Security Directory

P

PandaDoc Inc.

pandadoc.com

61

PandaDoc Inc. is a mature, enterprise-level technology company founded in 2013, specializing in document workflow automation, e-signature solutions, and CPQ software. The company holds a strong market position with over 50,000 clients and offers a comprehensive suite of services including document generation, deal rooms, smart content, automations, and analytics. Their platform integrates with major CRM and payment systems, enhancing business efficiency and customer experience. Technically, PandaDoc employs a modern tech stack with JavaScript, HubSpot forms, Google Tag Manager, and various marketing and analytics tools. The website is hosted on AWS and uses WordPress CMS with WPML for multilingual support. Despite rich content and good mobile optimization, the website suffers from critical security issues due to an invalid SSL certificate and lack of TLS protocols, which significantly impacts its security posture. Security-wise, PandaDoc demonstrates strong compliance with SOC 2, HIPAA, GDPR, E-SIGN, and UETA standards, reflecting a robust security framework. However, the absence of a valid SSL certificate and modern TLS support exposes the site to potential risks. The domain is well-protected and mature, indicating a legitimate and trustworthy business. Overall, while PandaDoc excels in business credibility, content quality, and privacy compliance, it must urgently address its SSL/TLS configuration to improve security and maintain trust. Strategic improvements in SSL deployment and security best practices are recommended to enhance the company's digital security posture.

Y

Yep

yep.com

55

Yep.com operates as a privacy-focused search engine that uniquely shares advertising revenue with content creators. The business positions itself as a fair and privacy-respecting alternative in the search engine market, targeting users who value privacy and wish to support content creators financially. The website content and branding consistently reflect this mission, with a clear focus on privacy and revenue sharing. The domain is mature, registered since 1999, and hosted via Cloudflare, indicating a stable technical foundation. However, the site suffers from a lack of a valid SSL certificate, which critically undermines user trust and security. The absence of HTTPS and security headers exposes users to potential risks and reduces the overall security posture. Privacy compliance is basic, with privacy and terms policies present but lacking advanced GDPR compliance features or cookie consent mechanisms. Contact information is not explicitly provided, which may affect user trust and support accessibility. Performance is slow, with a high page load time, which could impact user experience negatively. Strategic improvements in security, privacy compliance, and performance are recommended to enhance trust and usability.

F

Frype.com

frype.com

51

Frype.com is a social networking platform focused on connecting users and facilitating friendships. The website offers login functionality and basic social network features. It appears to be associated with the Draugiem group, a known social network entity, as indicated by footer links. The platform targets general social network users and operates with a small-scale business model. Technically, the site uses custom JavaScript libraries and is hosted behind Cloudflare, but lacks modern SSL/TLS security configurations, which is a critical concern. The absence of privacy and cookie policies, as well as contact information, further impacts trust and compliance. Security posture is weak due to invalid SSL certificates and missing security headers. Overall, the site is accessible but requires significant improvements in security and privacy compliance to meet modern standards.

T

twoday Oy

signom.com

65

Signom is a Finnish electronic signature service operated by twoday Oy, providing users with a platform to sign documents digitally using bank credentials. The service targets Finnish-speaking individuals and businesses seeking a quick and easy way to sign documents electronically. The website offers basic content with language options and clear navigation for login and registration. Technically, the site uses standard web technologies including jQuery and Google Fonts, hosted on Google Cloud infrastructure. Performance is moderate with some room for optimization. Security posture is adequate with HTTPS enabled and valid SPF and DMARC DNS records; however, improvements are needed in security headers, HSTS, and certificate transparency compliance. Privacy and cookie policies are present but lack advanced consent mechanisms. Overall, the site is functional and trustworthy but would benefit from enhanced security and privacy features to improve compliance and user trust.

K

Kesko Oyj

k-business.fi

40

K-Business.fi is a Finnish corporate credit card service website operated under Kesko Oyj and issued by Oma Säästöpankki Oyj. The site promotes the K-Business Credit card, which combines Visa credit capabilities with Plussa loyalty benefits and partner discounts. The target audience is Finnish businesses seeking flexible payment solutions with integrated loyalty rewards. The website is built on modern web technologies including Next.js and Contentful CMS, providing a professional and content-rich user experience. However, the site lacks a valid SSL certificate and does not support TLS protocols, which severely impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, but direct contact information such as emails or phone numbers is not explicitly provided, relying instead on contact forms and external links. Overall, the site demonstrates strong business credibility and branding but requires urgent security improvements to protect user data and ensure trust.

K

kespro.fi

kespro.fi

40

Kespro.fi appears to be a retail-oriented website associated with the Kesko group, a large Finnish retail company. The site uses modern web technologies such as Angular and monitoring tools like Dynatrace, indicating a moderate level of digital maturity. However, the website content is minimal and largely script-driven, with no visible textual content or metadata such as privacy policies or contact information. The security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, despite the presence of strong security headers like Content Security Policy and HSTS. This creates a significant risk for user data confidentiality and trust. Overall, the site requires urgent improvements in SSL configuration and privacy compliance to meet modern security and regulatory standards.

