Security Directory

B

BT Group plc

bt.com

55

BT Group plc is a leading UK telecommunications provider offering a broad range of services including ultra-fast broadband, TV packages, mobile deals, and sports entertainment through its subsidiary EE and partnerships such as TNT Sports. The website showcases a professional and comprehensive digital presence targeting UK families, communities, and businesses. Technically, the site leverages modern web technologies including Next.js and React, hosted on AWS CloudFront with integrations for Adobe Analytics and Dynatrace for performance and marketing insights. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS support, which poses a significant risk to user data and trust. While security headers are well implemented, the absence of a valid HTTPS connection and cookie consent mechanisms reduces overall compliance and security confidence. Business credibility is strong with clear contact information and consistent branding. Strategic improvements in SSL management and privacy compliance would enhance the site's trustworthiness and security.

C

Camif

camif.fr

40

Camif is a French e-commerce company specializing in sustainable and locally manufactured furniture and home decor. The website presents a professional and well-branded platform targeting consumers interested in eco-responsible products. The company emphasizes French and European manufacturing, supported by certifications such as B Corp and Entreprise à mission. The site features a rich product catalog, promotional offers, and strong social media presence. Technically, the site uses modern JavaScript libraries, analytics, and marketing tools, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces the security posture significantly. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Contact information is available primarily via phone and contact forms, with no explicit emails found in the content. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain compliance.

The website medigate.de is currently a parked domain landing page primarily serving advertisements and indicating the domain is for sale. There is no substantive business content, contact information, or service offerings present. The technical infrastructure relies on parking nameservers and third-party ad networks, with no valid SSL certificate, resulting in an insecure HTTP-only site. Performance is poor with a very slow load time. Security posture is weak due to lack of HTTPS, security headers, and privacy compliance mechanisms. Overall, the site does not present a credible or professional business presence and lacks essential security and privacy features.

B

Boxmyjob SAS

taleez.com

60

Taleez, operated by Boxmyjob SAS, is a French-based SaaS company specializing in recruitment management software (ATS). The company offers a comprehensive platform that centralizes recruitment processes, including job offer multi-diffusion, candidate sourcing, process automation, and analytics. With over 15,000 users and a strong presence in the French market, Taleez positions itself as a reliable and user-friendly solution for HR teams, managers, and candidates. The website reflects a professional and consistent brand image, supported by numerous client testimonials and case studies. Technically, the website is built on Webflow CMS and integrates multiple marketing and analytics tools such as HubSpot, Google Analytics, Amplitude, and ConvertBox. Hosting is managed via OVH with CDN support from Cloudfront. Despite a rich content offering and good mobile optimization, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. Security-wise, the absence of a valid SSL certificate and HTTPS enforcement is a major vulnerability, exposing users to potential data interception risks. Additionally, the lack of security headers and modern TLS protocols further weakens the site's defense. Privacy compliance is well addressed with comprehensive GDPR-aligned policies and cookie consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, while Taleez demonstrates strong business credibility and content quality, its technical and security shortcomings, especially regarding SSL/TLS, pose significant risks. Addressing these issues is paramount to safeguarding user data and maintaining trust.

F

freenet Internet

freenet-internet.de

40

freenet Internet is a German telecommunications provider specializing in flexible internet tariffs that can be managed entirely via a mobile app. Their offerings include DSL and 5G internet services with monthly cancellable contracts, targeting customers who value freedom and simplicity. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and hosted on Amazon Web Services infrastructure, leveraging CloudFront CDN for content delivery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The presence of SPF and DMARC records indicates some email security awareness, but no advanced security headers or mechanisms are implemented. Privacy and terms of service documents are present and appear comprehensive, but no cookie consent mechanism is detected. Overall, the site provides good content quality and user experience but requires urgent improvements in security posture to protect users and enhance trust.

