Security Directory

C

Coface

coface.com

40

Coface is a global leader in trade credit insurance, debt collection, and business information services, supporting over 100,000 clients across approximately 200 countries. Founded in 1946 and headquartered in France, the company offers comprehensive solutions to help businesses manage credit risks and optimize credit management. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its target audience of businesses seeking credit risk solutions. Technically, the site uses modern web technologies including a CDN (CloudFront), a CMS (Ibexa), and integrates advanced consent management and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, Coface's website demonstrates high business credibility and professionalism but requires urgent SSL/TLS remediation to improve security and trust.

Austro Control GmbH is the Austrian national air navigation service provider responsible for ensuring aviation safety, air traffic control, and aeronautical information management. The company serves a broad audience including pilots, airlines, airports, and government agencies, positioning itself as a key player in the transportation and government sectors. Their services include air traffic control, pilot licensing, flight weather services, and drone regulation. The website reflects a professional and comprehensive digital presence with strong branding and trust signals such as industry awards and certifications. Technically, the site uses modern web technologies like Bootstrap and jQuery but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of TLS protocol support, which undermines secure communications. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Overall, the site is trustworthy and authoritative but requires urgent improvements in SSL/TLS security to protect users and maintain credibility.

J

Johannes Kepler Universität Linz

jku.at

36

Johannes Kepler Universität Linz operates as a large public university in Austria, offering a wide range of academic programs including Bachelor, Master, Diplom, and doctoral studies. The institution serves students, researchers, and alumni with comprehensive educational and research services, supported by a well-structured and professionally designed website. The university maintains a strong market position as the largest university in Upper Austria with extensive campus services and international programs. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates analytics and marketing tools such as Google Tag Manager and Matomo. However, the absence of a valid SSL/TLS certificate is a critical security gap, exposing users to risks and lowering the overall security posture. Privacy and cookie policies are well implemented with explicit consent mechanisms, reflecting good GDPR compliance. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and strengthen its security framework.

DXC Technology is a leading global IT services and consulting company that helps enterprises and public sector organizations modernize their IT infrastructure, optimize data architectures, and enhance security across cloud environments. The company offers a broad portfolio of services including cloud and infrastructure, consulting and engineering, insurance software and business process services, modern workplace solutions, and security services. The website reflects a mature enterprise with consistent branding, comprehensive content, and a global reach with multiple language and regional versions. Technically, the site is built on Adobe Experience Manager with modern marketing and analytics tools integrated, providing a good user experience and accessibility. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a risk to secure communications. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high business credibility and professionalism but requires urgent remediation of SSL/TLS issues to improve security and trust.

N

Netural GmbH

netural.com

40

Netural GmbH is a mature and reputable digital services provider based in Austria, specializing in digital transformation, web and mobile app development, augmented reality, and eCommerce solutions primarily for B2B clients. The company has a strong market position supported by multiple industry awards and a professional online presence. Technically, the website uses modern web technologies and a CMS (Storyblok), with content optimized for mobile and SEO. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks. Privacy policies and cookie consent mechanisms are well implemented, indicating good GDPR compliance. Overall, the business credibility is high, but urgent security improvements are needed to protect data and enhance trust.

S

STYRIA MEDIA GROUP

styria.com

40

STYRIA MEDIA GROUP is a large, established media company operating multiple brands primarily in Austria. The website serves as a digital presence for the group, showcasing its various media brands and services. The technical infrastructure includes a modern JavaScript framework (Vue.js) and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the website lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a significant security concern. The presence of a Content Security Policy in report-only mode and strict transport security headers shows some security awareness but incomplete implementation. Privacy compliance is well addressed with GDPR-compliant policies and consent management tools. Overall, the website is functional but requires urgent security improvements to protect user data and enhance trust.

The website for parkhyattvienna.com represents a luxury hospitality business under the Hyatt Hotels Corporation umbrella, targeting affluent travelers seeking premium accommodation and services in Vienna, Austria. However, the website content is extremely minimal, lacking essential information such as privacy policies, contact details, and business descriptions. The technical infrastructure shows use of JavaScript and hosting via Amazon CloudFront, but no modern CMS or frameworks are detected. Performance and SEO optimization are poor due to the lack of content and metadata. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical vulnerability for any modern website, especially in hospitality where customer trust is paramount. Security headers are minimal, and no advanced security practices are implemented. There is no evidence of GDPR compliance or cookie consent mechanisms, which could expose the business to regulatory risks. Overall, the website presents a high risk due to its poor security posture, lack of compliance documentation, and minimal content quality. Strategic improvements are necessary to enhance trust, security, and user experience to align with the expectations of a luxury hospitality brand.

