Security Directory

F

FOSSi Foundation

fossi-foundation.org

48

The FOSSi Foundation is a small, international non-profit organization dedicated to promoting and protecting the open source silicon chip movement. It serves as a custodian for the Free and Open Source Silicon community, organizing key events such as Latch-Up and ORConf, publishing a monthly newsletter, and fostering collaboration among developers and contributors. The foundation's website reflects a strong community focus with clear navigation, professional design, and mobile optimization. Technically, the site is built using modern frameworks like Nuxt.js and Vue.js, hosted likely on Netlify, and employs efficient performance and accessibility practices. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks some security headers and formal policies such as privacy and cookie policies, which are important for compliance and trust. Overall, the website is trustworthy and professional, though it would benefit from enhanced privacy compliance and explicit security documentation.

Wilson Creative is a well-established digital agency based in Sweden with offices in Stockholm and Kalmar. The company offers a comprehensive suite of services including web development, digital marketing, branding, and film production. They serve a diverse client base across Sweden and have received multiple awards and positive client testimonials, positioning them as a reputable player in the digital communications market. Their website reflects a modern, professional design with clear navigation and strong branding consistency. Technically, the site leverages modern frameworks such as Nuxt.js and Vue.js, integrates with Prismic CMS, and employs Cookiebot for GDPR-compliant cookie management. Security practices are robust with HTTPS enforced and appropriate security headers present. However, explicit security policies and incident response contacts are not published, which could be improved. Overall, the site demonstrates a high level of digital maturity and compliance, supporting Wilson Creative's market position as a trusted digital partner.

L

Leaseonline Sweden AB

leaseonline.se

39

Leaseonline Sweden AB operates a professional online car leasing platform primarily targeting private and corporate customers in Sweden. The website offers a broad selection of vehicles, flexible leasing contracts, and integrates secure identity verification via BankID. The company has been active since 2015 and positions itself as a trusted intermediary between customers and vehicle financing partners. Technically, the site is built on modern JavaScript frameworks such as Vue.js and Nuxt.js, with Google Analytics for tracking. The design is responsive and user-friendly, providing a good user experience. Security posture is adequate with HTTPS and secure identity verification, but lacks some security headers and explicit incident response policies. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are missing. Overall, the site is legitimate, well-structured, and trustworthy, with room for improvement in security and privacy transparency.

P

Pactumize

pactumize.com

45

Pactumize is a Swedish legal technology company specializing in contract drafting automation and digital negotiation solutions. Their platform targets legal teams and business users who require efficient, remote contract management and negotiation capabilities. The website reflects a niche market position with a SaaS business model offering free trials and demos to attract users. Technically, the site employs modern frontend technologies such as Vue.js and Tailwind CSS, integrates analytics and tracking tools like Google Analytics and FullStory, and implements standard security measures including HTTPS and reCAPTCHA. However, explicit security policies and terms of service are absent, which could be improved to enhance trust and compliance. Overall, the website is professionally designed, mobile-optimized, and provides clear navigation and relevant content, supporting a positive user experience.

S

Sartorius AG

umetrics.com

64

Sartorius AG operates the Umetrics Suite of Data Analytics Software, providing advanced tools to optimize manufacturing processes, improve product quality, and support regulatory compliance. Positioned as a global leader in bioprocessing and data analytics, Sartorius targets manufacturing and biopharmaceutical professionals with a comprehensive suite of software solutions and services. The website reflects a mature digital infrastructure with modern technologies such as Google Tag Manager, Wistia video integration, Usercentrics consent management, and Marketo forms, built on the CoreMedia CMS and SAP Hybris platform. Security posture is strong with HTTPS enforcement, consent mechanisms, and secure form handling, though explicit security headers should be verified. The site demonstrates excellent content quality, professional design, and clear navigation, supporting a high level of user trust and engagement. Overall, Sartorius presents a credible and well-maintained online presence aligned with its enterprise business stature.

Nordisk Film is a prominent Nordic entertainment company specializing in film and series production, gaming, and cinema operations. It holds a leading market position in the Nordic and Baltic regions, supported by its affiliation with the Egmont group. The website demonstrates a mature digital infrastructure leveraging modern frameworks such as Nuxt.js and Vue.js, ensuring a responsive and performant user experience. Security measures include HTTPS enforcement and a Content Security Policy, alongside a comprehensive cookie consent mechanism that aligns with GDPR requirements. While contact information is not explicitly listed, the site maintains professional content and clear business representation. Overall, the risk profile is low with recommendations to enhance security headers and publish a vulnerability disclosure policy.

