Security Directory

C

Celebrus Technologies plc

celebrus.com

53

Celebrus Technologies plc operates a sophisticated digital data and identity platform designed to capture, connect, and activate first-party data across multiple channels in real time. The company targets enterprise clients primarily in financial services, retail, healthcare, telecommunications, and hospitality sectors, offering solutions that enhance marketing personalization, fraud prevention, and compliance adherence. Their market position is strengthened by patented technology, a comprehensive product suite, and ISO 27001 certification, signaling a mature security posture. Technically, the website is built on HubSpot CMS with integrations of modern marketing and analytics tools, though performance is moderate and accessibility is basic. Security analysis reveals a critical gap in SSL/TLS implementation, with no valid certificate and lack of modern TLS protocols, which significantly impacts the security score. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain compliance.

W

Wise

transferwise.com

60

Wise is a leading global fintech company specializing in international money transfers, multi-currency accounts, and investment services. The company operates with a strong regulatory framework across multiple jurisdictions including Belgium, Estonia, Singapore, Australia, Canada, Malaysia, Japan, and Hong Kong. Its platform supports a wide range of currencies and payment methods, serving both personal and business customers worldwide. The website reflects a mature digital presence with comprehensive content, clear navigation, and extensive use of modern web technologies. However, a critical security issue is present due to an invalid SSL certificate and lack of modern TLS protocols, which significantly impacts the security posture. Despite this, the company demonstrates strong compliance with privacy regulations and maintains transparent advertising and analytics practices.

E

Earnnest

earnnest.com

53

Earnnest is a U.S.-based digital payment platform specializing in secure and convenient earnest money and real estate transaction payments. Positioned as the largest digital earnest money service in the country, Earnnest serves a broad audience including agents, brokerages, title and escrow companies, lenders, homebuilders, and MLS organizations. The platform offers multiple products such as the Earnnest App, Earnnest Pro, and escrow services, emphasizing convenience, security, and transparency in real estate payments. The company is trusted by major industry organizations and holds a SOC 2 Type 2 certification, reinforcing its commitment to security and compliance. Technically, the website is built on Webflow and leverages modern web technologies including Google Fonts, Google Analytics, Jetboost, and Cloudflare for hosting and CDN services. The site is mobile-optimized with excellent design quality and user experience. However, performance is currently slow, and accessibility is good but could be improved. SEO practices are good with proper meta tags and structured data. From a security perspective, the site lacks a valid SSL/TLS certificate and does not properly enable HTTPS, which is a critical vulnerability. While some security headers are present, the absence of TLS protocols and HSTS enforcement significantly weakens the security posture. No incident response or security policy information is publicly available. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, Earnnest presents a professional and trustworthy business with strong market positioning and credible trust signals. The primary risk lies in the lack of proper SSL configuration, which should be addressed immediately to protect user data and maintain trust. Strategic improvements in security and privacy compliance will enhance the platform's reliability and user confidence.

S

Spotler

spotler.nl

40

Spotler is a Dutch technology company founded in 2017 specializing in data-driven marketing software solutions. Their product suite includes customer data platforms, AI-powered chatbots, CRM, email marketing automation, and social media management tools. The company serves over 5,000 organizations, positioning itself as a trusted mid-sized player in the marketing technology sector. The website is professionally designed, multilingual, and rich in content including customer case studies and detailed product information. Technically, the site is built on WordPress, uses Cloudflare for hosting and CDN, and integrates modern marketing tools like Google Tag Manager. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS support, which is a critical issue for trust and compliance. Privacy and cookie policies are present and GDPR compliant, and the company holds ISO 27001 certification, indicating a commitment to information security. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

W

Wijzer in geldzaken

financieelfittewerknemers.nl

40

Financieel fitte werknemers is a Dutch government-backed initiative by the Ministry of Finance aimed at helping employers support employees with financial wellbeing. The website provides informational resources, toolkits, e-learning, and guidance to recognize and address financial stress in the workplace. It targets employers and HR professionals in the Netherlands, positioning itself as a niche government platform with consistent branding and good content quality. Technically, the site is hosted on a DigitalOcean IP, served by nginx, and uses modern web technologies including Google Tag Manager and ReadSpeaker for accessibility. However, the site suffers from critical security issues including an invalid or missing SSL certificate and no enabled TLS protocols, which severely impact its security posture. Performance is slow, but mobile optimization and accessibility are good. SEO practices are well implemented. Security-wise, while some best practices like HSTS header presence exist, the lack of valid SSL and TLS support is a major vulnerability. No incident response or security policy pages are found, and DNSSEC is not enabled. Privacy compliance is strong with clear cookie consent and privacy policies aligned with GDPR. Overall, the site is a credible government resource with good content and user experience but requires urgent security improvements to protect user data and trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, fixing DNS CAA records, and enhancing security headers and incident response readiness.

