Security Directory

G

Guidewire Software, Inc.

guidewire.com

68

Guidewire Software, Inc. is a leading enterprise technology company specializing in Property and Casualty (P&C) insurance software and cloud platforms. Founded in 2001 and headquartered in the United States, Guidewire offers a comprehensive suite of products including InsuranceSuite for policy administration, claims management, and billing, as well as InsuranceNow, a cloud-based platform designed for rapid deployment. The company serves a global market with customers in over 40 countries and maintains a strong presence through partnerships, professional services, and an extensive marketplace ecosystem. Guidewire is recognized as a market leader with multiple industry awards and a robust social media presence. Technically, Guidewire's website leverages modern web technologies such as Next.js and React, hosted on Vercel, and managed via Sitecore CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, providing a professional and user-friendly experience. The use of Marketo forms and integration with marketing and analytics tools like Google Tag Manager and Cookiebot indicates a mature digital marketing infrastructure. From a security perspective, the site employs several security headers and enforces HTTPS, although the SSL certificate is currently invalid, which is a critical issue. The absence of full HSTS enforcement and OCSP stapling are areas for improvement. The company provides clear security and privacy policies, including incident response contact information, reflecting a responsible security posture. No major vulnerabilities or exposed sensitive data were detected. Overall, Guidewire presents a strong business and technical profile with excellent content quality and business credibility. The primary risk lies in the SSL certificate status, which should be promptly addressed to maintain trust and security. Strategic recommendations include enhancing SSL management, fully enabling HSTS, and continuing to strengthen privacy compliance and security best practices.

E

economiesuisse

economiesuisse.ch

60

economiesuisse is the leading umbrella organization representing the interests of the competitive, internationally connected, and responsible Swiss economy. The website provides comprehensive information about their advocacy, publications, news, and events targeting Swiss businesses and policymakers. Technically, the site is built on Drupal 10 and integrates modern tools such as Google Tag Manager and Hotjar for analytics and user tracking. However, the site suffers from a lack of a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While cookie consent and privacy policies are well implemented, the absence of security headers and HTTPS reduces trust and security. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

D

Digital et Assurance

digital-et-assurance.com

53

Digital et Assurance is a specialized French media platform focused on delivering weekly curated news, analyses, and interviews related to innovation in the insurance sector and insurtech developments. It operates under the parent company Eficiens and targets insurance professionals and industry stakeholders. The website is built on WordPress, leveraging plugins such as Yoast SEO and Algolia for search functionality, hosted on OVH infrastructure. While the site offers good content quality and user experience with responsive design, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are present but hosted on the parent domain, and contact information relies on a personal email address, which may affect trust. Overall, the site is functional but requires urgent security improvements to protect user data and enhance credibility.

O

Option finance

optionfinance.fr

40

Option Finance is a well-established French financial media company providing news, analysis, and specialized content for finance professionals. The website serves as a hub for multiple partner publications and offers subscription-based premium content, events, and advertising services. Technically, the site is built on TYPO3 CMS and integrates modern marketing and analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, impacting its security posture. Privacy and cookie policies are present with consent mechanisms, reflecting good compliance practices. Overall, the site offers rich, professional content with a strong brand presence but requires urgent security improvements to protect user data and enhance trust.

F

France FinTech

francefintech.org

40

France FinTech is a prominent French fintech association dedicated to supporting and representing the fintech ecosystem in France. The website serves as a hub for news, events, member information, and initiatives such as educational programs and fintech panoramas. It targets fintech companies, investors, and ecosystem stakeholders, positioning itself as a key national player in fintech advocacy and networking. Technically, the site is built on WordPress using the Divi theme, integrating various plugins for content display, social media feeds, and newsletter management. While the site offers good content quality and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS enforcement, which undermines user trust and data security. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy or terms of service policies. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

A

ADI Nouvelle-Aquitaine

adi-na.fr

40

ADI Nouvelle-Aquitaine is a regional development and innovation agency focused on supporting businesses and territories in the Nouvelle-Aquitaine region of France. The organization provides services including innovation support, project financing, business acceleration, and partner networking to foster sustainable economic growth and transitions. The website reflects a strong regional presence with comprehensive content, clear navigation, and multiple trust signals such as testimonials and partner logos. Technically, the website is built on Drupal CMS, served by nginx, and integrates modern JavaScript libraries like Splide.js and Matomo for analytics. The site is mobile-optimized and accessible, with good SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, limiting the site's security posture. Security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options are present, but the lack of TLS protocols and HSTS reduces overall security. Privacy compliance is well addressed with visible privacy and cookie policies and a consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