B

Bertelsmann SE & Co. KGaA

bertelsmann.com

52

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating through multiple divisions such as RTL Group, Penguin Random House, BMG, and Arvato Group. The company provides a wide range of media, publishing, entertainment, and service offerings targeting journalists, investors, applicants, and the general public. The website reflects a mature digital presence with comprehensive corporate, investor, and media information, supported by strong branding and consistent content quality. Technically, the site uses established technologies like jQuery, Bootstrap, and Cookiebot for consent management, hosted on AWS CloudFront CDN. However, the absence of a valid SSL/TLS certificate and disabled HTTPS protocols represent critical security gaps. Security headers and content security policies are implemented but cannot compensate for the lack of HTTPS, which is essential for protecting user data and trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

G

Grazer Wechselseitige Versicherung AG

grawe.at

40

Grazer Wechselseitige Versicherung AG (GRAWE) is a well-established Austrian insurance company founded in 1828, offering a broad range of insurance products including private, business, and agricultural insurance, alongside financial services. The company maintains a strong market position in Austria with a large customer base and extensive service network. Their website reflects a mature digital presence with comprehensive content, clear navigation, and multi-language support. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CDN services, but suffers from slow load times due to high resource count and page size. Security posture is good with valid SSL, strong cipher suites, and proper DNS security records like SPF and DMARC, though improvements such as enabling HSTS and OCSP stapling are recommended. Privacy compliance is robust with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its large enterprise status.

S

sysmkt.com.br is almost here!

sysmkt.com.br

52

The website sysmkt.com.br currently serves as a placeholder page hosted by DreamHost, indicating that the domain owner has not yet uploaded any website content. There is no business information, contact details, or services described on the site. The technical infrastructure is minimal, relying on DreamHost's hosting and CloudFront CDN for static content delivery. Performance is poor with a high load time relative to the minimal content served. Security posture is weak, as no SSL/TLS certificate is installed, resulting in no HTTPS support and lack of essential security headers or policies. DNS configuration is standard with valid SPF records but lacks DNSSEC and DMARC, which are important for email and domain security. Overall, the site is not production-ready and lacks any compliance or security documentation.

R

Readly

readly.com

70

Readly is a digital media company offering a subscription-based magazine app that provides unlimited access to thousands of magazines globally. The company has a strong market position with a broad international footprint, targeting consumers who prefer digital reading experiences with features like offline access and family sharing. Technically, the website is built on Ruby on Rails and leverages modern web technologies and cloud hosting via AWS, with moderate performance and good mobile optimization. Security-wise, Readly employs strong TLS configurations, SPF and DMARC email protections, but lacks some advanced security features such as HSTS and OCSP stapling. Privacy and cookie policies are comprehensive and GDPR compliant, with a clear cookie consent mechanism. Overall, the company demonstrates a mature digital presence with room for security enhancements.

M

Mercado Pago Instituição de Pagamento Ltda.

mercadopago.com.br

61

Mercado Pago is a leading digital bank and payment platform in Brazil, operating as a subsidiary of Mercado Libre, the largest e-commerce company in Latin America. The platform offers a comprehensive suite of financial services including digital accounts, credit cards, loans, and payment processing solutions tailored for both individuals and businesses. The website demonstrates a strong market position with a focus on user experience, accessibility, and comprehensive service offerings. Technically, the site employs modern web technologies such as React-based frameworks, New Relic for monitoring, and integrates multiple analytics and advertising tools. Security headers are well implemented, though the SSL certificate is currently invalid, which poses a risk to secure communications. Privacy and cookie policies are present and indicate compliance with GDPR standards. Overall, the platform exhibits a mature digital infrastructure with extensive tracking and marketing integrations, balanced with clear privacy disclosures.

I

Ideris

ideris.com.br

57

Ideris is a leading Brazilian e-commerce technology company specializing in marketplace integration and multichannel sales optimization. The company offers a comprehensive hub platform that consolidates product management, pricing automation, invoice issuance, and logistics management, targeting medium to large e-commerce operators. Recognized as a top technology partner by Mercado Livre for two consecutive years, Ideris holds important certifications such as AWS Partner Qualified Software and SOC 2 Audit, reinforcing its market leadership and trustworthiness. The website reflects a mature digital presence with advanced search capabilities, rich content, and multi-channel marketing tools. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security risks that could impact user trust and data protection.

I

Infotech

bidx.com

52

Infotech operates Bidx.com, a specialized electronic bidding platform tailored for the highway construction industry, serving 44 state transportation agencies. The platform facilitates secure and efficient bidding processes, offering tools such as competitive analysis, plan sheets access, and a small business network to empower contractors. Infotech positions itself as a market leader with a significant volume of bids processed, reflecting strong industry trust and adoption. Technically, the website is built on WordPress with the Divi theme, hosted on AWS infrastructure, and integrates various marketing and analytics tools including HubSpot and Google Tag Manager. However, the security posture reveals critical gaps including an invalid SSL certificate, lack of modern TLS protocols, and incomplete DNS security configurations. While basic security headers and DMARC policies are present, the absence of HSTS, OCSP stapling, and session resumption reduces overall security robustness. The website lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms, which are important for compliance and trust. Overall, the digital maturity is moderate with room for improvement in security and privacy compliance to align with industry best practices.