L

Lindex

lindex.com

59

Lindex is a well-established Scandinavian fashion retailer with a strong presence in Europe, operating both physical stores and an extensive e-commerce platform. The company offers a wide range of products including women's wear, kids' wear, lingerie, and cosmetics, targeting primarily European consumers. Their market position is solid as one of Europe's leading fashion brands with a large store network and a comprehensive online presence. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with a robust content management system (Hygraph) and utilizes advanced analytics and marketing tools including Cookiebot for consent management and Google Tag Manager. The site is optimized for performance, mobile responsiveness, and accessibility, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, implements comprehensive security headers, and employs a detailed cookie consent mechanism ensuring GDPR compliance. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a public security.txt file and explicit incident response contact information, which are recommended for enhanced security posture. Overall, Lindex demonstrates a high level of professionalism, security, and compliance, making it a trustworthy and reliable online retailer. Strategic improvements in transparency around security policies and incident response could further strengthen their security culture and customer trust.

Z

Zmarta AB

insplanet.com

58

Zmarta AB operates a comprehensive online platform for insurance and financial product comparison primarily targeting the Swedish market. The website offers a broad range of insurance products including car, home, life, and business insurance, alongside loan and electricity price comparisons. With over 1.5 million insurance sales and partnerships with numerous reputable insurance companies, Zmarta holds a strong market position as a trusted intermediary. The platform emphasizes user convenience through features like BankID authentication and free advisory services. Technically, the website employs modern frameworks such as Vue.js, integrates advanced analytics and marketing tools, and maintains good performance and accessibility standards. Security practices include HTTPS enforcement, cookie consent management, and error tracking, though explicit security policies and incident response details are not publicly disclosed. Overall, the site demonstrates a high level of professionalism, compliance with GDPR, and strong business credibility, making it a reliable resource for consumers seeking insurance and financial services.

S

Surahammars kommun

surahammar.se

46

Surahammars kommun is the official municipal government website for Surahammar, Sweden, providing comprehensive information and services related to education, social care, culture, environment, business, and local governance. The site targets residents, businesses, and visitors, offering a broad range of municipal services and resources. It holds a strong position as a local government authority with a medium-sized operational scope. Technically, the website is built on the SiteVision CMS platform, utilizing modern technologies such as React and Vue.js, and includes accessibility features like ReadSpeaker. The site demonstrates good performance and mobile optimization, with clear navigation and professional design. Security-wise, the site enforces HTTPS, uses cookie consent mechanisms compliant with GDPR, and employs best practices such as script nonces and no visible sensitive data. However, explicit security headers and a dedicated security policy page are absent. Overall, the website is trustworthy, legitimate, and well-maintained, reflecting the official nature of the municipal entity.

K

Kanthal AB

kanthal.com

61

Kanthal AB operates a professional and comprehensive website focused on industrial heating technology and resistance materials. The company is positioned as a world-leading brand in its sector, supported by a strong parent company, Alleima. The website provides extensive product information, technical resources, and sustainability content, targeting industrial customers and partners. Technically, the site uses modern JavaScript frameworks such as React and Vue.js, integrates Azure Application Insights for monitoring, and employs Google Tag Manager and OneTrust for analytics and privacy compliance. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and vulnerability disclosures are absent. Overall, the site demonstrates a mature digital presence with good privacy compliance and business credibility.

T

Telenor Group

telenor.com

56

Telenor Group is a leading multinational telecommunications company connecting customers across the Nordics and Asia. The company offers a broad range of telecom services including mobile and fixed networks, with a strong emphasis on innovation such as sovereign AI infrastructure. Their website reflects a mature digital presence with comprehensive investor relations, ESG initiatives, and corporate governance information. Technically, the site uses modern frameworks like Vue.js and Nuxt.js, supported by tag management tools such as Tealium and Google Tag Manager, ensuring a performant and responsive user experience. Security posture is strong with HTTPS enforcement, security headers, and a clear cookie consent mechanism, though explicit security policies and incident response contacts are not publicly detailed. Overall, Telenor demonstrates high business credibility and digital maturity, positioning itself as a trustworthy and professional entity in the telecommunications sector.

D

duva.se

duva.se

39

Duva.se is a small Swedish technology company specializing in tech, software, and cloud solutions with 15 years of experience. Their business model focuses on delivering turnkey products and custom-developed software services and integrations targeting businesses seeking specialized technology solutions. The website content is minimal but clearly communicates their expertise and service offerings. Technically, the website is built using modern JavaScript frameworks such as Nuxt.js and Vue.js, indicating a contemporary and modular infrastructure. The site is mobile optimized and performs moderately well, though accessibility features are basic. SEO is adequately addressed through meta tags and structured data. From a security perspective, the site uses HTTPS but lacks visible security headers and formal security policies. No privacy, cookie, or terms of service policies are present, and no contact information or incident response details are provided. There are no detected vulnerabilities or exposed sensitive data, but the absence of key compliance and security documentation reduces the overall security posture. Overall, the website is functional and professional but lacks comprehensive privacy and security compliance features. Strategic improvements in policy transparency, security headers, and contact information would enhance trust and compliance.

