Security Directory

E

efficy

efficy.com

68

efficy is a leading European CRM software provider offering modular, GDPR-compliant solutions tailored to businesses of all sizes. The company emphasizes flexible, scalable platforms that centralize customer data, automate sales, and enhance customer engagement. With a strong market presence and over 13,500 customers, efficy positions itself as a trusted partner in the CRM and marketing automation space. The website reflects a mature digital infrastructure with advanced analytics and A/B testing capabilities, although performance optimization is needed due to slow load times. Security posture is currently weak due to an invalid SSL certificate and lack of modern TLS protocols, which poses a critical risk. Privacy compliance is well addressed with comprehensive cookie and privacy policies, including a consent mechanism. Overall, the site demonstrates professionalism and trustworthiness but requires urgent security improvements.

A

APSIS

apsis.no

59

APSIS operates a modern marketing platform, Apsis One, focused on AI-driven email marketing and automation to help businesses grow through personalized customer experiences. The platform integrates multiple marketing tools including email, SMS, surveys, and event management, targeting marketers and enterprises seeking an all-in-one solution. The website is professionally designed using Drupal 10 and integrates popular marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag, demonstrating a mature digital marketing infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing the site to potential risks and undermining user trust. Privacy and cookie policies are present and appear GDPR compliant, but no explicit security policy or incident response information is provided. Overall, the site is content-rich and credible but requires urgent security improvements to protect user data and maintain trust.

A

APSIS

apsis.dk

40

APSIS is a Denmark-based technology company specializing in AI-driven email marketing and marketing automation solutions through its flagship platform, Apsis One. The platform offers a comprehensive suite of marketing tools including email marketing, AI assistant, SMS marketing, CRM, and integrations designed to empower marketers to create personalized and data-driven customer experiences. The company operates under the parent company Efficy and serves a medium-sized market segment with a strong focus on seamless user experience and advanced marketing capabilities. Technically, the website is built on Drupal 10 and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, the website currently suffers from a critical security issue due to an invalid or missing SSL certificate and lack of modern TLS protocol support, which significantly impacts its security posture. Despite this, the site maintains good privacy and cookie policies with consent mechanisms, and no exposed sensitive data was detected. Overall, APSIS presents a professional and trustworthy marketing technology provider with room for improvement in its security infrastructure.

A

APSIS

apsis.se

40

APSIS is a Swedish technology company specializing in marketing technology solutions, offering a comprehensive SaaS platform called Apsis One that integrates AI-driven email marketing, marketing automation, SMS marketing, event management, and CRM integrations. The company targets modern marketers and businesses seeking to optimize their digital marketing efforts with data-driven tools. The website is professionally designed, content-rich, and well-structured, providing clear navigation and multiple calls to action such as free trials and demos. Technically, the site uses Drupal 10 CMS and integrates popular marketing and tracking technologies including Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. Security headers are present but the absence of TLS protocols and valid certificates significantly lowers the security posture. Privacy and cookie policies are present and appear GDPR compliant, with consent mechanisms implemented. Contact information is primarily via contact forms; no explicit emails or phone numbers were found. WHOIS data is consistent with the business claims, showing no suspicious registration patterns. Overall, the site demonstrates good business credibility and privacy compliance but requires urgent improvements in SSL/TLS security to protect user data and improve trust.

A

APSIS

apsis.com

53

Apsis is a Swedish-based technology company providing a comprehensive AI-driven marketing platform called Apsis One. The platform offers tools for email marketing, marketing automation, SMS, surveys, forms, event management, and CRM integrations, targeting marketers and businesses seeking to optimize customer engagement and campaign effectiveness. The website is professionally designed with excellent content quality and clear navigation, supporting a strong market position in the marketing technology sector. Technically, the site uses Drupal 10 CMS and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS configuration, which significantly impacts the security posture. Privacy and cookie policies are present and appear GDPR compliant, but no explicit security policies or incident response information is found. Overall, the domain registration data aligns well with the website's claims, supporting legitimacy and trustworthiness.

