Security Directory

freenet AG is a leading independent telecommunications provider in Germany, specializing in mobile voice and data services. The company maintains a strong market position with a large subscriber base and transparent investor relations. The website provides comprehensive corporate and investor information, career opportunities, and press releases, targeting investors, customers, and job seekers primarily in the German market. Technically, the website is hosted behind Cloudflare and uses modern web technologies including Vimeo for video content and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. While security headers and content security policies are implemented, the lack of encryption exposes users to risks. Privacy compliance is partially addressed with a privacy policy but lacks cookie consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Tourist Board

wien.info

64

The website wien.info serves as the official online travel guide for the City of Vienna, operated by the Vienna Tourist Board. It provides comprehensive information on attractions, events, accommodations, and visitor services, targeting tourists and visitors globally with multilingual support. The site positions itself as the authoritative source for Vienna tourism, offering key services such as event search, city card sales, and a dedicated travel guide app. Technically, the site employs modern JavaScript libraries, integrates with multiple marketing and analytics platforms, and uses a custom or proprietary CMS hosted on xaas.systems DNS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Despite this, it implements several security headers and a strict content security policy. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Business contact information is clearly presented, enhancing credibility.

U

Unikontor

unikontor.de

40

Unikontor is the official online shop of Universität Hamburg, providing a diverse range of high-quality, sustainable merchandising products such as hoodies, T-shirts, bags, and conference materials. The website targets students, staff, tourists, and supporters of the university, positioning itself as a trusted provider of university-branded merchandise with a strong emphasis on sustainability and fair production practices. Technically, the site is built on the Shopware CMS platform, running on modern PHP and Apache servers, with good performance and mobile optimization. Security measures include HTTPS with strong TLS protocols, essential security headers, and OCSP stapling, though improvements like DNSSEC and CAA records could enhance security further. Privacy compliance is addressed with a visible cookie consent mechanism and a privacy policy, although some areas could be more comprehensive. Overall, the site demonstrates a good balance of business credibility, technical implementation, and security posture, making it a reliable and professional e-commerce platform for university merchandise.

Universität Hamburg is a large, well-established public university in Germany, recognized as the largest research and education institution in Northern Germany with a strong excellence status. The website serves as a comprehensive portal for students, researchers, staff, and the public, offering extensive information on academic programs, research projects, career services, and international cooperation. Technically, the site uses modern JavaScript libraries and analytics tools but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. However, the absence of HTTPS and security headers significantly weakens the security posture, exposing the site to potential risks. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, and enhancing security headers to protect user data and improve trust.

S

Spark Photonics

sparkphotonics.com

52

Spark Photonics is a US-based photonic integrated circuit design and software distribution company serving defense, commercial, government, and academic sectors. The company offers end-to-end PIC design services, distributes Luceda IPKISS design software in North America, and provides educational PIC kits. The website is built on the Wix platform, leveraging modern JavaScript frameworks and various Wix apps to deliver content and services. However, the site lacks a valid SSL certificate, which is a critical security vulnerability that undermines user trust and data protection. Additionally, no privacy or cookie policies are present, indicating poor privacy compliance. The site provides clear contact information including a phone number, physical address, and a contact form, but lacks explicit security policies or incident response information.

V

Vienna Tourist Board

vienna.info

58

The website vienna.info is the official online travel guide for the City of Vienna, operated by the Vienna Tourist Board. It provides comprehensive information and services for tourists including attractions, events, accommodations, city cards, and accessibility resources. The site targets visitors planning trips to Vienna and serves as an authoritative source for travel-related content. Technically, the site uses modern JavaScript libraries, structured data (JSON-LD), and integrates privacy-conscious analytics (Matomo) alongside cookie consent via OneTrust. However, a critical security gap is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. Security headers are present and well-configured, but without HTTPS, the site is vulnerable to interception and man-in-the-middle attacks. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is professional, content-rich, and user-friendly but urgently requires HTTPS implementation to meet modern security standards.

V

Visa

cardinalcommerce.com

73

Visa Protect is a comprehensive enterprise-wide risk and fraud prevention solution offered by Visa Inc., a global leader in payment technology and security. The website presents detailed information about Visa Protect's capabilities in preventing fraud across multiple payment endpoints using AI and real-time decisioning. The site targets financial institutions, acquirers, issuers, merchants, and large businesses, emphasizing Visa's scale and expertise in securing billions of transactions daily. Technically, the site is built on modern web technologies including Adobe Experience Manager CMS, uses Cloudflare for hosting and security, and employs DigiCert SSL certificates ensuring strong encryption. The site is well-structured with multimedia content and good SEO practices but lacks explicit privacy and cookie policies, which impacts privacy compliance scores. Security headers are robust, and no vulnerabilities were detected in the provided data. Overall, the site demonstrates a strong security posture and professional business credibility but should improve privacy compliance and contact transparency.

