Security Directory

A

Are you human? | Norwegian

norwegian.com

30

The norwegian.com website is currently inaccessible to general users due to a Cloudflare Web Application Firewall (WAF) security challenge page that requires human verification. This prevents access to the actual website content, resulting in minimal visible information. The domain is registered and uses Cloudflare for DNS and protection, with Microsoft Outlook handling email services. However, the SSL certificate is invalid or missing, and no HTTPS is enabled, which is a critical security flaw. No privacy, cookie, or terms of service policies are found on the challenge page, nor is any contact or business information exposed. The technical infrastructure relies on Cloudflare's security and CDN services, but the lack of valid SSL and the blocking challenge significantly reduce the website's accessibility and trustworthiness.

C

Coleago Consulting

coleago.com

38

Coleago Consulting is a specialized telecommunications consulting and training firm offering expert services primarily to operators, regulators, digital service providers, and investors in the telecom sector. The company emphasizes experience-based consulting with partner-level consultants having over 20 years of industry experience. Their service portfolio includes spectrum valuation, auction strategy, regulatory advice, business planning, transaction services, and professional training. The website presents a professional and content-rich experience with clear navigation and strong branding consistency. Technically, the site is built on WordPress and uses Cloudflare for hosting and CDN services, with Google Analytics integrated for visitor tracking. However, the website lacks a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Cookie consent mechanisms are implemented and GDPR compliant, but no terms of service or explicit security policies are found. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

The website at cbre.at is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page, which prevents direct access to any meaningful content. This limits the ability to analyze the business, technical infrastructure, and security posture in detail. The domain is registered and active with consistent DNS records but lacks DNSSEC and CAA records. The SSL/TLS configuration is critically lacking, with no valid certificate and no HTTPS support, which poses a significant security risk. Security headers are present but cannot compensate for the absence of HTTPS. No privacy, cookie, or terms of service policies are detectable, nor is any contact or business information available. Overall, the site appears to be protected by Cloudflare but is not currently serving accessible content, resulting in a low trust and quality score.

J

John Cabot University

johncabot.edu

40

John Cabot University is an established American liberal arts university located in Rome, Italy, offering undergraduate and graduate degree programs along with study abroad opportunities. The website effectively targets prospective students, alumni, and academic professionals with comprehensive academic information, events, and community engagement content. The university maintains a consistent brand presence and trust indicators such as accreditation and testimonials. Technically, the site is built on ASP.NET with modern front-end libraries like jQuery and Bootstrap, hosted behind Cloudflare, and uses OmniUpdate CMS. However, performance metrics are missing, and the site lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. The site integrates marketing and analytics tools such as Google Analytics and HubSpot forms, indicating a mature digital marketing approach. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

V

VICE

vice-shop.com

40

VICE operates a global media brand with an associated e-commerce platform selling branded merchandise. The website is built on Shopify and integrates multiple media content categories including video, TV, news, culture, and music. The site targets a broad audience interested in contemporary media and lifestyle products. Technically, the site uses modern frameworks and is hosted via Cloudflare with Shopify's infrastructure, but critically lacks a valid SSL certificate, impacting security and user trust. Security headers are well implemented, but the absence of HTTPS is a major vulnerability. Privacy compliance is minimal with no visible cookie consent mechanisms, which may expose the business to regulatory risks. Overall, the site is professionally designed with good navigation and consistent branding, but improvements in security and privacy compliance are necessary.

M

MobileIron

mobileiron.com

40

MobileIron is an enterprise technology company specializing in mobile-centric zero trust security and unified endpoint management (UEM) solutions. Founded in 2007 and acquired by Ivanti in 2020, MobileIron offers a suite of products including mobile device management, zero sign-on, mobile threat defense, and secure connectivity. The website reflects a professional and consistent brand presence with internationalization support and integration into Ivanti's ecosystem. Technically, the site uses ASP.NET, Cloudflare CDN, and modern analytics tools such as Microsoft Application Insights and Google Tag Manager, with cookie consent managed by OneTrust. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is partially addressed through cookie consent but lacks an explicit privacy policy and terms of service. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security to align with enterprise standards.

The website interspar.at currently presents a Cloudflare security challenge page that blocks access to its actual content, preventing a full analysis of business and compliance information. The domain is registered and DNS records indicate legitimate infrastructure consistent with the Spar brand in Austria. However, the SSL certificate is invalid or missing, resulting in no HTTPS support, which is a critical security issue. The site uses Cloudflare as a WAF and CDN provider, but the challenge page limits content accessibility. No privacy, cookie, or terms of service policies are detectable, nor are any contact details or business descriptions available on the landing page. Overall, the site’s security posture is weak due to missing SSL and limited content exposure, and the business credibility cannot be fully assessed due to lack of accessible information.

