Security Directory

C

Caddle

askcaddle.com

57

Caddle is a Canadian-based market research and consumer insights company specializing in mobile-first data collection and analysis. Positioned as the largest daily active survey panel in Canada, it serves CPG and retail professionals with services including consumer research, ratings and reviews, user-generated content, and receipt data. The company leverages a modern WordPress-based website with integrated HubSpot forms and social media channels to engage its audience. However, the website currently lacks a valid SSL certificate and proper HTTPS configuration, which poses a critical security risk. While the content quality and business credibility are high, the technical implementation and security posture require significant improvements to meet industry standards. Privacy compliance is moderate, with a privacy policy present but no explicit cookie consent mechanism detected. Overall, Caddle demonstrates strong market positioning and professional digital presence but must address security vulnerabilities to enhance trust and compliance.

모

모던 그로스 스택 2025 | Modern Growth Stack 2025

moderngrowthstack.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 26 security findings identified across all modules.

M

Mapon

mapon.com

57

Mapon is a Finnish-based company specializing in fleet management and video telematics solutions, serving a broad range of industries including transportation, logistics, construction, and service companies. Established in 2006 and part of the Draugiem Group, Mapon offers a comprehensive platform integrating GPS tracking, driver behavior analysis, fuel monitoring, and video evidence to optimize fleet operations and enhance safety. The website reflects a mature digital presence with professional design, multilingual support, and extensive product information targeting B2B customers. Technically, the site leverages modern web technologies such as Bootstrap, jQuery, Google Tag Manager, and Cookiebot for consent management, hosted behind Cloudflare. However, the SSL/TLS configuration is currently deficient, lacking a valid certificate and TLS protocol support, which poses a significant security risk and undermines user trust. Security headers are well implemented, and privacy compliance is strong with GDPR-aligned policies and consent mechanisms. The security posture is weakened by the absence of proper HTTPS, which is critical for protecting data in transit and ensuring secure user interactions. Despite this, the site demonstrates good business credibility with clear contact information, certifications, and client references. Overall, Mapon presents as a reputable and professional company with a robust service offering but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

Istabai Ltd operates a smart heating system business focused on providing homeowners with remote heating control, home security features, and energy-saving automation. The company targets environmentally conscious consumers seeking convenience and cost savings through smart home technology. The website presents a professional and consistent brand image with clear product offerings and starter kits. However, the technical infrastructure shows signs of aging with AngularJS and jQuery usage, and the lack of a valid SSL certificate significantly undermines security and user trust. Advertising and analytics tools are integrated, but privacy compliance is lacking due to missing privacy and cookie policies. Overall, the business appears legitimate and established in Latvia with a niche market position in smart home energy solutions.

T

The Trade Desk

transparentadvertising.com

62

The website transparentadvertising.com serves as a Transparency and Control Portal for users to opt out of targeted advertising based on UID2 identifiers derived from their email addresses or phone numbers. It is operated by The Trade Desk, a large technology company specializing in advertising technology. The portal provides a user-friendly form for submitting opt-out requests and includes links to a privacy policy and a vulnerability disclosure page, demonstrating some commitment to transparency and security. However, the site currently lacks a valid SSL certificate, which is a critical security deficiency that undermines user trust and data protection. The technical infrastructure relies on dated technologies such as jQuery and jQuery UI, hosted likely on Amazon AWS, with slow page load times and large page size impacting user experience. Security measures include HSTS and Google reCAPTCHA Enterprise integration, but the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is basic, with no explicit GDPR compliance or cookie consent mechanisms visible. Overall, the site is functional but requires urgent improvements in security and privacy to meet modern standards.

A

Achieve

achieve.com

56

Achieve is a well-established digital personal finance company founded in 1998, specializing in debt resolution, personal loans, and home equity loans. The company positions itself as a leader in the digital finance space, serving over 1.5 million members and resolving over $20 billion in debt. Their website reflects a mature, professional business with comprehensive service offerings and strong trust signals such as high Trustpilot ratings and BBB accreditation. Technically, the site uses modern frameworks like React and Next.js, hosted on Cloudflare, with integrations for analytics and marketing tools. However, the current SSL configuration is invalid, which is a critical security concern that impacts the overall security posture. Privacy and cookie policies are present and include consent mechanisms, indicating good privacy compliance. Overall, the website is well-designed, user-friendly, and content-rich, targeting consumers seeking personal finance solutions.

