Security Directory

Tommy Hilfiger is a globally recognized fashion brand offering a wide range of apparel and accessories for men, women, and children through its official online shop. The website targets fashion-conscious consumers and provides a comprehensive e-commerce platform with seasonal collections, sales, and a membership program. The technical infrastructure leverages modern web technologies including Next.js, React, and Contentstack CMS, supported by a robust CDN via Akamai and integrated with multiple third-party services for analytics, marketing, and payment processing. Despite strong security header implementations, the absence of a valid SSL certificate and lack of HTTPS significantly undermines the security posture of the site. Privacy and cookie policies are well documented and indicate GDPR compliance. Overall, the website demonstrates a high level of professionalism and business credibility but requires urgent attention to its SSL configuration to ensure secure user interactions.

P

ProSiebenSat.1 PULS 4

atv.at

37

ATV.at is the official website of the Austrian TV channel ATV, operated under the parent company ProSiebenSat.1 PULS 4. The site offers streaming of live TV, video on demand, and detailed program guides, targeting German-speaking audiences interested in entertainment and reality TV. The business model is primarily advertising-driven, leveraging partnerships with streaming platforms like JOYN to deliver content. The website demonstrates a high level of digital maturity with modern web technologies such as React and Next.js, providing a responsive and user-friendly experience across devices. However, the site currently lacks a valid SSL certificate, which is a critical security gap. While privacy and legal policies are comprehensive and GDPR compliant, the absence of HTTPS and security headers reduces the overall security posture. The domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness. Strategic improvements in SSL implementation and security headers are recommended to enhance user trust and compliance.

Digital Realty Trust operates a global platform of data centers and colocation services under the PlatformDIGITAL® brand, serving a broad range of enterprise, cloud, and network customers. The company is a market leader with a large global footprint, extensive certifications, and a strong partner ecosystem including AWS, Google Cloud, IBM, Oracle, NVIDIA, HPE, and Microsoft Azure. The website content is rich, professionally designed, and well-structured, targeting enterprises needing secure, scalable, and interconnected IT infrastructure. Technically, the site uses modern frameworks like Next.js and React, with integrations for marketing and analytics tools such as Marketo and VWO. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS, which is a critical issue that impacts trust and security. Privacy and cookie policies are present with consent mechanisms, indicating good privacy compliance. Overall, the site demonstrates high business credibility but requires urgent improvements in SSL/TLS configuration to enhance security.

Takeda Pharmaceutical Company Limited is a leading global biopharmaceutical company headquartered in Japan, focused on research, development, and commercialization of innovative medicines across multiple therapeutic areas including oncology, rare diseases, neuroscience, and vaccines. The website serves a diverse audience including patients, healthcare professionals, investors, and job seekers, offering comprehensive corporate, scientific, and investor information. Technically, the site is built on modern frameworks such as Next.js and hosted on Vercel with Cloudflare CDN, ensuring good performance and mobile optimization. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the site's security posture. Privacy and cookie policies are well implemented with consent mechanisms, and the site demonstrates good compliance with GDPR. Overall, the site is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

W

wikifolio Financial Technologies AG

wikifolio.com

37

wikifolio Financial Technologies AG operates a sophisticated online investment platform focused on European stocks and social trading. The platform enables investors worldwide to access trading ideas, create virtual portfolios, and invest in wikifolio certificates listed on stock exchanges in Germany, Austria, and Switzerland. The company is well-positioned in the European finance sector with a medium-sized operation and a strong brand presence supported by partnerships and positive testimonials. Technically, the website leverages modern web technologies including React, Next.js, and Chakra UI, hosted on Azure infrastructure with CDN support for performance. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a professional user experience. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. Security headers are partially implemented but key features like HSTS and OCSP stapling are missing. Privacy compliance is strong with comprehensive policies and clear contact information, but incident response and security policy disclosures are absent. Overall, the website presents a trustworthy and professional business front but requires urgent improvements in SSL/TLS security to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling TLS 1.2+, and enhancing security headers and incident response readiness.

T

TRIGO GmbH

trigo.at

39

TRIGO GmbH is a specialized technology company focused on delivering tailored software solutions that bridge user-centric design with technical expertise. Their market position is that of a cloud-native expert, offering key services such as Data System Development (notably Exosphere), OpenShift consulting and migration, and Single Sign-On solutions leveraging Keycloak. The company targets businesses seeking to scale IT infrastructure, integrate applications, and leverage data effectively. Technically, the website is built on modern frameworks like Next.js and Chakra UI, hosted on Vercel, but lacks HTTPS which is a critical security shortfall. The absence of SSL/TLS exposes the site to risks and undermines trust. Security headers are present but insufficient without HTTPS. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and content-rich but requires urgent security improvements to meet modern standards.

BMO Global Asset Management (BMO GAM) is a leading Canadian asset manager offering a broad range of investment products including mutual funds, ETFs, and alternative products. The website clearly targets investors, advisors, and institutional clients, reflecting a mature and well-established financial services business. The company operates under the larger Bank of Montreal (BMO) umbrella, reinforcing its market position and credibility. Technically, the website leverages modern web technologies such as Next.js and integrates with Adobe Launch and OneTrust for marketing and compliance. Hosting is provided via Akamai CDN, ensuring global content delivery. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant technical and security shortcomings that undermine user trust and data protection. From a security perspective, while some security headers like HSTS and X-Frame-Options are present, the lack of HTTPS and modern TLS support is a critical vulnerability. No published security policies, incident response contacts, or vulnerability disclosure mechanisms were found, indicating gaps in security transparency and readiness. Overall, the website is professionally designed and content-rich, but the lack of proper SSL/TLS configuration and security disclosures lowers its security posture and trustworthiness. Strategic improvements in SSL deployment, security policy publication, and DNS security would significantly enhance the site's security and compliance standing.