G

GBA

gbateam.com

40

GBA is a well-established Architectural, Engineering, and Construction (AEC) firm providing comprehensive services across multiple sectors including transportation, industrial, life sciences, and municipal markets. The company operates a professional website with strong branding, detailed service offerings, and a robust portfolio showcasing their expertise. Their digital presence is supported by WordPress CMS hosted on WP Engine with Cloudflare CDN, leveraging modern JavaScript libraries and SEO tools to enhance visibility. However, the website lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security vulnerability. Additionally, no cookie consent mechanism or explicit security policies are published, indicating gaps in privacy compliance and security posture. The WHOIS data and DNS records confirm the legitimacy and consistency of the domain registration with the business claims. Overall, while the business and content quality are excellent, the security deficiencies significantly impact the website's trustworthiness and compliance.

W

WALTER LEASING GmbH

walter-leasing.com

40

WALTER LEASING GmbH is an established Austrian company specializing in leasing and hire purchase of trucks and trailers. With a mature domain age of 25 years and a consistent brand presence, the company targets businesses and individuals seeking transportation leasing solutions. The website offers multilingual support and uses modern web technologies such as Vue.js and Google Tag Manager, indicating a moderate level of digital maturity. However, the absence of a valid SSL/TLS certificate is a critical security gap that undermines user trust and data protection. The site employs a strong Content Security Policy and cookie consent management via OneTrust, reflecting good privacy compliance practices. Overall, while the business and technical foundations are solid, urgent improvements in security infrastructure are needed to enhance trust and compliance.

Roland Berger is a well-established global management consultancy with a significant presence in Brazil through its São Paulo office, founded in 1976. The company offers a broad range of consulting services across multiple industries, focusing on corporate performance, digital transformation, and sustainability. The website reflects a professional and consistent brand image targeting business clients seeking expert advisory services. Technically, the site uses modern web technologies including AngularJS, Usercentrics for consent management, Google Tag Manager, and Matomo analytics, hosted behind Cloudflare. However, the security posture is weakened by the lack of a valid SSL certificate and absence of HTTPS enforcement, which is a critical issue for trust and compliance. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is content-rich and professionally maintained but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

The website energy.at is currently inaccessible beyond a Cloudflare security challenge page, which blocks direct content access. This prevents a full assessment of the business, its services, or its digital presence. The site lacks a valid SSL/TLS certificate, serving content only over HTTP, which is a critical security deficiency. No privacy, cookie, or terms of service policies are present, and no contact information or business details are visible. The technical infrastructure relies on Cloudflare for protection, but the challenge page limits user access and analysis. Overall, the site exhibits poor content quality, minimal technical implementation, and a weak security posture. The lack of HTTPS and visible business information significantly reduces trust and credibility.

Veolia Australia and New Zealand operates as a leading provider of sustainable environmental solutions focusing on water, energy, and waste management. The company leverages global expertise and innovative technologies to support ecological transformation and sustainability goals for businesses and communities in the region. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional branding consistent with a large enterprise. Technically, the site is built on Drupal 10 and uses modern web technologies and Cloudflare CDN for delivery. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. Privacy compliance is well addressed with accessible privacy and cookie policies and consent mechanisms. Contact is primarily facilitated through webforms and social media channels, with no explicit company emails or phone numbers publicly listed. WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the site is professional and content-rich but requires urgent security improvements to meet best practices.

The website cajamadrid.com is currently inaccessible beyond a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful content or business information. The domain lacks DNS records and does not have a valid SSL/TLS certificate configured, resulting in no HTTPS support. The visible content is minimal and only displays a generic Cloudflare challenge page with no metadata, forms, or contact details. Consequently, the website's technical infrastructure is immature, and its digital maturity is low. Security posture is weak due to missing HTTPS and incomplete SSL configuration, despite some security headers being present. Overall, the site presents a high risk due to lack of accessible content, no privacy or cookie policies, and no verifiable business credibility. Strategic recommendations include obtaining a valid SSL certificate, configuring DNS properly, and removing or properly configuring the WAF challenge to allow legitimate user access.

The website eurocajarural.es is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, which prevents access to any meaningful content or business information. The visible page is a Cloudflare security challenge indicating that the visitor has been blocked due to triggered security rules. This severely limits the ability to analyze the website's content, business model, or compliance posture. The domain is registered but lacks DNS records and has an invalid SSL certificate, which are critical security and operational issues. The technical infrastructure relies on Cloudflare for security and hosting, but the absence of a valid SSL certificate and modern TLS protocols significantly weakens the security posture. No privacy, cookie, or terms of service policies are detectable, and no contact information or business details are available from the accessible content. Overall, the website's current state reflects poor accessibility, security, and compliance readiness, with a high risk of user trust erosion and operational disruption.

