Security Directory

B

Bertelsmann

createyourowncareer.de

40

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

E

EnviroMetro

envirometro.org

40

EnviroMetro is a small non-profit coalition focused on advocating for green, equitable, and healthy transportation policies in Los Angeles. The coalition collaborates with Metro and other organizations to influence transportation investment priorities and has played a key role in shaping regional ballot measures. The website is built on WordPress and uses common plugins such as Yoast SEO and MailChimp for marketing and analytics. While the site provides useful content and contact information, it lacks critical security features such as a valid SSL certificate and security headers, which exposes visitors to risks. Additionally, privacy and cookie policies are absent, indicating compliance gaps. The site’s performance is slow, and technical implementation could be improved to enhance user experience and security.

S

Sikkens

sikkens.com

51

Sikkens is a coatings brand operating internationally under the AkzoNobel group, offering decorative, joinery, vehicle refinish, and yacht paint products. The website serves as a portal to multiple regional sub-sites tailored to different countries and languages. Technically, the site uses legacy technologies such as Cufon for fonts and jQuery 3.5.0, hosted on AWS infrastructure. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. Privacy compliance is weak, with no visible privacy or cookie policies or consent mechanisms. Performance is slow, and accessibility and SEO optimizations are basic. Overall, the site presents a moderate level of business credibility but requires urgent security and compliance improvements.

A

Aerial Rapid Transit LLC

laart.la

40

Los Angeles Aerial Rapid Transit (LA ART) is a small-scale transportation project proposing a zero emissions aerial gondola system to connect key locations in Los Angeles, including Union Station, Chinatown, and Dodger Stadium. The project is affiliated with a non-profit and aims to reduce traffic congestion and pollution by providing an alternative transit option. The website serves as an informational and engagement platform, offering contact forms and social media links to connect with the community. Technically, the website is built on WordPress with common plugins and external integrations such as Google Analytics and Vimeo for media content. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The absence of modern security headers and privacy policies further weakens its compliance posture. From a security perspective, the site has basic SPF email protection but lacks HTTPS, HSTS, and DMARC records, exposing visitors to potential risks. No incident response or vulnerability disclosure information is provided. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. Strategically, the website should prioritize obtaining a valid SSL certificate, implementing privacy and cookie policies, and enhancing security headers. Improving site performance and accessibility will also benefit user experience and SEO. These steps will strengthen the project's credibility and support its mission to promote sustainable transportation in Los Angeles.

A

A1 Telekom Austria AG

a1click.at

40

A1click.at is an online marketplace operated under the A1 Telekom Austria AG brand, offering a curated selection of digital, entertainment, energy, finance, and insurance products. The platform leverages trusted partnerships and the A1 Trusted Brands certification to provide exclusive deals and services to Austrian consumers. The website features a modern frontend technology stack including Alpine.js and Tailwind CSS, integrated with multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. Despite a professional design and good content quality, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism powered by OneTrust and a clear privacy policy in German. Contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses disclosed. Overall, the website presents a solid business presence with room for improvement in technical security and performance optimization.

N

NoStress Commerce s.r.o.

nostresscommerce.com

68

Koongo, operated by NoStress Commerce s.r.o., is a specialized SaaS platform designed to help online sellers succeed on multiple marketplaces by automating product feed management and order synchronization. The company targets e-commerce businesses seeking to expand their sales channels efficiently, offering integrations with over 500 sales platforms including Amazon, eBay, and Google Shopping. The website presents a professional and consistent brand image with comprehensive content and clear calls to action such as free trials and customer testimonials. Technically, the site is built on WordPress with a modern JavaScript stack and integrates various analytics and marketing tools. While the SSL configuration is functional with TLS 1.2 and strong cipher suites, it lacks TLS 1.3 support and advanced security headers, which could be improved. Privacy compliance is strong, featuring detailed cookie consent mechanisms and a comprehensive privacy policy. Overall, the website demonstrates a mature digital presence with good security posture and privacy practices, though performance optimization is needed due to slow load times and large page size.

H

Hotels At Home Worldwide, Inc.

hotelsathome.com

56

Hotels At Home Worldwide, Inc. is a global leader in hospitality retail services, specializing in developing and managing branded e-commerce solutions for hotel guests. Their business model focuses on providing turnkey retail programs that include e-commerce technology, concierge-level service, sourcing, creative design, marketing, and logistics. The company serves major hospitality brands worldwide, positioning itself as a key partner in enhancing guest loyalty and brand presence through retail extensions. Technically, the website is built on ASP.NET with jQuery and integrates Google Analytics and Typekit fonts. Hosting is via AWS CloudFront. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security and trust issue. Performance metrics are unavailable, but indications suggest slow loading. Mobile optimization and accessibility are basic but present. From a security perspective, while several security headers are implemented, the absence of HTTPS and modern TLS protocols severely undermines the site's security posture. No incident response or security policy information is available, and cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the site presents a professional business front with good content and clear contact information but suffers from critical security shortcomings that impact trust and compliance. Strategic improvements in SSL deployment, privacy compliance, and security policies are recommended to enhance the site's security and user trust.

H

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH

hiicce.de

40

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH (HiiCCE) is a specialized institute focused on advancing the circular economy and climate protection through integrated environmental consulting, project development, and research. The organization serves a diverse clientele including corporations, NGOs, government entities, and international organizations, positioning itself as a national and international pioneer in sustainable resource management. The website reflects a professional digital presence built on WordPress with multilingual support and SEO optimization, although performance data is limited. Security posture is weak due to the absence of HTTPS and modern TLS protocols, exposing the site to potential risks. Privacy compliance is strong with comprehensive cookie and privacy policies and consent mechanisms in place. Contact information is clearly presented, enhancing business credibility.