The website osram-continental.com currently serves as a parked domain with a prominent banner indicating it is for sale. There is no active business content, company description, or contact information beyond a sales phone number. The embedded iframe references automotive lighting technology keywords, suggesting the domain may have been intended for or associated with automotive lighting products or services, but no direct business operations are evident on the site. Technically, the site uses basic HTML, CSS, and JavaScript with Google Adsense for monetization. The hosting appears to be on DigitalOcean based on IP addresses. Performance is slow with a high load time and minimal content size. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, and lack of security headers or DNS security features. Privacy compliance is minimal with only a basic privacy policy page and no cookie consent mechanism. Overall, the site lacks professionalism and trust indicators, making it unsuitable for business or customer engagement in its current state.

S

Seco Tools

secotools.com

40

Seco Tools is a leading global manufacturer and provider of metal cutting solutions and tooling systems, positioned as one of the largest tooling companies worldwide. The website reflects a mature enterprise with a broad international market presence, supporting multiple languages and regional markets. Technically, the site is hosted on Microsoft Azure using IIS and ASP.NET technologies, with integrations for analytics and marketing tools such as Google Analytics, OneTrust, and BrightEdge. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks and undermining trust. The security posture is further weakened by permissive Content Security Policy settings and incomplete HSTS implementation. Privacy compliance is partially addressed through cookie consent mechanisms, but the lack of a visible privacy policy and contact information limits transparency. Overall, the site demonstrates good business credibility and technical maturity but requires urgent improvements in security and privacy compliance to align with best practices and regulatory expectations.

C

Casinos Austria AG

casinos.at

40

Casinos Austria AG operates a comprehensive network of casinos across Austria, providing a wide range of gaming options including poker, slot machines, and table games, complemented by hospitality services such as restaurants and event locations. The website serves as the official digital presence, targeting casino visitors and players with detailed information on locations, events, membership benefits, and promotional packages. The company holds a strong market position as a leading casino operator in Austria, supported by consistent branding and trust indicators such as recognized certifications and responsible gaming initiatives. Technically, the website is built on TYPO3 CMS and employs modern web technologies including JavaScript and SVG graphics. It integrates multiple analytics and marketing tools with user consent mechanisms, ensuring good digital maturity. The site is mobile-optimized and accessible, with good SEO practices and clear navigation enhancing user experience. From a security perspective, while the site implements several important security headers and content security policies, it currently lacks a valid SSL certificate and does not support modern TLS protocols, significantly weakening its security posture. This exposes the site to risks related to unencrypted traffic and potential interception. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. The presence of a responsible disclosure page indicates a proactive approach to vulnerability management. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to secure user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling TLS 1.2 or higher, and fully activating HSTS. These steps will enhance security, compliance, and user confidence, supporting the company’s strong market presence and digital strategy.

C

Continental AG

continental-corporation.com

40

Continental AG is a well-established multinational technology and manufacturing company specializing in sustainable and connected mobility solutions. Founded in 1871 and headquartered in Germany, the company offers a broad portfolio including automotive technologies, tires, and ContiTech products. The website reflects a mature digital presence with comprehensive corporate, investor, and sustainability information targeting investors, job seekers, and business partners. Technically, the site is built on TYPO3 CMS and hosted likely on AWS infrastructure, with modern JavaScript and CSS usage. However, a critical security weakness is the lack of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture. Security headers are mostly present but some, like X-XSS-Protection, are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but urgently needs to address HTTPS and SSL issues to ensure secure user interactions.

G

GoDaddy Operating Company, LLC

alliedpanels.com

38

The website alliedpanels.com is a domain aftermarket sales landing page hosted and operated under GoDaddy's platform. It offers the domain for sale with options to buy now, lease to own, or make an offer. The site targets domain investors and businesses seeking premium domain names, leveraging GoDaddy's trusted marketplace and brokerage services. The business model is focused on domain sales and brokerage within the e-commerce sector, supported by GoDaddy's large market presence and infrastructure. Technically, the site is built using modern JavaScript frameworks such as React and Next.js, hosted on AWS infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. While the design and user experience are good and mobile optimized, the absence of HTTPS and security headers significantly weakens the security posture. Security evaluation reveals critical issues including no valid SSL certificate, no HSTS, and missing security headers, which expose users to potential risks. Privacy compliance is supported by comprehensive GoDaddy privacy and cookie policies, with GDPR compliance indicated. Contact information is limited but present via phone and contact form. Overall, the site is legitimate and consistent with domain aftermarket sales but requires urgent security improvements. Strategically, the site should prioritize obtaining and configuring a valid SSL certificate to enable HTTPS, implement security headers, and improve performance to enhance trust and user experience. These steps will strengthen the security posture and align with best practices for e-commerce platforms.

E

Efumo

efumo.lv

40

Efumo is a Latvian-based IT services company specializing in the development and maintenance of internet shops, websites, mobile applications, and IT systems. The company targets businesses seeking modern, responsive, and integrated digital solutions. Their market position is that of a small but established regional player with a portfolio of notable clients and a professional online presence. Technically, the website is built on WordPress with Yoast SEO, uses modern web technologies, and is moderately optimized for performance and mobile devices. Security posture is adequate with HTTPS, secure cookies, and several security headers, but lacks full HSTS enforcement and email security measures like DMARC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is professional and trustworthy but could improve in privacy and security policy transparency.

