Security Directory

K-Plussa is a comprehensive loyalty program operated by Kesko, a major Finnish retail company. The website serves as a portal for members to access personalized offers, manage their membership, and learn about benefits across a wide network of retail and service partners. The program targets Finnish consumers, including specific segments such as students and shareholders, positioning itself as the leading loyalty program in Finland with extensive partner integration. Technically, the site is built using modern web technologies including React and styled-components, hosted behind Cloudflare, and integrates Google Tag Manager for analytics. However, the site lacks a valid SSL certificate, which severely impacts its security posture. While privacy and cookie policies are well documented and GDPR compliant, the absence of HTTPS and security headers exposes the site to risks. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and maintain trust.

B

Budget Sport

budgetsport.fi

40

Budget Sport is a Finnish-based large retail e-commerce platform specializing in affordable sportswear and equipment. It operates under the parent company Intersport Finland Oy and targets Finnish consumers with a broad product range including running, cycling, football, and golf gear. The website is well-structured with clear navigation, multiple product categories, and a consistent brand presence. Technical infrastructure includes modern web technologies such as lazy loading and templating, hosted via Cloudflare with integration of Google Tag Manager and Google Maps API. However, the site currently suffers from a critical security issue: the SSL certificate is invalid or missing, and TLS protocols are disabled, severely impacting the security posture. Despite this, privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site scores well on content quality and business credibility but requires urgent remediation of SSL/TLS configuration to improve security and trust.

K

K-Auto Oy

k-auto.fi

40

K-Auto Oy is a prominent automotive company in Finland offering a comprehensive range of services including new and used car sales, leasing, financing, maintenance, and repair services. The company operates multiple dealerships across Finland and represents several major automotive brands such as Volkswagen, Audi, Porsche, SEAT, CUPRA, and Bentley. Their business model focuses on providing a seamless customer experience from vehicle acquisition to after-sales services, supported by digital tools and loyalty programs like Plussa. K-Auto is part of the larger Kesko Group, enhancing its market position and operational capabilities. Technically, the website is built on modern frameworks including Next.js and React, hosted via Cloudflare, and managed through the Contentful CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance metrics are moderate. The presence of comprehensive legal and privacy documentation indicates a mature approach to compliance and customer trust. From a security perspective, while the site employs some security headers and uses HTTPS, the SSL certificate is currently invalid or missing, which is a critical vulnerability. The absence of DNSSEC and CAA records further indicates potential areas for security enhancement. No explicit incident response or vulnerability disclosure policies were found. Overall, K-Auto presents a professional and trustworthy digital presence with strong business credibility and customer focus. However, addressing the SSL certificate issues and enhancing security configurations are essential to maintain user trust and comply with best practices.

R

Rautakauppa - K-Rauta

k-rauta.fi

40

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 22 security findings identified across all modules.

T

Taikala Oy

clubway.de

40

Clubway is a cloud-based SaaS platform developed by Taikala Oy, specializing in administrative software for sports clubs. It offers comprehensive features such as member management, course registrations, event scheduling, attendance tracking, financial management, and mobile app support. The company is well-positioned in the European market with over 950 clubs as customers, emphasizing GDPR compliance and user-friendly solutions. Technically, the website leverages modern frameworks like React and Gatsby, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Privacy compliance is strong with clear policies and consent mechanisms. Security weaknesses include missing HTTPS and modern TLS protocols, which are critical to address. Overall, Clubway presents a professional and trustworthy service with room for technical and security improvements.

B

Brookfield Real Estate Income Trust

brookfieldreit.com

64

Brookfield Real Estate Income Trust (Brookfield REIT) is a large-scale real estate investment trust providing individual investors access to private real estate opportunities focused on income generation and capital appreciation. The company leverages a global network of experts and a partnership with Brookfield Oaktree Wealth Solutions to deliver diversified real estate investment products. The website is professionally designed, content-rich, and targets both individual investors and financial advisors with clear calls to action and comprehensive disclosures. Technically, the site is built on Drupal 10, hosted on Pantheon infrastructure, and employs modern web technologies including Google Tag Manager and OneTrust for cookie consent. The site is mobile optimized, accessible, and SEO friendly with structured data enhancing search visibility. Performance is fast with no blocking or WAF detected. Security posture is solid with HTTPS enforced and key security headers present, though improvements are recommended in HSTS configuration and DNS security (DNSSEC, CAA). No critical vulnerabilities or exposed sensitive data were found. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with strong business credibility and trust indicators. Strategic recommendations include enhancing DNS security, strengthening HSTS policies, and publishing explicit security and incident response policies to further improve trust and compliance.