K

Konica Minolta Business Solutions Austria GmbH

konicaminolta.at

40

Konica Minolta Business Solutions Austria GmbH operates as a leading technology and managed service provider specializing in intelligent workplace solutions, printing systems, cloud services, and IT infrastructure management. The company holds a strong market position in Austria and the DACH region, supported by a broad portfolio including multifunctional printers, professional printing, enterprise software, cybersecurity, and healthcare solutions. Their business model leverages direct sales and a partner network to serve a diverse business clientele. Technically, the website is built on modern frameworks such as Next.js and hosted on Vercel, with a CMS likely powered by Contentstack. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is currently slow. Analytics and consent management tools like Google Tag Manager and Usercentrics are integrated, indicating a mature digital infrastructure. From a security perspective, the absence of a valid SSL certificate and HTTPS support is a critical vulnerability, severely impacting the site's security posture. While some security headers are present, the lack of TLS protocols and session management features exposes the site to risks. Privacy compliance is strong, with comprehensive policies and consent mechanisms in place. Overall, the site is professionally designed and content-rich, reflecting a reputable business. However, the critical lack of HTTPS undermines trust and security, necessitating urgent remediation to protect users and maintain compliance.

A

Arduino

arduino.cc

40

Arduino is a globally recognized open-source electronics platform that empowers makers, professionals, and educators to innovate with accessible hardware and software solutions. The company maintains a strong market position with a comprehensive product portfolio including hardware boards, cloud services, and educational resources. Their digital infrastructure leverages modern web technologies such as Next.js and DatoCMS, hosted on AWS and delivered via Cloudflare CDN, ensuring a robust and scalable online presence. Despite a rich content offering and professional design, the website currently suffers from critical SSL/TLS misconfigurations that undermine its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a mature approach to user data protection. Overall, Arduino demonstrates high business credibility and technical maturity but should urgently address SSL certificate validity and TLS protocol support to enhance security and trust.

R

Rendity GmbH

rendity.com

39

Rendity GmbH operates a leading European online platform for real estate investments, enabling users to invest in rental properties and development projects starting from 100 €. The company emphasizes investor protection through regulatory compliance with electronic securities law, PCI DSS, and PSD2 standards, and offers deposit protection up to 100,000 €. The platform is technologically modern, built on Next.js and served via Cloudflare CDN, with a strong focus on user experience and mobile optimization. However, the website suffers from a critical security issue: the SSL certificate is invalid and no TLS protocols are enabled, severely impacting the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. The domain registration data aligns well with the company's business claims, supporting legitimacy and trustworthiness.

CERATIZIT S.A. is a leading high-technology engineering group specializing in cutting tools and hard material solutions, serving industrial and manufacturing sectors globally. The company is part of the Plansee Group and maintains a strong market position supported by innovation, patents, and sustainability certifications such as the EcoVadis Gold Rating. The website reflects a professional and well-branded digital presence with comprehensive content and multilingual support. Technically, the site uses modern frameworks including Next.js and Adobe Experience Manager, supported by Akamai CDN for content delivery. However, the security posture is currently weak due to the absence of a valid SSL certificate and HTTPS support, exposing the site to potential risks. Privacy and legal compliance are well addressed with clear policies and consent mechanisms. Overall, CERATIZIT demonstrates strong business credibility and digital maturity but requires urgent improvements in SSL/TLS security to protect users and enhance trust.

O

Octapharma Handelsges.m.b.H.

octapharma.at

40

Octapharma Handelsges.m.b.H. is a large, family-owned healthcare company based in Austria, specializing in plasma-derived medicines and therapies for rare diseases such as hemophilia, immunology, and intensive care. The company operates globally with a strong market position and offers patient support, career opportunities, and healthcare services. The website is built on modern technologies including Next.js and React, hosted on AWS infrastructure, and managed via the Storyblok CMS. It features comprehensive privacy and cookie policies with a consent mechanism powered by Usercentrics. However, the website currently lacks a valid SSL certificate and does not support HTTPS, which is a critical security concern. Security headers are partially implemented but the absence of TLS protocols and HSTS reduces the overall security posture. Contact information is primarily available via contact forms, with no explicit phone numbers or emails prominently displayed except for a support email related to internal server error reporting. Social media presence is active on LinkedIn, YouTube, and Kununu. Overall, the website is professional, content-rich, and user-friendly but requires urgent improvements in SSL/TLS configuration to ensure secure user interactions.

O

Octapharma AG

octapharma.com

39

Octapharma AG is a leading global manufacturer of human protein therapies derived from plasma and human cell lines, serving patients in over 120 countries. The company operates a large network of plasma donation centers and production facilities, emphasizing patient engagement and innovation in immunotherapy, haematology, and critical care. The website is professionally designed with comprehensive content, including employee stories, press releases, and detailed product information. Technically, the site uses modern frameworks like Next.js and is hosted on AWS infrastructure, but suffers from critical SSL/TLS configuration issues, lacking a valid certificate and modern protocol support. Security headers are partially implemented, but the absence of HTTPS severely impacts the security posture. Privacy compliance is well addressed with clear policies and a cookie consent mechanism. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and trust.