B

Bill.me LTD

bill.me

80

Bill.me LTD operates a comprehensive electronic bill management and payment platform targeting both individual customers and business clients, including cooperation partners such as property management and utility service providers. The company offers a modern SaaS solution with features like bill aggregation, one-click and automatic payments, meter reading submissions, and direct communication channels with service providers. The platform is accessible via web and mobile applications, supporting multiple app stores. Technically, Bill.me employs modern frameworks such as Nuxt.js and Vue.js, integrates Google Tag Manager, reCAPTCHA, and Cookiebot for analytics, security, and privacy compliance. The security posture is strong with HTTPS enforcement, bot protection, and cookie consent management, though some security headers could be enhanced. Privacy policies are comprehensive and GDPR compliant, with a designated Data Protection Officer contact provided. Overall, the website is professional, well-branded, and trustworthy, with clear business information and active social media presence.

T

The Scout Association

scouts.org.uk

52

The Scout Association is a well-established non-profit organization dedicated to preparing young people aged 4 to 25 with skills for life through various youth programs and volunteer opportunities. It holds a strong market position in the UK as a leading youth organization, supported by a large membership base and extensive partnerships. The website reflects a professional and comprehensive digital presence, offering resources for youth, parents, and volunteers, along with clear contact and support information. Technically, the website employs modern technologies including Vue.js, Google Tag Manager, Cloudflare for security and performance, and advanced analytics tools such as Visual Website Optimizer and Maze Analytics. The site is well-optimized for performance, mobile responsiveness, and accessibility, indicating a mature digital infrastructure. From a security perspective, the site enforces HTTPS, uses content security policies, and manages cookie consent effectively. While explicit security policies and incident response information are not directly found, the overall security posture is strong with no evident vulnerabilities or exposed sensitive data. The use of third-party scripts is managed with user consent, enhancing privacy compliance. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations, making it a reliable platform for its audience. Strategic recommendations include publishing explicit security and incident response policies, establishing a vulnerability disclosure program, and enhancing transparency around data retention and protection roles.

A

Azuria

insituform.com

58

Azuria, through its Insituform brand, is a well-established leader in the pipeline rehabilitation industry with over 50 years of experience. The company specializes in trenchless technology solutions such as CIPP for municipal, industrial, aviation, transportation, and defense sectors. Their market position is strong, supported by ISO certifications and a broad portfolio of services and subsidiaries. The website reflects a professional and consistent brand image with comprehensive content targeting B2B clients in infrastructure maintenance and renewal. Technically, the website employs modern frameworks like Vue.js and integrates multiple analytics and marketing tools including Google Tag Manager, Microsoft Clarity, and Adobe DTM. The site is mobile-optimized with good SEO and accessibility basics, though some accessibility enhancements could be made. Performance is moderate with a well-structured navigation system. From a security perspective, the site uses HTTPS with reCAPTCHA protection on forms and cookie consent mechanisms, indicating good privacy compliance. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website and domain demonstrate high legitimacy and trustworthiness. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and improving accessibility compliance to further strengthen the security posture and user trust.

E

ECOLINES

ecolines.net

62

ECOLINES is a leading coach operator in the Baltic States, providing extensive bus transportation services across 20 countries and approximately 200 cities daily. The company targets international travelers seeking comfortable and reliable bus travel options. Their business model focuses on ticket sales for both international and domestic routes, supported by digital tools such as a mobile app and online booking system. The website reflects a strong market position with a professional design and clear navigation, supporting a large and diverse customer base. Technically, the website leverages modern frontend technologies including Vue.js, integrated with Cookiebot for GDPR-compliant cookie management and Google Analytics for traffic analysis. Hosting and performance are supported by Cloudflare services, ensuring moderate to good loading speeds and mobile responsiveness. SEO and accessibility are adequately addressed, though some improvements in accessibility could be beneficial. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms to comply with privacy regulations. While explicit security headers are not fully confirmed, no critical vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response information suggests room for enhancement in transparency and preparedness. Overall, ECOLINES presents a trustworthy and professional online presence with strong privacy compliance and a solid technical foundation. Strategic improvements in security headers, accessibility, and incident response disclosures would further strengthen their security posture and user trust.