T

TÜV NORD GROUP

tuv-nord.com

62

TÜV NORD GROUP operates as a global service provider specializing in testing, certification, inspection, and training services across multiple sectors such as energy, transportation, real estate, and industry. The company maintains a strong market position as a large enterprise with a broad international presence and multiple subsidiaries. Their website reflects a professional and well-structured digital presence targeting both business and private customers. Technically, the site is built on TYPO3 CMS and integrates various marketing and analytics tools, including Pardot, HubSpot, and Google Analytics, with a good level of GDPR compliance and consent management. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses a critical risk to secure communications. The site implements strong security headers and content security policies but requires urgent remediation of SSL/TLS issues to ensure data protection and user trust. Overall, the website is functional and professional but needs immediate security improvements to align with best practices and compliance standards.

T

TÜV NORD GROUP

tuev-nord-group.com

53

The TÜV NORD GROUP is a well-established enterprise headquartered in Germany, specializing in safety, certification, inspection, and consulting services across multiple sectors including energy and transportation. With over 150 years of experience and a global presence in more than 100 countries, the company positions itself as a trusted provider of quality and safety solutions. The website reflects a professional and comprehensive digital presence, targeting businesses and organizations seeking expert services in safety and compliance. Technically, the site is built on TYPO3 CMS and utilizes modern JavaScript libraries and consent management tools, although performance is hindered by slow load times and an invalid SSL certificate. Security posture is weakened by the lack of a valid SSL certificate and absence of security headers, which poses risks to user trust and data protection. Privacy compliance is strong, with clear GDPR-aligned policies and cookie consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to enhance user confidence and compliance.

V

vitrado

vitrado.de

40

vitrado.de operates as an inhouse affiliate marketing network primarily serving the freenet Group's portfolio of digital lifestyle and telecommunications products. The platform targets affiliate marketers and partners seeking to promote these products through various partner programs and marketing tools. The website presents a professional and consistent brand image aligned with its parent company, freenet Group, and offers a range of partner programs including waipu.tv, klarmobil, and freenet Mobile among others. Technically, the site leverages JavaScript, CSS, and SVG technologies with Cloudflare DNS and hosting, but suffers from slow load times and lacks modern security configurations such as a valid SSL certificate and HTTPS support. Security posture is weak due to missing HTTPS, absent security headers, and disabled DNSSEC, exposing the site to potential risks. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and content-rich but requires urgent security and privacy improvements to enhance trust and compliance.

F

Freie und Hansestadt Hamburg

karriere.hamburg

56

The website karriere.hamburg serves as the official career portal for the Freie und Hansestadt Hamburg, offering a wide range of job opportunities, training programs, and career entry options in the public sector. It targets job seekers, students, and professionals interested in working for the city government. The site is well-branded and professionally presented with clear navigation and relevant content in German. Technically, the site uses modern HTML5 and responsive design techniques but lacks a valid SSL certificate, which is a critical security flaw. Security headers are partially implemented but some settings reduce protection. Privacy compliance is limited, with no cookie consent mechanism despite the presence of tracking scripts. Overall, the site is functional and credible but requires urgent security improvements to protect user data and trust.

A

Arvato Systems

arvato-systems.de

40

Arvato Systems is a leading German IT service provider specializing in digital transformation across multiple industries including energy, manufacturing, healthcare, retail, government, and finance. The company offers a broad portfolio of services such as consulting, cloud and data center services, application development, security, and managed services. It holds multiple industry awards and certifications, including ISO 27001 and Top Employer Germany 2024, reflecting its strong market position and commitment to quality and security. Technically, the website is built on CoreMedia CMS and integrates various analytics and marketing technologies, but suffers from a critical lack of valid SSL/TLS certificates, impacting its security posture. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. Overall, the company demonstrates a mature digital presence with strong business credibility but needs urgent improvements in SSL/TLS security to protect user data and maintain trust.