WAcademy Global operates as a technology company specializing in web hosting services, including WordPress and WooCommerce hosting solutions. The website serves primarily as a client login portal and product showcase, targeting customers seeking hosting and related technology services. The business model is service-oriented, leveraging the WHMCS platform for client management and billing. The market position appears to be that of a niche or small-scale hosting provider with a moderate level of branding consistency and basic content quality. Technically, the website employs a WHMCS-based CMS with JavaScript, Google reCAPTCHA for bot protection, and FontAwesome for icons. The SSL certificate is valid but uses an unknown algorithm and a relatively short key length, which may warrant review. Performance is suboptimal with a slow load time and a large page size, and accessibility and SEO optimizations are basic. The site lacks advanced security headers and cookie consent mechanisms, indicating room for improvement in security and privacy compliance. From a security perspective, HTTPS is enforced with a valid certificate, and the login form is protected by invisible Google reCAPTCHA. However, the absence of security headers, DNSSEC, and CAA records, along with no visible vulnerability disclosure or incident response policies, suggests a moderate security posture. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy and terms of service linked externally but no cookie consent or GDPR-specific indicators. Overall, the website presents a functional but basic digital presence with moderate security and privacy practices. Strategic improvements in security headers, SSL configuration, privacy compliance, and performance optimization would enhance trust and user experience. The lack of direct contact emails or phone numbers limits immediate customer support visibility, which could be addressed to improve business credibility.

B

Brookfield

brookfield.com

61

Brookfield is a globally recognized investment firm specializing in managing and investing in high-quality assets across sectors such as renewable energy, infrastructure, private equity, real estate, and credit. The company targets institutional investors, financial advisors, and shareholders, offering a diversified portfolio and long-term value creation. The website reflects a mature digital presence with a professional design, comprehensive content, and multi-language support. Technically, the site is built on Drupal 10, hosted on Pantheon, and integrates modern tools like Google Tag Manager and OneTrust for privacy compliance. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a significant risk. Privacy and cookie policies are well implemented with consent mechanisms, and business credibility is high due to clear branding and detailed investor information. Overall, the site is functional and professional but requires urgent remediation of SSL/TLS issues to improve security and trust.

H

H/Advisors Global Ltd

h-advisors.global

54

H Advisors is a global strategic communications consultancy specializing in enhancing corporate reputation, trust, and impact. The company offers a broad range of services including crisis management, corporate communications, digital strategy, investor relations, litigation support, M&A advisory, public affairs, sustainability, and transformation. With over 40 offices and 1500+ people across 20+ countries, H Advisors positions itself as a trusted partner for organizations navigating complex financial, legal, and regulatory environments. The website reflects a professional and consistent brand image targeting corporate and institutional clients. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as Swiper.js and Choices.js for UI components, along with Friendly Captcha and Tarteaucitron for privacy and consent management. However, the site suffers from a lack of a valid SSL certificate and does not enable HTTPS or modern TLS protocols, which is a critical security deficiency. Performance is slow with a load time exceeding 8 seconds, and no security headers are present, indicating room for significant improvement in security posture. From a security perspective, the absence of HTTPS and security headers exposes visitors to potential risks, undermining trust and compliance with modern web security standards. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is limited to a contact form, with no direct emails or phone numbers publicly listed. The site uses Google Analytics for user tracking with moderate tracking levels. Overall, while the business and content quality are excellent, the technical and security shortcomings significantly impact the website's trustworthiness and user safety. Strategic improvements in SSL deployment, security headers, and performance optimization are recommended to enhance the site's security posture and user experience.

P

Prosek Partners

prosek.com

51

Prosek Partners is a well-established integrated communications and marketing firm with over 30 years of experience, primarily serving clients in finance, investor relations, and related sectors. The company offers a broad range of services including PR, crisis management, digital marketing, and public affairs, positioning itself as a future-focused leader in its industry. The website reflects a professional and polished brand image with comprehensive content and strong SEO and accessibility features. Technically, the site is built on WordPress with modern plugins and integrations but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS enforcement. This significantly impacts the security posture and trustworthiness from a technical perspective. Privacy and cookie policies are present and indicate GDPR compliance, though no explicit security or incident response policies are published. Overall, the site is user-friendly and credible but requires urgent security improvements to protect user data and enhance trust.

M

Momentin Group Oy

momentingroup.com

57

Momentin Group Oy is a Finnish holding company fully owned by the Lehdon family, operating primarily in the hospitality sector with a focus on beverage products and restaurant services. The group comprises approximately 150 experts and leverages over 30 years of industry experience. Their subsidiaries include Brew Seeker, Restaurants, Mallaskoski, eDrinks, Momentin Baltics, and various minority ownerships. The website presents a professional and consistent brand image with good content quality and clear navigation, targeting both B2B and B2C audiences within the hospitality industry in Finland. Technically, the website is built on WordPress with WooCommerce and uses modern frontend technologies such as Bootstrap and jQuery. Hosting is provided via WP Engine with Cloudflare as a CDN and security proxy. SEO is supported by structured data (JSON-LD) and Yoast SEO plugin. However, performance metrics are unavailable, and accessibility is basic. The site is mobile optimized and includes cookie consent mechanisms. From a security perspective, the website has critical deficiencies. There is no valid SSL certificate detected, and no TLS protocols are enabled, resulting in a lack of HTTPS protection. Security headers are partially implemented but could be improved. DNS security features such as DNSSEC and CAA records are missing, and no DMARC record is present for email protection. These issues expose the site to potential interception and phishing risks. Overall, the site scores moderately on content and business credibility but poorly on security posture. Strategic improvements in SSL/TLS deployment, DNS security, and privacy compliance are recommended to enhance trust and protect user data.