W

Wijzer in geldzaken

weekvanhetgeld.nl

40

Week van het geld is a Dutch national initiative focused on promoting financial literacy among children and youth through educational programs and partnerships with government and financial sector entities. The website serves as an information hub offering thematic packages, guest lessons, explainer videos, and toolkits for schools and parents. The initiative is positioned as a trusted, government-related non-profit with a clear target audience in the education sector. Technically, the website uses a modern stack including nginx, Google Tag Manager, and accessibility tools like ReadSpeaker. However, it suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. The site is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security-wise, the lack of HTTPS and proper SSL configuration is a major vulnerability. While other security headers are partially present, the site does not implement advanced protections such as OCSP stapling or session resumption. No explicit security or incident response policies are published, which could be improved to enhance trust. Overall, the website is functional and professional but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, fixing DNS CAA records, and publishing security policies to improve compliance and user confidence.

W

Wijzer in geldzaken

geldlessen.nl

40

Geldlessen.nl is a Dutch educational platform operated by Wijzer in geldzaken, dedicated to improving financial literacy among school-aged children and youth in the Netherlands. The platform offers a comprehensive range of educational materials, teacher training, podcasts, and subsidy information to support financial education across primary, secondary, and vocational education sectors. It holds a strong market position as a trusted non-profit initiative with consistent branding and a clear mission. Technically, the website is built on a modern stack using nginx, JavaScript modules, and integrates Google Tag Manager and ReadSpeaker for accessibility and analytics. The hosting appears to be on DigitalOcean. The site is well-structured, mobile-optimized, and SEO-friendly, providing an excellent user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. From a security perspective, the site lacks a valid SSL/TLS certificate, uses no modern TLS protocols, and has malformed CAA DNS records. While some security headers like HSTS are present, the overall security posture is weak, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is a credible and professional educational resource but requires urgent security improvements, particularly in SSL/TLS deployment, to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, DNS record corrections, and publishing security policies to strengthen the security posture and compliance.

T

Title Forward

titleforward.com

52

Title Forward is a specialized title and settlement services company operating primarily in the United States, founded in 2012. The company leverages technology combined with traditional expertise to provide title insurance and settlement services across multiple states. Their market position is that of a customer-focused, technology-enabled service provider offering competitive pricing and personal service. The website reflects a professional and consistent brand with clear navigation and relevant content targeted at homebuyers and homeowners. Technically, the site uses modern frameworks such as React and is hosted on AWS infrastructure with CDN support, ensuring moderate performance and good mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business credibility is strong, supported by partner logos and social media presence, but the security weaknesses require urgent remediation.

B

Bay Equity LLC

bayequityhomeloans.com

40

Bay Equity LLC operates as a full-service home mortgage lender in the United States, licensed in 48 states and DC. The company offers a range of home loan products including first-time homebuyer loans, refinancing options, and specialty loans such as FHA, Jumbo, VA, and USDA loans. Their market position is supported by a broad network of local teams and a focus on personalized service through dedicated loan officers. The website is professionally designed with clear navigation and comprehensive content aimed at homebuyers and current homeowners. Technically, the website is built on a modern React and Gatsby framework, hosted on Netlify, indicating a contemporary and scalable infrastructure. While the site is mobile-optimized and includes accessibility features, performance metrics are not available for a complete assessment. The site employs cookie consent mechanisms and integrates third-party marketing and tracking tools responsibly. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability that undermines user trust and data protection. Security headers are partially implemented, but important features like HSTS are not fully enabled. No explicit security or incident response policies are found, and there is no vulnerability disclosure or security.txt file. Overall, the business appears legitimate and well-established, but the critical security issues related to SSL/TLS must be addressed immediately to ensure secure user interactions and compliance with best practices. Strategic recommendations include fixing the SSL configuration, enabling strong security headers, and enhancing transparency around security policies.

A

ApartmentGuide

apartmentguide.com

48

ApartmentGuide is a large-scale online real estate platform specializing in apartment rentals across the United States. It offers a comprehensive apartment search tool with listings, reviews, photos, and floor plans, targeting renters and property managers. The platform integrates with major networks such as Rent.com and Redfin, enhancing its market reach. Technically, the site employs modern web technologies including React and Next.js, hosted on AWS CloudFront CDN, and uses analytics tools like Datadog RUM and Google Tag Manager. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, lack of security headers, and no visible privacy or cookie policies, which raises concerns about user data protection and compliance. The site extensively tracks users without clear consent mechanisms, impacting privacy compliance. Overall, while the business model and technical infrastructure are solid, significant improvements in security and privacy compliance are necessary to enhance trust and protect users.

R

Rent.com

rent.com

48

Rent.com operates as a large-scale online real estate rental marketplace focused on providing users in the United States with access to apartments, houses, condos, and townhouses for rent. The platform offers key services such as property search, saved listings, rental price estimation, and business solutions for landlords. The website is built on modern web technologies including React and Next.js, hosted on AWS CloudFront, and integrates analytics and marketing tools like Datadog RUM and Google Tag Manager. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Additionally, privacy and cookie policies are not detected, and no explicit contact information is provided, which impacts user trust and compliance. The domain registration data aligns well with the business claims, showing consistent DNS and MX records without privacy protection masking. Overall, while the business model and technical infrastructure are solid, the security posture and privacy compliance require urgent improvements to enhance trustworthiness and user safety.

