Security Directory

G

GRAWE osiguranje a.d.o.

grawe.rs

40

GRAWE Srbija is a well-established insurance company operating in Serbia, offering a broad range of life and non-life insurance products including vehicle, property, and health-related insurance. The company is part of the larger GRAWE Group, which has a long tradition in the insurance sector. The website is professionally designed using TYPO3 CMS and integrates modern technologies such as Google Tag Manager and Cloudfront CDN. It provides clear navigation, comprehensive product information, and multiple contact channels including phone, email, and social media. Privacy and cookie policies are present and include consent mechanisms, indicating good compliance with GDPR requirements. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in HTTPS not being properly enabled. This significantly impacts the security posture and user trust. Security headers are well configured, but the lack of valid SSL and modern TLS protocols is a major vulnerability. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found. Overall, the website is functional and credible but requires urgent remediation of SSL/TLS issues to improve security and trust.

F

Frauscher Sensor Technology USA Inc.

frauscher.com

40

Frauscher Sensor Technology USA Inc. is a leading provider of highly reliable train detection and wayside object control solutions, serving rail operators and system integrators globally. The company offers a comprehensive portfolio including hardware components like wheel sensors and axle counters, software solutions, and smart life cycle services. With a strong market position and a global footprint, Frauscher is recognized for its innovation and quality in the transportation sector. Technically, the website is built on modern frameworks such as Nuxt.js and uses Storyblok CMS, hosted on AWS CloudFront. The site is well-optimized for mobile and SEO, with good accessibility features. However, performance is moderate and could be improved. From a security perspective, the site employs several security headers and has a proactive PSIRT program. However, the SSL certificate is currently invalid, which is a critical issue that impacts the overall security posture. Other security best practices are in place, but improvements in SSL configuration and CSP are recommended. Overall, the website presents a professional and trustworthy image, with comprehensive privacy and cookie policies in place. The domain registration is consistent with the business claims, enhancing credibility. Strategic recommendations include fixing SSL issues, enhancing security headers, and maintaining strong privacy compliance to further strengthen trust and security.

555photography is a small professional photography business specializing in wedding, family, engagement, and event photography. The business leverages the SmugMug platform to showcase its portfolio and manage client galleries, positioning itself as a niche service provider in the media sector. The website content is relevant and well-structured, targeting individuals and families seeking professional photography services. The business model relies on online presence and client engagement through SmugMug's infrastructure. Technically, the website is hosted on SmugMug's infrastructure using nginx and Amazon CloudFront CDN, with modern JavaScript frameworks and responsive design ensuring good mobile optimization and user experience. However, performance metrics are limited, and some technical debt is evident in the use of older YUI libraries alongside modern modules. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data protection. While some security headers are present, the absence of HTTPS and other advanced security features significantly lowers the security posture. Privacy policies and terms of service are available on the SmugMug domain, indicating compliance with GDPR and cookie consent mechanisms, but no explicit security or incident response policies are found. Overall, the website presents a moderate risk profile primarily due to missing HTTPS and limited direct business contact information. Strategic improvements in SSL implementation, security policy publication, and direct contact channels would enhance trust and compliance.

K

Knorr-Bremse AG

knorr-bremse.com

40

Knorr-Bremse AG is a global leader in manufacturing braking systems and safety-critical sub-systems for rail and commercial vehicles. With a history spanning over 28 years, the company holds a strong market position as an innovator in mobility and transport technologies. Their business model focuses on delivering advanced braking and safety solutions, complemented by comprehensive investor relations and career development programs. Technically, the website is built on a modern Angular framework, hosted on Nginx and Amazon CloudFront, with good SEO and accessibility features. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the security posture. The site implements strong security headers and content policies but lacks advanced SSL configurations and session management. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent SSL deployment to enhance security and user trust.

K

ktchng

ktchng.com

39

ktchng is a small Austrian-based technology and e-commerce company offering an augmented reality mobile app that enables users to scan products and environments to receive trend information, community content, and sales offers. The platform integrates a token reward system (KTC) that users can earn and redeem in the ktchng webshop and partner stores. The website is professionally designed with good content quality and consistent branding, targeting consumers interested in AR and digital shopping experiences. Technically, the site uses PHP backend with nginx, Amazon AWS hosting, CloudFront CDN, and integrates monitoring and analytics tools such as New Relic, Google Analytics, and Facebook Pixel. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security vulnerability. Privacy and cookie policies are present and GDPR compliant, with a cookie consent mechanism implemented. Contact information is clearly provided, including emails and phone numbers. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

I

Immobilien Scout GmbH

immobilien.net

37

Immobilien.net is a well-established Austrian real estate platform operated by Immobilien Scout GmbH, offering a broad range of residential and commercial property listings. The website targets individuals and investors seeking to rent or buy properties in Austria, providing expert services and a knowledge portal. Technically, the site uses modern frontend technologies such as React and is hosted on AWS CloudFront CDN, ensuring good mobile optimization and SEO. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw, severely impacting the site's security posture. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, while the business and content quality are good, the lack of HTTPS significantly reduces trust and security.