L

LA Forward

laforward.org

50

LA Forward is a small non-profit organization focused on progressive advocacy and community organizing in Los Angeles County. It operates as a 501(c)(4) entity and collaborates closely with its 501(c)(3) partner, LA Forward Institute, to provide education, training, and research. The organization builds grassroots power, promotes progressive leadership, and provides voter education resources. Technically, the website is built on Squarespace and uses standard web technologies and third-party services like EveryAction for forms. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a significant security concern. Privacy and cookie policies are not present, indicating compliance gaps. The site is accessible and well-structured with good content quality and branding consistency. Security posture is weak due to missing HTTPS and security headers configuration. Overall, the site is functional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

Luceda Photonics is a specialized technology company focused on photonic integrated circuit (PIC) design software and services. Their flagship product, the Luceda IPKISS platform, aims to automate and integrate photonic design flows, enabling designers to achieve first-time-right tape-outs. The company maintains a global presence with offices and partners across Belgium, Asia, and North America, serving a niche market of photonic IC designers and engineers. The website reflects a professional and consistent brand image with detailed product, training, and support information. Technically, the website is built on the Odoo CMS platform with modern frontend technologies but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. Privacy compliance is basic with presence of privacy and cookie policies and consent mechanisms, but no visible terms of service or incident response policies. Overall, the website is functional and informative but requires urgent security improvements to protect user data and enhance trust.

N

Neste

nesteoil.com

66

Neste is a leading global company specializing in renewable energy solutions, particularly sustainable aviation fuel and renewable diesel. The company positions itself as a pioneer in mitigating climate change and advancing the circular economy by refining waste and residues into high-quality renewable fuels and raw materials. Their market position is strong as a world leader in sustainable aviation fuel production, targeting businesses and consumers focused on sustainability. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built on modern web technologies including React and Next.js, hosted likely on Google Cloud infrastructure. SEO and accessibility practices are well implemented, and the site is mobile optimized. However, performance data is limited but inferred to be moderate. The site uses cookie consent mechanisms and integrates marketing tools such as OneTrust and Visual Website Optimizer. From a security perspective, the site employs strong security headers and HSTS policies, but critically suffers from an invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly undermines its security posture. No explicit security policies or incident response information are published, and no vulnerability disclosure program is evident. Privacy compliance is strong with comprehensive policies and GDPR adherence. Overall, while the business and content aspects are robust and professional, the security weaknesses related to SSL/TLS must be urgently addressed to ensure trust and secure user interactions. Strategic improvements in certificate management and enabling modern TLS protocols are recommended to elevate the security posture and overall website score.

S

Streets For All

streetsforall.org

59

Streets For All is a small non-profit organization focused on transportation advocacy primarily in Los Angeles, with a sister chapter in San Francisco. The organization campaigns for safer streets, improved bus and bike lanes, and pedestrian-friendly urban environments. Their website serves as a hub for community engagement, volunteer recruitment, membership, and donations. Technically, the site is built on Squarespace, leveraging modern web fonts, JavaScript libraries, and third-party services such as Mailchimp for email marketing and Facebook Pixel for tracking. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Security headers are partially implemented but insufficient to compensate for the missing SSL. Privacy and cookie policies are absent, and no formal security or incident response policies are published. Overall, the site provides good content and user experience but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

The website sparkassen-mediacenter.de serves as a centralized media management platform primarily targeting the Sparkassen-Finanzgruppe, a major financial group in Germany. It offers a suite of services including video content management, podcasts, interactive videos, and playlist creation, aimed at enhancing digital content distribution within the group's online platforms. The platform is positioned as an internal tool to streamline media content handling and ensure secure access to both public and internal video assets. Technically, the site is built on a traditional Apache server with standard HTML, CSS, and JavaScript assets. However, it lacks modern security infrastructure, notably missing a valid SSL/TLS certificate and HTTPS support, which significantly undermines its security posture. The site includes multiple JavaScript libraries and CSS bundles but does not leverage modern frameworks or CMS platforms. Security headers are partially implemented, but critical HTTPS and TLS configurations are absent. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact information is limited to a phone number and support ticket instructions, with no email addresses or social media presence. Overall, the site demonstrates moderate business credibility and good content relevance but suffers from critical security shortcomings that must be addressed to protect user data and maintain trust.

L

Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

lrz.de

40

The Leibniz-Rechenzentrum (LRZ) is a large, well-established IT service provider dedicated to supporting scientific research and education primarily in Bavaria, Germany. It offers a broad portfolio of advanced IT services including supercomputing, AI and Big Data infrastructure, networking via the Munich Science Network (MWN), IT security, cloud storage, and consulting. The LRZ is positioned as a key regional player with strong partnerships and a focus on cutting-edge technologies. Technically, the website is built on TYPO3 CMS and demonstrates good content quality, navigation, and accessibility, though performance is moderate. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is adequate with a clear privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent improvements in security to protect user data and enhance trust.