A

Altæ Technopole Niort Deux-Sèvres

altae-technopole.fr

32

Altæ Technopole Niort Deux-Sèvres is a regional innovation and entrepreneurship hub based in the Deux-Sèvres region of France. The organization focuses on catalyzing innovation and supporting startups and entrepreneurs through ecosystem animation, tailored accompaniment programs, and promoting territorial attractiveness. The website is built on WordPress using Elementor and Yoast SEO, with a modern but basic technical infrastructure hosted likely on OVH. While the site offers good content quality and SEO optimization, it lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security gap. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is limited to a contact form, with no explicit emails or phone numbers found. Social media presence includes LinkedIn and YouTube. The site integrates Piwik PRO analytics and uses WP Rocket for performance optimization, though performance data indicates slow loading. Security posture is weak due to missing HTTPS and lack of security headers. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, adding security headers, and improving privacy compliance. Overall, the site is functional and professional but requires significant security improvements to meet modern standards.

The website medef79.fr serves as a minimal event landing page for Medef's 2025 event invitation validation, currently displaying a message that the event has ended. The site lacks substantive business information, contact details, or interactive features, indicating a very limited digital presence. Technically, the site is hosted behind Cloudflare DNS but does not have a valid SSL/TLS certificate, resulting in HTTP-only access which severely impacts security posture and user trust. The absence of privacy, cookie, and terms policies further reduces compliance with GDPR and other regulations. Security headers and best practices are not implemented, exposing the site to potential risks. Overall, the website's technical and content maturity is low, with significant room for improvement in security, compliance, and user experience.

F

Finance Innovation

finance-innovation.org

51

Finance Innovation is a French competitive cluster established in 2007, focused on supporting financial startups and innovation. It operates as a membership and partnership network with over 600 members, including startups, large companies, and SMEs. The organization provides services such as visibility, networking, fundraising assistance, and event organization, positioning itself as a leader in the French fintech ecosystem. The website reflects a mature digital presence with structured data, SEO optimization, and multilingual support. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which critically impacts security posture. Despite these issues, the site maintains good privacy compliance with clear cookie consent mechanisms and comprehensive privacy policies. The business credibility is reinforced by government affiliations and a strong partner ecosystem.

P

PLANETE CSCA

planetecsca.fr

40

PLANETE CSCA is a professional syndicate representing insurance brokers in France, providing advocacy, legal assistance, training, and operational tools to its members. The website is well-structured, content-rich, and targets insurance professionals and brokers. Technically, it is built on WordPress with modern technologies such as PHP 8.3, Apache, and integrates SEO and search optimization tools like Yoast SEO and Algolia. The site uses HTTPS with TLS 1.3 and 1.2 protocols, but lacks some advanced SSL security features such as HSTS and OCSP stapling. Privacy and cookie policies are present with consent mechanisms, indicating good GDPR compliance. Contact information is available primarily through a contact page, with no direct emails or phone numbers exposed. Social media presence is active, enhancing trust and engagement. Overall, the site demonstrates a good balance of business professionalism, technical implementation, and security posture.

E

Eficiens

eficiens.com

52

Eficiens is a specialized digital agency focused on the insurance sector, providing services such as website creation and redesign, UX design for insurance quote and subscription journeys, maintenance, email marketing, and digital advertising. The company holds a strong market position in France as a leading digital agency dedicated to insurance and related financial services. Their client portfolio includes major insurance and mutual companies, supported by positive client testimonials and a high customer satisfaction rating. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, but lacks a valid SSL certificate, which is a critical security gap. The absence of HTTPS and security headers exposes the site to potential risks and undermines user trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site demonstrates professional design and content quality but requires urgent security improvements to align with best practices.

The website newsassurancespro.com is currently inaccessible beyond a Cloudflare security challenge page, which blocks access to any substantive content. As a result, no business information, privacy policies, or contact details are available for analysis. The site uses Cloudflare for security and hosting, with a valid SSL certificate but lacks advanced SSL configurations such as HSTS or DNSSEC. The presence of Cloudflare's managed challenge indicates a strong security posture at the perimeter but prevents content inspection. No metadata, forms, or external business links are present in the accessible content. Overall, the site appears to be in a protected state, but this limits the ability to assess its business model, compliance, or user experience.

