Security Directory

A

Afya Participações S.A

afya.com.br

72

Afya Participações S.A operates as the largest hub for medical education and digital solutions in Brazil, targeting medical students, professionals, and healthcare providers. The company offers a broad portfolio including undergraduate medical courses, postgraduate education, continuing medical education, and digital health solutions. It holds a strong market position with over 20,000 medical students and multiple subsidiaries and partners enhancing its ecosystem. Technically, the website is built on Webflow, hosted via Cloudflare, and integrates modern analytics and marketing tools, demonstrating a mature digital infrastructure with fast performance and good mobile optimization. Security posture is solid with HTTPS, strong security headers, and cookie consent mechanisms, although improvements in HSTS and vulnerability disclosure could be made. Privacy compliance is well addressed with comprehensive policies and consent management. Overall, the website reflects a professional, trustworthy, and well-managed digital presence aligned with its enterprise scale and sector focus.

Landitec GmbH is a specialized B2B technology company based in Germany, offering high-quality network hardware appliances and related services across Europe. Their business model combines e-commerce with consulting, testing, and support services, targeting enterprises and organizations requiring secure and flexible network infrastructure. The website is built on the Odoo CMS platform and hosted on Odoo.sh, featuring a professional design with clear navigation and multilingual support. However, the site lacks a valid SSL certificate, resulting in no HTTPS protection, which significantly impacts its security posture. While cookie consent mechanisms and privacy policies are present, explicit security policies and incident response information are missing. The company demonstrates trust through extended warranties, partner logos, and detailed product testing.

V

VIENNA SIGHTSEEING TOURS

viennasightseeing.at

40

Viennasightseeing.at is a medium-sized tourism and transportation business specializing in guided sightseeing tours, hop-on-hop-off bus services, day trips, and sightseeing passes in Vienna, Austria. The company positions itself as a market leader in Vienna's sightseeing tour sector, targeting tourists seeking convenient and flexible travel experiences. The website is built on TYPO3 CMS and integrates modern marketing and tracking tools such as Google Tag Manager, Trustpilot, and Usercentrics for consent management. However, the site suffers from critical security issues including an invalid SSL certificate, lack of HTTPS enforcement, and a subdomain takeover vulnerability on its shop subdomain. These issues significantly impact the site's security posture and trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and maintain business credibility.

U

Universitätsklinikum Hamburg-Eppendorf

uke.de

40

The Universitätsklinikum Hamburg-Eppendorf (UKE) is a leading European university hospital specializing in healthcare, research, and education. The website reflects a comprehensive digital presence with extensive information about clinics, institutes, research programs, patient services, and educational offerings. The site targets patients, medical professionals, researchers, and students, positioning UKE as a major healthcare and research institution in Germany. Technically, the site uses established libraries like jQuery and Modernizr, and employs Matomo for privacy-conscious analytics. However, the absence of a valid SSL certificate and modern TLS protocols significantly impacts the security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. The site demonstrates high professionalism and trustworthiness but requires urgent improvements in security infrastructure to protect user data and enhance trust.

The website hfmt-hamburg.de currently serves a 404 error page indicating that no site configuration is found, suggesting the site is either offline or not properly configured. The site is powered by TYPO3 CMS and hosted on infrastructure associated with Technische Universität Hamburg. There is no accessible business content, contact information, or policies available, which severely limits the ability to assess the business or its services. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks. The absence of security headers and modern TLS protocols further weakens its security posture. Overall, the site is not operational from a user or security perspective, resulting in a very low trust and quality rating.

H

Hochschule für bildende Künste Hamburg (HFBK Hamburg)

hfbk-hamburg.de

40

The website represents the Hochschule für bildende Künste Hamburg (HFBK Hamburg), a medium-sized public art university in Germany focused on fine arts education, exhibitions, and research. It targets prospective and current students, artists, and the art community with comprehensive content on academic programs, events, and projects. The site is professionally designed with consistent branding and rich content, supporting an excellent user experience and clear navigation. Technically, the site uses a modern JavaScript stack including jQuery, Masonry, and Klaro for cookie consent, but lacks a valid SSL certificate, resulting in insecure HTTP connections. Security headers are well configured but ineffective without HTTPS. Privacy compliance is partially addressed with a privacy policy and cookie consent mechanism, though GDPR compliance is not fully evident. The site uses Matomo analytics with user consent. Overall, the security posture is weak due to missing HTTPS, which is a critical issue. The site is accessible without WAF or blocking mechanisms.