B

Brainstorm Force

brainstormforce.com

72

Brainstorm Force is a technology company specializing in WordPress themes and plugins, offering products such as the Astra theme, Starter Templates, and Ultimate Elementor. They serve a broad audience including entrepreneurs, professionals, and bloggers, powering millions of websites globally. The company emphasizes innovation, ease of use, and affordability in their product offerings. Technically, the website is built on WordPress with modern plugins and frameworks like Elementor and Yoast SEO, hosted behind Cloudflare for CDN and security. The site is well-optimized for mobile and SEO, with good accessibility features. Security posture is moderate; while strong security headers and HSTS are implemented, the SSL certificate is currently invalid or missing, which is a critical issue. Privacy compliance is good with a clear privacy policy and terms of service, but lacks a cookie consent mechanism. Overall, the website is professional, trustworthy, and credible, with active community involvement and a clear business model focused on WordPress ecosystem products.

P

PandaDoc Inc.

pandadoc.com

61

PandaDoc Inc. is a mature, enterprise-level technology company founded in 2013, specializing in document workflow automation, e-signature solutions, and CPQ software. The company holds a strong market position with over 50,000 clients and offers a comprehensive suite of services including document generation, deal rooms, smart content, automations, and analytics. Their platform integrates with major CRM and payment systems, enhancing business efficiency and customer experience. Technically, PandaDoc employs a modern tech stack with JavaScript, HubSpot forms, Google Tag Manager, and various marketing and analytics tools. The website is hosted on AWS and uses WordPress CMS with WPML for multilingual support. Despite rich content and good mobile optimization, the website suffers from critical security issues due to an invalid SSL certificate and lack of TLS protocols, which significantly impacts its security posture. Security-wise, PandaDoc demonstrates strong compliance with SOC 2, HIPAA, GDPR, E-SIGN, and UETA standards, reflecting a robust security framework. However, the absence of a valid SSL certificate and modern TLS support exposes the site to potential risks. The domain is well-protected and mature, indicating a legitimate and trustworthy business. Overall, while PandaDoc excels in business credibility, content quality, and privacy compliance, it must urgently address its SSL/TLS configuration to improve security and maintain trust. Strategic improvements in SSL deployment and security best practices are recommended to enhance the company's digital security posture.

The website presswhizz.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, which prevents access to any actual site content. The visible page is a standard Cloudflare challenge page indicating that the visitor has been blocked due to triggered security rules. Consequently, no business information, metadata, or user-facing content is available for analysis. The technical infrastructure relies on Cloudflare for DNS and security services, with Google MX records indicating email services via Google Workspace. However, the SSL/TLS configuration is critically deficient, with no valid certificate and no TLS protocols enabled, posing a significant security risk. Security headers are present but cannot mitigate the lack of HTTPS. Overall, the site’s security posture is weak due to missing SSL and inaccessible content. The lack of privacy, cookie, or terms of service policies further reduces compliance and trustworthiness. Due to the WAF block, the AI scoring is capped low, reflecting the inability to perform a full analysis.

S

Smash Digital - SEO Pros with Skin in the Game

smashdigital.com

64

Security assessment completed with an overall score of 0/100 (unknown risk). 9 high-priority issues should be addressed promptly. Total of 28 security findings identified across all modules.

D

Detailed

detailed.com

61

Detailed.com is a mature SEO-focused content platform founded in 1996, providing in-depth SEO analysis, reports, and tools including a popular SEO browser extension with over 430,000 weekly users. The site targets SEO professionals and digital marketers seeking detailed insights into search engine rankings and strategies. Technically, the site runs on WordPress with a modern plugin ecosystem and is hosted behind Cloudflare CDN, but suffers from critical security issues due to an invalid or missing SSL certificate and lack of HTTPS support. Privacy compliance is minimal with no cookie consent mechanism despite use of tracking analytics. Business credibility is strong with consistent branding, testimonials from industry experts, and a clear market niche. Overall, the site offers excellent content quality but requires urgent security improvements to protect users and enhance trust.

1

180 Marketing

180marketing.com

64

180 Marketing is a specialized eCommerce SEO service provider with a mature domain and a strong market position in the eCommerce digital marketing sector. The company offers high ROI SEO services tailored specifically for eCommerce businesses, leveraging extensive industry experience and a focused business model. Their website reflects a professional and trustworthy brand with clear client testimonials, case studies, and recognizable partner logos. Technically, the site is built on WordPress with modern frameworks and performance optimizations, including Cloudflare CDN and WP Rocket caching. Security posture is adequate with HTTPS and some security headers, though improvements such as enabling HSTS and a stronger CSP are recommended. Privacy compliance is basic with a privacy policy and cookie consent mechanism present, but GDPR compliance indicators are limited. Overall, the website is credible, well-structured, and serves its target audience effectively.

