Security Directory

Capital Blue Cross operates as a regional healthcare benefits provider serving Central Pennsylvania and the Lehigh Valley, offering a range of insurance products and member services including prescription drug management, care finding, and wellness programs. The website serves as a portal for members, employers, and providers, integrating multiple partner services and providing access to health toolkits and plan information. Technically, the site is built on IBM WebSphere Portal with modern frontend technologies such as Vue.js and Bootstrap Vue, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. Security posture is weak due to missing HTTPS and limited security headers, although a strong DMARC policy is in place for email protection. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professionally designed but requires urgent improvements in security and performance to meet modern standards.

P

Portus Data Centers

portusdatacenters.com

39

Portus Data Centers operates as a carrier-neutral edge colocation data center provider with facilities in Germany and Luxembourg. The company targets businesses requiring high-performance, low-latency IT infrastructure, offering hybrid cloud and colocation services. Their market position is that of a medium-sized regional operator with a focus on sustainability and modern digital infrastructure. Technically, the website is built on WordPress with Elementor and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate, which severely impacts security posture and user trust. The absence of cookie consent mechanisms and limited privacy compliance further reduce the site's compliance maturity. Security best practices such as SPF and DMARC are partially implemented but could be strengthened. Overall, the website presents professional content and clear business information but requires urgent improvements in security and privacy to meet modern standards.

S

South Carolina Blues

southcarolinablues.com

56

South Carolina Blues is a regional healthcare insurance provider focused on serving residents of South Carolina with Medicare, individual, family, and group health plans. The website provides basic information about plan options, member perks, and tools to find healthcare providers. The technical infrastructure relies on legacy JavaScript frameworks such as Dojo and uses Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which severely impacts security posture. Security headers are present but their effectiveness is limited without HTTPS. Privacy and cookie policies are absent, and no contact or incident response information is provided, indicating gaps in compliance and transparency. Overall, the site demonstrates a basic digital maturity level with room for significant improvements in security, privacy, and user trust.

The websitewelcome.com domain currently hosts a minimal placeholder page primarily providing an abuse contact email address. There is no substantive business description, privacy policies, or terms of service available, indicating a very limited web presence. The technical infrastructure shows DNS hosted via Cloudflare nameservers but lacks DNSSEC and has an invalid or missing SSL certificate, resulting in no HTTPS support. The website performance is moderate due to minimal content but lacks mobile optimization and accessibility features. Security posture is poor with no TLS protocols enabled, no security headers, and no HSTS, exposing the site to potential risks. Overall, the site is low trust and low professionalism, with critical security and compliance gaps that must be addressed to improve credibility and user safety.

T

Transloadit

uppy.io

40

Uppy is an open source JavaScript file uploader developed and maintained by Transloadit. It provides a modular and extensible solution for uploading files from local devices and various remote sources such as Dropbox, Google Drive, Instagram, and more. The platform targets developers and businesses seeking reliable and easy-to-integrate file upload capabilities. Uppy enjoys a solid market position as a community-driven project with commercial backing, supported by endorsements from notable technology communities and publications. Technically, the website leverages modern web technologies including React and Docusaurus for documentation, and integrates the Tus protocol for resumable uploads. Hosting and DNS services are provided by Cloudflare, ensuring robust infrastructure. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. From a security perspective, while the site avoids known SSL vulnerabilities and uses secure protocols in its backend services, the lack of HTTPS and security headers exposes users to potential risks. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact and incident response information are not publicly available, limiting transparency. Overall, the website demonstrates good content quality, technical sophistication, and business credibility but is hampered by critical security deficiencies. Strategic improvements in SSL deployment, privacy compliance, and contact transparency are recommended to enhance trust and security.

The website at dreamscape.cloud is currently inaccessible, serving a 403 Forbidden error page with no visible content or metadata. This prevents any meaningful analysis of the business, its services, or compliance posture. The domain is registered and has basic DNS records including MX and NS entries, but the SSL configuration is invalid or missing, resulting in no HTTPS availability. The presence of HSTS header indicates some security awareness, but the lack of a valid certificate and TLS protocols severely undermines security. Overall, the site is effectively blocked from public access, limiting visibility into its operations or security maturity.

The website at mycourse.app currently serves only a minimal 404 error page with no accessible content, metadata, or business information. The domain is registered and DNS is managed via Cloudflare, but there is no valid SSL certificate installed, resulting in no HTTPS support. The lack of content and security configuration indicates a very low digital maturity level and no visible business presence on the site. Security posture is weak due to missing HTTPS, lack of security headers, and no DNSSEC or DMARC records. Overall, the site is inaccessible for meaningful user interaction or business engagement, representing a high risk for trust and credibility. Strategic improvements should focus on establishing a valid SSL certificate, deploying a functional website with clear business information, and implementing basic security and privacy compliance measures.