V

vitrado

vitrado.de

40

vitrado.de operates as an inhouse affiliate marketing network primarily serving the freenet Group's portfolio of digital lifestyle and telecommunications products. The platform targets affiliate marketers and partners seeking to promote these products through various partner programs and marketing tools. The website presents a professional and consistent brand image aligned with its parent company, freenet Group, and offers a range of partner programs including waipu.tv, klarmobil, and freenet Mobile among others. Technically, the site leverages JavaScript, CSS, and SVG technologies with Cloudflare DNS and hosting, but suffers from slow load times and lacks modern security configurations such as a valid SSL certificate and HTTPS support. Security posture is weak due to missing HTTPS, absent security headers, and disabled DNSSEC, exposing the site to potential risks. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to enhance trust and compliance.

F

freenet DLS GmbH

freenet-mobilfunk.de

40

Freenet DLS GmbH operates a comprehensive German telecommunications website offering mobile phone tariffs, devices, and related digital services. The company targets German consumers seeking flexible mobile plans and devices, positioning itself as a significant player in the German telecom market. The website features structured data with detailed company information and social media presence, supporting brand credibility and customer engagement. Technically, the site employs modern JavaScript frameworks, Cloudflare CDN, and personalization tools like Kameleoon, but suffers from critical SSL/TLS misconfigurations that undermine secure HTTPS access. Security headers are partially implemented, but the lack of a valid SSL certificate and disabled TLS protocols represent major vulnerabilities. Privacy and cookie policies are not detected, indicating compliance gaps. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and comply with regulations.

F

Freie und Hansestadt Hamburg

karriere.hamburg

56

The website karriere.hamburg serves as the official career portal for the Freie und Hansestadt Hamburg, offering a wide range of job opportunities, training programs, and career entry options in the public sector. It targets job seekers, students, and professionals interested in working for the city government. The site is well-branded and professionally presented with clear navigation and relevant content in German. Technically, the site uses modern HTML5 and responsive design techniques but lacks a valid SSL certificate, which is a critical security flaw. Security headers are partially implemented but some settings reduce protection. Privacy compliance is limited, with no cookie consent mechanism despite the presence of tracking scripts. Overall, the site is functional and credible but requires urgent security improvements to protect user data and trust.

A

Arvato Systems

arvato-systems.de

40

Arvato Systems is a leading German IT service provider specializing in digital transformation across multiple industries including energy, manufacturing, healthcare, retail, government, and finance. The company offers a broad portfolio of services such as consulting, cloud and data center services, application development, security, and managed services. It holds multiple industry awards and certifications, including ISO 27001 and Top Employer Germany 2024, reflecting its strong market position and commitment to quality and security. Technically, the website is built on CoreMedia CMS and integrates various analytics and marketing technologies, but suffers from a critical lack of valid SSL/TLS certificates, impacting its security posture. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the company demonstrates a mature digital presence with strong business credibility but needs urgent improvements in SSL/TLS security to protect user data and maintain trust.

D

Digital Assets AG

digibiz24.com

52

Digibiz24 is a German-based SaaS platform offering an all-in-one solution for building websites, sales funnels, and membership areas, primarily targeting online coaches and entrepreneurs. The platform integrates deeply with Digistore24, a leading European sales automation and affiliate network, enabling seamless payment processing and sales management. The website demonstrates strong digital maturity with modern technologies, good SEO, and mobile optimization. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the platform presents a professional and trustworthy business offering but must urgently address its SSL/TLS configuration to ensure secure user interactions.

N

Next Big Idea Club

heleo.com

61

Next Big Idea Club operates a subscription-based nonfiction book club curated by renowned authors, targeting readers and professionals seeking curated knowledge. The platform offers physical book deliveries, digital content including audio and video courses, and exclusive events, positioning itself as a niche leader in the media sector. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and integrates multiple marketing and analytics tools such as Mixpanel, Google Tag Manager, and ProfitWell. Hosting is on Amazon AWS with a valid SSL certificate ensuring secure HTTPS connections. Security posture is solid but could be enhanced by implementing additional security headers and DNSSEC. Privacy compliance is adequate with a clear privacy policy and terms of service, though cookie consent mechanisms are lacking. Overall, the website is professional, content-rich, and trustworthy, with extensive user tracking for marketing purposes.