K

Kommo

amocrm.com

57

Kommo (amocrm.com) is a technology company providing a cloud-based CRM platform focused on sales automation through messaging apps such as WhatsApp, Instagram, and SMS. The platform targets small businesses and entrepreneurs globally, offering a comprehensive suite of tools including customizable sales pipelines, unified chat inbox, AI-powered chat management, and sales automation bots. The website demonstrates a strong market position with extensive customer testimonials, case studies, and partner badges, indicating a mature and trusted brand in the CRM space. Technically, the site leverages modern JavaScript frameworks, Cloudflare CDN, and integrates multiple third-party marketing and analytics tools. However, a critical security weakness is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR alignment. Overall, the site is professional and user-friendly but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain trust.

B

Bertelsmann

createyourowncareer.com

40

CreateYourOwnCareer.com is a career portal operated under the Bertelsmann group, a large multinational media and services conglomerate founded in 1835. The website provides comprehensive career-related content including job listings, graduate programs, internships, and networking events targeting students, graduates, and professionals. The site is built on TYPO3 CMS and hosted via Arvato Systems, reflecting a mature technical infrastructure with modern content management but lacking in SSL/TLS security. While the site includes cookie consent mechanisms and uses Google Analytics and Tag Manager for tracking, it lacks a valid HTTPS configuration, which is a critical security deficiency. The site demonstrates good content quality, branding consistency, and professional design, but the absence of HTTPS and related security best practices significantly lowers its security posture and overall trustworthiness.

A

AKZONOBEL LTDA.

coralmatiz.com.br

46

Coral Matiz is a Brazilian loyalty and professional engagement platform operated by AKZONOBEL LTDA., targeting architects, interior designers, and landscapers. The platform offers curated content, professional tools, and a points-based rewards program to enhance user engagement and brand loyalty. The website is well-branded and content-rich, with clear navigation and a focus on professional users and students in the design sector. Technically, the site uses a modern front-end stack including Bootstrap, jQuery, and integrates Google Analytics and Tag Manager for tracking. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to risks when submitting sensitive personal data. Privacy and cookie policies are comprehensive and GDPR/LGPD compliant, with consent mechanisms implemented. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and comply with best practices.

I

Incepa

banheirosincepa.com.br

38

Incepa is a Brazilian manufacturing company specializing in bathroom and kitchen sanitary products, including ceramic sanitary ware, accessories, and complementary items. The company has recently integrated with the Roca brand, enhancing its market position. The website serves as a product catalog and brand promotion platform targeting residential customers, hotels, construction companies, and public environments. Technically, the site uses an Apache server with PHP 7.3.33 and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and OneTrust for cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The website content is well-structured and professionally designed, but privacy and security policies are missing or not clearly presented. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance.

D

Deciso

opnsense.org

48

OPNsense.org is the official website for OPNsense®, an open source firewall and routing platform developed by Deciso. The platform targets enterprises, professionals, and the open source community, offering a free core product alongside a commercial Business Edition with enhanced features. The website demonstrates a mature digital presence with comprehensive content, community engagement, and commercial offerings including official hardware and training. Technically, the site is built on WordPress with modern frontend frameworks and integrates Google Analytics and custom search capabilities. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and HTTPS support, exposing users to potential risks. Privacy policies and terms of service are present and comprehensive, but cookie consent mechanisms are not implemented. Overall, the site is professional and trustworthy but requires urgent security improvements to protect visitors and maintain credibility.

6

6WIND

6wind.com

59

6WIND is a technology company specializing in virtualized and secure networking software solutions. Their offerings target communication service providers, mobile network operators, cloud providers, and enterprises worldwide. The company positions itself as a trusted provider of high-performance, scalable, and cost-effective networking software, including virtual service routers, host accelerators, and cloud-native solutions. The website reflects a professional and consistent brand with rich content, including testimonials, case studies, and video resources. Technically, the site is built on WordPress with the Avada theme and integrates modern libraries and marketing tools such as Google Analytics, Pardot, and LinkedIn widgets. However, the security posture is weakened by an invalid or missing SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications and trust. Privacy compliance is well-handled with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates good digital maturity but requires immediate attention to its SSL configuration to improve security and user trust.

S

SQS - Software Quality Systems

sqs.es

40

SQS - Software Quality Systems is a medium-sized Spanish company specializing in software testing, quality assurance, certification, and data space services. It serves regulated sectors such as healthcare, pharmaceuticals, railways, and automotive, offering professional consulting, managed testing services, and training. The company holds multiple recognized certifications including ISO 9001, ISO/IEC 27001, and ENS, positioning itself as a trusted provider in the technology and regulated industries. Technically, the website is built on WordPress with Divi theme and integrates modern marketing and analytics tools such as Google Analytics, Hotjar, and reCAPTCHA. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy compliance is well addressed with GDPR cookie consent and a comprehensive privacy policy. Contact information is clearly available, enhancing business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

K

Koongo

koongo.com

68

Koongo is a specialized SaaS platform focused on enabling online sellers to succeed across multiple online marketplaces by automating product feed management and order synchronization. The company offers integrations with over 500 sales channels including major platforms like Amazon, eBay, and Google Shopping, targeting e-commerce businesses seeking to expand their sales reach efficiently. The website is professionally designed with comprehensive content, clear navigation, and good mobile optimization, reflecting a mature digital presence. Technically, the site is built on WordPress with a modern tech stack including jQuery, Google Analytics, and Intercom, but suffers from slow loading times and lacks a valid SSL certificate, which is a critical security concern. Security posture is moderate with some best practices like SPF and DMARC in place, but the absence of HTTPS and modern TLS protocols significantly reduces trust and security. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms implemented. Business credibility is supported by clear contact information, testimonials, and third-party review badges. Overall, Koongo presents a solid business offering with room for improvement in security infrastructure.