L

Lucid Software Inc.

lucid.app

56

Lucid Software Inc. operates the lucid.app domain, providing a comprehensive visual collaboration suite including Lucidchart and Lucidspark. The company targets teams and enterprises seeking intelligent diagramming and virtual whiteboarding solutions, positioning itself as a leader in the technology sector for collaboration tools. Their business model is SaaS-based with multiple integrated products, serving a global audience with a strong presence in the United States. The website demonstrates excellent content quality, professional design, and consistent branding, supporting a high level of business credibility. Technically, the website is built on modern frameworks such as Angular and integrates various third-party services including Google APIs, Microsoft Teams SDK, and Osano for cookie compliance. Hosting is managed via Akamai CDN, ensuring global availability. However, performance metrics are not available, and accessibility is basic but functional. SEO practices are good with proper meta tags and structured data. Security posture reveals critical issues: the SSL certificate is invalid or missing, and no TLS protocols are enabled, which is a significant risk for user data protection and trust. Security headers are well configured, but the lack of valid HTTPS severely impacts the overall security score. Privacy compliance is good, with a clear privacy policy, cookie consent mechanism, and GDPR compliance indicators. Contact information is transparent and professional, though no explicit incident response or vulnerability disclosure information is found. Overall, while the business and technical maturity are strong, the critical SSL/TLS misconfiguration poses a major risk. Strategic remediation of SSL issues is essential to restore trust and secure communications. The company should also consider publishing explicit incident response and vulnerability disclosure policies to enhance security transparency.

A

airfocus

airfocus.com

53

airfocus is a modular product management SaaS platform designed to help product teams manage strategy, prioritize roadmaps, and align stakeholders effectively. The company positions itself as an enterprise-ready solution with strong integrations such as Jira, targeting product managers and teams seeking flexible and scalable product management tools. The website content is rich, professionally designed, and includes multiple trust indicators such as certifications and customer testimonials, reflecting a mature business presence. Technically, the website is built using modern technologies including React and Gatsby, hosted on Google Cloud infrastructure. While the site demonstrates good SEO and mobile optimization, performance metrics are not explicitly available. Security headers are implemented, but the SSL/TLS configuration is critically flawed with an invalid certificate and no TLS protocols enabled, significantly impacting the security posture. The security posture shows strengths in header implementation and compliance certifications (ISO 27001, SOC2, GDPR), but the lack of a valid SSL certificate and missing cookie consent mechanisms are notable weaknesses. No incident response or vulnerability disclosure information is publicly available, which could be improved to enhance trust. Overall, the website is professional and trustworthy from a business perspective but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and compliance with best practices. Strategic recommendations include fixing the SSL certificate, enabling modern TLS protocols, implementing cookie consent, and publishing incident response details to strengthen security and privacy compliance.

S

Stichting De Friesland

stichtingdefriesland.nl

40

Stichting De Friesland is a Dutch non-profit foundation focused on supporting innovative healthcare projects that improve the quality of care and life for people. The website presents clear information about their mission, supported projects, and application procedures, targeting healthcare organizations and innovators. The foundation appears to have a solid market position within the regional healthcare sector in the Netherlands, with consistent branding and trust indicators such as ANBI status and links to reputable partners like Achmea. Technically, the website is built on Sitecore CMS with Vue.js and jQuery, hosted likely on Microsoft Azure. However, the site suffers from a lack of a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Performance is slow, with a high page load time, and some DNS misconfigurations are present. Privacy compliance is basic but present, with privacy and cookie policies available. Contact information is limited to a contact form, with no direct emails or phone numbers found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

The website pingvp.com currently serves minimal content consisting solely of a JavaScript redirect to https://www.pingvp.com/web/. There is no visible metadata, business information, or user-facing content on the landing page. The domain has valid DNS records including A, MX, and SPF records, indicating basic email and domain configuration. However, the absence of an SSL certificate and HTTPS support is a critical security deficiency. The site lacks privacy, cookie, and terms of service policies, as well as any contact or security-related information. This severely limits trust and compliance posture. Technically, the site runs on an Apache server but does not implement modern security headers or TLS protocols. Overall, the website is in an early or placeholder state with significant gaps in security, privacy, and content quality.

I

Insocial

insocial.nl

40

Insocial is a Dutch-based experience management platform founded in 2012, offering a suite of tools to collect and analyze customer and employee feedback. The company targets businesses aiming to enhance their brand, customer, service, user, and employee experiences through actionable insights and AI-powered analytics. The website is professionally designed, content-rich, and well-structured, leveraging HubSpot CMS and various marketing technologies. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to potential risks. Security headers are implemented, but the lack of HTTPS and malformed DNS CAA records significantly weaken the security posture. Privacy compliance is partially addressed with a privacy policy and GDPR alignment, but no cookie consent mechanism is detected. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the site demonstrates a mature business with good digital presence but requires urgent security improvements.

D

De christelijke zorgverzekeraar

prolife.nl

40

De christelijke zorgverzekeraar is a Dutch health insurance provider focused on integrating Christian values with healthcare services. It operates as part of the larger Zilveren Kruis and Achmea insurance group, offering a range of basic and supplementary insurance products, including dental and mental health care. The website targets the Dutch Christian community, providing comprehensive information, online self-help resources, and customer service support. The company maintains a strong market position with positive customer ratings and active social media engagement. Technically, the website uses modern web technologies including jQuery, Vue.js, and Coveo search integrated with Sitecore CMS. The hosting is managed through Brandshelter DNS services. While the site is well-structured and mobile-optimized with good SEO and accessibility basics, it suffers from critical security shortcomings due to the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts its security posture. Security headers are properly configured, and privacy policies are comprehensive and GDPR compliant, reflecting a mature privacy stance. However, the lack of HTTPS and secure SSL/TLS configuration poses significant risks to user data and trust. The site employs extensive analytics and marketing tools, indicating a high level of user tracking and data collection. Overall, the website is professional and credible from a business perspective but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations to meet industry best practices.