Arvato is an enterprise-level company specializing in innovative supply chain management, logistics, transport management, and digital solutions primarily targeting B2B clients in the transportation sector. The website presents a professional and comprehensive digital presence with multilingual support and detailed service offerings. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. The security configuration is basic, with no HTTPS enabled and missing security headers, although privacy compliance is well managed through Cookiebot consent mechanisms. Overall, the site is trustworthy and professional but requires urgent improvements in security infrastructure to protect user data and enhance trust.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, and e-commerce solutions primarily serving B2B clients. The company operates globally with a strong presence in Poland and multiple related domains indicating a broad international footprint. Their website is built on TYPO3 CMS and integrates modern technologies such as Vite JS and Cookiebot for consent management. Despite a professional design and comprehensive content, the site suffers from an invalid SSL certificate, resulting in a basic security posture. Cookie consent and privacy policies are well implemented, reflecting good GDPR compliance. The site uses Google Analytics and advertising networks for tracking and marketing purposes. Overall, Arvato presents a credible and professional business front but should urgently address SSL and security header issues to improve trust and security.

Arvato SE operates as a global enterprise specializing in innovative supply chain management, logistics, transport management, and digital solutions, targeting B2B clients with a focus on e-commerce and omnichannel distribution. The website reflects a mature digital presence with multilingual support and comprehensive content showcasing their services and success stories. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a critical lack of HTTPS, impacting security posture significantly. Cookie consent is robustly managed via Cookiebot, ensuring GDPR compliance and user privacy controls. However, the absence of a valid SSL certificate and security headers exposes the site to risks and reduces trustworthiness. Overall, the site is professional and content-rich but requires urgent security improvements to align with best practices.

Asian Pacific Islander Forward Movement (APIFM) is a non-profit organization dedicated to cultivating healthy and vibrant Asian and Pacific Islander communities through engagement, education, and advocacy. The organization operates various community programs including food security initiatives, youth advocacy, and environmental sustainability projects. APIFM maintains an active digital presence with integrated social media feeds and regularly updated blog content, positioning itself as a community-centric entity within the non-profit sector in the United States. Technically, the website is built on WordPress with Elementor and several plugins for social media integration. Hosting is provided by DreamHost. While the site has good SEO metadata and structured data, performance metrics are lacking, and the site exhibits slow loading characteristics. Mobile optimization is good, but accessibility features are basic. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability exposing users to potential data interception. Security headers are minimal, and no incident response or security policies are published. Privacy compliance is limited, with no cookie consent mechanism detected and only a basic privacy policy present. Overall, APIFM's website serves its community well in content and engagement but requires urgent improvements in security infrastructure and privacy compliance to protect users and enhance trustworthiness.

Arvato SE operates a comprehensive supply chain management and e-commerce logistics platform targeting enterprise clients primarily in Spain and internationally. The website showcases a professional and well-structured digital presence powered by TYPO3 CMS and modern frontend technologies. Key services include supply chain management, logistics and fulfillment, transportation management, and digital solutions. The company demonstrates strong branding consistency and trust indicators such as client logos and social media presence. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism via Cookiebot. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

L

Los Angeles Walks

losangeleswalks.org

53

Los Angeles Walks is a small non-profit organization dedicated to promoting safe and walkable communities in Los Angeles. The organization focuses on community training, policy advocacy, and pedestrian safety initiatives, supported by donations and partnerships, notably with Community Partners as their fiscal sponsor. Their target audience includes local residents, families affected by traffic violence, and community advocates. Technically, the website is built on Webflow, uses Cloudflare CDN, and integrates Google Fonts and jQuery. The site is mobile optimized with good design and navigation but lacks advanced SEO and accessibility features. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Arvato SE operates a comprehensive supply chain and logistics service platform with a strong focus on innovative digital solutions and e-commerce support. The company targets business clients seeking holistic supply chain management, logistics, transport, and digital commerce solutions. The website reflects a large enterprise with international reach, supported by multiple regional domains and a parent company affiliation with Bertelsmann. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a lack of HTTPS, resulting in a critical security gap. Cookie consent is managed professionally via Cookiebot, and analytics are extensively used with Google services. The security posture is weak due to missing SSL and security headers, which poses risks to user data and trust. Overall, the website is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