P

Peek & Cloppenburg B.V. & Co. KG

peek-cloppenburg.com

40

Peek & Cloppenburg B.V. & Co. KG is a well-established European fashion retailer with a strong presence in physical stores and online platforms. The company offers a curated selection of international and exclusive brands, targeting fashion-conscious consumers across multiple countries. Their business model focuses on multi-brand retailing with a significant footprint in Europe, supported by a comprehensive loyalty program and customer service infrastructure. Technically, the website is built on modern frameworks like Next.js and Magnolia CMS, leveraging Cloudflare for hosting and CDN services. The site is well-optimized for mobile and SEO, with good accessibility features. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which critically impacts secure communications and user trust. Privacy compliance is robust, with clear policies and consent mechanisms implemented. Overall, the site is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

F

FH Technikum Wien

technikum-wien.at

40

FH Technikum Wien is Austria's only purely technical university of applied sciences, offering a broad and practice-oriented range of study programs. The institution holds a leading market position in Austria's technical education sector, evidenced by its top ranking in the Industriemagazin and multiple certifications including sustainability and quality management awards. The website reflects a mature digital presence built on modern technologies such as Next.js and React, with good SEO, accessibility, and user experience. However, the absence of a valid SSL certificate is a critical security gap that undermines trust and secure communications. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the institution demonstrates strong business credibility and digital maturity but must urgently address its SSL/TLS configuration to improve security posture.

D

DP+ (now part of Fusion92)

duffeypetrosky.com

26

DP+ is a marketing and innovation company recently acquired by Fusion92, positioning itself as a Midwest marketing innovation powerhouse. The website serves primarily as a landing page to announce this acquisition and redirect visitors to Fusion92's main site for further information. The business targets organizations seeking marketing and brand innovation services, operating within the media sector. The site branding is consistent and professional, reflecting the parent company's identity. Technically, the website is built using modern frameworks such as Next.js and React, hosted on Vercel, indicating a contemporary digital infrastructure. However, performance data is missing, and the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Mobile optimization is good, but accessibility and SEO optimizations are basic. From a security perspective, the absence of a valid SSL certificate and TLS protocols severely impacts the security posture. While some security headers are present, critical best practices like OCSP stapling, session resumption, and comprehensive HSTS policies are missing. No privacy or cookie policies are actively presented on the landing page, and no contact or incident response information is available, limiting compliance and user trust. Overall, the website presents moderate business credibility but suffers from critical security issues that must be addressed urgently. Strategic improvements in SSL deployment, privacy compliance, and contact transparency are recommended to enhance trust and security.

Confidex is a mature and reputable company specializing in RFID, NFC, and BLE solutions for industries, logistics, and mobility sectors. Recently acquired by Beontag, a global leader in graphic and label materials and RFID technology, Confidex strengthens its global presence and service localization. The website reflects a professional and comprehensive digital presence with strong branding and relevant content targeting industrial and supply chain customers. Technically, the site uses modern frameworks like Next.js and React, hosted on AWS CloudFront, with good SEO and accessibility practices. However, the lack of a valid SSL certificate and HTTPS support is a critical security gap that significantly impacts the overall security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The domain registration data confirms the legitimacy and maturity of the business. Strategic improvements in SSL/TLS configuration and incident response readiness are recommended to enhance trust and security.

A

Avanade Inc.

avanade.com

40

Avanade Inc. is a leading global provider of cloud, AI, and advisory services focused on the Microsoft ecosystem. With over 25 years of experience and a strong market position as the world’s leading Microsoft expert, Avanade serves enterprise clients across multiple industries including technology, energy, banking, healthcare, government, and retail. The company operates globally with headquarters in the United States, Europe, and Asia, and is a subsidiary of Accenture. Their business model centers on delivering advisory, managed services, and integrated Microsoft technology solutions to help organizations unlock digital transformation and sustainability goals. Technically, Avanade’s website leverages modern frameworks such as Next.js and Sitecore CMS, hosted on Vercel and integrated with marketing and analytics tools like Adobe Launch, Google Tag Manager, and OneTrust for consent management. The site is well-designed, mobile-optimized, and rich in content, providing a professional user experience with clear navigation and comprehensive business information. From a security perspective, the website currently suffers from critical issues including the absence of a valid SSL certificate and lack of TLS protocol support, severely impacting its security posture. While security headers such as Content-Security-Policy and HSTS are present, they are not fully hardened. The presence of a vulnerability disclosure page and detailed privacy and cookie policies indicate a mature approach to compliance and security awareness, but the lack of HTTPS is a major risk. Overall, the website is highly credible and professional but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and maintain trust. Strategic improvements in security practices and continued adherence to privacy compliance will strengthen Avanade’s digital presence and risk posture.

S

sklera KG

sklera.tv

38

Sklera KG operates a technology-focused website likely offering software solutions or digital services, as indicated by the use of Next.js and references to demos and newsletters. The company is based in Austria and has maintained the domain for over 9 years, reflecting a mature business presence. However, the website content is minimal and primarily serves as a contact and demo request portal without detailed business descriptions or extensive content. The technical infrastructure leverages modern frameworks but lacks critical security implementations such as HTTPS, valid SSL certificates, and security headers, which significantly undermine the site's security posture. Additionally, the absence of privacy and cookie policies indicates poor compliance with data protection regulations. Overall, the website presents a basic digital footprint with moderate business credibility but requires urgent security and compliance improvements to enhance trust and protect user data.

