Security Directory

ProSieben is a leading German media and entertainment company providing live TV streaming, video on demand, and news content primarily targeting German-speaking audiences. The website demonstrates a mature digital presence with a modern tech stack including Next.js and React, delivering rich multimedia content and a well-structured user experience. Security posture is solid with strong TLS configurations and SPF email protections, though improvements in HSTS, OCSP stapling, and DNSSEC could enhance security further. Privacy compliance is well addressed with a consent management platform and comprehensive policies. Overall, ProSieben maintains a high level of professionalism and trustworthiness in its online presence.

P

ProSiebenSat.1 Media SE

commerceandventures.com

48

Commerce & Ventures is the investment business of ProSiebenSat.1 Media SE, focusing on supporting consumer-oriented start-ups and growth companies through a combination of media-for-equity, media-for-revenue, minority, and majority investments. The company leverages the extensive media reach of the ProSiebenSat.1 Group to build brand awareness and accelerate growth for its portfolio companies. Technically, the website is built on modern frameworks such as Next.js and React, hosted on AWS, and integrates marketing and tracking tools like Google Tag Manager. Security posture is adequate with support for TLS 1.2 and 1.3 and no major vulnerabilities detected, but lacks some best practices like HSTS and OCSP stapling. Overall, the site is professional, well-branded, and provides comprehensive information about its investment activities and portfolio. However, direct contact information and explicit security policies are not prominently available, which could be improved to enhance trust and compliance.

P

ParshipMeet Group

parshipmeet.com

74

ParshipMeet Group is a leading international dating and video communication company operating nine brands with over 500 employees and revenues exceeding 375 million Euros. The company supports individuals worldwide in finding meaningful connections through its apps available in over 190 countries and 25 languages. Technically, the website is built on WordPress, hosted behind Cloudflare, and uses modern web technologies including Usercentrics for consent management and Adobe Typekit for fonts. However, the SSL certificate is currently invalid, which poses a significant security risk. The company has implemented strong email authentication policies including SPF and DMARC with a reject policy, enhancing email security. Overall, the website demonstrates good content quality and branding consistency but requires urgent improvements in SSL configuration and security headers to ensure user trust and compliance.

A

Atom

nucomgroup.com

54

Atom operates a premium domain marketplace platform offering domain sales, branding, naming contests, trademark services, and audience research. The company positions itself as a trusted marketplace with strong buyer protections and flexible payment options. The website is professionally designed, mobile-optimized, and integrates modern web technologies and analytics tools. However, the absence of a valid SSL certificate is a critical security gap that undermines user trust and data protection. The platform demonstrates moderate digital maturity with extensive user tracking and marketing integrations but requires improvements in security posture to meet industry standards.

S

SevenVentures

sevenventures.de

52

SevenVentures is a strategic media investment arm of ProSiebenSat.1 Media SE, specializing in minority equity investments and media cooperations for established digital B2C companies. Their business model leverages media assets to accelerate growth and brand awareness in the German and Austrian markets. The website demonstrates a mature digital infrastructure using modern web technologies such as Next.js and integrates marketing and tracking tools like Google Tag Manager and trkkn.com. Security posture is solid with TLS 1.3 support and valid SPF records, though improvements such as enabling HSTS, DNSSEC, and DMARC would enhance protection. Overall, SevenVentures presents a professional and trustworthy online presence aligned with its market position as a leading media investor.

B

Bundesverband Green Software e. V.

bundesverband-green-software.de

52

Bundesverband Green Software e. V. is a German non-profit association dedicated to promoting sustainable and resource-efficient software development practices in Germany. The organization focuses on advancing green software standards, tools, training, and policy advocacy to reduce the ICT sector's carbon footprint. Their market position is that of a leading national association in the green software domain, targeting companies and digital actors interested in sustainability. The website content is well-aligned with their mission and audience, providing information on initiatives, working groups, events, and membership opportunities. Technically, the website employs modern web technologies including Tailwind CSS and JavaScript libraries such as Marquee3k, hosted behind Cloudflare DNS and leveraging email infrastructure from Scaleway and Outlook. While the site is responsive and optimized for mobile devices, performance is somewhat slow with a load time of nearly 7 seconds. SEO practices are good, but accessibility is basic. No CMS or advanced frameworks are detected. From a security perspective, the site has a valid SSL certificate (though with suspicious validity dates), SPF and DMARC records configured, but lacks advanced security headers like HSTS or DNSSEC. There is no visible security policy, incident response contact, or vulnerability disclosure mechanism. Privacy compliance is supported by a comprehensive privacy policy, but no cookie consent mechanism is present. The security posture is moderate with room for improvement in email security policies and HTTPS hardening. Overall, the website and organization present a trustworthy and professional front for their green software advocacy mission. Strategic improvements in security headers, DNS security, and transparency around incident response would enhance their security maturity and stakeholder confidence.

S

smartclip.net

smartclip.net

62

The website smartclip.net currently presents an empty HTML page with no visible content, metadata, or business information. The domain is registered and DNS is managed via AWS Route53 with multiple A records and a valid SPF record including mailgun.org. The SSL configuration is good, supporting modern TLS protocols without known vulnerabilities, but lacks advanced security headers and HSTS. No privacy, cookie, or terms of service policies are present, nor any contact or security policy information. Overall, the site lacks content and transparency, limiting its business and security posture visibility.