A

AkzoNobel Paints

polycell.co.uk

58

Polycell.co.uk is a UK-focused retail website offering a range of wood fillers, Polyfilla, and adhesives under the AkzoNobel Paints brand. The site targets DIY consumers seeking home improvement products and advice. The business operates as a large entity with a strong corporate parent, AkzoNobel, and provides product information, tutorials, and store locator services. Technically, the site is built on Adobe Experience Manager and uses modern JavaScript libraries and marketing tools such as Google Tag Manager and OneTrust for cookie consent. However, the site suffers from a lack of a valid SSL certificate, resulting in insecure HTTP delivery, which significantly impacts its security posture. Performance is slow with a large page size and long load times. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via a contact form, with no direct emails or phone numbers found on the homepage. Overall, the site is professional and consistent in branding but requires urgent security improvements to protect user data and enhance trust.

A

Akzo Nobel N.V.

duluxtradepaintexpert.co.uk

52

Dulux Trade Paint Expert, operated under the parent company Akzo Nobel N.V., is a professional painting and decorating resource targeting trade professionals in the UK. The website offers a comprehensive range of products, colour matching tools, training courses, and professional advice, positioning itself as a leading brand in the retail and manufacturing sector for paints and coatings. The site is well-branded and consistent with corporate identity, providing a good user experience and clear navigation tailored for its professional audience. Technically, the site is built on Adobe Experience Manager and leverages modern marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support and lack of security headers, which significantly impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

I

International

international-yachtpaint.com

60

International Yachtpaint is a specialized brand under the AkzoNobel corporate umbrella, focusing on providing yacht painting products and professional advice primarily for the Finnish market and other international regions. The website offers comprehensive product information, expert painting guidance, and support resources targeting both amateur and professional yacht painters. The brand leverages Adobe Experience Manager CMS and React for its digital platform, integrating modern marketing and consent management tools such as Google Tag Manager and OneTrust. However, the site lacks HTTPS encryption, which is a critical security shortfall. The absence of security headers and slow page performance further impact the overall security posture and user experience. Despite these issues, the site maintains good content quality, clear navigation, and strong brand consistency with AkzoNobel, supported by active social media channels.

A

Akzo Nobel N.V.

international-marine.com

61

International Marine, a division of Akzo Nobel N.V., operates a comprehensive website focused on marine coatings and performance solutions for vessels worldwide. The company positions itself as a global leader in marine coatings, offering specialized products and digital compliance solutions tailored to various vessel types and shipyard operations. The website reflects a B2B business model targeting marine industry professionals and ship operators, supported by strong corporate branding and a consistent user experience. Technically, the site is built on Adobe Experience Manager with React components and integrates modern marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent management. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of TLS protocol support, which severely impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates good content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and maintain trust.

D

Deka Investments

deka-investments.de

40

Deka Investments is a prominent German asset management company offering professional investment and retirement solutions primarily targeting private customers. The website reflects a strong market position with comprehensive services including funds, certificates, savings plans, and wealth management, supported by multiple industry awards and a close affiliation with the Sparkassen-Finanzgruppe. The digital infrastructure leverages modern JavaScript frameworks such as Vue.js and integrates analytics and marketing tools like Google Tag Manager and eGain Chat, providing a good user experience with clear navigation and mobile optimization. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for a financial services website. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms in place. Contact information is clearly presented with multiple channels including phone, contact forms, and chat. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain user trust.

F

Frequency

frequency.xyz

69

Frequency.xyz is a technology-focused website branded as "Frequency" with the tagline "Welcome to the People's Internet." The site appears to be a simple single-page application built with modern JavaScript frameworks, specifically SvelteKit, and hosted on GitHub Pages. It targets a technology-savvy audience interested in internet and privacy-related topics, though explicit business model details and market positioning are not provided. The site uses Matomo analytics and Klaro for cookie consent management, indicating a moderate level of privacy awareness. From a technical perspective, the website employs a modern tech stack with JavaScript and SvelteKit, and it is hosted on a reliable platform (GitHub Pages). Performance is fast with minimal resources loaded, but mobile optimization and accessibility are basic. SEO metadata is present but limited to Open Graph tags without structured data. The SSL certificate is valid but lacks advanced security features such as HSTS. Security posture is adequate with HTTPS enabled and no detected vulnerable cipher suites or subdomain takeover risks. However, the absence of security headers like HSTS and Content-Security-Policy reduces the overall security robustness. No privacy policy, terms of service, or contact information is provided, which impacts compliance and trust. Cookie consent is implemented properly via Klaro, requiring user consent before tracking. Overall, the website is functional and moderately secure but lacks comprehensive privacy and business transparency documentation. Strategic improvements in security headers, privacy disclosures, and contact information would enhance trust and compliance.