A

All for One Customer Experience GmbH

b4b-solutions.com

40

All for One Customer Experience GmbH is a Germany-based technology company specializing in delivering innovative customer experience solutions leveraging the SAP Customer Experience Suite. Positioned as a SAP Platinum Partner and part of the All for One Group, the company offers comprehensive cloud-based services including consulting, software implementation, and custom development to enhance customer journeys and digital transformation for businesses. The website reflects a professional and consistent brand image targeting enterprises seeking to optimize their customer engagement and sales processes. Technically, the website is hosted on Amazon Web Services using Amazon S3 and CloudFront CDN, employing modern web technologies such as JSON-LD structured data and OneTrust for cookie consent management. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a high-quality user experience. However, performance metrics were not available. From a security perspective, while the site implements several important security headers and content security policies, it critically lacks a valid SSL/TLS certificate and does not support modern TLS protocols, resulting in a poor security posture. This exposes users to risks and undermines trust. Privacy compliance is strong with comprehensive privacy and cookie policies and consent mechanisms in place. Overall, the website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain trust. Strategic improvements in security infrastructure will significantly enhance the site's risk profile and user confidence.

V

Vaillant

vaillant-group.com

40

Vaillant Group is a globally recognized leader in the energy sector, specializing in climate-friendly heating, cooling, and hot water solutions including heat pumps and gas condensing boilers. The company operates in over 60 countries with a workforce of approximately 16,000 employees, emphasizing sustainability and digital services. The website reflects a mature and professional business with consistent branding and comprehensive content tailored to customers, partners, and potential employees. Technically, the site leverages modern JavaScript libraries, lazy loading, and CDN hosting via Amazon S3 and CloudFront, with a CMS likely based on e-Spirit. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are present and GDPR compliant, and the site integrates Google Tag Manager for analytics and Consentmanager.net for consent management. Overall, the site is well-structured and user-friendly but requires urgent security improvements.

U

Ubisoft Nadeo

nadeo.com

40

Ubisoft Nadeo is a well-established video game development studio based in Paris, France, known for its innovative multiplayer games such as Trackmania and Shootmania. As a subsidiary of Ubisoft, it benefits from a strong market position and a mature digital presence. The website content is professional, well-structured, and targets gamers interested in competitive and virtual reality gaming experiences. Technically, the site uses modern frameworks like React and Express, hosted on AWS infrastructure with CDN support, but lacks a valid SSL certificate and HTTPS enforcement, which is a critical security gap. Security headers are partially implemented, and no major vulnerabilities are detected, but the absence of TLS protocols and HSTS reduces the security posture significantly. Privacy compliance is good with clear privacy and cookie policies, and GDPR considerations are addressed. Contact information is primarily via support portals and social media, with no direct emails or phone numbers publicly listed. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain trust.

ProSiebenSat.1 PULS 4 GmbH is a leading private media company in Austria, specializing in TV broadcasting and digital advertising solutions. The company operates multiple TV channels and digital platforms, including the popular streaming service JOYN, and offers innovative advertising products such as TV-LOAD and Addressable TV. Their market position is strong, supported by a comprehensive portfolio and a focus on integrated advertising solutions. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, hosted on AWS with content managed via DatoCMS, providing a good user experience and mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

A

ACN Opportunity, LLC

myacn.com

40

ACN Opportunity, LLC operates a mature and established website offering essential services such as internet, energy, and wireless, combined with a home-based business opportunity model. The company targets individuals interested in essential services and entrepreneurial ventures, positioning itself as a trusted provider with strong industry memberships and a broad social media presence. Technically, the website leverages modern frontend technologies including Joomla CMS, Bootstrap, jQuery, and Swiper.js, hosted on AWS infrastructure with CloudFront CDN. The site is mobile optimized and SEO friendly, though performance metrics are unavailable. Security posture is weak due to the absence of a valid SSL certificate and HTTPS enforcement, despite the presence of several security headers. Privacy compliance is strong with comprehensive policies and a OneTrust cookie consent mechanism. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust.