Q

qwertiko GmbH

navigate-it-services.de

50

qwertiko GmbH is a medium-sized German IT service provider specializing in professional hosting and Platform-as-a-Service (PaaS) solutions. With over 10 years of experience, the company offers tailored, high-performance cloud hosting, managed services, firewall solutions (notably pfSense®), and personalized consulting. Their market position is strengthened by official partnerships and a focus on personal customer service, targeting businesses and agencies requiring reliable and scalable IT infrastructure. Technically, the website is built on WordPress using WPBakery Page Builder and several plugins, hosted on infrastructure managed by nroute.de. While the site demonstrates good SEO and mobile optimization, the analyzed domain lacks a valid SSL certificate and modern TLS support, which is a critical security gap. The company maintains GDPR compliance with a comprehensive privacy and cookie policy and provides clear contact information and customer testimonials, enhancing trust. However, there is no explicit terms of service or security policy published, and incident response details are absent. Overall, qwertiko presents a professional digital presence with room for security improvements.

M

Mpirical Limited

mpirical.com

69

Mpirical Limited is a UK-based telecommunications training provider specializing in 5G, 4G LTE, and wireless network technologies. With over two decades of experience, the company offers certified and accredited training courses delivered online, live onsite, and on demand. Their market position is strong, supported by industry certifications such as ITP, CPD, and ISO standards, and a broad portfolio of learning aids including the proprietary NetX tool. The company targets individuals, teams, and enterprises seeking up-to-date telecoms knowledge and certification. Technically, the website is built on WordPress with a modern tech stack including Google Analytics, Hotjar, Zoho SalesIQ, and Vimeo integration. Performance is moderate to slow, with good mobile optimization and SEO practices. Security posture is good with valid SSL, SPF, and DMARC policies, but could be improved by enabling HSTS, DNSSEC, and OCSP stapling. No explicit security policy or incident response contacts were found. Overall, Mpirical demonstrates a mature digital presence with strong trust indicators and compliance with privacy regulations.

I

International Data Spaces Association (IDSA) / Associação Brasileira de Internet das Coisas (ABINC)

idsa-brasil.org

43

The IDSA Hub Brazil website represents a collaborative initiative between the International Data Spaces Association (IDSA) and the Associação Brasileira de Internet das Coisas (ABINC) to promote the future of the digital economy in Brazil through the creation and adoption of data spaces. The site serves as a knowledge transfer and community-building platform, targeting businesses and organizations interested in data sovereignty, IoT, and digital innovation. The business model is non-profit and partnership-driven, positioning itself as a key facilitator in the Brazilian technology ecosystem with global ties. Technically, the website is built on WordPress using Elementor and Astra theme, hosted by HostGator Brazil, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate, lack of security headers, and missing DNS and email security records. No privacy or cookie policies are present, which may impact compliance and user trust. Overall, the site is professional and content-rich but requires significant improvements in security and compliance to enhance trust and protect user data.

M

Mondoni Press

mondonipress.com.br

48

Mondoni Press is a Brazilian PR and communication agency specializing in press advisory, institutional communication, digital marketing, and content creation. The company positions itself as a trusted partner for businesses seeking to enhance their credibility, media presence, and visibility. It has received recognition such as the PR Agency of the Year award in South America (Prestige Awards 2023/24) and serves a diverse client base across various sectors. Technically, the website is built on WordPress with a range of popular plugins and marketing tools, including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing infrastructure. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and data security. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages were found, which may pose compliance risks. Overall, the company demonstrates good branding and content quality but should urgently address security and compliance gaps to maintain trust and regulatory adherence.

E

Elo Criativo

elocriativo.com.br

56

Elo Criativo is a small Brazilian design and web strategy agency specializing in branding, web design, and graphic design services. The company targets businesses seeking to improve their digital presence through well-crafted design and web solutions. Their market position is that of a niche service provider with a portfolio showcasing diverse projects. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, Foundation, and various JavaScript libraries. The hosting is managed via Cloudez nameservers. Performance is moderate with a page load time of approximately 5.8 seconds and a page size of about 200KB. Security posture shows a valid SSL certificate but lacks advanced configurations such as HSTS, DNSSEC, and security headers. SPF and DMARC records are configured but with a relaxed DMARC policy. Analytics usage includes Google Analytics, Google Tag Manager, and RD Station, indicating moderate user tracking but no visible privacy or cookie policies, which is a compliance gap. Overall, the website is professional and functional but could improve security and privacy compliance to enhance trust and reduce risk.

H

Hubert Burda Media

burda.com

67

Hubert Burda Media is a large, established media and technology company based in Germany, focusing on media publishing, brand management, and equity investments. The company maintains a strong market position with a diverse portfolio and international presence. Their website reflects a mature digital infrastructure with modern JavaScript libraries, consent management, and structured data for SEO and business transparency. Security posture is solid with valid SSL, SPF, and DMARC configurations, though improvements such as enabling HSTS and additional security headers are recommended. The company demonstrates compliance awareness with GDPR-aligned privacy and cookie policies and a whistleblowing system. Overall, the website is professional, trustworthy, and well-optimized for users and search engines.