Ottobock is a well-established enterprise in the healthcare sector specializing in orthotics, prosthetics, and related mobility solutions. The company offers a broad range of products and services including prosthetics, orthotics, exoskeletons, adaptive sports programs, and veteran support. Their market position is strong, supported by a comprehensive digital presence and a global footprint. Technically, the website leverages modern frameworks such as Next.js and React, integrated with Contentful CMS and various analytics and marketing tools, indicating a mature digital infrastructure. However, a critical security issue is the absence of a valid SSL/TLS certificate, which undermines the security posture and user trust. Privacy compliance is robust with clear policies and consent management mechanisms in place. Overall, the website is professional, content-rich, and user-friendly but requires urgent attention to its SSL configuration to ensure secure communications.

Plansee SE is a globally recognized manufacturer specializing in refractory metals such as molybdenum, tungsten, and tantalum, serving high-tech industries including electronics, aerospace, and energy. With a century of experience and multiple production sites worldwide, Plansee positions itself as a leader in high-performance materials and sustainable manufacturing solutions. The website reflects a mature digital presence built on Adobe Experience Manager and Next.js, leveraging Akamai CDN and Google Tag Manager for performance and analytics. However, the current lack of a valid SSL certificate and disabled TLS protocols represent critical security vulnerabilities that undermine user trust and data protection. Despite these issues, the site maintains comprehensive privacy and cookie policies aligned with GDPR, and showcases certifications like EcoVadis Gold and ASML Sustainability Excellence Award, reinforcing its market credibility. Strategic improvements in SSL/TLS deployment and enhanced security configurations are recommended to elevate the overall security posture and user confidence.

G

GoDaddy Operating Company, LLC

alliedpanels.com

38

The website alliedpanels.com is a domain aftermarket sales landing page hosted and operated under GoDaddy's platform. It offers the domain for sale with options to buy now, lease to own, or make an offer. The site targets domain investors and businesses seeking premium domain names, leveraging GoDaddy's trusted marketplace and brokerage services. The business model is focused on domain sales and brokerage within the e-commerce sector, supported by GoDaddy's large market presence and infrastructure. Technically, the site is built using modern JavaScript frameworks such as React and Next.js, hosted on AWS infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. While the design and user experience are good and mobile optimized, the absence of HTTPS and security headers significantly weakens the security posture. Security evaluation reveals critical issues including no valid SSL certificate, no HSTS, and missing security headers, which expose users to potential risks. Privacy compliance is supported by comprehensive GoDaddy privacy and cookie policies, with GDPR compliance indicated. Contact information is limited but present via phone and contact form. Overall, the site is legitimate and consistent with domain aftermarket sales but requires urgent security improvements. Strategically, the site should prioritize obtaining and configuring a valid SSL certificate to enable HTTPS, implement security headers, and improve performance to enhance trust and user experience. These steps will strengthen the security posture and align with best practices for e-commerce platforms.

D

Domains By Proxy, LLC (registrant proxy), actual company name not explicitly stated

frill.co

60

Frill.co is a SaaS platform specializing in customer feedback, product roadmaps, announcements, and surveys, targeting startups, charities, and entrepreneurs. The company positions itself as an independent and bootstrapped alternative to competitors like Canny and Beamer, offering a web app and widget for seamless customer feedback management. The website is professionally designed with excellent content quality and clear navigation, supporting a positive user experience and strong trust indicators such as customer testimonials and third-party review ratings. Technically, the site is built on modern frameworks including Next.js and React, hosted on AWS infrastructure, and integrates multiple analytics and marketing tools. However, the website suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent mechanism, and GDPR adherence. Overall, the site demonstrates a mature business presence but requires urgent security improvements to protect user data and enhance trust.

Interacty is a mature SaaS platform specializing in interactive content and gamification solutions for education and business sectors. It offers a wide range of interactive activities including quizzes, games, and lead generation tools, supported by a modern web infrastructure built on React and Next.js. The platform targets educators, marketers, publishers, and brands globally, with multi-language support and a strong user base. Despite its comprehensive offerings and professional design, the website suffers from critical security issues due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are well implemented, reflecting GDPR compliance awareness. Overall, Interacty presents a strong business proposition but requires urgent security improvements to protect user data and maintain trust.

S

StackJobs

stackjobs.io

59

StackJobs is a specialized job board platform launched in 2024, focusing on frontend developer roles filtered by actual technology stack requirements such as React, Vue.js, Angular, and Svelte. The platform aggregates job listings directly from company career pages, bypassing recruiters, and offers features like job alerts, job saving, and frequent job extraction. The business targets frontend developers seeking precise job matches, positioning itself as a niche alternative to traditional job boards. Technically, the website uses modern frontend frameworks including Vue.js, Svelte, React, and Angular, with hosting and DNS managed via Cloudflare. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, and no TLS protocols are enabled, resulting in insecure HTTP connections. This significantly impacts user trust and security. Additionally, no privacy, cookie, or terms of service policies are found, and no direct contact information is provided, which may affect compliance and user confidence. Analytics are implemented using PostHog, indicating moderate user tracking. Overall, the website demonstrates good design and user experience but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect users.