V

Vindi

vindi.com.br

64

Vindi is a leading Brazilian payment hub platform specializing in managing and processing online payments, with a strong focus on recurring billing, e-commerce, and financial services. The company offers a comprehensive suite of services including payment gateways, credit lines, antifraud solutions, and APIs for seamless integration with marketplaces and other platforms. Their market position is reinforced by significant transaction volumes and a portfolio of reputable clients. Technically, the website is hosted on Amazon S3 with CloudFront CDN, uses modern frontend frameworks like Bootstrap, and integrates Google Tag Manager for analytics and marketing. The site demonstrates good SEO and mobile optimization practices. Security-wise, Vindi maintains a valid SSL certificate and avoids known SSL vulnerabilities, but lacks enabled TLS protocols and HSTS, and DNSSEC is not configured, indicating areas for improvement. Overall, the company shows a mature digital presence with strong branding and trust signals, though security hardening and compliance transparency could be enhanced.

O

Olist

tiny.com.br

61

Olist Tiny is a comprehensive ERP, integration hub, and digital account platform targeting Brazilian e-commerce businesses. It offers a stable and integrated system to streamline sales, inventory, and financial operations, positioning itself as a key player in the Brazilian e-commerce technology market under the Olist group umbrella. The website demonstrates a mature technical infrastructure leveraging Next.js, React, Cloudflare, and AWS services, ensuring fast performance and good mobile optimization. Security posture is solid with a valid SSL certificate and modern security practices, though improvements such as enabling HSTS and DNSSEC are recommended. Privacy policies and terms of service are present and comprehensive, but cookie consent mechanisms are lacking. Overall, the platform shows strong business credibility, technical sophistication, and a clear focus on serving small to medium-sized e-commerce enterprises in Brazil.

V

Volkswagen Financial Services

volkswagen-versicherungsdienst.de

65

Volkswagen Financial Services AG operates the volkswagen-versicherungsdienst.de website, providing a comprehensive portfolio of automotive insurance products including liability, partial and full coverage, warranty extensions, leasing rate insurance, credit protection, and travel insurance. The site targets primarily German private and business customers, leveraging the strong Volkswagen brand and integrated financial services ecosystem. The website is built on Adobe Experience Manager with extensive use of modern web technologies and content delivery networks, ensuring excellent performance and user experience. However, the SSL configuration is critically flawed with a self-signed certificate and no enabled TLS protocols, which undermines secure communications. Security headers are well implemented, but the absence of a cookie consent mechanism and explicit security or incident response policies indicates gaps in compliance and transparency. The site integrates multiple marketing and analytics tools, including Adobe Analytics, Google Tag Manager, and UserZoom, reflecting extensive user tracking. Overall, the site is professional, content-rich, and trustworthy from a business perspective but requires urgent security improvements to protect user data and comply with best practices.

V

Volkswagen Financial Services AG

volkswagen-bank.de

65

Volkswagen Financial Services AG operates a comprehensive digital platform offering automotive financial services including leasing, financing, insurance, and mobility solutions primarily targeting private and business customers in Germany. The website demonstrates a mature digital infrastructure leveraging Adobe Experience Manager, advanced analytics, and multiple integrations with marketing and tracking tools. However, the security posture is weakened by an invalid self-signed SSL certificate and disabled TLS protocols, which pose significant risks to secure communications. The site includes strong security headers and content policies but lacks visible cookie consent mechanisms and explicit security or incident response policies. Overall, the platform is professionally designed, content-rich, and well-branded, supporting a leading position in automotive financial services within the Volkswagen Group ecosystem.

Volkswagen Financial Services AG operates as the financial and mobility services provider for the Volkswagen Group across Europe, managing financing, leasing, insurance, and mobility solutions in 17 markets. The company holds a strong market position as a wholly-owned subsidiary of Volkswagen AG, with a large operational footprint and a focus on sustainability and customer mobility. The website reflects a professional and consistent brand presence with comprehensive investor relations and media content. Technically, the site is built on Adobe Experience Manager, leveraging modern content delivery and third-party integrations for analytics and marketing. Security headers and policies are well implemented, though some SSL/TLS configuration anomalies were detected, likely due to scanning artifacts or misconfigurations. Overall, the security posture is solid but could be improved by enabling modern TLS protocols and publishing explicit security policies. The site demonstrates good privacy compliance with a comprehensive privacy policy and consent mechanisms for external data sources. Social media presence and trust indicators support a high level of trustworthiness.