F

Firstlead GmbH

firstlead-server.de

40

Firstlead GmbH operates the website firstlead-server.de as a service platform in partnership with the affiliate network ADCELL. The site primarily serves as an informational landing page providing company contact details and links to the ADCELL affiliate network. The business model focuses on affiliate marketing services targeting advertisers and affiliates in Germany. The website content is minimal and presented in both German and English, reflecting a small-sized technology sector company with a basic online presence. Technically, the website uses Cloudflare for DNS hosting but lacks a valid SSL certificate, resulting in no HTTPS support. The site includes Google Analytics and Google Tag Manager scripts for tracking but does not implement cookie consent mechanisms or advanced SEO features. Performance is moderate with basic mobile optimization and accessibility. The meta robots tag is set to noindex, indicating the site is not intended for public search engine indexing. From a security perspective, the absence of a valid SSL certificate is a critical vulnerability, exposing users to potential data interception risks. No security headers or advanced security policies are implemented. Privacy compliance is partial, with a privacy policy and terms of service linked externally on the ADCELL domain but no cookie consent or explicit GDPR compliance indicators on the site itself. Overall, the website presents a low-risk profile due to its limited functionality and content but requires urgent improvements in SSL configuration and privacy compliance to enhance trustworthiness and security posture.

M

Marriott International, Inc.

collectrenaissance.com

74

CollectRenaissance.com is an official e-commerce platform offering luxury bedding, pillows, linens, robes, and home decor inspired by Renaissance Hotels, a Marriott International brand. The website targets consumers seeking premium hotel-quality home products and operates as part of a large hospitality and retail ecosystem. The site demonstrates a mature digital presence with multiple marketing and analytics integrations, including Adobe Launch, Google Tag Manager, and OneTrust for privacy compliance. The technical infrastructure is hosted on AWS with modern TLS protocols and a valid SSL certificate, though performance is impacted by a large page size and resource count. Security posture is strong with strict DMARC policies and no major SSL vulnerabilities, but a subdomain takeover risk exists on the staging subdomain. Privacy compliance is robust with clear cookie consent mechanisms and comprehensive privacy policies. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but could improve performance and address the subdomain vulnerability.

S

St. Regis Boutique

stregisboutique.com

75

St. Regis Boutique is a luxury e-commerce platform offering a curated collection of premium home and lifestyle products associated with the St. Regis brand, part of Marriott International. The website targets affluent consumers and Marriott Bonvoy members seeking exclusive bedding, bath, fragrance, and signature accessories. Technically, the site uses a modern tech stack including Adobe Launch, Google Tag Manager, Salesforce integration, and AWS hosting. While the site is visually appealing and mobile-optimized, performance is somewhat slow due to a large number of resources. Security posture is strong with HTTPS, valid SSL certificates, SPF and DMARC email authentication, and cookie consent mechanisms, though DNSSEC and CAA records are absent. Privacy compliance is well implemented with clear policies and consent banners. Overall, the site demonstrates a mature digital presence with good business credibility and trust indicators.

I

ION Group

iontrading.com

70

ION Group is a global enterprise specializing in financial software and automation technology, serving financial institutions, central banks, and corporations. Their comprehensive product portfolio spans markets, analytics, core banking, treasury, commodities, and credit information, positioning them as a key player in the finance and technology sectors. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress with modern analytics and marketing tools integrated, hosted on AWS infrastructure. Security posture is solid with HTTPS and valid SPF/DMARC records, though improvements like HSTS and DNSSEC are recommended. Privacy compliance is robust, featuring a detailed cookie consent mechanism and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, supporting ION's market position as a leading automation technology provider.

E

Edition Hotels

theeditionbroadsheet.com

61

The Edition Broadsheet website serves as a digital editorial platform supporting the Edition Hotels luxury hospitality brand, a subsidiary of Marriott International. It offers curated content focused on culture, travel, and lifestyle, targeting discerning travelers interested in unique and premium experiences. The site is built on WordPress and hosted on Amazon AWS infrastructure, leveraging modern web technologies such as jQuery, Google Tag Manager, and Owl Carousel to deliver a visually appealing and content-rich experience. While the website demonstrates good design quality, clear navigation, and mobile responsiveness, its performance is moderate with room for optimization. Security posture is adequate with HTTPS enforced and SPF/DMARC email protections in place; however, it lacks advanced security headers like HSTS and OCSP stapling, and does not comply with Certificate Transparency standards. Privacy compliance is partially met through links to Marriott's comprehensive privacy center, but the absence of a cookie consent mechanism and direct company contact details limits full compliance. Overall, the site is professional and trustworthy but could benefit from enhanced security and privacy features to strengthen user trust and regulatory adherence.

