Security Directory

ISIS Papyrus Europe AG operates a comprehensive digital Customer Communication and Process Platform targeting large enterprises globally, especially in banking, insurance, and telecommunications sectors. The company offers a broad suite of software solutions including CCM, ECM, Intelligent Document Processing, Adaptive Case Management, and Omni-Channel communication platforms. The website reflects a mature, enterprise-grade business with strong market positioning, evidenced by partnerships with IBM and recognition from Gartner Peer Insights. Technically, the website employs a modern tech stack with Bootstrap, jQuery, and various multimedia integrations, but suffers from a critical lack of HTTPS due to an invalid or missing SSL certificate, severely impacting security posture. Security headers are present but insufficient without proper SSL/TLS. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism despite tracking scripts. Overall, the site is professionally designed and content-rich, but the lack of HTTPS is a major risk that must be addressed urgently.

P

PXP Financial

kalixa.com

40

PXP Financial operates a sophisticated unified commerce platform that integrates payment processing, acquiring, cross-border payments, and growth tools for a diverse range of industries including retail, hospitality, gaming, and travel. The company leverages a cloud-native, microservices-based architecture enhanced by AI to deliver scalable, reliable, and innovative payment solutions globally. Their platform emphasizes intelligent payment routing, real-time business intelligence, and self-service capabilities, positioning them as a modern leader in the payments technology sector. The website reflects a mature, professional business with strong branding and comprehensive service offerings.

S

seso media group gmbh

seso.at

28

SESO media group gmbh is a well-established Austrian digital agency specializing in consulting, creative services, and digital development. The company targets businesses seeking to enhance their digital presence and user experience, positioning itself as a partner for digital transformation in the Economy of Experiences. Their client portfolio includes notable brands such as A1 Telekom Austria, Jägermeister, Red Bull, and AbbVie, indicating a strong market presence in Austria and Switzerland. The website content is professionally crafted, with clear messaging and consistent branding that supports their market positioning. Technically, the website is built on WordPress with a modern frontend stack including Bootstrap, jQuery, GSAP, and AOS for animations. The site is mobile-optimized and SEO-friendly, leveraging Yoast SEO plugin and structured data for enhanced search visibility. Hosting appears to be managed via GlobeDom DNS services, and email protection is handled through Microsoft Outlook's mail protection services. However, performance metrics are unavailable, and accessibility is basic but functional. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability. Although several security headers are implemented, the absence of HTTPS severely undermines the overall security posture. No vulnerability disclosure or incident response policies are publicly available. Privacy and cookie policies are present and appear GDPR compliant, with a consent mechanism implemented. Contact information is comprehensive, including email, phone, physical address, and a detailed contact form. Overall, while SESO demonstrates strong business credibility and digital maturity, the lack of HTTPS is a significant risk that must be addressed immediately to protect user data and maintain trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations. The website otherwise reflects a professional and trustworthy digital agency with a solid market position.

V

Van Wagner

vanwagner.com

37

Van Wagner is a prominent full-service sports advertising and entertainment agency specializing in creating, connecting, and selling on behalf of world-class sports leagues, teams, colleges, and brands. The company offers a broad range of services including TV-visible signage, event production, college marketing, aerial advertising, and broadcast control center solutions. Their market position is strong, supported by partnerships with major sports leagues and Fortune 500 companies. The website reflects a mature digital presence with professional design, rich content, and effective SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. The site leverages modern web technologies and is hosted on a reputable platform, but performance could be improved. Overall, the business demonstrates credibility and professionalism but must address fundamental security issues to enhance trust and protect visitors.

