Security Directory

C

CTEK Sweden AB

ctek.com

56

CTEK Sweden AB is a well-established company specializing in innovative battery charging solutions for a wide range of vehicles, including electric vehicles. The company holds a strong global market position, supplying products in over 70 countries and maintaining partnerships with major automotive manufacturers. Their product portfolio includes battery chargers, battery management solutions, EV charging solutions, and app-controlled charging, reflecting a comprehensive approach to energy and transportation sectors. The website demonstrates a mature digital infrastructure with modern technologies such as Litium CMS, Google Tag Manager, Hotjar, and Cookiebot, ensuring a good user experience and compliance with privacy regulations. Security measures are robust, including HTTPS enforcement, CSRF protection, and reCAPTCHA integration, although explicit incident response and vulnerability disclosure information are absent. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, supporting the company's credibility and customer engagement.

L

LeanOn AB

leanon.se

45

LeanOn AB is a Swedish IT company specializing in smart system solutions that digitalize the financial industry. Established in 1998, LeanOn serves major Nordic banks, stock exchanges, and niche financial firms with tailored IT products and consulting services. Their offerings include an online platform (Lisa), stock trading (LEIF), fund trading (KARL), and order record keeping (ELIN). The company positions itself as a reliable and experienced partner in fintech, emphasizing modern, secure, and user-friendly solutions. Technically, the website is built on WordPress with Bootstrap and uses popular libraries like jQuery, Google Tag Manager, Google Analytics, and Facebook SDK, indicating a mature digital infrastructure. Security-wise, the site enforces HTTPS and uses standard tracking tools but lacks explicit security headers and detailed security policies. Overall, the website is professional, well-structured, and compliant with basic privacy standards, though it could improve in security transparency and incident response readiness.

L

Laxå Special Vehicles AB

laxasv.se

41

Laxå Special Vehicles AB is a specialized manufacturer and developer of custom special vehicles, with a strong legacy dating back to 1968. The company focuses on producing and customizing vehicle cabins and chassis, particularly CrewCab models, tailored to customer specifications. Their close collaboration with Scania positions them as a trusted niche player in the transportation sector in Sweden. The website reflects a professional and consistent brand image, targeting customers requiring specialized vehicle solutions. Technically, the website is built on WordPress with modern frameworks such as Bootstrap and jQuery, integrating analytics tools like Google Analytics and Facebook SDK for marketing and tracking. The site is mobile-optimized and SEO-friendly, though performance is moderate. Security-wise, HTTPS is enforced, but the absence of security headers and explicit security policies indicates room for improvement. Privacy compliance is basic, lacking cookie consent mechanisms and detailed GDPR adherence information. Overall, the security posture is solid but could be enhanced by implementing security headers, publishing security policies, and adding cookie consent. The domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness. The website provides clear contact information and social media presence, reinforcing business credibility.

ADT UK is a leading provider of integrated home and business security systems in the United Kingdom, offering a wide range of products including burglar alarms, CCTV, smoke and carbon monoxide detectors, and smart home automation. With over 150 years of experience and backed by parent company Johnson Controls, ADT UK holds a strong market position supported by professional installation, 24/7 monitoring, and private security response services. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site employs modern marketing and analytics technologies such as Google Tag Manager, Facebook SDK, and Visual Website Optimizer, alongside consent management tools to comply with privacy regulations. Security posture is robust with HTTPS enforced, reCAPTCHA on forms, and claims of bank-level encryption, although explicit security headers and a public security policy are not evident. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR, though it could improve transparency around incident response and vulnerability disclosure.

V

Veepee

vente-privee.com

53

Veepee is a prominent French e-commerce platform specializing in private sales of branded products across multiple categories including fashion, travel, home, and wellness. The platform operates daily sales events with significant discounts, targeting consumers seeking quality brands at reduced prices. Veepee holds a strong market position in Europe with a large user base and a comprehensive service offering including customer support and secure payment options. Technically, the website is built on modern frameworks such as Next.js and integrates advanced analytics and consent management tools, ensuring a high level of digital maturity. Security measures are robust, with HTTPS enforced, security headers present, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear policies and user consent mechanisms. Overall, Veepee demonstrates a professional, trustworthy, and user-friendly online presence.

605 Sports is a regional sports media website primarily serving the South Dakota area, focusing on amateur and local sports such as baseball, softball, track, and rodeo. The site offers news articles, video content, photo galleries, live ticket sales, and an online store, positioning itself as a community-centric sports information hub. The business model relies on advertising partnerships, ticket sales, and merchandise. Technically, the website uses modern frontend technologies including Bootstrap, jQuery, FontAwesome, Google Analytics, and Facebook SDK, delivering a responsive and content-rich user experience. However, the CMS or backend platform is not explicitly identified, suggesting a custom or less common solution. Security-wise, the site uses HTTPS but lacks advanced security headers and does not provide privacy or cookie policies, which are compliance gaps. No contact or incident response emails are published, limiting transparency. Overall, the site is functional and professional but would benefit from enhanced privacy compliance and security hardening.