H

Hispasat

hispasat.com

66

Hispasat is a leading satellite telecommunications operator specializing in the distribution of audiovisual content in Spanish and Portuguese across Europe and Latin America. As a large enterprise and a subsidiary of Redeia, Hispasat offers a broad portfolio of satellite and data services including internet access, cellular backhaul, tele-education, and satellite programs. The website reflects a mature digital presence with multilingual support, modern UI frameworks, and a comprehensive content structure targeting telecommunications customers and partners. Technically, the infrastructure leverages Microsoft Azure hosting and AWS Route53 DNS, with a tech stack including jQuery, Bootstrap, and Google Tag Manager. Security posture is moderate with valid SSL certificates and SPF records but lacks advanced protections such as HSTS, DMARC, DNSSEC, and OCSP stapling. The site employs cookie consent mechanisms and analytics tools, indicating awareness of privacy compliance, though no explicit security or incident response policies are published. Overall, Hispasat demonstrates a professional and trustworthy online presence aligned with its market position.

A

Agência De Conteúdo Estratégico | FonteMidia Digital

fontemidiadigital.com.br

60

The website fontemidiadigital.com.br currently serves an error page indicating HTTP ERROR 429, which suggests the server is rate limiting or blocking access. The site lacks any visible business content, metadata, or contact information, and appears to be hosted on Wix with invalid SSL configuration. Technically, the site uses LitElement and Canvas API but suffers from slow performance and poor optimization. Security posture is weak due to missing SSL certificate, lack of security headers, and absence of DNSSEC and DMARC records. Overall, the site is not compliant with common privacy or security standards and provides no user or business trust signals.

I

Início | Streaming Academy Abotts

streamingacademy.com.br

60

The website streamingacademy.com.br currently serves an error page indicating HTTP ERROR 429, which suggests that the site is either rate-limited or temporarily blocked. The site lacks any visible business or contact information, privacy or cookie policies, or terms of service. Technically, the site uses modern JavaScript technologies including LitElement and web components, but the overall page content is minimal and does not provide business context or user engagement features. The SSL configuration is basic but supports strong TLS protocols without known vulnerabilities. However, security best practices such as HSTS, OCSP stapling, and DNSSEC are not implemented, which could be improved to enhance security posture. No analytics, advertising, or tracking technologies are detected, indicating minimal user tracking. Overall, the site appears to be in a limited or error state with poor content and minimal security and compliance features.

I

Início | Streaming Academy Abotts

streamingladies.com.br

50

The website streamingladies.com.br currently presents an HTTP 429 error indicating that it is not accessible due to too many requests or rate limiting. The site lacks any metadata, structured data, or business information, and does not provide contact details, privacy policies, or terms of service. Technically, the site uses JavaScript with the LitElement framework and includes a Chrome Dino game clone script, but the SSL certificate is invalid and no modern TLS protocols are enabled, resulting in a poor security posture. There are no security headers or DNS security configurations in place. Performance is slow and content is minimal, leading to a poor user experience and low trustworthiness. Overall, the site appears to be down or blocked, providing no meaningful business or user information.

K

KM Business Information Canada Ltd.

lawawards.ca

63

The Canadian Law Awards website serves as a digital platform for promoting and managing an annual legal industry awards event in Canada. It is operated by KM Business Information Canada Ltd. and closely associated with the Canadian Lawyer and Lexpert brands, positioning itself as a reputable media and event organizer within the legal sector. The site targets legal professionals, law firms, and sponsors, offering event information, winner announcements, and sponsorship opportunities. Technically, the website is built on WordPress with Bootstrap and uses various third-party marketing and analytics tools including Google Analytics, Google Tag Manager, HubSpot Forms, and Bombora. However, the site suffers from significant security shortcomings, including an invalid SSL certificate and lack of modern TLS support, which undermines user trust and data protection. Despite enabling HSTS, the absence of a valid certificate renders it ineffective. There is no visible privacy or cookie policy, and no direct contact emails or phone numbers are provided, limiting transparency. The site exhibits good design and user experience but is slow to load due to large page size and many resources. Overall, the website is a moderately professional media event site with room for improvement in security and privacy compliance.

K

KM Business Information Canada Ltd.

risingstarscanada.com

55

RisingStarsCanada.com is a media and event website dedicated to the Lexpert Rising Stars Awards, which recognize outstanding lawyers under 40 in Canada. The site is operated by KM Business Information Canada Ltd., a medium-sized media company specializing in legal industry events and publications. The platform targets legal professionals and law firms across Canada, providing nomination and award event information supported by established legal media partners. Technically, the website is built on WordPress with modern front-end frameworks like Bootstrap and uses multiple third-party marketing and analytics tools including Google Analytics, HubSpot, and Lytics. While the site supports strong TLS protocols and has some security best practices in place, it lacks critical security headers such as HSTS and DMARC, and does not publish a privacy or cookie policy, which impacts its compliance posture. The website performance is slow due to a large page size and numerous resources, but mobile optimization and SEO are adequate. Overall, the site is professional and trustworthy within its niche but requires improvements in security and privacy transparency to meet modern standards.