S

Sekoia

sekoia.dk

33

Sekoia is a Danish healthcare software company providing a specialized app for care centers and social service providers to improve planning, documentation, and communication. The company is well-established with a mature domain and a clear market position supported by integrations with KMD Nexus and usage by multiple municipalities. The website is built on WordPress with modern marketing and analytics tools integrated, including consent management for GDPR compliance. However, the site currently lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are well implemented, and contact information is clearly presented. Overall, the business demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

B

Banqsoft AS

banqsoft.com

63

Banqsoft AS is a medium-sized Norwegian company specializing in financial software solutions for the Nordic market, focusing on asset finance, digital banking, and credit management. The company offers comprehensive software suites and add-on services designed to digitize and optimize financial operations for its clients. Banqsoft holds recognized certifications such as ISO 14001 and ISO 27001, underscoring its commitment to sustainability and information security. The website reflects a professional and consistent brand presence with good content quality and user experience.

E

Edlund A/S

edlund.dk

40

Edlund A/S is a Danish company specializing in flexible software solutions and consulting services for the life and pension insurance sector. Established in 1998, the company offers modular standard software and expert consulting to help clients modernize and optimize their insurance administration systems. The website reflects a professional and consistent brand presence targeting Danish life and pension companies. Technically, the site uses ASP.NET with Umbraco CMS, modern JavaScript modules, and is hosted behind Cloudflare. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. Privacy and cookie policies are present with consent mechanisms, and contact information is comprehensive. Analytics and marketing tools are actively used, indicating a moderate level of user tracking. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

K

KMD A/S

kmd.dk

40

KMD A/S is a leading Danish IT and software company specializing in delivering comprehensive IT solutions to the public sector and businesses, with a strong focus on sectors such as energy, education, healthcare, and government. The company operates as a subsidiary of NEC Corporation and offers a broad portfolio of services including HR and payroll systems, data analytics, electronic document management, IT security, and SAP services. The website reflects a mature, well-established enterprise with extensive content and a professional digital presence. Technically, the website utilizes modern web technologies including ASP.NET, JavaScript modules, and is hosted behind Cloudflare with Umbraco CMS. It employs multiple security headers and analytics tools such as Google Analytics and Siteimprove. However, the absence of a valid SSL certificate and lack of enabled TLS protocols represent significant security weaknesses that must be addressed to ensure secure communications. From a security perspective, the site has implemented strong security headers and a strict DMARC policy, indicating good email security practices. Yet, the invalid SSL configuration and missing modern TLS support severely impact the overall security posture. Privacy compliance is well managed with clear privacy and cookie policies, including consent mechanisms, aligning with GDPR requirements. Overall, KMD's website demonstrates high business credibility and professionalism but requires urgent remediation of its SSL/TLS configuration to protect user data and maintain trust. Strategic improvements in security infrastructure will enhance the company's risk management and compliance stance.

T

Trees for the Future

trees.org

57

Trees for the Future is a well-established nonprofit organization dedicated to land restoration and sustainable agriculture in developing communities worldwide. The organization is recognized as a United Nations World Restoration Flagship, highlighting its leadership in ecosystem restoration efforts. Their business model relies on donations, corporate partnerships, and community engagement to support farmers and combat hunger, poverty, and environmental degradation. The website effectively communicates their mission, impact, and opportunities for involvement, targeting donors, environmental advocates, and strategic partners. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, Google Analytics, and various marketing and fundraising tools. While the site is well-structured, mobile-optimized, and SEO-friendly, it suffers from slow load times and lacks a valid SSL certificate, which is a critical security deficiency. The absence of HTTPS and security headers exposes the site and its users to potential risks. From a security perspective, the site has significant vulnerabilities including no active SSL/TLS encryption, no HSTS, no DNSSEC, and no security headers. Although privacy and cookie policies are present with consent mechanisms, the site uses multiple third-party trackers which may impact user privacy. The domain is mature and protected by privacy proxy services, which is justified for a nonprofit entity. Overall, the security posture is weak and requires urgent improvements. The overall risk assessment indicates a trustworthy and professional nonprofit with excellent content and business credibility but with critical security gaps. Strategic recommendations include immediate SSL deployment, enhanced security headers, DNS security improvements, and a formal vulnerability disclosure policy to strengthen trust and compliance.