C

CODEART, SIA

codeart.lv

40

CODEART, SIA is a Latvian-based IT service provider specializing in the design, development, and maintenance of modern business IT systems, websites, and portals. With over 18 years of industry experience, the company targets Latvian businesses seeking high-quality and scalable digital solutions. The website reflects a professional and consistent brand image, offering a range of corporate IT services including web design, frontend development, and user experience planning. The company maintains a moderate market position as an established local player with a clear focus on quality and client satisfaction. Technically, the website employs modern TLS protocols and integrates multiple third-party tools such as Google Analytics, Microsoft Clarity, and Pipedrive LeadBooster for marketing and analytics purposes. However, the site suffers from slow load times and lacks some advanced security headers and policies, which could be improved to enhance security posture. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Contact information is clearly provided, supporting business credibility. Overall, the website is functional and professional but would benefit from enhanced security and privacy measures to align with best practices.

The website myzone.app currently serves as a parked domain page indicating that the domain is registered but not linked to any hosting service. It promotes web hosting packages from Zone.eu in multiple languages, targeting domain owners who need hosting services. The site is basic in content and design, with no privacy or cookie policies, no contact information, and no active forms or data collection. Technically, the site uses standard HTML, CSS, and JavaScript but lacks a valid SSL certificate and modern TLS protocols, resulting in no HTTPS support. Security posture is weak due to missing SSL and security headers, although SPF and DMARC records are properly configured. Overall, the site is functional as a parked domain but lacks essential security and compliance features.

I

IT Crafters

itcrafters.eu

40

IT Crafters is an online education platform specializing in training individuals to become Java Software Developers within 8 months. Powered by BCS Koolitus, Estonia's largest training company, it offers a comprehensive program including practical projects, mentoring, and employment support. The website is professionally designed with clear navigation and detailed content, targeting aspiring IT professionals, especially those without prior experience. The technical infrastructure leverages modern web technologies and Tilda CMS, with adequate mobile optimization but slower performance. Security measures include HTTPS with modern TLS versions and basic email authentication records, though improvements like HSTS and OCSP stapling are recommended. Privacy and terms of service are clearly provided, supporting GDPR compliance. Overall, the site presents a credible and trustworthy educational service with strong business partnerships and a focus on user engagement and support.

Kotisivutehdas is a Finnish small-sized technology service provider specializing in professional website development, SEO, AI services, and comprehensive marketing solutions. The company targets small and medium enterprises seeking turnkey, responsive, and SEO-optimized websites. Their market position is strengthened by over 20 years of industry experience and a broad service portfolio including copywriting, website maintenance, and security services. Technically, the website employs modern frameworks like UIkit and integrates popular analytics and marketing tools such as Google Analytics and Facebook Pixel. However, the website suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which severely impacts its security posture. Privacy compliance is addressed through a comprehensive cookie consent mechanism and a detailed privacy policy, though terms of service and security policies are lacking. Overall, the website presents professional content and clear contact information but requires urgent security improvements to protect user data and enhance trust.

H

HelpDeskEddy

helpdeskeddy.com

61

HelpDeskEddy is a Russian-based technology company providing a comprehensive HelpDesk and ServiceDesk platform designed to centralize customer support interactions across multiple channels. The platform offers omnichannel integration, automation workflows, analytics, and API access, targeting businesses seeking to improve their customer service efficiency. The website demonstrates a solid market presence with over 1200 companies using their services, including notable brands, and offers both SaaS and boxed deployment models. Technically, the site uses modern web technologies such as Bootstrap, Video.js, and integrates analytics tools like Yandex Metrika and Google Tag Manager. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks. Privacy policies and cookie consent mechanisms are implemented, though GDPR compliance is not clearly indicated. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

I

Inbokss Ltd.

inbox.eu

40

Inbox.eu is a privacy and security oriented email and cloud storage service provider based in Latvia, operating since 2001. The company offers both business domain email solutions and personal email accounts with features such as spam filtering, data encryption, and synced contacts and calendar. With over 20 years of experience and processing over 21 million emails weekly, Inbox.eu positions itself as a trusted provider in the privacy-focused email market. The website is professionally designed, multilingual, and targets users seeking secure and private email services. Technically, the site uses standard web technologies including JavaScript, Google Tag Manager, and Facebook Pixel for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. DNS records are well configured with SPF and DMARC policies, but DNSSEC and CAA records are absent. Incident response contact is available via DMARC abuse email. Privacy and terms of service policies are present and appear comprehensive, but no cookie consent mechanism was detected. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in SSL/TLS security to protect user data and trust.