E

Email Service Provider — Amazon Simple Email Service (Amazon SES) — AWS

amazonses.com

66

Security assessment completed with an overall score of 50/100 (unknown risk). 9 high-priority issues should be addressed promptly. Total of 23 security findings identified across all modules.

P

Press Manager

pressmanager.com.br

63

Press Manager is a Brazilian technology company specializing in software solutions for press management and communication services. Positioned as a market leader in Brazil, it offers a comprehensive SaaS platform targeting marketing departments, public agencies, press offices, communication agencies, freelancers, and journalists. The platform provides key services including press mailing, release distribution, news monitoring, and online management, supported by a strong brand presence and client trust signals. Technically, the website is built on WordPress, hosted on AWS infrastructure, and employs modern web technologies and SEO best practices. However, the security posture is weakened by the absence of a valid SSL certificate and lack of advanced security configurations, despite proper email authentication records and cookie consent mechanisms. Overall, the company demonstrates a mature digital presence with room for critical security improvements.

J

JET e-Business

jetshopping.com.br

91

JET e-Business is a Brazilian e-commerce platform provider offering high-performance, customizable solutions for B2C, B2B, D2C, and B2B2C business models. The company positions itself as a strategic partner for businesses seeking to scale their online sales with integrated marketplace management, analytics, and shipping solutions. Their website reflects a mature digital presence with comprehensive marketing and analytics integrations, including Google Analytics, Facebook Pixel, Hotjar, and Bing Ads. However, the site lacks a valid SSL certificate and modern TLS support, which poses security risks. DNS configurations are properly set with SPF and DMARC policies, but DNSSEC and CAA records are absent. The company provides clear privacy and cookie policies with consent mechanisms, but no explicit security or incident response policies are publicly available. Overall, JET demonstrates a strong market position in the e-commerce technology sector but should urgently address its SSL/TLS deficiencies to improve security and trust.

R

Reclame Aqui

reclameaqui.com.br

66

Reclame Aqui is a prominent Brazilian consumer complaint platform that facilitates communication between consumers and companies to resolve disputes and manage reputations. The website is currently protected by Cloudflare's security services, which has blocked access to the provided URL, limiting direct content analysis. The platform likely serves a large user base in Brazil, focusing on consumer rights and corporate accountability. Technically, the site leverages Cloudflare for DNS and security, with Google MX servers handling email. The SSL certificate is valid but lacks advanced security configurations such as HSTS and DNSSEC. The absence of privacy, cookie, and terms of service policies on the analyzed page suggests these may be located elsewhere or not publicly accessible at this URL. Security posture shows basic email authentication practices with SPF and DMARC but lacks advanced web security headers and configurations. Overall, the site demonstrates moderate technical infrastructure but requires improvements in security best practices and transparency to enhance trust and compliance.

G

GBM Administradora de Activos S.A. de C.V. S.O.F.I.

gbmfondos.com.mx

63

GBMfondos is a well-established Mexican financial services company specializing in investment funds and personalized investment advisory through its GBMadvisor platform. With over 35 years of industry experience and recognition such as Morningstar Awards, it holds a strong market position in Mexico's finance sector. The company targets investors seeking accessible and intelligent investment solutions, supported by a mobile application and a comprehensive digital platform. Technically, the website is hosted on Amazon AWS and employs modern tracking and analytics tools including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing strategy. However, performance is slow and some SEO and accessibility aspects are basic. Security-wise, the site uses TLS 1.2 and 1.3 with a strict DMARC policy, but lacks advanced SSL features like HSTS and OCSP stapling, and does not have a published security policy or incident response contacts. Overall, the site is professional and trustworthy but could improve in security posture and privacy compliance.

G

GBM App

appgbm.com

60

The website appgbm.com appears to be a minimal React-based authentication portal with limited publicly visible content or business information. The site uses modern technologies such as React, Google Tag Manager, and New Relic for analytics and monitoring, hosted on Amazon AWS infrastructure. However, the site lacks essential compliance and security disclosures such as privacy policies, cookie policies, terms of service, and contact information. The SSL configuration is good with support for TLS 1.3 and 1.2 and no known vulnerabilities, but important security enhancements like HSTS, DNSSEC, DMARC, and OCSP stapling are missing. Performance is suboptimal with a high load time and large page size, indicating potential technical debt or unoptimized resources. Overall, the site demonstrates a basic technical maturity but lacks transparency and comprehensive security posture, which may impact user trust and regulatory compliance.

G

GBM

gbm.com

57

GBM is a leading financial services company in Mexico offering a broad range of investment products, trading platforms, and advisory services targeting both individual and institutional investors. The company positions itself as a comprehensive investment ecosystem with strong market presence and a wide product portfolio including stocks, ETFs, bonds, and alternative investments. Their digital platform is supported by WordPress CMS with advanced SEO and marketing integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Marketing and analytics tools are extensively used, indicating a mature digital marketing strategy but raising privacy considerations. Legal and privacy documentation is comprehensive and available in Spanish, supporting regulatory compliance. However, explicit security policies and incident response information are not publicly disclosed.