Crazy Domains is a large technology company specializing in domain registration, web hosting, and related online services. Positioned as a competitive domain provider in the US market with international reach, it offers a broad portfolio including SSL certificates, website builders, and online marketing tools. The website is professionally designed with consistent branding and trust indicators such as certifications and customer testimonials. Technically, the site leverages modern web technologies including React and New Relic monitoring, hosted on Cloudflare DNS infrastructure. However, performance is hindered by slow load times and a large page size. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue impacting user trust and data protection. Privacy compliance is supported by comprehensive policies and cookie consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements to meet industry standards.

D

dmarcian

dmarc.io

61

dmarc.io is a specialized resource center focused on DMARC (Domain-based Message Authentication, Reporting & Conformance) compliance and email security. Powered by dmarcian.com, it provides public information about DMARC sources, forwarders, and best practices for sending email on behalf of others. The site targets deployers, operators, and developers interested in DMARC deployment and compliance. It operates as a niche information repository with a clear focus on email authentication and security standards. Technically, the website uses modern JavaScript modules and integrates analytics tools such as Google Tag Manager and Hotjar for user behavior tracking. Hosting and DNS services are provided by Google Cloud DNS. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a significant security shortfall. Performance is moderate, with a page load time of approximately 3.7 seconds and a moderate number of resources. From a security perspective, the site enforces a strict DMARC policy at the DNS level with a reject policy, which is a strong positive indicator for email security. However, the absence of HTTPS, lack of security headers, and missing advanced TLS protocols reduce the overall security posture. No privacy or cookie policies are present, and no contact forms or direct contact information are provided on the site, limiting transparency and compliance with privacy regulations. Overall, dmarc.io serves as a valuable technical resource for DMARC-related information but requires significant improvements in web security practices, privacy compliance, and transparency to enhance trustworthiness and user confidence.

D

dmarcian

dmarc-academy.com

65

dmarcian operates DMARC Academy, a free online educational platform focused on DMARC, SPF, and DKIM technologies to improve email security and protect organizations from phishing and domain abuse. Founded in 2012 and certified as a B Corp, dmarcian is a recognized leader in the email security space, providing both educational content and tooling to help organizations deploy DMARC effectively. The website is built on the LearnWorlds platform and integrates modern tracking and marketing technologies, though performance optimization is needed due to slow load times. Security posture is solid with HTTPS, SPF, and DMARC reject policies in place, but could be improved by enabling HSTS and additional security headers. Privacy compliance is addressed with cookie consent and privacy policies, supporting GDPR requirements. Overall, the site presents a professional and trustworthy front for its educational mission.

W

Warmly

getnametags.com

63

Warmly is a technology company specializing in virtual nametags designed to enhance professionalism and engagement in video meetings, particularly through Zoom integration. The company targets professionals across various sectors including sales, marketing, consulting, and finance, offering customizable virtual nametags and related meeting enhancement tools. The website is well-designed, content-rich, and provides clear navigation and branding consistency, positioning Warmly as a reputable player in the virtual meeting enhancement market. Technically, the site is built on Webflow CMS, hosted with Cloudflare DNS, and uses modern marketing and analytics tools such as PostHog and OneTrust for cookie consent. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture and trustworthiness. Privacy compliance is strong with comprehensive policies and consent mechanisms in place. Overall, the site demonstrates good digital maturity but requires urgent security improvements to protect user data and enhance trust.

V

Vision 6 Pty Ltd

vision6.com

71

Vision 6 Pty Ltd operates the Vision6 platform, a leading Australian SaaS provider specializing in email and SMS marketing solutions tailored for sectors such as government, higher education, finance, and healthcare. The company positions itself as Australia's most reliable and compliant communications platform, offering a comprehensive suite of services including email marketing, text message marketing, CRM and reporting, lead generation, and transactional email APIs. Their market presence is supported by strong trust indicators such as ISO 27001 certification and GDPR compliance, reinforcing their commitment to data security and privacy. Technically, the website is built on WordPress hosted on AWS infrastructure, leveraging modern web technologies and extensive third-party marketing and analytics tools. While the site is content-rich and professionally designed, performance optimization could be improved due to a relatively slow load time and large page size. Security posture is robust with enforced DMARC policies, valid SPF records, and TLS 1.3 support, though enhancements like HSTS and OCSP stapling are recommended. Overall, Vision6 demonstrates a mature digital presence with strong compliance and security practices, making it a trustworthy platform for its target audience.