MOPO Tigers Live is a local media website dedicated to providing live streaming and coverage of sports events in the Mobridge area. The platform serves local sports fans and community members by offering live broadcasts, sports news, and advertising opportunities for local businesses. The business model relies primarily on advertising revenue from local sponsors and partners. The website's market position is that of a niche local sports media outlet with a focus on community engagement. Technically, the website uses a combination of embedded video players from YouTube, Vimeo, and Restream, along with jQuery and Facebook SDK for social integration. The site loads multiple external scripts and resources from various domains, which may introduce security risks if not properly managed. The design and user experience are basic, with moderate mobile optimization and limited SEO features. From a security perspective, the site lacks visible security headers such as Content Security Policy or X-Frame-Options, and there is no evidence of privacy or cookie policies, which raises compliance concerns. No contact information or incident response channels are provided, limiting transparency and trust. The site does use HTTPS, but the SSL configuration details are unknown. Overall, the security posture is basic and could be improved significantly. The overall risk assessment indicates a functional but basic website with moderate business credibility but lacking in privacy compliance and security best practices. Strategic recommendations include implementing privacy and cookie policies, enhancing security headers, auditing third-party scripts, and improving contact transparency to build trust and compliance.

A

Alūksnes novads

aluksne.lv

59

Alūksnes novads is the official municipal government entity for the Alūksnes region in Latvia, providing a comprehensive digital portal for residents and stakeholders. The website offers detailed information about municipal governance, public services, cultural events, education, tourism, and community news. It serves as a key communication channel between the local government and the public, supporting transparency and civic engagement. The site is well-positioned as the authoritative source for local government information in the region. Technically, the website is built on WordPress CMS with a modern technology stack including jQuery, Google Analytics, and various plugins for enhanced functionality such as event calendars, photo galleries, and accessibility tools. The site demonstrates good digital maturity with SEO optimization, mobile responsiveness, and accessibility features. Hosting appears to be on Microsoft Azure, inferred from cookie data, ensuring reliable infrastructure. From a security perspective, the website enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. While explicit security headers are not fully confirmed, no critical vulnerabilities or exposed sensitive data were detected. The absence of a public security policy or incident response contact is noted, suggesting room for improvement in transparency and readiness. Overall, the site maintains a solid security posture appropriate for a government entity. The overall risk assessment is low, with the website demonstrating professionalism, compliance, and trustworthiness. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and improving incident response visibility to further strengthen security and user trust.

I

Innsbrucker Zentrumsverein

zentrumsverein.at

40

The Innsbrucker Zentrumsverein is a non-profit organization dedicated to promoting the historic city center of Innsbruck, Austria. It focuses on enhancing the shopping experience, organizing events and markets, and supporting local businesses and cultural initiatives. The website reflects a well-structured and professionally designed platform targeting both locals and tourists interested in the Innsbruck city center. Technically, the site runs on Microsoft IIS with modern JavaScript libraries and integrates third-party services such as Google Analytics and Usercentrics for cookie consent management. The SSL configuration is adequate but could be improved by enabling full HSTS and OCSP stapling. Security headers are present, and no critical vulnerabilities were detected. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR-aligned consent mechanisms. Overall, the site demonstrates a good balance of business credibility, technical implementation, and security posture.

H

Human Security Centre

hscentre.org

35

The Human Security Centre is an independent foreign policy think tank specializing in human rights, international security policy, and democracy research. It operates primarily as a non-profit organization targeting policymakers, academics, and government officials. The website serves as a platform for publishing research, hosting events, and engaging with media. It maintains an active social media presence and provides evidence to parliamentary committees, enhancing its credibility and influence in its sector. Technically, the website is built on WordPress 4.7.2 with several plugins including Yoast SEO and Seamless Donations. It uses common web technologies such as jQuery and integrates analytics tools like Google Analytics and ClickTale for user tracking. The site demonstrates moderate performance and basic mobile optimization but uses outdated software versions that may expose it to security vulnerabilities. From a security perspective, the site lacks visible security headers and does not display privacy or cookie policies, which are critical for GDPR compliance. The absence of direct contact emails or phone numbers limits transparency. While HTTPS usage is implied, explicit SSL configuration details are missing. The overall security posture is moderate but requires improvements to align with best practices. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, updated technical infrastructure, and improved security measures to strengthen trust and protect user data.

Luxoft, a DXC Technology Company founded in 2000 and headquartered in Switzerland, is a global enterprise technology services provider specializing in software engineering and digital transformation. The company serves multiple industries including automotive, finance, telecommunications, energy, and retail, offering a broad portfolio of services such as cloud solutions, data analytics, machine learning, and legacy modernization. Luxoft positions itself as a trusted partner for enterprises seeking to modernize IT systems and achieve sustainable digital advantage. The website reflects a mature digital presence with comprehensive content, structured data, and clear navigation targeting enterprise clients worldwide. Technically, the site uses modern frameworks and integrates advanced marketing and analytics tools with consent management, indicating a high level of digital maturity. However, the security posture is weakened by an invalid SSL certificate and lack of TLS support, which poses significant risks to secure communications and user trust. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, Luxoft demonstrates strong business credibility and professionalism but should urgently remediate SSL/TLS issues to enhance security and trust.