S

SEO Optimizers

seooptimizers.com

40

SEO Optimizers is a well-established digital marketing and advertising agency based in Los Angeles, specializing in SEO, paid advertising, social media marketing, and website design. The company targets small to medium-sized businesses seeking to increase online visibility, sales, and leads. With a domain age of 17 years and a strong portfolio of client testimonials and reviews, SEO Optimizers holds a credible market position in the digital marketing sector. The website is built on WordPress and leverages multiple modern marketing and SEO tools, reflecting a mature digital infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation represents a significant security gap, impacting user trust and security posture. While the site includes comprehensive business contact information and structured data, privacy compliance features such as cookie consent mechanisms and GDPR indicators are minimal or absent. Overall, the site demonstrates good content quality and business credibility but requires urgent security improvements to meet modern standards.

M

Moving Traffic Media

movingtrafficmedia.com

40

Moving Traffic Media is a professional digital marketing agency based in Westchester, NY, specializing in SEO, paid media, social media marketing, and AI-powered content solutions. The company targets enterprise and mid-market organizations seeking to amplify their brand authority, traffic, and conversions through data-driven campaigns. Their market position is supported by client testimonials, certifications such as Google Partner and BBB accreditation, and a comprehensive service portfolio. Technically, the website is built on WordPress with the Divi theme and uses modern marketing tools like Gravity Forms and Google Tag Manager. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken the security posture. Security headers are minimal but some best practices like Content-Security-Policy are present. Privacy compliance is basic, with a privacy policy found but no cookie consent mechanism or GDPR indicators. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

S

Sky Internet Marketing

skyinternetmarketing.nl

40

Sky Internet Marketing is a mature, small-sized Dutch internet marketing bureau specializing in SEO, SEA (Google Ads), and website development services. Established in 2012, the company positions itself as a leading SEO expert in its region, supported by a team of seven specialists and strong client testimonials. The website is professionally designed, mobile-optimized, and rich in relevant content, reflecting a high level of digital maturity. Technically, the site runs on WordPress with modern frameworks and integrates marketing and analytics tools such as Google Tag Manager and Ahrefs. Security posture is good with HTTPS enforced, SPF and DMARC policies configured, but there are minor gaps such as missing OCSP stapling and malformed CAA records. Privacy and terms policies are comprehensive and GDPR compliant, with clear contact channels provided. Overall, the site demonstrates strong business credibility and technical implementation, with room for security enhancements.

J

Jolly SEO

jollyseo.com

52

Jolly SEO is a small, specialized service provider focused on delivering earned, white hat backlinks through manual outreach. The company emphasizes sustainable and Google-safe backlink building strategies, targeting businesses and SEO professionals seeking to improve their search engine rankings. The website is built on WordPress using Elementor and integrates marketing tools such as Google Tag Manager and MailerLite. Despite professional content and good design quality, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate and lack of security headers, which significantly impact its security posture. Privacy compliance is minimal, with no visible privacy or cookie policies, and no contact information for security or incident response. Performance is poor, with a very slow page load time. The domain is mature and registered since 2008, consistent with the business's claimed history, but lacks domain protection mechanisms. Overall, the site presents a professional business offering but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Y

Yep

yep.com

55

Yep.com operates as a privacy-focused search engine that uniquely shares advertising revenue with content creators. The business positions itself as a fair and privacy-respecting alternative in the search engine market, targeting users who value privacy and wish to support content creators financially. The website content and branding consistently reflect this mission, with a clear focus on privacy and revenue sharing. The domain is mature, registered since 1999, and hosted via Cloudflare, indicating a stable technical foundation. However, the site suffers from a lack of a valid SSL certificate, which critically undermines user trust and security. The absence of HTTPS and security headers exposes users to potential risks and reduces the overall security posture. Privacy compliance is basic, with privacy and terms policies present but lacking advanced GDPR compliance features or cookie consent mechanisms. Contact information is not explicitly provided, which may affect user trust and support accessibility. Performance is slow, with a high page load time, which could impact user experience negatively. Strategic improvements in security, privacy compliance, and performance are recommended to enhance trust and usability.

Wordcount.com is a web platform operated by Ahrefs offering a suite of free online writing and text analysis tools including word counting, grammar checking, text summarization, keyword extraction, and translation services. The site targets writers, students, professionals, and SEO specialists seeking efficient content creation and editing aids. The platform is well-branded, user-friendly, and provides a comprehensive set of features accessible without mandatory registration, supported by a Chrome extension for real-time metrics. Technically, the site is hosted behind Cloudflare with modern JavaScript tooling but suffers from an invalid SSL certificate and lacks advanced security headers, which poses a critical risk to user trust and data security. Privacy and terms are managed on the parent company Ahrefs' domain, but no cookie consent mechanism is present, indicating partial privacy compliance. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements.