N

Neste

neste.fi

40

Neste is a leading Finnish energy company specializing in renewable fuels, heating oils, and transportation services. The website targets private consumers and businesses in Finland, offering a broad range of services including fuel retail, electric vehicle charging, car washes, and customer loyalty programs. The company maintains a strong market position with a comprehensive service station network and a focus on sustainability. Technically, the website is built on modern frameworks such as React and Next.js, hosted on Microsoft Azure, and employs advanced cookie consent and optimization tools. However, the SSL certificate is currently invalid or missing, which impacts the security posture. Security headers are well implemented, but improvements in SSL and TLS configurations are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the website is professional, user-friendly, and trustworthy, but addressing SSL issues is critical to enhance security and user trust.

K

Kespro

kespro.com

47

Kespro is a large Finnish foodservice wholesaler owned by Kesko Oyj, serving a broad range of customers including restaurants, hotels, cafes, public institutions, and retail chains. The company positions itself as the largest foodservice wholesaler in Finland, offering extensive product selections and digital services to enhance customer experience. The website reflects a professional and well-branded digital presence with comprehensive content and clear navigation, targeting hospitality and retail sectors in Finland. Technically, the site uses modern JavaScript frameworks such as React and integrates marketing and consent management tools like Google Tag Manager and OneTrust. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and HTTPS is not enabled, exposing users to potential risks. Security headers are absent, and performance is slow with a high page load time. Privacy compliance is strong with clear policies and consent mechanisms. Contact information is complete and prominently displayed, including phone, email, and physical address. Social media presence is active across major platforms. Overall, the site is professional and content-rich but requires urgent security improvements to protect users and enhance trust.

B

Budget Sport

budgetsport.fi

40

Budget Sport is a Finnish-based large retail e-commerce platform specializing in affordable sportswear and equipment. It operates under the parent company Intersport Finland Oy and targets Finnish consumers with a broad product range including running, cycling, football, and golf gear. The website is well-structured with clear navigation, multiple product categories, and a consistent brand presence. Technical infrastructure includes modern web technologies such as lazy loading and templating, hosted via Cloudflare with integration of Google Tag Manager and Google Maps API. However, the site currently suffers from a critical security issue: the SSL certificate is invalid or missing, and TLS protocols are disabled, severely impacting the security posture. Despite this, privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site scores well on content quality and business credibility but requires urgent remediation of SSL/TLS configuration to improve security and trust.

WAcademy Global operates as a technology company specializing in web hosting services, including WordPress and WooCommerce hosting solutions. The website serves primarily as a client login portal and product showcase, targeting customers seeking hosting and related technology services. The business model is service-oriented, leveraging the WHMCS platform for client management and billing. The market position appears to be that of a niche or small-scale hosting provider with a moderate level of branding consistency and basic content quality. Technically, the website employs a WHMCS-based CMS with JavaScript, Google reCAPTCHA for bot protection, and FontAwesome for icons. The SSL certificate is valid but uses an unknown algorithm and a relatively short key length, which may warrant review. Performance is suboptimal with a slow load time and a large page size, and accessibility and SEO optimizations are basic. The site lacks advanced security headers and cookie consent mechanisms, indicating room for improvement in security and privacy compliance. From a security perspective, HTTPS is enforced with a valid certificate, and the login form is protected by invisible Google reCAPTCHA. However, the absence of security headers, DNSSEC, and CAA records, along with no visible vulnerability disclosure or incident response policies, suggests a moderate security posture. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy and terms of service linked externally but no cookie consent or GDPR-specific indicators. Overall, the website presents a functional but basic digital presence with moderate security and privacy practices. Strategic improvements in security headers, SSL configuration, privacy compliance, and performance optimization would enhance trust and user experience. The lack of direct contact emails or phone numbers limits immediate customer support visibility, which could be addressed to improve business credibility.

The website k-ruoka.fi is currently inaccessible due to a Cloudflare Turnstile human verification challenge page that blocks access to the actual content. As a result, no meaningful business, privacy, or security information can be extracted from the site. The technical infrastructure indicates hosting on Amazon AWS with Cloudflare DNS and security services. However, the SSL configuration is invalid or missing, and no modern TLS protocols are enabled, which is a critical security concern. The site performance is poor with a high load time, and no SEO or accessibility features are detectable. Overall, the security posture is weak due to lack of HTTPS and security headers, and the privacy compliance cannot be assessed due to blocked content. The AI overall score is low at 25 due to these critical issues and content inaccessibility.