I

Instabot

instabot.io

63

Instabot is a technology company specializing in AI-powered chatbot software designed to help businesses generate leads, engage customers, and automate appointment scheduling across multiple channels including websites, text messaging, and social media platforms. The company targets a diverse audience including businesses of various sizes, marketing agencies seeking white-label solutions, and developers requiring API integrations. The platform emphasizes ease of use, rapid deployment, and scalability, positioning itself as a flexible and comprehensive chatbot solution in the competitive SaaS market. From a technical perspective, Instabot employs a modern technology stack featuring Vue.js for frontend development, integration with popular analytics and marketing tools such as Google Analytics, Facebook Pixel, Microsoft Clarity, and Hotjar, and supports omni-channel engagement including web, mobile, and social media. The website demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Performance is moderate, with asynchronous loading of scripts to enhance user experience. Security posture is solid with HTTPS enforced and no exposed sensitive data detected. However, the site lacks some recommended security headers and does not display a cookie consent mechanism, which may impact privacy compliance. There is no publicly available security policy or incident response contact information, and no vulnerability disclosure or security.txt file was found. The WHOIS data is consistent with the business claims, showing domain registration in 2018, aligning with the company's founding year, and no privacy protection masking registrant details. Overall, Instabot presents a professional and trustworthy online presence with a strong business model and technical foundation. To enhance security and compliance, the company should consider implementing additional security headers, a cookie consent banner, and publishing clear security and incident response policies. These improvements will strengthen user trust and regulatory adherence while maintaining the platform's competitive edge.

C

Certific OÜ

certific.co

68

Certific OÜ operates a specialized healthcare communication platform designed to improve patient care and reduce administrative burdens in primary care settings. The platform offers features such as automated medical summaries, task management, and secure doctor-patient communication, targeting healthcare providers and patients primarily in Estonia and the UK.

G

gotoAndPlay

play.ee

57

gotoAndPlay is a small, agile web development team based in Estonia, specializing in modern web technologies such as React, Laravel, and WordPress. They focus on delivering high-quality web applications, websites, and MVPs with a strong emphasis on UX/UI design and performance optimization.

P

Pineparks International LTD

pineparks.ch

62

Pineparks International LTD is a Swiss-based web agency specializing in tailored digital solutions including software development, app development, WordPress development, and UX design. The company positions itself as a business-oriented partner for companies seeking growth, supported by international presence with entities in London and Estonia.

P

Pineparks International LTD

pineparks.com

63

Pineparks International LTD is a reputable web development and software development agency headquartered in London, UK, with additional presence in Tallinn and Zürich. The company specializes in delivering custom software solutions tailored to businesses of all sizes, offering a broad range of services including software development, web development, mobile app development, WordPress development, and design.

P

Pineparks Technologies

pineparks.ee

64

Pineparks Technologies is a small Estonian-based technology company specializing in professional web development, e-commerce solutions, software development, mobile app creation, and UX design. The company has a strong market position supported by international awards and a multi-entity presence including domains in Estonia, the UK, and Switzerland.

M

Mirantis

mirantis.com

79

Mirantis is an established enterprise technology company specializing in AI infrastructure management and Kubernetes-based solutions. The company offers a comprehensive suite of products and services designed to manage AI workloads across cloud, on-premises, hybrid, and edge environments. Recognized as a leader and challenger in the container management space by Gartner and Omdia, Mirantis targets MLOps professionals, platform engineers, and enterprise customers seeking scalable, secure, and flexible AI infrastructure solutions. The website reflects a mature digital presence with strong branding, clear navigation, and extensive content tailored to its target audience. Technically, the website leverages modern frameworks such as Nuxt.js and Bootstrap, with a headless CMS (Storyblok) for content management. It is hosted on a Fastly CDN, ensuring fast load times and global availability. The site is mobile-optimized and includes accessibility features, contributing to a positive user experience. SEO practices are well implemented with comprehensive meta tags and structured data. From a security perspective, the site employs HTTPS with a valid SSL certificate supporting modern TLS protocols. Security headers like X-Frame-Options and HSTS (though not fully enabled) are present, and no vulnerable cipher suites or subdomain takeover risks were detected. However, improvements such as enabling HSTS fully and implementing OCSP stapling could enhance security further. Privacy compliance is supported by a comprehensive privacy policy, though explicit cookie consent mechanisms are not evident. Overall, Mirantis demonstrates a strong security posture, professional business credibility, and a well-executed technical infrastructure. The risk level is low, with recommendations focusing on enhancing security headers and privacy mechanisms to maintain compliance and trust.