The website k-ruoka.fi is currently inaccessible due to a Cloudflare Turnstile human verification challenge page that blocks access to the actual content. As a result, no meaningful business, privacy, or security information can be extracted from the site. The technical infrastructure indicates hosting on Amazon AWS with Cloudflare DNS and security services. However, the SSL configuration is invalid or missing, and no modern TLS protocols are enabled, which is a critical security concern. The site performance is poor with a high load time, and no SEO or accessibility features are detectable. Overall, the security posture is weak due to lack of HTTPS and security headers, and the privacy compliance cannot be assessed due to blocked content. The AI overall score is low at 25 due to these critical issues and content inaccessibility.

Vastuullinentiede.fi is a Finnish government-supported platform dedicated to promoting responsible science, research ethics, and open science within the Finnish research community. It serves as a coordination and informational hub linking several authoritative Finnish scientific and ethical organizations. The website targets researchers, academic institutions, and policymakers, providing articles, events, and guidelines to foster responsible research practices. Technically, the site is built on Drupal 9 with responsive design and uses Matomo for analytics with cookies disabled, reflecting a moderate level of digital maturity. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No privacy or cookie policies were found, and security headers are absent, indicating gaps in compliance and security best practices. Overall, the site is professionally presented with good content relevance and navigation but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

G

Grey Willow Technologies

gwillow.eu

35

Grey Willow Technologies is a small cybersecurity consulting firm based in Latvia, specializing in incident response, strategic readiness, technical assurance, and managed security services. The company positions itself as a trusted cybersecurity consultant helping organizations mitigate threats and recover from security incidents. The website is built on WordPress using Elementor and integrates Google Analytics for user tracking. However, the site lacks a valid SSL certificate, serving content over HTTP, which poses a significant security risk. No privacy or cookie policies are present, and no explicit security or incident response policies are disclosed. Contact information including email, phone, and physical address is clearly provided, along with a LinkedIn social media presence.

P

PricewaterhouseCoopers LLP

taxpackagesupport.com

51

TaxPackageSupport.com is a professional service portal operated by PricewaterhouseCoopers LLP (PwC) providing tax information and support specifically for investors in publicly traded partnerships. The platform offers user registration, secure login, and access to K-1 tax documents, with an optional premium service for enhanced features such as bulk downloads and tracking. The site is clearly branded with PwC identity and targets a niche financial audience requiring specialized tax document access. Technically, the site uses ASP.NET MVC framework, JavaScript libraries including jQuery and FontAwesome, and integrates Microsoft Application Insights for telemetry and Google reCAPTCHA for bot protection. However, the site suffers from a lack of a valid SSL certificate and modern TLS protocols, resulting in a weak security posture. Privacy and terms of service policies are comprehensive and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

1

17Capital

17capital.com

54

17Capital is a specialized private credit manager focused on providing NAV finance solutions to private equity investors and management companies globally. Founded in 2008 and headquartered primarily in the UK and US, the firm has established itself as a leading player in the private equity finance sector, offering a range of financing products tailored to portfolio growth and liquidity needs. The website reflects a professional and content-rich digital presence, leveraging WordPress and WP Engine hosting, with strong SEO and structured data implementations to enhance discoverability and user engagement. However, the technical infrastructure shows gaps in SSL certificate validity and HTTPS enforcement, which undermines security posture despite well-configured security headers. The site integrates multiple marketing and analytics tools, including Google Analytics and HubSpot, but lacks a cookie consent mechanism, indicating partial privacy compliance. Contact mechanisms rely on forms and partner emails, with no direct phone or physical address details prominently displayed. Overall, the website demonstrates high business credibility and professionalism but requires urgent remediation of SSL issues and enhanced privacy compliance to improve security and user trust.

O

Oaktree Capital Management, L.P.

oaktreesicav.com

52

Oaktree SICAV website represents a financial services entity specializing in Luxembourg-domiciled investment funds. The site targets investors seeking diversified investment opportunities managed by an established asset management firm, Oaktree Capital Management, L.P. The business model focuses on fund management and providing market insights. Technically, the site is built on ASP.NET and Sitefinity CMS, leveraging Cloudflare for hosting and security proxying, and uses modern video streaming technologies. However, the site suffers from a critical security flaw due to an invalid SSL certificate and lack of TLS protocol support, which severely impacts its security posture. Privacy compliance is basic with a privacy policy and terms of service present, but no explicit cookie policy page. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and trust.

