Security Directory

F

Four Seasons Health Care Group

fshc.co.uk

47

Four Seasons Health Care Group is a UK-based healthcare organization that historically operated a high performing care home group. As of April 2025, the group completed the sale of its care home operations, with all homes now owned and operated by other providers. The website primarily serves investors, commissioners, financial stakeholders, and individuals seeking care home information. The business model has transitioned from direct care home management to a more informational and investor-focused presence. Technically, the website is built on WordPress using a modern tech stack including WPBakery Page Builder, jQuery, Google Maps API, and various plugins for forms and analytics. The site is mobile optimized with good SEO practices and uses HTTPS with valid SSL certificates. However, some security best practices such as security headers and cookie consent mechanisms are missing. From a security perspective, the site shows moderate maturity with HTTPS enforced and no exposed sensitive data. The lack of security headers and cookie consent reduces compliance with GDPR and other privacy regulations. No incident response or security policy information is published. Tracking and analytics are implemented via Google Tag Manager and Mediahawk, with moderate user tracking. Overall, the website is professional and trustworthy with good business credibility and content quality. Security and privacy compliance can be improved by implementing security headers, cookie consent, and publishing security policies. The site is not blocked by any WAF or security challenge, allowing full content access and analysis.

A

Appleby

applebyglobal.com

61

Appleby is a prominent international offshore law firm with a large global presence, comprising over 500 staff including 80 partners across 10 offices. The firm specializes in providing expert legal advice in corporate, dispute resolution, property, regulatory, and private client and trusts sectors. Their integrated service model includes corporate administration through Appleby Global Services, enhancing their comprehensive client offerings. The website reflects a mature digital infrastructure with WordPress CMS, modern analytics, and accessibility tools, supporting a professional and user-friendly experience. Security posture is strong with HTTPS, cookie consent mechanisms, and no evident vulnerabilities, though explicit security policies and incident response contacts are not published. Overall, the site demonstrates high business credibility and compliance with privacy regulations, positioning Appleby as a trusted leader in offshore legal services.

L

LikeAGlove

likeaglove.me

38

LikeAGlove is a technology-driven retail company specializing in smart wearable garments that measure body shape in 3D to assist users in tracking fitness progress and finding perfectly fitting jeans. Established in 2014, the company positions itself as an innovator and leader in smart measuring garment technology. Their e-commerce platform is built on WordPress with WooCommerce and integrates advanced marketing and analytics tools such as Google Tag Manager and PixelYourSite PRO. The website is professionally designed, mobile-optimized, and provides clear navigation and rich content focused on product benefits and user engagement. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements can be made by adding security headers and formal incident response policies. Privacy compliance is basic, with a privacy policy present but lacking cookie consent mechanisms. Overall, the business demonstrates high credibility with transparent contact information and consistent domain registration data.

Zurich Ireland operates as a comprehensive insurance and financial services provider, offering a wide range of products including life insurance, pensions, home and car insurance, and business insurance. It is a large, well-established entity regulated by the Central Bank of Ireland and is part of the global Zurich Insurance Group. The website is professionally designed with clear navigation and good content quality, targeting both personal and corporate customers in Ireland. Technically, the site uses modern JavaScript libraries and frameworks, integrates Google Tag Manager for analytics, and employs OneTrust for cookie consent management, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the domain registration details align well with the business identity, supporting high legitimacy and trustworthiness.

A

Annexio Limited

annexio.com

45

Annexio Limited operates as a licensed and regulated online lottery betting provider with a strong market presence in the UK and globally through its brands LottoGo.com and Affiliate Empire. The company offers a secure multilevel B2C/B2B platform for lottery betting and instant win games, targeting lottery players worldwide. The website is built on Squarespace, leveraging modern web technologies and optimized for mobile users, though some SEO and accessibility improvements are possible. Security posture is solid with HTTPS enforcement and no exposed sensitive data, but could benefit from enhanced security headers and formal privacy and cookie policies. Overall, Annexio demonstrates a credible and professional online presence consistent with its regulated business model.

M

Manx Telecom Trading Ltd

manxtelecom.com

58

Manx Telecom Trading Ltd is the leading telecommunications provider in the Isle of Man, offering a comprehensive range of services including fibre broadband, mobile plans (both pay monthly and pay as you go), and hardware sales. The company positions itself as a market leader with a strong focus on sustainable and socially responsible business practices, as evidenced by its Environmental, Social and Governance (ESG) initiatives. The website is professionally designed, mobile-optimized, and provides clear navigation to its diverse service offerings, targeting both personal and business customers within the Isle of Man. Technically, the website leverages modern technologies such as Umbraco CMS, Google Analytics, Google Tag Manager, Fathom Analytics, and OneTrust for cookie consent management. The site demonstrates good performance and accessibility standards, with asynchronous loading of scripts and responsive design. The presence of detailed cookie consent mechanisms and privacy policies indicates a strong commitment to privacy compliance, including GDPR adherence. From a security perspective, the website enforces HTTPS and employs cookie consent controls to manage user data privacy. While explicit security headers are not visible in the HTML content, no critical vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response contact suggests an area for improvement. WHOIS data confirms the legitimacy of the domain, with registration details consistent with the business claims and no privacy protection masking registrant information. Overall, Manx Telecom's website reflects a mature digital presence with strong business credibility and privacy compliance. Strategic recommendations include enhancing security header implementation, publishing explicit security policies, and establishing a vulnerability disclosure program to further strengthen trust and security posture.