P

PricewaterhouseCoopers LLP

taxpackagesupport.com

51

TaxPackageSupport.com is a professional service portal operated by PricewaterhouseCoopers LLP (PwC) providing tax information and support specifically for investors in publicly traded partnerships. The platform offers user registration, secure login, and access to K-1 tax documents, with an optional premium service for enhanced features such as bulk downloads and tracking. The site is clearly branded with PwC identity and targets a niche financial audience requiring specialized tax document access. Technically, the site uses ASP.NET MVC framework, JavaScript libraries including jQuery and FontAwesome, and integrates Microsoft Application Insights for telemetry and Google reCAPTCHA for bot protection. However, the site suffers from a lack of a valid SSL certificate and modern TLS protocols, resulting in a weak security posture. Privacy and terms of service policies are comprehensive and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

Taikala Oy

myclub.fi

40

Taikala Oy operates the myClub platform, a leading Finnish SaaS solution designed to streamline sports club management by providing integrated tools for membership management, billing, event organization, communication, and attendance tracking. The company holds a strong market position as the most popular and fastest-growing membership service in Finland, targeting sports clubs and their members. The platform emphasizes ease of use, data protection, and comprehensive service offerings tailored to the sports community. Technically, the website is built using modern frameworks such as Gatsby and React, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear policies and consent mechanisms. However, the absence of key security headers and an invalid SSL certificate reduce the overall security posture. Strategic improvements in SSL management and security hardening are recommended to enhance trust and compliance.

I

Intersport Finland

intersport.fi

40

Intersport Finland operates as a leading sports retail brand offering a wide range of sportswear, equipment, and leisure products through both online and physical stores. The company leverages a membership club model to enhance customer loyalty and provides extensive product categories targeting consumers interested in sports and outdoor activities. The website demonstrates a strong market position in Finland with a comprehensive product catalog and active social media presence. Technically, the site uses modern JavaScript libraries and is hosted behind Cloudflare, but lacks a valid SSL certificate, which is a significant security concern. Privacy and cookie policies are well-presented and indicate GDPR compliance. Overall, the site is professional and user-friendly but requires urgent improvements in its security posture to protect user data and build trust.

T

Tieteen termipankki

tieteentermipankki.fi

40

Tieteen termipankki is an open, collaborative terminology database serving all scientific disciplines in Finland, coordinated by the University of Helsinki and integrated into the national Fin-Clariah research infrastructure. The website provides a multilingual platform for researchers, students, and the public to access and contribute to scientific terminology. Technically, the site is built on MediaWiki with Semantic MediaWiki extensions and uses Matomo for analytics. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security vulnerability. Privacy compliance is limited, with no cookie consent mechanism despite user tracking. Contact information is minimal, limited to a single email address. Overall, the site offers valuable academic content but requires urgent security and privacy improvements.

A

Applied Systems, Inc.

useindio.com

58

Indio, a platform operated by Applied Systems, Inc., offers a SaaS solution focused on digitizing and simplifying the insurance application and renewal process for agencies and brokers. The website presents a professional and user-friendly experience targeting insurance professionals seeking to modernize workflows. Technically, the site integrates multiple marketing and analytics tools, including Google Analytics, Facebook Pixel, LinkedIn Insight, Marketo, and OneTrust for cookie consent, hosted behind Cloudflare. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS enforcement, which is a critical issue for trust and compliance. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms. Overall, the site is well-branded and content-rich but requires urgent security improvements to meet modern standards.

G

Google

piaselect.com

60

The website analyzed is the localized German version of Google's main search homepage, representing a global technology leader in internet services and advertising. The site provides a clean, professional user interface with comprehensive privacy and cookie policies that comply with GDPR standards. The business model is primarily advertising-driven, targeting a broad audience of internet users worldwide. The technical infrastructure leverages Google's proprietary technologies and frameworks, delivering a fast and mobile-optimized experience. However, a critical security issue is present due to the lack of a valid SSL certificate and disabled TLS protocols, severely impacting the security posture. While security headers are well implemented, the absence of proper HTTPS undermines user trust and data protection. Overall, the site is highly professional and trustworthy but requires urgent remediation of SSL/TLS to ensure secure communications.

Solaria Labs is an enterprise incubator operated by Liberty Mutual Insurance, focused on innovation and disruption within the insurance industry. The website presents the lab's mission to partner across Liberty Mutual to explore emerging trends, rapidly prototype new products, and scale successful innovations. The target audience includes internal teams, innovation professionals, and insurance industry stakeholders. The business model leverages Liberty Mutual's resources combined with a startup mindset to drive product and service innovation. The site is professionally designed with consistent branding and clear messaging, reflecting a mature enterprise presence. Technically, the website uses a standard modern stack including nginx, Bootstrap, jQuery, and various JavaScript libraries. Hosting appears to be via Akamai CDN and Liberty Mutual infrastructure. The site is mobile optimized and SEO friendly with proper meta tags and Open Graph data. However, performance metrics are unavailable, and accessibility is basic. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical issue. No advanced security headers or mechanisms like HSTS or OCSP stapling are implemented. The DNS configuration lacks DNSSEC and CAA records. While no vulnerabilities or WAF blocking were detected, the absence of HTTPS significantly lowers the security posture. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust. Privacy policies are comprehensive and GDPR compliant, but cookie consent mechanisms are missing. Contact information is limited to an email address and a physical address in Boston. No incident response or security policy disclosures are present.