Honda France operates as a major enterprise in the transportation and manufacturing sectors, offering a diverse range of products including automobiles, motorcycles, marine engines, industrial equipment, garden tools, and snow throwers. The website serves as a portal to various product divisions and regional Honda sites, targeting French consumers and related markets. The business model focuses on manufacturing and retail with a strong brand presence and consistent branding across multiple languages and regions. Technically, the website is built on a modern infrastructure likely powered by Adobe Experience Manager CMS, hosted on Amazon CloudFront CDN, and uses ES6 JavaScript modules. Performance is inferred to be fast with good mobile optimization and basic accessibility and SEO. The site integrates Google Tag Manager for analytics and OneTrust for cookie consent, indicating a moderate level of digital maturity. From a security perspective, the site employs a valid DigiCert SSL certificate with strong security headers including HSTS and X-Frame-Options. However, no TLS protocols are currently enabled, which is a critical issue. The site lacks explicit privacy, terms of service, security policies, or incident response information. DNSSEC is not enabled, and no vulnerability disclosure or security.txt files are present. Overall, the security posture is good but could be significantly improved by enabling TLS, enforcing CSP, and publishing clear security and privacy documentation. The overall risk is moderate due to missing compliance documentation and TLS configuration gaps. Strategic recommendations include enabling TLS 1.2+, enforcing CSP, publishing privacy and security policies, and enhancing incident response readiness to improve trust and compliance.

A

ARRI GmbH

arri.com

69

ARRI GmbH is a well-established leader in the media industry, specializing in the design and manufacture of professional camera and lighting systems for the film and broadcast sectors. With a history dating back to 1917, ARRI maintains a strong market position supported by a comprehensive product portfolio including camera systems, lenses, lighting, rental services, and virtual production solutions. The company targets industry professionals and production companies worldwide, leveraging a large-scale operational footprint and partnerships such as ARRI Rental and Claypaky. Technically, the website is built on a modern stack including CoreMedia CMS, React, and is hosted on AWS CloudFront, delivering fast performance and good mobile optimization. Security measures include a valid SSL certificate and several HTTP security headers, though the lack of modern TLS protocols and DNSSEC indicates room for improvement. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented via Usercentrics. Overall, ARRI demonstrates a mature digital presence with strong branding, comprehensive content, and good security hygiene, though enhancements in encryption protocols and security disclosures could further strengthen its posture.

A

Arctic Wolf Networks

arcticwolf.com

77

Arctic Wolf Networks is a leading cybersecurity company specializing in AI-driven, 24x7 managed security operations tailored to diverse organizational needs. Positioned as a market leader, Arctic Wolf offers a comprehensive suite of services including the Aurora Platform, managed detection and response, incident response, and risk transfer solutions. Their extensive partner ecosystem and industry recognitions underscore their strong market presence and commitment to reducing cyber risk for enterprises globally. Technically, the website leverages modern technologies such as WordPress with Elementor, integrates advanced marketing and analytics tools, and employs robust security measures including an EV SSL certificate and strict security headers. The security posture is strong with no detected vulnerabilities, though improvements in TLS protocol support and DNS security could enhance it further. Overall, Arctic Wolf demonstrates a mature digital infrastructure, excellent content quality, and a high level of professionalism, making it a trustworthy and authoritative source in the cybersecurity domain.

V

VicOne Inc.