M

Masterpixel Media

masterpixelmedia.com

50

Masterpixel Media is a UK-based digital marketing and lead acquisition agency specializing in lead generation, content marketing, and conversion rate optimisation. The company targets businesses across Europe and leverages paid ads on Google and Bing alongside organic search strategies. Their partnership with a lead distribution company in Ireland allows them to offer VAT benefits to European customers. The website is professionally designed using WordPress with modern plugins such as Gravity Forms and Yoast SEO, indicating a mature digital infrastructure. Security posture is adequate with HTTPS and anti-spam measures, but lacks explicit security policies and advanced security headers. Privacy compliance is addressed with a privacy policy and cookie consent banner, though GDPR-specific details are basic. Overall, the website presents a trustworthy and professional business presence with room for enhanced security and compliance transparency.

T

The Children's Centre

thechildrenscentre.org.im

50

The Children's Centre is a non-profit organization based on the Isle of Man dedicated to supporting children, young people, and families facing difficult life experiences such as bullying, developmental disabilities, poverty, addiction, and domestic abuse. Their services focus on behavioral, learning, and emotional wellbeing, bridging gaps in statutory provision before crises occur. The organization operates a community farm and offers various programs including volunteering and fundraising opportunities. The website is professionally designed using the Squarespace platform, featuring clear navigation, mobile optimization, and active social media integration. Technically, the site employs modern web technologies, secure HTTPS with HSTS, and tracking tools like Google Analytics and Facebook Pixel. However, it lacks a cookie consent mechanism and comprehensive privacy policy details, which are important for GDPR compliance. No security incidents or vulnerability disclosures are published, and no WAF or blocking mechanisms are detected, indicating open accessibility. Overall, the website reflects a credible and trustworthy charity with room for improvement in privacy compliance and transparency.

R

Rational Intellectual Holdings Limited

pokerstars.com

58

PokerStars, operated by Rational Intellectual Holdings Limited and owned by Flutter Entertainment, is a leading global online poker platform established in 2001. The website offers a comprehensive range of poker games, tournaments, and casino services, targeting online poker enthusiasts worldwide. It holds multiple licenses and certifications, including from the Malta Gaming Authority, ensuring regulatory compliance and player protection. The platform emphasizes secure transactions, responsible gaming, and player fund segregation, reinforcing its market leadership and trustworthiness. Technically, the website employs modern web technologies such as React, Google Tag Manager, Optimizely for A/B testing, and OneTrust for cookie consent management. The site is well-optimized for mobile devices, features fast loading times, and includes accessibility considerations. The content is professionally curated with clear navigation and SEO best practices, supporting a high-quality user experience. From a security perspective, PokerStars enforces HTTPS, implements strong security headers, and provides granular cookie consent options. The site does not expose sensitive data or use vulnerable libraries. However, it lacks a dedicated security policy page and explicit incident response contact details, which are recommended for enhanced transparency and readiness. Overall, PokerStars presents a robust, professional, and secure online poker environment with strong compliance and trust indicators. Strategic improvements in publishing security policies and incident response information would further strengthen its security posture and user confidence.

A

Affinity Group Limited

affinity.co.im

38

Affinity Group Limited is a well-established corporate and private wealth services provider founded in 2004 and headquartered in the Isle of Man. The company offers a broad range of services including corporate services, private wealth management, regulated industry support, and specialized sectors such as yachting, aviation, and sports professionals. Their market position is strong, supported by multi-award-winning recognition and trusted asset management exceeding £2 billion. The website reflects a mature digital presence built on the Webflow platform, featuring modern design, multimedia content, and clear navigation. However, the absence of explicit privacy and cookie policies, as well as security headers, indicates areas for improvement in compliance and security transparency. Overall, the company demonstrates a high level of professionalism and trustworthiness with a global footprint.

M

MuchBetter

muchbetter.com

55

MuchBetter is a regulated financial technology company specializing in digital wallet and payment solutions, including prepaid Mastercard cards and wearable payment devices. The company operates under MIR Limited UK Ltd, licensed by the UK Financial Conduct Authority as an electronic money institution. Their market position is that of an innovative fintech provider targeting both consumers and businesses with friction-free payment services. The website demonstrates a mature technical infrastructure built on WordPress with Elementor, enhanced by multilingual support and SEO optimization. Security posture is strong, with HTTPS, security headers, and PCI DSS compliance evident, although explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR and cookie consent requirements, supporting a positive user experience and business credibility.

Ethiopian Airlines is a major African airline with a strong international presence, offering flights to over 125 destinations worldwide. The company provides a comprehensive range of services including passenger flights, cargo logistics, loyalty programs, and travel-related add-ons. The website reflects a mature digital infrastructure with modern technologies, responsive design, and extensive content tailored for a global audience. Security posture is robust with HTTPS enforcement, secure cookie handling, and consent management, although some security headers could be enhanced. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site projects professionalism and trustworthiness aligned with the airline's market position.

RLC Group is a well-established aerospace engineering company founded in 1955, providing comprehensive engineering solutions globally with multiple operating facilities in the UK, Isle of Man, Singapore, and Northern Ireland. Their core services include engine components, actuation assemblies, airframes, ejection seats, and product lifecycle management, targeting the global aerospace industry. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their industry and clients. Technically, the website uses standard web technologies such as HTML5, CSS Grid, and JavaScript, with moderate performance and good mobile optimization. SEO practices are adequately implemented with proper meta tags and structured navigation. However, no advanced frameworks or CMS platforms were detected, and hosting details remain unknown. From a security perspective, the site lacks visible security headers and explicit security policies, though it implements a cookie consent mechanism aligned with GDPR requirements. No critical vulnerabilities or exposed sensitive data were found, but improvements in security headers, HTTPS enforcement verification, and incident response disclosures are recommended to enhance security posture. Overall, the website presents a trustworthy and credible business presence with good content quality and privacy compliance. The absence of terms of service and explicit contact emails or phone numbers slightly limits direct communication channels. Strategic security and compliance enhancements would further strengthen the company's digital maturity and risk management.