K

Kelly Services Inc.

kellyconnect.com

52

KellyConnect is a business-to-business service provider specializing in contact center workforce and outsourcing solutions. The company operates as a subsidiary of Kelly Services Inc., a well-established enterprise founded in 1946 in the United States. KellyConnect offers tailored contact center optimization, managed services, and outsourcing solutions to enhance customer experience and operational efficiency for its clients. The website is professionally designed, targeting businesses seeking contact center services, and demonstrates consistent branding and good content quality. Technically, the site is built on the HubSpot CMS platform and integrates various marketing and analytics tools such as Google Analytics, Cookiebot, and Cheq for bot protection. However, the website suffers from a critical security issue: it lacks a valid SSL certificate and does not serve content over HTTPS, which significantly undermines its security posture. Other security best practices such as HTTP security headers and modern TLS protocols are also absent. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including GDPR-compliant consent mechanisms. Contact information is primarily available through contact forms, with no explicit emails or phone numbers found in the HTML content. Overall, while the business and content aspects are strong, the lack of HTTPS is a major risk that should be urgently addressed to protect user data and maintain trust.

T

Teachers On Call, a Kelly Education company

teachersoncall.com

69

Teachers On Call, a division of Kelly Education and Kelly Services, operates as a leading staffing service specializing in providing licensed teachers, paraeducators, tutors, and early childhood education staff to over 150 school districts and 450 education centers primarily in the US Midwest and Northwest. The company has a mature online presence with a professionally designed website built on the HubSpot CMS platform, featuring comprehensive content and clear navigation tailored to both job seekers and school clients. The technical infrastructure leverages modern web technologies and integrates extensive marketing and analytics tools, ensuring robust user tracking and data collection with GDPR-compliant consent mechanisms. Security posture is strong with HTTPS, DMARC enforcement, and domain protection, though improvements such as enabling HSTS and DNSSEC could enhance resilience. Overall, the website reflects a trustworthy and credible business with a clear market position in the education staffing sector.

K

Kelly Education

kellyeducation.com

68

Kelly Education is a well-established education staffing and workforce solutions provider operating primarily in the United States. The company serves over 10,000 schools and 1,000+ districts, offering a broad range of staffing services including substitute teaching, special education, tutoring, and HR administration. The website reflects a mature and professional business with consistent branding and a strong market position as a leader in education staffing. Technically, the site is built on HubSpot CMS, uses modern web technologies, and is hosted behind Cloudflare, ensuring good performance and security. Security posture is strong with HTTPS, proper security headers, and SPF/DMARC email protections, though some improvements like HSTS preload and certificate transparency compliance are recommended. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is trustworthy, user-friendly, and aligned with the company's business objectives.

K

KellyOCG

kellyocg.com

54

KellyOCG is a well-established enterprise workforce solutions provider with over 75 years of industry experience, serving primarily Fortune 100 companies and large global enterprises. Their service offerings include managed service provider solutions, recruitment process outsourcing, payroll outsourcing, and talent consulting. The website is built on HubSpot CMS and integrates multiple marketing, analytics, and advertising technologies, reflecting a mature digital marketing strategy. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security weaknesses that expose users to risks and reduce trust. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and a detailed privacy policy, supporting GDPR compliance. Overall, the website demonstrates strong business credibility and content quality but requires urgent security improvements to meet enterprise-grade standards.

O

OK Compliance s.r.l.

okcompliance.it

32

OK Compliance s.r.l. is a small Italian startup and benefit company specializing in sustainable compliance solutions tailored for SMEs and larger enterprises, focusing on HR legal updates, whistleblowing outsourcing, and GDPR compliance packs. The company leverages technology and legal expertise to provide effective and convenient compliance services primarily targeting businesses in Northeast Italy. The website reflects a professional and consistent brand image with clear service offerings and relevant content for its audience. Technically, the website runs on PHP 7.3.33 with nginx and Plesk hosting, using modern JavaScript libraries such as animejs and slim-select for UI enhancements. DNS is managed via Cloudflare, and SPF records are correctly configured. However, the site lacks HTTPS support, which is a critical security deficiency. Performance data is missing, but the site shows basic mobile optimization and accessibility features. From a security perspective, the absence of a valid SSL/TLS certificate and HTTPS support severely impacts the security posture, exposing users to risks. No advanced security headers or incident response information is present. Privacy compliance is well addressed with comprehensive privacy and terms documents, though no cookie consent mechanism is implemented. Contact information is clearly provided, enhancing business credibility. Overall, the website scores moderately due to strong content and business clarity but is critically impacted by missing HTTPS. Strategic improvements in security infrastructure and privacy mechanisms are recommended to enhance trust and compliance.