A

ActiveSGV

activesgv.org

53

ActiveSGV is a small non-profit organization dedicated to promoting sustainability, mobility, climate action, health, and wellness in the San Gabriel Valley region. The website serves as a community hub showcasing projects, events, and advocacy efforts, targeting local residents and stakeholders interested in environmental and social improvements. The organization positions itself as a regional leader in community-driven green infrastructure and transit initiatives. Technically, the website is built on Webflow, leveraging modern web fonts, Google Tag Manager for analytics, and a translation service for accessibility. However, the site suffers from a critical security misconfiguration with no valid SSL certificate despite using Cloudflare CDN and HSTS headers, which undermines user trust and security. Privacy compliance is basic, with a privacy policy and terms of service present but lacking cookie consent mechanisms and GDPR indicators. Social media integration is strong, enhancing community engagement. Overall, the site is professionally designed with good content quality but requires urgent security improvements to ensure safe user interactions.

Arvato SE operates as a global third-party logistics provider specializing in supply chain management, logistics & fulfillment, transport management, and digital solutions. The company targets businesses in e-commerce and B2B sectors, offering scalable and innovative logistics services. The website demonstrates a strong market presence with multiple localized domains and partner sites, reflecting a large enterprise with a global footprint. Technically, the site is built on TYPO3 CMS with modern frontend tooling and integrates Cookiebot for GDPR-compliant cookie management. However, the main domain suffers from an invalid SSL certificate, impacting security posture. While no critical vulnerabilities are detected, the lack of HTTPS and security headers lowers the overall security score. Privacy compliance is well addressed with clear cookie consent and privacy policies. The website is professionally designed, mobile-optimized, and provides clear navigation and business information, though direct contact emails and phone numbers are not exposed publicly. Strategic improvements in SSL configuration and security headers are recommended to enhance trust and security.

M

MaRS Discovery District

marsdd.com

53

MaRS Discovery District is a leading Canadian urban innovation hub focused on supporting startups and entrepreneurs in sectors such as cleantech, health, and fintech. It operates as a registered charity and provides a broad range of services including workspace leasing, investment facilitation, and community building. The website is built on WordPress with modern web technologies and integrates tools like Gravity Forms and OneSignal for enhanced user engagement. Despite a professional and content-rich website, the absence of a valid SSL certificate and HTTPS support significantly impacts the security posture. Privacy and terms policies are well documented, supporting compliance efforts. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent security improvements to protect user data and enhance trust.

L

LA Forward

laforward.org

50

LA Forward is a small non-profit organization focused on progressive advocacy and community organizing in Los Angeles County. It operates as a 501(c)(4) entity and collaborates closely with its 501(c)(3) partner, LA Forward Institute, to provide education, training, and research. The organization builds grassroots power, promotes progressive leadership, and provides voter education resources. Technically, the website is built on Squarespace and uses standard web technologies and third-party services like EveryAction for forms. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a significant security concern. Privacy and cookie policies are not present, indicating compliance gaps. The site is accessible and well-structured with good content quality and branding consistency. Security posture is weak due to missing HTTPS and security headers configuration. Overall, the site is functional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, transport, and digital commerce solutions primarily targeting B2B clients. The website is professionally designed, multilingual, and powered by TYPO3 CMS with modern frontend technologies. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are mostly present, but critical SSL/TLS configurations and session management features are missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and consent mechanisms. Business credibility is strong with clear branding, client logos, and social media presence. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

Luceda Photonics is a specialized technology company focused on photonic integrated circuit (PIC) design software and services. Their flagship product, the Luceda IPKISS platform, aims to automate and integrate photonic design flows, enabling designers to achieve first-time-right tape-outs. The company maintains a global presence with offices and partners across Belgium, Asia, and North America, serving a niche market of photonic IC designers and engineers. The website reflects a professional and consistent brand image with detailed product, training, and support information. Technically, the website is built on the Odoo CMS platform with modern frontend technologies but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. Privacy compliance is basic with presence of privacy and cookie policies and consent mechanisms, but no visible terms of service or incident response policies. Overall, the website is functional and informative but requires urgent security improvements to protect user data and enhance trust.