D

Draugiem Group

ideabits.com

55

Draugiem Group is an established technology company based in Latvia, operating since 2006 with a portfolio of successful brands and investments. The company positions itself as a tech group where ideas are transformed into reality, targeting technology professionals, investors, and potential employees. The website reflects a professional and consistent brand image with clear navigation and relevant content about the company’s story, brands, career opportunities, and news. Technically, the site uses modern web technologies including React, Google Fonts, and tracking tools such as Facebook Pixel and Google Tag Manager. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism implemented via OneTrust. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

주

주식회사 에이비일팔공

ab180.co

66

AB180 is a Korean technology company specializing in data-driven marketing solutions and consulting services. The company offers a full funnel marketing platform including proprietary and partner solutions such as Airbridge for mobile marketing attribution, Braze for marketing automation, and Amplitude for product analytics. Positioned as a leading marketing technology provider in South Korea, AB180 serves top domestic enterprises and emphasizes comprehensive consulting from data collection to strategy execution. The website is professionally designed, content-rich, and targets marketing professionals and enterprises seeking advanced marketing analytics and automation tools. Technically, the site leverages modern web technologies including Webflow CMS, Google Analytics, Facebook Pixel, and various JavaScript libraries. While the site uses HTTPS with modern TLS protocols and has valid SPF and DMARC DNS records, it lacks some security headers and HSTS, which could be improved to enhance security posture. Privacy compliance is partial, with a clear privacy policy but no visible cookie consent mechanism. The domain is mature and registered via privacy protection, which is common for tech companies but slightly reduces transparency. Overall, AB180 presents a credible, professional, and technically competent online presence with room for security and privacy enhancements.

U

Unified ID 2.0

unifiedid.com

64

Unified ID 2.0 is an open-source identity solution designed to provide a privacy-conscious, deterministic identity standard for the digital advertising ecosystem. It targets advertisers, publishers, data providers, and demand-side platforms, enabling cookieless personalization, targeting, and measurement. The solution is supported by a strong partner ecosystem including major industry players such as Adobe, Salesforce, and LiveRamp, positioning it as a leading identity framework in the advertising technology sector. Technically, the website is built using modern frameworks like Docusaurus and integrates with Google Tag Manager and Algolia for analytics and search capabilities. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and opt-out mechanisms. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to ensure safe and trusted user interactions.

I

IAB UK

iabuk.com

61

IAB UK is a prominent industry body representing the digital advertising sector in the United Kingdom, uniting over 1,200 members including media owners, agencies, and brands. The organization focuses on building a sustainable future for digital advertising through standards development, research, events, and training. Their website reflects a mature digital presence with comprehensive content, clear navigation, and active engagement with their audience via social media and member resources. Technically, the site is built on Drupal 11 and leverages modern JavaScript libraries and Google Tag Manager for analytics and marketing. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture and trustworthiness. Privacy and cookie policies are present and appear GDPR compliant, supporting responsible data handling practices.

F

Frype.com

frype.com

51

Frype.com is a social networking platform focused on connecting users and facilitating friendships. The website offers login functionality and basic social network features. It appears to be associated with the Draugiem group, a known social network entity, as indicated by footer links. The platform targets general social network users and operates with a small-scale business model. Technically, the site uses custom JavaScript libraries and is hosted behind Cloudflare, but lacks modern SSL/TLS security configurations, which is a critical concern. The absence of privacy and cookie policies, as well as contact information, further impacts trust and compliance. Security posture is weak due to invalid SSL certificates and missing security headers. Overall, the site is accessible but requires significant improvements in security and privacy compliance to meet modern standards.

A

AB180 Inc.

airbridge.io

51

Airbridge is a technology company specializing in mobile measurement platform (MMP) solutions that unify attribution across multiple platforms including Android, iOS, web, PC, and console. Positioned as a transparent and cost-effective alternative to major competitors, Airbridge offers comprehensive services such as predictive LTV analytics, fraud protection, deep linking, and real-time marketing analytics. The company targets app marketers and developers seeking granular insights without paywalls or upsells. Technically, the website is built on Webflow and integrates modern JavaScript libraries and analytics tools like Google Tag Manager and Amplitude, demonstrating a mature digital infrastructure. However, a critical security concern is the invalid SSL certificate and lack of TLS protocol support, which significantly impacts the security posture. Privacy compliance is strong with clear policies and cookie consent mechanisms. Overall, the business presents a professional and trustworthy front but must urgently address SSL and TLS issues to ensure secure user interactions.