Network & Knowledge is a professional services firm based in Brescia, Italy, specializing in accounting, legal, and business consultancy services. Established in 2000, the company has grown to a medium-sized firm with over 70 professionals across 7 offices serving more than 1,200 clients. Their service portfolio includes traditional accounting, legal consultancy, labor consultancy, and specialized training through their Academy. The website reflects a mature and professional business with consistent branding and comprehensive service descriptions targeting businesses in the Brescia province. Technically, the site uses Joomla CMS with modern frontend libraries and frameworks, but lacks HTTPS support, which is a critical security gap. Security headers are present but the absence of SSL/TLS significantly reduces the security posture. Privacy and cookie policies are implemented with GDPR compliance. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

T

The E.W. Scripps Company

spellingbee.com

64

The Scripps National Spelling Bee website represents a well-established educational competition with a rich history dating back to 1925. The site serves a diverse audience including students, educators, and regional partners by providing competition details, finalist information, historical content, and opportunities for engagement and donations. The business operates under the umbrella of The E.W. Scripps Company, a reputable media organization, reinforcing its credibility and market position in the education sector. Technically, the website is built on Drupal 10 and leverages modern web technologies such as Alpine.js, Google Tag Manager, and CDN-hosted assets to enhance user experience and performance. The site is mobile-optimized and features good SEO and accessibility practices, although some accessibility features could be improved. Hosting is via Amazon AWS CloudFront, ensuring reliable content delivery. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability that significantly lowers its security posture. While some security headers are present, the Content Security Policy is permissive, and no advanced SSL features like OCSP stapling or session resumption are enabled. Privacy compliance is reasonably addressed with a comprehensive privacy policy and cookie consent mechanisms, but no explicit incident response or vulnerability disclosure information is available. Overall, the website is professional and trustworthy in content and business credibility but requires urgent improvements in SSL/TLS configuration to protect user data and enhance trust. Strategic security enhancements and transparency in incident response would further strengthen its risk profile.

WithSecure is a well-established cybersecurity company founded in 1988, headquartered in Finland, offering advanced B2B cybersecurity solutions focused on protecting businesses from evolving digital threats. The company holds a strong market position in Europe with a comprehensive portfolio including XDR, Exposure Management, and Co-Security services, supported by multiple industry awards and certifications. Their website demonstrates a high level of digital maturity, leveraging modern technologies such as Adobe Experience Manager, Google Tag Manager, and advanced analytics tools, ensuring fast performance and excellent user experience across devices. Security posture is robust with valid EV SSL certificates, strong security headers, and a clear commitment to privacy and GDPR compliance. Overall, WithSecure presents a trustworthy and professional online presence with comprehensive business and support information, making it a reliable partner in cybersecurity.

B

Benefitfocus.com, Inc.

benefitfocus.com

64

Benefitfocus.com, Inc. is an enterprise-level technology company specializing in benefits management solutions for employers, health plans, and related partners. Their platform simplifies benefits administration, billing, compliance, data analytics, and employee engagement, positioning them as a trusted provider in the benefits ecosystem. The website is professionally designed, content-rich, and targets B2B audiences including employers and health plans. Technically, the site runs on Drupal 10 and integrates multiple marketing and analytics tools such as Marketo, Google Tag Manager, and LinkedIn Insight. However, the security posture is weakened by an invalid or missing SSL certificate and lack of modern TLS protocol support, despite strong HSTS policies. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates strong business credibility and digital maturity but requires urgent SSL and TLS remediation to improve security and trust.