Y

YESSS Electrical

yesss.co.uk

63

YESSS Electrical is a prominent UK-wide electrical wholesaler and retailer, offering a vast range of over 10,000 electrical products sourced from leading UK brands. With a strong market presence supported by over 95 physical stores nationwide and an online platform, they cater to both trade professionals and public customers. Their services include technical assistance, free design services, next day delivery, and click & collect options, positioning them as a comprehensive supplier in the electrical industry. The company emphasizes competitive pricing and extensive product availability, reinforcing their position as a fast-growing leader in the UK electrical wholesale market. Technically, the website employs a modern technology stack including jQuery, Bootstrap, Google Tag Manager, Facebook Pixel, Google reCAPTCHA, and Visual Website Optimizer, ensuring a responsive and interactive user experience. The site is well-optimized for mobile devices and incorporates standard SEO and accessibility practices, though some accessibility features could be enhanced. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS, uses reCAPTCHA for form protection, and implements a cookie consent mechanism compliant with GDPR. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit security headers and a dedicated security policy or incident response page suggests areas for improvement in security posture. Overall, YESSS Electrical demonstrates a strong business and technical foundation with good compliance and security practices. Strategic enhancements in security headers, incident response transparency, and accessibility would further strengthen their risk management and user trust.

M

Metro Safety

metrosafety.co.uk

39

Metro Safety is a UK-based company specializing in fire, health, and safety compliance services targeted primarily at property professionals including managing agents, retailers, local authorities, and social housing providers. The company positions itself as a leading provider in the UK market with a comprehensive service offering that includes risk assessments, testing, maintenance, consultancy, and training. Their digital presence reflects a mature business with a professional website built on Joomla CMS and enhanced by modern UIkit frameworks. The site is mobile optimized and provides clear navigation and relevant content, supporting their market position and business model effectively. From a security perspective, the website employs HTTPS and includes CSRF tokens, but lacks some advanced security headers and explicit incident response or vulnerability disclosure policies. Privacy compliance is partially addressed with a cookie and privacy policy page, though no active consent mechanism is present. Overall, the website demonstrates a solid business credibility and technical foundation with room for improvement in privacy and security transparency.

Q

Quinn Legal

quinnlegal.im

46

Quinn Legal is a small legal advocacy firm based in the Isle of Man, providing legal services to both individuals and businesses. The website indicates that the offices have closed but maintains contact channels via phone and email. The firm appears to have a local market presence with a focus on legal advocacy. Technically, the website is built on WordPress using common plugins and frameworks such as Genesis and WP Rocket, hosted on WP Engine. The site integrates Google Analytics and Google Tag Manager for tracking and marketing purposes. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and formal security policies. Privacy compliance is basic with a cookie policy present but no explicit privacy policy page found. Overall, the website is functional but could improve in security and compliance documentation.

Wholesale Inc. operates as a large vehicle wholesaler providing an online platform for buying and selling vehicles at wholesale prices across the United States. The company is powered by RumbleOn, a publicly traded technology company, which enhances its market credibility. The website offers services including cash offers for vehicles, vehicle financing, and inventory browsing, targeting vehicle buyers and sellers seeking convenience and competitive pricing. The site is built using React and hosted on AWS Cloudfront, indicating a modern technical infrastructure but with room for improvement in mobile responsiveness and SEO. From a security perspective, the website lacks visible HTTPS enforcement details and security headers, which are critical for protecting user data and ensuring trust. No privacy or cookie policies are present, indicating potential compliance gaps with GDPR and other privacy regulations. The absence of forms collecting sensitive data reduces immediate risk, but the lack of security best practices and policies could impact user trust and regulatory compliance. Overall, the website demonstrates moderate business credibility due to its association with RumbleOn and clear contact information. However, technical and security aspects require enhancements to improve user experience, accessibility, and compliance. Strategic improvements in security headers, privacy policies, and mobile optimization are recommended to elevate the site's professionalism and trustworthiness.

I

ILS World

ils-world.com

57

ILS World is a well-established global fiduciary services provider headquartered in the Isle of Man, offering a broad range of corporate, private client, and digital services. The company targets professional advisers, international corporate groups, and private clients, positioning itself as a trusted partner with over 30 years of industry experience. Their leadership team is experienced and regulatory approvals from multiple jurisdictions enhance their credibility. The website reflects a professional and consistent brand image with clear navigation and relevant content. Technically, the website employs modern web technologies including Bootstrap, Swiper, GSAP, and jQuery, with assets hosted on Amazon S3 and CDNs to optimize performance. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Analytics and marketing tools such as Google Analytics and Campaign Monitor are used for user tracking and engagement. From a security perspective, the site uses HTTPS and secure iframe forms for contact, but lacks explicit security headers and dedicated security or incident response policies. Privacy and cookie policies are present, though a cookie consent mechanism is missing, which may affect GDPR compliance. No critical vulnerabilities or suspicious content were detected, and domain WHOIS data aligns well with the business claims, indicating legitimacy. Overall, the website demonstrates a strong business credibility and technical foundation with room for improvement in security best practices and privacy compliance mechanisms.