C

Canal+ Luxembourg S. à r.l.

hdaustria.at

76

CANAL+ Austria operates as a subscription-based streaming service offering a wide range of TV channels, movies, series, and live sports events targeted at Austrian consumers. The website is professionally designed with consistent branding and clear navigation, supporting multiple platforms including smart TVs and mobile devices. The technical infrastructure leverages ASP.NET, Umbraco CMS, Vue.js, and integrates third-party services such as Algolia for search and Google Analytics for tracking. The site is hosted behind Cloudflare with a valid Extended Validation SSL certificate, ensuring encrypted communications. However, the absence of modern TLS protocols and incomplete security header configurations represent areas for improvement. Privacy compliance is partially met with a comprehensive privacy policy and terms of service, but lacks a visible cookie consent mechanism. Business credibility is strong with transparent domain registration and clear contact information. Overall, the site presents a solid digital presence with room to enhance security and privacy practices.

2

20i Ltd.

20i.com

40

20i Ltd. is a UK-based technology company specializing in high-performance web hosting services including reseller hosting, managed cloud hosting, managed WordPress hosting, VPS, and domain registration. The company positions itself as a premium hosting provider with a focus on speed, reliability, and expert 24/7 support, supported by multiple industry awards and positive customer testimonials. Their technical infrastructure leverages modern cloud platforms such as AWS, Google Cloud, and their proprietary 20iCloud, utilizing advanced technologies like Redis, ElasticSearch, and autoscaling to deliver high availability and performance. The website is built on modern frameworks including Nuxt.js and Vue.js, with a responsive design and good SEO practices. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS, which is a critical issue. While security headers and content security policies are in place, the lack of proper SSL/TLS configuration significantly impacts the overall security score. The company provides comprehensive contact information, including email, phone, and physical address, and maintains a strong social media presence. Strategic recommendations include immediate implementation of valid SSL certificates, enabling modern TLS protocols, and enhancing privacy compliance mechanisms. Overall, 20i presents a professional and trustworthy web hosting service with room for critical security improvements.

E

Evelyn Partners

evelyn.com

40

Evelyn Partners is a well-established UK-based wealth management firm offering personalized financial planning, investment management, and employee benefits services. The company positions itself as a leader in the UK market with significant assets under management and a long history. Their website reflects a mature digital presence with comprehensive content, professional design, and clear navigation targeting individuals, families, entrepreneurs, and financial intermediaries. Technically, the site uses modern JavaScript frameworks, integrates multiple third-party marketing and analytics tools, and is hosted on Microsoft Azure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. Privacy and compliance measures are well addressed with clear policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

R

RE/MAX Exclusive Collection

exclusivecollection.com

54

RE/MAX Exclusive Collection is a well-established luxury real estate agency serving the Central Florida region with over 30 years of experience. The company leverages the global RE/MAX network to provide comprehensive real estate services including luxury home listings, market reports, mortgage assistance, and personalized agent support. The website reflects a professional and user-friendly platform designed to facilitate property searches and client engagement. Technically, the site employs modern web technologies such as Vue.js, Bootstrap, and integrates with Google Maps and analytics tools, ensuring a responsive and interactive user experience. Security posture is solid with HTTPS enforced and monitoring tools in place, though there is room for improvement in security headers and privacy compliance mechanisms. Overall, the site demonstrates a high level of business credibility and digital maturity, supporting its market position as a premier real estate service provider in its region.

A

Asteas GmbH

iacbox.com

51

IACBOX, operated by Asteas GmbH, is a well-established provider of internet hotspot and authentication systems, serving a broad range of sectors including hospitality, healthcare, and transportation. The company has a strong market presence with over 8,500 deployments worldwide since 2003, offering both subscription and permanent licensing models. Their solutions emphasize secure, user-friendly WiFi access for guests, employees, and customers, supported by cloud-based management portals. Technically, the website leverages modern frameworks such as Nuxt.js and Vue.js, ensuring fast performance, mobile optimization, and good SEO practices. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities. However, explicit security policies and incident response information are not publicly detailed. Overall, the website and business demonstrate high professionalism, trustworthiness, and compliance with GDPR regulations.

CliftonLarsonAllen LLP (CLA) is a large, established professional services firm in the finance sector, offering integrated wealth advisory, digital, audit, tax, outsourcing, and consulting services. The company targets businesses and individuals seeking comprehensive financial and consulting solutions, operating across more than 130 locations in the United States. The website reflects a professional and consistent brand presence with rich content and multiple client engagement portals. Technically, the site uses modern JavaScript frameworks such as Vue.js, integrates marketing and analytics tools like Google Tag Manager, HubSpot, and Microsoft Web Tracking, and is hosted behind Cloudflare. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, severely impacting the security posture. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms. Overall, the site demonstrates strong business credibility and digital maturity but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

The Scripps Research Institute is a well-established nonprofit research organization focused on pioneering scientific discovery and translational medicine to address major health challenges. With a century-long history and a strong reputation in the life sciences, it combines fundamental research with drug discovery and education. The website reflects a professional and content-rich platform targeting researchers, donors, and students. Technically, the site uses modern frameworks like Vue.js and integrates analytics and marketing tools such as Google Tag Manager and Klaviyo. However, the lack of a valid SSL certificate significantly impacts the security posture, exposing visitors to risks and undermining trust. No explicit privacy or cookie policies were found, and security policies or incident response contacts are absent, indicating compliance gaps. Overall, the site is credible and authoritative but requires urgent security improvements to protect user data and enhance trust.