R

Retention Science

retentionscience.com

63

Retention Science is a medium-sized SaaS company specializing in AI-driven email and SMS marketing automation for ecommerce businesses. Their platform integrates customer data and uses predictive analytics to optimize marketing campaigns, helping clients increase engagement and sales. The website is professionally designed using modern technologies like React and Gatsby, with good SEO and accessibility features. However, a critical security issue is the absence of a valid SSL certificate and HTTPS, which significantly impacts the site's security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the company presents a credible and trustworthy business front but must urgently address its SSL/TLS configuration to ensure secure communications and protect user data.

N

Newfold Digital Inc.

endurance.com

65

Newfold Digital Inc. is a prominent enterprise-level technology company specializing in web presence solutions for small-to-medium businesses worldwide. Through a diverse portfolio of well-known brands such as Bluehost, HostGator, Network Solutions, and Web.com, the company offers comprehensive services including domain registration, hosting, website building, security, online marketing, and professional website design. Their market position is strong, supported by extensive product offerings and personalized customer support. Technically, the website is built on Adobe Experience Manager CMS and leverages modern technologies including Adobe Launch for analytics, OneTrust for cookie consent management, and AudioEye for accessibility compliance. Hosting and DNS services are protected by Cloudflare, ensuring resilience and performance. However, the site exhibits slow load times and lacks some advanced security configurations such as HSTS and DNSSEC. From a security perspective, the site maintains a valid SSL certificate, properly configured SPF and DMARC records, and no detected vulnerabilities or exposed sensitive data. Privacy compliance is robust with clear privacy and cookie policies, GDPR indicators, and a consent mechanism. Incident response readiness is indicated by an ethical hacking report link. Accessibility is enhanced through AudioEye integration, reflecting a commitment to inclusive design. Overall, Newfold Digital's website demonstrates a high level of professionalism, security, and compliance, though performance optimizations and enhanced security headers could further strengthen its posture. The company maintains a trustworthy online presence with clear business information and active social media engagement.

D

dmarcian

dmarcian.com

70

dmarcian is a pioneering company focused on solving the email identity crisis by providing domain owners with control over their email domains through DMARC technology. Founded in 2012 by a primary author of the DMARC specification, the company offers a SaaS DMARC Management Platform, deployment services, and dedicated support. It serves a broad audience including individuals, small businesses, enterprises, MSPs, and various sectors such as education, government, healthcare, and non-profits. The company is well-positioned as a market leader with a strong partner ecosystem and trusted certifications like SOC and B Corp. Technically, the website is built on WordPress with modern JavaScript libraries and integrates multiple third-party services for analytics, chat, and translation. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates excellent content quality and business credibility but requires urgent security improvements.

W

Warmly

warmly.ai

68

Warmly is a technology company specializing in AI-driven marketing automation for B2B clients. Their platform leverages person-level intent signals to identify and engage ideal customers with personalized messaging across multiple channels. The company positions itself as a high-growth player in the AI marketing space, supported by strong customer testimonials and strategic partnerships. Technically, the website is built on modern platforms such as Webflow and Cloudflare, integrating numerous analytics and marketing tools including HubSpot, Segment, and PostHog. While the SSL certificate is valid and email authentication protocols like SPF and DMARC are properly configured, there is room for improvement in security headers and DNS security. The website demonstrates good privacy compliance with a comprehensive privacy policy and cookie consent mechanism. Performance is somewhat slow due to large page size and resource count, suggesting optimization opportunities. Overall, Warmly presents a professional, trustworthy, and technically mature online presence with a solid security posture but could enhance security best practices further.

R

RB2B

rb2b.com

71

RB2B is a technology company specializing in real-time website visitor identification and lead generation for B2B sales and marketing teams, primarily in the United States. Their platform leverages a proprietary publisher network and integrates with popular CRMs and Slack to deliver enriched visitor data, including LinkedIn profiles, to sales teams. The company positions itself as a SOC2 Type II compliant provider with a strong focus on data privacy and compliance, offering both free and paid plans to accommodate different customer needs. The website demonstrates a high level of professionalism, with comprehensive content, customer testimonials, and clear navigation.