The website swissre.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that blocks direct access to the actual content. As a result, no business descriptive content, metadata, or contact information is available for detailed analysis. The domain is associated with the finance sector, likely representing a large enterprise given the domain and DNS configuration. The technical infrastructure leverages Cloudflare for security and hosting, with strong security headers and a valid SSL certificate indicating a good security posture. However, DNSSEC is not enabled, and no public security or privacy policies are detectable in the served content. The website employs Cloudflare Insights for minimal analytics tracking. Overall, the site is well protected but currently inaccessible for content and compliance evaluation due to the WAF challenge.

G

GFT Technologies SE

gft.com

63

GFT Technologies SE is a global technology company specializing in digital transformation and IT modernization services, primarily serving the banking, insurance, and manufacturing sectors. The company leverages advanced technologies such as cloud computing, AI, blockchain, and IoT to deliver innovative solutions that help enterprises stay competitive. Their strong partner ecosystem includes major cloud providers and fintech innovators, reinforcing their market position. Technically, the website is built on modern frameworks like Vue.js and managed via Magnolia CMS, with integrations for analytics and consent management tools such as Google Tag Manager, Microsoft Clarity, and Cookiebot. While the site is mobile-optimized and well-structured for SEO and accessibility, performance metrics were not available. The hosting is supported by Fastly CDN, ensuring global content delivery. From a security perspective, the site implements several best practices including a Content Security Policy, secure cookie flags, and security headers. However, the SSL certificate is invalid or missing, and modern TLS protocols are not supported, which significantly impacts the security posture. No explicit security policy or incident response information is publicly available, and no vulnerability disclosure or security.txt file was found. Overall, the website presents a professional and trustworthy image with comprehensive privacy and cookie policies, but the lack of valid SSL and modern TLS support are critical issues that should be addressed promptly to improve security and user trust.

W

Wevioo

wevioo.com

40

Wevioo is an international consulting company specializing in digital transformation, IoT, and innovation, serving major clients in banking, insurance, industry, logistics, and public sectors. The website is built on Drupal 8 and hosted on OVH infrastructure, leveraging modern web technologies such as Bootstrap and jQuery. While the site offers good content quality, clear navigation, and social media integration, it critically lacks HTTPS support, exposing visitors to security risks. The presence of cookie consent and privacy policies indicates some GDPR compliance, but absence of terms of service and security policies reduces overall trust. Strategic improvements in security posture and SSL implementation are essential to enhance user trust and compliance.

D

DARVA

darva.com

55

DARVA is a French software platform editor specializing in innovative service platforms that connect insurers, their partners, and clients across automotive, habitation, and health insurance sectors. The company offers a suite of solutions including claims management platforms, electronic invoicing, contract termination solutions, and partner network creation tools. DARVA maintains a medium-sized presence with a consistent brand and a strong client base in the insurance industry. Technically, the website is built on WordPress with modern SEO and privacy tools such as Yoast SEO and Cookiebot, and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to risks and undermining trust. The DNS configuration shows partnerships with email security providers like Vade Secure and Oodrive. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, DARVA presents a professional and trustworthy online presence but must urgently address its SSL/TLS deficiencies to improve security posture and user trust.

S

Stelliant

stelliant.com

55

Stelliant is a large French company specializing in comprehensive insurance-related services including risk prevention, expertise, client relations, post-claim solutions, crisis management, and innovation through dedicated campuses and labs. With approximately 3000 employees, it positions itself as a major player offering agile and personalized services to insurance professionals and clients. The website is built on WordPress with modern plugins and SEO optimizations, providing a professional and user-friendly experience with clear navigation and multilingual support. However, the technical infrastructure shows weaknesses in security, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts the security posture. Security headers are partially implemented but insufficient to compensate for the missing TLS security. Privacy compliance is weak, with no visible privacy or cookie policies and no GDPR compliance indicators. Contact information is available via email and contact forms, and social media presence is established on major platforms. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to meet modern standards.

I

innovAARE AG

parkinnovaare.ch

36

innovAARE AG operates the Park Innovaare, a high-tech innovation and industrial park in Switzerland focused on accelerating deep-tech research and commercialization. The park provides modern office, laboratory, and specialized research spaces, along with community and networking services to startups, SMEs, and R&D departments. The website is professionally designed, content-rich, and well-structured, targeting innovation ecosystem participants. Technically, the site uses TYPO3 CMS with modern frontend libraries and is hosted by cyon AG. However, a critical security gap is the lack of HTTPS/SSL, exposing users to risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Business credibility is strong with clear contact details and legal information.

