongside technical support and equipment rental services. The company targets event organizers and managers, positioning itself as an experienced and reliable provider in the event technology sector. Technically, the website is hosted on KingHost with an Apache server and uses modern JavaScript libraries and Google Fonts, but lacks HTTPS security and advanced security headers. The site is professionally designed with good content quality and navigation, though performance data is limited. Security posture is weak due to missing SSL certificate and security headers, posing risks to user data and trust. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is functional and professional but requires significant security improvements to enhance trust and compliance.

G

Gaia-X 4 Future Mobility

gaia-x4futuremobility.de

40

Gaia-X 4 Future Mobility is a collaborative project family focused on developing and implementing future mobility applications based on the Gaia-X initiative. It is funded by the German Federal Ministry for Economic Affairs and Climate Action and coordinated by the DLR Institute for AI Security. The initiative involves about 80 participants from industry and research, aiming to build an open, decentralized data and service ecosystem for mobility. The website provides detailed information about the six constituent projects, their goals, participants, and related initiatives. Technically, the site is built on the Webflow platform, uses Google Fonts and jQuery, and is hosted on a CDN. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security concern. Privacy and terms of service pages are present, but no cookie consent mechanism is detected. Overall, the site is professionally designed with good content relevance and navigation but requires urgent security improvements.

C

Climate Resolve

climateresolve.org

65

Climate Resolve is a medium-sized non-profit organization focused on advancing equitable climate solutions primarily in the Los Angeles area. The organization builds collaborations among communities, organizations, and policymakers to address climate change through local action. Their key services include initiatives such as Keeping Cool, transportation solutions, outreach, climate planning and technical assistance, nature-based solutions, climate science, wildfire mitigation, smart growth, and zero emissions transit. The website reflects a strong market position as a local climate advocacy leader with a clear mission and impactful community engagement. Technically, the website is built on WordPress using Elementor and Yoast SEO, hosted behind Cloudflare DNS, and integrates various marketing and analytics tools including Facebook Pixel and Klaviyo. While the site is well-designed and content-rich, performance is somewhat slow due to a high number of resources. Security posture is basic with valid SSL and SPF/DMARC records but lacks advanced DNS security features like DNSSEC and CAA records. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite tracking pixels. Overall, the site is professional and trustworthy but could improve in security and privacy practices.

E

ECIU University

eciu.org

63

ECIU University is an international alliance of 13-14 universities focused on innovative education, research, and collaboration to address real-life challenges. The website serves as a platform to engage learners, researchers, and collaborators with news, events, and program information. Technically, the site is built on Webflow with integrations including Google Fonts, Vimeo, Microsoft Forms, and analytics tools like Plausible and Microsoft Clarity. Hosting and CDN services are provided via Cloudflare. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the site's security posture. While security headers and HSTS are configured, the lack of proper TLS protocols and certificate transparency compliance are significant vulnerabilities. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service detected. Contact information is primarily via web forms and social media, with no direct emails or phone numbers published. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect users and enhance trust.

C

CyberForum Akademie

scaleup-leadership.de

40

The website scaleup-leadership.de represents the Scale-up Leadership program, a coaching and leadership development initiative targeted at startups transitioning to scale-ups, primarily in the technology sector in Germany. The program is organized by the CyberForum Akademie and funded by the L-Bank, positioning itself as a key player in European high-tech entrepreneurial networks. The site provides detailed program information, testimonials, and contact options including an external Microsoft Forms application form. Technically, the site is built on Squarespace CMS with standard fonts and assets, but critically lacks HTTPS support, exposing users to security risks. Privacy compliance is addressed with a cookie banner and a privacy policy in German, but no terms of service or explicit security policies are found. Overall, the site offers good content quality and user experience but suffers from a poor security posture due to missing SSL and security headers.

Aerolux is a small Brazilian business specializing in road signaling products for the Brazilian market. The website is currently a 'Coming soon' placeholder with minimal content, indicating the business is either new or preparing for a launch. The site targets businesses or entities needing road signaling solutions in Brazil. Technically, the site is built using Hostinger Website Builder and the Astro framework, hosted on Hostinger's GCP infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but key security features like TLS protocols and OCSP stapling are missing. Privacy and cookie policies are absent, and no incident response or vulnerability disclosure information is provided. Overall, the site demonstrates basic digital maturity but requires significant improvements in security and compliance to build trust and protect user data.