P

Palmers Textil AG

palmers.at

33

Palmers Textil AG operates a well-branded e-commerce website focused on retailing lingerie, nightwear, and fashion apparel primarily targeting German-speaking European customers. The site leverages modern web technologies including Vue Storefront 2 and Magento backend, supported by AWS CloudFront CDN and various marketing and analytics tools such as Google Analytics and Facebook Pixel. Despite a professional presentation and comprehensive privacy and cookie policies, the website suffers from a critical security deficiency: the absence of a valid SSL/TLS certificate and HTTPS support, exposing users to potential data interception risks. Security headers are implemented but cannot compensate for the lack of encryption. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Overall, the website demonstrates good digital maturity but requires urgent security improvements to protect user data and enhance trust.

The website ag-isw.at is currently a parked domain page primarily aimed at selling the domain name. It lacks any active business content, contact information, or service offerings. The site is heavily monetized through advertising scripts, mainly from Google Adsense and related ad networks. Technically, the site suffers from a lack of HTTPS support, with no valid SSL certificate installed, exposing visitors to security risks. Performance is poor with slow load times and minimal optimization. Privacy compliance is minimal, with only a basic privacy policy accessible via a popup link, and no cookie consent mechanisms present. Overall, the site does not present itself as a legitimate business or service provider at this time.

Raiffeisen Bank International AG operates as a leading business bank in Austria and Central and Eastern Europe, offering a broad range of financial services including corporate banking, investor relations, and sustainability-focused products. The website targets investors, corporate and institutional clients, job seekers, and private customers, reflecting a mature and comprehensive business model with a strong market position. Technically, the site is built on Adobe Experience Manager with Vue.js components, leveraging modern analytics and marketing tools such as Mouseflow, Google Tag Manager, and hCaptcha. However, a critical security weakness is present due to an invalid SSL certificate and lack of TLS protocol support, which undermines the otherwise strong security headers and policies implemented. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, content-rich, and trustworthy but requires urgent remediation of SSL and TLS issues to ensure secure user interactions.

C

Cropster

cropster.com

40

Cropster is a mature, market-leading SaaS provider specializing in software solutions for the coffee industry, including roasting, inventory, and quality management. The company targets coffee farmers, roasters, and cafe managers with a comprehensive suite of products designed to streamline workflows and improve operational efficiency. Cropster maintains a consistent and professional brand presence with multilingual support and active content updates. Technically, the website is built on WordPress, leveraging modern JavaScript frameworks and AWS CloudFront CDN for delivery. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, despite the presence of strong security headers. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. The domain registration is consistent and trustworthy, reflecting a stable business operation. Overall, Cropster presents a professional and credible online presence but must urgently address SSL/TLS issues to improve security and trust.

R

Randstad Austria GmbH

randstad.at

40

Randstad Austria GmbH operates as a leading personnel service provider in Austria, offering staffing, recruitment, and HR solutions. The company is part of the global Randstad N.V. group and targets job seekers and companies within Austria. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. Technically, the site uses Drupal CMS with React components, hosted on AWS infrastructure with CloudFront CDN. However, a critical security gap exists as the website lacks a valid SSL certificate and does not serve content over HTTPS, exposing users to potential risks. Security headers are well implemented, but the absence of HTTPS significantly lowers the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact and company registration information provided. Social media presence is robust, enhancing trust and engagement.

E

ENGEL

engelglobal.com

40

ENGEL is a large, established manufacturing company specializing in injection moulding solutions, including machines, automation, and digital process optimization. The website reflects a professional B2B business model targeting manufacturing industries globally, with multi-language support and a comprehensive content offering. Technically, the site uses modern technologies such as Vue.js and Storyblok CMS, hosted on AWS CloudFront, with good SEO and mobile optimization. However, the lack of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses. The site implements strong security headers and a content security policy but lacks incident response and security policy disclosures. Privacy compliance is addressed with GDPR-consent mechanisms and a detailed data protection page. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

The website elsner.at is a parked domain sale page operated by CORNUCOPIAS.COM OÜ, an Estonian company specializing in domain resale. The site offers the domain for sale via well-known domain marketplaces Sedo and DAN.com, highlighting experience and buyer protection programs. The technical infrastructure relies on Amazon S3 and CloudFront CDN, with minimal content and basic design elements such as Google Fonts. However, the site lacks HTTPS support due to an invalid or missing SSL certificate, which significantly impacts security and trust. No privacy, cookie, or terms of service policies are present, and no contact information is provided, limiting user trust and compliance with privacy regulations.

thyssenkrupp AG is a large multinational industrial technology group focused on engineering innovative and sustainable solutions for future challenges. The website reflects a mature digital presence with comprehensive content targeting industrial clients, investors, and job seekers. Technically, the site uses modern frameworks like Angular and is hosted on Amazon CloudFront, but lacks a valid SSL certificate and HTTPS enforcement, which is a critical security deficiency. Security headers are well implemented, but the absence of TLS protocols and session security features lowers the security posture significantly. Privacy compliance is good with a clear privacy policy and GDPR adherence, though no cookie consent mechanism was detected. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