Z

Zorgkantoor Friesland

zorgkantoorfriesland.nl

40

Zorgkantoor Friesland is a regional healthcare office responsible for the execution of the Long-term Care Act (Wlz) in Friesland, Netherlands. The organization provides long-term care advice, manages personal budgets (PGB), and coordinates care providers for consumers in the Friesland region. The website is professionally designed, well-structured, and targets consumers seeking long-term care services. It uses modern technologies including Sitecore CMS, Vue.js, and Coveo search integration, indicating a mature digital infrastructure. However, performance metrics are missing and inferred to be slow, suggesting room for optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a healthcare-related site. Privacy policies and cookie policies are present and GDPR compliant, but no explicit consent mechanism is detected. Contact information is clear with a phone number and contact form available, enhancing business credibility. Overall, the site is trustworthy but requires urgent security improvements to protect user data and comply with best practices.

S

Surfly

surfly.com

55

Surfly is a technology company specializing in universal co-browsing software that enables real-time web collaboration without requiring code changes or downloads. The platform targets enterprises across industries such as insurance, banking, healthcare, and e-commerce, offering APIs and integrations with major CRM and contact center software. Surfly positions itself as a market leader with over 3,000 organizations using its services, emphasizing ease of integration, security, and compliance. Technically, the website is built on Webflow CMS, uses modern JavaScript libraries like Swiper.js and jQuery, and is hosted behind Cloudflare CDN. The site is well-designed, mobile-optimized, and includes comprehensive privacy and cookie consent mechanisms. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. The company demonstrates strong compliance with ISO 27001, SOC, and HIPAA standards, reinforcing trust for enterprise customers. Overall, the website is professional and credible but requires urgent remediation of SSL issues to ensure secure user interactions.

Awin AG operates a global affiliate marketing platform that connects advertisers, publishers, and agencies to facilitate online business growth through affiliate partnerships. The company is positioned as a global leader with a large customer base and extensive publisher network, supported by its parent company Axel Springer Group. The website presents a professional and comprehensive digital presence with clear business offerings and target audiences. Technically, the site uses modern JavaScript frameworks and integrates multiple analytics and marketing tools, hosted on AWS infrastructure with Akamai CDN support. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to user trust and data security. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of SSL issues to improve security and trust.

Outbrain Inc. operates a leading performance marketing platform focused on connecting businesses with engaged audiences through AI-driven content recommendation technology. As a subsidiary of Teads, Outbrain leverages nearly two decades of experience to deliver superior marketing outcomes on the Open Internet. The website presents a professional and well-structured digital presence targeting advertisers and media owners, emphasizing performance, agility, and data-driven results. Technically, the site uses modern web technologies including Google Tag Manager and Wistia for video content, hosted on Fastly CDN infrastructure. However, the security posture is notably weak due to the absence of a valid SSL certificate and lack of TLS protocol support, exposing the site to potential risks and undermining user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no direct contact information or incident response channels are publicly available. Overall, the site is credible and professionally maintained but requires urgent security improvements to align with best practices.

M

Mopinion

mopinion.com

54

Mopinion is a technology company specializing in real-time user feedback software for websites, apps, and email campaigns. Positioned as a market leader, Mopinion offers AI-powered insights, flexible survey templates, and seamless integrations with popular marketing and analytics tools. The company targets digital enterprises and professionals focused on customer experience, UX, and digital marketing. The website is professionally designed, content-rich, and supports multiple languages, reflecting a mature digital presence. Technically, the website is built on WordPress with modern front-end libraries such as jQuery, SwiperJS, and GSAP. Hosting is provided via AWS infrastructure, and marketing tools like Pardot and Google Tag Manager are integrated. While the site is mobile-optimized and accessible, performance metrics are unavailable. SEO practices are well implemented with comprehensive metadata and structured data. From a security perspective, the site implements several security headers but lacks a valid SSL certificate and HTTPS support, which is a critical vulnerability. No major vulnerabilities or malware indicators were found, but the absence of HTTPS significantly reduces the security posture. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms in place. Contact information is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, Mopinion presents a trustworthy and professional digital footprint with strong business credibility and marketing sophistication. However, the lack of valid SSL/TLS is a critical security gap that must be addressed to protect user data and maintain trust.