V

Veepee

vente-privee.com

53

Veepee is a prominent French e-commerce platform specializing in private sales of branded products across multiple categories including fashion, travel, home, and wellness. The platform operates daily sales events with significant discounts, targeting consumers seeking quality brands at reduced prices. Veepee holds a strong market position in Europe with a large user base and a comprehensive service offering including customer support and secure payment options. Technically, the website is built on modern frameworks such as Next.js and integrates advanced analytics and consent management tools, ensuring a high level of digital maturity. Security measures are robust, with HTTPS enforced, security headers present, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear policies and user consent mechanisms. Overall, Veepee demonstrates a professional, trustworthy, and user-friendly online presence.

NFU Mutual is a well-established UK-based insurance and financial services provider with a strong market position, offering a wide range of insurance products including home, motor, business, farming, and life cover, as well as investment and pension services. The company operates through a network of over 280 local agency offices, emphasizing personal service and local presence. The website reflects a mature digital infrastructure using modern technologies such as React, Google Tag Manager, and Microsoft Application Insights, with good mobile optimization and accessibility features. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent mechanisms in place, although explicit security policy and incident response contacts are not found. Overall, the site is professional, trustworthy, and compliant with privacy regulations, supporting NFU Mutual's reputable brand image.

The Isle of Man Post Office website serves as the official digital presence for the government postal service of the Isle of Man. It offers a comprehensive range of services including online postage, mail receiving and sending, foreign currency exchange, business mailing solutions, and retail products such as stamps and coins. The site targets both individual residents and businesses within the Isle of Man and surrounding regions, positioning itself as the primary postal and related services provider in the territory. The business model is government-operated, focusing on providing essential postal and financial services with a strong emphasis on customer convenience and digital accessibility. Technically, the website employs a modern technology stack including jQuery, the Foundation CSS framework, Google reCAPTCHA v3 for bot protection, and integrates Google Fonts and jQuery UI for enhanced user experience. The site demonstrates good mobile optimization and basic accessibility features, with a moderate performance profile. SEO practices are adequately implemented with proper meta tags and structured navigation. From a security perspective, the site uses HTTPS (implied by external Google reCAPTCHA and Google Fonts usage over HTTPS), includes CSRF tokens in forms, and implements a cookie consent mechanism compliant with GDPR. However, explicit HTTP security headers are not detected in the provided data, and no published security policy or incident response contacts are found. There are no visible vulnerabilities or exposed sensitive data. The site integrates tracking and marketing tools such as Google Analytics and Facebook Pixel, with moderate user tracking levels and good privacy compliance. Overall, the website is professionally designed, trustworthy, and well-aligned with the official government postal service branding. The domain registration data matches the website content and business claims, indicating legitimacy. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure mechanism to further strengthen security posture and user trust.

B

brightfuture.co.uk

brightfuture.co.uk

41

The website brightfuture.co.uk currently serves as a domain parking page with no active business content or services. It primarily displays related search advertisements and a notice that the domain may be for sale. The site targets potential domain buyers and users interested in educational and career guidance topics but does not provide original content or business offerings. Technically, the site uses basic HTML, CSS, and JavaScript with Google Adsense and Bodis domain parking scripts. The hosting provider appears to be Bodis, a domain parking service. The site lacks HTTPS, security headers, and privacy or cookie consent mechanisms, indicating a weak security posture. No contact or company information is provided, reducing business credibility and trustworthiness. Overall, the site is low quality, with poor design and minimal user experience.

A

Aerotech International Limited

aerotech.im

45

Aerotech International Limited is a well-established aviation technical consultancy firm based in the Isle of Man, with over 20 years of experience and a global network of consultants. The company specializes in aircraft transitional support and offers a wide range of services including project management, lease transitions, maintenance representation, and regulatory support. Their market position is strong as a legacy global leader with a clear focus on aviation industry clients. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the website is built on WordPress using the Divi theme and incorporates modern web technologies such as jQuery and slick carousel plugins. The site is mobile optimized and performs moderately well, though there is room for improvement in accessibility and SEO. Security-wise, the site uses HTTPS with a good SSL configuration but lacks important security headers and explicit security policies, which could be enhanced to improve the overall security posture. Overall, the website is credible and trustworthy with clear business information and contact details. However, it lacks cookie consent mechanisms and detailed privacy compliance features, which are important for GDPR adherence. No WAF or blocking mechanisms were detected, allowing full content access and analysis.

S

Swagelok Company

swagelok.com

57

Swagelok Company is a well-established, privately held manufacturer specializing in fluid system solutions including components, assemblies, and engineering services. With a global presence spanning 70 countries, Swagelok serves critical industries such as energy and manufacturing, positioning itself as a trusted leader in fluid system reliability and safety. The website reflects a mature business model focused on product quality, local support, and comprehensive service offerings. Technically, the website employs modern web technologies including jQuery, Foundation framework, and Google Tag Manager, hosted likely on Akamai's CDN infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, providing a professional user experience with clear navigation and rich content. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. While basic security headers are present, there is room for improvement by adding advanced headers and publishing explicit security policies. No vulnerabilities or exposed sensitive data were detected, indicating a solid security posture. Overall, the website demonstrates high business credibility and privacy compliance, with strong trust indicators such as awards and social media presence. The domain registration data aligns well with the company's history and location, reinforcing legitimacy. Strategic recommendations include enhancing security headers, publishing incident response information, and adding a vulnerability disclosure policy to further strengthen trust and security.