M

MKBHD

mkbhd.com

58

MKBHD.com is the official website and e-commerce platform for Marques Brownlee, a prominent technology content creator. The site offers high-quality tech videos, branded merchandise, and podcast content, targeting technology enthusiasts and fans. The business model combines content creation with direct merchandise sales, leveraging a strong brand presence and loyal audience. The website is professionally designed with excellent content relevance and clear navigation, supporting a positive user experience.

P

porkbun.shop

porkbun.shop

63

porkbun.shop is an e-commerce website currently in a 'Coming Soon' state, hosted on the Shopify platform. The site offers a newsletter signup form to notify visitors of upcoming promotions and product launches. The business model is typical of online retail stores leveraging Shopify's infrastructure. The website is password protected and lacks substantive content or business information at this time, indicating it is not yet operational. Technically, the site uses Shopify's Debut theme and standard JavaScript libraries, including CryptoJS and Shopify's own analytics and pixel tracking scripts. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Performance is slow with a large page size and many resource requests, and SEO and accessibility optimizations are basic. Security-wise, the site has minimal protections beyond HSTS being enabled. There is no valid SSL certificate, no modern TLS protocols enabled, and no OCSP stapling or session resumption. No privacy, cookie, or terms of service policies are present, and no incident response or vulnerability disclosure information is available. The site collects email addresses via a newsletter form but lacks GDPR compliance indicators. Overall, the website is in an early stage of development with significant security and compliance gaps. The lack of HTTPS is a critical issue that must be addressed before launch. Strategic recommendations include obtaining a valid SSL certificate, implementing privacy and cookie policies, improving performance, and enhancing security headers and compliance measures.

L

Localytics

localytics.com

56

Localytics is an established enterprise SaaS company specializing in mobile app marketing and analytics software. Founded in 2008, it provides powerful tools for understanding user behavior, driving engagement, and optimizing mobile app campaigns. The company targets enterprise clients across multiple sectors including technology, retail, media, telecommunications, finance, and hospitality. The website reflects a mature digital presence with comprehensive content, professional design, and clear business messaging. Technically, the site leverages modern frameworks such as React and Next.js, hosted on Vercel with AWS DNS infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness.

D

Dateks

dateks.lv

39

Dateks.lv operates as a medium-sized e-commerce retailer based in Latvia, specializing in a broad range of technology and consumer electronics products. The website offers extensive product categories including computers, components, office equipment, and home appliances, targeting both consumers and businesses in the Baltic region. The company maintains partnerships with major technology brands such as Asus, Dell, Intel, Lenovo, and Nvidia, reinforcing its market position as a reputable regional retailer. From a technical perspective, the website employs modern tracking and marketing technologies including Google Tag Manager, Facebook Pixel, and Cookiebot for consent management. However, the site suffers from slow performance due to a large page size and numerous resources. Mobile optimization is good, but accessibility features are basic. The lack of a valid SSL certificate is a critical security shortfall, impacting user trust and data protection. Security posture reveals several vulnerabilities including missing DMARC, DNSSEC, and CAA records, and no domain protection locks, which collectively increase risk exposure. While HSTS is enabled, the absence of a valid SSL certificate and other security best practices lowers the overall security score. Privacy and cookie policies are present and GDPR compliant, with clear contact information provided. Overall, Dateks.lv presents a professional and content-rich e-commerce platform with moderate technical maturity and security posture. Strategic improvements in SSL/TLS implementation, email security, and DNS hardening are recommended to enhance trust and compliance.

M

Medarbejder- og Kompetencestyrelsen

medst.dk

40

Medarbejder- og Kompetencestyrelsen is a Danish government agency under the Ministry of Finance focused on labor agreements, HR education, and development activities within the public sector. The agency provides tools, advisory services, and regulatory information to state employers and HR professionals. The website serves as an authoritative platform for state HR matters, offering educational programs, circulars, and practical tools. Technically, the site is built on the Umbraco CMS platform, uses modern JavaScript libraries such as Swiper.js for UI components, and integrates Cookiebot for cookie consent management. However, the site suffers from a critical security issue due to an invalid or missing SSL certificate, which undermines secure HTTPS access. Other security best practices such as HSTS, DNSSEC, and security headers are absent, indicating room for improvement in security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent SSL remediation to ensure secure user interactions.

S

Statens Administration

statens-adm.dk

40

Statens Administration is a Danish government entity providing centralized administrative services focusing on payroll, accounting, reimbursement, and support portals for public sector organizations. The website reflects a professional government service portal with clear navigation and relevant content for its target audience. Technically, the site uses Umbraco CMS and integrates third-party analytics and search tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate, impacting HTTPS availability. Privacy compliance is well addressed with Cookiebot consent management and comprehensive cookie and privacy policies. The security posture is weak due to missing HTTPS and security headers, posing risks to user data confidentiality and integrity. Overall, the site is functional and trustworthy but requires urgent security improvements to meet modern standards.