Switzerland Innovation Park Biel/Bienne AG is a private Swiss non-profit organization focused on applied research and development, bridging the gap between research and industry. It operates as part of the Switzerland Innovation Foundation network, promoting innovation, startups, and research investment in Switzerland. The website is professionally designed using WordPress and Elementor, showcasing multiple research centers, projects, and partnerships. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The overall security posture is basic with room for significant improvement in SSL/TLS configuration and security headers.

S

Switzerland Innovation Park Basel Area AG

sip-baselarea.com

40

Switzerland Innovation Park Basel Area AG operates a comprehensive innovation hub and coworking space platform focused on healthcare, life sciences, and technology sectors in Switzerland. The company provides flexible workspace solutions including ready-made offices, coworking spaces, lab spaces, and customizable workspaces tailored to startups, SMEs, and research institutions. Positioned as a key player in the Basel Area innovation ecosystem, it supports collaboration and growth through community building and event hosting. Technically, the website is built on WordPress with modern plugins and tracking tools, but lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. The site is professionally designed with excellent content quality and user experience, though performance data is limited. Security weaknesses include missing HTTPS, HSTS, DMARC, DNSSEC, and vulnerability disclosure mechanisms, which should be prioritized to improve trust and compliance. Overall, the business demonstrates strong market positioning and digital maturity but requires urgent security enhancements to protect user data and maintain credibility.

U

UserScape

laracon.net

51

Laracon Online is a prominent digital event focused on the Laravel web framework community, produced by UserScape and Laravel News. It offers free streaming of new talks and keynotes from influential Laravel figures, targeting developers and enthusiasts worldwide. The website is professionally designed with excellent content quality and clear navigation, supporting community engagement through partnerships and viewing parties globally. Technically, the site uses modern frontend technologies and is hosted behind Cloudflare, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are present, but the absence of TLS protocols and HSTS reduces the security posture. Privacy and cookie policies are missing, and no direct contact information is provided, limiting compliance and user trust aspects. Overall, the site is functional and credible but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

T

Thermostat

thermostat.io

68

Thermostat.io is a specialized SaaS provider offering Net Promoter Score (NPS) survey software designed to simplify customer satisfaction measurement through one-question surveys. The company targets businesses, particularly SaaS and e-commerce, seeking actionable customer feedback with flexible survey administration methods including email, popup, link, and API. The website demonstrates a professional and consistent brand presence with clear pricing tiers and a 30-day money-back guarantee, positioning itself as a trustworthy niche player in the customer feedback software market. Technically, the site leverages modern frontend frameworks such as Alpine.js and Livewire, is hosted behind Cloudflare with a valid SSL certificate and strong security headers, and integrates with third-party services like Zapier and Fathom Analytics for marketing and analytics. However, privacy compliance is basic, with no cookie consent mechanism and a privacy policy hosted on a third-party domain. Security posture is good but could be improved with DNSSEC, CAA records, and published incident response policies. Overall, the website is well-implemented, secure, and credible but would benefit from enhanced privacy and security transparency.

U

UserScape, Inc.

helpspot.com

45

HelpSpot, operated by UserScape, Inc., is a specialized help desk software provider focused on transforming chaotic email support into an efficient, unified system. Established in 2005, the company targets businesses and organizations that require streamlined customer support solutions. Their offerings include email ticketing, automation, reporting, and self-service portals, available as both cloud-hosted and on-premise deployments. The website demonstrates strong branding, comprehensive content, and a professional user experience, positioning HelpSpot as an affordable and customizable alternative in the help desk software market. Technically, the site uses modern web technologies such as Alpine.js, Livewire, and Cloudflare CDN, hosted on AWS infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation significantly impacts the security posture. Security headers are present, but critical TLS protocols and encryption are missing, exposing the site to potential risks. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are not evident. Overall, while the business and technical maturity are solid, the lack of HTTPS is a critical vulnerability that must be addressed to ensure trust and security.

P

PowerDNS

powerdns.com

63

PowerDNS is a well-established provider of secure open-source and commercial DNS software solutions, targeting large-scale DNS service providers such as mobile operators, broadband providers, enterprises, and hosting companies. The company emphasizes stability, security, and performance, boasting a decade without a Severity 1 support case. Their offerings include DNS resolving, infrastructure DNS, parental controls, malware protection, and DNS solutions tailored for 5G networks. The website is professionally designed, content-rich, and well-branded, with active blog updates and case studies highlighting partnerships with major industry players. Technically, the site uses HubSpot CMS, Cloudflare CDN, and modern web technologies, but suffers from a critical security issue due to an invalid SSL certificate and lack of modern TLS protocol support. Security headers and policies are well implemented, but the absence of a cookie consent mechanism and visible contact information slightly reduce privacy compliance and user trust. Overall, the site demonstrates a strong market position and technical maturity but requires urgent SSL and privacy improvements.