T

TopCV

topcv.com

65

TopCV is a leading global professional CV writing service operating under the parent company Talent Inc. The company offers a comprehensive suite of career services including CV writing, cover letter creation, LinkedIn profile optimization, and interview preparation. Their market position is strong, supported by extensive customer testimonials and high Trustpilot ratings. Technically, the website is built on a modern Next.js and React stack, hosted on AWS CloudFront, ensuring good performance and mobile optimization. However, the security posture is weakened by an invalid SSL certificate, despite the presence of HSTS headers and other security best practices. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with room for improvement in SSL management and advanced security headers.

P

Progressive Casualty Insurance Company

progressivecommercial.com

53

Progressive Commercial is a leading provider of commercial insurance products in the United States, specializing in commercial auto, business insurance, workers' compensation, general liability, cyber insurance, and professional liability. The website serves as a comprehensive portal for small to medium business owners to obtain quotes, access resources, and manage claims. The company holds a strong market position as the #1 commercial auto insurer and truck insurer based on industry data. Technically, the site uses modern JavaScript libraries, tracking tools, and is built on an ASP.NET MVC framework, providing a good user experience with mobile optimization and accessibility features. However, the security posture is weakened by the lack of a valid SSL certificate and HTTPS enforcement, which is critical for protecting user data and trust. Privacy compliance is partial, with privacy and terms pages present but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

T

TopResume

topresume.com

53

TopResume is a leading professional resume writing service operating primarily in the United States with a broad international partner network. The company offers a range of career services including resume writing, cover letter creation, LinkedIn profile optimization, interview coaching, and job placement services. Their market position is strong, supported by extensive customer testimonials, media features, and a large volume of satisfied clients. Technically, the website is built on a modern React/Next.js framework with Material-UI, hosted on AWS CloudFront, and uses Contentful as a CMS. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The site implements good SEO practices and has comprehensive privacy and cookie policies, indicating a mature approach to privacy compliance. Overall, the business demonstrates professionalism and credibility but must urgently address its SSL/TLS configuration to ensure user trust and security.

I

IoT Smart Space Research Team (IoT-s2o)

s2labs.org

39

The website represents an academic research group led by Marc-Oliver Pahl, focusing on autonomous control and management in heterogeneous networks, specifically IoT Smart Space Orchestration. The group is affiliated with the Technical University of Munich and Institut Mines Telecom, targeting researchers, students, and industry partners interested in IoT technologies and smart spaces. The site serves as an informational and educational platform, offering research insights, teaching activities, project showcases, and open positions for students. Technically, the website is hosted on an Apache server running on Ubuntu, using a custom minimalistic CMS (miniCMS). The site lacks modern security implementations such as HTTPS, HSTS, and DNSSEC, and does not employ advanced web frameworks or performance optimizations. The content is primarily static HTML with embedded multimedia and social media widgets. Performance data is unavailable, and mobile optimization is basic. From a security perspective, the absence of HTTPS and valid SSL certificates is a critical vulnerability, exposing users to potential data interception risks. No security policies, incident response contacts, or vulnerability disclosure mechanisms are published. The site does not implement cookie consent or privacy compliance features beyond a basic privacy policy page. Analytics usage is minimal and disabled, reducing privacy concerns but also limiting insights. Overall, the website functions adequately as an academic informational resource but requires urgent security upgrades and privacy compliance improvements to protect users and enhance trustworthiness. Strategic recommendations include implementing HTTPS, adding security headers, publishing comprehensive privacy and security policies, and improving technical infrastructure for better performance and accessibility.

A

aven.com

aven.com

30

The website aven.com is currently inaccessible for meaningful content analysis due to Cloudflare Web Application Firewall (WAF) protection mechanisms that block or limit content delivery. The landing page contains minimal HTML with no visible business information, policies, or contact details. The technical infrastructure relies on AWS CloudFront CDN and Cloudflare, but the SSL/TLS configuration is critically deficient with no valid certificate and no supported TLS protocols, resulting in insecure connections. Security headers are partially implemented but some are misconfigured or disabled, such as the X-XSS-Protection header. No privacy, cookie, or terms of service policies are present, and no forms or user input fields are detected. The site integrates some marketing and advertising tools but lacks analytics scripts or detailed tracking disclosures. Overall, the site’s security posture is poor, and the lack of HTTPS is a critical vulnerability. Due to WAF blocking, the content quality and business credibility cannot be assessed, resulting in a low overall AI score.