Austria Trend Hotels is a well-established hospitality company operating multiple hotels across Austria and Slovenia, targeting both leisure and business travelers. The website provides comprehensive hotel listings, booking capabilities, and event services, supported by a modern technical infrastructure including Pimcore CMS and various tracking and marketing tools. However, the lack of a valid SSL certificate is a critical security weakness that undermines user trust and data protection. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly presented. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements.

P

Playerhunter

playerhunter.com

32

Playerhunter is a digital transfer matching platform designed to connect football clubs and players through a smart algorithm. The website presents a niche service targeting the sports technology sector, focusing on facilitating player transfers. The platform uses modern web technologies including React, Cloudinary for media management, Google Maps API for location services, and customer engagement tools like Intercom and Facebook SDK. However, the technical infrastructure shows significant gaps, particularly in security, with no valid SSL certificate and lack of HTTPS enforcement, which severely impacts user trust and data protection. The absence of privacy and cookie policies, as well as contact information, further undermines compliance and credibility. Overall, the site is functional but basic in content and design, with slow performance indicators and minimal SEO and accessibility features.

Deutsche Lufthansa AG operates a comprehensive airline website offering flight booking and travel management services to a global audience. The site reflects Lufthansa's position as a leading international airline with a broad network and premium service offerings. The technical infrastructure leverages modern web technologies including Adobe Helix, Maui Design System, and Akamai CDN, ensuring a responsive and accessible user experience. While the website is rich in content and professionally designed, the SSL certificate is currently invalid, which poses a security risk. Security headers are well implemented, but the absence of a cookie consent mechanism indicates partial privacy compliance. Overall, the site demonstrates a mature digital presence with room for improvement in security and privacy practices.

L

Lionbridge

lionbridge.com

40

Lionbridge is a mature, enterprise-level global language services provider specializing in translation, localization, AI data services, and content creation for diverse industries including technology, healthcare, finance, and e-commerce. The company leverages advanced AI and automation tools to deliver multilingual content solutions, positioning itself as a leader in the digital-first economy. The website reflects a strong brand presence with excellent content quality, comprehensive service offerings, and a global reach supported by multiple language options and localized content. Technically, the website is built on Adobe Experience Manager with integrations of modern marketing and analytics technologies such as Marketo, OneTrust, Vidyard, and Google Analytics. The site is mobile optimized and SEO friendly, with good accessibility features. However, the SSL/TLS configuration is currently broken, lacking a valid certificate and modern TLS protocol support, which significantly impacts the security posture. Security-wise, the site implements strong security headers and content security policies but suffers from critical SSL issues that must be addressed to ensure secure communications. Privacy compliance is well handled with clear cookie consent mechanisms and a comprehensive privacy policy. Business credibility is high, supported by long domain age, strong WHOIS data consistency, ISO certifications, and visible trust indicators such as customer testimonials and case studies. Overall, Lionbridge presents a professional and trustworthy digital presence with advanced technological adoption but requires urgent remediation of SSL/TLS issues to maintain security standards and user trust.

I

ISG

isg-one.com

40

ISG is a global AI-centered technology research and IT advisory firm providing comprehensive sourcing, benchmarking, governance, and research services to enterprise clients. The company positions itself as a leader in AI-driven technology advisory, offering SaaS platforms to govern third-party relationships and benchmark IT landscapes. The website content is professionally designed, rich in relevant business information, and targets enterprises seeking operational excellence through technology. Technically, the site employs modern JavaScript frameworks and integrates multiple third-party services, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Social media presence is strong, enhancing trust and engagement. However, the absence of direct contact emails or phone numbers limits immediate contact options.

K

Kemppi Oy

kemppi.com

40

Kemppi Oy is a Finnish manufacturer and supplier of advanced arc welding equipment, software, and safety products. The company holds a strong market position as a design leader in the arc welding industry, serving industrial welding companies and individual contractors globally. Their product portfolio includes welding machines for various processes, welding torches, personal protective equipment, and welding management software. The website demonstrates a mature digital infrastructure built on modern technologies like Next.js and Contentful CMS, hosted on AWS CloudFront, with good mobile optimization and SEO practices. Security posture is adequate with HSTS enabled, but the SSL certificate is currently invalid, which is a critical issue to address. Privacy and cookie policies are present and comprehensive, indicating good compliance with GDPR. The company maintains active social media engagement and provides extensive product documentation and multimedia content. Overall, the website reflects a professional, trustworthy, and well-established business with room for improvement in SSL configuration and additional security headers.

G

Graz-Köflacher Bahn und Busbetrieb GmbH

gkb.at

23

Graz-Köflacher Bahn und Busbetrieb GmbH (GKB) is a regional transportation company based in Austria, providing rail and bus services primarily in the West Styria region. The company has a long history dating back to 1935 and focuses on sustainable mobility solutions including electrification of rail lines and regional bus services. Their website serves as an information portal for passengers, offering schedules, fare information, and service updates. The company maintains an active social media presence and provides comprehensive privacy and cookie policies in compliance with GDPR. Technically, the website is built on Joomla CMS with common web technologies such as jQuery and Bootstrap, but lacks a valid SSL certificate, which is a critical security shortfall. The absence of HTTPS and modern TLS protocols exposes users to potential risks. Despite this, the site is well-structured, mobile-optimized, and provides clear contact information. Overall, the business is credible and well-established, but the website's security posture requires urgent improvement to protect user data and maintain trust.