O

Opal Camera Inc.

opalcamera.com

64

Opal Camera Inc. is a California-based technology company specializing in the design and engineering of high-end webcams and camera-related products. Their flagship products include the Opal C1 professional webcam and the Opal Tadpole, the first webcam designed specifically for laptops. The company targets consumers and professionals seeking premium webcam solutions, positioning itself as an innovative niche player in the webcam market. The business model focuses on direct sales of hardware and complementary software, supported by customer service and digital marketing efforts. Technically, the website is built using modern web technologies including React and Next.js, hosted with Cloudflare DNS services. The site integrates multiple analytics and advertising platforms such as Google Analytics, TikTok, Facebook, and Twitter pixels, indicating a mature digital marketing strategy. However, the website suffers from slow load times and lacks a valid SSL certificate, which impacts user trust and security. From a security perspective, the site has enabled HSTS but lacks a valid SSL certificate, OCSP stapling, and DNSSEC, which are critical for secure communications and DNS integrity. No explicit security or incident response policies are found, and cookie consent mechanisms are absent, raising privacy compliance concerns. The domain registration is mature and consistent with the business claims, enhancing legitimacy. Overall, while the company presents a professional and trustworthy front with quality content and branding, critical security gaps and performance issues pose risks. Strategic improvements in SSL deployment, privacy compliance, and website optimization are recommended to enhance security posture and user trust.

L

Localytics

localytics.com

56

Localytics is an established enterprise SaaS company specializing in mobile app marketing and analytics software. Founded in 2008, it provides powerful tools for understanding user behavior, driving engagement, and optimizing mobile app campaigns. The company targets enterprise clients across multiple sectors including technology, retail, media, telecommunications, finance, and hospitality. The website reflects a mature digital presence with comprehensive content, professional design, and clear business messaging. Technically, the site leverages modern frameworks such as React and Next.js, hosted on Vercel with AWS DNS infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness.

Openprovider is a mature wholesale domain registration and reseller platform established in 2002, offering domain names, SSL certificates, and Plesk licenses primarily to resellers, digital agencies, and web hosting providers. The company positions itself as a cost-effective platform with automated services and membership plans tailored to different business sizes. Technically, the website is built on modern frameworks such as Next.js and hosted on Vercel, indicating a contemporary digital infrastructure. However, the site lacks a valid SSL certificate, which is a critical security flaw that undermines user trust and data protection. Security headers are implemented, but the absence of TLS protocols and other security best practices like DNSSEC and DMARC reduces the overall security posture. Privacy compliance is weak, with no visible privacy or cookie policies and no consent mechanisms. The WHOIS data confirms the domain's legitimacy and maturity, though domain protection locks are not enabled. Overall, the site demonstrates good business credibility and technical sophistication but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

S

Sikt

sikt.no

62

Sikt is a Norwegian public agency providing shared digital services and infrastructure to the education and research sectors. The organization offers a broad portfolio of services including network solutions, data sharing, cybersecurity, and research data archiving, positioning itself as a key national service provider. The website reflects a mature digital presence with excellent content quality, clear navigation, and professional design tailored to its target audience of students, researchers, and educational institutions. Technically, the site uses modern frameworks such as Next.js and Drupal CMS, and integrates privacy-conscious analytics tools like Matomo and Siteimprove. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which are critical issues that must be addressed to ensure secure communications and trust. Privacy compliance is well handled with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to meet security best practices.

S

Sikt

uninett.no

61

Sikt is a Norwegian public agency providing shared digital infrastructure and services to the education and research sectors. The website clearly communicates its role as a key service provider supporting digitalization, data sharing, and open research for knowledge institutions in Norway. The target audience includes students, researchers, and educational organizations. The business model is that of a government agency offering essential infrastructure and services nationally. Technically, the website is built on modern frameworks such as Next.js and Drupal, with good mobile optimization and accessibility. However, performance is moderate and could be improved. Security posture shows critical weaknesses, notably an invalid SSL certificate and lack of modern TLS protocols, which significantly reduce the security score. Privacy compliance is good with clear privacy and cookie policies, though no explicit consent mechanism is observed. Business credibility is high due to consistent branding, professional content, and clear contact channels via forms. Overall, the site is trustworthy but requires urgent SSL and security improvements to protect users and data.

D

Direktoratet for høyere utdanning og kompetanse

diku.no

49

Direktoratet for høyere utdanning og kompetanse (HK-dir) is a Norwegian government agency responsible for national administration and policy implementation in higher education, vocational education, and competence development. Established in 2021 through a merger of several agencies, it serves as a key authority in Norway's education sector, providing services such as career guidance, foreign education recognition, funding programs, and statistical reporting. The website targets professionals and stakeholders in education and workforce development within Norway. Technically, the website is built using modern web technologies including Next.js and Sanity CMS, with integration of Google Fonts and Siteimprove Analytics. The site is well-structured, mobile-optimized, and provides good accessibility and SEO features. However, performance is moderate with a load time of approximately 5.8 seconds. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No security headers or advanced TLS configurations are present, exposing the site to potential risks. Privacy compliance is strong, with a comprehensive GDPR-compliant privacy policy and clear contact information. No cookie consent mechanism or terms of service were found. Overall, while the business and content aspects are solid and trustworthy, the lack of HTTPS and proper SSL configuration significantly lowers the security posture and overall risk rating. Immediate remediation of SSL/TLS issues is recommended to protect user data and enhance trust.