B

Bildungswerk der Sächsischen Wirtschaft

bsw-sachsen.de

40

Bildungswerk der Sächsischen Wirtschaft is a well-established educational organization focused on vocational training and professional development in the Saxony region of Germany. With over 30 years of experience and multiple subsidiaries, it offers a broad portfolio of services including further education, training seminars, and integration courses. The organization targets companies, employees, job seekers, and schools, positioning itself as a key regional player in workforce qualification and development. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and includes SEO-friendly structured data and social media integration. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, resulting in an insecure connection and lack of HTTPS enforcement. Other security best practices such as security headers, DNSSEC, and DMARC are also missing. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and cookie policies. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

A

AKZONOBEL LTDA.

coralmatiz.com.br

46

Coral Matiz is a Brazilian loyalty and professional engagement platform operated by AKZONOBEL LTDA., targeting architects, interior designers, and landscapers. The platform offers curated content, professional tools, and a points-based rewards program to enhance user engagement and brand loyalty. The website is well-branded and content-rich, with clear navigation and a focus on professional users and students in the design sector. Technically, the site uses a modern front-end stack including Bootstrap, jQuery, and integrates Google Analytics and Tag Manager for tracking. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to risks when submitting sensitive personal data. Privacy and cookie policies are comprehensive and GDPR/LGPD compliant, with consent mechanisms implemented. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and comply with best practices.

R

Red Eléctrica

ree.es

40

Red Eléctrica is the Spanish Transmission System Operator (TSO) responsible for the operation, development, and maintenance of the national electricity grid. The company plays a critical role in ensuring the quality and security of electricity supply across Spain and supports the country's ecological transition by integrating renewable energy sources and developing infrastructure projects. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design, targeting energy sector stakeholders and the general public interested in electricity data and sustainability. Technically, the site is built on Drupal 10 with modern front-end libraries and uses Akamai and Imperva for DNS and CDN services. However, a critical security shortcoming is the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is strong, supported by consistent branding, corporate governance links, and trust signals. Overall, the site scores well in content and business credibility but requires urgent improvements in SSL/TLS security to enhance trust and protect users.

D

DIN Solutions GmbH

dinsolutions.de

40

DIN Solutions GmbH is a medium-sized technology company operating within the DIN group, specializing in the development and operation of software, platforms, and databases for norming and standardization. The company serves DIN, DIN Media, and their customers and partners by delivering tailored technical solutions and engaging in innovative research and development, including artificial intelligence applications. Their market position is strong within the German norming ecosystem, supported by ISO 9001 certification and partnerships with recognized entities such as TÜV Rheinland. Technically, the website employs modern technologies including MarkLogic NoSQL database, X-Swift framework, and Swift programming language for transformation processes. The site is well-designed, mobile-optimized, and uses etracker for analytics. Performance is moderate with a page load time of about 3 seconds. However, the SSL certificate is nearing expiration, and security headers are minimal, indicating room for improvement in security hardening. Security posture is adequate with HTTPS, SPF, and DMARC configured, but lacks HSTS, DNSSEC, and advanced security headers. No vulnerabilities or malware were detected, but urgent SSL renewal is needed to maintain trust and secure communications. Privacy compliance is good with a comprehensive privacy policy and GDPR adherence, though no cookie consent mechanism was found. Overall, the website is professional and trustworthy with strong business credibility. Strategic recommendations include immediate SSL renewal, enhancing security headers, implementing DNSSEC and CAA, and adding cookie consent mechanisms to improve privacy compliance and security posture.

A

Atria Design & Inovação

studioatria.com.br

47

Atria Design & Inovação is a Brazilian small design studio specializing in innovation, branding, and digital experience services. The company targets businesses seeking to enhance their brand and user experience through strategic design solutions. Their website showcases multiple client case studies and a clear service offering, positioning them as an innovative design partner in their market segment. Technically, the website uses modern frontend libraries such as Bootstrap, jQuery, and Owl Carousel, hosted on Locaweb, but suffers from slow load times and lacks a CMS or structured data for SEO enhancement. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, and missing security headers, exposing the site to significant risks. Privacy compliance is basic with a cookie consent popup and a privacy policy page, but no GDPR-specific indicators or terms of service are present. Overall, the site is professional in design and content but requires urgent security improvements to protect user data and build trust.