Stichting De Letselschade Raad is a Dutch non-profit organization focused on improving the personal injury claims process by collaborating with professional parties in the sector. It acts as an independent register and quality overseer, developing behavior codes, guidelines, and providing general information to victims and professionals. The organization is government-supported and recognized within the Dutch legal and healthcare sectors. Technically, the website is built on WordPress with common plugins like Yoast SEO and WP Rocket for performance optimization. However, a critical security shortfall is the lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Privacy and cookie policies are present and GDPR compliant with an opt-in consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

G

Grain Data Consultants

graindata.com

41

Grain Data Consultants is a specialized data consultancy firm based in the Netherlands, focusing on helping businesses leverage online data to increase sales, create relevance, find truth, and gain control through data-driven solutions. Their services include consultancy, data collection architecture, data cleaning and transformation, storage and distribution, analysis, and visualization. The company targets businesses seeking to optimize marketing and sales through advanced data science and machine learning techniques. Technically, the website uses a modern tech stack including nginx, Bootstrap, jQuery, and proprietary tools like Harvest, hosted on TransIP infrastructure. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Security headers are partially implemented but insufficient without proper SSL. Privacy compliance is weak, with no privacy or cookie policy found. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional in design and content but requires urgent security and compliance improvements.

A

Attens Hypotheken

attens.nl

40

Attens Hypotheken is a specialized mortgage provider focusing on employees in the healthcare and welfare sectors in the Netherlands. The company offers tailored mortgage advice and products, including sustainability incentives, positioning itself as a niche player in the finance and real estate sectors. The website content is professionally presented with clear navigation and relevant information for its target audience. Technically, the site uses common JavaScript libraries and tracking tools, hosted likely on Microsoft Azure infrastructure. However, the website lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security flaw. Privacy and cookie policies are comprehensive and include consent mechanisms, reflecting good compliance with GDPR requirements. The absence of direct contact emails or phone numbers on the site reduces immediate contactability but may be intentional to route inquiries through advisors. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and trust.

A

Achmea Bank N.V.

acierfinancieringen.nl

40

Acier Financieringen operates as a trade name of Achmea Bank N.V., providing mortgage financing, insurance mediation, and savings and investment products primarily targeting Dutch homeowners. The company is well-established with regulatory licenses from De Nederlandsche Bank and registration with the Dutch Authority for the Financial Markets, positioning it as a credible financial services provider in the Netherlands. The website content is professionally presented in Dutch, with clear navigation and relevant business information, although no direct contact emails or phone numbers are visible in the provided HTML content. Technically, the website uses jQuery and a consent monitoring script from Harvest Graindata, hosted on Brandshelter infrastructure. Performance is slow with a large page size and long load time, but mobile optimization and navigation clarity are good. However, the absence of a valid SSL certificate is a critical security flaw, exposing users to potential risks. DNS records show a strict SPF policy but malformed CAA entries, and no security headers or advanced TLS features are enabled. Security posture is weak due to missing HTTPS and lack of security policies or incident response information on the site. Privacy compliance is adequate with clear cookie and privacy policies and a consent mechanism. Business credibility is strong given the regulatory disclosures and professional presentation. Overall, the site requires urgent SSL implementation and security hardening to protect users and improve trust. Strategic recommendations include immediate installation of a valid SSL certificate, correction of DNS CAA records, enabling security headers and HSTS, publishing security and incident response policies, and improving site performance to enhance user experience and security posture.

Security assessment completed with an overall score of 0/100 (unknown risk). 5 high-priority issues should be addressed promptly. Total of 19 security findings identified across all modules.

L

Lucid Software Inc.

lucid.co

56

Lucid Software Inc. operates a leading visual collaboration and work acceleration platform designed to empower teams across various industries to innovate and execute faster. The company serves a broad enterprise audience including product, engineering, IT, project management, and executive teams, with a strong presence in the Fortune 500. Their SaaS offerings include virtual whiteboarding, intelligent diagramming, and enterprise accelerators for Agile, cloud, and process improvements. Technically, the website is built on modern frameworks like React and Gatsby, providing a professional and accessible user experience. However, the SSL certificate is currently invalid or missing, which impacts the security posture. Security headers are well implemented, and privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates high professionalism and trustworthiness but should address SSL issues to improve security and user trust.

R

Relay42

relay42.com

54

Relay42 is a European-built real-time Customer Data Platform (CDP) provider focused on enabling marketers to unify customer data and personalize customer journeys across multiple channels. The company targets medium-sized to enterprise clients in sectors such as retail, telecommunications, energy, finance, and hospitality. Their platform offers key services including unified customer profiles, audience segmentation, predictive AI, journey orchestration, and compliance with data privacy regulations. Technically, the website is built on HubSpot CMS, uses Cloudflare for hosting and CDN, and integrates modern marketing and analytics tools like Google Analytics 4 and HubSpot tracking. The site is professionally designed with excellent content quality and navigation, optimized for mobile devices. However, a critical security issue is the lack of a valid SSL/TLS certificate, which undermines the security posture despite the presence of some security headers and compliance policies. Overall, the website demonstrates strong business credibility and privacy compliance but requires urgent improvements in SSL configuration to ensure secure communications.

W

Wijzer in geldzaken

wijzeringeldzaken.nl

40

Wijzer in geldzaken is a Dutch government-backed platform dedicated to providing reliable financial information and education to the public. It targets a broad audience including children, youth, families, workers, and retirees, offering tools, tips, and educational content to improve financial literacy. The platform is supported by the Ministry of Finance and partners from various sectors, establishing it as an authoritative source in the Netherlands for financial guidance. Technically, the website uses standard web technologies with integrations such as Google Tag Manager for analytics. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, while the content and business credibility are strong, the lack of HTTPS and slow performance are key risks that need urgent remediation.