Acropolis Warehousing Inc. is a medium-sized Canadian company specializing in third-party logistics and warehousing services primarily across Western Canada. Founded in 1993 as an independent arm of Rosenau Transport Ltd., it offers integrated supply chain solutions including warehousing, order fulfillment, and direct distribution. The company positions itself as a premier warehouse provider with a focus on customer service and operational excellence. Technically, the website is built on WordPress with Bootstrap and jQuery, incorporating modern marketing and analytics tools such as Google Analytics and Microsoft Clarity. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture. Privacy compliance is basic, with privacy and terms pages present but lacking cookie consent mechanisms. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

C

Carrier Logistics

carrierlogistics.com

67

Carrier Logistics is a medium-sized transportation technology company specializing in customizable transportation management software called FACTS™. The company serves transportation and logistics businesses, offering software solutions, training, and consultation services. It holds a recognized market position with industry awards and client testimonials, indicating a trusted brand in the transportation sector. The website is built on WordPress with a responsive design and includes modern marketing and analytics tools. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture. Additionally, cookie consent mechanisms are missing despite the use of tracking scripts, raising privacy compliance concerns. Overall, the website provides good content quality and business credibility but requires urgent security and privacy improvements.

Rosenau Transport Ltd. is a large transportation and logistics company operating primarily in Western Canada, offering a broad range of freight and supply chain services including Less Than Truckload, Full Truckload, warehousing, and specialized transport. The company is part of GLS Logistics Systems Canada Ltd., which is affiliated with the GLS Group and Royal Mail Group plc, positioning it strongly in the regional market. The website presents a professional and content-rich platform targeting businesses and individuals needing reliable shipping solutions across Canada and the Western U.S. The technical infrastructure is based on WordPress CMS with common optimization and analytics tools, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Security posture is weak due to missing HTTPS, lack of security headers, and incomplete email security configurations. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and credible but requires significant security improvements to meet modern standards.

M

Metro | Bus, Rail, Subway, Bike & Micro in Los Angeles

metro.net

56

Security assessment completed with an overall score of 50/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 31 security findings identified across all modules.

C

CACHINA PE E.I.R.L.

fuertenetwork.com

40

Cachina Pe operates as a local Peruvian online marketplace platform focused on classified ads for services, rentals, and sales. The website targets the general public in Peru seeking an easy-to-use platform for posting and browsing ads. The business is small-sized and operates under the legal entity CACHINA PE E.I.R.L., with clear contact information and basic trust indicators such as company registration and privacy policies. Technically, the site is built using modern web technologies including Next.js and React, served via an Nginx server. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Performance data is missing, but the site appears to have basic mobile optimization and accessibility features. SEO is basic with proper meta tags but lacks advanced optimization. From a security perspective, the site lacks critical protections such as HTTPS, HSTS, security headers, and domain security configurations like DNSSEC and DMARC. No incident response or vulnerability disclosure policies are present. Privacy compliance is minimal with no cookie consent mechanism detected. Contact information is available but no dedicated security or data protection contacts are found. Overall, the website presents moderate business credibility but suffers from critical security deficiencies that expose users to risks. Strategic improvements in SSL deployment, security headers, and privacy compliance are essential to enhance trust and protect user data.

The website echt-fake.de currently serves only a minimal 404 error page with no accessible content, metadata, or business information. This indicates the site is either inactive, under construction, or improperly configured. The DNS setup is basic with no DNSSEC or CAA records, and the SSL certificate is invalid or missing, resulting in no HTTPS support. Security headers are minimal, and no privacy or cookie policies are present. Overall, the site lacks fundamental digital maturity and security posture, presenting a high risk for visitors and no trust signals. Strategic recommendations include implementing a valid SSL certificate, publishing privacy and security policies, and providing meaningful content and contact information to improve credibility and compliance.

G

General Logistics Systems US, Inc. (GLS)

gls-us.com

55

General Logistics Systems US, Inc. (GLS) operates a regional parcel delivery service focused on the Western United States, providing faster delivery services across multiple states including California, Washington, Oregon, Idaho, and Colorado. The company offers a variety of shipping tools, account management, and integration options for business customers. The website reflects a medium-sized transportation business with a clear focus on parcel delivery and customer support. Technically, the site uses modern JavaScript frameworks such as Vue.js and integrates multiple marketing and analytics tools including HubSpot, Marketo, Google Analytics, and Hotjar. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. Privacy compliance is basic, with a privacy policy present but no visible cookie consent mechanism. Overall, the site provides good content and user experience but requires urgent security improvements to protect user data and enhance trust.

G

GLS Portugal

gls-portugal.pt

40

GLS Portugal is a well-established parcel delivery and logistics company operating since 2005, serving both business and private customers with a broad range of national and international shipping services. It is part of the GLS Group, leveraging a large European logistics network. The website demonstrates a mature digital presence with multilingual support, comprehensive parcel tracking tools, and client portals. Technically, the site is built on WordPress with modern libraries and hosted on Google Cloud, ensuring good performance and mobile optimization. Security posture is solid with HTTPS, HSTS, and reCAPTCHA Enterprise integration, though some security headers and OCSP stapling could be improved. Privacy compliance is strong with GDPR-aligned cookie consent and detailed policies. Overall, GLS Portugal presents a professional, trustworthy, and user-friendly online platform supporting its logistics business effectively.

