Security Directory

Panthera AB is a Swedish manufacturer specializing in lightweight wheelchairs and related mobility products. The company operates a website primarily in Swedish with an option for English, showcasing their product range, news, and company information. Panthera AB is a subsidiary of Permobil, a recognized name in the mobility industry, which adds credibility and trust to their brand. The website includes a webshop link and social media presence on Facebook, YouTube, and Vimeo, indicating active engagement with customers and stakeholders. Technically, the website uses a combination of older and modern web technologies including jQuery 3.2.1, Google Analytics, Facebook Pixel, and various JavaScript libraries for UI elements like sliders and menus. However, the site lacks HTTPS enforcement and modern security headers, which are critical for protecting user data and ensuring secure communications. The site also does not provide visible privacy or cookie policies, which is a compliance risk under GDPR regulations. From a security perspective, the absence of HTTPS and security headers, combined with the use of third-party tracking scripts without a consent mechanism, exposes the site to potential privacy and security vulnerabilities. There is no evidence of an incident response policy or vulnerability disclosure program. The WHOIS data aligns well with the website content, showing consistent registration information and no privacy protection, which supports the legitimacy of the domain. Overall, Panthera AB's website is functional and professionally designed but requires significant improvements in security and privacy compliance to meet modern standards and regulatory requirements. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and cookie policies, and reviewing third-party scripts for compliance and security risks.

C

Cognizant Technology Solutions Corp

cognizant.com

68

Cognizant Technology Solutions Corp is a large, established enterprise specializing in technology services and consulting, with a strong focus on AI, digital transformation, cloud, and industry-specific solutions. The company serves a broad range of sectors including healthcare, finance, manufacturing, retail, and more. Their website demonstrates a mature digital infrastructure leveraging Adobe Experience Manager, Adobe Analytics, and other modern technologies, ensuring a professional and user-friendly experience. Security measures such as reCAPTCHA and OneTrust cookie consent are implemented, reflecting a good security posture. Overall, the site is well-structured, compliant with privacy regulations, and presents a trustworthy and authoritative business presence.

A

ASML

asml.com

64

ASML is a leading global supplier to the semiconductor industry, specializing in lithography systems that enable chipmakers to produce smaller, faster, and more energy-efficient microchips. The company holds a strong market position as an essential technology provider with a comprehensive product portfolio including EUV and DUV lithography systems, metrology, inspection, and computational lithography solutions. The website targets semiconductor professionals, investors, and potential employees, reflecting a mature and enterprise-scale business model. Technically, the website is built on modern frameworks such as Next.js and React, integrated with Adobe Dynamic Tag Management and OneTrust for privacy compliance. The use of Sitecore CMS indicates a robust content management infrastructure. The site demonstrates excellent performance, mobile optimization, accessibility, and SEO practices, supporting a high-quality user experience. From a security perspective, the site enforces HTTPS, employs cookie consent mechanisms, and avoids exposing sensitive data. While explicit security policies and incident response contacts are not found, the overall security posture is strong with no visible vulnerabilities. Privacy compliance is well addressed with comprehensive privacy and cookie policies and GDPR adherence. Overall, ASML's website reflects a professional, trustworthy, and well-maintained digital presence aligned with its industry leadership. Strategic recommendations include publishing explicit security policies, incident response information, and vulnerability disclosure details to further enhance trust and compliance.

T

Tower Insurance

tower.co.nz

55

Tower Insurance is a well-established New Zealand-based insurance provider offering a broad range of insurance products including car, house, contents, boat, pet, travel, and business insurance. The company holds a strong market position supported by industry awards such as Canstar's Insurer of the Year and a robust financial strength rating. Their website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content tailored to New Zealand residents. Technically, the site is built on WordPress with modern frameworks and performance optimizations, leveraging tools like Google Tag Manager and WP Rocket. Security posture is strong with HTTPS enforced and use of sanitization libraries, though some security headers could be improved. Privacy compliance is good with clear privacy and terms policies, though a cookie consent mechanism is not evident. Overall, the website reflects a credible and trustworthy business with a mature digital presence.