B

Blendee S.r.l.

blendee.com

40

Blendee S.r.l. operates a leading Italian marketing automation platform that combines Customer Data Platform and Data Management Platform capabilities to deliver personalized omnichannel marketing experiences. The company targets businesses seeking advanced marketing automation and data analytics solutions, positioning itself as a market leader in Italy and Europe. Their SaaS platform integrates with numerous digital marketing and analytics tools, supporting a comprehensive marketing operating system. Technically, the website is built on Webflow, uses Cloudflare CDN, and incorporates modern JavaScript libraries and tracking tools. However, the SSL certificate is invalid or missing, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the website is professional, content-rich, and trustworthy, but the security configuration requires urgent improvement to ensure secure communications and user trust.

Z

Zip.lv

zip.lv

40

Zip.lv is a well-established Latvian online classified ads platform, operating since 2008, offering a wide range of categories including transport, real estate, jobs, and various goods and services. The website targets Latvian-speaking users seeking a centralized marketplace for buying, selling, and exchanging items and services. It maintains a consistent brand presence and provides clear contact information and comprehensive privacy and cookie policies, demonstrating good compliance with GDPR requirements. Technically, the site utilizes a variety of modern web technologies and third-party services such as jQuery, Google Fonts, FontAwesome, Google Analytics, Facebook SDK, and Stripe for payments. It is hosted behind Cloudflare, indicating a robust hosting infrastructure. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts its security posture and user trust. The security posture is weak due to missing HTTPS, no HSTS, no security headers, and no DMARC or DNSSEC configurations. Despite this, the site employs a detailed consent management platform with extensive vendor disclosures, reflecting a strong commitment to privacy compliance and transparency. The site integrates numerous advertising and analytics vendors, indicating extensive user tracking and data collection practices. Overall, while the business and privacy compliance aspects are strong, the lack of HTTPS and related security measures present a significant risk. Addressing these security gaps is critical to improving user trust and safeguarding data. The site’s performance is slow, likely due to large page size and numerous resources, suggesting opportunities for optimization.

T

Tabular Editor

tabulareditor.com

54

Tabular Editor is a technology company specializing in providing a productivity tool for Analysis Services and Power BI Tabular modeling. Their flagship product, Tabular Editor 3, is positioned as a trusted solution among BI professionals worldwide, offering features to build, debug, and optimize data models efficiently. The website reflects a professional and well-branded presence with comprehensive content, testimonials, and clear calls to action for purchasing or trialing the software. Technically, the site is built on HubSpot CMS with integrations for analytics and marketing, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the business demonstrates strong market positioning and credibility but needs to address critical security issues to improve trust and compliance.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

T

twoday

twoday.dk

40

twoday is a large Danish technology company specializing in digital transformation, AI, software engineering, business applications, and cloud platform services. With over 3,000 specialists and more than 8,000 customers across the Nordic region, twoday positions itself as a leading Microsoft Solution Partner delivering comprehensive IT consulting and digital solutions for private and public sectors. The website is professionally designed, content-rich, and well-branded, targeting organizations seeking advanced technology services. Technically, the site leverages HubSpot CMS and modern JavaScript libraries but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are present but cannot compensate for the missing SSL/TLS configuration. Privacy compliance is strong with clear privacy and cookie policies and a consent mechanism. Overall, the site demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

T

twoday

twoday.lt

54

twoday is a large IT services company based in Lithuania, specializing in advanced software development, software modernization, and business analytics and AI solutions primarily for the Nordic and Northern European markets. The company positions itself as a leading technology partner with a strong focus on SaaS products and digital transformation, serving over 8000 customers with nearly 3000 employees. The website is professionally designed, content-rich, and well-structured, leveraging HubSpot CMS and modern JavaScript libraries for enhanced user experience and marketing analytics. However, a critical security concern is the invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are present and integrated with consent management tools, indicating good privacy compliance. No explicit terms of service or security incident response policies are publicly disclosed. Strategic improvements in SSL configuration and security best practices are recommended to enhance overall security and trust.