L

L-Bank

l-bank.info

40

L-Bank is the state development bank of Baden-Württemberg, Germany, providing financial support and services to businesses, municipalities, and individuals within the region. The bank focuses on economic development, housing promotion, family support, education, and social initiatives. It holds a strong market position as a regional government-backed financial institution with a history dating back to 1924. The website reflects a mature digital presence with modern technologies such as Vue.js and Hippo CMS, delivering excellent user experience and accessibility. Security posture is robust with HTTPS, comprehensive security headers, and cookie consent mechanisms, although some improvements like OCSP stapling and HSTS preload could enhance security further. Privacy compliance is well addressed with clear policies and consent management. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility.

S

Sparkasse Saarbrücken

sparkasse-saarbruecken.de

40

Sparkasse Saarbrücken operates as a regional financial institution providing a broad range of banking and financial services to private and business customers. The website offers comprehensive online banking, credit products, investment options, insurance, and real estate services, positioning itself as a trusted and award-winning bank in Germany. The digital presence is well-structured, targeting both private and corporate clients with clear navigation and service offerings. Technically, the site uses modern web technologies and likely a robust CMS platform, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS, SPF, and DMARC policies in place, though improvements such as DNSSEC and HSTS could enhance protection. Privacy compliance is well addressed with explicit cookie consent and detailed privacy policies. Overall, the website reflects a mature digital infrastructure supporting a large financial institution with a high level of professionalism and trust.

A

Agritech Lavrale S.A. - Divisão Lavrale

lavrale.com.br

40

Agritech Lavrale S.A. - Divisão Lavrale is a Brazilian manufacturing company specializing in agricultural machinery and components, with a legacy of approximately 50 years. The company offers a broad range of products including agricultural implements, cabines, military trailers, and spare parts, targeting agricultural workers and farmers. Their market position is established with a consistent brand presence and active social media engagement. Technically, the website is built on a custom or unknown CMS, served by an Apache server, and uses common web technologies such as JavaScript, Google Fonts, and Google Maps API. However, the site lacks HTTPS, which severely impacts its security posture. Security headers are minimal and some are disabled, indicating a need for significant improvements in security practices. Privacy and cookie policies are absent, which raises compliance concerns. Overall, the website provides good content quality and user experience but suffers from critical security and privacy shortcomings.

I

IXOPAY GmbH

tokenex.com

70

IXOPAY GmbH operates a sophisticated enterprise payment orchestration and tokenization platform designed to streamline global payments for merchants and enterprises. The company positions itself as a scalable and flexible solution provider, offering a wide range of payment modules and services that enhance authorization rates, PCI compliance, and payment data management. Their market focus includes fintech, e-commerce, and financial services sectors, targeting businesses that require advanced payment orchestration capabilities. The website content is professionally designed, well-structured, and optimized for user experience and SEO, reflecting a mature digital presence. Technically, the website leverages modern JavaScript frameworks and integrates third-party tools such as Sentry for error tracking, Google Tag Manager for analytics, and ChiliPiper for lead routing. Hosting is provided via Cloudflare, ensuring robust CDN and security features. Performance is fast, and the site is mobile-optimized with good accessibility standards. Structured data in JSON-LD format enhances search engine understanding and business credibility. From a security perspective, the site enforces HTTPS with strong security headers and OCSP stapling, though HSTS is not fully enabled according to SSL info. No critical vulnerabilities were detected in SSL/TLS configuration. However, the absence of a visible cookie consent mechanism and a formal incident response or vulnerability disclosure policy indicates areas for compliance and security posture improvement. No direct contact emails or phone numbers are publicly listed, with contact primarily via forms and legal pages. Overall, IXOPAY demonstrates a strong business and technical foundation with a high level of professionalism and trustworthiness. Strategic enhancements in privacy compliance and security transparency would further strengthen their market position and customer confidence.

B

BMG Rights Management GmbH

bmg.com

50

BMG Rights Management GmbH operates as a global music publishing and record company, providing a broad range of services to music creators including publishing, recordings, and sync licensing. Positioned as a longtime home for artists and songwriters, BMG leverages a global network combined with innovative technology to empower its clients. The company is a division of the global media conglomerate Bertelsmann, indicating a strong market presence and enterprise scale. The website reflects a professional and consistent brand image targeting music industry professionals and creators. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and a consent management platform to comply with privacy regulations. However, the hosting infrastructure appears to be Google Cloud Storage with DNS managed by Arvato Systems. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

R

RTL Group

rtlgroup.com

54

RTL Group is a major European entertainment company with a broad portfolio of TV channels, streaming services, radio stations, and content production subsidiaries. The company is publicly traded and majority owned by Bertelsmann, with a strong market position in multiple European countries. The website presents comprehensive business information, investor relations, career opportunities, and corporate responsibility content, reflecting a mature and professional digital presence. Technically, the site uses nginx and a custom CMS, with Google Tag Manager for analytics. However, a critical security weakness is the lack of a valid SSL certificate and absence of HTTPS, which severely impacts the security posture. Privacy and cookie policies are not explicitly found, though a consent mechanism is present. Overall, the site is well-designed and content-rich but requires urgent security improvements.