C

Copernica BV

copernica.nl

40

Copernica BV operates a sophisticated online multichannel marketing automation platform targeting technical teams, marketing professionals, and agencies. Their product suite includes the Marketing Suite platform, MailerQ mail transfer agent, and SMTPeter cloud email system, positioning them as a versatile provider in the marketing technology sector. The company maintains a consistent brand presence with comprehensive product information and a partner program, serving primarily the Netherlands market. Technically, the website employs modern JavaScript libraries such as jQuery, Google Tag Manager, and Google reCAPTCHA, alongside a custom SDK. While the site is mobile-optimized and SEO-friendly, performance is hindered by a slow load time and large page size. The absence of a valid SSL certificate critically impacts the security posture, despite no detected vulnerabilities in protocols or libraries. Security-wise, the site lacks key security headers and a valid SSL certificate, which are fundamental for protecting user data and ensuring trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, no explicit security or incident response policies are publicly available, which could be a gap in transparency and readiness. Overall, Copernica BV presents a professional and trustworthy business with strong marketing technology offerings but must urgently address SSL certificate issues and enhance security policies to improve its security posture and user trust.

R

Redfin

redfin.ca

46

Redfin.ca is a professional online real estate platform serving the Canadian market, offering home search, rentals, mortgage services, and local real estate agent assistance. The company is a large, established player in the real estate industry with a strong brand presence and multiple subsidiaries. The website content is rich, well-structured, and targets home buyers, sellers, and renters effectively. Technically, the site uses modern web technologies such as React and integrates with Google Tag Manager and AWS WAF SDK, but suffers from slow load times and lacks a valid SSL certificate, which severely impacts security posture. Privacy policies and cookie consent mechanisms are present and indicate GDPR compliance, enhancing user trust. However, the absence of HTTPS and modern TLS protocols is a critical security vulnerability that must be addressed immediately to protect user data and maintain credibility.

A

Achmea Reinsurance

achmeareinsurance.com

53

Achmea Reinsurance operates as the reinsurance competence centre within the Achmea Group, primarily serving group companies and selectively offering life reinsurance to third parties. The company is positioned as a key risk carrier and advisor within the finance sector, located in Tilburg, Netherlands. The website reflects a professional business presence with clear descriptions of its roles and services. Technically, the site is built on Sitecore CMS with React framework components, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and modern TLS protocols exposes the site to potential risks and undermines user trust. Privacy and cookie policies are present but basic, and no explicit contact emails or phone numbers are published, relying instead on a contact form. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to align with best practices and regulatory compliance.

A

Achmea Real Estate

achmearealestate.nl

40

Achmea Real Estate is a well-established Dutch real estate investment manager with over 60 years of experience managing a large portfolio on behalf of institutional investors. The company focuses on sustainable investments with social impact and financial returns. The website reflects a professional business presence with good content quality and consistent branding. Technically, the site uses modern frameworks such as React and Sitecore CMS, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw. Privacy and cookie policies are present and GDPR compliant, but no explicit contact information or security policies are found. Overall, the security posture is weak due to missing HTTPS and security headers, which poses risks to user trust and data protection. Strategic improvements in SSL deployment and security configurations are recommended to enhance trust and compliance.

A

Achmea Personenschade

achmeapersonenschade.nl

40

Achmea Personenschade is a Dutch insurance-related service specializing in personal injury claims and compensation for insured individuals under Achmea brands such as Interpolis, Centraal Beheer, FBTO, and Avéro Achmea. The website presents a professional and consistent brand image with clear service offerings focused on helping accident victims regain control and receive rightful compensation. Technically, the site uses modern JavaScript libraries and tracking tools but suffers from a critical security flaw due to the absence of a valid SSL certificate, resulting in no HTTPS support and weak security posture. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, the business credibility is high given its affiliation with the reputable Achmea group, but the security shortcomings pose a risk to user trust and data protection.

A

Achmea Pensioenservices

achmeapensioenservices.nl

40

Achmea Pensioenservices is a Dutch pension services provider specializing in pension administration, actuarial, legal advice, and communication services. The company supports pension funds and employers in transitioning to the new Dutch pension system, emphasizing practical and transparent solutions. The website is professionally designed with consistent branding aligned with the Achmea group, targeting pension stakeholders in the Netherlands. Technically, the site uses common web technologies such as jQuery, Bootstrap, and Microsoft Application Insights for analytics. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Additionally, no security headers or advanced TLS protocols are configured, and the site performance is slow with a load time exceeding 21 seconds. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Contact information is available via contact pages but lacks explicit emails or phone numbers in the HTML content. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

A

Achmea

achmeamortgages.nl

40

Achmea Mortgages operates as a specialized financial services provider focusing on mortgage investments within the Dutch market. The company offers investment funds, market insights, and ESG-related reporting, targeting investors and financial professionals interested in mortgage-backed assets. The website reflects a mature business presence with consistent branding and professional content, although direct contact information is not prominently displayed. Technically, the website is built on a modern stack including React and Sitecore CMS, with integrations for consent management and analytics. However, performance is suboptimal with a slow page load time exceeding 12 seconds, which could affect user engagement. Mobile optimization and SEO appear adequate, but accessibility is basic. From a security perspective, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, severely impacting the site's security posture. Additionally, the lack of security headers and modern TLS protocols further exposes the site to risks. Privacy compliance is strong, with clear cookie and privacy policies and a consent mechanism in place. Overall, while the business credibility and content quality are good, the security deficiencies significantly reduce the trustworthiness and safety of the website. Immediate remediation of SSL and HTTPS issues is recommended to protect users and improve the site's security rating.