Albert Berner Deutschland GmbH operates a comprehensive B2B e-commerce platform specializing in professional tools, chemicals, and related products primarily serving the automotive and industrial sectors in Germany. The company is well-established with a strong market position and a broad product catalog supported by detailed categorization and user-friendly navigation. Technically, the website employs modern JavaScript libraries, consent management tools, and extensive marketing and analytics integrations, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Despite this, the site maintains good privacy compliance with clear policies and consent mechanisms. Overall, the business is credible and professional, but urgent remediation of the SSL/TLS issue is recommended to enhance security and trust.

M

Mundipharma International Limited

mundipharma.com

40

Mundipharma International Limited operates a global healthcare website focused on pharmaceutical and consumer health products with a strong patient-centric approach. The website targets healthcare professionals, patients, and partners, providing corporate information, career opportunities, and media resources. The digital infrastructure is built on Drupal CMS with integrations including Google Analytics, Hotjar, and various marketing and tracking tools, hosted behind Cloudflare CDN. While the website content is professionally presented with good navigation and mobile optimization, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which are critical issues that must be addressed to ensure secure communications and user trust. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit security policy or incident response information is publicly available. Overall, the website is credible and professionally maintained but requires urgent SSL/TLS remediation to improve security and trust.

T

TD Canada Trust

td.com

39

TD Canada Trust is a leading North American financial institution offering a broad range of banking and investment services to personal, small business, and commercial clients. The website reflects a mature digital presence with comprehensive content on corporate values, sustainability, innovation, and customer care. The technical infrastructure is built on Adobe Experience Manager and supported by major third-party services for analytics and marketing. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of HTTPS support, which poses significant risks to user data confidentiality and trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

K

Kellner & Kunz AG

reca.co.at

33

Kellner & Kunz AG, part of the RECA Group, is a leading specialist in C-parts management with a strong presence across Europe. The company offers a comprehensive range of over 140,000 quality products and services tailored to industry and trade sectors, supporting customers in optimizing their work processes and gaining competitive advantages. Their business model focuses on B2B supply and service, leveraging an extensive network of subsidiaries and partners across multiple countries. Technically, the website is built on WordPress with modern technologies such as Vue.js for search, Algolia, and Factfinder integrations, providing a good user experience with responsive design and SEO optimization. However, the site suffers from a critical security issue due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are well implemented, and privacy policies are comprehensive and GDPR compliant, but the lack of proper SSL/TLS encryption is a major vulnerability. The site uses standard tracking tools like Google Analytics and Facebook Pixel with moderate user tracking levels and appropriate consent mechanisms. Overall, the website is professional and trustworthy in content and business representation but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS certificate installation, enabling HSTS, and improving security configurations.

ERGO Versicherung Aktiengesellschaft operates the website das.at, providing legal protection insurance products under the D.A.S. Rechtsschutz brand in Austria. The company is a market leader with a strong reputation, offering services to private individuals, self-employed, and businesses. The website is professionally designed, content-rich, and targets Austrian customers with comprehensive insurance solutions and customer support channels. Technically, the site is built on TYPO3 CMS with modern web technologies and integrates multiple marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. WHOIS data confirms the domain's legitimacy and alignment with the ERGO group. Overall, the website is credible and professional but requires urgent security improvements to protect user data and trust.

S

SIA "Žurnāls Santa"

santa.lv

40

Santa.lv is the largest lifestyle portal in Latvia, offering a wide range of content including health, entertainment, culture, and personal stories. The website supports a subscription model (Santa+) alongside advertising revenue, targeting Latvian-speaking audiences interested in lifestyle topics. The business is well-established with consistent domain registration and a strong market position in the Latvian media sector. Technically, the website employs modern tracking and advertising technologies such as Google Tag Manager, Facebook SDK, and Gemius analytics, hosted behind Cloudflare DNS services. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts user trust and security posture. Security-wise, the lack of HTTPS, missing security headers, and no DNSSEC or domain protection locks expose the site to potential risks. Privacy and cookie policies are present and appear GDPR compliant, reflecting a good level of privacy awareness. The site is accessible without WAF or blocking mechanisms, but performance is slow with a large page size and long load times. Overall, Santa.lv is a reputable media portal with excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect users and enhance trust. Strategic focus should be on implementing HTTPS, improving page performance, and adopting security best practices.

K

KUT Public Media

kut.org

38

KUT Public Media operates as a prominent public media and NPR-affiliated radio station serving Austin and Central Texas. The organization provides a broad range of news, cultural programming, podcasts, and community engagement services, supported by donations, memberships, and sponsorships. The website reflects a mature digital presence with professional design, clear navigation, and rich content tailored to its regional audience. Technically, the site leverages Brightspot CMS, Amazon CloudFront CDN, and integrates advertising and analytics tools from Google and Facebook, indicating a modern infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts user trust and security posture. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. Overall, the site is credible and well-positioned in its market but requires urgent security improvements to protect users and maintain trust.