R

Resonanz Digital

resonanz-digital.at

48

Resonanz Digital is a well-established digital agency based in Austria, specializing in WordPress websites, online shops, eCommerce solutions, online marketing, SEO, and Google Ads. With over 20 years of experience and a Google Partner certification, the company targets small and medium enterprises, founders, and individual entrepreneurs. Their service portfolio includes web design, WordPress development, maintenance, plugin development, and marketing services, positioning them as a trusted partner for digital presence creation. The website demonstrates a strong brand consistency and excellent content quality, supported by positive customer reviews from ProvenExpert. Technically, the site runs on WordPress with the Enfold theme and uses various performance and multilingual plugins. Hosting is provided via Google Cloud infrastructure. Security-wise, the site supports modern TLS protocols and has valid SPF and DMARC records but lacks advanced security features like HSTS, DNSSEC, and OCSP stapling, which could be improved. The cookie consent mechanism is implemented with opt-in for marketing and statistics cookies, reflecting good privacy compliance. Overall, the website is professional, trustworthy, and well-optimized for SEO and user experience, though performance could be enhanced.

S

SAE Institute

sae.edu

62

SAE Institute is a global education provider specializing in creative media courses with multiple regional campuses worldwide. The website analyzed serves as a regional selector landing page directing users to localized campus sites. The business model focuses on delivering specialized education in creative media to students internationally, positioning itself as a large, established educational institution. Technically, the site uses a lightweight design with jQuery and Matomo analytics, hosted on Amazon AWS infrastructure. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. Security configurations such as DNSSEC, HSTS, and CAA records are missing, and no privacy or cookie policies are present on this landing page. The use of Matomo indicates some level of user tracking without explicit consent mechanisms, raising privacy concerns. Overall, the site demonstrates moderate digital maturity but requires significant improvements in security and compliance to meet modern standards.

G

Greyd GmbH

greyd.de

47

Greyd GmbH operates the Greyd.Suite, an all-in-one WordPress platform designed to help freelancers, agencies, and enterprises scale their WordPress businesses efficiently. The company positions itself as a comprehensive solution provider with a unique block-based builder, centralized content and design management, and advanced features such as headless CMS capabilities and dynamic content management. Their market position is strengthened by a consistent brand presence, extensive feature set, and a focus on performance and accessibility. Technically, the website is built on WordPress 6.8.1 with a rich tech stack including custom plugins, Borlabs Cookie for GDPR-compliant consent management, and Chargebee for subscription billing. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user data confidentiality and trust. The site demonstrates good SEO and accessibility practices, with comprehensive legal and privacy documentation. Overall, Greyd GmbH shows strong digital maturity but should urgently address SSL and TLS issues to improve security and user trust.

W

WP-Stars GmbH

wp-stars.com

54

WP-Stars GmbH is a well-established digital agency specializing in E-Commerce, web development, UX/UI design, and online marketing primarily serving clients in Austria and Germany. Founded in 2005, the company offers a comprehensive suite of digital services including website and online shop creation, platform development, and strategic digital consulting. Their market position is strengthened by certifications such as KMU.Digital and Trusted Shops Qualified Partner, alongside a portfolio of reputable clients. Technically, the website is built on WordPress with modern performance optimizations and integrates key tools like Gravity Forms and Borlabs Cookie for GDPR compliance. Security posture is solid with valid SSL, SPF, and DMARC records, though improvements like enabling HSTS and DNSSEC could enhance protection. Overall, WP-Stars demonstrates a mature digital presence with strong business and technical foundations, though explicit security policies and vulnerability disclosures are absent.

F

Formalize ApS

formalize.com

79

Formalize ApS is a Denmark-based technology company specializing in compliance software solutions designed to streamline governance, risk, and compliance operations for organizations. Their platform supports compliance with major regulatory frameworks such as NIS2, DORA, ISO 27001, and GDPR, offering customizable dashboards, automation, and a Trust Center for sharing compliance documentation. The company is positioned as a trusted provider with over 8,000 customers and strong partnerships with leading law and accounting firms. Technically, Formalize leverages modern web technologies including Alpine.js, AWS hosting, and integrates marketing and analytics tools such as Hubspot, Google Tag Manager, and Cookiebot for consent management. However, the website currently suffers from an invalid SSL certificate and lacks modern TLS protocol support, which poses a significant security risk. Despite this, the company demonstrates strong security practices with SPF, DMARC, and HSTS configurations, alongside certifications like ISO 27001 and ISAE 3000. Overall, Formalize presents a mature compliance platform with excellent user experience and comprehensive content, but should urgently address SSL and TLS issues to maintain trust and security.