vicone.com

79

VicOne Inc. is a specialized cybersecurity company focused on providing future-ready vehicle protection reinforced with proven automotive threat intelligence. The company targets automotive manufacturers, Tier 1 suppliers, EVSE manufacturers, and other stakeholders in the connected car ecosystem. VicOne offers a broad portfolio of cybersecurity software and services including threat intelligence platforms, vehicle security operations centers, intrusion detection/prevention systems, vulnerability and SBOM management, and penetration testing services. The company holds multiple industry certifications and has strategic partnerships with major technology and automotive players, positioning it as a trusted leader in automotive cybersecurity. Technically, the website is hosted on Microsoft IIS with ASP.NET backend, leveraging AWS CloudFront CDN for delivery. The tech stack includes modern JavaScript libraries such as jQuery, Owl Carousel, ScrollReveal, and HubSpot for analytics and marketing automation. The site demonstrates good mobile optimization and fast performance, with a comprehensive content strategy and clear navigation. However, the SSL configuration lacks modern TLS protocol support, and DNSSEC is not enabled, indicating areas for security enhancement. From a security posture perspective, VicOne implements strong HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. The SSL certificate is valid and issued by a trusted CA, but the absence of TLS 1.2 or higher protocols is a notable gap. The company provides comprehensive privacy and cookie policies with consent mechanisms, but lacks explicit incident response contact information and terms of service page. Overall, the security maturity is good with room for improvements in protocol support and DNS security. The overall risk assessment suggests VicOne is a well-positioned and trusted player in automotive cybersecurity with strong technical and security foundations. Strategic recommendations include enabling modern TLS protocols, implementing DNSSEC, publishing incident response contacts, and enhancing accessibility compliance to further strengthen trust and security posture.

D

Dropbox Sign

helloworks.com

60

Dropbox Sign, formerly known as HelloSign, is a leading provider of electronic signature solutions designed to streamline contract signing and document workflows for businesses and developers. Positioned as a scalable and easy-to-use SaaS platform, it offers legally binding eSignatures, API integrations, and additional services such as fax. The company benefits from strong brand recognition as part of Dropbox and serves a broad enterprise audience with a comprehensive suite of features and integrations. Technically, the website is built on Webflow CMS, hosted on AWS CloudFront, and leverages modern marketing and analytics tools like Adobe DTM and Marketo. The site is well-optimized for performance, mobile, accessibility, and SEO, reflecting a mature digital presence. Security-wise, the site employs essential headers and valid SSL certificates but lacks modern TLS protocol support and DNS security extensions, indicating room for improvement. Overall, Dropbox Sign demonstrates a robust business and technical foundation with a strong market position in the eSignature industry.

D

Dropbox Sign

hellosign.com

69

Dropbox Sign, formerly HelloSign, is a leading electronic signature platform integrated with Dropbox, offering easy-to-use eSignature solutions for businesses and developers. The company provides SaaS-based services including document signing, API integration for embedded signatures, fax services, and multiple platform integrations. Their market position is strong, supported by a large enterprise customer base and consistent branding aligned with Dropbox. The website demonstrates excellent content quality, user experience, and trust indicators such as compliance badges and customer testimonials. Technically, the site is built on Webflow CMS, hosted on AWS CloudFront, and uses modern marketing and analytics tools like Adobe DTM and Marketo. Performance and mobile optimization are excellent, with good accessibility and SEO practices. Security posture is solid with valid SSL and security headers, but lacks modern TLS protocols and DNSSEC, and could improve with HSTS and security.txt publication. Overall, Dropbox Sign presents a mature digital presence with strong business and technical foundations, though some security enhancements are recommended.

B

broadpeak.io

broadpeak.io

66

Broadpeak.io is a medium-sized SaaS company specializing in advanced video streaming APIs and contextualization services. Positioned as a trusted platform globally, it offers key services such as Dynamic Ad Insertion, Content Replacement, Virtual Channels, and Adaptive Streaming CDN. The company targets developers, PayTV operators, OTT providers, and streaming service DevOps teams, providing scalable and adaptable streaming solutions. Technically, the website is built on WordPress with a strong SEO and marketing technology stack including Google Analytics, Intercom, and Pardot, hosted on AWS with CloudFront CDN. Security posture is solid with valid SSL and HSTS but lacks modern TLS protocols and DNSSEC, indicating room for improvement. Privacy and cookie policies are comprehensive and GDPR compliant, with a robust consent mechanism. Overall, the site demonstrates high professionalism, trustworthiness, and technical maturity.

The website demonstrates a solid technical security foundation with strong network security and security headers, and generally good SSL/TLS and DNS health. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, exposing the business to legal, operational, and reputational risks. The absence of a cookie policy, consent banner, and comprehensive privacy policy undermines user trust and violates privacy regulations. Critical NIS2 shortcomings, including missing information security framework, security policies, incident response procedures, and security contact information, leave the organization vulnerable to cyber incidents and regulatory penalties. Email security is moderate but requires improvement to prevent phishing and spoofing attacks. Addressing these gaps is urgent to reduce exposure to compliance fines, data breaches, and operational disruptions. Overall, while technical controls are strong, governance and compliance controls need immediate attention to ensure holistic security and regulatory adherence.