G

GLS Canada

gls-canada.com

60

GLS Canada is a large transportation and logistics company providing parcel, freight, warehousing, and logistics services primarily in Canada with a strong connection to the GLS Group. The website offers comprehensive information about their services, including shipment tracking, shipping tools, and customer support. The company maintains a professional online presence with consistent branding and active social media channels. Technically, the website uses modern JavaScript libraries and analytics tools but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, the absence of HTTPS and security headers represents a significant security risk. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

U

ularwmg.com

ularwmg.com

30

The website ularwmg.com is currently inaccessible due to an HTTP 429 error indicating rate limiting or blocking, resulting in no accessible content or business information. The site appears to be hosted on the Wix platform but lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. No privacy, cookie, or terms of service policies are present, nor is there any contact information or business data available. The technical infrastructure is minimal, with basic JavaScript and LitElement framework usage detected, but overall performance is slow and the site is not optimized for mobile or SEO. Security posture is poor due to missing SSL, lack of security headers, and absence of DNS security features. Given the blocked status and lack of content, the overall risk is high, and the site cannot be properly evaluated for business credibility or compliance.

S

San Gabriel Valley Regional Housing Trust

sgvrht.org

50

The San Gabriel Valley Regional Housing Trust is a non-profit joint powers authority established in 2020 to facilitate funding and financing for homeless and affordable housing projects in the San Gabriel Valley region. The organization serves as a regional resource to support extremely low, very low, and low-income housing initiatives, targeting residents and stakeholders within the area. The website provides information on project funding requests, board meetings, and homelessness resources, reflecting a focused mission on housing affordability and community support. Technically, the site is built on the Wix platform leveraging modern frameworks such as React 18 and Wix-specific components, but suffers from slow performance and lacks mobile optimization. Security posture is weak due to the absence of HTTPS and security headers, exposing the site to risks. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Overall, the site demonstrates moderate professionalism and trustworthiness but requires significant improvements in security and technical performance to enhance user trust and compliance.

P

PlanetBids

planetbids.com

58

PlanetBids operates a specialized procurement and supplier management software platform primarily serving local governments, municipalities, utilities, public works, and educational institutions. The company positions itself as a trusted provider with over 1000 procurement professionals relying on its platform daily. Their SaaS offering includes modules for vendor management, bid management, document management, contract management, and compliance tools, aiming to modernize and streamline procurement lifecycles with AI-assisted workflows. Technically, the website is built on HubSpot CMS and hosted on AWS infrastructure, utilizing modern web technologies such as SVG animations and video content. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture and user trust. Additionally, privacy compliance is weak, with no visible privacy or cookie policies and limited consent mechanisms. Overall, while the business model and content quality are solid and professional, the technical and security implementations require urgent improvements to meet industry standards and regulatory requirements.

S

StairwayStudios

stairwaystudios.de

40

StairwayStudios is a small, established multimedia agency based in Schwarzenbek, Germany, specializing in web design, print design, and multimedia marketing services. Founded in 2000, the company leverages TYPO3 CMS and modern frontend technologies to deliver responsive and SEO-friendly websites, complemented by print media and corporate video production. Their client portfolio and testimonials indicate strong local market presence and long-term customer relationships. Technically, the website is built on TYPO3 CMS with common libraries such as jQuery and Bootstrap, but suffers from slow load times and lacks modern performance optimizations. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, missing security headers, and lack of advanced security features like HSTS and OCSP stapling. Privacy compliance is supported by a cookie consent banner and a privacy policy in German, indicating GDPR awareness. Overall, the site is professional but requires significant security and performance improvements to enhance trust and user experience.

The Axel-Bourjau-Stiftung website represents a small regional non-profit foundation focused on supporting children and youth work through cultural, educational, and social projects in Büchen, Germany. The foundation was established in 2005 and primarily serves local communities, churches, and schools. The website content is well-structured and provides clear information about the foundation's mission, projects, and history, targeting local stakeholders and potential supporters. Technically, the website uses Bootstrap and jQuery for frontend development and is hosted with GoDaddy services. The site performance is moderate with a page load time of approximately 3.3 seconds and basic mobile responsiveness. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts security posture and user trust. From a security perspective, the absence of HTTPS, security headers, and cookie consent mechanisms are critical vulnerabilities. No forms or direct contact emails are present on the homepage, limiting direct user engagement. The site does not implement modern security best practices such as HSTS or OCSP stapling. Privacy compliance is minimal, with a privacy policy page present but no cookie consent or GDPR indicators. Overall, the website is functional and informative but requires urgent security improvements, especially enabling HTTPS and implementing privacy compliance features, to enhance trustworthiness and protect user data.