T

Technische Universität Wien

tuwien.at

40

Technische Universität Wien (TU Wien) is a leading technical university in Austria, providing comprehensive education, research, and cooperation services primarily in the technology and engineering sectors. The website reflects a mature digital presence with a professional design, clear navigation, and strong accessibility and privacy compliance measures. However, the security posture is weakened by the absence of a valid SSL/TLS certificate and lack of modern TLS protocol support, which poses significant risks to user data confidentiality and trust. The university employs TYPO3 CMS and integrates multiple analytics and marketing tools, demonstrating a high level of digital maturity but with room for security improvements. Overall, the website is content-rich and trustworthy but requires urgent remediation of its SSL configuration to meet modern security standards.

Jönköping University is a large, well-established educational institution in Sweden with a strong international profile, offering higher education programs, research activities, and collaboration opportunities. The website reflects a professional and consistent brand with good content quality and user experience, targeting students, researchers, and academic partners. Technically, the site uses SiteVision CMS with React frameworks and integrates modern analytics and marketing tools such as Google Analytics, Google Tag Manager, Facebook Pixel, and Adform. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in a basic SSL configuration and lack of HTTPS enforcement. This significantly impacts the security posture and overall trustworthiness of the site. Privacy compliance is strong, with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Contact information and social media presence further enhance business credibility.

I

Intermines

inter-mines.org

40

Intermines is a French alumni network platform serving graduates from Mines Paris, Mines Saint-Etienne, and Mines Nancy engineering schools. It provides career services, networking opportunities, publications, and group activities to its members. The website is primarily in French and targets alumni and recruiters associated with these institutions. The platform is built on the AlumnForce CMS and uses various JavaScript libraries and APIs including Backbone.js, YUI, Google Maps, and Google Charts. While the site offers rich content and a consistent brand experience, it suffers from technical issues such as an invalid SSL certificate and slow page load times, which impact its security posture and user experience. Privacy and cookie policies are present with consent mechanisms, but no explicit security or incident response policies are found. Social media presence is strong, enhancing community engagement.

B

Blue Cross and Blue Shield of Illinois

bcbsil.com

61

Blue Cross and Blue Shield of Illinois (BCBSIL) is a major health insurance provider serving the entire state of Illinois with a broad range of health plans including individual, family, Medicare, Medicaid, and employer plans. The company is a large, customer-owned insurer with a significant market presence, serving over 8.9 million members. The website reflects a mature digital presence with comprehensive content, clear navigation, and integration of multiple health insurance products and member resources. Technically, the site is built on Adobe Experience Manager and leverages various Adobe marketing and analytics tools, but suffers from a critical security issue due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Privacy compliance is basic with a privacy policy present but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

杉山労務管理事務所 is a small, regionally focused social insurance labor consultant office based in Saitama Prefecture, Japan. The company provides labor management services including labor risk assessment, employment regulation creation and revision, and support for administrative investigations. Their target audience is primarily small to medium businesses in the Kanto region. The website content is primarily in Japanese and offers free labor risk diagnostic tools via external links. Technically, the website is basic with no CMS detected, minimal JavaScript and CSS usage, and no advanced frameworks. Performance data is missing but inferred slow. Critically, the site lacks HTTPS support and a valid SSL certificate, exposing users to security risks. No privacy or cookie policies are present, and no security best practices such as security headers or incident response information are published. Contact information is clearly provided including phone, email, physical address, and a contact form embedded via iframe. Overall, the site is functional but lacks modern security and privacy compliance measures, which significantly impacts trust and security posture.

B

Barkhausen Institut

barkhauseninstitut.org

55

The Barkhausen Institut is an independent research institute based in Dresden, Germany, specializing in trustworthy networked electronic systems and the Internet of Things (IoT). It collaborates closely with the Technical University of Dresden and focuses on research and development of secure, transparent, and sustainable digital technologies. The website targets researchers, academics, and industry professionals interested in IoT and trustworthy digital systems. The business model centers on research, innovation, and public outreach in the technology sector. The institute holds an international reputation with a medium-sized organizational footprint.

U

Université de Lyon

universite-lyon.fr

40

Université de Lyon is a public academic consortium coordinating 10 member universities and 25 associates in the Lyon-Saint-Étienne academic site. The website serves students, researchers, academic staff, and international scientists by providing information on education, research programs, innovation, entrepreneurship, and campus life. The site is well-branded, professionally designed, and offers clear navigation with a focus on academic and research content. Technically, the site uses JavaScript, jQuery, and AT Internet analytics, hosted likely on academic infrastructure with a valid SSL certificate. Security posture is adequate with no major vulnerabilities detected, though improvements such as enabling HSTS and DNSSEC are recommended. Privacy compliance is basic with a cookie consent mechanism but no explicit privacy policy found in the analyzed content. Overall, the website is a credible and trustworthy source for academic information in the region.