Oaktree Capital Management, L.P. operates a comprehensive real estate investment platform focusing on undervalued properties with an emphasis on risk control and value-added strategies. The company targets institutional and public investors, leveraging a global footprint and extensive industry expertise to manage and grow real estate assets. The website reflects a mature enterprise with professional content, consistent branding, and a clear business model centered on real estate investment management. Technically, the site uses modern frameworks such as Bootstrap 5 and jQuery, hosted likely behind Cloudflare, and employs Sitefinity CMS. However, performance is slow with a high resource count and long load times. Security posture is weak due to the absence of a valid SSL certificate, lack of security headers, and missing DNSSEC, which significantly lowers the security score. Privacy compliance is well addressed with a cookie consent banner and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements to protect users and data.

O

Oaktree Capital Management, L.P.

oaktreeacquisitioncorp.com

53

Oaktree Acquisition Corp. is a finance-focused platform operating multiple SPAC vehicles to facilitate investment and acquisition transactions. The company is positioned as an established player in the SPAC market, targeting investors and partners interested in SPAC transactions. The website presents clear business information, including multiple SPAC vehicles and recent news updates, reflecting a professional and consistent brand image. Technically, the site uses modern front-end frameworks such as Bootstrap 5 and integrates with Cloudflare for hosting and CDN services. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. Privacy compliance is partially addressed through Evidon cookie consent mechanisms and a privacy policy hosted on the parent domain, but GDPR compliance is not clearly demonstrated. Overall, the website is functional and informative but requires critical security improvements to enhance trust and compliance.

O

Oaktree Specialty Lending Corporation

oaktreespecialtylending.com

53

Oaktree Specialty Lending Corporation operates as a business development company providing investors access to Oaktree Capital Management’s credit platform. The company focuses on generating income and capital appreciation through flexible financing solutions emphasizing risk control and consistency. The website presents a professional and content-rich experience with investor relations, press releases, and market insights. Technically, the site uses modern frameworks such as Bootstrap 5 and is built on Sitefinity CMS, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. The security configuration is weak with no HTTPS, no security headers, and no DNSSEC, exposing the site to potential risks. Privacy compliance is well addressed with Evidon consent management and clear privacy and cookie policies. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance trust.

B

Brookfield Oaktree Wealth Solutions

brookfieldoaktree.com

60

Brookfield Oaktree Wealth Solutions is a prominent investment management firm specializing in alternative investments including real estate, infrastructure, private equity, renewables, credit, and equities. The company leverages the expertise of its parent and partner companies, Brookfield Corporation and Oaktree Capital Management, to provide institutional-caliber solutions to financial advisors and private wealth investors. The website is professionally designed with comprehensive content and clear navigation, targeting a sophisticated financial audience. Technically, the site is built on Drupal 10 and hosted on Pantheon, employing modern web technologies and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. Security posture is moderate; while security headers are implemented, the SSL certificate is invalid, which poses a significant risk. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms in place. Overall, the site demonstrates high business credibility and professionalism but requires urgent SSL certificate remediation to improve security and trust.

Paytrail Oyj is a leading Finnish payment institution specializing in providing a comprehensive range of payment methods for online merchants under a single agreement. The company serves over 20,000 customers including major Finnish banks and large enterprises, positioning itself as a trusted and scalable payment service provider in the Finnish e-commerce and finance sectors. It operates as part of the Nexi/Nets Group, leveraging strong partnerships and brand recognition. The website is professionally designed, content-rich, and targets online merchants, developers, and partners with detailed service information and customer testimonials. Technically, the site is built on HubSpot CMS with modern marketing and analytics tools integrated, including Cookiebot for consent management and Google Tag Manager for tracking. However, a critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts the site's security posture. While security headers and privacy policies are well implemented, the lack of proper HTTPS undermines trust and compliance. Overall, the site demonstrates good business credibility and privacy compliance but requires urgent remediation of SSL/TLS issues to ensure secure operations and maintain customer trust.

T

Taikala Oy

myclub.fi

40

Taikala Oy operates the myClub platform, a leading Finnish SaaS solution designed to streamline sports club management by providing integrated tools for membership management, billing, event organization, communication, and attendance tracking. The company holds a strong market position as the most popular and fastest-growing membership service in Finland, targeting sports clubs and their members. The platform emphasizes ease of use, data protection, and comprehensive service offerings tailored to the sports community. Technically, the website is built using modern frameworks such as Gatsby and React, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear policies and consent mechanisms. However, the absence of key security headers and an invalid SSL certificate reduce the overall security posture. Strategic improvements in SSL management and security hardening are recommended to enhance trust and compliance.

The website apollomatkat.fi is currently inaccessible due to a Cloudflare security challenge page that blocks content access. No meaningful business content, metadata, or contact information is available for analysis. The site lacks a valid SSL certificate and does not support any TLS protocols, which severely impacts its security posture. Although several security headers are present, the absence of HTTPS and the presence of a WAF challenge page limit the ability to assess the website's true content, business model, or compliance status. Performance and technical maturity cannot be evaluated due to the blocked content. Overall, the site appears to be in a preliminary or protected state, preventing external analysis.