S

Statens It

statens-it.dk

40

Statens It is a Danish government IT organization established in 2008, providing a range of IT services including workplace solutions, security, IT operations, servicedesk, and development of shared services primarily for public sector entities. The website reflects a mature and consistent government presence with clear contact information and compliance with GDPR through comprehensive privacy and cookie policies. Technically, the site uses modern tools such as Cookiebot for consent management and Cludo for search functionality, and is built on the Umbraco CMS platform. However, the security posture is weakened by the absence of a valid SSL certificate and HTTPS support, lack of security headers, and missing DNSSEC, which are critical for protecting user data and ensuring secure communications. The domain registration data aligns well with the official government entity, showing a long-standing and legitimate presence.

Ø

Økonomistyrelsen

oes.dk

40

Økonomistyrelsen is a Danish government agency focused on economic management, public procurement, and digital solutions for state institutions. It serves as a key authority supporting efficient public sector operations and financial governance. The website reflects a mature government entity with a clear focus on providing guidance, advisory services, and digital support to public institutions. The agency maintains a professional online presence with detailed content and official contact information. Technically, the site uses Umbraco CMS and integrates third-party tools like Cookiebot for consent management and Cludo for search functionality. Performance is moderate, and accessibility and SEO are well addressed. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Email authentication via SPF and DMARC is properly configured, enhancing email security. Overall, the site is trustworthy and compliant with GDPR, but urgent improvements in SSL/TLS implementation are necessary to enhance security posture and user trust.

Naalakkersuisut.gl is the official government website of Greenland, serving as the primary portal for government news, departmental information, and public resources. The site targets Greenlandic citizens, government officials, and media, providing authoritative and up-to-date information about governmental activities and services. The business model is public service oriented, with a focus on transparency and communication. Technically, the website employs standard web technologies including JavaScript and CSS, and uses Matomo for analytics. The site is moderately performant and mobile-optimized, but lacks modern security implementations such as HTTPS and security headers, which significantly impacts its security posture. From a security perspective, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, exposing users to potential data interception risks. No privacy or cookie policies were found, indicating gaps in compliance with GDPR and other privacy regulations. The site does not display any incident response or security policies, which could affect trust and readiness for security events. Overall, while the website fulfills its role as a government information portal with good content quality and user experience, the lack of fundamental security measures and privacy compliance lowers its trustworthiness and exposes it to risks. Strategic improvements in security infrastructure and privacy transparency are recommended to enhance user trust and regulatory compliance.

The website lovgivning.gl serves as an official Greenland government portal providing access to Greenlandic legislation and administrative regulations. It targets residents and legal professionals in Greenland, primarily Danish-speaking users, offering a searchable legal database and updates on recent laws. The site is operated under the Greenland Self-Government authority, with hosting and domain registration managed by Modulo ApS, a Danish registrar. The content is professionally presented with consistent branding and clear navigation, supporting a medium-sized government service model founded in 2008. Technically, the site uses modern frontend technologies including Vue.js and JavaScript, with a moderate performance profile and good mobile optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. The site lacks security headers, HSTS, and DNSSEC, which exposes it to potential risks. No analytics or tracking tools are detected, indicating minimal user tracking and a privacy-respecting approach, though no formal privacy or cookie policies are published. From a security perspective, the site’s lack of HTTPS and security best practices significantly lowers its security posture score. The domain is mature and consistent with official government use, enhancing trustworthiness. However, the absence of incident response contacts, security policies, and vulnerability disclosures suggests room for improvement in security governance. Overall, the site is functional and credible as a government resource but requires urgent security enhancements to protect user data and ensure trust. Strategic recommendations include immediate implementation of HTTPS with a valid SSL certificate, enabling security headers and DNSSEC, publishing privacy and cookie policies to comply with GDPR, and establishing clear incident response channels. These steps will improve security, compliance, and user trust, aligning the site with best practices for government digital services.

S

Statsministeriet

stm.dk

40

Statsministeriet.dk is the official website of the Danish Prime Minister's Office, serving as a primary information portal for government activities, press releases, speeches, and legislative programs. The site targets Danish citizens, government officials, media, and international visitors interested in Denmark's executive branch. It operates as a government public service entity with a large organizational footprint and a mature digital presence dating back over 30 years. Technically, the website uses modern web technologies including React and the Umbraco CMS, hosted via Sitnet infrastructure. The site demonstrates good content quality, clear navigation, and accessibility features, with moderate performance metrics. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks. From a security perspective, the site benefits from properly configured SPF and DMARC email policies, reducing spoofing risks. Yet, the lack of DNSSEC, security headers, HSTS, and TLS support significantly weakens its security posture. Privacy compliance is well addressed with accessible privacy and cookie policies, though no active cookie consent mechanism is present. Overall, the site is trustworthy and authoritative but requires urgent security improvements, especially regarding HTTPS implementation and enhanced transport security measures, to protect user data and maintain government digital trust.