N

Neste

neste.com

54

Neste is a leading global producer of sustainable aviation fuel and renewable diesel, focusing on mitigating climate change and advancing the circular economy. The company holds a strong market position in the energy and transportation sectors, offering renewable solutions that enable customers to reduce greenhouse gas emissions. The website reflects a mature digital presence with rich multimedia content, multiple language support, and comprehensive corporate disclosures. Technically, the site is built on modern frameworks such as Next.js and React, hosted on Microsoft Azure, and incorporates advanced marketing and consent management tools. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL configuration to ensure secure user interactions.

A

Aalto-yliopisto

aalto.fi

40

Aalto-yliopisto is a leading multidisciplinary university in Finland specializing in technology, business, and arts. The website reflects a mature digital presence with comprehensive content targeting students, researchers, staff, and partners. It offers extensive information on education programs, research initiatives, events, and community engagement. The site is multilingual and well-branded, emphasizing sustainability and innovation. Technically, the site is built on Drupal 10 CMS, leveraging modern JavaScript libraries, CDN caching via Fastly, and integrates analytics and consent management tools such as Google Tag Manager and Cookiebot. The site is mobile-optimized, accessible, and SEO-friendly, with fast loading times and clear navigation. Security posture is strong with HTTPS enforced, valid SSL certificates, and multiple security headers. However, DNSSEC and CAA records are not implemented, which could enhance DNS security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is available but lacks explicit security incident response contacts. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing DNS security, publishing vulnerability disclosure information, and improving incident response transparency.

D

Destruction For Nada

destructionfornada.com

55

Destruction For Nada is a focused advocacy campaign operating primarily in Los Angeles County, aiming to halt freeway widening projects that contribute to increased traffic, pollution, and displacement of communities. The campaign promotes investment in public and active transportation alternatives to address climate change and housing crises. The website is built on Squarespace, leveraging standard web technologies and integrates Mailchimp for email list management. While the site presents clear messaging and partner affiliations, it lacks critical security infrastructure such as a valid SSL certificate, which undermines user trust and data security. Privacy and cookie policies are absent, indicating gaps in compliance with data protection regulations. Overall, the site serves as an informational and engagement platform for a small non-profit advocacy group but requires significant improvements in security and privacy to enhance credibility and user safety.

P

PBS SoCal

kcet.org

53

PBS SoCal is a prominent public media organization serving the Greater Los Angeles and Southern California region. As a non-profit entity and a member of the Public Media Group of Southern California, it provides a wide range of PBS programming, local content, and educational resources. The website reflects a strong brand presence with consistent messaging and a focus on community engagement through various media formats including video, news, and educational tools. Technically, the website employs modern web technologies such as Polymer for custom elements, integrates multiple analytics and advertising platforms including Google Tag Manager, Facebook SDK, and Fathom Analytics, and is hosted on Amazon AWS infrastructure. However, the site suffers from a critical security issue due to an invalid or missing SSL certificate, which undermines the security posture and user trust. Performance is moderate with a relatively high page size and load time, but mobile optimization and accessibility are well addressed. From a security perspective, the absence of a valid SSL certificate and lack of security headers are significant vulnerabilities that need immediate remediation. Privacy compliance is well handled with clear privacy and cookie policies, including GDPR compliance indicators and consent mechanisms. Business credibility is strong with clear contact information, social media presence, and trust signals such as PBS Passport membership. Overall, while the site excels in content quality and business credibility, the security shortcomings notably reduce its overall risk posture. Strategic improvements in SSL implementation and security headers are recommended to enhance user trust and compliance.

A

Akzo Nobel N.V.

international-pc.com

52

International-pc.com is the official website for AkzoNobel's International Protective Coatings brand, specializing in protective and fire protection coatings for industrial sectors such as energy, offshore oil and gas, wind power, mining, and infrastructure. The site presents a professional and content-rich experience with detailed case studies, product applications, and technical support information, targeting industrial B2B clients globally. Technically, the site is built on Adobe Experience Manager CMS and uses modern JavaScript frameworks including React and jQuery, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, significantly impacting its security posture. While security headers are partially implemented, the absence of HTTPS is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is reinforced by strong branding, social media presence, and detailed content. Overall, the site scores moderately due to excellent content and business credibility but suffers from critical security configuration issues.