M

Momentin Restaurants

momentinrestaurants.com

57

Momentin Restaurants is a Finnish hospitality company operating a portfolio of 10 pubs and restaurants primarily in the Helsinki metropolitan area. The website serves as a booking and informational platform for event spaces, group activities, and dining experiences. The company positions itself as an established local player with 30 years of experience, targeting individuals and groups seeking cozy and versatile restaurant venues. Technically, the website is built on WordPress with modern front-end frameworks like Tailwind CSS and uses plugins for SEO, analytics, and cookie consent. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. The security posture is basic, relying on Cloudflare for CDN and some protection but missing essential TLS configurations and security headers. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page, supporting GDPR requirements. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

E

eSeeker

eseeker.fi

40

eSeeker.fi is an e-commerce platform specializing in beverage products, specifically offering Brew Seeker and Mallaskoski brands. The website targets retail stores and restaurant customers in Finland, providing a 24/7 online shopping experience. The business model focuses on direct online sales to these customer segments. The website content is minimal, primarily serving as a landing page with options to register, login, or browse categories. Technically, the site is built using Express.js on the backend and Bootstrap 4 on the frontend, hosted likely on Google Cloud infrastructure. However, the website lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. Performance data is unavailable, but the site appears basic with limited optimization for mobile and accessibility. From a security perspective, the absence of HTTPS, lack of security headers, and missing HSTS configuration represent significant vulnerabilities. No privacy or cookie policies are present, indicating poor privacy compliance. Contact information is limited to a sales email address, with no phone numbers or physical addresses provided. No incident response or security policy information is found. Overall, the website's security posture is weak, and privacy compliance is poor. The business credibility is moderate due to the presence of a professional domain and branded content but is undermined by security shortcomings. Strategic improvements in SSL deployment, security headers, and privacy policies are essential to enhance trust and compliance.

Tutkimuseettinen neuvottelukunta (TENK) is a Finnish government expert body under the Ministry of Education and Culture focused on promoting good scientific practice and research ethics. The website serves as an authoritative source for research ethics guidelines, news, events, and publications targeted primarily at researchers and academic institutions in Finland. The site is built on Drupal 9 and uses Matomo analytics with cookies disabled, reflecting a moderate level of digital maturity. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Additionally, no cookie consent mechanism is implemented, which may impact GDPR compliance. The site provides clear contact information and maintains consistent branding, supporting its credibility as a government-affiliated entity.

Tiedonjulkistamisen neuvottelukunta (TJNK) is a Finnish government-affiliated organization focused on promoting the societal use of reliable scientific information, freedom of speech, and public trust in science. The website serves as an information hub for their activities including state awards, grants, and ethical guidelines for science communication. The target audience includes researchers, experts, science communicators, and the general public interested in science and research in Finland. Technically, the site is built on Drupal 9 with responsive design and uses Matomo for analytics, but suffers from slow load times and lacks HTTPS security. The absence of a valid SSL certificate and security headers represents a critical security vulnerability, impacting user trust and data protection. Privacy policy is present and likely GDPR compliant, but no cookie consent mechanism or terms of service were found. Overall, the site is professionally designed and content-rich but requires urgent security improvements.

Julkaisufoorumi is a Finnish non-profit platform operated by the Tieteellisten seurain valtuuskunta, providing a publication channel classification system to support research quality evaluation within the Finnish scientific community. The website targets researchers and academic institutions, offering classification data and related news updates. The platform is positioned as a trusted resource within Finland's education and research sectors, with partnerships linked to responsible science and research ethics organizations. Technically, the site is built on Drupal 9 with responsive design and accessibility features, but suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak due to missing security headers and outdated SSL/TLS configurations. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires significant security and performance improvements to meet modern standards.

Avoin tiede is a Finnish national coordination secretariat focused on promoting open science and research practices. It operates under the Tieteellisten seurain valtuuskunta organization and serves researchers, academic institutions, and policy makers by providing guidelines, organizing events, and advocating for open science principles. The website is built on Drupal 9 and uses Matomo for analytics, reflecting a moderate level of digital maturity. However, the site lacks a valid SSL certificate, which impacts its security posture significantly. Privacy policies and contact information are clearly provided, supporting GDPR compliance. The site’s content is rich and professionally presented, targeting Finnish-speaking audiences interested in open science.

T

Tieteellisten seurain valtuuskunta

tieteessatapahtuu.fi

40

Tieteessä tapahtuu is a Finnish scientific magazine published by Tieteellisten seurain valtuuskunta, serving as a platform for interdisciplinary science articles, news, and discussions on science and science policy. The website targets Finnish-speaking academics, researchers, and the general public interested in science. It offers a variety of content including articles, news, series, and reviews, positioning itself as a reputable source in the Finnish science media landscape. Technically, the site is built on Drupal 10 with Bootstrap and jQuery, and uses Matomo for analytics. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak with missing security headers, no HSTS, and no DMARC records. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism despite tracking usage. Contact information is available via email and physical address, but no phone numbers or contact forms are present. Overall, the site is professionally designed with good content quality but requires significant improvements in security and privacy compliance to enhance trust and user safety.