Adjust GmbH operates a leading mobile measurement and analytics platform designed to accelerate app growth through comprehensive attribution, fraud prevention, and marketing automation solutions. The company targets app marketers and developers globally, offering a suite of products including Measure, Analyze, Engage, Recommend, Automate, and Protect. Hosting on Vercel with a modern Nuxt.js and Vue.js frontend, the website demonstrates strong digital maturity and internationalization with multiple language support. However, a critical security issue is present due to an invalid or missing SSL certificate, significantly impacting the security posture. While security headers are mostly configured, the lack of valid HTTPS undermines trust and data protection. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism was detected. Contact information is primarily via forms, with no explicit emails or phone numbers visible. Overall, the site is professional and content-rich, but urgent remediation of SSL issues is recommended to improve security and user trust.

W

WALTER LEASING GmbH

walter-leasing.com

40

WALTER LEASING GmbH is an established Austrian company specializing in leasing and hire purchase of trucks and trailers. With a mature domain age of 25 years and a consistent brand presence, the company targets businesses and individuals seeking transportation leasing solutions. The website offers multilingual support and uses modern web technologies such as Vue.js and Google Tag Manager, indicating a moderate level of digital maturity. However, the absence of a valid SSL/TLS certificate is a critical security gap that undermines user trust and data protection. The site employs a strong Content Security Policy and cookie consent management via OneTrust, reflecting good privacy compliance practices. Overall, while the business and technical foundations are solid, urgent improvements in security infrastructure are needed to enhance trust and compliance.

P

PVH Corp.

pvh.com

40

PVH Corp. is a leading global apparel company known for its iconic brands Calvin Klein and Tommy Hilfiger. The company operates in over 40 countries with a large workforce and focuses on delivering fashion and lifestyle products. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive business information targeting consumers, investors, and job seekers. Technically, the site uses modern frameworks like Vue.js and is hosted on Microsoft IIS with Akamai CDN support, but lacks a valid SSL certificate, which is a critical security gap. Security headers are properly configured, but the absence of HTTPS and modern TLS protocols significantly reduces the security posture. Privacy compliance is partially addressed with a clear privacy policy and GDPR indicators, but no cookie consent mechanism is present. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

B

Billa BG

billa.bg

40

BILLA Bulgaria operates as a major retail supermarket chain with a strong presence in the Bulgarian market, offering a wide range of food and non-food products, including own brands and partner brands. The company emphasizes customer loyalty through its BILLA Card program and engages actively in social responsibility initiatives. Technically, the website is built on modern frameworks such as Vue.js and Nuxt.js, hosted on Google Cloud, and integrates payment services like Payone. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy compliance. Overall, the website is professional and content-rich but requires urgent security improvements to ensure safe user interactions.

I

Institut Teknologi Sepuluh Nopember

its.ac.id

40

Institut Teknologi Sepuluh Nopember (ITS) is a prominent Indonesian university specializing in science, technology, and arts education. The website serves a broad audience including prospective and current students, faculty, staff, parents, and alumni. It offers comprehensive information on academic programs, research, innovation, and public services. The institution holds a strong market position with recognized rankings in Asia Pacific and globally. Technically, the website is built on WordPress with a modern tech stack including Visual Composer, Yoast SEO, and various JavaScript libraries, providing a rich user experience with good mobile optimization and accessibility. However, the website lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are present but insufficient without proper SSL. Privacy and cookie policies are not found, indicating compliance gaps. DNS records are missing or incomplete, raising concerns about domain configuration. Overall, the site is professional and trustworthy in content but requires urgent improvements in security and privacy compliance.

S

Strolz GmbH

strolz.at

40

Strolz GmbH is a well-established Austrian retail and rental company specializing in alpine sports equipment and fashion, with a history dating back to 1921. The company operates a multi-floor flagship store in Lech am Arlberg and offers a wide range of services including ski and snowboard rental, fitting, and bike rental. Their market position is that of a premium, exclusive provider catering to winter sports enthusiasts and fashion-conscious customers. Technically, the website employs modern JavaScript frameworks such as Vue.js, integrates with Google Analytics and Tag Manager, and uses a Magnolia CMS. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to potential risks. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. Overall, the business demonstrates strong credibility and professionalism but must address its SSL/TLS configuration urgently to improve security posture and user trust.