A

Akeo

akeo.com.br

54

Akeo is a Brazilian manufacturing company specializing in furniture accessories and edge banding tapes, with over 40 years of market experience. The company offers a diverse product portfolio including aluminum and plastic handles, profiles, feet for counters, appliques, and organizers, alongside customized solutions emphasizing innovation and sustainability. Their target market includes furniture manufacturers and designers seeking quality and differentiated products. Technically, the website employs modern front-end technologies such as Bootstrap, jQuery, and animation libraries, with hosting infrastructure linked to Google Cloud DNS services. However, the site lacks a valid SSL certificate and modern TLS support, exposing it to security risks. The presence of SPF and DMARC records indicates some email security awareness, but DNSSEC and other security headers are missing. Privacy and cookie policies are present with consent mechanisms, but terms of service and incident response information are absent. Overall, the digital maturity is moderate with room for security and compliance improvements.

C

Compusoft Group

compusoftgroup.com

61

Compusoft Group is a leading provider of specialized software solutions for the kitchen, bathroom, furniture, window, and door industries. Their portfolio includes design, presentation, business management, and production software, targeting professionals who require efficient and accurate tools to streamline their workflows. The company operates globally with a strong presence in over 100 countries and serves a large customer base, positioning itself as a key player in the configurable product software market. As a subsidiary of Cyncly, Compusoft benefits from a broader corporate ecosystem enhancing its market reach and technological capabilities. Technically, the website is built on WordPress with a comprehensive set of modern web technologies and analytics tools, including Google Analytics, Cookiebot for consent management, and various marketing and tracking integrations. The site demonstrates good performance and mobile optimization, although the page load time is relatively slow, likely due to extensive resources and scripts. Security-wise, the site employs a valid SSL certificate with HSTS enabled, SPF and DMARC records are properly configured, indicating a strong email security posture. However, the absence of DNSSEC and CAA records suggests room for improvement in DNS security. No explicit security or incident response policies are publicly available, which could be a gap in transparency. Overall, the website reflects a mature digital presence with robust privacy and cookie management practices, extensive tracking for marketing and analytics, and a professional, consistent brand image. The risk profile is moderate, with recommendations to enhance DNS security and publish clear security policies to improve trust and compliance.

D

DataSebrae

datasebrae.com.br

56

DataSebrae is a Brazilian government-affiliated platform focused on providing data intelligence and research to support micro and small businesses. It offers a variety of studies, thematic research, and infographics to help entrepreneurs and policymakers make informed decisions. The platform is linked to Sebrae, a well-known Brazilian institution supporting small businesses, which strengthens its market position and trustworthiness. Technically, the website is built on WordPress using Bootstrap and jQuery, with integrations for Google Analytics, Google Tag Manager, and Mailchimp for marketing and analytics. However, the site suffers from an invalid SSL certificate, no advanced security headers, and lacks DNSSEC, which poses security risks. The site is moderately optimized for mobile and accessibility but has slow load times. No explicit privacy, cookie, or terms of service policies were found, indicating compliance gaps. Overall, the platform serves as a valuable resource for its target audience but requires significant improvements in security and compliance to protect users and data.

W

Wake Creators

wakecreators.com.br

50

Wake Creators is a Brazilian technology company specializing in influencer marketing data and solutions. With a decade of experience, it holds a leading market position by maintaining the largest influencer database and leveraging AI and machine learning to optimize marketing campaigns. The company operates as part of the LWSA group and integrates into the broader Wake ecosystem, targeting brands, advertisers, and influencers. Technically, the website is built on WordPress using Oxygen Builder, hosted on AWS with DNS managed by Cloudflare. However, the site lacks a valid SSL certificate and modern TLS support, which poses significant security risks. The presence of SPF and DMARC records indicates some email security awareness, but the DMARC policy is permissive. Analytics usage is moderate with Google Analytics and Tag Manager implemented, but no cookie consent mechanism is present, which may impact privacy compliance. Overall, the site demonstrates moderate digital maturity with room for security and compliance improvements.