F

Fuerte Arts Movement

fuerte.org

39

Fuerte Arts Movement is a small non-profit organization focused on leveraging art and culture to drive collective action on social issues such as voting rights, housing justice, and environmental justice, with a focus on Arizona women of color and LGBTQ perspectives. The website serves as a community hub featuring advocacy campaigns, events, a zine library, and multimedia content. Technically, the site is built on WordPress with various plugins for event management and media display, but suffers from slow performance and lacks a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication records. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is content-rich and professionally designed but requires urgent improvements in security and privacy to protect users and build trust.

C

Connecticut Democratic Party

ctdems.org

59

The Connecticut Democratic Party website serves as the official online presence for the state-level Democratic Party organization. It focuses on voter engagement, volunteer recruitment, fundraising, and disseminating party information. The site targets Connecticut residents interested in Democratic politics and activism, providing resources such as voter registration links, event calendars, and donation portals. The party positions itself as a key political actor within the state, aiming to mobilize support and fight GOP extremism. Technically, the website is built on WordPress with a modern but somewhat heavy tech stack including jQuery, DataTables, and Google services. However, performance is slow with a large page size and long load times. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, and missing security headers, exposing users to potential risks. Privacy compliance is minimal with no cookie consent mechanism despite tracking scripts. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to protect users and enhance trust.

S

San Gabriel Valley Council of Governments

sgvcog.org

67

The San Gabriel Valley Council of Governments (SGVCOG) is a regional government agency dedicated to serving the San Gabriel Valley area in California. It provides coordination and support to local governments in key sectors such as transportation, energy, homelessness, and regional planning. The website reflects a well-structured government entity with clear communication channels and a focus on community engagement through various committees and programs. Technically, the site is built on the Wix platform utilizing modern web technologies including React and several Wix apps, ensuring a functional and moderately optimized user experience. Security measures are appropriately implemented with HTTPS, valid SPF and DMARC records, and no detected vulnerabilities, though some enhancements like HSTS and DNSSEC could further strengthen the posture. Privacy compliance is basic with accessible privacy and cookie policies, and contact information is clearly provided, enhancing trust and transparency. Overall, the site demonstrates a solid digital presence suitable for a regional government organization.

F

For Good

forgood.org

70

For Good is a well-established 501(c)(3) non-profit organization operating a technology-enabled donor-advised fund platform that facilitates charitable giving for individuals and companies. Founded in 2001 by tech executives from AOL, Yahoo!, and Cisco, it has positioned itself as a leader in digital philanthropic innovation, partnering with major platforms such as YouTube, Walmart, and Patagonia. The website clearly communicates its mission, services, and impact, targeting donors, nonprofits, and corporate partners. The business model centers on enabling donors to support charities efficiently and transparently through a secure online platform. Technically, the website is built on Webflow CMS, leveraging modern web technologies and hosting infrastructure with CDN support. It employs Google Tag Manager and Analytics for tracking and performance monitoring. The site is mobile-optimized and accessible, with good SEO practices and a moderate page load time. Security-wise, the site uses HTTPS with TLS 1.3 and 1.2, has valid SPF and DMARC records, and avoids known SSL vulnerabilities. However, it lacks some advanced security features such as HSTS, DNSSEC, OCSP stapling, and Certificate Transparency compliance, which are recommended for enhanced protection. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, but no explicit cookie consent mechanism was detected, which may impact GDPR compliance. Contact information is clearly provided, including email, phone, and physical address, along with active social media profiles, enhancing business credibility and trustworthiness. Overall, the site demonstrates a strong professional presence with room for security and privacy improvements.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 10 security findings identified across all modules.

Bonterra LLC is a leading provider of nonprofit software solutions designed to empower social impact organizations including foundations, corporations, government agencies, and nonprofits. Their product suite covers fundraising, case management, corporate social responsibility, grant management, and volunteer management, positioning them as the second-largest social good software company globally. The website reflects a mature digital presence with strong branding, comprehensive content, and clear navigation targeting a broad social good ecosystem. Technically, the site is built on WordPress with modern JavaScript frameworks like React and uses various marketing and analytics tools such as Google Tag Manager and Marketo. However, performance is currently slow, and there is room for optimization. Accessibility and SEO practices are well implemented, supporting a good user experience. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting trust and data protection. While SPF, DMARC, and HSTS headers are configured, the absence of HTTPS severely undermines the security posture. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, Bonterra's website is professional and content-rich but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL deployment, enabling TLS 1.2/1.3, and enhancing security configurations to align with best practices.