H

Hospital Geral de Caxias do Sul

hgcs.com.br

46

Hospital Geral de Caxias do Sul is a large healthcare institution in Brazil providing a comprehensive range of medical services including oncology, radiotherapy, intensive care, and specialized treatments. The hospital is a regional reference in high complexity care and is accredited by the ONA, reflecting its commitment to quality and safety. The website serves patients, healthcare professionals, and the local community, also offering educational programs such as medical residency and permanent education. Technically, the site uses a modern tech stack including Apache server, Laravel framework, and various JavaScript libraries for UI and analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are minimal, and no privacy or cookie policies are found, indicating compliance gaps. The site includes multiple contact phone numbers, a physical address, and social media links, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

S

Sof.IA

sofia.vc

40

Sof.IA is a Brazilian technology company offering an AI-powered personal assistant accessible via WhatsApp. The service integrates multiple AI platforms such as ChatGPT, OpenAI, Google, and Microsoft to provide features including image generation, translations, mathematical solutions, and audio-based Q&A. The business model is credit-based with free trial credits and paid packages, targeting smartphone users seeking practical AI assistance. Technically, the website is built on WordPress with Elementor and related plugins, hosted on AWS infrastructure. However, the site suffers from slow performance and lacks a valid SSL certificate, exposing users to security risks. Security posture is weak with no HTTPS, no security headers, and missing DNS security records. Privacy compliance is poor, with no privacy or cookie policies despite collecting user data via forms. Contact information is available via email and contact forms, but no formal security or incident response policies are found. Overall, the site is functional but requires significant improvements in security and privacy to enhance trust and compliance.

4

4ED

4ed.com.br

64

4ED is a Brazilian design school offering a wide range of online and in-person courses across various design disciplines including graphic, interior, fashion, product, and more. Established in 2011 and based in Porto Alegre, it serves students, professionals, and corporate clients with a comprehensive educational model. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding. Technically, the site is built on WordPress with Elementor and WooCommerce, leveraging multiple plugins and integrations for e-commerce and marketing. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which are critical for protecting user data and ensuring trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but should prioritize upgrading its SSL/TLS configuration to enhance security and user confidence.

S

SAE University College

sae.edu.au

48

SAE University College is a leading higher education provider specializing in creative media and technology courses across Australia and internationally. It offers a wide range of industry-led programs in Animation, Audio, Design, Film, Games, Music, and related fields. The institution is part of the Navitas Group and holds important accreditations such as TEQSA and CRICOS, positioning it as a reputable player in the education sector. Technically, the website is built on WordPress with modern technologies and integrates multiple marketing and analytics tools, reflecting a mature digital presence. Security-wise, the site supports modern TLS protocols and has some best practices in place but is vulnerable to subdomain takeover and lacks HSTS enforcement, indicating areas for improvement. Overall, SAE University College maintains a professional and trustworthy online presence with comprehensive content and good user experience, though it should enhance its security posture and privacy compliance mechanisms.

G

Geomatex Integrated Solutions

geomatex.com

57

Geomatex Integrated Solutions is a specialized geo-intelligence system integrator based in Egypt, focusing on reality modelling applications that serve CAD, GIS, BIM, and Digital Twin technologies. The company positions itself as a regional leader with a highly experienced team offering key services such as As-Built Documentation, Ground Penetrating Radar, Drone Services, and 3D laser scanning. Their target audience includes clients across various sectors requiring advanced geo-intelligence solutions. Technically, the website employs common web technologies like jQuery and Bootstrap but suffers from slow performance and lacks modern security configurations. The SSL certificate is invalid, and no advanced security headers or DNS protections are in place, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanisms detected and only a basic privacy policy present. Overall, the business demonstrates moderate digital maturity but requires significant improvements in security and privacy to enhance trust and compliance.

4

4ED

4ed.cc

62

4ED is a Brazilian design school offering a broad range of online and in-person courses across multiple design disciplines including graphic, UX/UI, marketing, architecture, and product design. Established in 2011 and based in Porto Alegre, it serves students, professionals, and corporate clients with a comprehensive educational portfolio. The website demonstrates a mature digital presence with extensive use of WordPress, WooCommerce, and Elementor, complemented by advanced marketing and analytics tools such as Google Analytics, Facebook Pixel, and Bing UET. However, the absence of a valid SSL certificate on the main domain represents a significant security risk that could undermine user trust and data protection efforts. While privacy and cookie policies are well implemented and GDPR compliant, there is no explicit security or incident response policy publicly available. Overall, 4ED maintains a strong market position in design education in Brazil but should prioritize improving its security posture to safeguard its digital assets and user data.