T

twoday

twoday.se

40

twoday is a large Nordic IT consultancy specializing in IT consulting, data and AI, software engineering, digital experiences, business applications, and cloud platforms with security focus. The company serves over 8,000 clients in both public and private sectors, supported by a team of 2,700 technology experts. The website is professionally designed, content-rich, and well-structured, targeting large and medium-sized organizations primarily in Sweden and the Nordic region. Technically, the site uses HubSpot CMS, Bootstrap, jQuery, and modern JavaScript libraries, hosted behind Cloudflare. However, the SSL/TLS configuration is currently invalid or missing, which significantly impacts the security posture. Security headers are present but cannot compensate for the lack of valid HTTPS. Privacy compliance is strong with a clear privacy policy, cookie policy, and consent mechanisms implemented via Cookiebot. Contact information is clearly provided including email, phone, and a contact form. Overall, the site is professional and trustworthy but requires urgent SSL/TLS fixes to improve security and trust.

T

twoday

twoday.no

56

twoday is a leading Nordic IT solutions provider specializing in digital transformation, data-driven technologies, and consultancy services for both public and private sectors. The company offers a broad range of services including Data & AI, Software Engineering, Digital Experiences, Business Applications, and Cloud Platforms and Security. Their market position is strong, supported by strategic partnerships with government agencies and recognition as a top employer. Technically, the website is built on HubSpot CMS with modern JavaScript libraries and frameworks, hosted via Cloudflare, and integrates multiple marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled HTTPS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a professional and trustworthy image but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

T

twoday

twoday.com

74

twoday is a large Nordic IT services company specializing in software development, data & AI solutions, consulting, and digital transformation services for public and private sector clients. The company holds a strong market position as a Nordic leader in AI and data engineering, reinforced by strategic acquisitions such as Kaito Insight and major contracts with government agencies. Their website reflects a mature digital presence built on HubSpot CMS, leveraging modern JavaScript libraries and cloud hosting via Cloudflare. Security posture is strong with HTTPS enforcement, security headers, and no detected vulnerabilities, though improvements in HSTS and transparency compliance are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, twoday demonstrates a professional, trustworthy, and technically sound online presence suitable for its B2B audience.

Hyundai Motor Group operates as a major global automotive manufacturer primarily serving the transportation sector. The website analyzed is minimal, consisting solely of a redirect script with no substantive content, metadata, or user-facing information. This limits the ability to assess the company's digital maturity or customer engagement through this domain. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to significant security risks and undermining user trust. No privacy, cookie, or terms of service policies are present, indicating poor compliance posture. Overall, the website appears to be a placeholder or gateway rather than a full corporate site, which restricts comprehensive analysis and suggests the need for significant improvements in web presence and security.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

T

twoday

twoday.fi

40

twoday.fi is the official website of twoday, a large Finnish technology consulting company specializing in digital transformation, data and AI solutions, business applications, and software development. The company serves Finnish enterprises and public sector clients, positioning itself as a leading Nordic technology partner with a strong workforce of 3000 experts. The website is built on HubSpot CMS, hosted behind Cloudflare, and employs modern web technologies and security best practices. Security headers and HTTPS are properly configured, with minor recommendations for enhancement. Privacy and cookie policies are comprehensive and GDPR compliant, supported by a consent mechanism. The site features rich content including client case studies, blog posts, and news updates, reflecting a mature digital presence. Overall, the website demonstrates a high level of professionalism, technical maturity, and security awareness, making it a trustworthy platform for its target audience.

T

twoday Oy

signom.com

65

Signom is a Finnish electronic signature service operated by twoday Oy, providing users with a platform to sign documents digitally using bank credentials. The service targets Finnish-speaking individuals and businesses seeking a quick and easy way to sign documents electronically. The website offers basic content with language options and clear navigation for login and registration. Technically, the site uses standard web technologies including jQuery and Google Fonts, hosted on Google Cloud infrastructure. Performance is moderate with some room for optimization. Security posture is adequate with HTTPS enabled and valid SPF and DMARC DNS records; however, improvements are needed in security headers, HSTS, and certificate transparency compliance. Privacy and cookie policies are present but lack advanced consent mechanisms. Overall, the site is functional and trustworthy but would benefit from enhanced security and privacy features to improve compliance and user trust.

O

Oma Säästöpankki Oyj

omasp.fi

40

Oma Säästöpankki Oyj operates as a Finnish savings bank providing comprehensive banking services to both individual and corporate customers. The company emphasizes personalized customer service through digital channels, direct phone contact, and physical branches. Their market position is that of a trusted, customer-centric financial institution with a strong local presence in Finland. Key services include loans, savings, investments, and digital banking solutions. The website reflects a mature digital infrastructure built on Drupal CMS, hosted on AWS, and integrates modern marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is robust with HTTPS enforced, strong cipher suites, and OCSP stapling, though improvements like TLS 1.3 and HSTS could enhance security further. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the website is professional, trustworthy, and user-friendly, though performance optimization could be improved due to a relatively slow load time.