Royal TenCate is a large multinational manufacturing group specializing in technical textiles and composite materials. The company operates through five independent subsidiaries, each focusing on niche markets such as protective fabrics, sports surfaces, outdoor textiles, survivability solutions, and advanced composites. The website serves as a portal directing visitors to these subsidiaries' individual sites. Technically, the website is built on the HubSpot CMS platform and hosted behind Cloudflare, but it lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. The site has basic SEO and accessibility features but lacks privacy and cookie policies, contact information, and security best practices such as vulnerability disclosure mechanisms. Overall, the security posture is weak due to missing HTTPS and modern TLS protocols, which significantly impacts trust and compliance. Strategic improvements in SSL deployment, privacy compliance, and security policies are recommended to enhance the website's credibility and user trust.

The website comvexx.com is currently inaccessible beyond a Cloudflare Web Application Firewall (WAF) challenge page that requires JavaScript and cookies to proceed. This effectively blocks access to any substantive content, business information, or user interaction elements. The domain is properly configured with Cloudflare DNS and Microsoft Outlook for email services, but the absence of a valid SSL certificate and HTTPS support is a critical security deficiency. The site lacks visible privacy, cookie, or terms of service policies, and no contact or business details are presented on the landing page. Overall, the digital maturity of the site is low due to the lack of accessible content and security best practices implementation.

G

Generasitogel

qpsneuro.com

35

The website presents itself as an online slot gaming platform targeting Indonesian users with QRIS payment options and low minimum deposits. It is built on the Squarespace platform and hosted behind Cloudflare. However, the site lacks a valid SSL certificate, exposing users to security risks. There are no privacy or cookie policies, and contact information is minimal, limited to a single email address found in a script, which appears to be a user account email rather than official contact. The site content is promotional but basic, with limited trust indicators and no social media presence. Performance data is missing, and the site shows poor privacy compliance and security posture. Overall, the site appears functional but lacks critical security and compliance features, reducing its trustworthiness and professionalism.

P

Peschke

peschkedesign.at

31

Peschke Design GmbH is a well-established design agency based in Vienna, Austria, specializing in product design, UX/UI, app development, 3D visualization, and industrial design. With over 50 years of experience and a strong portfolio of reputable clients such as Carl Zeiss AG, ENGEL AUSTRIA GmbH, and Austrian Airlines, the company positions itself as a trusted partner for digital transformation and innovative design solutions. Their business model focuses on delivering comprehensive design and development services tailored to client needs, supported by a professional and content-rich website that targets businesses seeking high-quality design expertise. Technically, the website is built on WordPress, hosted on WP Engine, and uses Cloudflare as a CDN and proxy. It employs modern web technologies including React, jQuery, and Swiper.js, and supports multilingual content via WPML. SEO and accessibility are well addressed with Yoast SEO and adherence to WCAG guidelines. However, performance metrics are not available, though mobile optimization and navigation clarity are good. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. No TLS protocols are enabled, and security headers are minimal. While cookies are set with secure and HttpOnly flags, the absence of HTTPS exposes users to potential interception risks. Privacy compliance is strong with GDPR-aligned policies and a cookie consent mechanism. No explicit security or incident response policies are published. Overall, the website demonstrates high professionalism and business credibility but suffers from a critical security misconfiguration regarding SSL/TLS. Addressing this would significantly improve the security posture and trustworthiness of the site.

T

Tiki Surf

twoseasons.co.uk

37

Tiki Surf operates an e-commerce platform specializing in skate, surf, and snow sports products, including clothing, accessories, and equipment. The website is built on the Shopify platform, leveraging multiple third-party marketing and analytics tools such as Google Analytics, Klaviyo, and Trustpilot to enhance customer engagement and trust. The business targets enthusiasts in the UK market, offering a broad product range with a professional and consistent brand presentation. Technically, the site uses modern web technologies and is hosted via Cloudflare and Google Cloud Platform, ensuring scalability and reliability. However, the absence of a valid SSL certificate is a significant security concern that undermines user trust and data protection. Privacy and cookie policies are well implemented, reflecting GDPR compliance. Overall, the site demonstrates a solid e-commerce presence but requires urgent remediation of its SSL configuration to improve security posture.

Cegeka is a well-established European IT company specializing in end-to-end IT solutions, consulting, and digital transformation services. The company targets enterprise clients across multiple sectors including technology, energy, finance, telecommunications, manufacturing, and government. Their website reflects a mature digital presence with comprehensive content, professional design, and clear navigation. Technically, the site is built on HubSpot CMS, leveraging modern web technologies such as Lit and custom web components, and is hosted behind Cloudflare. However, the SSL certificate is invalid or missing, which significantly impacts the security posture. Security headers are well implemented but cannot fully compensate for the lack of proper HTTPS. Privacy and cookie policies are present and GDPR compliant, though no explicit security or incident response policies are found. Overall, the website demonstrates strong business credibility and marketing sophistication but requires urgent SSL remediation to improve security and trust.