F

Flirtic Llc

face.lv

40

Face.lv is a Latvian language social networking platform operated by Flirtic Llc, based in Estonia. The platform focuses on photo rating and social interaction, boasting a large user base exceeding 687,000 users and over 1.2 million images. It offers features such as user profiles, messaging, photo rating, horoscopes, and quizzes, targeting social network users interested in interactive photo-based engagement. The business model centers on user-generated content and social connectivity within a regional market. Technically, the website employs common web technologies including Bootstrap, jQuery, Google Analytics, Facebook SDK, and third-party marketing tools. Hosting is provided by ratesolutions.eu, and payment processing is handled by Maksekeskus, a trusted partner. Performance is moderate with a page load time of approximately 5 seconds and a page size of about 577 KB. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no modern TLS protocols enabled. Privacy compliance is partial with a privacy policy and terms of service present but no cookie consent mechanism despite active tracking scripts. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

E

EUROFRONT

programaeurofront.eu

40

Programa EUROFRONT is a European Union-funded cooperation program aimed at strengthening development and security in Latin America, focusing on border management and human rights protection. The website serves as an information portal for the program's activities, partners, and news, targeting government agencies and stakeholders involved in migration and security. Technically, the site is built on Bolt CMS with common web technologies and includes social media integration and event calendars. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Privacy and cookie policies exist but lack advanced consent mechanisms, and no direct contact information or security policies are provided. The WHOIS data is consistent and supports the legitimacy of the domain. Overall, the site provides good content and user experience but requires urgent security improvements to protect users and enhance trust.

A

ANOLF - Associazione Nazionale Oltre Le Frontiere ETS

anolf.it

40

ANOLF is a well-established Italian non-profit organization dedicated to supporting immigrants and refugees through advocacy, education, and community services. The website reflects a mature digital presence with comprehensive content targeting immigrants, social activists, and the general public interested in immigration and social justice. The organization maintains active social media channels and provides multiple engagement points including newsletters and multimedia content. Technically, the site is built on WordPress with a range of plugins and integrations such as Google Analytics and Facebook SDK, hosted likely on Aruba infrastructure. While the site is mobile-optimized and professionally designed, performance is hindered by a large page size and high resource count. Security posture is moderate with HTTPS enabled and no critical vulnerabilities detected, but lacks advanced security headers and HSTS enforcement. Privacy and cookie policies are present and GDPR compliant, enhancing trust and compliance. Overall, the site is credible and trustworthy but could benefit from technical and security improvements.

Ს

სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”

mycreditinfo.ge

61

Mycreditinfo.ge is a Georgian finance sector website operated by სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”, providing credit information services including free and premium credit reports, credit score monitoring, and educational content. The site targets individuals and legal entities in Georgia seeking to manage and improve their credit profiles. The business model includes both free access and paid premium services, positioning it as a key player in the local credit information market. Technically, the website is built on Angular 13 and integrates common analytics and marketing tools such as Google Analytics and Facebook Pixel. It is hosted on Microsoft Azure, indicating a modern cloud infrastructure. However, the site suffers from slow performance due to large page size and load times, which could impact user experience. From a security perspective, the site has significant weaknesses: it lacks a valid SSL certificate and does not support any TLS protocols, severely limiting secure communications. While HSTS is enabled, its benefits are negated by the missing SSL. The site implements SPF and DMARC for email security and has basic security headers, but lacks advanced features like OCSP stapling and session resumption. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the site is functional and content-rich but requires urgent improvements in SSL/TLS configuration to ensure user data protection and trust. Performance optimization and enhanced privacy compliance would further strengthen its digital maturity and security posture.

I

Interticket Kft.

jegy.hu

40

Jegy.hu is a well-established Hungarian online ticketing platform specializing in cultural events such as theater, concerts, festivals, and sports. Founded in 2000, it serves a large audience primarily in Hungary with some regional presence. The platform offers extensive event listings, search and filtering capabilities, and supports affiliate marketing and gift vouchers. Technically, the site uses a custom CMS with modern JavaScript libraries and frameworks, providing a good user experience and mobile optimization. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with cookie consent mechanisms and comprehensive privacy policies. Overall, the site is professional and trustworthy but requires urgent security improvements.

Z

Zip.lv

zip.lv

40

Zip.lv is a well-established Latvian online classified ads platform, operating since 2008, offering a wide range of categories including transport, real estate, jobs, and various goods and services. The website targets Latvian-speaking users seeking a centralized marketplace for buying, selling, and exchanging items and services. It maintains a consistent brand presence and provides clear contact information and comprehensive privacy and cookie policies, demonstrating good compliance with GDPR requirements. Technically, the site utilizes a variety of modern web technologies and third-party services such as jQuery, Google Fonts, FontAwesome, Google Analytics, Facebook SDK, and Stripe for payments. It is hosted behind Cloudflare, indicating a robust hosting infrastructure. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts its security posture and user trust. The security posture is weak due to missing HTTPS, no HSTS, no security headers, and no DMARC or DNSSEC configurations. Despite this, the site employs a detailed consent management platform with extensive vendor disclosures, reflecting a strong commitment to privacy compliance and transparency. The site integrates numerous advertising and analytics vendors, indicating extensive user tracking and data collection practices. Overall, while the business and privacy compliance aspects are strong, the lack of HTTPS and related security measures present a significant risk. Addressing these security gaps is critical to improving user trust and safeguarding data. The site’s performance is slow, likely due to large page size and numerous resources, suggesting opportunities for optimization.