REI is a well-established outdoor retail cooperative founded in 1938, offering a wide range of outdoor gear, clothing, and services including rentals, classes, and expert advice. The company operates both online and through physical stores, targeting outdoor enthusiasts and leveraging a membership co-op business model that fosters customer loyalty and community engagement. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site employs modern JavaScript frameworks like Vue.js, integrates advanced analytics and marketing tools such as Datadog RUM, Tealium, and Adobe Target, and is hosted on a robust CDN infrastructure via Akamai. However, the current SSL certificate is invalid or missing, which is a critical security concern that impacts the overall security posture. Security headers and content security policies are well implemented, but improvements in SSL configuration and session management are recommended. Privacy and cookie policies are present and indicate good compliance with GDPR and other regulations. Overall, REI's website demonstrates high professionalism and trustworthiness but requires urgent attention to SSL issues to ensure secure user interactions.

S

SK STURM SALES & COMMUNICATION GMBH

sksturm.at

35

SK Sturm Graz is a well-established Austrian football club with a strong digital presence through its official website. The site offers comprehensive information about the club, including news, match schedules, team rosters, membership options, and an online shop. The business model revolves around sports entertainment, fan engagement, and commercial activities such as merchandise sales and sponsorships. The website demonstrates a high level of content quality and professional design, targeting football fans and stakeholders. Technically, the site uses modern frameworks like Vue.js and is built on Craft CMS, but lacks HTTPS, which is a critical security flaw. The absence of SSL/TLS significantly impacts the security posture, despite the presence of privacy and cookie policies that comply with GDPR. Overall, the site is functional and credible but requires urgent security improvements to protect user data and enhance trust.

A

Atlantic Grupa d.d.

atlanticgrupa.com

29

Atlantic Grupa d.d. is a prominent regional leader in the fast-moving consumer goods sector, specializing in the production and distribution of popular food and beverage brands across Southeast Europe. The company maintains a strong market position with a comprehensive distribution network and a focus on sustainability and corporate responsibility. Their website reflects a professional digital presence with detailed investor relations and sustainability content, targeting regional consumers, investors, and partners. Technically, the site leverages modern JavaScript frameworks such as Nuxt.js and Vue.js and is hosted behind Cloudflare, ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy and cookie policies are well implemented, indicating GDPR compliance. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and maintain trust.

G

GATX Corporation

gatx.com

37

GATX Corporation is a well-established global leader in transportation asset leasing, with a diverse portfolio including railcars, locomotives, tank containers, and aircraft spare engines. The company holds a strong market position across North America, Europe, and India, supported by a comprehensive service offering and a commitment to sustainability and customer support. The website reflects a mature digital presence with professional design, clear navigation, and extensive business information tailored to customers, investors, and job seekers. Technically, the site leverages modern frameworks such as Vue.js and integrates advanced search and consent management tools, although performance is moderate and SSL/TLS configuration is currently lacking. Security headers are properly set, but the absence of a valid SSL certificate significantly impacts the security posture. Overall, the site is trustworthy and professional but requires urgent remediation of HTTPS to ensure secure communications and maintain user trust.

OTP Bank is a leading Hungarian financial institution with a strong regional presence in Central and Eastern Europe. Founded in 1949, it offers a comprehensive range of banking services including retail and corporate banking, loans, savings, insurance, and digital banking solutions. The website reflects a mature and professional digital presence with excellent content quality, clear navigation, and strong branding consistency. The bank leverages modern web technologies such as Vue.js and integrates multiple analytics and marketing tools to enhance user experience and business intelligence. From a technical perspective, the website employs robust security headers and content security policies, but suffers from critical SSL/TLS configuration issues including an invalid SSL certificate and lack of modern TLS protocol support. These issues significantly impact the security posture score and should be addressed promptly to ensure secure communications and user trust. Privacy compliance is well handled with clear GDPR-aligned privacy and cookie policies, supported by a consent mechanism. Overall, OTP Bank's website demonstrates high business credibility and professionalism, with comprehensive contact information and trust indicators such as awards and certifications. The domain registration data aligns well with the business history and legitimacy. Strategic improvements in SSL/TLS configuration and ongoing security audits are recommended to enhance the security posture and maintain customer confidence.

H

hokify GmbH

hokify.at

37

hokify GmbH operates a mobile-first job platform primarily serving the Austrian and German-speaking job market. The company offers a user-friendly job search portal and mobile app with over 11,000 job listings, emphasizing ease of application without the need for traditional cover letters. Technically, the website is built on modern JavaScript frameworks such as Vue.js and Nuxt.js, hosted on Amazon CloudFront CDN, and optimized for mobile devices. However, the site currently lacks a valid SSL certificate, which is a critical security concern. Privacy policies are comprehensive and GDPR compliant, and the company maintains active social media engagement. Overall, hokify presents a professional and trustworthy business with room for security improvements.