Eudonet is a technology company specializing in CRM software solutions, targeting subscribers and clients primarily in France with additional presence in Canada and the UK. The website analyzed is a secure login portal for Eudonet CRM subscribers, offering multi-language support and user authentication features. The business model centers on SaaS CRM services with a focus on client account management. Technically, the site runs on Microsoft IIS with ASP.NET and uses XHTML transitional markup. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but the absence of TLS protocols and certificate transparency compliance significantly weakens the security posture. Privacy and cookie policies are not present, and no contact or business information is provided on this login page, limiting transparency and compliance indicators. Overall, the site demonstrates moderate business credibility and good content quality but suffers from poor security and privacy compliance.

A

Arianespace

arianespace.com

50

Arianespace is a leading global satellite launch company providing a versatile family of launch vehicles including Ariane 6, Soyuz, and Vega C. The company serves commercial and institutional customers worldwide, offering launch services to various orbits and ground services expertise. The website reflects a mature digital presence with comprehensive content, strong SEO, and active social media engagement. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which poses a critical risk to secure communications. Privacy compliance is supported by clear policies but lacks an explicit cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

W

WebBuilds B.V.

documentator.io

40

Documentator is a technology SaaS company providing a documentation platform designed to simplify the creation and management of product and developer documentation. Positioned as an affordable alternative to established documentation tools, it targets developers and product teams seeking an easy-to-use, flexible solution with features like custom domains, translation support, and analytics. The business operates under WebBuilds B.V., founded in 2020, and offers tiered subscription plans with a free trial to attract users. Technically, the website employs modern JavaScript frameworks (likely Vue.js), Cloudflare DNS services, and Matomo analytics configured for privacy. However, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Performance is moderate to slow, with good mobile optimization and basic accessibility features. Security-wise, the absence of HTTPS, missing security headers, and lack of DNS security records (DMARC, CAA) present vulnerabilities that could expose users to risks. Privacy compliance is reasonably addressed with a comprehensive privacy policy and GDPR references, but no cookie consent mechanism is implemented. Business credibility is supported by clear policies, testimonials, and transparent pricing. Overall, Documentator is a functional and professional SaaS platform with solid business fundamentals but requires urgent improvements in security infrastructure to protect user data and enhance trust.

I

Institut Mines-Télécom Business School (IMT Business School)

imt-bs.eu

34

Institut Mines-Télécom Business School (IMT-BS) is a French public business school specializing in commerce, management, and digital transformation education. It holds a strong market position with multiple prestigious accreditations such as AACSB, AMBA, and CGE, and is part of the Institut Mines-Télécom group. The school offers a range of programs including Bachelor, Grande Ecole, Masters of Science, Executive Education, and doctoral partnerships, targeting students, enterprises, and international audiences. Technically, the website is built on WordPress with Elementor and several modern plugins, but suffers from slow performance and lacks a valid SSL certificate, which impacts security and user trust. Security posture is moderate with some best practices like SPF and DKIM for email, but critical issues exist due to missing HTTPS and TLS protocols. Privacy compliance is good with clear policies and consent mechanisms, and accessibility is excellently addressed with a dedicated plugin and detailed accessibility statement. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and modern TLS protocols.

A

ArianeGroup

ariane.group

49

ArianeGroup is a leading European aerospace company specializing in civil and military space transportation, including the development and manufacturing of launchers such as Ariane 6 and Maia. The company positions itself as a global industrial leader supporting Europe's independence and security in space. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation targeting aerospace industry stakeholders, government entities, and potential employees. Technically, the site is built on WordPress with SEO optimizations and uses modern web technologies, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security-wise, the absence of HTTPS and security headers is a critical vulnerability, although no WAF or blocking mechanisms are detected. Privacy compliance is supported by a comprehensive privacy policy, but no cookie consent mechanism is present. Overall, the site is professional and trustworthy but requires urgent improvements in security configurations to protect user data and enhance trust.

N

Naval Group

naval-group.com

55

Naval Group is a leading European naval defence company serving over 50 navies worldwide. The company specializes in the design, construction, integration, and support of submarines and surface ships, positioning itself as an international player in the naval defence sector. The website reflects a mature business with comprehensive content targeting customers, candidates, journalists, suppliers, and employees. Technically, the site is built on Drupal 10 with modern JavaScript libraries and includes a cookie consent mechanism and Matomo analytics for user tracking. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. No advanced security headers or session management features are implemented, exposing the site to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and consent management. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

I

ivy.mayhem GmbH

stella-projects.de

40

stella.projects is a small, specialized web agency based in Hamburg, Germany, with over 15 years of experience in web design and development. They focus on delivering custom digital products including websites, online platforms, consulting, and hosting services. The company positions itself as a reliable partner for startups, SMEs, and private clients, emphasizing clarity, focus, and quality in their offerings. Their market position is strengthened by an official partnership with Statamic CMS and a portfolio of diverse clients. Technically, the website uses modern frameworks such as Laravel and Statamic CMS, with frontend technologies including Alpine.js and a well-structured responsive design. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security flaw. Security headers are mostly present but the absence of HTTPS and HSTS significantly reduces the security posture. Privacy compliance is addressed with a privacy and cookie policy, though no explicit cookie consent mechanism is implemented. Contact information is clearly provided, including phone, email, physical address, and a contact form. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and improve trust.

