Security Directory

P

Paramount

paramountplus.com

68

Paramount+ is a leading global streaming service operated by Paramount Global, offering a wide range of live TV, movies, original programming, and news content. The platform targets general consumers seeking entertainment across multiple devices with a subscription-based model. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, integration of advanced security features such as Google reCAPTCHA Enterprise, and compliance with privacy regulations including GDPR. The presence of OneTrust cookie consent and comprehensive privacy and terms of service pages further reinforce its commitment to user privacy and regulatory compliance. Security posture is strong with HTTPS enforcement, security headers, and fraud protection in payment processing. However, the absence of publicly available WHOIS data introduces a minor trust gap, likely due to privacy protections or registry policies. Overall, the site is professional, secure, and user-friendly, reflecting the stature of a major media enterprise.

Pluto TV is a leading free streaming television service offering over 250 live channels and thousands of on-demand movies and TV shows. Owned by Pluto Inc., a subsidiary of Paramount Global, it targets a broad consumer base seeking free, ad-supported streaming content across multiple platforms including smart TVs, mobile devices, and web browsers. The website demonstrates a mature digital presence with comprehensive content, consistent branding, and extensive platform support. Technically, the site uses modern frameworks such as React and integrates industry-standard analytics and marketing tools like Google Analytics and Facebook Pixel. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the site is professional, trustworthy, and well-optimized for user experience and SEO.

The website hendersoncountync.gov appears to be a government domain likely representing Henderson County, North Carolina. However, the actual website content is inaccessible due to a Cloudflare Web Application Firewall (WAF) block, which prevents any meaningful content or metadata extraction. The domain is registered with get.gov, a registrar commonly used for government domains, and the domain age (since 2016) aligns with a legitimate government entity. The blocking page indicates triggered security rules, possibly due to automated scanning or suspicious request patterns. Without access to the actual site content, no privacy policies, contact information, or business details can be confirmed. Technically, the site is protected by Cloudflare services, including DNS and security layers, which is a positive indicator for security posture but also limits external analysis. No security headers or SSL configuration details are available from the provided data. The lack of visible content and metadata results in a very low AI score, reflecting the inability to assess the site comprehensively. From a security perspective, the presence of Cloudflare WAF is a strength, but the blocking also hinders transparency and external trust evaluation. The domain WHOIS data is privacy protected but consistent with government domain registration practices. Overall, the site appears legitimate but inaccessible for detailed analysis, requiring direct access or cooperation from site administrators for further assessment.

Z

Zipify

zipify.com

46

Zipify is a medium-sized technology company specializing in Shopify apps designed to increase ecommerce revenue through innovative landing page builders and post-purchase upsell solutions. The company is well-positioned in the ecommerce sector, trusted by over 50,000 brands, and leverages a SaaS business model focused on Shopify merchants. Their website reflects a professional and consistent brand image with clear navigation and relevant content targeting ecommerce store owners. Technically, the site is built on WordPress with integrations of modern marketing and analytics tools such as Google Analytics, Hotjar, HubSpot, and Facebook Pixel, indicating a mature digital infrastructure. Security-wise, the website enforces HTTPS, employs standard security headers, and avoids exposing sensitive data, demonstrating a solid security posture. However, explicit security policies and incident response information are not publicly available, which could be improved. Overall, the site is trustworthy and compliant with privacy regulations, though direct contact details like emails or phone numbers are not prominently provided, relying instead on contact forms.

O

OutSystems

outsystems.com

66

OutSystems is a leading enterprise low-code platform provider that integrates AI capabilities to accelerate custom application development. Positioned as a Forrester Wave Leader for 2025, the company targets professional developers and enterprises seeking scalable, intelligent software solutions. Their platform offers full-stack development, pre-built integrations, automated testing, DevOps, and cloud-native architecture, enabling digital transformation with existing teams. Technically, the website demonstrates a mature digital infrastructure with modern frameworks, extensive analytics, and strong mobile optimization. Security posture is robust with HTTPS enforcement, security headers, and privacy-conscious tracking, although explicit incident response and vulnerability disclosure policies are not publicly visible. Overall, the website reflects a professional, trustworthy, and technically advanced organization with a strong market presence in the technology sector.