E

Evora Global Limited

evoraglobal.com

40

Evora Global Limited is a UK-based company specializing in sustainability consulting, managed services, and software solutions for real asset investors, owners, and operators. The company holds a strong market position, partnering with many of the world's leading investors and managing a substantial portfolio of assets. Their website is professionally designed, content-rich, and well-branded, targeting stakeholders interested in ESG and climate resilience. Technically, the site is built on WordPress with Gravity Forms and uses Cloudflare for hosting and CDN services. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support. Security headers are partially implemented, but improvements are needed, including enabling HSTS and OCSP stapling. Privacy compliance is moderate, with a comprehensive privacy policy but no visible cookie consent mechanism. Contact information is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, the website demonstrates a mature digital presence but requires urgent security enhancements to protect user data and improve trust.

Zeuxis & Parrhasius is a small retail e-commerce business specializing in handcrafted luxury wallpapers based in Vienna, Austria. The website is built on the Shopify platform, leveraging modern web technologies and optimized for mobile devices. The business targets customers seeking premium wallcoverings with worldwide shipping options. While the site demonstrates good design quality, clear navigation, and professional content, it lacks a valid SSL certificate, which significantly impacts its security posture. The presence of multiple payment options and partner affiliations adds trust signals, but the absence of a visible privacy policy and direct contact emails limits privacy compliance and user trust. Overall, the site is functional and professional but requires critical security improvements to enhance user safety and compliance.

Q

QimiQ Handels GmbH

qimiq.com

39

QimiQ Handels GmbH operates a well-established retail website focused on food products and cooking ingredients, targeting both consumers and professional chefs. The company offers a range of products such as QimiQ Classic, Sahne-Basis, Whip, Vegan, and Tiramisu, complemented by recipe content, professional workshops, and a newsletter. The website is multilingual and professionally designed, reflecting a consistent brand presence and active engagement through social media and marketing tools. Technically, the site is built on WordPress with modern plugins and frameworks, leveraging Cloudflare for CDN and caching. However, a critical security gap exists due to the absence of HTTPS/SSL, exposing users to potential risks. Privacy compliance is strong, with comprehensive policies and consent mechanisms in place. Overall, the site demonstrates good business credibility and user experience but requires urgent security improvements.

ARIAN is a medium-sized company specializing in premium full-service point-of-sale (POS) management and visual marketing solutions for retail and brands. The company offers comprehensive services including concept development, implementation, and innovation in marketing communication, targeting retailers and brand owners globally. The website is professionally designed using WordPress with strong SEO practices and structured data, supported by Cloudflare CDN for performance and security. However, the site lacks a valid SSL certificate, which is a critical security vulnerability, and does not provide visible contact information or cookie consent mechanisms on the homepage. These issues reduce the overall security posture and privacy compliance of the website. The domain registration data is consistent with the business claims, indicating legitimacy and trustworthiness.

Newlogic Pte Ltd is a Singapore-headquartered software consultancy firm with a strong regional presence across Southeast Asia. The company specializes in delivering innovative software solutions in areas such as digital identity and biometrics, data collection and analytics, cash transfer and payment systems, and ERP implementation. Their client base includes leading companies, organizations, and governments, positioning them as a key player in the regional technology consultancy market. The website reflects a professional and consistent brand image with clear descriptions of services and leadership team details. Technically, the website employs a modern tech stack including Bootstrap 4.3.1, jQuery, Popper.js, and Google Fonts, hosted behind Cloudflare. However, performance metrics are lacking, and the site suffers from the absence of a valid SSL certificate, which critically impacts security and user trust. The site is mobile-optimized with good navigation and SEO practices but lacks accessibility features and cookie consent mechanisms. From a security perspective, the site has several HTTP security headers configured, but the lack of HTTPS and TLS support is a major vulnerability. No incident response or security policies are published, and no vulnerability disclosure or data protection officer information is available. The presence of social media links and contact information supports business credibility, but the security posture requires urgent improvement. Overall, the website is functional and professional but has critical security shortcomings that reduce its trustworthiness and compliance. Strategic improvements in SSL deployment, privacy compliance, and security policy transparency are recommended to enhance the company's digital maturity and risk posture.

The website at sumida.com is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful business content, metadata, or contact information. The site lacks a valid SSL certificate, which is critical for secure communications, despite having some security headers configured. The technical infrastructure relies on Cloudflare services, but no CMS or additional frameworks are detectable. Due to the blocked content, no privacy, cookie, or terms of service policies are found, and no contact or security incident response information is available. Overall, the site exhibits a poor security posture and minimal digital maturity, with critical issues that severely limit trust and usability.