V

VisiConsult X-ray Systems & Solutions GmbH

vc-xray.com

64

VCxray, a business unit of VisiConsult, is a globally recognized leader in industrial X-ray inspection systems and non-destructive testing (NDT) solutions. The company serves diverse sectors including automotive, aerospace, defense, energy, and manufacturing, offering tailored X-ray and computed tomography (CT) systems alongside inspection services and technical support. Their market position is strengthened by over 25 years of expertise, ISO certifications, and a comprehensive product portfolio. Technically, the website is built on TYPO3 CMS with modern frameworks like Bootstrap and integrates advanced consent management via Cookiebot, Google Analytics, and Google Tag Manager for analytics and marketing. Security posture is solid with HTTPS and modern TLS protocols, though improvements are recommended in email authentication (DMARC), HSTS enforcement, and DNS security (DNSSEC). Overall, the site demonstrates excellent content quality, user experience, and business credibility, with moderate performance and good privacy compliance. Strategic recommendations include enhancing email security, enabling HSTS, and improving SSL certificate transparency compliance to further strengthen security and trust.

W

WSD

solvians.com

60

WSD is a technology company specializing in full automation solutions for structured products, serving a global clientele primarily in the financial sector. The company positions itself as a critical infrastructure provider in the structured products value chain, offering cloud-based, scalable, and resilient technology solutions. Their website reflects a professional and consistent brand with strong industry partnerships and certifications such as ISO and EcoVadis. Technically, the site is built on WordPress with Elementor and uses various modern JavaScript libraries and plugins, but suffers from slow load times and lacks HTTPS encryption, which is a significant security concern. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. However, the absence of SSL and security headers lowers the overall security posture. The company provides multiple contact channels including email, phone, and a detailed contact form, supporting good business credibility. Strategic recommendations include immediate implementation of HTTPS, enhancement of security headers, and performance optimization to improve user experience and security.

K

Klar Webagentur GmbH

klar-webagentur.ch

40

Klar Webagentur GmbH is a Swiss-based digital agency specializing in web design, web development, content production including photography and video, and online marketing services targeted primarily at Swiss small and medium-sized enterprises (KMU) and organizations. The company positions itself as a provider of clear, practical web solutions that help clients achieve their digital goals efficiently. Their website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the website is built on Joomla CMS and leverages modern JavaScript libraries such as jQuery and GSAP, along with Mapbox for map integration. The site uses Google Analytics and Google Tag Manager for analytics and marketing purposes. Hosting appears to be managed via sui-inter.net nameservers. Performance is somewhat slow due to a large page size and many resources, but mobile optimization is good. From a security perspective, the site uses HTTPS with TLS 1.3 and 1.2 protocols and has valid SPF and DMARC DNS records, although DMARC is set to a non-enforcing policy. There is no HSTS enabled, no DNSSEC, and no OCSP stapling, which are areas for improvement. No explicit security or incident response policies are published on the site. Cookie consent is implemented with a banner and opt-in mechanism, but GDPR compliance indicators are basic. Overall, the website is functional, professional, and credible but could benefit from enhanced security configurations and improved performance. Strategic recommendations include enabling HSTS, improving DMARC policy, implementing DNSSEC, and optimizing page load times to strengthen security posture and user experience.

U

UCSfm

ucsfm.com.br

39

UCSfm is a regional radio station affiliated with the Universidade de Caxias do Sul, serving the Serra Gaúcha region in Brazil with music, news, and cultural content. The website is built on WordPress and uses common plugins such as Revolution Slider and Contact Form 7, indicating a standard digital infrastructure. The site actively publishes news articles and maintains community engagement through streaming links and social sharing tools. However, the lack of a valid SSL certificate and absence of HTTPS significantly weaken the security posture. The presence of a cookie consent banner and privacy policy shows some privacy awareness, but GDPR compliance is not evident. Overall, the site is functional and moderately professional but requires urgent security improvements to protect user data and enhance trust.

H

Hospital Geral de Caxias do Sul

hgcs.com.br

46

Hospital Geral de Caxias do Sul is a large healthcare institution in Brazil providing a comprehensive range of medical services including oncology, radiotherapy, intensive care, and specialized treatments. The hospital is a regional reference in high complexity care and is accredited by the ONA, reflecting its commitment to quality and safety. The website serves patients, healthcare professionals, and the local community, also offering educational programs such as medical residency and permanent education. Technically, the site uses a modern tech stack including Apache server, Laravel framework, and various JavaScript libraries for UI and analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are minimal, and no privacy or cookie policies are found, indicating compliance gaps. The site includes multiple contact phone numbers, a physical address, and social media links, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

R

Roca Brasil Cerámica - Porcelanatos e Revestimentos Cerâmicos

rocaceramica.com.br

57

Roca Brasil Cerámica is a large Brazilian manufacturer and retailer specializing in porcelain and ceramic tiles, targeting architects, designers, engineers, and commercial clients. The company emphasizes sustainability and offers a comprehensive product catalog with technical support and showroom experiences. The website is built on WordPress with modern front-end frameworks and integrates multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which severely impacts its security posture. While privacy and cookie policies are well implemented with consent mechanisms, no explicit security or incident response policies are found. The overall digital maturity is moderate, with good content quality and user experience but technical and security improvements are needed.