Etihad Airways operates as a major international airline headquartered in the United Arab Emirates, offering premium passenger flight services globally. The website serves as a comprehensive platform for booking flights, managing reservations, and accessing loyalty programs. The digital infrastructure leverages modern web technologies including React and Adobe Experience Manager, supported by robust analytics and marketing tools such as Google Tag Manager and Facebook Pixel. The site demonstrates strong mobile optimization and accessibility features, ensuring a high-quality user experience. Security posture is solid with HTTPS enforcement, security headers, and cookie consent mechanisms, although explicit security policy and incident response information are not publicly disclosed. The absence of WHOIS data is noted but likely due to privacy or registry policies rather than suspicious activity. Overall, the website reflects a mature digital presence consistent with a large enterprise airline brand.

B

Bstadium

bstadium.es

52

Bstadium.es operates as a specialized online marketplace offering sports and leisure experiences primarily linked to football clubs in Spain. The platform combines ticket sales for football matches, stadium tours, and other related activities such as tourism and gastronomy, targeting sports enthusiasts and tourists interested in unique football-related experiences. The website demonstrates a consistent brand presence with clear navigation and a professional design, supporting a small-sized business model focused on niche e-commerce within the sports sector. Technically, the website employs modern web standards including HTML5, CSS3, JavaScript, and uses libraries such as HTMX and FontAwesome. It is mobile-optimized and includes structured data for SEO enhancement. Performance is moderate with good mobile responsiveness and basic accessibility features. However, some improvements in accessibility and security headers could enhance the technical maturity. From a security perspective, the site enforces HTTPS and uses CSRF tokens in forms, indicating a baseline security posture. No explicit security headers were detected, and no vulnerability disclosures or incident response contacts are published. Privacy compliance is partially addressed through a cookie consent banner, but lacks a visible privacy policy or terms of service, which are critical for GDPR compliance and user trust. Overall, the website presents a moderate risk profile with no critical security issues detected but with room for improvement in privacy compliance and security best practices. Strategic recommendations include publishing comprehensive privacy and security policies, implementing security headers, and enhancing accessibility to improve trust and compliance.

S

Sorare, SAS

sorare.com

70

Sorare, SAS operates a leading fantasy sports platform specializing in blockchain-based digital player cards for football, NBA, and MLB. The company has established a strong market position by combining fantasy sports with digital collectibles, attracting a global audience of sports enthusiasts and gamers. The website is professionally designed, mobile-optimized, and rich in multimedia content, reflecting a mature digital presence. Technically, Sorare employs modern web technologies including React, Segment Analytics, and Cloudflare services, ensuring fast performance and scalability. Security posture is strong with HTTPS enforcement, sandboxed iframe usage, and cookie consent mechanisms, although explicit security policies and incident response contacts are not publicly disclosed. WHOIS data confirms domain legitimacy with a long registration history and consistent registration details. Overall, Sorare demonstrates a robust business and technical foundation with room for improvement in transparency around security policies and vulnerability disclosures.

S

Scientiffic Nutrition

scientifficnutrition.com

49

Scientiffic Nutrition is a Spanish-based e-commerce business specializing in sports nutrition supplements and related products. Established in 2018, the company has positioned itself as a reputable provider within the sports nutrition retail sector, leveraging official partnerships with prominent sports teams to enhance brand credibility. Their website offers a comprehensive product catalog, targeting both professional athletes and fitness enthusiasts. Technically, the site is built on WordPress with WooCommerce, integrating modern plugins and tracking tools such as Google Analytics and Probance, while maintaining GDPR-compliant privacy and cookie policies with active consent mechanisms. Security posture is solid with HTTPS enforced and domain protections in place, though DNSSEC is not enabled and explicit security headers could be improved. Overall, the website demonstrates good design, usability, and trustworthiness, supporting a medium-sized retail operation with a clear market focus.