Xylem Inc. is a leading enterprise specializing in innovative water solutions and water technology, serving diverse sectors including energy, municipal water, healthcare, and manufacturing. The company offers a broad portfolio of products and services such as water and wastewater treatment systems, pumps, digital water solutions, and parts and supplies. Their market position is strong with a global footprint and multiple subsidiary brands. The website reflects a professional and comprehensive digital presence with excellent content quality and consistent branding. Technically, the site uses modern JavaScript frameworks, Google Tag Manager for analytics, and is hosted behind Cloudflare, but lacks a valid SSL certificate, which significantly impacts its security posture. Security headers are present but the absence of HTTPS and related SSL/TLS features lowers the overall security score. Privacy policies and terms of service are well documented, though no explicit cookie consent mechanism was detected. Contact information is primarily via contact forms with no direct emails or phone numbers found. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

HappyTezos is a small EU-based technology company specializing in Tezos blockchain baking and delegation services. The company provides a secure and transparent platform for Tezos token holders to delegate their tokens and track rewards in real time via a dashboard. Despite a solid niche market position and transparent business model, the service is scheduled to close by the end of 2023. Technically, the website uses modern frontend technologies such as ASP.NET Core, Bootstrap, and jQuery, hosted behind Cloudflare CDN, but lacks a valid SSL certificate, resulting in no HTTPS support which is a critical security flaw. The site includes cookie consent mechanisms and basic privacy policies, but lacks formal security policies or incident response information. Overall, the website is functional and professional but has significant security shortcomings that reduce trust and compliance.

D

Doppler LLC

fromdoppler.com

40

Doppler LLC operates a comprehensive marketing automation platform primarily targeting Spanish-speaking businesses in Latin America and Spain. Their website offers a wide range of services including email marketing, push notifications, SMS marketing, WhatsApp marketing, chatbots, landing pages, and data intelligence. The company positions itself as a leading SaaS provider in the marketing technology sector with a strong brand presence and extensive client testimonials. Technically, the website is built on WordPress and leverages modern marketing and analytics tools such as Google Tag Manager, OneTrust for cookie consent, and Zendesk for customer support. However, the security posture is notably weak due to the absence of a valid SSL certificate and lack of HTTPS, which is a critical issue that undermines user trust and data protection. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR compliance is evident. Overall, the site is professional, content-rich, and user-friendly but requires urgent security improvements to meet modern standards.

A

Atlantic Grupa d.d.

atlanticgrupa.com

29

Atlantic Grupa d.d. is a prominent regional leader in the fast-moving consumer goods sector, specializing in the production and distribution of popular food and beverage brands across Southeast Europe. The company maintains a strong market position with a comprehensive distribution network and a focus on sustainability and corporate responsibility. Their website reflects a professional digital presence with detailed investor relations and sustainability content, targeting regional consumers, investors, and partners. Technically, the site leverages modern JavaScript frameworks such as Nuxt.js and Vue.js and is hosted behind Cloudflare, ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy and cookie policies are well implemented, indicating GDPR compliance. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and maintain trust.

A

Allea Group

alleagroup.com

40

Allea Group is a medium-sized real estate investment and development holding company based in Cyprus, specializing in exclusive European residential and commercial property projects. The website presents a professional and well-structured digital presence targeting investors and clients interested in high-end real estate opportunities. The technical infrastructure is built on WordPress with popular plugins and is hosted behind Cloudflare CDN, but critically lacks a valid SSL certificate, resulting in no HTTPS availability which severely impacts security posture. Privacy and cookie policies are comprehensive and GDPR compliant, indicating good privacy awareness. However, the absence of terms of service, security policy, and vulnerability disclosure reduces transparency. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

The website freywille.com is currently inaccessible due to a Cloudflare security challenge page that blocks content unless JavaScript and cookies are enabled. This prevents direct analysis of the website's content, metadata, and business information. The domain itself is mature, registered since 2005, with strong domain protection and consistent WHOIS data indicating a legitimate business presence. However, the lack of a valid SSL certificate and absence of HTTPS severely impacts the security posture. Security headers are present but insufficient without proper TLS encryption. No privacy, cookie, or terms of service policies are detectable in the accessible content, and no contact information or forms are visible. Overall, the website's technical infrastructure relies on Cloudflare for DNS and security, but the current configuration results in blocked content and poor user experience.

The website amanet.org is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) blocking page, preventing access to any actual site content. The domain is mature, registered since 1995, and uses privacy protection services for its WHOIS data. The technical infrastructure relies on Cloudflare for hosting and security, but the SSL certificate is invalid or missing, resulting in no HTTPS support. No metadata, business information, or contact details are available from the accessible content. The security posture is weak due to lack of proper SSL/TLS configuration and absence of security headers beyond basic ones. Overall, the site cannot be properly evaluated for business credibility, privacy compliance, or content quality due to the blocking mechanism.