The website planckly.com currently exhibits a client-side application error preventing normal content access. The business overview and key services cannot be determined from the accessible content. Technically, the site uses modern frameworks such as Next.js and React, but the lack of a valid SSL certificate and the presence of a critical client-side error severely degrade the user experience and security posture. The site is hosted likely on Vercel, but performance is poor with a very slow load time and large page size. Security is weak due to missing HTTPS, lack of modern TLS protocols, and absence of key security headers beyond HSTS. No privacy, cookie, or terms of service policies are present, and no contact or business information is available, limiting trust and compliance assessment. Overall, the site is currently non-functional and insecure, posing significant risks to users and business credibility.

C

CMA CGM Group

cmacgm-group.com

49

CMA CGM Group operates as a global leader in transportation and logistics, providing integrated sea, land, air, and logistics solutions. The company targets a global customer base requiring comprehensive supply chain services. The website reflects a mature enterprise with consistent branding and a professional online presence. Technically, the site uses modern frameworks such as React and Next.js, hosted on AWS CloudFront with caching via Varnish, and a Drupal CMS backend. However, the absence of a valid SSL/TLS certificate critically undermines the security posture, exposing users to risks and reducing trust. Security headers are partially implemented but lack completeness, and no advanced security policies or data protection officer contacts are visible. The site includes cookie consent mechanisms and a responsible disclosure program, indicating some compliance awareness. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

T

Tempe Inditex

tempe.es

40

Tempe Inditex is a large retail company specializing in the design, marketing, and distribution of footwear and accessories for the Inditex Group's seven brands. The company emphasizes sustainable fashion aligned with Inditex’s global sustainability strategy and employs over 2,000 professionals. The website is professionally designed, multilingual, and provides comprehensive information about the business model, sustainability efforts, talent acquisition, and communication. Technically, the site uses modern JavaScript frameworks such as React and Next.js and is hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly weakens its security posture. Privacy and cookie policies are present and indicate GDPR compliance, but no explicit security or incident response policies are found. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

W

Wegmans Food Markets

wegmans.com

40

Wegmans Food Markets is a well-established grocery retail company with a strong online presence offering grocery delivery, pickup, pharmacy, meals, and catering services. The website is professionally designed, mobile-optimized, and provides comprehensive content and navigation for its users. Technically, the site leverages modern frameworks such as Next.js and React, hosted on Vercel, and integrates multiple third-party services for analytics, marketing, and user experience enhancements. However, a critical security gap exists as the website lacks a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and legitimate domain registration data.

G

GoDaddy Operating Company, LLC

anytechnologies.com

35

The website anytechnologies.com is a domain sales landing page operated by Afternic, a GoDaddy company. It offers the domain for sale with options to buy outright or lease to own, supported by domain brokerage services. The site targets businesses or individuals seeking to acquire this specific domain name. The business model is focused on domain aftermarket sales and brokerage, leveraging GoDaddy's extensive domain management infrastructure. The site is branded consistently with GoDaddy and Afternic, including trust signals such as a high Trustpilot rating. Technically, the site uses modern JavaScript frameworks like Next.js and is hosted on AWS with Akamai CDN support. However, the site suffers from slow load times and lacks mobile optimization and accessibility features. Security posture is weak due to the absence of HTTPS, no valid SSL certificate, and missing security headers. Privacy compliance is minimal, relying on Afternic's general policies rather than domain-specific disclosures. Overall, the site is functional for its purpose but requires significant security and performance improvements to enhance trust and user experience.

K

Krystal Hosting Ltd

k.io

48

Krystal Hosting Ltd is a UK-based internet services company established in 2003, providing premium and sustainable web hosting, cloud infrastructure, VoIP, and email delivery services globally. The company emphasizes ethical business practices and environmental sustainability, holding certifications such as B Corp and participating in initiatives like 1% For The Planet. Their market position is that of an independent, premium provider with a strong focus on customer service and green technology. Technically, the website is built on modern frameworks like Next.js and uses a custom CMS, delivering a well-designed, mobile-optimized, and content-rich experience. However, the security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no email authentication policies, which poses significant risks. Privacy compliance is also lacking, with no visible privacy or cookie policies. Overall, the business credibility is strong, supported by consistent WHOIS data and active operations, but the security and privacy gaps require urgent attention.

Krystal Hosting Ltd is a UK-based internet services company founded in 2002, specializing in premium and sustainable web hosting, cloud services, VoIP, and email delivery solutions. The company positions itself as an independent, ethical provider with a strong commitment to environmental sustainability, evidenced by its B Corp certification and participation in 1% For The Planet. Their target audience includes businesses worldwide seeking high-quality, green internet solutions. Technically, the website is built using modern frameworks such as Next.js and React, with a CMS likely provided by Katapult. Performance is moderate with good mobile optimization and SEO practices. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical vulnerability. Privacy compliance is minimal, with no visible privacy or cookie policies, and no explicit contact information is provided on the site. Overall, the website is professional and trustworthy from a business perspective but requires urgent security improvements to protect users and data.