V

voestalpine AG

voestalpine.com

40

voestalpine AG is a globally leading steel and technology group with a strong market position in manufacturing and industrial sectors such as automotive, aerospace, energy, and railway systems. The company operates worldwide with a large enterprise footprint and emphasizes sustainability and innovation through initiatives like the greentec steel program. The website reflects a mature digital presence with multilingual support, comprehensive corporate and investor information, and active social media engagement. Technically, the site uses modern tools including Usercentrics for consent management and JW Player for media, hosted on AWS CloudFront CDN. However, a critical security weakness is the invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is clearly provided, though no direct company emails are visible. Overall, the site is professional and trustworthy but requires urgent SSL and TLS remediation to ensure secure user interactions.

Accenture Interactive's website for Accenture Song presents a mature, enterprise-level digital presence focused on delivering technology-powered creative and marketing services globally. The company positions itself as a leader in customer experience transformation, blending creativity and technology to drive business growth. The site is rich in multimedia content, well-structured navigation, and supports multiple languages and regions, reflecting a global market approach. Technically, the site leverages Adobe Experience Manager CMS, AWS CloudFront hosting, and integrates advanced analytics and consent management tools. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which undermines the otherwise strong security headers and policies in place. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

S

SER Solutions Deutschland GmbH

ser.de

40

SER Solutions Deutschland GmbH is a well-established enterprise content management (ECM) software provider based in Germany, with over 35 years of experience. The company is recognized as a leader in the ECM market, evidenced by its inclusion in Gartner's Magic Quadrant and IDC MarketScape reports. Their core offerings include intelligent content automation, document management, process automation, and collaboration tools, targeting large enterprises and organizations undergoing digital transformation. The website reflects a mature digital presence with comprehensive content, multiple language support, and strong branding consistency. Technically, the website is built on the Contao CMS platform, hosted on Ubuntu servers with Amazon CloudFront CDN for content delivery. It employs modern marketing and analytics tools such as Google Tag Manager, Visual Website Optimizer, and Usercentrics for consent management. The site is mobile-optimized and accessible, with good SEO practices. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which severely impacts the security posture. Security headers are properly configured, but the lack of TLS protocols and valid certificates exposes the site to risks and undermines user trust. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, while the business and content quality are excellent, urgent remediation of SSL/TLS issues is necessary to improve security and trustworthiness.

G

Gewista

gewista.at

34

Gewista is a leading Austrian media company specializing in Out-of-Home advertising, operating under the majority ownership of global market leader JCDecaux. The company offers a broad portfolio of advertising media including traditional billboards, street furniture, and transport media, with a strong focus on digital innovation and public value initiatives. The website reflects a mature digital presence built on Drupal 10, leveraging modern JavaScript libraries and CDN hosting. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. Additionally, a subdomain takeover vulnerability was identified, posing a risk to brand reputation and security. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy practices. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to meet modern standards.

G

GEZE GmbH

geze.at

38

GEZE GmbH is a globally recognized family-owned company specializing in manufacturing and providing innovative door, window, and safety technology solutions. The company has a strong market position with over 3,000 employees and 37 subsidiaries worldwide, focusing on digital connectivity and building automation. The website reflects a professional and comprehensive presentation of their products and services, targeting architects, planners, and building operators. Technically, the site uses TYPO3 CMS hosted on AWS CloudFront with modern content delivery but suffers from critical SSL/TLS misconfigurations, impacting security posture. Privacy compliance is well addressed with a clear privacy policy and consent management via Usercentrics. The site offers multiple contact channels and social media presence, enhancing business credibility. However, the invalid SSL certificate and lack of HTTPS protocols represent significant security risks that should be urgently addressed.

C

Coface

coface.com

40

Coface is a global leader in trade credit insurance, debt collection, and business information services, supporting over 100,000 clients across approximately 200 countries. Founded in 1946 and headquartered in France, the company offers comprehensive solutions to help businesses manage credit risks and optimize credit management. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its target audience of businesses seeking credit risk solutions. Technically, the site uses modern web technologies including a CDN (CloudFront), a CMS (Ibexa), and integrates advanced consent management and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, Coface's website demonstrates high business credibility and professionalism but requires urgent SSL/TLS remediation to improve security and trust.

E

Erste Digital GmbH

erstegroupit.com

39

Erste Digital GmbH operates as the digital and IT service arm of Erste Group, the largest banking group in Central and Eastern Europe. The company focuses on delivering IT solutions and digital transformation services to support banking operations across the region. The website reflects a professional and consistent brand image aligned with Erste Group, targeting banking customers, IT professionals, and potential employees. Technically, the site uses modern frameworks and CDNs but suffers from a critical lack of SSL/TLS configuration, which severely impacts its security posture. Privacy and cookie policies are well implemented, indicating GDPR compliance. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust.