W

Wake Creators

squidit.com.br

67

Wake Creators, formerly known as Squid, is a Brazilian technology company specializing in influencer marketing data and campaign optimization. With a decade of experience, it offers a large influencer database and leverages AI and machine learning to enhance marketing performance. The company operates under the LWSA group and targets brands, advertisers, and influencers seeking data-driven marketing solutions. Technically, the website is built on WordPress using Oxygen builder and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate and modern TLS protocols, which poses significant security risks. Email security is well managed with SPF and DMARC policies, and multiple domain verifications indicate active ownership and SEO efforts. Overall, the security posture is weak due to missing HTTPS and security headers, but the business shows maturity in data and marketing technology.

T

The Ford Motor Company

fordheritagevault.com

61

The Ford Heritage Vault website serves as an official digital archive for The Ford Motor Company, showcasing a century-long collection of brochures, photographs, and historical automotive content from 1903 to 2003. It targets automotive enthusiasts, historians, and researchers by providing advanced search and filtering tools to access a rich repository of Ford, Lincoln, Mercury, and Edsel heritage materials. The platform positions itself as an authoritative source for Ford's historical assets, reinforcing brand legacy and customer engagement. Technically, the website is built on Microsoft IIS with ASP.NET backend, leveraging modern JavaScript libraries such as jQuery, Axios, and AOS for enhanced user experience. Hosting appears to be on Amazon AWS infrastructure. While the site demonstrates good mobile optimization and performance, it lacks some modern security configurations such as enabled TLS protocols and HSTS, which are critical for secure communications. From a security perspective, the site employs a valid GlobalSign SSL certificate and anti-clickjacking measures but does not enable modern TLS versions or security headers like Content-Security-Policy. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found. Privacy policies and terms of service are linked to official Ford corporate domains, indicating compliance with GDPR and other regulations. Overall, the website is professionally designed with consistent branding and trustworthy content. However, security posture can be improved by enabling modern TLS protocols, implementing HSTS, and adding comprehensive security headers. Enhancing accessibility and cookie consent mechanisms would also strengthen compliance and user trust.

R

Rollink

rollink.com

61

Rollink is a premium e-commerce company specializing in collapsible and foldable luggage designed for travelers seeking durable, lightweight, and space-saving travel solutions. The company positions itself in a niche market with a focus on quality and style, offering a range of luggage and travel accessories. Their website is built on WordPress with WooCommerce, leveraging modern web technologies and marketing tools such as Klaviyo and Facebook Pixel to engage customers and track performance. The site demonstrates good digital maturity with fast performance, mobile optimization, and strong branding consistency. Security posture is adequate with a valid SSL certificate and no known vulnerabilities, but lacks advanced security headers like HSTS and DNSSEC. Privacy and terms of service policies are present, but cookie consent mechanisms and explicit security policies are missing, indicating areas for compliance improvement. Overall, Rollink maintains a professional and trustworthy online presence with room to enhance security and privacy transparency.

M

Michigan Gaming

michigangaming.com

61

Michigan Gaming is a specialized information resource focused on the gaming industry within the state of Michigan, providing regulatory news, licensing information, and industry updates. The site is operated by RMC Ventures, LLC, with contributions from legal and gaming experts, positioning it as a trusted source for government officials, industry professionals, and the public interested in Michigan gaming. The website leverages WordPress CMS with a custom theme and integrates common web technologies such as jQuery, AOS for animations, and Contact Form 7 for user interactions. Google Analytics and reCAPTCHA are used for analytics and security respectively. The SSL certificate is valid but lacks modern TLS protocol support, and security headers are partially implemented. No explicit privacy, cookie, or terms of service policies are found, indicating potential compliance gaps. Contact information is clearly provided, including email, phone, and a contact form. Overall, the site demonstrates a moderate level of digital maturity with room for improvement in security and compliance.