Tieteen päivät is a Finnish non-profit organization that organizes science events aimed at the general public interested in research and science communication. The website serves as an information portal for upcoming events, news, and archives related to the Tieteen päivät event series. The organization positions itself as a key player in science outreach in Finland, hosting events at prominent venues such as the University of Helsinki. The business model focuses on free public engagement with science through events and digital content. Technically, the website is built on Drupal 7 with a range of contributed modules and libraries including jQuery, Nivo Slider, and Colorbox. The site uses Matomo for analytics with cookies disabled to respect privacy. However, the site suffers from slow performance and lacks modern optimizations. Mobile responsiveness and accessibility are basic but functional. From a security perspective, the site has critical deficiencies including the absence of a valid SSL certificate and no HTTPS support, which severely impacts user trust and data security. There are no advanced security headers or email authentication records such as DMARC. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Contact information is available but limited to email and physical address. Overall, the site is functional and informative but requires urgent security improvements to protect users and improve trust. Strategic recommendations include deploying HTTPS, enhancing privacy compliance, and improving site performance and accessibility.

T

Tieteellisten seurain valtuuskunta (TSV)

tieteidentalo.fi

40

Tieteiden talo, operated by Tieteellisten seurain valtuuskunta (TSV), is a Finnish non-profit organization providing rental event spaces in Helsinki to support scientific activities. The website targets event organizers and the scientific community, offering multiple services including venue rental, catering, and streaming. The site is built on Drupal 10 with Bootstrap and uses Matomo for analytics. While content quality and business credibility are good, the technical implementation suffers from slow load times and an invalid SSL certificate, resulting in no HTTPS protection. Security posture is weak due to missing HTTPS, lack of security headers, and no cookie consent mechanism despite tracking usage. Overall, the site is functional but requires significant security and privacy improvements to meet modern standards.

T

Tieteellisten seurain valtuuskunta

tiedekirja.fi

40

Tiedekirja is a Finnish e-commerce bookstore specializing in scientific and academic publications, operated under the auspices of Tieteellisten seurain valtuuskunta (TSV). The website serves a niche market of researchers, students, and science enthusiasts primarily in Finland, offering both online sales and a physical store in Helsinki. The business model focuses on retailing scientific books, journals, and related products, supported by a newsletter and social media presence to engage its audience. Technically, the website is built on the Magento platform, utilizing RequireJS, jQuery, and KnockoutJS for frontend interactivity. It integrates Matomo for analytics and Campaign Monitor for newsletter management. Despite a rich content offering and good mobile optimization, the site suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. From a security perspective, the absence of HTTPS and security headers is a significant vulnerability, exposing users to potential risks. The site does not display explicit security or incident response policies, and DNS security features like DNSSEC and CAA are not enabled. However, privacy compliance is addressed with a cookie consent mechanism and a privacy policy, aligning with GDPR requirements. Overall, while the business is credible and well-positioned in its market, the technical and security shortcomings present risks that should be addressed promptly. Enhancing SSL implementation, security headers, and performance will improve user trust and compliance posture.

T

Tennis-Bistro

tennisbistro.fi

39

Tennis-Bistro is a small hospitality business operating a lunch restaurant and café located in Talin Tenniskeskus, Helsinki, Finland. The website presents the business as a local dining and catering service provider offering buffet lunches, snacks, and a wide selection of drinks. The target audience is local customers and visitors to the tennis center. The business model focuses on hospitality services with an emphasis on buffet and catering offerings. The website is built on WordPress with Yoast SEO plugin, indicating a moderate level of digital maturity. However, the website suffers from slow loading times and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. No privacy, cookie, or terms of service policies are present, indicating compliance gaps. Contact information is clearly provided, including phone, email, and physical address, along with a Facebook social media link. Overall, the website is functional and professionally presented but requires urgent security and compliance improvements.

O

Open Tennis Club

opentennisclub.fi

36

Open Tennis Club is a small, active tennis club based in Helsinki, Finland, focused on providing tennis activities and competitions for adults and young adults. The club organizes its own OTC Cup series and supports both hobbyist and competitive players. The website is built on WordPress and hosted on Cloudpit infrastructure, featuring a modern design with clear navigation and bilingual content in Finnish and English. However, the site lacks critical privacy and cookie policies, and the SSL certificate is misconfigured, which undermines user trust and security. The Google Analytics plugin is installed but not configured, and the Facebook feed integration is broken due to API changes. Security headers and HTTPS best practices are not fully implemented, indicating room for improvement in security posture.

J

Jari Hedman Tennis Company

jarihedmantennis.fi

40

Jari Hedman Tennis Company is a small Finnish business specializing in tennis coaching, tennis travel packages, and corporate tennis events. The company operates primarily in Helsinki and offers seasonal tennis courses and international tennis trips in partnership with travel agencies. The website is built on WordPress and hosted on WordPress.com, utilizing Jetpack and other plugins for functionality. While the site provides rich content and clear contact information, it lacks critical security features such as a valid SSL certificate and security headers, which impacts its security posture negatively. Privacy and cookie policies are not present, indicating compliance gaps. Overall, the website serves its business purpose but requires significant improvements in security and privacy compliance to enhance trust and protect user data.