E

Erste Asset Management

erste-am.com

40

Erste Asset Management operates as an international asset management company serving both institutional and private investors, primarily based in Austria. The website presents a professional and well-structured digital presence targeting these investor groups with clear navigation and relevant content. Technically, the site leverages a modular GEM framework hosted on AWS CloudFront CDN, ensuring scalability and modern web practices. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, despite the presence of several security headers and a strict DMARC policy. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR adherence is evident. Overall, while the business credibility and content quality are strong, the critical lack of HTTPS is a major risk that needs immediate remediation.

N

Netural GmbH

netural.com

40

Netural GmbH is a mature and reputable digital services provider based in Austria, specializing in digital transformation, web and mobile app development, augmented reality, and eCommerce solutions primarily for B2B clients. The company has a strong market position supported by multiple industry awards and a professional online presence. Technically, the website uses modern web technologies and a CMS (Storyblok), with content optimized for mobile and SEO. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks. Privacy policies and cookie consent mechanisms are well implemented, indicating good GDPR compliance. Overall, the business credibility is high, but urgent security improvements are needed to protect data and enhance trust.

C

CMA CGM Group

cmacgm-group.com

49

CMA CGM Group operates as a global leader in transportation and logistics, providing integrated sea, land, air, and logistics solutions. The company targets a global customer base requiring comprehensive supply chain services. The website reflects a mature enterprise with consistent branding and a professional online presence. Technically, the site uses modern frameworks such as React and Next.js, hosted on AWS CloudFront with caching via Varnish, and a Drupal CMS backend. However, the absence of a valid SSL/TLS certificate critically undermines the security posture, exposing users to risks and reducing trust. Security headers are partially implemented but lack completeness, and no advanced security policies or data protection officer contacts are visible. The site includes cookie consent mechanisms and a responsible disclosure program, indicating some compliance awareness. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

K

KUT Public Media

kut.org

38

KUT Public Media operates as a prominent public media and NPR-affiliated radio station serving Austin and Central Texas. The organization provides a broad range of news, cultural programming, podcasts, and community engagement services, supported by donations, memberships, and sponsorships. The website reflects a mature digital presence with professional design, clear navigation, and rich content tailored to its regional audience. Technically, the site leverages Brightspot CMS, Amazon CloudFront CDN, and integrates advertising and analytics tools from Google and Facebook, indicating a modern infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts user trust and security posture. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. Overall, the site is credible and well-positioned in its market but requires urgent security improvements to protect users and maintain trust.

S

StoryToys Limited

marvelhq.com

56

MarvelHQ.com is a digital content publishing website for the Marvel HQ app, published by StoryToys Limited, a Team17 company. The site offers access to games, videos, books, comics, and activities featuring Marvel characters, targeting a family audience. The business operates in the media and entertainment sector with a focus on licensed digital content distribution across multiple platforms including iOS, Android, Amazon, and Samsung stores. The website is professionally designed with consistent branding and clear calls to action for app downloads.

24xtra.hu is a user authentication portal associated with the Hungarian media brand 24.hu, providing login and registration services including social login options via Facebook, Apple, and Google. The site targets Hungarian-speaking users of 24.hu services and acts as a gateway for accessing content or services requiring user authentication. The business model centers on user identity management for a media platform. Technically, the site is hosted on Amazon AWS infrastructure using CloudFront CDN and employs Keycloak for single sign-on capabilities. The technology stack includes modern JavaScript modules and standard web technologies, but performance metrics are unavailable or minimal, indicating potential areas for improvement. Mobile optimization and accessibility are basic but functional. From a security perspective, the site implements several important HTTP security headers and enforces HSTS with preload. However, the absence of a valid SSL certificate and lack of HTTPS support critically undermine the security posture. No OCSP stapling or session resumption is configured, and no privacy or cookie policies are published, indicating compliance gaps. No contact or business information is provided on the site, limiting transparency. Overall, the site is functional as a login portal but requires urgent improvements in SSL/TLS configuration and privacy compliance to enhance trust and security. The domain registration is consistent with the 24.hu brand, supporting legitimacy. Strategic recommendations include obtaining a valid SSL certificate, publishing privacy and cookie policies, and improving performance and accessibility.

C

Central Médiacsoport Zrt.

24.hu

40

24.hu is a leading Hungarian news portal operated by Central Médiacsoport Zrt., offering a wide range of news content including domestic and international news, culture, sports, and lifestyle. The site features multimedia content such as videos and podcasts, and supports subscription services. Technically, the site is built on WordPress with WPBakery Page Builder and hosted on AWS infrastructure with CloudFront CDN and Redis caching for performance optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS protocol support, which poses significant risks for user data protection and trust. Privacy and cookie policies are comprehensive and GDPR compliant, supporting user consent mechanisms. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect users and maintain credibility.