McArthurGlen operates as a leading European designer outlet shopping group with 23 locations across 8 countries, targeting fashion-conscious shoppers seeking significant discounts on luxury brands. The website reflects a professional retail business model focused on providing outlet shopping experiences, sustainability initiatives, and tax refund services for non-EU residents. Technically, the website uses modern JavaScript, Google Tag Manager, and Microsoft Application Insights for analytics, and is hosted behind Cloudflare. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. The site implements cookie consent mechanisms and privacy policies consistent with GDPR compliance but lacks visible contact information and security policies. Overall, the website is functional and well-branded but requires urgent improvements in security infrastructure.

M

MedQuest Imaging

mqimaging.com

36

MedQuest Imaging operates as a leading outpatient imaging provider in the United States, managing a network of over 60 radiology centers affiliated with hospitals and health systems. Their business model focuses on partnerships that enhance financial performance and patient care quality in radiology services. The website reflects a professional presence with clear business information and a comprehensive privacy policy. However, the absence of a valid SSL certificate and lack of cookie consent mechanisms indicate significant security and privacy compliance gaps. Technically, the site is built on WordPress with Elementor and uses Google Analytics for tracking, but performance data is unavailable. Security posture is weak due to missing HTTPS and security headers, which poses risks to user data confidentiality and trust. Overall, the site is functional and credible but requires urgent security improvements to meet modern standards.

S

Sport England

sportengland.org

37

Sport England is a UK government-related non-profit organization dedicated to promoting sport and physical activity across England. The website serves as a comprehensive resource hub offering funding opportunities, research data, guidance, and campaigns to support various stakeholders including volunteers, grassroots organizers, schools, and national governing bodies. The organization is primarily funded by the National Lottery, which is prominently acknowledged on the site. The website is professionally designed with clear navigation and strong branding consistency, targeting a broad audience involved in sport and physical activity.

B

Blue Tomato

blue-tomato.com

71

Blue Tomato is a well-established European e-commerce and retail company specializing in boardsport and lifestyle products including snowboarding, skateboarding, surfing, freeski, and streetwear. With over 30 years of experience and more than 70 physical shops across Europe, the company offers a comprehensive product range from over 500 brands, supported by community engagement and specialized services such as snowboard schools and rental shops. The website is professionally designed, highly localized, and optimized for performance and user experience across devices. Technically, the website employs modern web technologies including React and Preact frameworks, utilizes Cloudflare for hosting and security, and integrates advanced analytics and consent management tools. The site demonstrates good SEO and accessibility practices, ensuring broad reach and compliance with relevant regulations. From a security perspective, the site uses a valid SSL certificate but lacks modern TLS protocol support and some security headers like HSTS and OCSP stapling. No critical vulnerabilities were detected, but improvements are recommended to enhance security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, Blue Tomato presents a low-risk profile with strong business credibility, good technical infrastructure, and adequate security measures. Strategic recommendations include enhancing SSL/TLS configurations, enabling additional security headers, and implementing domain protection locks to further secure the domain registration.

B

baningo GmbH

baningo.com

40

baningo GmbH is a technology company specializing in digital networking solutions, primarily through their digital business card platform and NFC business cards. Founded in 2015 and based in Austria, the company serves a broad professional audience seeking modern, sustainable ways to share contact information. Their market position is supported by over 10,000 customers and partnerships with notable companies. Technically, the website leverages Cloudflare for hosting and security, uses Matomo and Google Tag Manager for analytics, and integrates Facebook Pixel for marketing. However, the absence of a valid SSL certificate and HTTPS severely undermines the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms. Overall, the website is professionally designed and trustworthy but requires urgent security improvements.

J

J. Hornig

jhornig.com

65

J. Hornig operates a mature and professional e-commerce website specializing in coffee and tea products, including specialty blends, accessories, and barista courses. The company targets both individual consumers and business clients such as gastronomy and office sectors. The website is built on the Shopify platform, leveraging multiple third-party apps for enhanced customer experience, marketing, and reviews. Technically, the site is well-implemented with modern technologies, fast performance, and strong security headers including HSTS and CSP. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms in place. However, direct contact information like emails or phone numbers is not explicitly listed, relying on contact forms instead. The domain is well-registered with a reputable registrar and shows no signs of suspicious activity. Overall, the site demonstrates a strong security posture and good business credibility, making it a trustworthy platform for customers.