K

Krystal Hosting Ltd

krystal.io

55

Krystal Hosting Ltd is a UK-based independent web hosting company founded in 2002, specializing in ethical and green hosting solutions powered by 100% renewable energy. The company offers a broad range of hosting services including shared web hosting, business hosting, managed WordPress, VPS, dedicated servers, and a proprietary public cloud platform called Katapult. Positioned as a trusted and sustainable hosting provider, Krystal emphasizes customer support excellence and environmental responsibility, evidenced by certifications such as ISO 27001, Certified B Corp, and membership in 1% for the Planet. The website is professionally designed, mobile-optimized, and rich in content, featuring extensive client testimonials and transparent business information.

S

Superwall

superwall.com

59

Superwall is a technology company specializing in providing a SaaS platform that enables app developers and businesses to quickly build, test, and deploy paywalls without the need for shipping app updates. The platform supports A/B testing, remote control of paywall triggers, and offers a rich set of templates and analytics to optimize monetization strategies. The company is positioned as a trusted solution with backing from notable investors and a strong customer base. Technically, the website is built using modern frameworks such as Next.js and React, with integrations for analytics and marketing tools like Google Analytics, Google Tag Manager, Twitter Ads, and Koala SDK. However, the website suffers from a critical security issue due to the lack of a valid SSL certificate and HTTPS configuration, which significantly impacts its security posture. Privacy policies and terms of service are present and comprehensive, but no cookie consent mechanism is detected. Overall, the website demonstrates strong business credibility and professional design but requires urgent security improvements to protect user data and maintain trust.

K

Krystal Hosting Ltd

katapult.io

63

Katapult, operated by Krystal Hosting Ltd, is a cloud infrastructure provider focused on delivering high-speed, reliable, and scalable virtual infrastructure solutions tailored for developers and teams. The company emphasizes ease of use, transparency, and sustainability, positioning itself as a competitive player in the cloud technology sector with a strong commitment to renewable energy and certified business practices. The website presents a professional and comprehensive overview of its services, targeting technology professionals and businesses seeking cloud infrastructure with pay-as-you-go pricing. Technically, the website is built on modern frameworks such as Next.js and React, with good mobile optimization and accessibility features. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the security posture and user trust. Privacy and cookie policies are well implemented with consent mechanisms, and the site uses Google Tag Manager for analytics and marketing. Security-wise, while no major vulnerabilities or exposed sensitive data were detected, the lack of HTTPS and security headers is a major concern. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are present. The domain registration data is consistent and mature, supporting the legitimacy of the business. Overall, Katapult demonstrates strong business credibility and technical maturity but must urgently address its SSL/TLS configuration to improve security and trust. Strategic recommendations include installing a valid SSL certificate, enabling security headers, and publishing security policies to enhance compliance and incident readiness.

О

ООО “Ай Ти Инвест”

ggsel.net

65

GGSEL is a well-established digital marketplace specializing in the sale of digital goods such as game keys, software licenses, gift cards, and subscription services. It serves a large user base primarily in Russia and CIS countries, offering a broad catalog of products with secure and fast delivery. The platform leverages modern web technologies including Next.js and Material-UI, ensuring a responsive and user-friendly experience. Security measures include TLS 1.2/1.3 encryption and SPF/DMARC email protections, though improvements like DNSSEC and HSTS could enhance security further. Privacy and terms policies are comprehensive and GDPR compliant, supporting trust and regulatory adherence. Overall, GGSEL presents a credible and professional e-commerce platform with a strong market position and growth potential.

О

ООО “Ай Ти Инвест”

ggsel.com

57

GGSEL is a large-scale e-commerce marketplace specializing in digital goods such as games, software licenses, gift cards, and subscription services. The platform offers a wide variety of products with a focus on fast delivery and secure transactions, targeting gamers and digital consumers primarily in Russia and CIS countries. The business model includes direct sales, partner programs, and API access for professional sellers, positioning GGSEL as a competitive player in the digital goods market. Technically, the website leverages modern web technologies including React, Next.js, and Material-UI, supported by Cloudflare DNS and multiple third-party marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Additionally, SPF misconfigurations and lack of cookie consent mechanisms indicate gaps in security and privacy compliance. Overall, GGSEL demonstrates strong business credibility and content quality but requires urgent improvements in security posture to safeguard customer data and comply with industry standards.

О

ООО «Айкюсофт»

guarantee.money

65

The website guarantee.money operates as an escrow service platform primarily targeting Russian-speaking users. It facilitates secure transactions between buyers and sellers by acting as a trusted third party holding funds in escrow until transaction conditions are met. The business is positioned as a medium-sized technology and finance service founded in 2017, with a focus on online marketplaces, arbitration, and payment link generation. The company behind the service is ООО «Айкюсофт», based in Russia. Technically, the site is built on a modern React and Next.js stack with Material-UI for UI components, indicating a contemporary digital infrastructure. However, the site suffers from a critical security shortcoming: the absence of a valid SSL certificate and proper HTTPS support, which undermines user trust and data security. While HSTS headers are configured, they are ineffective without valid SSL. Privacy and terms of service pages exist but cookie consent mechanisms are missing, indicating partial privacy compliance. Contact information is limited to an email address at iqsoft.company, with no phone or physical address provided. Overall, the site is functional and content-rich but requires urgent security improvements to meet industry standards and user expectations.