N

Namminersorlutik Oqartussat

nalunaarutit.gl

64

The website 'nalunaarutit.gl' serves as the official Greenland government portal for legislative announcements and legal notifications. It provides access to government-issued legal documents and updates primarily targeted at Greenlandic citizens, legal professionals, and government officials. The site offers search functionality to locate specific legislative texts and maintains a consistent government branding with official logos and domain usage. Technically, the site is built using Vue.js and custom CSS, delivering a moderate performance experience with a load time of approximately 4.5 seconds. Mobile optimization is good, and the site supports Greenlandic and Danish languages. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. No advanced security headers or privacy policies are present, and no analytics or advertising tools are detected, indicating minimal user tracking. Contact information is clearly provided with an official government email and physical address. Overall, the site is credible as an official government resource but requires urgent security improvements to protect user data and enhance trust.

e-Boks Group operates Denmark's leading digital mailbox platform, serving millions of users with secure digital post and document management services. The company is well-established, owned by reputable parent companies Nets and PostNord, and targets both private individuals and businesses. Their platform supports secure communication with public authorities and private entities, leveraging MitID for authentication and providing mobile app access for convenience. Technically, the website employs modern JavaScript frameworks and integrates Cookiebot for privacy compliance, but critically lacks a valid SSL certificate, exposing users to security risks. The absence of HTTPS and security headers significantly lowers the security posture score. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant, reflecting a strong commitment to user privacy. Overall, the website is professionally designed with excellent content quality and user experience, but urgent improvements in SSL/TLS configuration and security headers are necessary to enhance trust and security.

Sullissivik.gl is the official government portal for public services in Greenland, targeting both citizens and businesses. It provides a centralized platform for accessing self-service forms, information on cultural, housing, equality, and transport topics, and digital communication channels. The site is primarily in Greenlandic with options for Danish and English, reflecting its public service nature. The portal is positioned as a key digital interface for government-citizen interaction in Greenland. Technically, the site uses modern JavaScript libraries, SVG icons, and integrates Matomo analytics for user tracking. However, the site suffers from a critical lack of a valid SSL certificate and HTTPS enforcement, which severely impacts its security posture. No advanced security headers or policies are detected, and privacy compliance is basic with only a cookie policy present. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and build trust.

S

Statens It

govcloud.dk

40

Statens It operates GovCloud, a specialized cloud service platform designed to host governmental applications and data securely within Denmark. The service targets public sector organizations, offering cloud infrastructure hosted in Danish data centers. The website reflects a government-affiliated entity with clear contact information and a focus on compliance with privacy regulations, including GDPR. However, the absence of a valid SSL certificate undermines secure communications, which is a critical security gap. Technically, the site uses modern web technologies including Umbraco CMS, responsive design, and Cookiebot for cookie consent management. Performance is moderate, and accessibility features are adequately implemented. Analytics are minimal and privacy-conscious, using Silktide analytics and Cookiebot tracking pixels. Security posture is weak due to the lack of HTTPS, missing security headers, and absence of DNSSEC and CAA records. No explicit security or incident response policies are published. The domain registration is consistent with the business identity, showing a mature domain age and no suspicious discrepancies. Overall, the site is professional and trustworthy from a business perspective but requires urgent improvements in SSL deployment and security hardening to protect user data and maintain trust.

D

Digitaliseringsstyrelsen

digst.dk

40

Digitaliseringsstyrelsen is the Danish government agency responsible for leading the digital transformation of Denmark, aiming to simplify daily life for citizens and businesses while supporting public authorities in delivering quality services. The agency operates a comprehensive website offering information on digital solutions such as MitID, Digital Post, and various support services, targeting both citizens and businesses. The site reflects a strong government presence with clear contact details and compliance with privacy regulations. Technically, the website uses modern tools like Cookiebot for consent management and analytics platforms such as Matomo and Siteimprove, but suffers from a lack of valid SSL certificates and slow load times, which negatively impact security and user experience. Security posture is weak due to missing HTTPS, lack of security headers, and no DNSSEC, although SPF and DMARC are properly configured. Overall, the site is trustworthy and authoritative but requires urgent improvements in security infrastructure to protect user data and enhance trust.

C

Convesio

convesio.nl

40

Convesio.nl is a specialized managed WordPress hosting provider focused on delivering scalable, high-performance hosting solutions using innovative Docker container technology. The company targets business-critical WordPress websites including WooCommerce shops, membership sites, and e-learning platforms, emphasizing automatic scaling, speed, and security. The website is professionally designed, content-rich, and well-structured, reflecting a mature digital presence. Technically, the site leverages modern web technologies including WordPress CMS, GeneratePress theme, and integrates with Google and Amazon cloud platforms. Security posture is adequate with HTTPS and TLS 1.3 support, but lacks advanced configurations such as HSTS, DMARC, and OCSP stapling, which are recommended for improvement. Privacy compliance is strong with a comprehensive cookie policy and GDPR consent mechanisms. Overall, the site presents a credible and trustworthy business with room for security enhancements.