K

Kommo

kommo.com

65

Kommo is a technology company offering a cloud-based CRM platform focused on conversational sales through messaging apps such as WhatsApp, Instagram, Telegram, and SMS. The platform targets small to medium-sized businesses and entrepreneurs, providing tools like customizable sales pipelines, unified chat inbox, sales automation bots, and AI-powered chat management. Kommo positions itself as a leading CRM solution for messaging-based sales with a strong emphasis on user experience and integration capabilities. Technically, the website is built on modern JavaScript frameworks, uses Cloudflare for hosting and CDN, and integrates multiple marketing and analytics tools. However, a critical security issue is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy and compliance are well addressed with comprehensive policies and GDPR adherence. Overall, Kommo presents a professional and trustworthy online presence but must urgently fix SSL/TLS issues to ensure secure user interactions.

S

StackAdapt

stackadapt.tech

70

StackAdapt is a recognized leader in the AdTech industry, operating a high-performance demand side platform (DSP) that handles billions of ad requests daily. Their technology blog serves as a platform to share insights and experiences from their engineering teams, focusing on scalable software development, AI integration, and user experience. The website is hosted on the Medium platform, leveraging its CMS capabilities and social features. Technically, the site employs modern technologies including Ruby on Rails and React, with a solid SSL/TLS configuration ensuring secure communications. However, performance is suboptimal with a high load time and large page size, which could impact user experience. Security posture is generally good, with proper SPF and DMARC email configurations and no critical SSL vulnerabilities, but lacks some security headers and HSTS enforcement. Privacy compliance is adequate, relying on Medium's comprehensive privacy and terms policies, though no explicit cookie consent mechanism is present. Overall, the site demonstrates a professional and trustworthy presence with room for technical and security improvements.

H

Hund

hundstat.us

50

Hund.io operates a status page at hundstat.us providing real-time and historical operational status for its services including website, DNS, GitLab, and platform components. The site targets users and customers who require transparency on service availability and performance. The business model centers on operational monitoring and status reporting, positioning Hund.io as a technology service provider in the monitoring niche. The website content is professional and consistent with the brand, but lacks comprehensive business and compliance information. Technically, the site is hosted on AWS infrastructure with DNS managed partly by AWS and Hurricane Electric. The technology stack includes standard web technologies with Google Analytics and Google Tag Manager for tracking. However, the site suffers from slow performance and lacks modern optimizations such as full mobile responsiveness and accessibility features. From a security perspective, the site has critical weaknesses including an invalid or missing SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or CAA records. These issues significantly reduce the security posture and expose users to risks. Additionally, there is no evidence of privacy compliance, incident response policies, or contact information for security matters. Overall, the site presents moderate business credibility but requires urgent improvements in security and privacy compliance to reduce risk and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, implementing security headers, and publishing privacy and security policies.

1

1-2-3-Plakat.de GmbH

123plakat.de

40

1-2-3-Plakat.de GmbH operates a specialized online platform focused on poster advertising across Germany, providing a comprehensive service that includes location selection, printing, and campaign management. The company targets businesses and freelancers seeking effective outdoor advertising solutions, leveraging a large inventory of over 160,000 poster locations. The website is built on TYPO3 CMS and integrates modern marketing and analytics tools such as Google Tag Manager and Google Analytics. Despite a well-structured and content-rich site with good user experience and clear contact information, the absence of a valid SSL certificate and HTTPS significantly undermines the security posture. The site employs cookie consent mechanisms and maintains GDPR-compliant privacy policies, reflecting good privacy compliance. Overall, the business demonstrates solid credibility and market positioning but requires urgent security improvements to protect user data and enhance trust.

A

AXESS Networks

axessnet.com

70

AXESS Networks is a specialized provider of satellite connectivity and telecommunications solutions targeting enterprise customers across multiple sectors including energy, telecommunications, maritime, government, and humanitarian services. The company operates a global infrastructure with teleports in Germany, Mexico, Colombia, UAE, and Peru, and is part of the Hispasat group, enhancing its market position and credibility. The website demonstrates a mature digital presence with multilingual support, comprehensive service offerings, and clear navigation. Technically, the site is built on WordPress with modern plugins and frameworks, optimized for performance and mobile responsiveness. Security posture is strong with HTTPS, TLS 1.3 support, OCSP stapling, and appropriate security headers, though improvements like HSTS and DNSSEC could be implemented. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the site reflects a professional and trustworthy business with a solid technical foundation.

P

Planon

planonsoftware.com

72

Planon is a leading global provider of Smart Sustainable Building Management software solutions, connecting buildings, people, and processes to optimize workspace management and building performance. With a strong market position recognized by industry analysts such as Verdantix, IDC, Gartner, and Frost & Sullivan, Planon offers a comprehensive suite of services including Integrated Workplace Management, Campus Management, Lease Accounting, and Field Services. Their platform supports IoT-enabled solutions and is designed to meet the evolving needs of real estate and facilities management professionals worldwide. Technically, Planon's website leverages modern web technologies including jQuery, Bootstrap, Swiper, and Choices.js, integrated with advanced analytics and A/B testing tools like Google Analytics and Visual Website Optimizer. The site is hosted on Yourhosting DNS infrastructure and employs secure TLS 1.2 encryption with strong cipher suites. Cookie consent is managed via Cookiebot, ensuring compliance with GDPR and other privacy regulations. From a security perspective, Planon demonstrates good practices with SPF and DMARC email policies, absence of known SSL vulnerabilities, and a strict DMARC reject policy. However, there are opportunities to enhance security by enabling HSTS, OCSP stapling, TLS 1.3 support, and DNSSEC. No explicit vulnerability disclosure or incident response contacts were found, indicating potential areas for improvement in transparency and security readiness. Overall, Planon maintains a high-quality, professional web presence with strong trust indicators and comprehensive compliance measures. Strategic enhancements in security configurations and public disclosure policies could further strengthen their security posture and stakeholder confidence.