A

Achmea Investment Management

achmeainvestmentmanagement.nl

40

Achmea Investment Management is a prominent Dutch asset management firm specializing in fiduciary management and impact investing for institutional and private clients. The company operates under the Achmea brand, one of the largest financial services groups in the Netherlands, and offers portfolio construction, risk management, and asset management solutions. The website reflects a professional presence with clear business focus and relevant content targeted at institutional investors and private individuals. Technically, the website is hosted on Amazon AWS infrastructure and uses standard web technologies such as JavaScript, CSS, and HTML5. However, the site suffers from slow load times and lacks modern performance optimizations. Mobile optimization and accessibility are basic but functional. SEO practices are present but could be improved. From a security perspective, the website has critical shortcomings. It lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts user trust and security posture. No security headers or advanced TLS protocols are enabled, and DNS records show malformed CAA entries and missing domain protection locks. Cookie and privacy policies are present and GDPR compliant, but incident response and vulnerability disclosure mechanisms are absent. Overall, the website is functional and professional but requires urgent security improvements, especially enabling HTTPS and correcting DNS configurations, to enhance trustworthiness and compliance.

A

Achmea

achmeainnovationfund.nl

40

Achmea Innovation Fund is a corporate investment initiative focused on supporting startups and scale-ups with proven product-market fit and innovative business models in strategic sectors such as health, mobility, sustainability, and income security. The fund provides capital, access to Achmea's extensive network, and knowledge sharing to accelerate growth and innovation. The website presents a professional and consistent brand image aligned with Achmea, a major Dutch insurance and financial services group. Technically, the website uses modern front-end technologies including Bootstrap and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security and trust concern. The DNS configuration shows some misconfigurations, particularly in CAA and MX records, which could affect email delivery and certificate issuance. From a security perspective, while some security headers like Content-Security-Policy and Permissions-Policy are implemented, the absence of HTTPS and modern TLS protocols severely weakens the security posture. No incident response or security policy pages were found, though a responsible disclosure page is linked. Privacy and cookie policies are present on the parent Achmea domain, indicating GDPR compliance. Contact information is limited to an email address and physical address, with no phone numbers or social media links provided. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS deployment and DNS configuration to enhance security and trustworthiness. Strategic recommendations include obtaining and maintaining a valid SSL certificate, enabling HTTPS, fixing DNS records, and enhancing security headers and incident response information.

A

Achmea

achmeaglobalneth.nl

40

Achmea GlobalNeth is a service provider specializing in claims and risk management for insurers and risk managers, primarily operating in the Netherlands and internationally. The website presents a professional image with clear service offerings and a strong partner network. Technically, the site uses modern frameworks such as React and Sitecore CMS but suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Performance is also a concern due to slow load times. Privacy compliance is well addressed with clear cookie and privacy policies. Overall, the site is credible but requires urgent security improvements to protect user data and enhance trust.

A

Achmea Foundation

achmeafoundation.nl

40

Achmea Foundation is a non-profit organization focused on sustainable social impact in the Netherlands and Sub-Sahara Africa, operating under the parent company Achmea. The foundation delivers impact through funding, volunteering, and community programs. The website is professionally designed and content-rich, targeting stakeholders interested in social projects and collaborations. Technically, the site uses modern frameworks like React and Sitecore CMS, hosted likely on Microsoft Azure infrastructure. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Privacy policies are present and linked to the parent company, indicating good privacy compliance. Overall, the site is trustworthy but requires urgent security improvements to protect users and data.

A

Achmea Bank

achmeabank.nl

40

Achmea Bank is a significant financial institution in the Netherlands, operating as part of the larger Achmea group. It offers a range of financial products including savings, mortgages, and investment services through its brands Centraal Beheer, Acier, and Attens Hypotheken. The website reflects a professional and consistent brand presence targeting Dutch consumers interested in financial products. Technically, the site is built on modern frameworks such as React and managed via Sitecore CMS, hosted likely on Microsoft Azure infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Security headers are present but insufficient without HTTPS. Privacy policies and cookie policies are well documented and GDPR compliant, but no explicit incident response or vulnerability disclosure mechanisms are publicly available. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain compliance.

D

De christelijke zorgverzekeraar

dechristelijkezorgverzekeraar.nl

40

De christelijke zorgverzekeraar is a Dutch health insurance provider focused on integrating Christian values with healthcare services. It operates as part of the larger Zilveren Kruis group, offering basic and supplementary insurance products tailored to its target audience. The website is professionally designed, well-structured, and provides comprehensive information about insurance options, Christian care, and customer services. Technically, the site uses modern technologies including Sitecore CMS, Vue.js, and Coveo search integration, ensuring a good user experience and SEO optimization. However, the security posture is weakened by the absence of a valid SSL/TLS certificate and disabled TLS protocols, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy policies and cookie statements are present and GDPR compliance is indicated, though no explicit consent mechanism was detected. Overall, the site is credible and trustworthy but requires urgent security improvements.