RETHMANN SE & Co. KG is a well-established German family-owned holding company founded in 1934, operating primarily in the transportation and energy sectors through its subsidiaries REMONDIS, Rhenus, SARIA, and a significant stake in Transdev. The company provides comprehensive services in recycling, logistics, sustainable product manufacturing, and public mobility solutions, targeting industrial clients, municipalities, and private customers. The website is built on TYPO3 CMS, featuring good content quality, clear navigation, and professional design, though it lacks a valid SSL certificate, which is a critical security concern. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism is present. The company demonstrates strong business credibility with detailed contact information and legal disclosures.

C

Chief Tools

chief.tools

66

Chief Tools provides a comprehensive suite of web-based utilities aimed primarily at developers and IT professionals. The website offers tools such as JSON formatting, DNS lookups, IP address retrieval, encoding and hashing utilities, and certificate chain resolution. The business operates from the Netherlands and positions itself as a niche provider of free and partner-linked technical tools. The website is well structured with clear navigation and a consistent brand presence, targeting a technical audience seeking quick and reliable utility tools. The business model appears to be primarily free tools supplemented by partner services and related applications.

P

Package Trends: Compare Packagist, PyPI, Hex, npm & WordPress package downloads

pkgtrends.app

63

Package Trends is a niche web service focused on providing comparative analytics of package download statistics across multiple programming language package managers including Packagist, PyPI, Hex, npm, and WordPress. The service targets developers and software engineers who need quick insights into package popularity and trends across ecosystems. The website is small and appears to be community-driven or open source, with links to contributors on GitHub and data sourced from reputable package registries. Technically, the site uses modern JavaScript libraries and analytics tools, hosted behind Cloudflare, but suffers from slow load times despite a small page size. Security posture is basic with a valid SSL certificate but lacks important security headers and HSTS enforcement. Privacy and cookie policies are absent, indicating compliance gaps. No contact or business registration information is provided, limiting business credibility signals. Overall, the site is functional and professional but would benefit from enhanced security and privacy practices.

D

Daxia

waasabi.io

63

Daxia operates as an embedded finance platform enabling businesses across multiple industries to integrate fintech solutions such as payments, collections, and rewards into their digital ecosystems. Positioned as a fintech accelerator, it offers strategic advisory, API-based fintech services, crypto asset management, and tokenization solutions. The company is affiliated with Globant, a recognized technology consulting firm, enhancing its market credibility. Technically, the website employs modern web technologies including Google Tag Manager and Usercentrics for consent management, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. Security posture is weak due to absence of HTTPS, security headers, and advanced email protection policies. Privacy compliance is basic with presence of privacy and terms policies but no explicit GDPR compliance indicators. Overall, the website demonstrates moderate business credibility but requires urgent security improvements to protect user data and enhance trust.

A

Augoor

augoor.com

49

Augoor is a technology company specializing in AI-powered code understanding solutions designed to accelerate software development projects. Their platform transforms static codebases into dynamic knowledge graphs, enabling faster onboarding, improved documentation, and enhanced code navigation. Positioned as a B2B SaaS provider, Augoor targets software development teams and enterprises managing complex or legacy code. Technically, the website is built on Webflow CMS with advanced JavaScript libraries and 3D visualizations, hosted behind Cloudflare CDN and AWS DNS infrastructure. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. While privacy and cookie policies are well implemented with consent mechanisms, no direct contact emails or phone numbers are provided, relying instead on a contact form. Social media presence and clear branding contribute to business credibility. Security-wise, the absence of HTTPS and modern TLS protocols is a critical vulnerability, although other security headers and best practices are partially implemented. Overall, the site is professional and content-rich but requires urgent SSL improvements to enhance trust and security.

Ash Allen Design is a small freelance web design and Laravel development business based in Preston, UK. The company offers affordable, high-quality website design and development services tailored to small local businesses and developers. The website presents a professional image with comprehensive service descriptions, client testimonials, and a portfolio, positioning itself as a trusted local provider with a strong digital presence including authored books and free resources. Technically, the site uses modern web technologies such as Bootstrap, Livewire, and Font Awesome, hosted likely on DigitalOcean, with moderate performance and excellent mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy compliance is addressed with a cookie consent mechanism and a clear privacy policy. Overall, the site is professional and credible but requires urgent security improvements to protect user data and enhance trust.

P

Packet Clearing House

pch.net

55

Packet Clearing House (PCH) is a well-established intergovernmental organization focused on supporting critical Internet infrastructure such as Internet Exchange Points (IXPs) and the Domain Name System (DNS). The organization has a strong global presence and is recognized as a pioneer in DNS anycast and IXP support, serving a technical audience including ISPs, network operators, and governance bodies. The website content is professionally presented with clear navigation and detailed service descriptions, targeting technical and governance stakeholders in the Internet ecosystem. Technically, the website uses a modern frontend stack including Bootstrap and JavaScript libraries like jQuery and D3.js, but lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are partially implemented but undermined by the invalid SSL setup. Privacy policies are present but lack explicit consent mechanisms, and no terms of service or incident response policies are found. Overall, the website is functional and informative but requires urgent improvements in security and compliance to enhance trust and protect users.