L

Lander Systems

landersystems.com

51

Lander Systems is a technology company specializing in developing software products that automate, integrate, and streamline business workflows. Their product suite includes ActivitySource, Cloudfuse, Momentum, and Forms, targeting businesses seeking to improve operational efficiency. The website is built on modern web technologies including React and Next.js, hosted on Vercel and served via Cloudflare CDN. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism or terms of service. Contact information is limited to a web form without direct emails or phone numbers. Overall, the site presents a professional image but requires urgent security improvements to protect user data and enhance trust.

The website roomies.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content, including business descriptions, policies, or contact information. The SSL configuration is valid and secure with HSTS enabled, indicating good baseline security practices at the infrastructure level. However, the lack of accessible content and metadata severely limits the ability to assess the business model, technical maturity, or compliance posture. The website performance is poor due to the challenge page load time, and no privacy or security policies are visible. Overall, the site is effectively blocked from analysis, resulting in a low AI score and limited insights.

B

Bifrost Technology, LLC

nativephp.com

50

NativePHP, operated by Bifrost Technology, LLC, is a technology company focused on enabling PHP and Laravel developers to build native desktop and mobile applications using familiar tools. The website positions itself as a niche provider in the cross-platform native app development space, supported by a community and corporate sponsors. Technically, the site uses modern frontend technologies such as Alpine.js, GSAP, Livewire, and Tailwind CSS, hosted behind Cloudflare. However, the site suffers from a critical security issue: it lacks a valid SSL certificate and does not support HTTPS, which severely impacts its security posture. Privacy and cookie policies are absent, and no direct contact information is provided, which may affect compliance and user trust. Overall, the site is professionally designed with excellent content quality and user experience but requires urgent security and compliance improvements.

U

URL Networks

url.net.au

49

URL Networks is an Australian telecommunications provider specializing in business telephony and internet services, including hosted cloud PBX, SIP trunking, and various internet connectivity plans. The company positions itself as a trusted provider for businesses seeking stress-free telecommunications solutions. Their website is built on WordPress with modern plugins and tools, targeting Australian business customers with a focus on cloud and virtualized telephony services. The site includes detailed service descriptions and multiple contact channels, including phone, email, and social media. Technically, the website uses a WordPress CMS with Elementor, Yoast SEO, and several marketing and analytics tools such as Google Tag Manager and Chatlio live chat. Hosting appears to be on AWS infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Performance data is missing, and no cookie consent mechanism is present, indicating limited privacy compliance. Security posture is weak due to the absence of HTTPS, no security headers, and no modern TLS protocols enabled. While no active vulnerabilities like Heartbleed or POODLE are detected, the lack of encryption exposes users to significant risks. Privacy policy is present and comprehensive but GDPR compliance is uncertain due to missing cookie consent. Incident response and security policies are not published. Overall, the website is functional and professionally designed but requires urgent security improvements, especially enabling HTTPS and implementing security best practices. Privacy compliance should be enhanced with cookie consent mechanisms. Business credibility is supported by clear contact information and social media presence, but security gaps reduce trustworthiness.

The website tixel.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page employing Turnstile captcha verification. This prevents access to any substantive content, metadata, or business information. The SSL configuration is valid and strong with HSTS enabled, but DNS security features like DNSSEC and CAA are not enabled. No privacy, cookie, or terms of service policies are detectable, nor is any contact information or structured data present. The site uses Cloudflare as a hosting and security provider, with external dependencies on Google mail services and marketing tools such as Sendinblue and Facebook tracking pixels. Performance is poor due to the challenge page, and no SEO or accessibility optimizations are evident. Overall, the site’s security posture is good in terms of SSL and HSTS but lacks DNS security and transparency policies. Due to the WAF blocking, the analysis is incomplete and scores are heavily penalized.

C

ClickHouse, Inc.

clickhouse.com

62

ClickHouse, Inc. operates a leading open-source column-oriented OLAP database management system designed for real-time analytical data processing using SQL queries. The company offers both open-source software and managed cloud services across major cloud platforms including AWS, GCP, and Azure. Their market position is strong, supported by a large developer community and enterprise customers such as Meta, Microsoft, and Spotify. The website demonstrates excellent content quality, professional design, and comprehensive resources targeting developers and enterprises requiring scalable real-time analytics solutions. Technically, the site uses modern frameworks like Next.js and React, with Cloudflare CDN for hosting and performance optimization. Security headers are well implemented, but the SSL/TLS configuration is currently inadequate, lacking valid certificates and modern protocols. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Contact information is primarily via forms, with no direct emails or phone numbers publicly listed. Overall, the website is professional and trustworthy but should improve SSL/TLS security to enhance user trust and security posture.