B

Banqup Group

banqup.com

65

Banqup Group operates a sophisticated digital platform focused on streamlining invoicing, payments, and compliance for a wide range of business customers including professionals, accountants, SMEs, and large enterprises. The company holds a strong market position in Europe, supported by its parent company Unifiedpost Group, and offers key services such as e-invoicing, compliance management, and integration with existing business software. The platform is designed to reduce administrative overhead and accelerate financial workflows. Technically, the website leverages modern web technologies including React and Next.js, with content managed via Storyblok CMS and hosted through a combination of Webflow and cloud services. While the site is content-rich and well-structured with good SEO and accessibility practices, performance is somewhat slow, and the SSL/TLS configuration is currently invalid, which poses a significant security risk. Security posture is moderate; the site employs HSTS and DMARC policies but lacks a valid SSL certificate and modern TLS support, which are critical for secure communications. Privacy compliance is strong, with a comprehensive privacy policy and cookie consent mechanism in place. Business credibility is high, supported by clear contact information, leadership announcements, and investor relations presence. Overall, Banqup presents a professional and trustworthy digital presence with room for improvement in security infrastructure. Addressing SSL/TLS issues and enhancing security headers would significantly improve the security posture and user trust.

C

Casavo Management S.p.A.

casavo.com

59

Casavo Management S.p.A. operates a mature and professional PropTech platform focused on simplifying the real estate transaction process for home sellers and buyers primarily in Italy and France. The company leverages technology such as machine learning algorithms for instant home valuation, combined with human consultancy and support services including mortgage assistance and professional home enhancement. Their market position is supported by significant funding, a growing presence in multiple European cities, and strong brand recognition through media coverage and verified customer testimonials. Technically, the website is built on modern frameworks like Next.js and React, hosted via Cloudflare, and integrates various third-party services for analytics and consent management. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture and user trust. Privacy compliance is robust, with clear GDPR-aligned policies and consent mechanisms in place. Overall, while the business model and digital maturity are strong, immediate remediation of security vulnerabilities is essential to protect user data and maintain credibility.

F

FUNDACION DEL MUSEO GUGGENHEIM BILBAO

guggenheim-bilbao.eus

31

The Museo Guggenheim Bilbao is a prominent non-profit cultural institution based in Bilbao, Spain, managed by the FUNDACION DEL MUSEO GUGGENHEIM BILBAO. The website serves as a comprehensive portal for visitors to plan their visits, explore exhibitions, and access educational resources. It targets a broad audience interested in art, culture, and museum experiences. The museum holds a strong market position as an internationally recognized art venue with strategic partnerships and sponsorships from government and corporate entities. Technically, the website leverages modern web technologies including Next.js and React, with a headless WordPress CMS backend. It integrates accessibility tools and multimedia content hosted on Vimeo. The site is mobile-optimized and SEO-friendly, providing a good user experience and navigation clarity. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data security. Other security headers and best practices are partially implemented, but the absence of HTTPS significantly lowers the security posture. Overall, the website is professionally designed and content-rich, but the lack of HTTPS is a major risk. Strategic recommendations include immediate SSL/TLS deployment, enabling HSTS, and improving certificate management to enhance security and user trust.

P

Privacy service provided by Withheld for Privacy ehf

linkjago.me

58

Link Jago is a small, technology-focused business offering a free and open source URL shortening service with features such as custom domains, link management, statistics, and API access. The service targets users and developers seeking an alternative to proprietary URL shorteners, positioning itself as a niche open source solution. The website is built using modern web technologies including Next.js and React, hosted behind Cloudflare DNS, and integrates Google reCAPTCHA for bot protection. However, the site suffers from slow load times and lacks a valid SSL/TLS certificate, resulting in no HTTPS support which is a critical security concern. Security headers are minimal, with only HSTS enabled, and no DMARC or DNSSEC records are present. Privacy compliance is weak, with no privacy or cookie policies found, and no contact or incident response information provided. The domain is registered with privacy protection, which is reasonable for a small open source project but reduces transparency. Overall, the site demonstrates moderate professionalism and technical maturity but requires significant improvements in security and privacy compliance to enhance trust and protect users.

F

FX

fxnetworks.com

50

FX Networks operates as a prominent media and entertainment company specializing in critically acclaimed dramas, comedies, and original documentaries. The website serves as the official platform for FX and FXX, offering streaming content primarily through Hulu. The company holds a strong market position with a focus on original programming and a partnership with Hulu for content distribution. Technically, the website is built on modern frameworks such as Next.js and React, leveraging Akamai CDN and AWS Lambda for hosting and content delivery, indicating a mature digital infrastructure. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical vulnerability. Privacy compliance is also lacking, with no visible privacy or cookie policies and no explicit contact information for users. Overall, while the website excels in content quality and business credibility, it requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

P

Privacy service provided by Withheld for Privacy ehf

mikale.me

59

Mikale is a small technology company operating a free and open source URL shortening service. The website offers core services such as URL shortening with custom domains and link statistics, targeting developers and users needing link management solutions. The business is relatively new, founded in 2023, and uses modern web technologies including Next.js and React, hosted behind Cloudflare. The site is accessible and well-structured with good design and user experience, but lacks formal privacy, cookie, and terms of service policies, as well as explicit contact information. Security posture is weak due to the absence of a valid SSL/TLS certificate and lack of HTTPS, which is a critical issue for user trust and data protection. The domain is privacy protected, which is common for small tech projects, and shows no signs of suspicious activity or subdomain takeover vulnerabilities.