Regulatory Management Counselors, P.C. (RMC Legal) is a specialized professional corporation providing legal, regulatory, and compliance consulting services primarily to the casino gaming industry and other heavily regulated sectors. The company leverages decades of experience to assist clients with regulatory management, compliance reviews, and government relations. Their market position is that of a niche expert with a focused client base in the United States. Technically, the website is built on WordPress, hosted by Flywheel, and uses modern web technologies including jQuery, AOS, and Contact Form 7, with SEO enhancements via Yoast. The site is performant and mobile optimized but lacks some advanced accessibility features. Security-wise, the site has a valid SSL certificate but does not support modern TLS protocols and lacks several security headers and policies such as HSTS and security.txt. Contact information is clearly provided, but privacy and cookie policies are absent, indicating potential compliance gaps. Overall, the site presents a professional image with moderate trustworthiness but would benefit from enhanced security and compliance measures.

W

webbuilding.lv

webbuilding.lv

55

The website's security posture is currently weak, with multiple critical and high-severity issues posing significant risks to business operations and regulatory compliance. Key vulnerabilities include missing essential security headers, exposed critical services like MySQL and FTP, and a complete lack of GDPR compliance measures for an EU business. The absence of documented security policies, incident response procedures, and business continuity planning further exacerbates operational risk. While email security and SSL/TLS configurations are relatively strong, foundational network security and privacy controls require urgent attention. Failure to address these issues could lead to data breaches, regulatory fines, reputational damage, and operational disruptions. Immediate remediation is essential to protect sensitive customer data, ensure compliance, and maintain stakeholder trust. Overall, the current security framework is inadequate for supporting business continuity and regulatory obligations in its operating regions.

A

Acentra Health

acentra.com

65

The website's overall security posture reveals significant gaps in compliance and foundational security controls, particularly concerning regulatory requirements and cryptographic protections. While no critical vulnerabilities were found, multiple high and medium severity issues pose material risks to data privacy, legal compliance, and customer trust. Key weaknesses include missing security headers, lack of GDPR-compliant cookie policies and consent mechanisms, absence of formal information security and incident response frameworks, and weak SSL/TLS configurations. Conversely, network security and DNS health show relatively strong scores, indicating some effective controls are in place. The deficient NIS2 compliance score highlights the urgent need for documented security policies and incident handling procedures. Immediate remediation will reduce exposure to data breaches, regulatory penalties, and reputational damage. Investment in security governance and cryptographic standards is needed to align with industry best practices and legal mandates.

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk findings that could expose the business to regulatory, reputational, and operational risks. Key deficiencies include missing fundamental security headers, lack of GDPR compliance measures such as privacy and cookie policies, and the absence of essential NIS2 cybersecurity governance frameworks like incident response and security policy documentation. While email security, SSL/TLS, DNS health, and network security show strong maturity, the gaps in legal compliance and governance frameworks pose significant risks for regulatory penalties and customer trust erosion. Addressing these gaps is vital to reduce legal liability, improve customer confidence, and strengthen overall cybersecurity resilience. Immediate focus on privacy policy implementation and establishing security governance will enhance compliance with evolving legal and industry standards. Proactive communication of security policies and incident response readiness will also support business continuity and reputation management. Overall, the website requires targeted improvements to bridge compliance and policy deficiencies while maintaining its strong technical security controls.

The website exhibits significant security and compliance gaps, particularly in privacy and incident management frameworks, posing considerable risks to business reputation and regulatory compliance. Critical deficiencies in GDPR adherence, such as the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to potential legal penalties and loss of customer trust. The lack of a security policy framework, incident response procedures, and vulnerability disclosure processes undermines the organization's ability to manage and respond to cyber threats effectively. Weak HTTP security headers and mixed content issues indicate vulnerabilities to web-based attacks, potentially compromising user data integrity. Exposure of high-risk services like FTP increases the attack surface and opens pathways for unauthorized access. While email security and DNS health are relatively stronger, they do not compensate for the fundamental gaps in governance and technical controls. Immediate remediation is required to address compliance and critical security flaws to safeguard business continuity and customer confidence. Overall, the security posture is inadequate for operating securely within the EU regulatory environment and against evolving cyber threats.