A

Annexio Limited

annexio.com

45

Annexio Limited operates as a licensed and regulated online lottery betting provider with a strong market presence in the UK and globally through its brands LottoGo.com and Affiliate Empire. The company offers a secure multilevel B2C/B2B platform for lottery betting and instant win games, targeting lottery players worldwide. The website is built on Squarespace, leveraging modern web technologies and optimized for mobile users, though some SEO and accessibility improvements are possible. Security posture is solid with HTTPS enforcement and no exposed sensitive data, but could benefit from enhanced security headers and formal privacy and cookie policies. Overall, Annexio demonstrates a credible and professional online presence consistent with its regulated business model.

MOPO Tigers Live is a local media website dedicated to providing live streaming and coverage of sports events in the Mobridge area. The platform serves local sports fans and community members by offering live broadcasts, sports news, and advertising opportunities for local businesses. The business model relies primarily on advertising revenue from local sponsors and partners. The website's market position is that of a niche local sports media outlet with a focus on community engagement. Technically, the website uses a combination of embedded video players from YouTube, Vimeo, and Restream, along with jQuery and Facebook SDK for social integration. The site loads multiple external scripts and resources from various domains, which may introduce security risks if not properly managed. The design and user experience are basic, with moderate mobile optimization and limited SEO features. From a security perspective, the site lacks visible security headers such as Content Security Policy or X-Frame-Options, and there is no evidence of privacy or cookie policies, which raises compliance concerns. No contact information or incident response channels are provided, limiting transparency and trust. The site does use HTTPS, but the SSL configuration details are unknown. Overall, the security posture is basic and could be improved significantly. The overall risk assessment indicates a functional but basic website with moderate business credibility but lacking in privacy compliance and security best practices. Strategic recommendations include implementing privacy and cookie policies, enhancing security headers, auditing third-party scripts, and improving contact transparency to build trust and compliance.

V

Valsts kanceleja

trauksmescelejs.lv

67

Trauksmescelejs. lv is an official Latvian government-supported platform focused on whistleblowing, providing citizens with information, guidelines, and mechanisms to report misconduct in public and private sectors.

Four Seasons Hotels and Resorts is a globally recognized luxury hospitality company offering premium hotel accommodations, private residences, villa rentals, private jet experiences, and yacht voyages. The website reflects a strong market position with a comprehensive portfolio of properties worldwide, targeting affluent travelers and business clients. The digital infrastructure is modern, leveraging React, Adobe Experience Manager, and various analytics and marketing tools, ensuring a fast, accessible, and SEO-optimized user experience. Security practices are robust, with HTTPS enforced, consent management via OneTrust, and integration of Google reCAPTCHA for form protection. No critical vulnerabilities or WAF blocks were detected, indicating a mature security posture. Overall, the site demonstrates high professionalism, compliance, and trustworthiness.

N

Nefab

nefab.com

60

Nefab is a global leader in industrial packaging, logistics, and digital services, focusing on optimizing supply chains to reduce costs and environmental impact. The company serves diverse industries including energy, telecommunications, healthcare, and manufacturing, with a presence in over 38 countries. Their website reflects a mature digital presence with multilingual support and comprehensive content highlighting sustainability and innovation. Technically, the site employs modern JavaScript libraries, cookie consent management, and marketing automation tools, indicating a well-maintained infrastructure. Security posture is strong with HTTPS enforcement and standard security practices, though some security headers could be enhanced. Privacy compliance is robust, featuring detailed cookie policies and consent mechanisms. Overall, the website projects professionalism and trustworthiness, supporting Nefab's market position as a resource-saving packaging and logistics provider.

X

Xeikon

xeikon.com

20

Xeikon is a well-established manufacturer and provider of digital printing technology, specializing in high-quality dry toner and UV inkjet solutions. With over 30 years of experience and a strong market position as a pioneer in digital printing systems, Xeikon serves a B2B audience primarily in the manufacturing and packaging sectors. The company is a division of Flint Group, which adds corporate credibility and resources. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site employs modern frameworks and libraries such as Bootstrap, Livewire, and Font Awesome, ensuring good performance and mobile optimization. Security measures include HTTPS enforcement and cookie consent mechanisms, though some security headers like Content-Security-Policy could be enhanced. No critical vulnerabilities or WAF blocks were detected, indicating a solid security posture. Overall, Xeikon's online presence is professional, trustworthy, and compliant with privacy regulations, supporting its business credibility and customer engagement.