R

Rete di Top Segnalatori Business Certificati

retesegnalatori.com

31

The website 'retesegnalatori.com' serves as a platform for individuals and businesses interested in becoming certified business referrers and growing within a referral network. It positions itself as a niche network focused on business introductions and certification in the Italian-speaking market. The content is minimal and primarily marketing-oriented, with limited business or legal information provided. Technically, the site is built on the Kartra platform, utilizing common web fonts and CDNs, but suffers from slow load times and lacks modern performance optimizations. Security posture is weak, with no valid SSL certificate or HTTPS support, absence of security headers, and no privacy or cookie policies, exposing users to potential risks. Overall, the site demonstrates low trustworthiness and poor compliance with privacy regulations. Strategic improvements in security, privacy compliance, and content richness are recommended to enhance credibility and user trust.

T

The Walt Disney Company

disneynow.com

49

DisneyNOW is a digital streaming platform operated by The Walt Disney Company, offering a wide range of Disney Channel, Disney Junior, and Disney XD shows, movies, and video clips targeted primarily at children and families. The platform is well-branded and professionally designed, providing an excellent user experience with clear navigation and rich content offerings. Technically, the site uses modern web technologies including React, Nginx, Varnish Cache, and AWS hosting, along with performance monitoring via New Relic. However, the site suffers from a critical security issue due to an invalid SSL certificate, which undermines the security posture and user trust. Privacy policies and terms of service are comprehensive and properly linked, indicating good compliance with privacy regulations such as GDPR. Overall, the site is a high-quality media platform with strong business credibility but requires urgent remediation of its SSL configuration to improve security and trust.

BookAppSter is a marketing platform focused on helping authors and entrepreneurs acquire clients through book marketing and viral app creation. The business operates primarily in Italy and leverages the Kartra platform for its digital marketing and webinar delivery. The website content is professionally presented in Italian, featuring testimonials, videos, and clear calls to action for webinars. However, the technical infrastructure shows significant weaknesses, notably the absence of a valid SSL certificate and missing DNS records, which undermine trust and security. Privacy and cookie policies exist but are hosted externally on Kartra subdomains, and no direct contact or security policies are provided. Overall, the business appears legitimate but would benefit from improved technical and security measures.

R

Rove Hotels

rovehotels.com

55

Rove Hotels is a hospitality brand offering stylish and affordable hotel accommodations primarily in Dubai and the UAE. The website presents a comprehensive portfolio of hotels, detailed descriptions, booking capabilities, and promotional offers targeting families, travelers, and business guests. The brand is positioned as a modern, accessible hotel chain with a strong digital presence and multi-language support. Technically, the website is built on WordPress, leveraging modern JavaScript frameworks and CDN services to deliver a responsive and user-friendly experience. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which poses significant risks to user data confidentiality and trust. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of its SSL/TLS configuration to ensure secure communications.

D

De christelijke zorgverzekeraar

dechristelijkezorgverzekeraar.nl

40

De christelijke zorgverzekeraar is a Dutch health insurance provider focused on integrating Christian values with healthcare services. It operates as part of the larger Zilveren Kruis group, offering basic and supplementary insurance products tailored to its target audience. The website is professionally designed, well-structured, and provides comprehensive information about insurance options, Christian care, and customer services. Technically, the site uses modern technologies including Sitecore CMS, Vue.js, and Coveo search integration, ensuring a good user experience and SEO optimization. However, the security posture is weakened by the absence of a valid SSL/TLS certificate and disabled TLS protocols, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy policies and cookie statements are present and GDPR compliance is indicated, though no explicit consent mechanism was detected. Overall, the site is credible and trustworthy but requires urgent security improvements.

F

FBTO

fbto.nl

40

FBTO is a Dutch insurance provider offering a wide range of customizable insurance products including auto, health, travel, home, and legal assistance insurance. The company operates under the Achmea group umbrella, which strengthens its market position and trustworthiness. The website is professionally designed with clear navigation and good content quality, targeting Dutch consumers seeking flexible insurance solutions. Technically, the site uses a modern tech stack including Sitecore CMS, Azure hosting, and integrates multiple marketing and analytics tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed immediately to protect user data and maintain trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is functional and credible but requires urgent security improvements.