S

SAE University College

sae.edu.au

48

SAE University College is a leading higher education provider specializing in creative media and technology courses across Australia and internationally. It offers a wide range of industry-led programs in Animation, Audio, Design, Film, Games, Music, and related fields. The institution is part of the Navitas Group and holds important accreditations such as TEQSA and CRICOS, positioning it as a reputable player in the education sector. Technically, the website is built on WordPress with modern technologies and integrates multiple marketing and analytics tools, reflecting a mature digital presence. Security-wise, the site supports modern TLS protocols and has some best practices in place but is vulnerable to subdomain takeover and lacks HSTS enforcement, indicating areas for improvement. Overall, SAE University College maintains a professional and trustworthy online presence with comprehensive content and good user experience, though it should enhance its security posture and privacy compliance mechanisms.

Ansys Inc is a leading enterprise in the technology sector specializing in engineering simulation and 3D design software. The company offers a comprehensive suite of products and services targeting industries such as aerospace, automotive, energy, healthcare, and manufacturing. Their global presence and strong partner ecosystem position them as a market leader in digital engineering solutions. The website demonstrates excellent content quality, professional design, and clear navigation, catering to a diverse audience including students, educators, and industry professionals. Technically, the site leverages modern technologies such as Adobe Experience Manager, Coveo Search, and Akamai CDN, but suffers from significant security shortcomings including the absence of a valid SSL certificate and lack of modern TLS protocols. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, while the business credibility and content quality are high, the security posture requires urgent improvements to ensure secure user interactions and data protection.

I

Infront

vwd.com

67

Infront is a well-established provider of market data and trading software solutions, primarily serving the wealth management and trading sectors. With over 35 years of experience, the company positions itself as an industry leader trusted by thousands of businesses and professional users. Their offerings include a broad range of WealthTech solutions such as trading connectivity, portfolio management, APIs and data feeds, valuation and risk services, and news services. The website reflects a mature digital presence built on Adobe Experience Manager, integrating advanced marketing automation and analytics tools to support lead generation and customer engagement. However, a critical security lapse is noted with an expired SSL certificate, which undermines user trust and security posture. The site employs strong security headers and content security policies but lacks some advanced SSL features like OCSP stapling and HSTS preload. Overall, Infront demonstrates a high level of professionalism, branding consistency, and technical sophistication, though immediate remediation of SSL issues is recommended.

D

Dealogic

dealogic.com

64

Dealogic is a leading provider of software and data solutions for the global capital markets, serving top financial firms worldwide. As part of ION Analytics, Dealogic offers platforms tailored for investment banking, capital markets, syndicate, sales, trading, research, investment managers, and corporations. Their business model focuses on delivering industry-standard data and connectivity solutions that enhance deal-making, compliance, and market insights. The company maintains a strong market position as a trusted partner with extensive media presence and client base. Technically, the website is built on WordPress hosted on Microsoft Azure, leveraging modern web technologies including TLS 1.3, OCSP stapling, and multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and 6sense. The site supports multiple languages and demonstrates good performance and mobile optimization, although accessibility is basic. From a security perspective, Dealogic implements strong email authentication with SPF and DMARC policies, uses secure TLS protocols, and has OCSP stapling enabled. However, it lacks HSTS enforcement, DNSSEC, and certificate transparency compliance. No explicit security policy or incident response information is published, and cookie consent mechanisms are not evident. The security posture is good but could be improved with additional best practices. Overall, Dealogic's website reflects a mature enterprise with strong branding, comprehensive business offerings, and a solid technical foundation. Strategic improvements in security transparency and privacy compliance would enhance trust and reduce risk exposure.

F

Feira na Rosenbaum

feiranarosenbaum.com.br

50

Feira na Rosenbaum is a Brazilian cultural and design event platform that showcases independent Brazilian artists and designers through fairs and an online presence. The website serves as a portal to promote the event, artists, and related news, targeting audiences interested in Brazilian design and culture. The business operates in a niche market with a small size and focuses on promoting Brazilian identity through design. Technically, the website is built on an outdated WordPress CMS version 4.8.25, hosted on solisys.net.br, and uses common web technologies such as Google Analytics and Font Awesome. Performance is slow with a high load time, but mobile optimization and SEO are reasonably good. Security posture is weak, with no valid SSL certificate, no modern TLS protocols, and no security headers or DNS security features implemented. There is a lack of privacy, cookie, and terms of service policies, which impacts compliance and trust. Overall, the site is functional for its business purpose but requires significant security and compliance improvements.

A

ALADI – Asociación Latinoamericana de Diseño

disenioaladi.org

51

ALADI – Asociación Latinoamericana de Diseño is a non-profit organization dedicated to promoting design culture and activities across Latin America. The website serves as a platform for sharing news, events, congresses, and assemblies related to design, targeting design professionals and cultural institutions in the region. The business model focuses on community engagement, event organization, and media dissemination to strengthen the Latin American design ecosystem. Technically, the website is built on WordPress with common plugins for social media integration, galleries, and analytics. However, the site suffers from an invalid SSL certificate and lacks advanced security configurations, which poses risks to user data and trust. Performance is slow, and there is no visible cookie or privacy consent mechanism, indicating compliance gaps. Overall, the site is functional and content-rich but requires significant improvements in security and privacy to meet modern standards.