Nissan Motor Corporation operates a comprehensive global website that serves as a central hub for corporate information, sustainability initiatives, investor relations, innovation, and career opportunities. The company is a major player in the transportation industry with a strong global brand and a focus on sustainable mobility and advanced automotive technologies. The website targets a broad audience including consumers, investors, partners, and potential employees. Technically, the site employs a modern technology stack including jQuery, Swiper.js, Google Tag Manager, and OneTrust for cookie consent, indicating a mature digital infrastructure. The site is mobile optimized and well-structured for user experience and SEO. Security posture is strong with HTTPS enforced and use of standard security best practices, although explicit security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site reflects a high level of professionalism and trustworthiness consistent with a large multinational corporation.

P

Primagaz

primagaz.fr

40

Primagaz is a well-established French energy supplier specializing in propane, butane, GPL, and biopropane gas products and services. Founded in 1938, the company targets both residential and professional customers, including those in remote areas not connected to natural gas networks. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Marketing and analytics tools such as Google Tag Manager, Visual Website Optimizer, and Cludo search are integrated, indicating a focus on user experience and conversion optimization. Privacy and cookie policies are present and GDPR compliant, enhancing trust. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and comply with modern web standards.

STADA is a leading German pharmaceutical company specializing in high-quality medicines, including consumer healthcare products, generics, and specialty pharmaceuticals. The company holds a strong market position as the fourth largest consumer healthcare company in Europe and is recognized as a Top Employer in Germany. Their website reflects a professional and comprehensive digital presence targeting consumers, healthcare professionals, and partners. Technically, the site uses modern JavaScript libraries, consent management tools, and is built on the Umbraco CMS platform. However, the website suffers from a critical security issue: the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines user trust and security. Performance is also suboptimal with slow load times and a large page size. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is high with detailed contact information and consistent WHOIS data. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to protect users and maintain trust.

W

Worthington Enterprises

worthingtonindustries.com

38

Worthington Enterprises is a publicly traded enterprise specializing in the acquisition, design, and manufacturing of innovative building and consumer products, as well as sustainable energy solutions. The company recently separated from Worthington Steel, forming two independent entities focused on differentiated growth strategies. The website reflects a professional corporate presence with clear branding and investor relations information. Technically, the site uses modern JavaScript libraries and Google Tag Manager for analytics but suffers from a critical lack of valid SSL/TLS configuration, exposing users to security risks. Privacy and cookie policies are well implemented, supporting GDPR compliance. Overall, the site is content-rich and professionally maintained but requires urgent security improvements to protect visitors and maintain trust.

G

GS1 Austria

gs1.at

40

GS1 Austria is a well-established non-profit organization serving as the official barcode and GTIN issuing authority in Austria. It provides a comprehensive suite of GS1 standards and services to businesses across multiple sectors including retail, manufacturing, transportation, and government. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding supported by major corporate clients. Technically, the site is built on Drupal 10 with modern JavaScript libraries and integrates Google analytics and marketing tools, but suffers from a critical lack of HTTPS support due to an invalid or missing SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Contact information is primarily via contact forms, with no direct emails or phone numbers publicly listed. Overall, the site is professional and trustworthy but urgently needs to address its SSL/TLS configuration to improve security and user trust.

Acer Inc is a global technology company specializing in the manufacturing and retail of computing devices including laptops, desktops, Chromebooks, monitors, and projectors. The website targets both consumer and business audiences primarily in Finland but also globally, offering a comprehensive product catalog and support services. The company maintains a strong market position with consistent branding and a professional online presence. Technically, the site uses ASP.NET MVC framework, jQuery, and integrates multiple third-party analytics and marketing tools such as Google Tag Manager and Visual Website Optimizer. Hosting is via Amazon AWS with Akamai CDN for content delivery. Security posture shows presence of key security headers and secure cookies; however, the SSL certificate is invalid or missing and no TLS protocols are enabled, which is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the site is professional and trustworthy but requires urgent SSL remediation to improve security and trust.

The BBRZ GRUPPE is a well-established Austrian non-profit organization specializing in education, employment, and vocational integration services. With origins dating back to 1960 and 1975, it holds a significant market position in Austria's social and educational sectors. The website reflects a professional and comprehensive presentation of their services, partnerships, and mission, targeting individuals requiring vocational rehabilitation and integration as well as institutional partners. Technically, the site is built on TYPO3 CMS with modern frontend technologies, offering good mobile optimization and accessibility. However, the absence of HTTPS and critical security headers severely undermines the security posture. Privacy compliance is partially met with a privacy policy present but lacks cookie consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements.