C

Conister Bank Limited

conisterbank.co.im

63

Conister Bank Limited is an independent financial institution established in 1935, operating primarily in the Isle of Man. The bank offers a range of retail and business banking services including mortgages, personal loans, savings accounts, and green finance options. It positions itself as a locally focused bank with quick decision-making and a commitment to traditional values such as courtesy, safety, and integrity. The bank is licensed by the Isle of Man Financial Services Authority and is a subsidiary of Manx Financial Group PLC, listed on the London Stock Exchange AIM. The website reflects a professional and trustworthy image with clear contact information and regulatory disclosures. Technically, the website employs a modern tech stack including Foundation CSS framework, jQuery, Google reCAPTCHA v3 for bot protection, Google Maps API, and Typekit fonts. The site is mobile optimized and uses standard security practices such as HTTPS and cache control headers. However, some security headers like Content-Security-Policy and X-Frame-Options are not explicitly present. The site integrates Google Analytics and Facebook Pixel for analytics and advertising, with a comprehensive cookie consent mechanism that aligns with GDPR requirements. From a security perspective, the site demonstrates good practices including encrypted connections, secure forms with reCAPTCHA, and no visible vulnerabilities or exposed sensitive data. Privacy policies and cookie policies are clearly presented, supporting compliance with data protection regulations. No incident response or security policy pages were found, which could be improved to enhance transparency and readiness. Overall, Conister Bank's website is well-structured, secure, and compliant with privacy standards, reflecting a mature digital presence suitable for a regulated financial institution. Recommendations include enhancing security headers, publishing a security policy, and improving SEO metadata completeness to further strengthen trust and compliance.

The website cef.co.uk is currently inaccessible due to a Cloudflare Turnstile human verification challenge page. This security mechanism blocks access to the actual website content, preventing any meaningful extraction of business, security, or compliance information. The page only contains minimal HTML and scripts related to the Cloudflare challenge, with no metadata, contact details, or business descriptions available. Consequently, the technical infrastructure appears to rely on Cloudflare for security and DDoS protection, but no further details can be assessed. The security posture cannot be evaluated beyond the presence of the WAF challenge, and no privacy or cookie policies are detectable. Overall, the site is effectively blocked from analysis, resulting in a low trust and quality score.

S

Stewart Clague Services Limited

scs.co.im

58

Stewart Clague Services Limited (SCS) is a well-established facilities management and building services provider based in the Isle of Man, operating since 1969. The company holds a strong market position as the largest and longest serving provider in its region, offering a comprehensive range of services including domestic and commercial services, renewable technologies, project management, and facilities management. Their business model emphasizes quality, customer service, and compliance with industry standards, supported by multiple ISO certifications and professional memberships. Technically, the website is built on WordPress with modern web technologies such as Yoast SEO, Google reCAPTCHA v3, and Swiper Carousel for enhanced user experience. The site demonstrates good mobile optimization, SEO practices, and moderate performance. Security measures include HTTPS enforcement and form protection via reCAPTCHA, although additional security headers and policies could enhance the posture. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism aligned with GDPR requirements. Contact information is clearly presented, including a contact form, email, phone number, and physical address, enhancing business credibility. Overall, the website reflects a professional, trustworthy, and mature digital presence suitable for its business sector. Strategic recommendations include implementing explicit security headers, publishing a security policy and incident response contacts, and adding a vulnerability disclosure policy to further strengthen security and trust.

D

DotPerformance Limited

dotperformance.com

62

DotPerformance Limited is a well-established full-service design, development, and content agency based in the Isle of Man, with over 20 years of experience. The company serves a broad range of clients on the island, providing comprehensive branding, website and mobile app development, content management, API integration, digital marketing, and media production services. Their market position is strong locally, supported by a portfolio of significant Isle of Man brands and a consistent, professional online presence. Technically, the website is built using modern web technologies including Bootstrap, Google Analytics, Google Tag Manager, and Google reCAPTCHA v3 for security. The site is mobile-optimized, fast-loading, and well-structured with good SEO practices. The use of asynchronous script loading and third-party APIs like Vimeo enhances user experience. However, explicit CMS or hosting provider details are not disclosed. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect its contact form from spam. While no critical vulnerabilities or exposed sensitive data were detected, the absence of explicit security headers and incident response policies suggests room for improvement. Privacy and cookie policies are present and appear GDPR compliant, supporting good privacy practices. Overall, the website demonstrates a high level of professionalism, technical maturity, and business credibility with a low risk profile. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and maintaining regular security audits to sustain trust and compliance.

T

Tesco Mobile Limited

tescomobile.com

63

Tesco Mobile Limited is a prominent UK telecommunications provider offering a wide range of mobile phones, pay monthly contracts, SIM only deals, and pay as you go plans. The company leverages the O2 network to provide extensive UK coverage including 5G services. Tesco Mobile integrates its loyalty program, Clubcard, to offer customers rewards and exclusive pricing, positioning itself as a customer-centric and service-oriented network. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive product information targeting both personal and business customers in the UK market. Technically, the site is built on Magento with modern JavaScript frameworks and integrates advanced search and analytics tools such as Algolia and New Relic, ensuring good performance and user experience across devices. Security posture is strong with HTTPS enforced and secure form handling, although explicit security policies and incident response contacts are not publicly detailed. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. Overall, Tesco Mobile's website demonstrates a high level of professionalism, trustworthiness, and digital maturity suitable for a large telecommunications brand.