The website maddystudio.com is a personal blog created using WordPress, featuring minimal content primarily focused on the individual named Maddy Smedal. The site lacks clear business focus, contact information, and legal or privacy documentation, indicating it is not a commercial or professional business site. Technically, the site is hosted on Freehosting.com and uses WordPress 6.8.1 with standard JavaScript and CSS assets. However, the site suffers from a lack of HTTPS support due to an invalid SSL certificate, resulting in poor security posture. Performance is slow with a load time exceeding 15 seconds, and no advanced SEO or accessibility features are evident. Security best practices are not implemented, and no privacy or cookie policies are present, which impacts compliance and trustworthiness. Overall, the site is a basic personal blog with significant room for improvement in security, privacy, and technical performance.

E

EELISA

eelisa.eu

40

EELISA is a European university alliance focused on engineering education, research, and innovation. It brings together multiple prestigious partner universities across Europe to provide joint educational programs, research networking, and community engagement. The website reflects a mature digital presence with comprehensive content, including detailed event listings and partner information. Technically, the site is built on WordPress with various plugins for events and page building, but suffers from slow performance and lacks a valid SSL certificate, which impacts security. The security posture is weak due to missing HTTPS, HSTS, DNSSEC, and other security headers. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires significant improvements in security configuration to enhance user trust and data protection.

7

7Span Internet Private Limited

7span.com

50

7Span Internet Private Limited is a technology consulting and software development company specializing in digital transformation, SaaS, UI/UX design, mobile app development, and branding services. With a strong client base of over 430 clients globally, the company positions itself as a reliable partner for businesses seeking innovative technology solutions. Their business model includes both client projects and in-house products, supported by a diverse technology stack and modern frameworks. The website reflects a professional and consistent brand image with comprehensive service offerings and strong trust indicators such as client logos and high ratings. Technically, the site uses a wide range of modern technologies including Vue.js, React, Laravel, AWS, and various CMS platforms, hosted behind Cloudflare. However, the website currently lacks a valid SSL certificate, which is a critical security concern. Privacy policies are present and GDPR compliance is indicated, but no cookie consent mechanism is detected. Overall, the site is content-rich and professionally designed but requires urgent security improvements to ensure safe user interactions.

E

ENSTA Bretagne

ensta-bretagne.fr

40

ENSTA Bretagne is a reputable French engineering school specializing in advanced technologies for defense, maritime, and high-tech industries. It offers a range of educational programs including engineering degrees, masters, specialized masters, and doctoral studies. The institution maintains strong partnerships with government defense bodies and leading industry players, reinforcing its market position as a Grande École with a focus on innovation and applied research. Technically, the website is built on Drupal 10 with modern JavaScript libraries and includes a cookie consent mechanism compliant with GDPR. However, the site suffers from critical security shortcomings, notably the absence of SSL/TLS encryption, which severely impacts its security posture. Performance is suboptimal with slow load times, though mobile optimization and content quality are good. Security-wise, the lack of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and institutional reputation. Strategic recommendations include immediate implementation of valid SSL certificates, enhancement of security headers, and performance optimization to improve user experience and security compliance.

The website ncino.com is currently inaccessible beyond a Vercel Security Checkpoint page that verifies the visitor's browser before granting access. This security mechanism effectively blocks access to the actual website content, preventing extraction of business, contact, or policy information. The visible page is minimal and primarily serves as a WAF challenge, indicating the site is protected by Vercel's security infrastructure. The DNS records confirm the domain is registered and uses AWS DNS services, with multiple TXT records for domain verification across various third-party services. However, no valid SSL/TLS certificate is detected, and HTTPS is not properly configured, which is a critical security concern. Performance metrics indicate slow load times despite minimal accessible content. Due to the blocking mechanism, the analysis of privacy, security policies, business information, and technical infrastructure is severely limited.

A

Anqa IT-Security GmbH

anqa.ch

37

Anqa IT-Security GmbH is a specialized provider of IT security awareness and training services, focusing on cyber-sensibilization for employees primarily targeting Swiss SMEs. Their offerings include phishing simulations, e-learning with certification, dark web scans, and review meetings to enhance organizational cybersecurity culture. The company maintains a partnership with Mobiliar Versicherung, providing exclusive discounts and free training options for insurance customers. Technically, the website is built on WordPress with multilingual support and uses modern JavaScript libraries for UI elements. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. DNS records show proper email security configurations such as SPF and DMARC with a reject policy, but no advanced security headers or TLS protocols are enabled. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is clearly provided, enhancing business credibility. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect users and data.