N

Nucleus

nucleus.com.au

61

Nucleus is a small Australian creative agency specializing in branding, design, digital communications, video production, and strategic marketing services. The company operates primarily in the media sector with offices in Adelaide and Melbourne, targeting businesses seeking comprehensive creative solutions. Their website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the site leverages modern web technologies including Google Analytics, LinkedIn Insight, Vimeo embeds, and Cloudflare hosting, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enabled and CSRF protections, though improvements such as HSTS and cookie consent mechanisms are recommended. Privacy compliance is basic with a privacy policy present but lacking detailed GDPR adherence indicators. Overall, the site is functional, trustworthy, and professionally maintained, scoring well across content, technical, and business credibility metrics.

I

Institut Polytechnique de Paris

ip-paris.fr

40

Institut Polytechnique de Paris is a leading French higher education and research institution that unites five prestigious engineering schools to deliver world-class science and technology education. The website reflects a strong focus on education, research, innovation, and entrepreneurship, targeting students, researchers, entrepreneurs, and companies. The digital infrastructure is built on Drupal 10 with modern PHP and includes integrations for analytics and consent management. However, the security posture is weakened by the absence of a valid SSL certificate and proper HTTPS configuration, which is a critical vulnerability. Privacy compliance is well addressed with clear cookie management and privacy policies. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 8 security findings identified across all modules.

N

Niort Numeric

innn.fr

39

The website innn.fr represents Niort Numeric's flagship event focused on digital innovation, InsurTech, and risk management, held in Niort, France. It serves as a platform for networking, showcasing startups, and hosting conferences, targeting professionals and decision-makers in the insurance and technology sectors. The site is well-branded, content-rich, and optimized for SEO with structured data and social media integration. Technically, it is built on WordPress with modern JavaScript libraries for UI components and uses OVH as the hosting provider. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. The site implements cookie consent via Piwik PRO, indicating good privacy compliance practices. Overall, the site is professional and functional but requires urgent security improvements.

U

UserScape, Inc.

userscape.com

65

UserScape, Inc. is a small technology company founded in 2005 that specializes in developing software products such as HelpSpot (help desk software), LaraJobs (Laravel job board), and Thermostat (NPS survey software). They are deeply embedded in the Laravel PHP community, organizing official conferences and job boards, positioning themselves as a niche player with a strong community focus. The website reflects a professional and consistent brand with good content quality and clear navigation, targeting businesses and developers within the Laravel ecosystem. Technically, the website uses modern frontend technologies including Tailwind CSS and ES modules, hosted behind Cloudflare. However, the site suffers from a lack of a valid SSL certificate and does not support HTTPS, which is a critical security flaw. Performance is moderate, and mobile optimization is good, but accessibility and SEO optimizations are basic. No CMS or advanced analytics tools were detected. From a security perspective, while email security is well configured with SPF and DMARC policies, the absence of HTTPS, security headers, and other best practices significantly lowers the security posture. No incident response or security policy information is available, and no cookie or privacy consent mechanisms are implemented, indicating gaps in privacy compliance. Overall, the site is functional and professional but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect user data.

P

Pix

pix.org

40

Pix.org is a multilingual website offering localized content primarily in English and French, including regional variants for Belgium and France. The site appears to be an educational or informational platform branded as 'Pix', targeting a broad audience seeking language-specific access. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js and a headless CMS (Prismic), with analytics provided by Matomo and Plausible. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which critically undermines user trust and data protection. Additionally, no privacy, cookie, or terms of service policies are present, indicating poor compliance with data protection regulations. The website's performance is slow, and DNS configurations reveal misconfigured CAA records and lack of DNSSEC. Overall, while the site demonstrates modern technical choices and multilingual support, its security posture and privacy compliance require urgent improvement to meet industry standards and user expectations.

S

Switzerland Innovation

switzerland-innovation.com

40

Switzerland Innovation is a Swiss innovation park ecosystem that facilitates collaboration between companies, startups, and universities to accelerate the transformation of research into marketable products and services. It holds a leading position in the Swiss innovation landscape, offering access to world-class research institutions and a broad range of support services. The website is built on Drupal 10 and integrates modern web technologies and marketing tools such as Google Analytics and HubSpot. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. The site features comprehensive cookie consent mechanisms and clear contact information, supporting good privacy compliance. Overall, the website presents a professional and trustworthy image but requires urgent improvements in security infrastructure.