The website tennishedman.fi is currently inaccessible, returning a 403 Forbidden error with minimal HTML content served by nginx. Due to this access restriction, no meaningful business or content information could be extracted. The domain is registered and uses Amazon AWS DNS services with Microsoft Outlook for mail exchange. The SSL certificate is valid but lacks modern protocol and cipher suite details, and no security headers or HSTS are enabled, indicating a basic security posture. The site performance is slow with minimal resources loaded. No privacy, cookie, or terms of service policies are present, nor any contact or business information. Overall, the website appears to be either under maintenance, restricted, or improperly configured for public access, limiting any further analysis.

H

Helsingin Tennisstadion Oy

talitaivallahti.fi

36

Helsingin Tennisstadion Oy operates the Talin ja Taivallahden Tenniskeskukset, providing tennis facilities, coaching, retail, and event services primarily to the Helsinki community. The website serves as a booking and information portal for tennis players and enthusiasts, offering court reservations, training programs, and related services. The business positions itself as a local sports and hospitality provider with a focus on tennis. Technically, the website is built on WordPress with a modern plugin ecosystem and uses AWS Cloudfront CDN for content delivery. However, the SSL configuration is currently invalid, which undermines secure communications and user trust. The site includes GDPR-compliant privacy and cookie policies with a consent mechanism, reflecting good privacy awareness. Security posture is moderate but requires urgent improvements in SSL and TLS configurations. Overall, the website is functional and professional but needs security enhancements to improve trust and compliance.

I

Intersport Finland

intersport.fi

40

Intersport Finland operates as a leading sports retail brand offering a wide range of sportswear, equipment, and leisure products through both online and physical stores. The company leverages a membership club model to enhance customer loyalty and provides extensive product categories targeting consumers interested in sports and outdoor activities. The website demonstrates a strong market position in Finland with a comprehensive product catalog and active social media presence. Technically, the site uses modern JavaScript libraries and is hosted behind Cloudflare, but lacks a valid SSL certificate, which is a significant security concern. Privacy and cookie policies are well-presented and indicate GDPR compliance. Overall, the site is professional and user-friendly but requires urgent improvements in its security posture to protect user data and build trust.

O

Oaktree Capital Management

oaktreecapital.com

51

Oaktree Capital Management is a global investment firm specializing in alternative investments, including credit, equity, and real estate strategies. The company positions itself as a leader and pioneer in alternative investments, targeting investors and financial professionals. The website presents comprehensive business information, including detailed strategy descriptions, investor resources, and press coverage, reflecting a mature and enterprise-level business model. Technically, the website uses modern frameworks such as Bootstrap 5 and jQuery, with a CMS likely Sitefinity, and integrates marketing and analytics tools like Google Tag Manager and Evidon for cookie consent. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and HTTPS is not properly enabled, severely impacting the security posture. No security headers are present, and advanced SSL features like HSTS and OCSP stapling are missing. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

M

Mallaskoski

mallaskoski.com

53

Mallaskoski is a Finnish brewery with a rich heritage dating back to 1921, specializing in craft beers that emphasize quality, authentic flavors, and respect for Finnish brewing traditions. The company targets beer enthusiasts and horeca businesses within Finland, offering a range of seasonal and specialty beers, horeca supply services, and a brewery restaurant experience. The website reflects a medium-sized business with consistent branding and a professional online presence, including active social media channels and newsletter engagement. Technically, the site is built on WordPress with modern performance optimizations and uses Cloudflare for CDN and security. However, the absence of a valid SSL certificate and HTTPS configuration is a critical security gap. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. The site lacks explicit terms of service and detailed security or incident response policies. Overall, the business demonstrates solid market positioning but requires urgent security improvements to protect user data and enhance trust.

T

TennisClub

tennisclub.fi

40

TennisClub.fi is a Finnish tennis club management platform owned by the Finnish Tennis Association, providing services for players, coaches, and clubs to manage memberships and coaching applications. The website is minimalistic, focusing on user role selection and basic information about the platform. Technically, the site uses common web technologies such as the Yii framework, Bootstrap, and jQuery, but lacks modern security implementations such as HTTPS. The absence of SSL/TLS significantly impacts the security posture and trustworthiness of the site. No privacy, cookie, or terms of service policies are present, and no contact information is provided, which limits user trust and compliance with data protection regulations. Overall, the site is functional but basic, with significant room for improvement in security and compliance.

T

Tieteellisten seurain valtuuskunta

tsv.fi

40

Tieteellisten seurain valtuuskunta (TSV) is a Finnish non-profit organization dedicated to supporting scientific societies and promoting open science practices within Finland. The website serves as an information portal for their services including grant funding, event organization, and scientific communication targeted primarily at the academic and research community. The organization holds a key position nationally as a facilitator of scientific collaboration and open knowledge dissemination. Technically, the website is built on Drupal 7 CMS with a traditional jQuery-based frontend and uses Matomo for analytics. The site is moderately performant with a page load time around 4 seconds and is mobile responsive with good navigation clarity. However, the SSL/TLS configuration is currently invalid, resulting in insecure HTTPS connections, which is a significant security concern. The site lacks modern security headers and cookie consent mechanisms, although DNS email security records like SPF and DMARC are properly configured. From a security perspective, the site demonstrates basic best practices in email security and tracking transparency but falls short in SSL implementation and HTTP security headers. No incident response or vulnerability disclosure policies are publicly available. Contact information is clearly presented, enhancing business credibility. Overall, the site is functional and professional but requires urgent improvements in SSL security and privacy compliance to meet modern standards.