H

HPP Attorneys

hppattorneys.com

53

HPP Attorneys is a medium-sized Finnish business law firm specializing in comprehensive legal services for domestic and international clients, with a strong focus on cross-border transactions, green transition, and renewable energy projects. The firm holds a reputable market position supported by international legal rankings and a professional online presence. Technically, the website is built on WordPress with Elementor and integrates advanced search and analytics tools, but suffers from slow loading times and lacks a valid SSL certificate, which critically impacts security posture. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the firm demonstrates strong business credibility but must urgently address security vulnerabilities to protect client data and maintain trust.

C

Celtic Bank

celticbank.com

64

Celtic Bank is a medium-sized financial institution specializing in commercial financing and SBA loans, positioning itself as a top ten SBA Preferred Lender in the United States. The company offers a broad range of loan products tailored to small and medium business needs, including SBA 7(a), 504 loans, construction financing, equipment financing, and specialty loans such as renewable energy and supply chain financing. Their market position is strengthened by detailed customer testimonials, case studies, and a professional online presence. Technically, the website leverages modern frameworks like React and Next.js with a headless WordPress backend, hosted behind Cloudflare, ensuring a contemporary digital infrastructure. However, the SSL certificate is invalid and no TLS protocols are enabled, which is a critical security flaw. Security headers are well implemented but some security best practices need improvement, including enabling OCSP stapling and session resumption. Privacy compliance is basic, with no cookie consent mechanism despite the use of tracking and advertising scripts. Overall, the website is professional and credible but requires urgent security fixes to protect user data and maintain trust.

C

Camif

camif.fr

40

Camif is a French e-commerce company specializing in sustainable and locally manufactured furniture and home decor. The website presents a professional and well-branded platform targeting consumers interested in eco-responsible products. The company emphasizes French and European manufacturing, supported by certifications such as B Corp and Entreprise à mission. The site features a rich product catalog, promotional offers, and strong social media presence. Technically, the site uses modern JavaScript libraries, analytics, and marketing tools, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are well implemented, but the absence of TLS protocols and session resumption reduces the security posture significantly. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Contact information is available primarily via phone and contact forms, with no explicit emails found in the content. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain compliance.

P

PBS SoCal

kcet.org

53

PBS SoCal is a prominent public media organization serving the Greater Los Angeles and Southern California region. As a non-profit entity and a member of the Public Media Group of Southern California, it provides a wide range of PBS programming, local content, and educational resources. The website reflects a strong brand presence with consistent messaging and a focus on community engagement through various media formats including video, news, and educational tools. Technically, the website employs modern web technologies such as Polymer for custom elements, integrates multiple analytics and advertising platforms including Google Tag Manager, Facebook SDK, and Fathom Analytics, and is hosted on Amazon AWS infrastructure. However, the site suffers from a critical security issue due to an invalid or missing SSL certificate, which undermines the security posture and user trust. Performance is moderate with a relatively high page size and load time, but mobile optimization and accessibility are well addressed. From a security perspective, the absence of a valid SSL certificate and lack of security headers are significant vulnerabilities that need immediate remediation. Privacy compliance is well handled with clear privacy and cookie policies, including GDPR compliance indicators and consent mechanisms. Business credibility is strong with clear contact information, social media presence, and trust signals such as PBS Passport membership. Overall, while the site excels in content quality and business credibility, the security shortcomings notably reduce its overall risk posture. Strategic improvements in SSL implementation and security headers are recommended to enhance user trust and compliance.

H

Handwerkskammer des Saarlandes

handwerkerforum-saar.de

40

Handwerkerforum Saar is a regional non-profit association affiliated with the Handwerkskammer des Saarlandes, focused on supporting and developing the local crafts and trades community. The website offers information about events, workshops, and networking opportunities aimed at handwerk businesses and apprentices in the Saarland region. The technical infrastructure is based on a custom or proprietary CMS platform with common web technologies such as Bootstrap and jQuery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The cookie consent mechanism indicates some level of GDPR compliance, but no explicit security or incident response policies are present. Overall, the website provides relevant business content but suffers from technical and security shortcomings that should be addressed to improve trust and compliance.