R

RG Capital | Allworth Financial

rgcapital.net

66

The website's security posture presents significant risks, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security is strong, several medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DNSSEC, and incomplete email authentication (no DKIM) indicate gaps in regulatory adherence and protection against common attack vectors. The failure to implement GDPR and NIS2 requirements could lead to legal and financial penalties, impacting business reputation and operations. DNS configuration weaknesses further increase susceptibility to domain spoofing and DNS attacks. Although some areas like network security and CAA records show positive scores, these do not compensate for the critical encryption flaw. Immediate remediation is essential to safeguard customer data, ensure compliance, and maintain trust. A structured approach focusing on encryption, compliance, and authentication will mitigate the most significant risks effectively.

A

AFIM S.A.M.

afim.mc

37

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw, severely undermining confidentiality and trust. Missing key security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options further increase vulnerability to common web attacks like clickjacking, cross-site scripting, and data interception. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent mechanisms could lead to legal penalties and customer trust erosion. The absence of an information security framework, incident response plans, and vulnerability disclosure policies highlights poor organizational security maturity. Email security is also lacking due to missing DMARC and DKIM records, increasing phishing and spoofing risks. While network security and DNS health show relative strength, critical gaps overshadow these positives. Immediate remediation is essential to protect business assets and customer data effectively.

R

RSVP Call Centre

rsvp.co.uk

62

The website exhibits significant security weaknesses with a critical issue of an exposed PostgreSQL service, posing a severe risk of unauthorized data access. Multiple high and medium severity issues in security headers, GDPR compliance, and NIS2 regulatory adherence reflect inadequate foundational security controls and governance. Missing key HTTP headers such as Strict-Transport-Security and Content-Security-Policy increase the risk of man-in-the-middle attacks and cross-site scripting vulnerabilities. Absence of cookie consent mechanisms and incomplete privacy documentation jeopardize regulatory compliance, potentially exposing the business to legal and reputational consequences. The lack of incident response and security policy frameworks severely limits the organization's ability to detect, respond to, and recover from cyber incidents. Network exposure of legacy services like FTP further elevates the attack surface. However, email security and DNS health are relatively stronger, indicating some focused security efforts. Immediate remediation and a structured security program are critical to mitigate risks, comply with regulations, and safeguard business operations.

P

Plexico Créations

plexico.fr

55

The website plexico.fr exhibits significant security and compliance deficiencies that expose the business to legal risks and cyber threats, particularly related to GDPR non-compliance and critical network vulnerabilities. While some foundational security controls like SSL/TLS and DNS health are relatively strong, the lack of key security policies, missing critical HTTP security headers, and exposed high-risk services indicate an urgent need for remediation to protect data, maintain customer trust, and ensure regulatory compliance.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Key vulnerabilities such as the absence of HTTPS encryption and essential security headers leave user data unprotected during transmission and increase susceptibility to common web attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements—such as a privacy policy and cookie consent mechanisms—further exposes the organization to potential legal penalties and customer trust erosion. Additionally, no formal information security framework, incident response, or business continuity plans are in place, which hinders the organization's ability to detect, respond to, and recover from security incidents effectively. While email security and network security show relative strength, critical gaps in SSL/TLS configuration and NIS2 compliance pose immediate threats. Without urgent remediation, these vulnerabilities could lead to costly breaches and regulatory fines. Immediate corrective actions are necessary to secure the website, protect customer data, and ensure compliance with relevant regulations.

A

Aira

aira.net

66

The website aira.net currently exhibits significant security and compliance gaps, particularly in foundational security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, resulting in a high-risk posture. While network security and email security show strengths, critical vulnerabilities like missing HTTP security headers and weak SSL configurations expose the business to potential data breaches and regulatory penalties. Immediate remediation is essential to safeguard customer trust and meet legal obligations.

The website https://pensoft.net exhibits significant security gaps, particularly in foundational security headers, GDPR compliance, and critical information security policies, resulting in a high-risk posture. While network and email security show strength, the absence of key protections like Strict-Transport-Security and privacy policies exposes the business to regulatory, reputational, and operational risks. Immediate remediation is needed to safeguard data, maintain customer trust, and align with compliance requirements.