A

AkzoNobel Powder Coatings

interpon.com

54

AkzoNobel Powder Coatings, represented by the Interpon brand, is a global leader in manufacturing powder coatings tailored for diverse industries such as architectural, automotive, industrial, and agricultural equipment. The company emphasizes innovation, sustainability, and a broad color palette to meet varied customer needs. The website reflects a professional and consistent brand image with comprehensive content and clear navigation, targeting B2B customers in manufacturing sectors. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries and integrates privacy management tools like OneTrust and Google Tag Manager for analytics and consent management. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap, exposing users to potential risks. The site lacks explicit security policies and incident response information, which could be improved to enhance trust and compliance. Overall, the website is content-rich and professionally presented but requires urgent security enhancements to meet modern standards.

G

GoDaddy, LLC

unternehmertum-vc.de

40

The domain unternehmertum-vc.de is currently a parked domain managed by GoDaddy, with no active business content or services hosted. The site primarily serves as a placeholder offering the domain for sale. The technical infrastructure is basic, relying on standard JavaScript and CSS with embedded third-party widgets for cookie consent (TrustArc) and customer reviews (Trustpilot). The site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No security headers or advanced domain security configurations such as DMARC, DNSSEC, or CAA records are present. Privacy compliance is minimal but includes a cookie consent mechanism via TrustArc. Overall, the website quality is poor with slow load times and minimal content, reflecting its parked status rather than an operational business site.

B

BCS Eventos

bcseventos.com.br

45

BCS Eventos is a Brazilian company specializing in intelligent solutions for events such as fairs, congresses, and shows. Established in 1997, it has served over 1,000 events and offers a comprehensive event management platform called SIGEVENT, alongside technical support and equipment rental services. The company targets event organizers and managers, positioning itself as an experienced and reliable provider in the event technology sector. Technically, the website is hosted on KingHost with an Apache server and uses modern JavaScript libraries and Google Fonts, but lacks HTTPS security and advanced security headers. The site is professionally designed with good content quality and navigation, though performance data is limited. Security posture is weak due to missing SSL certificate and security headers, posing risks to user data and trust. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is functional and professional but requires significant security improvements to enhance trust and compliance.

I

InterNations

internations.org

66

InterNations is a leading global community platform for expatriates, offering networking, events, and destination guides across 420 cities worldwide. The website targets expatriates and global minds seeking connection and information about living abroad. Technically, the site employs modern JavaScript frameworks, Webpack bundling, and integrates monitoring and analytics tools such as New Relic, Google Analytics, and Cookiebot for consent management. Hosting is via Cloudflare CDN, ensuring performance and availability. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header configurations and secure cookie practices. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

H

Hochschule Ruhr West

hs-ruhrwest.de

40

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

Z

ZENIT GmbH (Konsortialführerin), NRW.BANK (Konsortialpartnerin), NRW.Global Business GmbH, IHK NRW e.V.

nrweuropa.de

35

NRW.Europa is a regional representation of the Enterprise Europe Network in North Rhine-Westphalia, Germany, providing comprehensive support for internationalization, innovation, and funding to SMEs and research institutions. The website is built on TYPO3 CMS and features professional design, clear navigation, and multilingual support. However, the site lacks a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While privacy compliance is well addressed through a cookie consent mechanism and a comprehensive privacy policy, the absence of HTTPS and other security headers poses risks. The site maintains active content with news and event calendars, reinforcing its credibility and engagement with its audience. Strategic improvements in SSL deployment and security configurations are critical to enhance trust and compliance.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

40

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

V

Versicherer im Raum der Kirchen

vrk.de

40

Versicherer im Raum der Kirchen (VRK) is a medium-sized German insurance provider specializing in sustainable and ethical insurance products tailored for individuals and church-related groups. The company offers a broad range of insurance services including auto, travel, home, liability, legal protection, health, and retirement products, with a strong emphasis on sustainability and customer-centric service. Their market position is niche but well-established within the church and non-profit sectors in Germany, supported by multiple sustainability and employer awards. Technically, the website is built on Adobe Experience Manager (AEM) and uses modern web technologies such as StencilJS components and responsive images. However, the site suffers from slow load times and lacks a valid SSL certificate, serving content over HTTP which significantly impacts security posture. Accessibility and SEO optimizations are well implemented, and the site is mobile-friendly with clear navigation. Security-wise, the absence of HTTPS and security headers is a critical weakness, exposing users to potential risks. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism in place. Overall, VRK's website demonstrates excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving performance to align with best practices.