C

CNI - Confederação Nacional da Indústria

sistemaindustria.com.br

56

The website sistemaindustria.com.br serves as the official portal for the CNI - Confederação Nacional da Indústria, the primary representative body for the Brazilian industrial sector. It provides comprehensive information, news, publications, and services related to industry advocacy, education, innovation, and statistics. The portal targets industry stakeholders, policymakers, and the general public interested in Brazil's manufacturing and industrial landscape. The business model is non-profit and focused on promoting industrial growth and competitiveness in Brazil. The site maintains a strong market position as the leading industry confederation in the country, supported by a large organizational size and extensive content offerings.

B

BuiltByGo LTD

builtbygo.com

65

BuiltByGo LTD is a small technology company based in England specializing in digital transformation services. Their core offerings include managed infrastructure and bespoke development services aimed at empowering businesses to thrive in a rapidly evolving digital landscape. The company positions itself as a trusted partner for businesses seeking tailored technology solutions. Technically, the website is built on WordPress using Oxygen Builder and leverages modern web technologies such as jQuery and LiteSpeed Cache. Hosting and DNS services are provided via Cloudflare, enhancing performance and security. The website demonstrates good design quality, mobile optimization, and SEO practices, though some accessibility features are basic. From a security perspective, the site has a valid SSL certificate but lacks important security headers, HSTS, and DMARC policies, which are critical for enhancing security posture and email protection. No explicit privacy, cookie, or terms of service policies were found, indicating potential compliance gaps. Overall, the security score is moderate with recommendations to improve HTTPS security, email authentication, and publish formal security and privacy policies.

R

Retarus GmbH

retarus.com

62

Retarus GmbH is a leading enterprise cloud services provider specializing in secure and efficient digital communication solutions including email, fax, SMS, and EDI. Positioned as a top player in the secure email market and certified under ISO 27001 and HITRUST, Retarus serves a global enterprise clientele with a comprehensive portfolio of cloud-based messaging platforms. Their services emphasize compliance, reliability, and integration with major business ecosystems such as SAP and Microsoft 365. Technically, the website is built on WordPress with modern frameworks and libraries, hosted on Amazon AWS infrastructure, and employs strong security practices including TLS 1.3, OCSP stapling, and SPF/DMARC email authentication. However, there is room for improvement in DNS security and HTTP security headers. The company demonstrates a mature security posture with certifications and a GDPR-compliant cookie consent mechanism, though incident response contact details are not publicly disclosed. Overall, Retarus presents a professional, trustworthy, and technically sound digital presence aligned with enterprise-grade security and compliance standards.

E

Edgar Ambient Media Group

edgarartscreen.de

51

Edgar Ambient Media Group operates the Edgar Art Screen, a digital communication channel targeting the gastronomy sector in Germany. The service provides free 42" LED screens to bars, bistros, cafes, and restaurants, allowing them to display their own content such as menus and events. The business model is supported by advertising and cultural content, positioning the company as a media provider within the hospitality industry. The website is professionally designed with consistent branding and good content quality, targeting primarily German-speaking users. Technically, the site uses modern web technologies including Webflow CMS, Google Tag Manager, and cloud hosting on AWS. However, the site performance is somewhat slow due to large page size and resource count. Security posture is basic with TLS 1.3 support and no critical vulnerabilities detected, but lacks advanced features like HSTS, DNSSEC, DMARC, and OCSP stapling. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Overall, the company demonstrates a solid digital presence with room for security and performance improvements.

P

Profihost GmbH

profihost-status.com

63

Profihost GmbH operates a status page providing real-time and historical operational information for its cloud and hosting services. The company targets its customers and subscribers who require transparency on service availability. The website leverages the Hund.io platform for status management and is hosted by Dogado GmbH. The technical infrastructure includes standard web fonts, cookie consent mechanisms, and Google Analytics for tracking. However, the website lacks a valid SSL certificate and modern TLS support, which poses security risks. Privacy policies and terms of service are linked but hosted externally, with GDPR compliance noted but not fully ensured. Overall, the site demonstrates moderate digital maturity but requires significant security improvements.