U

UPM Raflatac

upmraflatac.com

65

UPM Raflatac is a global leader in manufacturing high-performance labeling materials, serving brands, designers, and printers worldwide. The company operates a mature and well-established business with a strong emphasis on sustainability and innovation in packaging solutions. Their digital presence reflects a professional and comprehensive approach, offering extensive customer tools and multilingual support. Technically, the website leverages modern frameworks such as Vue.js, integrates advanced analytics and marketing tools, and is hosted securely via Cloudflare with robust security headers and HTTPS enforcement. The security posture is strong, though improvements like enabling HSTS could enhance protection. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration and WHOIS data confirm the legitimacy and consistency of the business identity.

O

Osmo

playosmo.com

58

Osmo is an educational technology company specializing in interactive learning systems that combine physical game pieces with digital apps primarily for iPad and iPhone users. The website positions Osmo as an award-winning brand with a focus on fostering social intelligence and creative thinking through hands-on play. The business model centers on e-commerce sales of educational products and digital content, targeting parents and educators seeking engaging learning tools for children. The site is professionally designed with consistent branding and positive media testimonials, indicating a strong market presence in the education sector. Technically, the website is built on modern frameworks such as Next.js and React, hosted behind Cloudflare, and uses Google Tag Manager for analytics. While the site is mobile-optimized and SEO-friendly, performance metrics are unavailable. Security-wise, the site uses HTTPS with a valid SSL certificate but lacks modern TLS protocol support and OCSP stapling, which are important for robust security. Security headers are partially implemented, but critical headers like HSTS are not fully enabled. No privacy or cookie policies were found, indicating gaps in compliance with data protection regulations. Overall, the security posture is moderate with room for improvement in encryption protocols and privacy compliance. The absence of contact information and policy pages reduces transparency and user trust. The domain registration is consistent with the business claims, and no suspicious patterns were detected, supporting the legitimacy of the site. Strategic recommendations include enabling modern TLS protocols, fully implementing HSTS, publishing comprehensive privacy and cookie policies, adding contact information, and establishing a vulnerability disclosure program to enhance security and compliance posture.

W

W.D. Matthews Machinery Co.

wdmatthews.com

40

W.D. Matthews Machinery Co. is a well-established heavy equipment dealer operating primarily in New England, with a history dating back to 1939. The company specializes in new and used forklifts, heavy machinery, warehousing supplies, rentals, parts, and service. It maintains strong partnerships with reputable brands such as Toyota, Manitou, Clark, and Bobcat, positioning itself as a leading regional provider in the transportation and industrial equipment sector. The website reflects a professional business model focused on equipment sales, rentals, and maintenance services targeting commercial and industrial clients in the region. Technically, the website is built on WordPress with WooCommerce and utilizes modern web technologies including Gravity Forms for data collection and Google Tag Manager for analytics. Hosting is provided by WP Engine with Cloudflare CDN for content delivery. While the site is mobile-optimized and well-structured with good SEO practices, performance data is incomplete, and some accessibility features are basic. The site lacks a valid SSL certificate, which is a critical security gap. From a security perspective, the absence of HTTPS and modern TLS protocols significantly reduces the site's security posture. No advanced security headers or mechanisms such as HSTS or OCSP stapling are implemented. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or terms of service page detected. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a moderate risk profile due to the lack of HTTPS and limited privacy compliance. Strategic improvements in security configuration and privacy practices are recommended to enhance trust and protect user data. The business itself appears legitimate and well-positioned in its market, but the website's security shortcomings could impact user confidence and compliance with regulations.

V

Viz Flowics

flowics.com

37

Viz Flowics is a cloud-native platform specializing in live data-driven broadcast graphics, targeting broadcasters, live streamers, and corporations. The platform offers an intuitive web-based HTML5 graphics editor, native data connectors, social media integration, and NRCS integration, positioning itself as a modern solution in the media technology sector. The website reflects a professional and consistent brand presence supported by customer testimonials and case studies, indicating a solid market position under its parent company Vizrt. Technically, the site is built on WordPress with modern plugins and integrates multiple marketing and analytics tools, though performance metrics are not explicitly available. Security posture is weakened by the absence of a valid SSL certificate and lack of TLS support, which is a critical vulnerability for a platform serving professional clients. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

W

www.english-teacher-college.at

english-teacher-college.at

38

The website www.english-teacher-college.at operates as a specialized media platform providing comprehensive reviews, guides, and affiliate marketing services focused on online casinos in Austria. It targets Austrian online casino players by offering detailed casino ratings, bonus information, game variety, payment methods, and customer support evaluations. The site maintains a consistent brand presence with professional content and trust indicators such as DMCA protection and author credentials. Technically, the site is hosted behind Cloudflare and uses modern web technologies including JavaScript and Google Tag Manager, but lacks a valid SSL certificate, resulting in no HTTPS support and weak security posture. This absence of HTTPS and modern TLS protocols is a critical security gap that undermines user data protection and trust. Privacy and cookie policies exist but are basic in compliance, and no direct company contact emails or phone numbers are provided, though social media channels are linked. Overall, the site is functional and content-rich but requires urgent security improvements to enhance user trust and compliance.