C

Centraal Beheer

centraalbeheer.nl

40

Centraal Beheer is a well-established Dutch insurance and financial services provider with over 115 years of history, operating under the parent company Achmea. The website offers a comprehensive range of services including insurance products, investment options, savings accounts, pensions, and mortgages, targeting both private individuals and businesses. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, the website uses a modern tech stack including Sitecore CMS, Azure hosting, and various marketing and analytics tools, though performance metrics are not available. Security posture is moderate; while several security headers are implemented, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which poses a significant risk. Privacy compliance is good with clear privacy and cookie policies and GDPR adherence. Overall, the domain registration and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.

P

Ping Identity

pingidentity.com

60

Ping Identity is a leading enterprise identity security company specializing in identity and access management solutions. Their platform offers comprehensive services including customer identity, workforce identity, B2B identity, decentralized identity, and advanced authentication methods such as passwordless and zero trust. The company targets large enterprises across various sectors including government, financial services, healthcare, retail, media, and telecommunications. With a strong market position supported by industry analyst recognitions, Ping Identity delivers secure and seamless digital experiences for its customers. Technically, the website is built on a modern infrastructure leveraging Adobe Experience Manager CMS, AWS hosting, and advanced web technologies such as Lottie animations and Google Tag Manager. The site demonstrates good mobile optimization, accessibility, and SEO practices. However, the SSL certificate is currently invalid, and no TLS protocols are enabled, which significantly impacts the security posture. Security-wise, the site implements strong security headers and cookie policies with consent mechanisms, indicating good privacy compliance. Certifications like ISO 27001, SOC 2, and FedRAMP further strengthen their security credibility. Nonetheless, the invalid SSL certificate and lack of TLS support are critical issues that must be addressed urgently to ensure secure communications. Overall, Ping Identity's website reflects a mature and professional digital presence with strong business credibility and privacy compliance. Addressing the SSL and TLS issues will elevate their security posture and trustworthiness further.

Y

Yelp

yelp.fi

70

Yelp.fi is the Finnish localized version of Yelp, a leading online platform providing user-generated reviews and business listings primarily for the Helsinki area. The website offers extensive content including business categories, user reviews, and search capabilities for local services. It targets consumers seeking trusted local business information and provides business owners with advertising and management tools. The platform is built on modern web technologies including React and is hosted on Amazon AWS infrastructure with CDN support. While the site demonstrates strong content quality, branding consistency, and good privacy compliance with GDPR, it suffers from an invalid SSL certificate and lacks support for modern TLS protocols, which impacts its security posture. Security headers and content security policies are implemented, but some CSP directives allow unsafe inline scripts, which could be improved. Overall, the site is professional and trustworthy but should address SSL and TLS issues to enhance security and user trust.

P

Prosek Partners

prosek.com

51

Prosek Partners is a well-established integrated communications and marketing firm with over 30 years of experience, primarily serving clients in finance, investor relations, and related sectors. The company offers a broad range of services including PR, crisis management, digital marketing, and public affairs, positioning itself as a future-focused leader in its industry. The website reflects a professional and polished brand image with comprehensive content and strong SEO and accessibility features. Technically, the site is built on WordPress with modern plugins and integrations but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS enforcement. This significantly impacts the security posture and trustworthiness from a technical perspective. Privacy and cookie policies are present and indicate GDPR compliance, though no explicit security or incident response policies are published. Overall, the site is user-friendly and credible but requires urgent security improvements to protect user data and enhance trust.

T

TopCV

topcv.com

65

TopCV is a leading global professional CV writing service operating under the parent company Talent Inc. The company offers a comprehensive suite of career services including CV writing, cover letter creation, LinkedIn profile optimization, and interview preparation. Their market position is strong, supported by extensive customer testimonials and high Trustpilot ratings. Technically, the website is built on a modern Next.js and React stack, hosted on AWS CloudFront, ensuring good performance and mobile optimization. However, the security posture is weakened by an invalid SSL certificate, despite the presence of HSTS headers and other security best practices. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with room for improvement in SSL management and advanced security headers.

M

Monster

monster.com

55

Monster.com is a leading online job search and recruitment platform dedicated to connecting job seekers with relevant career opportunities and providing employers with hiring resources. The website offers a comprehensive job search engine, career advice, resume upload capabilities, and employer services, positioning itself as a major player in the employment technology sector. The platform targets both job seekers and employers, leveraging modern web technologies such as Gatsby and React to deliver a responsive and user-friendly experience. However, the site currently lacks a valid SSL certificate, which significantly impacts its security posture and user trust. While security headers are properly configured, the absence of HTTPS and modern TLS protocols presents a critical vulnerability. Privacy compliance is partially addressed with a clear privacy policy, but no explicit cookie consent mechanism is detected. Overall, Monster.com demonstrates strong business credibility and content quality but requires urgent improvements in SSL/TLS security to enhance trust and compliance.