H

Highspot

highspot.com

59

Highspot is a leading sales enablement platform provider offering a unified, AI-driven solution to improve marketing effectiveness, sales productivity, and revenue growth. The company targets global enterprise customers and provides a comprehensive suite of tools including sales content management, playbooks, buyer engagement, training, coaching, and analytics. Recognized by industry analysts and awards, Highspot holds a strong market position in the technology sector. The website demonstrates a mature digital presence with extensive marketing and analytics integrations, professional design, and comprehensive privacy compliance. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. The site lacks explicit security and incident response policies, which could be improved to enhance overall security posture. Performance is suboptimal with slow load times and large page size, suggesting opportunities for optimization. Strategic recommendations include immediate remediation of SSL/TLS issues, enabling modern security protocols, and enhancing transparency around security policies to strengthen trust and compliance.

J

JAGGAER

jaggaer.com

59

JAGGAER is an enterprise-level provider of AI-powered source-to-pay and supplier collaboration software solutions. The company targets procurement, finance, IT, and supply chain professionals across multiple industries including education, manufacturing, healthcare, and financial services. Their platform integrates a comprehensive suite of tools covering category management, contracts, invoicing, payments, and supply chain collaboration, positioning them as a leading player in the procurement software market. Technically, the website is built on WordPress with the Divi theme and leverages modern JavaScript libraries and plugins for enhanced user experience and content management. While the site employs Cloudflare for CDN and security, the SSL certificate appears invalid or misconfigured, which is a significant security concern. Security headers such as HSTS and CSP are implemented, indicating a good security posture, but the SSL issues reduce the overall security score. The site demonstrates good privacy compliance with clear privacy and cookie policies, including consent mechanisms. Overall, the website is professionally designed, content-rich, and well-structured, supporting a high level of business credibility and trustworthiness.

O

Onninen Oy

onninen.com

54

Onninen Oy is a large technical wholesale company specializing in HEPAC, electrical, refrigeration, and energy products. It serves contractors, industry, infrastructure builders, and retail dealers primarily in Finland and several other European countries through a network of physical stores and electronic channels. The company is part of the K Group, a significant player in building and technical trade with substantial international presence. Technically, the website is built using modern frontend technologies such as React and Next.js and uses Google Tag Manager for analytics. However, the website suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The site also lacks privacy and cookie policies, security headers, and other best practices, which impacts its security posture and privacy compliance negatively. Performance is slow, but mobile optimization and content quality are good, with clear business information and consistent branding. Overall, the website is functional but requires urgent improvements in security and privacy compliance to meet modern standards.

K

Kesko Oyj

k-lataus.fi

40

K-Lataus is a nationwide electric vehicle charging network operated under Kesko Oyj and its subsidiary K-Auto. The service offers a comprehensive network of charging stations across Finland, including basic, fast, and high-power charging options, all powered by renewable energy, primarily domestic wind power. The platform supports both private and corporate customers with features such as mobile applications, RFID tags, and corporate accounts. The website provides extensive content including news, instructions, pricing, and customer support, reflecting a mature and customer-focused business model. Technically, the website is built on Microsoft IIS with ASP.NET backend, uses Contentful CMS for content management, and employs modern JavaScript libraries such as jQuery and lazy loading for images. The site is hosted on Elisa's infrastructure with CDN usage for assets. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a significant security concern. DNS configuration lacks DNSSEC and CAA records, and security headers and best practices are minimal. Security posture is weak due to missing HTTPS and related protections, although no active vulnerabilities like Heartbleed or POODLE were detected. Privacy compliance is good with clear privacy and cookie policies, GDPR adherence, and strong DMARC email policies. Business credibility is high with clear company information, extensive content, and active customer engagement. Overall, while the business and content quality are excellent, the lack of HTTPS and modern security configurations significantly lowers the security score and overall risk posture. Addressing these security gaps is critical to protect user data and maintain trust.

K

Kesko Oyj

k-business.fi

40

K-Business.fi is a Finnish corporate credit card service website operated under Kesko Oyj and issued by Oma Säästöpankki Oyj. The site promotes the K-Business Credit card, which combines Visa credit capabilities with Plussa loyalty benefits and partner discounts. The target audience is Finnish businesses seeking flexible payment solutions with integrated loyalty rewards. The website is built on modern web technologies including Next.js and Contentful CMS, providing a professional and content-rich user experience. However, the site lacks a valid SSL certificate and does not support TLS protocols, which severely impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, but direct contact information such as emails or phone numbers is not explicitly provided, relying instead on contact forms and external links. Overall, the site demonstrates strong business credibility and branding but requires urgent security improvements to protect user data and ensure trust.