U

Universidade de Caxias do Sul

ucs.br

58

Universidade de Caxias do Sul (UCS) is a large Brazilian higher education institution offering a wide range of academic programs including undergraduate, graduate (MBA, specialization, masters, doctorate), extension courses, and research activities. The university serves students, researchers, and the academic community primarily in Brazil, with a strong regional presence and comprehensive institutional offerings. The website reflects a well-branded and content-rich portal designed to support academic and institutional communication. Technically, the website employs a traditional tech stack including jQuery, Bootstrap, Google Tag Manager, Google Analytics, and Facebook Pixel for analytics and marketing. Accessibility is enhanced by the Hand Talk plugin for sign language translation. However, the site suffers from slow performance and lacks modern CMS or hosting provider disclosures. The SSL configuration is poor, with no valid certificate and no modern TLS protocols enabled, exposing users to security risks. From a security perspective, the site lacks critical security headers, DNSSEC, HSTS, and OCSP stapling. While no active vulnerabilities like Heartbleed or POODLE are detected, the absence of a valid SSL certificate and security best practices significantly lowers the security posture. Privacy and cookie policies are not found, and no consent mechanisms are evident, indicating compliance gaps. Overall, UCS's website is a professionally designed academic portal with good content and branding but requires urgent improvements in security infrastructure and privacy compliance to protect users and enhance trust.

S

Serviço Florestal Brasileiro

florestal.gov.br

56

Serviço Florestal Brasileiro is a Brazilian federal government agency dedicated to forest management, environmental regularization, and sustainable forest development. The website serves as an official portal providing information, services, and transparency related to forestry policies and programs. It targets citizens, government entities, and environmental stakeholders, positioning itself as a key government entity in Brazil's environmental governance. Technically, the site is built on the Plone CMS and integrates with the gov.br platform, using various modern web technologies and accessibility tools. However, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate and missing DNS records, which pose risks to secure communications and domain resolution. The site implements cookie consent mechanisms and privacy policies, but overall security posture is weak. Social media presence is strong, enhancing outreach and transparency. Performance is slow, indicating potential optimization needs.

M

Movelsul Brasil

movelsul.com

52

Movelsul Brasil operates the largest furniture fair in Latin America, targeting retailers, importers, architects, and designers in the furniture manufacturing and retail sectors. Established in 1977 and organized by Sindmóveis Bento Gonçalves, it holds a strong market position as a key event for business networking and industry innovation. The website supports multilingual access and provides comprehensive event information, exhibitor services, and visitor resources. Technically, the site is built on WordPress with a variety of plugins for SEO, analytics, and user engagement, hosted by KingHost. While the SSL certificate is valid, some security enhancements are recommended, including enabling HSTS and DMARC records. The site employs extensive tracking and advertising tools, including Google and Facebook pixels, with GDPR cookie consent mechanisms in place but lacks a dedicated privacy policy page. Overall, the digital presence is professional and trustworthy but could improve in performance and security posture.

C

Compusoft Group

compusoftgroup.com

61

Compusoft Group is a leading provider of specialized software solutions for the kitchen, bathroom, furniture, window, and door industries. Their portfolio includes design, presentation, business management, and production software, targeting professionals who require efficient and accurate tools to streamline their workflows. The company operates globally with a strong presence in over 100 countries and serves a large customer base, positioning itself as a key player in the configurable product software market. As a subsidiary of Cyncly, Compusoft benefits from a broader corporate ecosystem enhancing its market reach and technological capabilities. Technically, the website is built on WordPress with a comprehensive set of modern web technologies and analytics tools, including Google Analytics, Cookiebot for consent management, and various marketing and tracking integrations. The site demonstrates good performance and mobile optimization, although the page load time is relatively slow, likely due to extensive resources and scripts. Security-wise, the site employs a valid SSL certificate with HSTS enabled, SPF and DMARC records are properly configured, indicating a strong email security posture. However, the absence of DNSSEC and CAA records suggests room for improvement in DNS security. No explicit security or incident response policies are publicly available, which could be a gap in transparency. Overall, the website reflects a mature digital presence with robust privacy and cookie management practices, extensive tracking for marketing and analytics, and a professional, consistent brand image. The risk profile is moderate, with recommendations to enhance DNS security and publish clear security policies to improve trust and compliance.

C

Centric Software, Inc.

centricsoftware.com

75

Centric Software, Inc. is an enterprise-level B2B software provider specializing in Product Lifecycle Management (PLM), Planning, Pricing, Market Intelligence, and Visual Boards solutions tailored for brands, retailers, and manufacturers. The company positions itself as a key innovation partner with a strong market presence, serving over 18,800 brands globally with a high customer retention rate and a 100% go-live success rate. Their offerings are AI-driven and designed to optimize product development, pricing, and inventory management while supporting sustainability and compliance goals. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery and Swiper.js for enhanced user experience. It integrates multiple third-party services including Google Analytics, Facebook SDK, Cookiebot for consent management, and various marketing and tracking platforms. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a significant security concern. From a security perspective, the site implements SPF and a strict DMARC policy with reporting, indicating good email security practices. Nonetheless, the absence of HTTPS and related security features like HSTS and OCSP stapling exposes the site to potential risks. The extensive use of tracking and marketing tools suggests a high level of user data collection, managed through a comprehensive cookie consent mechanism. Overall, while Centric Software demonstrates strong business maturity and digital marketing sophistication, it must urgently address its SSL/TLS deficiencies to ensure secure communications and maintain trust. Enhancing its security posture will mitigate risks and align with best practices for enterprise-grade software providers.