Investing in Place is a small non-profit organization focused on leveraging public spaces in Los Angeles to improve quality of life for residents. The organization acts as an independent voice in local politics, advocating for better budgeting and planning of sidewalks, streets, and public spaces. Their key services include policy advocacy, public engagement, and research reporting. The website reflects a professional and consistent brand with clear messaging targeted at local stakeholders and community members. Technically, the website is built on WordPress using Elementor and WooCommerce plugins, hosted by DreamHost. While the site has a good design and user experience, it suffers from slow performance and lacks advanced SEO and accessibility features. The absence of a valid SSL certificate and modern TLS protocols is a significant security concern, exposing users to risks and undermining trust. Security posture is weak due to missing HTTPS, lack of security headers, and no evident privacy or cookie policies. Analytics are implemented via Google Analytics and Jetpack, but privacy compliance is poor with no GDPR indicators. Contact information is limited to an email address and a contact form, with no phone or physical address provided. Overall, the site is functional and informative but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect user data.

The website sierraclub.org is currently inaccessible due to a Web Application Firewall (WAF) security mechanism implemented by Incapsula, which blocks direct content access and presents an incident ID iframe instead of the actual website content. Consequently, no meaningful business, contact, or policy information could be extracted or analyzed. The DNS configuration shows standard multiple A records and Google MX mail servers, but the SSL/TLS configuration is critically lacking with no valid certificate and no enabled secure protocols, resulting in a very weak security posture. The site lacks any visible privacy, cookie, or terms of service policies, and no contact or social media information is available from the provided HTML content. Overall, the site’s digital presence is severely limited by the security blocking, preventing a full assessment of its business or technical maturity.

A

Arvato SE

open-xcellerator.com

63

The open-xcellerator.com website represents a community platform under Arvato SE focused on Advanced & Personalized Therapies, particularly addressing supply chain challenges in Cell & Gene Therapy. The site aims to foster collaboration among industry stakeholders to improve patient-centric and globally harmonized therapy supply chains. Technically, the site is built on TYPO3 CMS, served by Apache, and uses modern frontend tooling like Vite JS. It integrates Google Tag Manager and Cookiebot for analytics and cookie consent management. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and no HTTPS protocols are enabled, severely impacting security posture. Privacy compliance is supported by a visible privacy and cookie policy with consent mechanisms. Contact is available via a contact page but lacks direct email or phone details on the main site. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect user data and trust.

N

Neste

nesteoil.com

66

Neste is a leading global company specializing in renewable energy solutions, particularly sustainable aviation fuel and renewable diesel. The company positions itself as a pioneer in mitigating climate change and advancing the circular economy by refining waste and residues into high-quality renewable fuels and raw materials. Their market position is strong as a world leader in sustainable aviation fuel production, targeting businesses and consumers focused on sustainability. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built on modern web technologies including React and Next.js, hosted likely on Google Cloud infrastructure. SEO and accessibility practices are well implemented, and the site is mobile optimized. However, performance data is limited but inferred to be moderate. The site uses cookie consent mechanisms and integrates marketing tools such as OneTrust and Visual Website Optimizer. From a security perspective, the site employs strong security headers and HSTS policies, but critically suffers from an invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly undermines its security posture. No explicit security policies or incident response information are published, and no vulnerability disclosure program is evident. Privacy compliance is strong with comprehensive policies and GDPR adherence. Overall, while the business and content aspects are robust and professional, the security weaknesses related to SSL/TLS must be urgently addressed to ensure trust and secure user interactions. Strategic improvements in certificate management and enabling modern TLS protocols are recommended to elevate the security posture and overall website score.

S

Sunrise Movement LA

sunrisemovementla.org

40

Sunrise Movement LA is a youth-led environmental justice organization focused on combating climate change and promoting the Green New Deal within the Greater Los Angeles area. The organization operates as a grassroots non-profit movement, recruiting young activists and engaging the community through events, political advocacy, and educational efforts. Their digital presence is built on the Squarespace platform, leveraging modern web technologies and integrating social media and donation platforms to facilitate engagement and fundraising. The website is well designed with clear navigation and mobile optimization, though performance metrics suggest room for improvement. Security posture is adequate with HTTPS and some security headers, but lacks advanced configurations such as full HSTS and DMARC for email protection. Privacy compliance is weak due to the absence of privacy and cookie policies, which poses regulatory risks. Overall, the website reflects a credible and professional organization with moderate trustworthiness but requires enhancements in privacy and security policies to strengthen compliance and user trust.