B

Becca

hellobecca.com

66

Becca is a hospitality advisory and communications agency with a strong market presence, operating from offices in New York, Los Angeles, and London. The company focuses on shaping stories, honing visions, and growing audiences for hospitality brands, positioning itself as a strategic partner in the hospitality industry. Their key services include communications, experiences, social media, and strategic advisory through their Parrish Co brand. The website reflects a professional and modern digital presence, leveraging WordPress and associated technologies to deliver a rich user experience with strong SEO and social media integration. Security posture is good with HTTPS, modern TLS protocols, and Cloudflare CDN, though some advanced security headers and DNS protections could be improved. Privacy and cookie policies are present and GDPR compliant, with user data collected primarily via secure forms. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its target audience in the hospitality sector.

K

kespro.fi

kespro.fi

40

Kespro.fi appears to be a retail-oriented website associated with the Kesko group, a large Finnish retail company. The site uses modern web technologies such as Angular and monitoring tools like Dynatrace, indicating a moderate level of digital maturity. However, the website content is minimal and largely script-driven, with no visible textual content or metadata such as privacy policies or contact information. The security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, despite the presence of strong security headers like Content Security Policy and HSTS. This creates a significant risk for user data confidentiality and trust. Overall, the site requires urgent improvements in SSL configuration and privacy compliance to meet modern security and regulatory standards.

N

Neste

neste.fi

40

Neste is a leading Finnish energy company specializing in renewable fuels, heating oils, and transportation services. The website targets private consumers and businesses in Finland, offering a broad range of services including fuel retail, electric vehicle charging, car washes, and customer loyalty programs. The company maintains a strong market position with a comprehensive service station network and a focus on sustainability. Technically, the website is built on modern frameworks such as React and Next.js, hosted on Microsoft Azure, and employs advanced cookie consent and optimization tools. However, the SSL certificate is currently invalid or missing, which impacts the security posture. Security headers are well implemented, but improvements in SSL and TLS configurations are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the website is professional, user-friendly, and trustworthy, but addressing SSL issues is critical to enhance security and user trust.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 6 security findings identified across all modules.

B

Becca

beccapr.com

51

Becca is a hospitality advisory and communications agency with a strong market presence in the hospitality sector, operating from offices in New York, Los Angeles, and London. The company offers strategic advisory, communications, experiences, and social services, targeting hospitality brands and businesses seeking to enhance their market relevance and audience engagement. The website reflects a premium brand image with professional design, rich content, and clear navigation, supported by modern web technologies and SEO best practices. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and lack of HTTPS, which significantly impacts the security posture. Privacy and cookie policies are present, indicating some compliance awareness, but no explicit security or incident response policies are found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

O

Onninen Oy

onninen.fi

40

Onninen Oy is a leading Finnish technical wholesaler specializing in HVAC, electrical, refrigeration, and energy products. The company serves professional customers through a comprehensive e-commerce platform and a nationwide network of Express stores. Onninen emphasizes energy efficiency and sustainability, offering a broad range of products including solar panels, heat pumps, and smart home solutions. Their digital maturity is evident with integrated services such as mobile apps, procurement system interfaces, and extensive product information. Security posture is strong with HTTPS, HSTS, CSP, and secure cookie practices. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Onninen presents a professional, trustworthy, and well-structured platform supporting its business operations and customer engagement.

K

Kespro

kespro.com

47

Kespro is a large Finnish foodservice wholesaler owned by Kesko Oyj, serving a broad range of customers including restaurants, hotels, cafes, public institutions, and retail chains. The company positions itself as the largest foodservice wholesaler in Finland, offering extensive product selections and digital services to enhance customer experience. The website reflects a professional and well-branded digital presence with comprehensive content and clear navigation, targeting hospitality and retail sectors in Finland. Technically, the site uses modern JavaScript frameworks such as React and integrates marketing and consent management tools like Google Tag Manager and OneTrust. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and HTTPS is not enabled, exposing users to potential risks. Security headers are absent, and performance is slow with a high page load time. Privacy compliance is strong with clear policies and consent mechanisms. Contact information is complete and prominently displayed, including phone, email, and physical address. Social media presence is active across major platforms. Overall, the site is professional and content-rich but requires urgent security improvements to protect users and enhance trust.