A

A1 Telekom Austria Group

a1blog.net

64

A1 Telekom Austria Group operates the website a1blog.net as a content platform focused on internet, smartphones, digital life, and related telecommunications services primarily targeting Austrian consumers. The site serves as a marketing and informational blog, showcasing product news, tips, and corporate social responsibility initiatives. Technically, the site is built on the Liferay CMS platform, leveraging modern JavaScript frameworks including React and Alloy UI, and integrates Google Tag Manager and OneTrust for analytics and cookie consent management. Despite rich content and professional design, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies in German, aligned with GDPR requirements. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

I

ION Analytics

inframationnews.com

49

ION Analytics operates a business-focused analytics platform specializing in energy infrastructure data. The website serves primarily as a sign-in portal for business users, indicating a subscription or access-controlled model. The platform is part of the larger ION Group, a known entity in the energy sector. Technically, the website employs modern JavaScript libraries and tracking tools such as Google reCAPTCHA, Hotjar, and Piwik PRO for analytics and user behavior monitoring. However, the site suffers from a critical lack of a valid SSL certificate, exposing users to potential security risks and undermining trust. The absence of privacy and cookie consent mechanisms further weakens its compliance posture. Overall, the website's content is minimal and functional but lacks comprehensive business and security disclosures.

B

Bundesverband betriebliche Weiterbildung - Wuppertaler Kreis e.V.

wkr-ev.de

40

The Wuppertaler Kreis e.V. is a German non-profit association representing 52 leading institutes in the business education and continuing professional development sector. Founded in 1955, it serves as a national umbrella organization advocating for workplace learning, qualification, and workforce development. The website reflects a well-structured and content-rich platform targeting business leaders and education providers, offering news, events, and member information. Technically, the site is built on TYPO3 CMS and hosted on a German provider, but suffers from critical security shortcomings due to the absence of HTTPS and a valid SSL certificate. This significantly undermines the security posture despite good content and business credibility. No cookie consent mechanism or advanced privacy compliance features are present, though a privacy policy and terms of service are available. Overall, the site is professional but requires urgent security upgrades to protect user data and improve trust.

D

DIHK Service GmbH

dihk-service-gmbh.de

40

DIHK Service GmbH is a project company affiliated with the German Chambers of Industry and Commerce (DIHK), serving as a key partner for IHKs, AHKs, and member companies. The organization focuses on developing and implementing projects that strengthen businesses and provide societal benefits, including workforce development, education, environmental protection, and sustainable business locations. The website reflects a medium-sized government/non-profit entity with a clear business model centered on state-funded projects and partnerships. Technically, the site uses standard web technologies and etracker analytics but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. However, the absence of HTTPS and security headers significantly weakens the security posture. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

P

PIER PLUS

pier-plus.de

40

PIER PLUS is a collaborative platform fostering cooperation among universities and research institutes in the Hamburg metropolitan region. It supports six research profiles and provides news, events, and a members area to facilitate networking and joint research efforts. The website is professionally designed with clear navigation and targets academic and research stakeholders in Hamburg. Technically, the site uses JavaScript libraries such as jQuery and sliders like Swiper and Slick, hosted by the University of Hamburg's computing center. However, the site suffers from a critical security deficiency: it lacks a valid SSL/TLS certificate, resulting in unencrypted HTTP access and no HTTPS enforcement. Additionally, no security headers or cookie consent mechanisms are present, which weakens its security and privacy posture. Analytics are implemented via Piwik (Matomo) and Etracker, indicating moderate user tracking. Overall, while the content and business presentation are excellent, the technical and security implementations require urgent improvements to protect user data and enhance trust.

I

Insany Design

insanydesign.com

54

Insany Design is a Brazilian design, technology, and innovation studio established in 2016, specializing in enhancing digital presence for brands through web development, e-commerce, and digital product solutions. The company positions itself as a creative and technical partner for businesses seeking to transform their digital experiences. The website reflects a professional and consistent brand image with extensive case studies and client logos, targeting businesses looking for innovative digital solutions. Technically, the site is built on modern frameworks such as Next.js and hosted on Vercel, utilizing React and other contemporary technologies. However, the site suffers from a critical security issue due to an invalid SSL certificate and lack of modern TLS protocol support, which undermines user trust and security. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Overall, the site is content-rich and professionally designed but requires urgent security and privacy improvements to meet industry standards.