S

Shiftboard, Inc.

shiftboard.com

51

Shiftboard, Inc. is an enterprise-level SaaS provider specializing in employee scheduling software tailored for mission-critical industries such as manufacturing, energy, and corrections. The company operates as a subsidiary of UKG and offers products like SchedulePro and ScheduleFlex to streamline workforce management, improve scheduling efficiency, and enhance employee engagement. The website demonstrates strong branding, customer trust signals, and comprehensive content targeting workforce managers in shift-based operations. Technically, the website is built on WordPress with performance optimizations via WP Rocket and hosted on AWS infrastructure using S3 and CloudFront. It integrates multiple marketing and analytics tools including Google Analytics, Google Ads, HubSpot, and social media platforms. The site is mobile-optimized and SEO-friendly with structured data and Open Graph metadata. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. While some security headers like HSTS are present, the absence of TLS protocols and secure cipher suites significantly lowers the security posture. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. Overall, the website is professional and content-rich but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain trust.

G

GeneXus

genexus.com

61

GeneXus is an established enterprise low-code software development platform powered by AI, with over 35 years of market presence and a global customer base. The platform offers a comprehensive suite of tools including AI assistants, business process management, code generators, and testing frameworks, targeting enterprises, ISVs, startups, and students. Technically, the website is hosted on Microsoft IIS with ASP.NET and uses AWS CloudFront CDN, Google Tag Manager, and Google Analytics for tracking. The site is well-designed, mobile-optimized, and content-rich, but suffers from a critical security issue due to an invalid or missing SSL certificate, which severely impacts its security posture. Privacy and cookie policies are not explicitly found, indicating potential compliance gaps. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent security improvements.

P

Persistent Systems

persistent.com

59

Persistent Systems is a well-established technology services company specializing in AI, digital engineering, and enterprise modernization. The company positions itself as a trusted partner for enterprises seeking to transform their AI journey and digital capabilities. Their website reflects a mature digital presence with comprehensive service offerings, a strong partner ecosystem, and extensive client success stories. The company targets large enterprises across multiple industries, leveraging a B2B business model with a focus on innovation and technology leadership. Technically, the website is built on WordPress and employs a modern tech stack including jQuery, Bootstrap, and various marketing and analytics tools such as Google Tag Manager, Pardot, and CookiePro. Hosting is via AWS CloudFront CDN, ensuring global content delivery. The site is well-optimized for SEO and accessibility, with multilingual support and responsive design. However, performance metrics are not explicitly available. From a security perspective, the site has several security headers configured and uses HttpOnly cookies and a detailed Content Security Policy. However, a critical issue is the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Other TLS protocols and features like OCSP stapling and session resumption are not enabled. DNS CAA records appear malformed, which could affect certificate issuance policies. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a high level of professionalism and business credibility but suffers from a critical security gap due to missing HTTPS. Strategic remediation of SSL/TLS configuration is essential to improve trust and security compliance.

K

Kirschbaum Development

kirschbaumdevelopment.com

49

Kirschbaum Development is a small technology company specializing in web application development, staff augmentation, training, and technical leadership services. They primarily focus on Laravel, Vue.js, Angular, Drupal, and Wordpress frameworks, serving a diverse client base including Fortune 50 companies and smaller organizations. Their market position is strengthened by partnerships with Laravel and endorsements from industry leaders. The website presents a professional and consistent brand image with comprehensive service offerings and client testimonials. Technically, the website leverages modern web technologies including Laravel and Vue.js frameworks, hosted on AWS CloudFront CDN. The site includes Google Tag Manager for analytics and marketing purposes. While the site is mobile optimized and SEO friendly, performance metrics are unavailable. Accessibility is basic but functional. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. No advanced security headers or mechanisms such as HSTS or OCSP stapling are implemented. Cookie consent mechanisms are absent, indicating limited privacy compliance. The site uses secure cookies with CSRF tokens but overall security posture is weak. Overall, the website is professional and credible but requires urgent improvements in SSL/TLS implementation and privacy compliance to enhance security and user trust.

B

BT Group plc

bt.com

55

BT Group plc is a leading UK telecommunications provider offering a broad range of services including ultra-fast broadband, TV packages, mobile deals, and sports entertainment through its subsidiary EE and partnerships such as TNT Sports. The website showcases a professional and comprehensive digital presence targeting UK families, communities, and businesses. Technically, the site leverages modern web technologies including Next.js and React, hosted on AWS CloudFront with integrations for Adobe Analytics and Dynatrace for performance and marketing insights. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS support, which poses a significant risk to user data and trust. While security headers are well implemented, the absence of a valid HTTPS connection and cookie consent mechanisms reduces overall compliance and security confidence. Business credibility is strong with clear contact information and consistent branding. Strategic improvements in SSL management and privacy compliance would enhance the site's trustworthiness and security.