'

's Heeren Loo

sheerenloo.nl

40

's Heeren Loo is a large, established healthcare organization in the Netherlands specializing in providing tailored care and support for people with intellectual and other disabilities. Their services span diagnostics, treatment, home support, education, work and day activities, and residential care. The organization targets clients with disabilities, their families, and care professionals, emphasizing a mission to help clients live as well as possible with appropriate care levels. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuex, integrates Matomo analytics for user tracking, and uses Google Tag Manager for marketing. Accessibility and SEO are well addressed, with good mobile optimization and structured data markup. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, the website is professional, content-rich, and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

U

UPM Raflatac

upmraflatac.com

65

UPM Raflatac is a global leader in manufacturing high-performance labeling materials, serving brands, designers, and printers worldwide. The company operates a mature and well-established business with a strong emphasis on sustainability and innovation in packaging solutions. Their digital presence reflects a professional and comprehensive approach, offering extensive customer tools and multilingual support. Technically, the website leverages modern frameworks such as Vue.js, integrates advanced analytics and marketing tools, and is hosted securely via Cloudflare with robust security headers and HTTPS enforcement. The security posture is strong, though improvements like enabling HSTS could enhance protection. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain registration and WHOIS data confirm the legitimacy and consistency of the business identity.

R

Raiffeisen Bank International

raiffeisen.al

40

Raiffeisen Bank Albania is a major financial institution offering a wide range of retail and corporate banking services, including loans, credit cards, savings, and digital banking platforms. The website is professionally designed, content-rich, and targets Albanian retail customers, SMEs, and corporate clients. Technically, the site uses modern frameworks such as Vue.js and Adobe Experience Manager, with integrations for analytics and marketing tools. However, a critical security issue is the invalid or missing SSL certificate, which undermines the security posture despite good security headers and policies. Privacy compliance is strong with clear cookie consent and GDPR-aligned privacy policies. Overall, the website is trustworthy and credible but requires urgent SSL remediation to ensure secure user interactions.

F

Fritz HOLTER GmbH

holter.at

40

Fritz HOLTER GmbH operates a comprehensive website focused on sanitary and heating wholesale distribution in Austria, with additional services in wellness and pool solutions. The company has a strong market presence with over 150 years of history, targeting both professional installers and end consumers. The website is content-rich, professionally designed, and offers multiple user engagement channels including partner installer search, online bathroom planner, and newsletter subscription. Technically, the site uses modern technologies such as Vue.js and Storyblok CMS, hosted on AWS CloudFront CDN, with good SEO and accessibility practices. However, the security posture is weakened by an invalid or missing SSL certificate, lack of HTTPS enforcement, and absence of modern TLS protocols, which poses a significant risk. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to improve security and user trust.

S

SCHMIDT Groupe

cuisines-schmidt.com

29

SCHMIDT Groupe operates a comprehensive and professionally designed website focused on custom interior design solutions including kitchens, furniture, and bathrooms. The company is a leading French manufacturer with a strong market position and a large-scale retail business model. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, extensive use of analytics and marketing tools, and a clear focus on user experience and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR requirements. Overall, the site is content-rich and trustworthy but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

Hawle Beteiligungsgesellschaft m.b.H. is a well-established Austrian manufacturer specializing in water supply valves and related products, serving a global market with a strong European manufacturing base. The company emphasizes sustainability, quality, and innovation, with a broad product portfolio including gate valves, butterfly valves, and digital water management solutions. The website reflects a mature digital presence with multi-language support and professional branding. Technically, the site uses modern JavaScript frameworks (Vue.js), Pimcore CMS, and integrates analytics and consent management tools, indicating a good level of digital maturity. However, a critical security weakness is the lack of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business appears credible and trustworthy, but urgent improvements in SSL/TLS deployment are recommended to secure user interactions and data.

R

Roomle GmbH

roomle.com

40

Roomle GmbH operates a sophisticated 3D commerce platform named Rubens, specializing in product personalization, room designing, and augmented reality visualization. The company targets furniture manufacturers, retailers, and other industries seeking to enhance their e-commerce offerings with interactive 3D configurators and AR experiences. The platform integrates with e-commerce and ERP/CRM systems, providing a seamless customer experience and boosting sales. Technically, the website leverages modern web technologies including Vue.js, Storyblok CMS, and Google Cloud hosting, with performance and mobile optimization rated good. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are present and GDPR compliant, but incident response and vulnerability disclosure mechanisms are lacking. Overall, Roomle presents a professional and trustworthy business with strong market positioning but must urgently address its SSL/TLS deficiencies to ensure secure user interactions.