ETO Software is a technology company providing software solutions primarily for the human services sector, focusing on case management and related services. The website analyzed is a login portal affiliated with Social Solutions Global, Inc., indicating a parent-subsidiary relationship. The business targets organizations requiring specialized software to manage human services programs. The platform appears to operate as a SaaS offering with a moderate market presence in its niche. Technically, the website is built on legacy ASP.NET Web Forms technology with Telerik UI components and hosted on Amazon AWS infrastructure. The site performance is slow, and mobile optimization is basic. Security posture is weak due to lack of HTTPS, missing security headers, and absence of privacy and cookie policies. Marketing and analytics tools such as Pendo and Aptrinsic are integrated, indicating moderate user tracking without clear privacy compliance. Overall, the website lacks modern security and privacy best practices, which poses risks to user data protection and trust.

The website etosoftwareau.com is currently inaccessible, returning a 403 Forbidden error page with minimal HTML content. This indicates that the site is either restricted or blocked from public access, preventing any meaningful content or metadata extraction. The domain is registered and hosted on Amazon AWS infrastructure, specifically behind an AWS Elastic Load Balancer, but no valid SSL/TLS certificate is configured, resulting in no HTTPS support. Due to the lack of accessible content, no business information, contact details, or privacy and security policies could be identified. From a technical perspective, the site lacks modern security configurations such as HTTPS, security headers, and HSTS, which significantly lowers its security posture. The absence of analytics, marketing tools, or external links further indicates minimal or no active web presence at this URL. The DNS setup is standard with AWS Route53 nameservers, but DNSSEC and CAA records are not enabled, which could be improved for better domain security. Overall, the security posture is weak due to missing SSL and security headers, and the site is effectively blocked from public access, limiting any user or automated interaction. This results in a very low AI score reflecting poor content quality, technical implementation, security, privacy compliance, and business credibility. Strategic recommendations include obtaining and configuring a valid SSL certificate, enabling HTTPS, implementing security headers, and ensuring the site is accessible to users and crawlers to improve trust and compliance.

ETO Software is an enterprise-level software solution focused on human services and case management, operated by Social Solutions Global, Inc. The website analyzed is primarily a login portal with limited public-facing content. The technical infrastructure is based on legacy ASP.NET WebForms technology with Bootstrap and Telerik UI components, hosted on Amazon AWS. The site integrates modern user engagement and analytics tools such as Pendo and Aptrinsic, indicating a focus on user experience and product analytics. However, the website suffers from significant security shortcomings, including the absence of a valid SSL certificate and HTTPS, lack of security headers, and no visible privacy or cookie policies. These issues pose risks to user data confidentiality and trust. Performance is suboptimal with slow load times and a large page size, and SEO and accessibility optimizations are minimal or absent. Overall, the site demonstrates moderate digital maturity but requires urgent security and compliance improvements.

A

Amtsverwaltung Büchen

amt-buechen.de

40

Amt Büchen operates as a local government administration serving 15 municipalities in the Herzogtum Lauenburg district of Schleswig-Holstein, Germany. The website provides comprehensive citizen services, public announcements, and administrative information primarily targeting residents and local businesses. The site is built on TYPO3 CMS and uses common frontend technologies such as Bootstrap and jQuery, hosted by Hetzner. Despite good content quality and clear navigation, the site lacks a valid SSL certificate, which impacts security posture and user trust. Cookie consent mechanisms are implemented, supporting GDPR compliance. Contact information is clearly presented, enhancing business credibility. However, the absence of security headers and slow page load times indicate areas for technical improvement.

Security assessment completed with an overall score of 50/100 (unknown risk). 2 critical issues require immediate attention. Total of 14 security findings identified across all modules.

S

Saarländische Nahverkehrs-Service GmbH

saarvv-profil.de

40

The website represents Saarländische Nahverkehrs-Service GmbH, a regional public transportation service provider in Saarland, Germany. It offers information about the saarVV public transport network, focusing on sustainability, digitalization, and service improvements. The site targets local public transport users and stakeholders. Technically, the website is built on WordPress using Elementor, with common web technologies like jQuery and Swiper.js. The site is mobile-optimized but suffers from slow load times and lacks some advanced performance optimizations. Security-wise, the site uses HTTPS with a valid certificate but lacks important security headers, HSTS, and OCSP stapling. No cookie consent mechanism or comprehensive privacy compliance features are present. Contact information is clearly provided, including email, phone, and physical address. Social media presence is active on major platforms. Overall, the site is functional and professional but could improve in security and privacy compliance to enhance trust and user safety.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 high-priority issues should be addressed promptly. Total of 13 security findings identified across all modules.