C

Centric Software, Inc.

centricsoftware.com

75

Centric Software, Inc. is an enterprise-level B2B software provider specializing in Product Lifecycle Management (PLM), Planning, Pricing, Market Intelligence, and Visual Boards solutions tailored for brands, retailers, and manufacturers. The company positions itself as a key innovation partner with a strong market presence, serving over 18,800 brands globally with a high customer retention rate and a 100% go-live success rate. Their offerings are AI-driven and designed to optimize product development, pricing, and inventory management while supporting sustainability and compliance goals. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery and Swiper.js for enhanced user experience. It integrates multiple third-party services including Google Analytics, Facebook SDK, Cookiebot for consent management, and various marketing and tracking platforms. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a significant security concern. From a security perspective, the site implements SPF and a strict DMARC policy with reporting, indicating good email security practices. Nonetheless, the absence of HTTPS and related security features like HSTS and OCSP stapling exposes the site to potential risks. The extensive use of tracking and marketing tools suggests a high level of user data collection, managed through a comprehensive cookie consent mechanism. Overall, while Centric Software demonstrates strong business maturity and digital marketing sophistication, it must urgently address its SSL/TLS deficiencies to ensure secure communications and maintain trust. Enhancing its security posture will mitigate risks and align with best practices for enterprise-grade software providers.

M

Mondoni Press

mondonipress.com.br

48

Mondoni Press is a Brazilian PR and communication agency specializing in press advisory, institutional communication, digital marketing, and content creation. The company positions itself as a trusted partner for businesses seeking to enhance their credibility, media presence, and visibility. It has received recognition such as the PR Agency of the Year award in South America (Prestige Awards 2023/24) and serves a diverse client base across various sectors. Technically, the website is built on WordPress with a range of popular plugins and marketing tools, including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing infrastructure. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and data security. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages were found, which may pose compliance risks. Overall, the company demonstrates good branding and content quality but should urgently address security and compliance gaps to maintain trust and regulatory adherence.

F

Fim Europe

fim-europe.com

60

Fim Europe is a prominent European motorcycling union serving as a governing body for motorcycling sports across Europe. The organization provides regulatory frameworks, organizes sporting events, and disseminates news and information to motorcycling enthusiasts and federations. Positioned as a leading entity in the transportation sports sector, Fim Europe targets motorcycling participants, federations, and stakeholders with a non-profit business model focused on sport governance and community engagement. The website reflects a medium-sized organization headquartered in Switzerland with additional offices in Italy. Technically, the website is built on WordPress with a mature technology stack including jQuery, Owl Carousel, and various WordPress plugins such as Yoast SEO and Contact Form 7. Hosting is provided by DreamHost. Performance is moderate with room for optimization, and mobile responsiveness is good. SEO practices are well implemented, and social media integration is robust. From a security perspective, the site has a valid SSL certificate but lacks modern TLS protocol support and security headers. No DNSSEC or CAA records are configured, which could improve domain security. Cookie consent mechanisms and privacy policies are in place and GDPR compliant. However, no explicit security policy or incident response information is found, and no vulnerability disclosure or security.txt file is present. Overall, Fim Europe’s website is professional and trustworthy with good content quality and user experience. Security posture is adequate but could benefit from enhancements in SSL configuration, security headers, and incident response transparency. Strategic improvements in these areas would strengthen trust and compliance, supporting the organization's reputation and operational resilience.

C

CasinoMentor

casinomentor.com

57

CasinoMentor is a reputable online platform specializing in providing comprehensive and trustworthy reviews, ratings, and guides for online casinos and gambling sites. Positioned as a trusted intermediary, it offers detailed expert and user-generated content to help players make informed decisions. The platform targets online gamblers seeking reliable information on casino games, bonuses, and responsible gambling practices. Technically, the website employs a modern tech stack including PHP, Cloudflare for hosting and security, and various JavaScript libraries for enhanced user experience and analytics. Security measures are robust with strong SSL configuration and security headers, although some improvements in TLS protocol support and DNS CAA records are recommended. Overall, CasinoMentor demonstrates a mature digital presence with good performance, mobile optimization, and SEO practices, supporting its market position as a leading casino review site.

I

ITVX

itv.com

69

ITVX is a leading UK-based streaming service offering a wide range of exclusive TV shows, films, live events, and curated channels. It operates under ITV Consumer Limited and targets UK consumers seeking both free ad-supported and premium subscription content. The platform leverages modern web technologies including React/Next.js and Express, supported by robust third-party analytics and marketing tools such as Google Analytics, Amplitude, and Hotjar. Security measures include a valid SSL certificate, Content Security Policy, and secure cookie handling, although improvements like enabling HSTS and DNSSEC are recommended. The site demonstrates a high level of digital maturity with excellent design, user experience, and content relevance, positioning it strongly in the competitive UK streaming market.

S

SIA Blue Bridge Technologies

piearsta.lv

61

Piearsta.lv is an established Latvian healthcare portal operated by SIA Blue Bridge Technologies, providing an online platform for patients to book appointments with doctors and specialists, including options for remote consultations. The portal integrates with the SmartMedical healthcare management system, positioning itself as a convenient and accessible service for patients and healthcare providers. The website supports Latvian and English languages and emphasizes user convenience and accessibility. Technically, the site uses Apache server, JavaScript libraries including jQuery, and integrates third-party services such as Cookiebot for consent management, Google Analytics, and Facebook SDK for tracking and marketing. Security measures include a valid SSL certificate and several HTTP security headers; however, modern TLS protocols are not enabled, which is a notable gap. The site demonstrates good privacy and cookie policy compliance with GDPR considerations but lacks explicit published security and incident response policies. Overall, the portal shows a mature digital presence with room for security enhancements and improved transparency in security governance.