L

Lieto vēlreiz

lietovelreiz.lv

55

The website 'Lieto vēlreiz' is a Latvian platform promoting sustainable consumption through renting, repairing, sharing, and exchanging goods. It targets Latvian-speaking consumers interested in reducing waste and saving money by reusing items. The site is professionally designed with good content quality and consistent branding, though explicit business details and contact information are not provided. Technically, the site uses modern JavaScript modules, Cookiebot for cookie consent management, Facebook Pixel for marketing, and Google Tag Manager for analytics. The site is mobile-optimized and SEO-friendly with good accessibility features. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, but lacks explicit security headers and published security policies. No WAF or blocking mechanisms were detected, and the site is fully accessible. The domain registration is privacy protected, limiting transparency, but the use of reputable third-party services and professional content suggests moderate legitimacy. Overall, the site scores well on content, technical implementation, security, and privacy compliance, but business credibility is limited by lack of contact and company information.

L

Latvijas tūrisma informācijas organizāciju asociācija LATTŪRINFO

latturinfo.lv

45

LATTŪRINFO is a Latvian tourism information organization association that focuses on promoting tourism information exchange, organizing tourism information markets, and supporting regional tourism development. The website is built on Joomla CMS with a moderate technical infrastructure including Bootstrap and common JavaScript libraries. It uses Google Analytics and Google Tag Manager for visitor tracking but lacks visible privacy and cookie policies, which impacts privacy compliance. Security posture is moderate with no explicit security headers detected and no vulnerability disclosure mechanisms. The website content is relevant and professionally presented, targeting tourism professionals and stakeholders in Latvia. Overall, the site is functional and credible but would benefit from enhanced privacy and security practices.

R

Ražots Kurzemē

razotskurzeme.lv

40

Ražots Kurzemē is a regional Latvian website dedicated to promoting local producers and artisans in the Kurzeme region. It serves tourists and visitors interested in local crafts, food, and cultural experiences by offering listings of open artisan farms, workshops, tastings, and gift options. The website is built on WordPress with a focus on SEO and accessibility, using popular plugins such as Yoast SEO and Cookie Law Info. While the site provides rich content and a clear business focus, it lacks explicit privacy and terms of service pages and does not expose advanced security headers. The cookie consent mechanism is implemented, indicating some level of GDPR awareness. No direct contact emails or phone numbers are found, which may impact user trust and support accessibility.

B

Bizvu Limited

bizvu.co.uk

51

Bizvu Limited is a UK-based technology company specializing in customer journey orchestration and automation solutions. Their product suite includes platforms for secure email triage, sentiment analysis, workflow design, and messaging, targeting contact centers and businesses aiming to enhance customer experience and operational efficiency. The company positions itself as a niche provider with a focus on personalized and automated customer interactions. Technically, the website leverages modern frameworks such as Blazor Server and MudBlazor UI components, combined with Bootstrap and FontAwesome for styling and icons. Analytics are implemented via Google Tag Manager and LinkedIn Insight tags, indicating a moderate level of digital maturity. The site is mobile optimized and presents a professional design with clear navigation. From a security perspective, the site enforces HTTPS and uses anti-forgery tokens in forms, but lacks visible security headers and a cookie consent mechanism, which are important for GDPR compliance and security hardening. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data aligns well with the website claims, supporting legitimacy. Overall, Bizvu's website demonstrates a solid business and technical foundation with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas would strengthen trust and regulatory adherence.

I

INSPIRE

inspiredm.co.uk

52

INSPIRE is a UK-based small technology company specializing in website design, development, and managed hosting services primarily using WordPress. The company positions itself as a niche provider offering responsive, performance-optimized websites with additional services such as GA4 integration and ecommerce startup support. The website reflects a professional and consistent brand image with clear navigation and relevant content targeting businesses seeking digital presence solutions. Technically, the site leverages modern web technologies including WordPress, jQuery, Google Tag Manager, and GDPR compliance plugins, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in security headers and explicit security policies. Overall, the domain registration aligns well with the business claims, enhancing trustworthiness. Privacy compliance is partially addressed via cookie consent but lacks a dedicated privacy policy page. The site uses analytics and tracking pixels responsibly with user consent. The overall risk is low, with recommendations focusing on enhancing privacy and security documentation and headers.

P

PFS Power

pfspower.org

48

PFS Power is a UK-based financial planning educational platform focused on promoting a consumer outcomes-focused approach called POWER Planning. The website offers a variety of resources including articles, webinars, podcasts, and guides aimed at financial planning professionals and consumers. The platform positions itself as a niche community and educational resource with a clear mission to improve financial planning practices through coaching and consumer engagement. Technically, the site is built on WordPress with modern plugins and technologies such as Google Tag Manager and reCAPTCHA, ensuring a good level of digital maturity. Security posture is solid with HTTPS enforced and GDPR compliance implemented via cookie consent mechanisms, although some security headers could be improved. Overall, the site is professional, trustworthy, and well-structured, with clear navigation and consistent branding. No critical security issues were detected, and the domain registration details align well with the business claims, supporting legitimacy.