P

PennyLane

pennylane.ai

50

PennyLane is an open-source Python framework focused on quantum machine learning, quantum chemistry, and quantum computing. It is designed by researchers for research, positioning itself as a leading tool in the quantum computing software space. The website reflects a professional and well-structured digital presence, leveraging modern web technologies such as React and Gatsby, hosted on Amazon S3 and delivered via CloudFront. The site integrates analytics and monitoring tools including Google Tag Manager, Hotjar, Sentry, and New Relic, indicating a mature approach to performance and user experience monitoring. However, the absence of a valid SSL certificate and HTTPS support is a significant security concern, exposing users to potential risks and undermining trust. Additionally, the lack of visible privacy and cookie policies, as well as contact information, suggests gaps in compliance and user support. Strategic improvements in security configuration and transparency would enhance the overall trustworthiness and compliance posture of the site.

S

Streets For All

streetsforall.org

59

Streets For All is a small non-profit organization focused on transportation advocacy primarily in Los Angeles, with a sister chapter in San Francisco. The organization campaigns for safer streets, improved bus and bike lanes, and pedestrian-friendly urban environments. Their website serves as a hub for community engagement, volunteer recruitment, membership, and donations. Technically, the site is built on Squarespace, leveraging modern web fonts, JavaScript libraries, and third-party services such as Mailchimp for email marketing and Facebook Pixel for tracking. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Security headers are partially implemented but insufficient to compensate for the missing SSL. Privacy and cookie policies are absent, and no formal security or incident response policies are published. Overall, the site provides good content and user experience but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

A

A1 Group

a1.group

60

A1 Group is a major telecommunications provider operating primarily in Central and Eastern Europe, serving approximately 30 million customers across seven core markets. The company offers a broad portfolio of services including voice telephony, broadband internet, mobile and home entertainment, smart home solutions, data and IT services, wholesale, payment solutions, and digital services. The website reflects a strong corporate identity with a focus on sustainability and ESG commitments, supported by detailed investor relations content and sustainability reports. Technically, the website is built on WordPress with multilingual support and integrates modern marketing and analytics tools such as Google Analytics, Microsoft Clarity, and Bugsnag. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which is a critical vulnerability that must be addressed promptly. Privacy compliance is well managed with a comprehensive cookie consent mechanism and clear privacy policy. Overall, the site demonstrates professionalism and trustworthiness but requires urgent improvements in SSL/TLS security to protect user data and maintain credibility.

A

A1 Digital

a1.digital

57

A1 Digital is a prominent European technology service provider specializing in IoT, Cloud, Network, and Cybersecurity solutions. The company targets businesses across Europe aiming for digital transformation, offering managed connectivity, cloud services, and security solutions. Their market position is strong with a large customer base and presence in multiple countries, supported by a parent company, Telekom Austria AG, and several subsidiaries. Technically, the website is built on Craft CMS with modern marketing and consent tools, providing a good user experience and mobile optimization. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. The site implements several security headers but lacks modern TLS protocols and secure cipher suites. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent SSL/TLS improvements to enhance security and user trust.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

B

Bertelsmann SE & Co. KGaA

bertelsmann.de

40

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating across multiple sectors including broadcasting, book publishing, music, services, printing, education, and investments. The website reflects a mature corporate presence with comprehensive information targeting investors, journalists, job seekers, and the general public. The business model is diversified with strong subsidiaries such as RTL Group and Penguin Random House, positioning Bertelsmann as a major player in the global media industry. Technically, the website employs established web technologies like Bootstrap and jQuery, with content delivery via Amazon CloudFront CDN, ensuring good performance and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Security headers are partially implemented, but critical HTTPS and TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent managed by Cookiebot. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is professional and content-rich but requires urgent security improvements to meet modern standards.

V

Valmet

jamesbury.com

40

Valmet's Jamesbury brand website presents a comprehensive offering of high-performance valves and automation solutions targeted at industrial sectors such as pulp & paper, energy, and chemical processing. The site reflects a mature enterprise with a strong market position, emphasizing product reliability, safety, and efficiency. Technically, the website employs modern web technologies including jQuery, Bootstrap, and Microsoft Azure monitoring tools, hosted on a secure TLS 1.3 enabled infrastructure. Security posture is solid with proper email authentication (SPF, DMARC) and no evident vulnerabilities, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism, good user experience, and trustworthy business credibility.