D

De Friesland

defriesland.nl

40

De Friesland is a well-established Dutch health insurance provider offering a range of insurance products including basic, supplementary, dental, and collective insurances. The company targets consumers, employers, and healthcare providers, positioning itself as a large regional insurer under the Achmea group umbrella. The website provides comprehensive information about insurance products, claims, and customer services, supported by a professional design and clear navigation. Technically, the site uses modern technologies such as Vue.js, jQuery, and Coveo Search integrated with Sitecore CMS, hosted likely on Microsoft Azure. However, the website suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. While email authentication mechanisms like SPF and DMARC are properly configured, the lack of HTTPS exposes users to potential risks. The site includes privacy and cookie policies, and a responsible disclosure page hosted on the parent company’s domain, indicating some security awareness. Overall, the site is professional and trustworthy but urgently needs to address its SSL/TLS configuration to ensure secure user interactions.

I

InShared

inshared.nl

40

InShared is a Dutch insurance company specializing in online insurance products such as auto, home, travel, and personal insurances. The company emphasizes transparency, low premiums, and customer-centric digital services. It operates under the parent company Achmea and has a mature market presence since 2009. The website is professionally designed with excellent content quality and clear navigation, targeting Dutch consumers seeking convenient insurance solutions. Technically, the site uses modern web components and tracking tools but suffers from a critical lack of SSL/TLS security, exposing users to potential risks. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. However, the absence of a valid HTTPS certificate significantly undermines the security posture. Overall, the business credibility is high, supported by certifications and positive customer testimonials.

A

Avéro Achmea

averoachmea.nl

40

Avéro Achmea is a well-established Dutch insurance provider specializing in offering insurance solutions through independent advisors to entrepreneurs, employers, and self-employed individuals. As a subsidiary of Achmea, it holds a strong market position in the finance sector, providing a broad range of insurance products including damage, income, and agricultural insurances, complemented by prevention services and direct customer support portals. The website reflects a professional and consistent brand image with comprehensive content tailored to its target audience in the Netherlands. Technically, the site employs a modern technology stack with extensive use of third-party analytics and marketing tools, though it lacks a valid SSL certificate which is a critical security concern. Security headers and policies are well implemented, but the absence of proper HTTPS undermines the overall security posture. Privacy and cookie policies are present and GDPR compliant, enhancing user trust. Overall, the site is functional and credible but requires urgent remediation of SSL issues to improve security and user confidence.

F

FBTO

fbto.nl

40

FBTO is a Dutch insurance provider offering a wide range of customizable insurance products including auto, health, travel, home, and legal assistance insurance. The company operates under the Achmea group umbrella, which strengthens its market position and trustworthiness. The website is professionally designed with clear navigation and good content quality, targeting Dutch consumers seeking flexible insurance solutions. Technically, the site uses a modern tech stack including Sitecore CMS, Azure hosting, and integrates multiple marketing and analytics tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed immediately to protect user data and maintain trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is functional and credible but requires urgent security improvements.

Z

Zilveren Kruis

zilverenkruis.nl

40

Zilveren Kruis is a leading Dutch health insurance provider, part of the Achmea group, offering a wide range of insurance products including basic health insurance, supplementary insurance, dental, travel, car, and home insurance. The website targets consumers primarily in the Netherlands and provides comprehensive information and services related to health insurance. Technically, the site is built on Sitecore CMS with modern JavaScript frameworks like Vue.js and jQuery, and integrates Coveo for search functionality. While the site is well-designed, mobile-optimized, and rich in content, it suffers from critical SSL certificate issues that severely impact its security posture. The presence of strong security headers and extensive privacy policies indicates a mature approach to compliance, but the lack of valid HTTPS and modern TLS protocols is a significant risk. Overall, the domain registration data aligns well with the business claims, supporting the legitimacy of the site. Strategic improvements in SSL configuration and security practices are recommended to enhance trust and security.

I

Interpolis

interpolis.nl

40

Interpolis is a large Dutch insurance company offering a wide range of insurance products and damage prevention solutions targeted at private individuals, businesses, and agricultural customers. The company operates under the parent company Achmea and collaborates with partners such as Rabobank. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency. It leverages a modern technology stack including Sitecore CMS, Microsoft Azure hosting, and multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which are critical issues for an insurance provider handling sensitive customer data. Privacy and cookie policies are present and GDPR compliant, but no explicit terms of service or security policies are found. Overall, the website is trustworthy and credible but requires urgent improvements in SSL/TLS configuration to enhance security.

C

Centraal Beheer

centraalbeheer.nl

40

Centraal Beheer is a well-established Dutch insurance and financial services provider with over 115 years of history, operating under the parent company Achmea. The website offers a comprehensive range of services including insurance products, investment options, savings accounts, pensions, and mortgages, targeting both private individuals and businesses. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, the website uses a modern tech stack including Sitecore CMS, Azure hosting, and various marketing and analytics tools, though performance metrics are not available. Security posture is moderate; while several security headers are implemented, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which poses a significant risk. Privacy compliance is good with clear privacy and cookie policies and GDPR adherence. Overall, the domain registration and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.