K

Koelnmesse GmbH

koelnmesse.de

58

Koelnmesse GmbH is a leading international trade fair and event organizer based in Germany, with a strong market position and a comprehensive portfolio of over 80 trade fairs and events globally. The company serves a diverse audience including exhibitors, visitors, and business partners, providing key services such as exhibitions, conferences, and venue management. Technically, the website employs modern web technologies including jQuery, OneTrust for cookie consent, Google Tag Manager, and Plausible Analytics, hosted on Amazon AWS infrastructure. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to secure communications. Despite these issues, the company demonstrates strong compliance with GDPR and provides clear privacy and cookie policies, along with active incident response contacts. Overall, Koelnmesse maintains a high level of professionalism and trustworthiness in its digital presence.

B

Bentley Systems, Incorporated

virtuosity.com

69

Bentley Systems, Incorporated is a leading global infrastructure engineering software company offering a comprehensive portfolio of software solutions for design, construction, and operations of infrastructure projects. Their e-commerce platform, Virtuosity, provides Bentley software subscriptions bundled with customizable expert training and support, targeting engineers, architects, constructors, and owner-operators. The company maintains a strong market position with a consistent brand presence and a large enterprise footprint. Technically, the website is built on the Magento Commerce platform with extensive use of JavaScript libraries and integrations including HubSpot, OneTrust, VWO, and New Relic. The site offers multi-language and multi-currency support, with good mobile optimization and accessibility features. However, the SSL configuration is currently invalid or missing, which poses a significant security risk. From a security perspective, the site implements SPF and DMARC for email protection and uses cookie consent mechanisms compliant with GDPR. Despite these strengths, the lack of a valid SSL certificate, absence of HSTS, and no evidence of a security policy or incident response plan indicate areas for urgent improvement. No explicit vulnerability disclosure or data protection officer contact information was found. Overall, while the business and technical infrastructure are robust and mature, the security posture requires immediate attention to protect user data and maintain trust. Strategic recommendations include securing the site with valid SSL/TLS, enhancing security headers, and formalizing security and incident response policies.

C

Cesium GS, Inc.

cesium.com

70

Cesium GS, Inc. operates a leading platform for 3D geospatial data visualization, data pipelines, and analytics, serving a broad range of industries including aerospace, defense, real estate, and smart cities. The company leverages an open source core and open standards to provide interoperable and precise geospatial solutions. Technically, the website employs modern frameworks such as React and Next.js, is hosted on AWS, and integrates accessibility and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with valid TLS certificates, SPF and DMARC policies, and OCSP stapling, though improvements in HSTS and DNSSEC are recommended. Overall, Cesium demonstrates a high level of professionalism, community engagement, and technical sophistication, positioning it well in the competitive geospatial technology market.

S

Seequent

seequent.com

70

Seequent is a leading provider of geoscience analysis, modelling, and collaborative software solutions primarily serving the mining, civil, environmental, and energy sectors. As a subsidiary of Bentley Systems, it holds a strong market position with a comprehensive portfolio of products designed to help organizations understand subsurface data and make informed decisions. The company targets organizations requiring advanced geological and geotechnical data management and modelling capabilities. Technically, the website is built on WordPress with modern optimization and analytics tools such as NitroPack, Algolia, Segment, and Marketo, indicating a mature digital infrastructure. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security gaps. The security posture is moderate with good email authentication (SPF, DMARC) but lacks HTTPS enforcement and advanced security headers. Overall, Seequent presents a professional and trustworthy online presence but should prioritize improving its SSL/TLS configuration and security policies to enhance user trust and compliance.

Cohesive Group is a globally recognized asset management solutions provider specializing in enterprise asset management, advisory, and data services. With a strong partnership ecosystem including IBM, Microsoft Azure, AWS, Bentley, and Planon, Cohesive delivers comprehensive digital transformation and asset lifecycle management solutions to complex infrastructure owners and operators. Their market position is reinforced by over 700 successful IBM Maximo implementations and a reputation as a stand-out leader in the industry. Technically, the website is built on WordPress with modern front-end technologies and hosted on Microsoft Azure infrastructure. While the site demonstrates good SEO and mobile optimization, performance is slow and there is room for improvement in accessibility and security headers. Security posture is solid with modern TLS support and no critical vulnerabilities detected, but enhancements such as HSTS, DNSSEC, and CAA records are recommended. Overall, Cohesive presents a professional and trustworthy digital presence aligned with its business objectives.

A

Attention Required! | Cloudflare

saily.com

58

Security assessment completed with an overall score of 50/100 (unknown risk). 11 high-priority issues should be addressed promptly. Total of 30 security findings identified across all modules.

N

NordProtect

nordprotect.com

68

NordProtect is a comprehensive identity theft and cyber protection service operated by Nord Security, targeting U.S. customers with a subscription-based model. The service offers a broad range of features including dark web monitoring, credit monitoring, security alerts, identity theft recovery coverage up to $1 million, cyber extortion protection, and online fraud coverage. The website is professionally designed with excellent content quality and clear branding consistent with the Nord Security group. Technically, the site uses modern web technologies such as the Astro framework and Solid-js, hosted on Cloudflare, with moderate performance and good mobile optimization. Security posture is solid with valid SSL, SPF, and DMARC policies, but lacks advanced DNS security features like DNSSEC and CAA records. No explicit security or incident response policies are published on the site. Advertising and analytics are managed primarily through Google services with a moderate level of user tracking and good privacy compliance. Overall, NordProtect presents a trustworthy and professional identity protection service with room for security enhancements.