F

Fontarel

fontarel.es

74

Fontarel is a Spanish brand specializing in natural mineral water with low mineralization. The website serves as a brand promotion platform highlighting the product's origin and qualities. The site targets Spanish-speaking consumers interested in natural mineral water, positioning itself as a niche regional brand. Technically, the website leverages Adobe Experience Manager, Cookiebot for cookie consent, and integrates multiple third-party analytics and advertising services including Google Analytics, Adobe Analytics, and social media pixels. The site is moderately optimized for mobile and SEO, with good content quality and consistent branding. Security posture is moderate with cookie consent implemented but lacking visible security headers and explicit privacy policies. WHOIS data is unavailable due to Red.es restrictions, but the domain appears legitimate with privacy protection likely justified. Overall, the website is professional and functional but could improve transparency and security practices.

Fullmakt.nu is a Swedish website operated by Svenska Försäkringsfabriken, providing services related to power of attorney matters. The site is minimalistic, offering basic information and a contact email for support. The business appears to be a small, niche service provider focused on legal and insurance-related assistance in Sweden. The domain is well-established, registered since 2007, and hosted by a reputable Swedish registrar, Loopia AB. Technically, the website is simple, with no advanced frameworks or CMS detected, and limited optimization for mobile or SEO. Security posture is basic, with no DNSSEC enabled and no security headers present, indicating room for improvement. Privacy and cookie policies are absent, which impacts compliance with GDPR and related regulations. Overall, the site is functional but lacks depth in content, security, and privacy features.

Arqus European University Alliance is a collaborative academic consortium uniting nine European research universities to foster education, research, and cultural exchange. The alliance targets researchers, administrative staff, stakeholders, citizens, and students, offering joint master's programs, research initiatives, and innovation funds. The website reflects a mature digital presence with WordPress CMS, Elementor framework, and integration of modern web technologies such as jQuery, Slick Carousel, and Google Tag Manager. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and vulnerability disclosures are absent. Overall, the site is professional, trustworthy, and well-optimized for SEO and mobile devices.

U

UniversiDATA

universidata.es

57

UniversiDATA is a specialized open data portal focused on the higher education sector in Spain, aggregating datasets from multiple universities to promote transparency and data reuse. The platform offers a catalog of datasets, analytical applications, and news updates, targeting universities, researchers, and data reusers. The website is built on Drupal 7 with modern front-end technologies and integrates Google Analytics with privacy-conscious configurations. Security posture is solid with HTTPS and cookie consent mechanisms, though there is room for improvement in security headers and explicit security policies. Overall, the site is professional, trustworthy, and well-positioned within its niche.

F

Fundación Universidad de Jaén-Empresa

fundacionujaenempresa.es

50

Fundación Universidad de Jaén-Empresa is a private foundation focused on fostering cooperation between the University of Jaén and the socio-economic environment, emphasizing research, innovation, training, entrepreneurship, and employment. The website reflects a regional educational non-profit entity with clear mission and services aimed at students, researchers, and local businesses. Technically, the site uses a traditional jQuery-based stack with common UI libraries and demonstrates good mobile responsiveness and SEO practices. Security posture is solid with HTTPS and form validation, though it lacks advanced security headers and incident response disclosures. Privacy compliance is strong with comprehensive policies and consent mechanisms. Overall, the site is professional, trustworthy, and well-aligned with its business purpose.