The website acleddata.com is currently inaccessible due to a Cloudflare security challenge page requiring human verification via Turnstile captcha. This prevents access to any substantive content or business information. The site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The technical infrastructure relies on Cloudflare services for DNS and security, but the absence of a valid certificate and security headers indicates a poor security posture. No privacy, cookie, or terms of service policies are present, and no contact or business details are available on the landing page. Overall, the site appears to be in a blocked or pre-launch state, limiting the ability to assess its business credibility or compliance status.

A

Age UK

ageuk.org.uk

40

Age UK is a leading UK-based charity dedicated to supporting older people through a wide range of services including advice, befriending, fundraising, and campaigning. The website reflects a mature and professional digital presence with comprehensive content tailored to its target audience of older adults and their carers. The organization maintains strong branding consistency and trust indicators such as charity registration and regulatory compliance. Technically, the site uses a modern technology stack including ASP.NET, Cloudflare CDN, and analytics tools like Microsoft Azure Application Insights and Google Tag Manager. However, the SSL certificate is invalid and no modern TLS protocols are enabled, which significantly weakens the security posture. Privacy and cookie policies are present and GDPR compliant, supporting good privacy practices. Overall, the site is well designed and user-friendly but requires urgent security improvements to protect user data and maintain trust.

H

High Sierra Pools

highsierrapools.com

39

High Sierra Pools is a well-established commercial pool management company offering a range of services including lifeguard staffing, pool maintenance, repairs, and renovations primarily in the Mid-Atlantic and Northeastern United States. The company has a strong regional presence with over 25 years of experience and serves a diverse clientele including commercial properties and community pools. The website reflects a professional business model focused on safety, compliance, and customer satisfaction. Technically, the site is built on WordPress with modern marketing and analytics tools integrated, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of modern TLS support, which undermines user trust and data security. Privacy compliance is basic with a privacy policy present but no cookie policy or explicit GDPR compliance indicators. Overall, the business credibility is high, supported by clear contact information, testimonials, and consistent branding. Strategic improvements in security posture and privacy compliance are recommended to enhance trust and protect user data.

A

Avantor, Inc.

vwr.com

40

VWR.com is the online presence of Avantor, Inc., a large enterprise specializing in providing life science products and service solutions. The website targets life science professionals and organizations globally, offering a broad range of scientific supplies and services. The business model is primarily B2B, with a strong market position as an established global supplier in the healthcare sector. The site uses localized subdomains to serve different countries, indicating a mature international presence. Technically, the website employs a variety of modern JavaScript libraries and tracking tools, including Google Analytics, Hotjar, and Cloudflare for CDN and security. However, the site lacks a valid SSL certificate and does not enable modern TLS protocols, which is a significant security concern. The content is professionally presented with good navigation and branding consistency, but mobile optimization and accessibility are basic. From a security perspective, while the site implements a comprehensive Content Security Policy and some security headers, the absence of HTTPS and modern TLS support severely impacts the security posture. No incident response or vulnerability disclosure information is provided, and no explicit contact details are available on the landing page, limiting transparency. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS implementation and privacy compliance mechanisms to enhance trust and security. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, implementing cookie consent mechanisms, and providing clear contact and security policy information.

W

WordPress

kapschcarrier.com

40

KapschCarrier.com is a small-scale WordPress-based blog focused on telecommunications policy and 5G network insights. The site provides regularly updated content authored by an identified individual, targeting telecom professionals and enthusiasts. Technically, the site uses WordPress with common libraries like jQuery and Swiper.js, hosted behind Cloudflare. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security deficiency. No privacy, cookie, or terms of service policies are published, and no contact information is available, limiting trust and compliance. The site has good SEO metadata and structured data but lacks analytics or advertising integrations. Overall, the site is functional but has significant security and compliance gaps that should be addressed to improve trustworthiness and user safety.

The website jci.cc is currently inaccessible due to a Cloudflare security block, which prevents access to any meaningful content or business information. The site presents a Cloudflare challenge page indicating that the visitor has been blocked, likely due to security rules triggered by the request. This results in a lack of visible metadata, contact details, policies, or business descriptions. The technical infrastructure relies on Cloudflare for security and DNS, with Google MX records for email, but the SSL/TLS configuration is invalid or missing, which is a critical security concern. Overall, the security posture is weak due to the absence of a valid certificate and modern TLS protocols, though some security headers are present. Due to the blocking, the website's content quality, privacy compliance, and business credibility cannot be assessed, resulting in a low overall risk score. Strategic recommendations include resolving SSL issues, enabling HSTS, and providing accessible privacy and contact information to improve trust and compliance.