W

Wake Experience

allin.com.br

54

Wake Experience, formerly All In, is a technology company specializing in customer data platforms and AI-driven marketing solutions. Positioned as a medium-sized enterprise in Brazil under the parent company LWSA, it offers services that enable businesses to capture, integrate, and leverage customer data to create personalized experiences across multiple channels. The website demonstrates a mature digital presence with integrations for consent management and analytics, reflecting a commitment to privacy compliance and data-driven marketing. However, the absence of a valid SSL certificate is a critical security gap that undermines data protection efforts. The DNS and email security configurations are well-managed, indicating operational security awareness. Overall, the company shows strong market positioning in technology-driven customer experience but needs to address fundamental security infrastructure to reduce risk and enhance trust.

S

Storytel AB (publ).

storytelgroup.com

65

Storytel AB operates one of the world's largest audiobook and e-book streaming platforms, serving over 2.3 million subscribers with a vast catalog in multiple languages. The company combines digital streaming with print publishing, positioning itself as a leading media entity in Sweden and internationally. Their website reflects a mature digital presence with strong investor relations and corporate governance transparency. Technically, the site is built on WordPress with Bootstrap, hosted via Cloudflare, and integrates Cookiebot for GDPR-compliant cookie management and Google Tag Manager for marketing analytics. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses. The site also exhibits slow load times, which could impact user experience and SEO. Security headers are minimal, with only SPF and DMARC configured, and no advanced protections like HSTS or CSP are present. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to protect user data and maintain trust.

M

Mofibo

mofibo.com

62

Mofibo is a prominent Danish digital media platform specializing in subscription-based access to a vast library of over 600,000 audiobooks, e-books, and podcasts. As part of the Storytel group, it holds a strong market position in Denmark, offering tailored subscription plans including individual, family, and student options. The platform emphasizes user experience with features like offline downloads and exclusive content under the Mofibo Originals brand. Technically, Mofibo leverages modern web technologies such as Next.js, Cloudflare, and integrates multiple third-party services for analytics, marketing, and payment processing. The website demonstrates good digital maturity with a comprehensive cookie consent mechanism and GDPR compliance. Security-wise, Mofibo maintains a valid SSL certificate and implements SPF and DMARC policies, though improvements like enabling HSTS and DNSSEC are recommended. Overall, Mofibo presents a professional, trustworthy, and user-centric digital service with extensive tracking and marketing integrations.

D

DWS Group

dws.de

66

DWS Group is a leading global asset manager headquartered in Germany, offering a broad range of investment solutions including ESG, infrastructure, equity, bonds, and ETFs. The company has a strong market position with over 60 years of investment expertise and a large workforce. Their digital presence is built on modern web technologies such as Vue.js and integrates advanced video content delivery via Brightcove. The website demonstrates good SEO and user experience practices, with comprehensive privacy and cookie consent mechanisms in place. Security posture is solid with strict SPF and DMARC policies and use of TLS 1.3, though improvements such as enabling HSTS and OCSP stapling are recommended. Fraud warnings and clear contact information enhance user trust. Overall, the site reflects a mature digital infrastructure aligned with enterprise-grade asset management services.

B

BHW Bausparkasse AG

bhw.de

58

BHW Bausparkasse AG is a well-established German financial institution specializing in building savings and home financing products. The company operates a comprehensive website offering detailed information on its products, services, and customer support, targeting private customers interested in real estate financing and savings. The website is built on Adobe Experience Manager and integrates Webtrekk analytics for user tracking and marketing optimization. Security measures include a valid SSL certificate with TLS 1.2 and strong cipher suites, SPF and DMARC email authentication, and multiple domain verification records, although improvements such as enabling HSTS, OCSP stapling, and TLS 1.3 are recommended. The company maintains GDPR-compliant privacy and cookie policies with explicit consent mechanisms. Contact information is clearly provided with phone numbers and contact forms, but no explicit data protection officer contact or security policy page was found. Overall, the website demonstrates a mature digital presence with good usability and trust indicators, supported by strategic partnerships with Deutsche Bank and Postbank.

N

norisbank GmbH

norisbank.de

57

norisbank GmbH is a direct bank subsidiary of Deutsche Bank Gruppe, headquartered in Bonn, Germany. The company offers a range of financial products including credit, checking accounts (Girokonto), savings accounts (Tagesgeld), credit cards, and securities depot services. The website demonstrates a strong market position with multiple awards and certifications, targeting private customers, business clients, students, and youth. The business model focuses on digital banking services with an emphasis on online and mobile banking platforms. Technically, the website is built on Adobe Experience Manager with integrations for Adobe Analytics and Usercentrics for consent management, reflecting a mature digital infrastructure. However, the website currently lacks a valid SSL/TLS certificate, which is a critical security vulnerability. Email security is well configured with SPF and DMARC policies. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, but requires urgent improvements in SSL security to protect user data and maintain trust.

G

Girokonto eröffnen, günstige Kredite, Sparen und Anlegen | Postbank

postbank.de

62

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 27 security findings identified across all modules.