S

Sysdig

sysdig.com

40

Sysdig is a leading enterprise cloud security company specializing in runtime insights and cloud-native application protection. Their platform offers comprehensive solutions including vulnerability management, cloud detection and response, and permissions management, targeting organizations operating in multi-cloud and containerized environments. The company is recognized as a leader in the CNAPP market with multiple industry awards and a strong customer base. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates various marketing and analytics tools. However, the SSL configuration is currently invalid or missing, which is a critical security concern. The site lacks some advanced security headers and DNS security features such as DNSSEC and DMARC. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Overall, Sysdig demonstrates strong business credibility and technical maturity but should urgently address SSL and DNS security to improve its security posture and trustworthiness.

E

EU4Business Facility

eu4business.eu

40

EU4Business is a European Union umbrella initiative aimed at supporting small and medium enterprises (SMEs) in the Eastern Partnership countries including Armenia, Azerbaijan, Georgia, Moldova, and Ukraine. The initiative focuses on improving access to finance, providing business development services, and enhancing the business enabling environment. The website serves as an information portal showcasing projects, results, success stories, and reports related to EU support for SMEs in the region. Technically, the website uses modern web technologies including htmx, Google reCAPTCHA v3, and Google Tag Manager for analytics and spam protection. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page, though terms of service and security policies are not explicitly found. Overall, the website is professionally designed with consistent branding and clear navigation but requires urgent security improvements to protect user data and enhance trust.

O

Onninen Oy

onninen.fi

40

Onninen Oy is a leading Finnish technical wholesaler specializing in HVAC, electrical, refrigeration, and energy products. The company serves professional customers through a comprehensive e-commerce platform and a nationwide network of Express stores. Onninen emphasizes energy efficiency and sustainability, offering a broad range of products including solar panels, heat pumps, and smart home solutions. Their digital maturity is evident with integrated services such as mobile apps, procurement system interfaces, and extensive product information. Security posture is strong with HTTPS, HSTS, CSP, and secure cookie practices. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Onninen presents a professional, trustworthy, and well-structured platform supporting its business operations and customer engagement.

A

Agence de Développement et d'Innovation Nouvelle-Aquitaine

accel-na.fr

40

Accel-NA is a regional business accelerator focused on supporting small and medium enterprises (PME) and intermediate-sized enterprises (ETI) primarily in the Nouvelle-Aquitaine and Charente regions of France. The website presents multiple acceleration programs tailored to companies of varying sizes and revenue thresholds, offering structured support, seminars, and workshops to foster business growth. The site includes testimonials, news updates, and partner references, indicating an active engagement with its target audience. Technically, the website is built on WordPress using the Avada theme and Fusion Builder, integrating common web technologies such as jQuery, YouTube embeds, and Matomo analytics. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of modern TLS protocols, resulting in insecure HTTP connections. Security headers and email authentication records are also missing or incomplete, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanism or explicit GDPR indicators. Overall, the website is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

L

LittleBig Connection

littlebigconnection.com

68

LittleBig Connection is a technology-focused collaborative platform that connects large companies with freelancers and consulting firms specializing in technology and engineering. It operates a global marketplace and management platform with a presence in 50 countries and a community of 500,000 experts. The company is part of the Mantu group and emphasizes long-term, high-impact projects. Technically, the website is built on WordPress with modern JavaScript libraries and animation frameworks, delivering a good user experience and mobile optimization. Security posture is strong with HTTPS, robust security headers, and certifications including ISO 27001 and ISO 9001. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with good SEO, trust indicators, and extensive analytics usage.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

40

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

M

Mondoni Press

mondonipress.com.br

48

Mondoni Press is a Brazilian PR and communication agency specializing in press advisory, institutional communication, digital marketing, and content creation. The company positions itself as a trusted partner for businesses seeking to enhance their credibility, media presence, and visibility. It has received recognition such as the PR Agency of the Year award in South America (Prestige Awards 2023/24) and serves a diverse client base across various sectors. Technically, the website is built on WordPress with a range of popular plugins and marketing tools, including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing infrastructure. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and data security. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages were found, which may pose compliance risks. Overall, the company demonstrates good branding and content quality but should urgently address security and compliance gaps to maintain trust and regulatory adherence.