P

Paytm

paytmwallet.com

65

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but it faces significant risks in compliance and information security governance. High-priority issues include missing essential headers that protect against clickjacking and cross-site scripting, as well as the absence of GDPR-required documentation such as Privacy and Cookie Policies and consent mechanisms. Furthermore, the site lacks foundational NIS2-aligned security policies and incident response processes, exposing the business to regulatory and operational risks. While email security, SSL/TLS, DNS health, and network security show reasonably strong scores, several medium-level weaknesses like expiring SSL certificates and missing vulnerability disclosure policies remain. The overall compliance score is low, indicating urgent need for attention to privacy and security governance. Addressing these gaps will reduce legal exposure, improve customer trust, and enhance defense against cyber threats.

A

AbeBooks

abebooks.com

71

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, several high and medium-risk issues indicate significant gaps in compliance and information security management. Notably, the absence of a Content Security Policy and incomplete GDPR adherence expose the business to data privacy risks and potential regulatory penalties. The lack of documented security policies, incident response procedures, and vulnerability disclosure protocols highlights weaknesses in organizational security governance. While network security and email security are relatively strong, weaknesses in SSL/TLS configuration and DNS settings present opportunities for exploitation. These deficiencies collectively increase the risk of data breaches, reputational damage, and legal non-compliance, which can have severe business impacts. Addressing these issues promptly will enhance customer trust, regulatory compliance, and overall resilience against cyber threats. Prioritizing governance and compliance-related shortcomings alongside technical controls will deliver the greatest business value. Continuous monitoring and improvement are recommended to maintain and advance security standards.

B

Briscoes AU

briscoes.com.au

54

The website's security posture is currently weak, with numerous critical and high-risk vulnerabilities exposing the business to significant threats including data breaches, regulatory fines, and operational disruptions. Critical services such as Telnet, SMB, MSSQL, MySQL, PostgreSQL, Redis, and MongoDB are openly exposed, posing immediate risk of compromise. Security headers are inadequately configured, leaving the site vulnerable to clickjacking, cross-site scripting, and data leakage attacks. GDPR compliance is poor, with no cookie policy or consent mechanisms in place, increasing legal and reputational risks. The absence of a formal information security framework, incident response plan, and security policies under NIS2 requirements indicates a lack of preparedness for cyber incidents. SSL/TLS configurations are suboptimal, including weak keys and impending certificate expiration, undermining data encryption and trust. Although email security and DNS health show relatively better scores, critical network security gaps must be addressed urgently to protect business assets and maintain customer trust.

P

Prada Group

pradagroup.com

72

The website exhibits a moderate overall security posture with no critical issues but several high and medium-risk findings that require immediate attention. Notably, the absence of a Content-Security-Policy header and missing security policy documentation significantly increase exposure to web-based attacks and regulatory non-compliance. GDPR-related gaps such as the lack of a cookie consent banner and incomplete privacy policies present legal and reputational risks. The NIS2 compliance is notably poor, with critical deficiencies in incident response, security frameworks, and business continuity planning, which could severely impact operational resilience. Email security and network security postures are relatively strong, demonstrating effective controls in those areas. SSL/TLS configuration needs improvement to avoid potential trust and data integrity issues. Addressing these weaknesses will reduce vulnerability to cyber threats, enhance regulatory compliance, and protect customer trust and business continuity. Prioritizing remediation in governance, policy, and security headers will yield the highest business value and risk reduction.

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

B

Banque Palatine

palatine.fr

47

The website's security posture exhibits significant critical vulnerabilities, particularly the absence of HTTPS encryption, which poses severe risks to data confidentiality and regulatory compliance. Critical GDPR compliance gaps, including missing privacy and cookie policies and lack of a cookie consent banner, expose the business to potential legal penalties and reputational damage within the EU market. The lack of foundational security policies and incident response procedures further increases operational risk and undermines stakeholder trust. While network security measures appear strong, key headers like X-Frame-Options are missing, increasing susceptibility to clickjacking attacks. Email security and DNS configurations are moderately sound but can be improved to prevent phishing and DNS spoofing threats. Overall, the current state demands urgent remediation to secure customer data, ensure compliance with regulations such as GDPR and NIS2, and protect the business from cyber threats and legal consequences. Addressing these issues promptly will safeguard the organization’s reputation and maintain customer trust.

J

Johnson Controls

johnsoncontrols.com

68

The website demonstrates a moderate security posture with no critical vulnerabilities found; however, several high and medium-risk issues significantly impact compliance and risk management. Key deficiencies exist in GDPR compliance, including the absence of privacy and cookie policies and lack of user consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 guidance further increases organizational risk and may hinder regulatory adherence. Security headers are inconsistently implemented, reducing protection against common web threats like XSS and content sniffing. SSL/TLS configurations are generally strong but require timely certificate renewal and elimination of mixed content to maintain secure communications. DNS settings are mostly healthy but can be improved by enabling DNSSEC to prevent domain spoofing. Positively, email and network security postures are robust, mitigating some external attack vectors. Overall, urgent attention to compliance and governance-related controls is critical to safeguard the business and maintain trust with users and regulators.