The Worldshop is a comprehensive e-commerce platform operated by Miles & More GmbH, serving as the sales channel for Europe's leading loyalty program. It offers a wide range of premium products from over 400 brands, including exclusive SWISS branded items, targeting loyalty program members and general consumers. The platform integrates miles earning and redemption with flexible payment options, including Cash & Miles, and maintains a presence both online and at airport stores. Technically, the website employs a modern JavaScript stack with Apache Wicket as the framework, leveraging various libraries for UI components, lazy loading, and analytics. However, performance is moderate to slow due to large page size and resource count. Mobile optimization and accessibility are well addressed, ensuring a good user experience across devices. From a security perspective, the site lacks a valid SSL certificate and does not implement modern TLS protocols or security headers like HSTS, which poses significant risks. Privacy compliance is strong with clear policies and consent mechanisms. The site integrates multiple trusted payment and shipping partners, enhancing business credibility. Overall, while the business and content aspects are strong and professional, critical security issues related to SSL must be addressed to improve trust and protect user data. Strategic improvements in security posture and performance optimization are recommended.

Worldshop.eu is a well-established e-commerce platform operated by Miles & More GmbH, serving as the sales channel for Europe's leading loyalty program. The website offers a broad range of lifestyle and aviation-branded products, targeting Miles & More members and aviation enthusiasts. The platform integrates loyalty features such as mileage redemption and earning, alongside traditional e-commerce functionalities. Technically, the site employs a modern tech stack including Apache Wicket, jQuery, and Material Design components, hosted by Noris Network AG. Despite a rich user experience and comprehensive content, the absence of a valid SSL certificate and lack of HTTPS implementation represent critical security vulnerabilities. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the site demonstrates strong business credibility and user engagement but requires urgent security improvements to protect user data and maintain trust.

BMW M GmbH operates the official BMW M website, showcasing its high-performance vehicles, motorsport heritage, and driving experiences. The company holds a strong market position in the premium automotive segment, targeting enthusiasts and customers seeking performance and motorsport engagement. The website reflects a mature digital presence with rich multimedia content, clear navigation, and comprehensive legal and privacy documentation. Technically, the site uses modern web technologies, including Adobe Experience Manager CMS, Akamai CDN, and performance monitoring tools, delivering a good user experience across devices. Security posture is solid with HTTPS, SPF, DMARC, and no critical vulnerabilities detected, though improvements like HSTS and additional security headers are recommended. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness.

A

Arvato Systems

arvato-systems.com

68

Arvato Systems is a large, internationally active IT specialist and multi-cloud service provider headquartered in Germany, focused on enabling digital transformation for enterprises across various industries including healthcare, energy, retail, manufacturing, and government. The company offers a broad portfolio of services such as cloud transformation, application modernization, managed services, security services, and SAP solutions. Their market position is reinforced by multiple industry awards and certifications, including ISO 27001. Technically, the website is built on CoreMedia CMS with modern web technologies and provides a good user experience with mobile optimization and clear navigation. However, the security posture is weakened by an invalid or missing SSL certificate and lack of modern TLS protocol support, which are critical issues that should be addressed promptly. Privacy compliance is strong with a comprehensive privacy policy, cookie consent mechanism, and GDPR adherence. Overall, the website demonstrates professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

A

Arvato Systems Schweiz AG

arvato-systems.ch

71

Arvato Systems Schweiz AG is a subsidiary of the international Arvato Systems group, specializing in IT services and digital transformation solutions. The company offers a broad portfolio including digital commerce, cloud services, application modernization, and industry-specific IT solutions targeting enterprises primarily in Switzerland and globally. The website reflects a mature digital presence with comprehensive content, local contact points, and professional branding. Technically, the site uses CoreMedia CMS and modern web technologies but suffers from slow load times and lacks some advanced security configurations such as HSTS and OCSP stapling. Security posture is solid with valid SSL, SPF, and DMARC records, but no explicit security or incident response policies are published. Privacy compliance is well addressed with a cookie consent mechanism and a detailed privacy policy. Overall, the site is professional and trustworthy but could improve performance and security hardening.

L

LA Forward Institute

laforward.institute

63

LA Forward Institute is a small nonprofit organization focused on advancing racial and economic justice in Los Angeles County through civic education, leadership development, and coalition building. The website is built on Squarespace, featuring rich educational content, videos, and guides aimed at empowering local residents and activists. Technically, the site uses modern TLS protocols and strong cipher suites but lacks advanced security headers and email authentication policies such as DMARC and DNSSEC. Privacy compliance is weak, with no visible privacy or cookie policies, and no explicit contact emails or phone numbers are provided, only a contact form. Overall, the site is functional and professional but could improve in security and privacy transparency to enhance trust and compliance.