C

Chatbot

linda-chatbot.de

40

The website linda-chatbot.de appears to be a chatbot service associated with the Sparkasse brand, indicating a financial services context in Germany. However, the site content is currently inaccessible beyond a simple error message indicating a domain or service issue, which severely limits the ability to assess the business comprehensively. The technical infrastructure shows use of React framework and external font resources from Sparkasse's webfonts domain, but the site suffers from very slow load times and minimal content. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, lack of security headers, and missing DNS security configurations. No privacy, cookie, or terms of service policies are present, and no contact or business information is available on the page. Overall, the site is not currently functional or trustworthy for end users.

The website sparkassen-mediacenter.de serves as a centralized media management platform primarily targeting the Sparkassen-Finanzgruppe, a major financial group in Germany. It offers a suite of services including video content management, podcasts, interactive videos, and playlist creation, aimed at enhancing digital content distribution within the group's online platforms. The platform is positioned as an internal tool to streamline media content handling and ensure secure access to both public and internal video assets. Technically, the site is built on a traditional Apache server with standard HTML, CSS, and JavaScript assets. However, it lacks modern security infrastructure, notably missing a valid SSL/TLS certificate and HTTPS support, which significantly undermines its security posture. The site includes multiple JavaScript libraries and CSS bundles but does not leverage modern frameworks or CMS platforms. Security headers are partially implemented, but critical HTTPS and TLS configurations are absent. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a phone number and support ticket instructions, with no email addresses or social media presence. Overall, the site demonstrates moderate business credibility and good content relevance but suffers from critical security shortcomings that must be addressed to protect user data and maintain trust.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 7 security findings identified across all modules.

L

Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

lrz.de

40

The Leibniz-Rechenzentrum (LRZ) is a large, well-established IT service provider dedicated to supporting scientific research and education primarily in Bavaria, Germany. It offers a broad portfolio of advanced IT services including supercomputing, AI and Big Data infrastructure, networking via the Munich Science Network (MWN), IT security, cloud storage, and consulting. The LRZ is positioned as a key regional player with strong partnerships and a focus on cutting-edge technologies. Technically, the website is built on TYPO3 CMS and demonstrates good content quality, navigation, and accessibility, though performance is moderate. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is adequate with a clear privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

B

Boxmyjob SAS

taleez.com

60

Taleez, operated by Boxmyjob SAS, is a French-based SaaS company specializing in recruitment management software (ATS). The company offers a comprehensive platform that centralizes recruitment processes, including job offer multi-diffusion, candidate sourcing, process automation, and analytics. With over 15,000 users and a strong presence in the French market, Taleez positions itself as a reliable and user-friendly solution for HR teams, managers, and candidates. The website reflects a professional and consistent brand image, supported by numerous client testimonials and case studies. Technically, the website is built on Webflow CMS and integrates multiple marketing and analytics tools such as HubSpot, Google Analytics, Amplitude, and ConvertBox. Hosting is managed via OVH with CDN support from Cloudfront. Despite a rich content offering and good mobile optimization, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. Security-wise, the absence of a valid SSL certificate and HTTPS enforcement is a major vulnerability, exposing users to potential data interception risks. Additionally, the lack of security headers and modern TLS protocols further weakens the site's defense. Privacy compliance is well addressed with comprehensive GDPR-aligned policies and cookie consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, while Taleez demonstrates strong business credibility and content quality, its technical and security shortcomings, especially regarding SSL/TLS, pose significant risks. Addressing these issues is paramount to safeguarding user data and maintaining trust.

A

AkzoNobel

duluxheritage.co.uk

69

Heritage by Dulux is a premium paint brand under the AkzoNobel umbrella, offering a curated collection of luxury and designer paints targeting homeowners and professional decorators in the UK market. The website provides rich content including product information, inspiration, and professional tools, supporting a strong market position in the retail paint sector. Technically, the site uses modern web technologies such as React and Next.js, hosted on AWS infrastructure with CDN support, but suffers from slow load times and could benefit from performance optimizations. Security posture is adequate with HTTPS and no major vulnerabilities detected, though improvements in SSL configuration and security headers are recommended. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the website is professional, trustworthy, and well-branded, supporting the business's premium market positioning.