C

ConvesioPay Dashboard

convesiopay.com

63

ConvesioPay is a relatively new payment service platform, established in 2023, providing a user dashboard for payment management. The website serves primarily as a login portal, indicating a business model focused on payment processing or financial services. The domain is registered with Cloudflare, Inc. and protected against unauthorized transfer, reflecting a legitimate and consistent registration profile. Technically, the site uses modern JavaScript modules, Google Fonts, and Google Tag Manager for analytics, but suffers from slow load times and lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled and SPF records configured, but lacks important security headers, HSTS, and DMARC records. Privacy compliance is minimal with no visible privacy or cookie policies, and no GDPR indicators. Overall, the site is functional but requires significant improvements in security, privacy, and performance to enhance trust and compliance.

P

Partnership for European Environmental Research

peer.eu

36

The website peer.eu represents the Partnership for European Environmental Research (PEER), a collaborative network focused on environmental research and sustainable development. The site targets researchers and policymakers, providing information on research projects, publications, and strategic research areas. The business model centers on knowledge sharing and policy support within the environmental research sector. Technically, the site is built on TYPO3 CMS with a professional design and structured content, but suffers from moderate performance and lacks a valid SSL certificate, which is a critical security flaw. The security posture is weak due to the absence of HTTPS, security headers, and modern TLS protocols. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is limited to a contact form, with no direct emails or phone numbers provided. Overall, the site is credible but requires urgent security improvements to protect user data and enhance trust.

F

Forskning.no

forskning.no

55

Forskning.no is a leading Norwegian online news portal specializing in research and science news, serving a broad audience including the general public, youth, and academic communities. The site offers diverse content across multiple scientific disciplines and operates several sister sites targeting specific audiences. Technically, the site is built on the Labrador CMS and uses modern web technologies and third-party services for analytics and advertising. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is transparent and accessible, enhancing business credibility. Overall, while the content and user experience are excellent, the lack of HTTPS is a major risk that should be addressed promptly.

R

Rotunda Software

ministryschedulerpro.com

49

Ministry Scheduler Pro is a specialized software solution designed to simplify church volunteer scheduling, targeting churches and ministries. The company, Rotunda Software, positions itself as a trusted provider with over 3,800 churches using its services. The platform offers automated scheduling, communication tools, and a mobile app to enhance volunteer engagement. Technically, the website employs modern JavaScript libraries, analytics, and animation technologies, hosted on AWS infrastructure. However, the absence of HTTPS and security headers significantly undermines the security posture, exposing users to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the business credibility is strong, supported by testimonials and a clear market focus, but urgent security improvements are necessary to protect users and maintain trust.

Expedia Group operates a leading B2B travel technology platform offering comprehensive solutions to partners across various travel-related industries. Their website reflects a mature enterprise with a strong market position, extensive partner ecosystem, and a focus on delivering technology-driven growth and traveler experience enhancements. Technically, the site is built on Adobe Experience Manager with integrations for marketing and analytics, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy policies are present and GDPR compliant, but contact information is not prominently displayed. Security posture is weak due to missing SSL and security headers, exposing the site to potential risks. Overall, the site is professional and content-rich but requires urgent security improvements.

N

Norwegian Geotechnical Institute (NGI)

ngi.no

40

The Norwegian Geotechnical Institute (NGI) operates a professional and content-rich website focused on geotechnical research, consulting, and education primarily serving Norwegian and international engineering and environmental sectors. The site offers detailed information on their research areas, projects, and career opportunities, targeting professionals, researchers, and students in geotechnical and environmental fields. Technically, the website uses modern JavaScript frameworks, Azure Application Insights, Matomo analytics, and is hosted behind Cloudflare, with Episerver CMS indications. However, a critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, severely impacting secure communications and trust. Privacy and cookie policies are implemented with consent mechanisms, but no explicit terms of service or security policy pages were found. Contact information includes a verified company email but lacks explicit phone numbers or physical addresses in the HTML content. Social media presence is active across major platforms. Overall, the website is professionally designed and functional but requires urgent security improvements to meet modern standards.

N

Norges geologiske undersøkelse (NGU)

ngu.no

61

Norges geologiske undersøkelse (NGU) is a Norwegian government agency specializing in geological surveying and dissemination of geological knowledge. The website serves as a portal for geologic maps, scientific publications, and news relevant to geology in Norway, targeting researchers, government bodies, and the public. The organization holds a strong national position as the authoritative source for geological data and services. Technically, the website is built on Drupal 10 with Matomo analytics integration, demonstrating a modern but self-hosted infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. While privacy and cookie policies are present, there is no explicit cookie consent mechanism, and no visible terms of service or security policies are published. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in security and performance to meet modern standards.