O

Open-Xchange

open-xchange.com

72

Open-Xchange is a leading global provider of open and trusted software solutions primarily focused on email platforms for service providers, telcos, and hosters. With over 220 million users, it holds a strong market position as the largest independent email provider worldwide. Their product portfolio includes cloud and on-premises email solutions, DNS products, and IMAP server platforms, targeting enterprise and public sector customers. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation.

M

Mantu

mantu.com

39

Mantu is a global consulting platform focused on providing guidance and services to businesses and entrepreneurs worldwide. With a large and diverse workforce spread across multiple continents, Mantu positions itself as a collaborative network of brands delivering transformative business solutions. The website reflects a professional and well-structured digital presence, leveraging WordPress CMS with modern tools such as Elementor and WP Rocket to optimize user experience and performance. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken the site's security posture. While DNS records show good email authentication practices with SPF and DMARC, the lack of security headers and modern TLS protocols exposes the site to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy, but no cookie consent mechanism was detected. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

E

EnviDat

envidat.ch

53

EnviDat is a specialized open-source platform dedicated to environmental research data management and publication, primarily serving researchers affiliated with Swiss institutions such as the Swiss Federal Institute for Forest, Snow and Landscape WSL and the ETH Domain. The platform supports FAIR data principles and integrates with major international data repositories to enhance data discoverability and reuse. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuetify, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS, absence of security headers, and no evident incident response or vulnerability disclosure policies. Privacy compliance is partial, with a cookie consent banner present but no explicit privacy policy found. Overall, the site is professional and trustworthy in content but requires significant improvements in security and privacy compliance to meet modern standards.

MeteoSchweiz is the Swiss Federal Office for Meteorology and Climatology, providing authoritative weather forecasts, climate monitoring, and natural hazard warnings for Switzerland. As a government agency, it holds a strong national market position and offers key services including meteorological data, public information, and specialized applications for weather and climate. The website is professionally designed, content-rich, and targets both the general public and specialized users such as government bodies and meteorology professionals. Technically, the site uses modern web technologies and is hosted via Google infrastructure, with good performance and accessibility features. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which undermines secure HTTPS access. Security headers and content policies are well implemented, but the absence of cookie consent mechanisms and some advanced security features reduces privacy compliance. Overall, the site is trustworthy and authoritative but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

W

WSL Institute for Snow and Avalanche Research SLF

whiterisk.ch

54

White Risk is a comprehensive avalanche prevention platform developed and published by the WSL Institute for Snow and Avalanche Research SLF in partnership with Suva and the Swiss Red Cross. It offers a suite of modules including avalanche knowledge resources, e-learning lessons, tour planning tools, and presentation software aimed at winter mountain tour participants and avalanche educators. The platform is well-established in the Swiss market and provides valuable educational and safety services. Technically, the website is built on a modern Angular framework with rich interactive content and multimedia integration, supporting both web and mobile platforms. However, the current lack of a valid SSL certificate and HTTPS implementation is a critical security weakness that undermines user trust and data protection. Privacy and legal compliance are well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to meet modern standards.

I

iliad

iliad.it

40

Iliad Italia S.p.A. is a major telecommunications provider in Italy offering mobile telephony services including 4G and 5G, fiber internet via FTTH technology, and smartphone sales both new and refurbished. The company positions itself as a competitive and transparent operator with no hidden costs, targeting both private consumers and businesses. The website reflects a mature digital presence with comprehensive service offerings and clear customer support channels. Technically, the site uses modern JavaScript libraries and responsive design to ensure good user experience across devices. However, a critical security gap is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, Iliad's website is professional and content-rich but requires urgent security improvements to protect user data and maintain trust.