D

Dulux Select Decorators

duluxselectdecorators.co.uk

58

Dulux Select Decorators operates as a professional decorator network in the United Kingdom, backed by the parent company AkzoNobel. The business focuses on providing vetted, high-quality decorating professionals to UK homeowners, emphasizing workmanship guarantees and customer service. The website reflects a well-structured service offering with clear business information, customer testimonials, and a strong social media presence. Technically, the site uses common JavaScript libraries and marketing tools such as Google Tag Manager and Crazy Egg, alongside a cookie consent mechanism via OneTrust. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are absent, and no explicit security or incident response policies are published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy from a business perspective but requires urgent security improvements to protect user data and enhance trust.

A

AkzoNobel Paints

polycell.co.uk

58

Polycell.co.uk is a UK-focused retail website offering a range of wood fillers, Polyfilla, and adhesives under the AkzoNobel Paints brand. The site targets DIY consumers seeking home improvement products and advice. The business operates as a large entity with a strong corporate parent, AkzoNobel, and provides product information, tutorials, and store locator services. Technically, the site is built on Adobe Experience Manager and uses modern JavaScript libraries and marketing tools such as Google Tag Manager and OneTrust for cookie consent. However, the site suffers from a lack of a valid SSL certificate, resulting in insecure HTTP delivery, which significantly impacts its security posture. Performance is slow with a large page size and long load times. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via a contact form, with no direct emails or phone numbers found on the homepage. Overall, the site is professional and consistent in branding but requires urgent security improvements to protect user data and enhance trust.

A

AkzoNobel Paints

hammerite.co.uk

62

Hammerite.co.uk is the official website for Hammerite, a brand specializing in metal protection paints and coatings, operating under the large multinational AkzoNobel Paints. The site offers detailed product information, advice, and store locator services targeting DIY enthusiasts and professional painters in the UK market. Technically, the website is built on Adobe Experience Manager CMS, hosted on AWS infrastructure, and uses modern web technologies including jQuery and Adobe Launch for tag management. The site is mobile optimized and SEO friendly with structured data implemented. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, which critically impacts HTTPS enforcement and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Business credibility is moderate due to the lack of direct contact details and explicit security policies. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

A

Akzo Nobel N.V.

duluxtradepaintexpert.co.uk

52

Dulux Trade Paint Expert, operated under the parent company Akzo Nobel N.V., is a professional painting and decorating resource targeting trade professionals in the UK. The website offers a comprehensive range of products, colour matching tools, training courses, and professional advice, positioning itself as a leading brand in the retail and manufacturing sector for paints and coatings. The site is well-branded and consistent with corporate identity, providing a good user experience and clear navigation tailored for its professional audience. Technically, the site is built on Adobe Experience Manager and leverages modern marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support and lack of security headers, which significantly impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

C

Cuprinol

cuprinol.co.uk

46

Cuprinol.co.uk is a retail website specializing in wood treatment and exterior wood protection products, including their flagship Cuprinol Ducksback range. The site targets homeowners and gardening enthusiasts in the United Kingdom, offering a variety of garden shades and protective products. The business operates under the parent company AkzoNobel, a recognized entity in the coatings and chemicals industry. The website presents a professional and consistent brand image with good content quality and clear navigation, catering well to its target audience. Technically, the website is built using modern web technologies such as React and Next.js, with integrations for marketing and analytics tools like Google Tag Manager and Marketo. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts both user experience and security posture. Mobile optimization is good, but accessibility features are basic. From a security perspective, the absence of HTTPS and security headers is a critical vulnerability, exposing users to potential risks. No explicit security policies or incident response information is available, which may affect trust and compliance. Privacy and cookie policies are present and include consent mechanisms, indicating reasonable privacy compliance. Overall, the website is functional and professionally presented but requires urgent improvements in security infrastructure, particularly SSL implementation and security headers, to enhance trustworthiness and compliance.

I

International

international-yachtpaint.com

60

International Yachtpaint is a specialized brand under the AkzoNobel corporate umbrella, focusing on providing yacht painting products and professional advice primarily for the Finnish market and other international regions. The website offers comprehensive product information, expert painting guidance, and support resources targeting both amateur and professional yacht painters. The brand leverages Adobe Experience Manager CMS and React for its digital platform, integrating modern marketing and consent management tools such as Google Tag Manager and OneTrust. However, the site lacks HTTPS encryption, which is a critical security shortfall. The absence of security headers and slow page performance further impact the overall security posture and user experience. Despite these issues, the site maintains good content quality, clear navigation, and strong brand consistency with AkzoNobel, supported by active social media channels.