The Personal Finance Society (PFS) is a UK-based professional body dedicated to supporting financial planning professionals through membership, qualifications, learning resources, and events. It operates under the Chartered Insurance Institute group, positioning itself as a leading authority in the financial planning sector. The website clearly targets financial professionals seeking career development and industry recognition. The business model centers on membership fees, educational content, and professional events, reinforcing its role as a trusted industry body. Technically, the website employs a modern technology stack including AngularJS, jQuery, and various analytics and marketing tools such as Google Tag Manager and Facebook Pixel. The CMS is Umbraco, a professional-grade content management system. The site is mobile-optimized with good navigation and accessibility features, though some accessibility improvements could be made. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and includes some security headers, but could enhance its security posture by adding additional headers and publishing a formal security policy. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Contact information is complete and professional, enhancing trust. Overall, the website presents a professional, trustworthy, and well-maintained digital presence for the Personal Finance Society. Strategic recommendations include enhancing security headers, publishing incident response information, and improving accessibility compliance to further strengthen trust and compliance.

E

ECOLINES

ecolines.net

62

ECOLINES is a leading coach operator in the Baltic States, providing extensive bus transportation services across 20 countries and approximately 200 cities daily. The company targets international travelers seeking comfortable and reliable bus travel options. Their business model focuses on ticket sales for both international and domestic routes, supported by digital tools such as a mobile app and online booking system. The website reflects a strong market position with a professional design and clear navigation, supporting a large and diverse customer base. Technically, the website leverages modern frontend technologies including Vue.js, integrated with Cookiebot for GDPR-compliant cookie management and Google Analytics for traffic analysis. Hosting and performance are supported by Cloudflare services, ensuring moderate to good loading speeds and mobile responsiveness. SEO and accessibility are adequately addressed, though some improvements in accessibility could be beneficial. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms to comply with privacy regulations. While explicit security headers are not fully confirmed, no critical vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response information suggests room for enhancement in transparency and preparedness. Overall, ECOLINES presents a trustworthy and professional online presence with strong privacy compliance and a solid technical foundation. Strategic improvements in security headers, accessibility, and incident response disclosures would further strengthen their security posture and user trust.

V

VisitVentspils

visitventspils.com

57

VisitVentspils is the official tourism portal for the city of Ventspils, Latvia, providing comprehensive information on local activities, events, accommodation, dining, and the unique local currency called Ventspils Venti. The website targets tourists and visitors seeking to explore Ventspils and offers multilingual support to cater to a diverse audience. It positions itself as a key resource for tourism promotion in the region, leveraging official city branding and social media channels to enhance engagement. Technically, the site is built on WordPress with a modern tech stack including Yoast SEO for optimization, Google Tag Manager for analytics, and plugins for multilingual content and social media feeds. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Performance is moderate with some broken images noted. From a security perspective, the site uses HTTPS and has implemented cookie consent mechanisms aligned with GDPR requirements. However, it lacks some advanced security headers like Content-Security-Policy and X-Frame-Options, which could be improved to enhance protection. No critical vulnerabilities or blocking mechanisms were detected. Overall, the website demonstrates a solid digital presence with good privacy compliance and business credibility. The domain registration details align well with the website's claims, supporting its legitimacy. Strategic improvements in security headers and fixing broken assets would further strengthen the site's posture.

V

Ventspils

ventspils.lv

57

The website www.ventspils.lv serves as the official digital portal for the city government of Ventspils, Latvia. It provides comprehensive information and services for residents, businesses, and visitors, including city administration details, news, events, public services, and tourism resources. The site is well-positioned as a trusted government resource with clear branding and a focus on community engagement. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and WPML for multilingual support, ensuring good SEO and accessibility. The presence of cookie consent mechanisms and privacy policies indicates compliance with GDPR requirements. Security posture is solid with HTTPS enforced and security headers present, though explicit security policies and incident response information are not found. Overall, the site demonstrates a mature digital presence suitable for a municipal government entity.

H

Houzz Inc.

houzz.in

65

Houzz Inc. operates a leading online platform that serves both homeowners and home professionals by providing design inspiration, professional directories, and comprehensive software tools for construction and design management. The website is well-structured, rich in content, and targets a global audience with localized versions, including India. The platform's technical infrastructure leverages modern web technologies, including JavaScript frameworks, CDN-hosted assets, and video integration via Vimeo, ensuring fast and responsive user experiences across devices. Security is robust with HTTPS enforcement and appropriate security headers, while privacy compliance is demonstrated through comprehensive privacy and cookie policies with consent mechanisms. The business maintains a high level of professionalism and trustworthiness, supported by clear contact channels and active social media presence.

H

Houzz

houzz.co.nz

52

Houzz is a leading online platform that serves both construction and design professionals as well as homeowners seeking inspiration and services for home renovation and design. The website offers a comprehensive suite of tools including professional directories, project showcases, and software solutions tailored for the construction and design industry. The platform maintains a strong market position with a large global presence and consistent branding across multiple regional domains. Technically, the site employs modern web technologies such as JavaScript frameworks, CDN hosting, and integrates with third-party services like Salesforce and Calendly to enhance user engagement and operational efficiency. Security measures are robust, with HTTPS enforcement, security headers, and CSRF protections in place, although no explicit public security policy or incident response information is found. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Overall, the website demonstrates a high level of professionalism, technical maturity, and business credibility, making it a trustworthy platform for its target audience.

H

Houzz

houzz.ie

55

Houzz.ie is a comprehensive online platform serving both construction and design professionals as well as homeowners in Ireland. It offers a wide range of services including design and build software, a vast collection of interior design ideas, and a professional directory. The platform is well-established with a consistent brand presence and localized content for multiple countries. Technically, the website employs modern web technologies, including JavaScript frameworks, video integration, and third-party services for enhanced user interaction and scheduling. Security practices are robust, with HTTPS enforcement and appropriate security headers, ensuring safe user interactions. Privacy compliance is strong, featuring clear privacy and cookie policies with consent mechanisms. Overall, the site demonstrates a high level of professionalism, technical maturity, and business credibility.