M

maxblue

maxblue.de

61

maxblue is the online brokerage platform of Deutsche Bank AG, offering a comprehensive suite of investment and trading services including securities trading, depot management, and savings plans. The website positions itself as a strong partner for both beginners and professional investors in Germany, providing extensive market data, analysis, and digital tools. Technically, the site is built on Adobe Experience Manager with Angular framework, leveraging modern web technologies and integrating Adobe Launch for marketing and analytics. Security measures include strong TLS 1.2 encryption, SPF and DMARC email policies, and absence of major SSL vulnerabilities, though improvements like enabling HSTS and TLS 1.3 could enhance security further. The site demonstrates good privacy compliance with clear policies and consent mechanisms. Overall, maxblue presents a professional, trustworthy, and well-structured online brokerage service with a solid digital infrastructure.

B

Berenberg

berenberg.com

65

Berenberg is a historic and well-established financial institution founded in 1590, headquartered in Hamburg, Germany, with a strong presence across Europe and the United States. The company offers a comprehensive suite of financial services including investment banking, corporate banking, asset management, and fund management. It is recognized as one of Europe's leading advisors with a large equity research team covering over 800 European companies. The website reflects a mature digital presence with detailed business information, multiple international office locations, and a focus on client service and sustainability. Technically, the website employs modern web technologies such as JavaScript frameworks, SVG graphics, lazy loading, and structured data for SEO. Hosting is on Microsoft Azure with DNS managed by Colt, and the SSL configuration is robust with TLS 1.2 and strong cipher suites. Cookie consent is managed via CookieFirst, ensuring compliance with privacy regulations. However, there is room for improvement in security headers and protocols, such as enabling HSTS, DNSSEC, and TLS 1.3. From a security perspective, the site demonstrates good practices including SPF and DMARC email protections, OCSP stapling, and no detected SSL vulnerabilities. The privacy policy and cookie consent mechanisms are comprehensive and GDPR compliant. No explicit incident response or vulnerability disclosure pages were found, which could be enhanced to improve transparency and security posture. Overall, Berenberg's website and digital infrastructure reflect a high level of professionalism and trustworthiness, supporting its position as a major player in the financial services sector. Strategic improvements in security protocols and transparency could further strengthen its risk management and client confidence.

H

HBL Solutions

hblsolutions.ch

61

HBL Solutions is a Swiss Banking-as-a-Service provider operating under the regulated banking license of Hypothekarbank Lenzburg AG. The company specializes in embedding banking products such as accounts, cards, payments, securities portfolios, and pension plans into the digital customer journeys of partner companies. Their market position is that of a Swiss pioneer in embedded and open finance, supported by a robust banking infrastructure and regulatory compliance. Technically, the website is built on Umbraco CMS with modern JavaScript libraries like Swiper.js and jQuery, and employs Cookiebot for GDPR-compliant cookie consent management. However, the absence of a valid SSL certificate is a critical security gap. The security posture shows strengths in regulatory compliance and consent management but weaknesses in transport security and DNS security features. Overall, the business is well-positioned in the Swiss finance sector with a clear focus on embedded finance, but should urgently address SSL and DNS security to improve trust and compliance.

F

Finstar AG

finstar.ch

69

Finstar AG is a Swiss-based company specializing in integrated IT solutions for private and universal banks as well as fintechs. With over 40 years of experience, the company offers customized and cost-effective banking software and services, positioning itself as a trusted partner in the financial technology sector. Their offerings include a broad range of products and services such as APIs, digital onboarding, and digital asset platforms, supported by a strong ecosystem of partner banks and financial institutions. The company is a subsidiary of Hypothekarbank Lenzburg AG and holds the prestigious 'swiss made software' label, underscoring its commitment to quality and reliability. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries including GSAP and ScrollMagic for enhanced user experience. It integrates Cookiebot for GDPR-compliant cookie consent management and Google Tag Manager for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security gap. Performance is slow, likely due to the large page size and resource count, but mobile optimization and accessibility are rated good. From a security perspective, the domain has well-configured SPF and DMARC records with a strict reject policy, reducing email spoofing risks. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms were found. The cookie consent mechanism is comprehensive and transparent, supporting GDPR compliance. Overall, Finstar AG presents a professional and trustworthy digital presence with strong business credentials and compliance in privacy and cookie management. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and maintain trust. Strategic improvements in security infrastructure and transparency around security policies would enhance the company's risk profile and customer confidence.

H

Hypothekarbank Lenzburg AG

hblasset.ch

56

HBL Asset Management, a brand of Hypothekarbank Lenzburg AG, operates a professional asset management and investment product platform targeting private investors primarily in Switzerland. The website offers financial market news, investment insights, and profiling tools to support investor decision-making. Technically, the site is built on the Umbraco CMS and integrates several modern web technologies including Google Analytics, Cookiebot for GDPR-compliant cookie consent, and Google Tag Manager. However, the site lacks HTTPS encryption, which is a critical security deficiency. While cookie consent and privacy policies are well implemented, the absence of SSL/TLS and security headers exposes users to risks. The company maintains a strong digital presence with social media integration and clear contact information, but should urgently address security gaps to protect user data and enhance trust.