B

BCN Brand Community Network GmbH

bcn.group

64

BCN Brand Community Network GmbH operates a crossmedia marketing network primarily serving brands and advertisers in Germany. The company offers a broad portfolio of print, digital, and event marketing services, leveraging a strong brand portfolio and advanced targeting technologies such as the BCN Smart Stack. Their market position is solid within the German media sector, focusing on quality reach and integrated campaign solutions. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates Google Tag Manager for analytics and tracking. Security measures include SPF and DMARC for email protection and TLS 1.2 with strong cipher suites for HTTPS, though improvements like enabling TLS 1.3 and HSTS are recommended. The site demonstrates good GDPR compliance with a consent management platform and clear privacy policies. Overall, BCN shows a mature digital presence with good content quality and user experience, but could enhance security posture and transparency further.

オ

オカネノホンネ｜保険・金融メディア

okanenohonne.com

61

オカネノホンネ is a Japanese online media platform specializing in insurance, finance, investment, loans, and life planning content. It targets Japanese individuals seeking clear and honest financial information. The site is powered by WordPress and uses common SEO and UI plugins to enhance user experience and search visibility. The technical infrastructure includes nginx web server, jQuery, Slick Carousel, and YouTube API integrations. Hosting is provided by Xserver, a Japanese hosting provider. Security posture shows a valid SSL certificate but lacks modern TLS protocol support and advanced security headers. No cookie consent or detailed privacy compliance mechanisms are present, though a basic privacy policy is linked on the parent company’s domain. Advertising and analytics are managed via Google Adsense and Google Analytics respectively.

R

Risk Associates

riskassociates.com

65

Risk Associates is a globally recognized cybersecurity and compliance firm, accredited as a UKAS certification body and approved PCI SSC Qualified Security Assessor. With over 20 years of experience, the company offers a broad range of services including PCI compliance, ISO/IEC certifications, regulatory compliance, security testing, data protection, and professional training. Their market position is strong, serving diverse sectors such as banking, finance, healthcare, government, and technology across multiple continents. Technically, the website is built on WordPress with modern performance and SEO optimizations, hosted on a DigitalOcean IP with LiteSpeed server technology. Security posture is solid with valid SSL certificates and no major vulnerabilities detected, though TLS protocols are not properly enabled and HSTS is absent, indicating room for improvement. Overall, Risk Associates demonstrates a mature digital presence with strong trust indicators and comprehensive service offerings.

C

Cognia, Inc.

cognia.org

59

The website currently exhibits significant security and compliance gaps that could expose the business to data breaches, regulatory penalties, and reputational damage. There are no critical vulnerabilities, but multiple high-severity issues exist, particularly around missing security headers, GDPR compliance, and foundational information security controls aligned with NIS2 requirements. Key deficiencies include missing privacy and cookie policies, lack of incident response and security governance documentation, and imminent SSL certificate expiration. While the network security posture and DNS health are generally strong, weaknesses in SSL/TLS configuration and email authentication present risks. The low scores in security headers, GDPR, and NIS2 modules highlight urgent areas needing attention to protect customer data and maintain regulatory compliance. Overall, the business risks non-compliance fines and increased exposure to cyberattacks without swift remediation. Addressing these gaps will improve trust with customers and partners while reducing operational risks.

S

Seismic

seismic.com

75

The website demonstrates a generally solid security foundation with no critical vulnerabilities detected, and strong performance in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, notably GDPR and NIS2 regulations, with multiple high-severity issues such as missing cookie policies, lack of incident response procedures, and absence of security framework documentation. These deficiencies expose the business to regulatory risks, potential legal penalties, and reputational damage. Security headers are not fully optimized, leaving the site vulnerable to clickjacking and some cross-site scripting risks. While SSL/TLS configurations are largely robust, upcoming certificate expiry and incomplete HSTS settings require attention to maintain trust and secure communications. Overall, the organization should prioritize establishing comprehensive security policies and compliance measures to mitigate operational and regulatory risks effectively.

JobAdder's website exhibits a concerning security posture with multiple high and medium severity issues, particularly in GDPR compliance, information security governance, and SSL/TLS configurations. While network security and some email/DNS controls are strong, critical gaps in privacy policies, security frameworks, and header protections expose the business to regulatory, reputational, and operational risks.