H

Helsingin Tennisstadion Oy

talintenniskeskus.fi

35

Helsingin Tennisstadion Oy operates the Talin ja Taivallahden Tenniskeskukset, two tennis centers located in Helsinki, Finland. The website offers services including court bookings, tennis coaching, equipment sales and maintenance, leagues, and hospitality services such as cafes and restaurants. The business targets tennis players and enthusiasts in the Helsinki area, positioning itself as a local sports facility provider with a medium-sized operation. The site content is well structured and professionally presented, supporting user engagement and service discovery. Technically, the website is built on WordPress with common plugins for SEO, forms, and GDPR compliance. However, performance is suboptimal with slow load times and a large page size. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which poses risks to user data confidentiality and trust. Privacy compliance is well addressed with clear cookie consent mechanisms and privacy policies. Overall, the site demonstrates moderate business credibility but requires urgent security improvements to protect users and enhance trust.

H

HVS-Tennis ry

hvstennis.fi

39

HVS-Tennis ry operates one of Finland's largest tennis clubs, providing coaching, events, and merchandise primarily targeting tennis players of all ages including children, youth, adults, and seniors. The organization maintains a strong digital presence through a WordPress-based website integrated with e-commerce and social media platforms. While the site offers comprehensive content and good GDPR compliance, its technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts security posture. The website's performance is moderate to slow, and security headers are missing, exposing potential risks. Overall, the business demonstrates professionalism and trustworthiness but requires urgent improvements in security to protect user data and enhance trust.

H

HVS Club Oy

hppopen.fi

32

HPP Open is a Finnish tennis event organizer hosting the ATP Challenger tournament in Helsinki, recognized as the largest international tennis event in Finland. The website serves as an information portal for the event, providing schedules, news, ticketing information, and sponsor details. The business operates primarily in the hospitality and sports event sector, targeting tennis fans and the sports community. The company behind the event is HVS Club Oy, with partnerships including the venue Talin Tenniskeskus and various sponsors. Technically, the website is built on WordPress with common plugins for SEO and social media integration. However, the site suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which undermines user trust and data security. Performance is suboptimal with slow load times and a high number of resources, though mobile optimization and SEO practices are reasonably well implemented. Privacy compliance is minimal, lacking cookie consent mechanisms and comprehensive GDPR indicators. Overall, the site is functional and professionally presented but requires urgent security and privacy improvements to meet modern standards.

H

HPP Attorneys

hppattorneys.com

53

HPP Attorneys is a medium-sized Finnish business law firm specializing in comprehensive legal services for domestic and international clients, with a strong focus on cross-border transactions, green transition, and renewable energy projects. The firm holds a reputable market position supported by international legal rankings and a professional online presence. Technically, the website is built on WordPress with Elementor and integrates advanced search and analytics tools, but suffers from slow loading times and lacks a valid SSL certificate, which critically impacts security posture. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the firm demonstrates strong business credibility but must urgently address security vulnerabilities to protect client data and maintain trust.

Asianajaja-akatemia.fi is an educational platform serving members of the Finnish Bar Association, law firm staff, and bar exam students. It operates as a Moodle-based learning management system providing access to online legal training courses. The platform is clearly targeted at legal professionals and students in Finland, offering membership-based access and password recovery features. The website branding and content align with the Finnish Bar Association, reinforcing trust within its niche market segment. Technically, the site uses Moodle LMS with YUI, jQuery, and FontAwesome, hosted by datacenter.fi. However, the site suffers from a lack of HTTPS support due to an invalid or missing SSL certificate, no modern TLS protocols, and absence of security headers, which significantly undermines its security posture. Privacy and terms of service policies are present and comprehensive, supporting GDPR compliance. Overall, the platform is functional but requires urgent security improvements to protect user data and maintain trust.

S

Suomen Asianajajat – Finlands Advokater – Finnish Bar Association

asianajajaliitto.fi

36

Suomen Asianajajat is the Finnish Bar Association, a government-related professional organization regulating and supporting lawyers in Finland. The website serves as an authoritative source for legal professionals and the public, offering information on regulation, education, membership, and legal assistance. The site is multilingual and professionally designed, reflecting a mature digital presence. Technically, it is built on WordPress with modern plugins and hosted on a LiteSpeed server, but lacks a valid SSL certificate, which is a critical security flaw. Email security is well managed with SPF and DMARC records. Overall, the security posture is weak due to missing HTTPS, but privacy compliance and business credibility are strong. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.