E

Edgar Ambient Media Group GmbH

edgarfreecards.de

53

Edgar Ambient Media Group GmbH operates the Edgar Freecards platform, specializing in distributing free postcards as an innovative advertising medium targeting urban audiences, particularly generations Y and Z in Germany. With over 30 years of experience and a presence in more than 4000 locations, the company has established a strong market position in the media sector, leveraging creative and sustainable advertising solutions. The website reflects a mature digital presence with comprehensive content, structured data, and multiple analytics tools integrated for performance and user behavior insights. However, the absence of a valid SSL certificate and modern TLS protocols represents a significant security gap that undermines user trust and data protection. The company demonstrates compliance awareness through a dedicated privacy policy, cookie consent mechanisms, and a compliance hotline linked to its parent group, Ströer OOH. Strategic improvements in security infrastructure and performance optimization are recommended to enhance overall risk posture and user confidence.

S

SoSafe

sosafe-awareness.com

70

SoSafe is a leading European provider specializing in security awareness training and human risk management solutions. The company offers a behavioral science-based platform that empowers organizations to enhance their cybersecurity posture by educating employees and managing human-related risks. Positioned as Europe's largest provider in this niche, SoSafe delivers personalized, gamified training, phishing simulations, an AI-powered chatbot, and a comprehensive human risk management platform. Their market presence is reinforced by multiple certifications including ISO 27001, TISAX, and GDPR compliance, alongside strong customer testimonials and industry recognitions. Technically, SoSafe's website is built on WordPress and integrates a robust set of analytics and marketing tools such as Google Analytics, Matomo, Cookiebot for consent management, HubSpot forms, and Visual Website Optimizer for A/B testing. The infrastructure is hosted on Amazon AWS with DNS managed via Route53. While the site supports modern TLS protocols and has valid SPF and DMARC records, it lacks DNSSEC, CAA records, and HSTS, which are recommended for enhanced security. The website performance is moderate to slow, with room for optimization. From a security perspective, SoSafe demonstrates good practices including strong SSL configuration, OCSP stapling, and comprehensive cookie consent mechanisms. However, there is no public vulnerability disclosure or security.txt file, and incident response contact details are not explicitly provided. The company maintains a strong security posture with certifications and compliance but could improve transparency and DNS security. Overall, SoSafe presents a mature digital presence with a focus on privacy and compliance, extensive integration with enterprise platforms, and a clear commitment to security awareness. Strategic improvements in DNS security and incident response transparency would further strengthen their security posture and trustworthiness.

L

Lineup

lineup.com

55

Lineup is a specialized software provider offering ERP and revenue management solutions tailored for the media and advertising industry. Their flagship product, Adpoint, integrates CRM, order management, finance, and analytics to streamline media sales processes and boost revenue. The company has a solid market presence with notable clients and significant ad revenue processed through their platform. Technically, the website is built on WordPress using the Salient theme and incorporates multiple marketing and analytics tools including HubSpot, Google Analytics, Hotjar, and LinkedIn Insight Tag. However, the site currently lacks a valid SSL certificate and modern TLS support, which poses a significant security risk. While SPF and DMARC email protections are properly configured, the absence of HTTPS undermines user trust and data security. The company demonstrates good privacy compliance with GDPR-aligned cookie consent mechanisms and detailed cookie categorization. Overall, Lineup presents a professional and trustworthy digital presence but must urgently address its SSL/TLS deficiencies to improve security posture and user confidence.

M

Mpirical Limited

mpirical.com

69

Mpirical Limited is a UK-based telecommunications training provider specializing in 5G, 4G LTE, and wireless network technologies. With over two decades of experience, the company offers certified and accredited training courses delivered online, live onsite, and on demand. Their market position is strong, supported by industry certifications such as ITP, CPD, and ISO standards, and a broad portfolio of learning aids including the proprietary NetX tool. The company targets individuals, teams, and enterprises seeking up-to-date telecoms knowledge and certification. Technically, the website is built on WordPress with a modern tech stack including Google Analytics, Hotjar, Zoho SalesIQ, and Vimeo integration. Performance is moderate to slow, with good mobile optimization and SEO practices. Security posture is good with valid SSL, SPF, and DMARC policies, but could be improved by enabling HSTS, DNSSEC, and OCSP stapling. No explicit security policy or incident response contacts were found. Overall, Mpirical demonstrates a mature digital presence with strong trust indicators and compliance with privacy regulations.

M

Mondoni Press

mondonipress.com.br

48

Mondoni Press is a Brazilian PR and communication agency specializing in press advisory, institutional communication, digital marketing, and content creation. The company positions itself as a trusted partner for businesses seeking to enhance their credibility, media presence, and visibility. It has received recognition such as the PR Agency of the Year award in South America (Prestige Awards 2023/24) and serves a diverse client base across various sectors. Technically, the website is built on WordPress with a range of popular plugins and marketing tools, including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing infrastructure. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and data security. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages were found, which may pose compliance risks. Overall, the company demonstrates good branding and content quality but should urgently address security and compliance gaps to maintain trust and regulatory adherence.