F

Free Pro

freepro.com

55

Free Pro is a French B2B telecommunications and IT services provider, a subsidiary of Groupe iliad, offering a broad portfolio of fixed and mobile telecom products and cloud/managed IT solutions tailored for enterprises of all sizes. The company positions itself as a trusted partner delivering expertise, competitive pricing, and proximity service across France with multiple regional offices. Technically, the website is built on WordPress with modern analytics and consent management tools, but suffers from a critical lack of valid SSL/TLS configuration, impacting security posture. While DNS email security is well configured with SPF and DMARC, the absence of HTTPS and security headers exposes the site to risks. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

A

appliedAI Institute for Europe gGmbH

ai-startups-europe.eu

40

The appliedAI Institute for Europe gGmbH is a non-profit organization focused on generating and disseminating high-quality knowledge about trustworthy Artificial Intelligence. It serves professionals and policymakers by providing educational formats, tools, community engagement, and regulatory guidance, positioning itself as a leading AI knowledge hub in Europe. Technically, the website employs modern JavaScript frameworks like Vue.js, Bootstrap for responsive design, and integrates marketing and analytics tools such as Google Tag Manager, HubSpot, and Usercentrics for consent management. However, the security posture is weakened by the absence of a valid SSL certificate, lack of HSTS, and missing DMARC records, which are critical for secure communications and email protection. Overall, the site is content-rich and professionally presented but requires urgent improvements in SSL/TLS configuration to enhance trust and security.

F

French Assurtech

french-assurtech.com

40

French Assurtech is a French-based accelerator and innovation platform focused on the insurance technology sector. Supported by eight leading mutual insurance companies, it offers a comprehensive program including startup acceleration, an innovation lab (Lab XP), and a training campus to foster digital transformation and new insurance business models. The website positions French Assurtech as a key player in the French insurtech ecosystem, targeting startups, insurance professionals, and innovation managers. Technically, the site is built on WordPress using Elementor and integrates SEO and multilingual capabilities. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no explicit security or incident response policies are found. Overall, the website is professional and content-rich but requires urgent improvements in security and performance to enhance trust and user experience.

The website jamespot.pro is currently inaccessible, serving only a default backend 404 error message with no visible content or metadata. This indicates the site is either offline, misconfigured, or a placeholder domain. The DNS records show hosting and mail services provided by OVH, but no active web content is available. The lack of a valid SSL certificate and absence of TLS protocols severely impact the security posture, despite the presence of an HSTS header which is ineffective without HTTPS. No privacy, cookie, or security policies are found, and no contact or business information is available on the site. Overall, the site is non-functional and does not provide any business or user-facing services at this time.

A

Aternos GmbH

exaroton.com

66

exaroton.com is a specialized service offering high-end, on-demand Minecraft game servers with a unique pay-per-use pricing model. The platform targets Minecraft players and server administrators who desire flexible, customizable, and cost-efficient server hosting. The service is backed by Aternos GmbH, a German company, and integrates features such as DDOS protection, automatic backups, and API access to enhance user experience and operational control. The website demonstrates a professional design with clear navigation and comprehensive content tailored to its niche audience. Technically, the site employs modern web technologies including JavaScript, HTML5, and CSS3, with DNS and CDN services provided by Cloudflare. The platform supports both Minecraft Java and Bedrock editions, offering a wide range of server software and modpacks. Despite good SEO and accessibility practices, the website suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Security-wise, the site has implemented SPF and DMARC DNS records with a strict reject policy, uses Google MX servers for email, and has no subdomain takeover vulnerabilities. However, the lack of HTTPS, TLS protocols, HSTS, and OCSP stapling exposes users to potential risks. Privacy compliance is strong, with a comprehensive privacy policy and terms of service hosted on the parent company domain. Analytics usage is moderate and privacy-conscious, utilizing Matomo. Overall, exaroton.com presents a strong business and technical foundation but must urgently address its SSL/TLS deficiencies to ensure user trust and data security. Strategic improvements in security configuration will elevate the platform's credibility and protect its user base effectively.

L

Laracon Australia

laracon.au

57

Laracon AU is a prominent technology conference focused on the Laravel PHP framework, organized in collaboration with Laravel, Inc. The event is scheduled for November 2025 in Brisbane, Australia, targeting Laravel developers and the broader PHP community. The website serves as a comprehensive platform for event information, ticket sales, speaker announcements, and sponsorship opportunities. Technically, the site employs modern frontend technologies such as Alpine.js and Livewire, hosted behind Cloudflare DNS services. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Privacy and cookie policies are not explicitly presented, indicating potential compliance gaps. Overall, the site demonstrates good business credibility and content quality but requires urgent improvements in security and privacy compliance to enhance trust and user safety.

L

Laracon

laracon.us

40

Laracon.us is the official website for Laracon 2025, the flagship Laravel conference targeting Web Artisans and the global PHP developer community. The site provides comprehensive information about the event, including dates, venue, speakers, accommodations, and sponsors, positioning itself as a key industry event in the technology sector. The business model revolves around event organization and community engagement, with a strong emphasis on sponsorship and ticket sales through third-party platforms.