H

Houzz

houzz.se

56

Houzz is a leading global platform providing software and services for construction and design professionals as well as homeowners seeking inspiration and professional help for home renovation and design. The website offers a comprehensive collection of photos, professional directories, and tools to facilitate project management and design. The platform is well-established with a strong market presence and localized versions for multiple countries, including Sweden. Technically, the site uses modern web technologies, including JavaScript frameworks, CDN hosting, and performance optimizations, ensuring a good user experience across devices. Security practices include HTTPS enforcement and CSRF protection, although explicit security headers should be confirmed. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Houzz demonstrates a mature digital infrastructure and a strong business model focused on connecting users with home improvement professionals.

H

Houzz

houzz.dk

66

Houzz.dk is a localized Danish version of the global Houzz platform, offering a comprehensive online service for construction and design professionals as well as homeowners seeking inspiration and professional services. The platform provides powerful software tools, a vast collection of design ideas, and a directory of professionals, positioning itself as a leading player in the home improvement and real estate sector in Denmark. Technically, the site employs modern web technologies including jQuery, React-based bundles, Apollo GraphQL, and integrates with third-party services like Calendly and Vimeo for enhanced user experience. Security measures are robust with HTTPS enforcement, CSRF protection, and likely content security policies, ensuring a secure environment for users. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Overall, the site demonstrates a high level of professionalism, technical maturity, and business credibility, making it a trustworthy platform for its target audience.

H

Houzz

houzz.es

66

Houzz is a leading online platform providing software solutions for construction and design professionals, as well as inspiration and product discovery for homeowners. The website offers a comprehensive directory of professionals including architects, interior designers, contractors, and more, supporting a large user base in Spain and internationally. The platform is well-established with a consistent brand presence and extensive content offerings including photos, articles, and videos. Technically, the site employs modern web technologies, including JavaScript frameworks, CDNs, and performance monitoring tools, ensuring a fast and responsive user experience. Security practices are robust with HTTPS enforcement, CSRF protection, and appropriate security headers, although explicit security policy and incident response pages are not found. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms aligned with GDPR requirements. Overall, Houzz demonstrates a mature digital infrastructure, strong business credibility, and a secure environment for its users.

H

Houzz

houzz.it

62

Houzz is a leading online platform serving both construction and design professionals as well as homeowners seeking inspiration and services for home improvement projects. The website offers a comprehensive suite of tools including design software, a professional directory, and extensive photo galleries. It is well-positioned in the real estate and home improvement market with a strong global presence and localized versions for multiple countries. Technically, the site employs modern web technologies such as React, jQuery, and integrates with various third-party services for analytics, advertising, and user engagement. Security is robust with HTTPS enforcement, security headers, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, featuring comprehensive privacy and cookie policies with consent mechanisms aligned with GDPR requirements. Overall, the site demonstrates high professionalism, excellent content quality, and a secure, user-friendly experience.

H

Houzz Inc.

houzz.de

72

Houzz Inc. operates a leading online platform dedicated to home design, renovation, and professional services, targeting both homeowners and industry professionals. The website offers a vast collection of design ideas, professional directories, and software tools for project management and marketing. Its market position is strong, supported by extensive content and a large user base. Technically, the site employs modern web technologies including JavaScript frameworks, third-party integrations like Vimeo and Calendly, and is optimized for performance and mobile use. Security measures are robust, with HTTPS, security headers, and consent mechanisms in place, though no explicit security policy or incident response details are found. Overall, the site demonstrates high professionalism, good privacy compliance, and strong business credibility.

H

Houzz

houzz.fr

64

Houzz.fr is a leading online platform dedicated to home design, renovation, and professional services for both homeowners and industry professionals. It offers a vast library of interior design ideas, professional directories, and software tools tailored for artisans, architects, and designers. The platform is well-established with a strong market presence in France and globally, providing comprehensive content and services to its users. Technically, the website employs modern web technologies including JavaScript frameworks, CDN-hosted assets, and integrations with third-party services such as Google Identity and Salesforce chat. The site demonstrates good performance and mobile optimization, ensuring a positive user experience across devices. From a security perspective, Houzz.fr enforces HTTPS, utilizes security headers, and manages user consent for cookies in compliance with GDPR. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policy and incident response information are not publicly available. Overall, Houzz.fr presents a mature, professional, and secure online presence with strong business credibility. Strategic recommendations include enhancing transparency around security policies and incident response, and continuous monitoring of third-party integrations to maintain security posture.

Z

Zoho Corporation Pvt. Ltd.

statusiq.com

57

The website statusiq.com is operated by Zoho Corporation Pvt. Ltd., offering hosted status pages under the StatusIQ brand as part of the Site24x7 monitoring ecosystem. It targets businesses seeking transparent and real-time incident communication solutions. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, it employs modern web technologies including Bootstrap 4, jQuery, and Zoho Tag Manager, with good mobile optimization and accessibility features. Security posture is strong with HTTPS enforced, secure forms, and cookie consent mechanisms, though some advanced security headers could be added. Privacy policies and GDPR compliance are clearly addressed, enhancing trust. No critical vulnerabilities or blocking mechanisms were detected, and domain registration details align well with the business identity, indicating high legitimacy.