K

Kartverket

kartverket.no

58

Kartverket is the Norwegian government agency responsible for geographic information, managing the national property register, and registering property ownership and shares in housing cooperatives. The website serves a broad audience including Norwegian citizens, public agencies, and businesses requiring geographic and property data. It holds a strong market position as the authoritative source for mapping and property registration in Norway. Technically, the site uses modern JavaScript frameworks and Google Tag Manager for analytics but suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw. The security posture is weak due to missing HTTPS, TLS protocols, and security headers, exposing users to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

R

Rotunda Software LLC

rotundasoftware.com

53

Rotunda Software LLC is a small, self-funded technology company specializing in innovative volunteer management software solutions. Their products, including Volunteer Scheduler Pro and Ministry Scheduler Pro, serve non-profit organizations and volunteer-based groups, positioning them as a niche player in the volunteer management software market. The company emphasizes a fully remote, collaborative culture and showcases client testimonials and partnerships with reputable organizations such as The Salvation Army. Technically, the website employs modern JavaScript libraries, Google Analytics, and Google Tag Manager, hosted likely on AWS infrastructure. However, the site lacks a valid SSL certificate, resulting in insecure HTTP connections, which is a significant security concern. Privacy policies and terms of service are present on related domains but not directly on the main site, and no cookie consent mechanism is implemented. Overall, the security posture is basic with room for improvement in SSL/TLS configuration and security headers. The domain is mature and well-registered, supporting the legitimacy of the business. Strategic recommendations include implementing HTTPS, enhancing security headers, and improving privacy compliance to strengthen trust and security.

3

3dids.com Agencia de Marketing

3dids.com

56

3dids.com Agencia de Marketing is a well-established digital marketing and ecommerce agency based in Spain, specializing in Shopify platform services and ecommerce internationalization. As part of the Publicis Group, it leverages extensive industry experience and a broad partner ecosystem to deliver comprehensive digital strategies, CRM activation, SEO, and AI-driven productivity enhancements. The website reflects a mature digital presence with rich content, client testimonials, and strong branding. Technically, the site is built on Shopify with Cloudflare hosting and uses modern JavaScript libraries and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses a critical risk. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by strong trust signals and transparent domain registration.

T

Tempe Inditex

tempe.es

40

Tempe Inditex is a large retail company specializing in the design, marketing, and distribution of footwear and accessories for the Inditex Group's seven brands. The company emphasizes sustainable fashion aligned with Inditex’s global sustainability strategy and employs over 2,000 professionals. The website is professionally designed, multilingual, and provides comprehensive information about the business model, sustainability efforts, talent acquisition, and communication. Technically, the site uses modern JavaScript frameworks such as React and Next.js and is hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly weakens its security posture. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

The website studenteats.com is a domain marketplace landing page hosted by Atom, offering the premium domain StudentEats.com for sale. The business focuses on domain sales, branding contests, and related services targeting startups and businesses in the food and student demographic sectors. The platform provides multiple purchase options including escrow services and highlights strong buyer interest to build trust. Technically, the site uses modern JavaScript frameworks and New Relic for monitoring but suffers from a critical lack of HTTPS and valid SSL certificates, which severely impacts security posture. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is functional and professionally designed but requires urgent security improvements to protect users and enhance trust.

A

Aviva plc

aviva.com

40

Aviva plc is a leading diversified insurer headquartered in the United Kingdom, offering a broad range of insurance, wealth management, and retirement services primarily across the UK, Ireland, and Canada. The company targets investors, shareholders, career seekers, and socially conscious individuals, positioning itself as a trusted financial services provider with a strong market presence and extensive subsidiary network. The website reflects a professional and comprehensive corporate portal with rich investor relations content, leadership profiles, and sustainability initiatives. Technically, the website leverages modern JavaScript frameworks, Adobe Experience Manager CMS, and Akamai CDN for content delivery. It integrates advanced analytics and marketing tools such as Adobe Helix RUM and OneTrust for privacy compliance. The site is mobile-optimized, accessible, and SEO-friendly, providing a high-quality user experience. From a security perspective, while several best practices are implemented including CSP, X-Content-Type-Options, and HSTS headers, the SSL certificate is invalid and no TLS protocols are enabled, representing a critical vulnerability that undermines secure communications. No WAF or blocking mechanisms are detected, and privacy policies are comprehensive and GDPR compliant. The domain registration data aligns well with the business claims, indicating high legitimacy. Overall, the website is professional and credible but requires urgent remediation of SSL and TLS issues to ensure secure user interactions and maintain trust.

H

Holy Apostles Catholic Parish

hanb.org

40

Holy Apostles Catholic Parish and School is a well-established non-profit religious and educational organization serving the New Berlin, Wisconsin community since 1855. The website provides comprehensive information about mass times, sacraments, faith formation, community events, and school activities, targeting local parishioners and families. The digital infrastructure is built on the Wix platform, utilizing modern web technologies such as React and various Wix apps for enhanced user experience. However, the site currently lacks a valid SSL certificate, which poses a significant security risk. Additionally, no explicit privacy or cookie policies are present, indicating potential compliance gaps. The domain registration is consistent with the organization's identity and history, enhancing trustworthiness. Strategic improvements in security and privacy compliance are recommended to strengthen the site's overall posture.