A

Associação Brasileira de Internet das Coisas

abinc.org.br

47

Associação Brasileira de Internet das Coisas (ABINC) is a Brazilian technology association focused on the Internet of Things (IoT) sector. It provides membership services including access to digital materials, event participation, brand exposure, and committee involvement. The organization targets IoT industry stakeholders and professionals primarily in Brazil. The website is built on WordPress with Elementor and integrates event calendars and cookie consent mechanisms, reflecting a moderate level of digital maturity. However, the site suffers from critical security weaknesses, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes visitors to security risks. While cookie consent is implemented, no explicit privacy or security policies are published, indicating compliance gaps. Overall, ABINC maintains a good content quality and user experience but requires urgent improvements in security posture to protect its users and enhance trust.

J

Johann Oberauer GmbH

medien-camp.com

48

Medien Camp is a well-established event platform focused on careers in the media industry, primarily targeting young talents and aspiring media professionals. The company operates under Johann Oberauer GmbH and organizes sessions, workshops, AMAs, career forums, and media tours to connect attendees with media professionals and provide insights into media careers. The website demonstrates strong SEO and content quality, supported by a professional design and consistent branding. Technically, the site is built on WordPress with modern performance optimizations but has room for improvement in security configurations such as DNSSEC, HSTS, and DMARC. The security posture is moderate with no critical vulnerabilities detected but lacks explicit security policies or incident response information. Overall, the site is trustworthy and professionally managed, with good privacy and cookie compliance.

F

Finch Capital

finchcapital.com

63

Finch Capital is a European growth investor specializing in Business and Financial Technology sectors, supporting entrepreneurs with capital and strategic guidance to scale their businesses. The firm manages €450 million in assets and has a portfolio of over 45 companies. Their services include growth capital investment, active portfolio management, and support in areas such as hiring, M&A, go-to-market strategies, capital raising, regulation, and international expansion. Technically, the website is built on modern frameworks like React and Next.js, hosted on DigitalOcean, but suffers from an invalid SSL certificate and lacks several security headers, indicating room for improvement in security posture. The firm uses Google Tag Manager for analytics and tracking, but lacks a visible cookie consent mechanism. Overall, Finch Capital presents a professional and trustworthy image with strong domain expertise and a commitment to sustainable investment.

D

Dealavo Sp. z o.o.

dealavo.com

70

Dealavo Sp. z o.o. is a Poland-based company specializing in price monitoring and dynamic pricing software for brands and e-commerce stores. The company serves over 30 markets and thousands of online shops, providing tools for price tracking, promotion monitoring, and pricing optimization. Their platform integrates with popular e-commerce and sales platforms such as Amazon, Google Shopping, and eBay, targeting brands and retailers seeking to optimize pricing strategies and increase profitability. The website is well-branded, multilingual, and contains rich content including client testimonials and blog articles, indicating a mature digital presence. Technically, the website is built on WordPress with Yoast SEO and uses various marketing and analytics tools including HubSpot, Google Tag Manager, Microsoft Clarity, and LinkedIn Insight Tag. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which severely impacts security and user trust. The site has a strict DMARC policy and SPF records configured, indicating good email security practices. Performance is slow with a large page size and long load times, suggesting optimization opportunities. Security posture is moderate with good email security but poor HTTPS implementation and lack of advanced security headers or DNSSEC. No explicit security policy or incident response information is found. Privacy policy is present and GDPR compliant, but no cookie consent mechanism is detected despite tracking scripts. Overall, the site is professional and trustworthy but requires urgent security improvements. Recommendations include immediate SSL certificate installation and configuration, enabling HSTS and DNSSEC, implementing a cookie consent mechanism, and publishing security and vulnerability disclosure policies to enhance trust and compliance.