C

CRUE

crue.org

61

CRUE (Conferencia de Rectores de las Universidades Españolas) is a prominent non-profit organization representing Spanish universities. The website serves as a central hub for information about the organization’s governance, activities, policies, and events, targeting academic institutions, students, researchers, and education stakeholders in Spain. It offers comprehensive resources including agendas, publications, and institutional representation. The organization holds a leading market position within the Spanish higher education sector. Technically, the website is built on WordPress with a modern plugin ecosystem including GDPR compliance tools, event management, and multimedia integration. The site demonstrates good mobile optimization, accessibility, and SEO practices, supported by structured data and social media integration. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, reflecting compliance with GDPR. While explicit security headers are not fully visible in the HTML, the use of security/privacy plugins and absence of exposed sensitive data indicate a solid security posture. No critical vulnerabilities or suspicious WHOIS patterns were detected, though WHOIS data is privacy protected, which is typical for such organizations. Overall, CRUE’s website is professional, trustworthy, and well-aligned with its mission. Strategic recommendations include enhancing security headers, publishing explicit security policies, and enabling DNSSEC to further strengthen domain security.

A

Aidsfonds – Soa Aids Nederland

soaaids.nl

11

Soa Aids Nederland is a reputable Dutch non-profit organization dedicated to preventing, detecting, and treating HIV and other sexually transmitted infections. The website serves both the general public and healthcare professionals, offering comprehensive information, testing guidance, and professional tools. It is well-positioned in the Dutch healthcare sector with strong partnerships and a clear mission. The digital infrastructure is modern, leveraging Drupal 10 CMS and integrating advanced analytics and user engagement tools while maintaining GDPR compliance through explicit cookie consent mechanisms. Security posture is strong with HTTPS enforcement and secure data handling practices, though some security headers could be explicitly confirmed. Overall, the website demonstrates high professionalism, trustworthiness, and user-centric design.

E

ePayco: Pagos en Línea, Presenciales y Comercio Electrónico en Colombia

epayco.com

57

ePayco is a Colombian payment gateway platform offering a variety of payment solutions including online payments, point-of-sale transactions, subscription management, fraud mitigation, and e-commerce shops. The company targets businesses and merchants in Colombia, providing secure and agile technology to facilitate payments and collections. The website is built on WordPress with Elementor and integrates multiple analytics and tracking tools such as Google Analytics, Facebook Pixel, and TikTok Pixel, indicating a mature digital marketing strategy. Security posture is solid with HTTPS enforced and domain registration locked with multiple EPP status flags, although DNSSEC is not enabled and no explicit security or privacy policies are published. The domain is well-established since 2009, consistent with the company's market presence. Overall, the website is professional, well-branded, and technically sound but lacks some compliance documentation and explicit security disclosures.

C

CRMInbox

crminbox.io

60

CRMInbox is a Mexico-based technology company founded in 2023, specializing in WhatsApp CRM solutions including multi-agent management, mass messaging, and chatbot integration for ISPs. The website is professionally designed with clear navigation, detailed pricing, and FAQ sections targeting businesses seeking efficient WhatsApp communication tools. Technically, the site uses modern frameworks like Bootstrap and jQuery, integrates Google Tag Manager and Smartsupp live chat, and is hosted with Cloudflare DNS and registrar services. Security posture is moderate with HTTPS enabled but lacks advanced security headers and cookie consent mechanisms. Privacy policies and terms of service are present but GDPR compliance is limited. Overall, the site demonstrates a credible business presence with room for improvement in security and privacy compliance.

S

SIA Transact Pro

transactpro.eu

63

SIA Transact Pro is a licensed electronic money institution based in Latvia, operating since 2004. It provides comprehensive payment services including card issuing, payment processing, and gateway services primarily targeting corporate clients and merchants. The company is a principal member of major payment networks such as Visa and Mastercard and is affiliated with Transact Bank N.A. The website reflects a mature business with clear service offerings and regulatory compliance. Technically, the site uses modern analytics and security tools, including Google Tag Manager, Google Analytics, and reCAPTCHA, and enforces HTTPS with PCI DSS Level 1 compliance. However, it lacks publicly available privacy and security policies, incident response contacts, and vulnerability disclosure mechanisms, which are important for transparency and trust in the financial sector. Overall, the website is professional, secure, and trustworthy, with room for improvement in privacy compliance and security communication.