S

S B SERVICOS DIGITAIS LTDA

2i9.com.br

59

2i9 negócios digitais is a Brazilian digital agency specializing in the development and maintenance of news portals, websites, hotsites, and digital branding services. With over 12 years of market presence, the company positions itself as an innovative and multidisciplinary agency focused on delivering tailored digital solutions to its clients. Their key services include web development, digital media planning, email marketing, and server infrastructure, targeting businesses seeking to enhance their digital footprint. The company maintains a moderate market position supported by client testimonials, awards, and certifications such as D4Sign. Technically, the website leverages a mix of established web technologies including jQuery, Bootstrap, Google Fonts, and integrates Google reCAPTCHA v3 for spam protection. Hosting and DNS services are provided via Cloudflare, enhancing performance and security at the network level. However, the website suffers from a critical security flaw due to an invalid SSL certificate and lack of modern TLS protocol support, which undermines secure communications. Performance is suboptimal with a slow page load time and a large page size, indicating potential for optimization. From a security perspective, while some best practices like reCAPTCHA and Cloudflare usage are in place, the absence of valid SSL, security headers, DNSSEC, and HSTS significantly lowers the security posture. There is no visible security policy or incident response information, and no data protection officer contact is provided, which may impact compliance with data protection regulations. Privacy and terms of service documents exist but appear basic in scope. Overall, 2i9 negócios digitais demonstrates a solid business foundation and digital maturity but requires urgent improvements in security infrastructure and compliance transparency to reduce risk and enhance trustworthiness. Strategic investments in SSL certification, security headers, and performance optimization are recommended to align with industry best practices and regulatory expectations.

V

Varejo Brasil

revistavarejobrasil.com.br

51

Varejo Brasil is a Brazilian digital media portal specializing in retail business news, events, and market insights. It serves retail professionals and business stakeholders with news articles, event calendars, and business information primarily focused on the Brazilian retail sector. The website is powered by WordPress and uses various plugins to manage events and user login functionalities. It is hosted behind Cloudflare, providing DNS and CDN services, and employs Google Tag Manager for analytics and tracking. The site has a valid SSL certificate but lacks advanced security headers and DNS email authentication records. No explicit privacy, cookie, or terms of service policies were found, indicating potential compliance gaps. Contact information is limited to a login form with no public emails or phone numbers. The website's performance is slow due to a large page size and many resources, but it offers good mobile optimization and SEO practices. Structured data for events and website search is implemented, enhancing search engine visibility.

K

KM Business Information US, Inc

keymedia.com

57

Key Media is a globally recognized B2B media company specializing in niche publishing, events, and digital content delivery across multiple sectors including mortgage, insurance, HR, and wealth management. With a medium-sized workforce and offices worldwide, it maintains a strong market position supported by numerous industry awards and a large global audience. The website infrastructure is built on Joomla CMS with standard web technologies and is hosted behind Cloudflare, ensuring basic performance and security. However, the site exhibits slow load times and lacks advanced mobile optimization and accessibility features. Security posture is moderate with valid SSL, SPF, and DMARC configurations but lacks HSTS, DNSSEC, and CAA records, which are recommended for enhanced protection. No explicit security or incident response policies are publicly available, and cookie consent mechanisms are absent, indicating potential compliance gaps. Overall, the site is professional and trustworthy but could benefit from technical and security enhancements to improve resilience and user trust.

P

Pagali

pagali.com.br

60

Pagali is a Brazilian payment processing solution focused on serving online stores, particularly those using the Loja Integrada and VTEX e-commerce platforms. It offers integrated payment methods including credit card, Pix, and boleto, with a seamless checkout experience designed to increase conversion rates. The company positions itself as a practical and secure payment partner for small to large e-commerce businesses in Brazil. Technically, the website is built on modern web technologies such as Next.js and React, hosted on AWS infrastructure, but suffers from critical SSL/TLS misconfigurations that undermine secure communications. Security posture is weak due to lack of valid certificates, missing security headers, and minimal email protection policies. Business trust is supported by PCI DSS certification and customer testimonials, but the absence of cookie consent and incomplete security policies indicate room for improvement.

L

Locaweb Serviços de Internet S/A

deliverydireto.com.br

58

Delivery Direto is a Brazilian technology company providing a comprehensive delivery platform tailored for restaurants and food delivery businesses. Positioned as a market leader with over 5000 clients, it offers services including virtual attendants, digital menus, order management, and marketing automation tools. The company operates under the umbrella of Locaweb Serviços de Internet S/A, a major Brazilian hosting provider, enhancing its market credibility and infrastructure support. The website demonstrates strong marketing integration with major platforms such as Google, Facebook, and TikTok, supporting extensive user tracking and advertising capabilities. However, the site lacks a valid SSL certificate and modern security configurations, which poses risks to data security and user trust. Privacy policies are present but basic, and no explicit cookie consent mechanism or incident response policies are found, indicating room for compliance improvements.