O

Oqaasileriffik

ordbog.gl

36

Oqaasileriffik operates as the official Language Secretariat of Greenland, providing comprehensive Greenlandic dictionaries and language resources online. The website serves a niche audience including Greenlandic speakers, researchers, and students, offering multiple historical and modern dictionaries in Greenlandic, Danish, and English. The business model is non-commercial and government-supported, positioning it as a key language resource provider in Greenland. Technically, the site employs modern frontend technologies such as Bootstrap, jQuery, and SQL.js, and supports a Progressive Web App for offline access. However, performance is slow with a high page load time and large page size. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, and missing security headers, which significantly impacts user trust and data protection. Privacy compliance is minimal, with no privacy or cookie policies present, and moderate user tracking via Matomo and Google Tag Manager. Overall, the site is legitimate and consistent with its stated purpose but requires urgent improvements in security and privacy to enhance trust and compliance.

D

DMARC Advisor

dmarcadvisor.com

59

DMARC Advisor is a specialized technology company focused on providing DMARC and related email security services to businesses primarily in Europe and Africa. Their market position is strong as leading DMARC service experts, offering a comprehensive suite of tools and managed services including DMARC reporting, SPF management, DKIM validation, and BIMI hosting. The company emphasizes protecting domains against email abuse and phishing, targeting organizations that require robust email authentication solutions. Technically, the website is built on WordPress with modern JavaScript frameworks like Vue.js, and integrates various marketing and analytics tools such as Google Tag Manager and Microsoft Clarity. However, the website currently lacks a valid SSL certificate and modern TLS protocol support, which is a critical security gap. The security posture is further impacted by missing DNSSEC and improperly configured CAA records, though DMARC policies are correctly set to reject unauthorized emails. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms and a comprehensive privacy policy. Overall, the company demonstrates a professional and trustworthy online presence but should urgently address SSL/TLS and DNS security to enhance trust and security.

Openprovider is a mature wholesale domain registration and reseller platform established in 2002, offering domain names, SSL certificates, and Plesk licenses primarily to resellers, digital agencies, and web hosting providers. The company positions itself as a cost-effective platform with automated services and membership plans tailored to different business sizes. Technically, the website is built on modern frameworks such as Next.js and hosted on Vercel, indicating a contemporary digital infrastructure. However, the site lacks a valid SSL certificate, which is a critical security flaw that undermines user trust and data protection. Security headers are implemented, but the absence of TLS protocols and other security best practices like DNSSEC and DMARC reduces the overall security posture. Privacy compliance is weak, with no visible privacy or cookie policies and no consent mechanisms. The WHOIS data confirms the domain's legitimacy and maturity, though domain protection locks are not enabled. Overall, the site demonstrates good business credibility and technical sophistication but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

P

Polyteknisk Boghandel og Forlag A/S

polyteknisk.dk

40

Polyteknisk Boghandel og Forlag A/S operates a specialized Danish bookstore focusing on technical and scientific literature, serving students and professionals primarily in education and construction sectors. The company has a mature market presence with a well-structured e-commerce platform complemented by physical stores. Their digital infrastructure incorporates modern marketing and analytics tools, including Google Tag Manager, Facebook Pixel, and Sleeknote, alongside a comprehensive cookie consent mechanism ensuring GDPR compliance. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines user trust and data security. Performance is suboptimal with slow load times and large page sizes, though mobile responsiveness and accessibility are adequately addressed. The business demonstrates strong credibility through clear contact information, certifications like E-mærke, and positive Trustpilot reviews. Strategic improvements in security posture and technical optimization are recommended to enhance overall risk management and user confidence.

C

ConvesioPay Dashboard

convesiopay.com

63

ConvesioPay is a relatively new payment service platform, established in 2023, providing a user dashboard for payment management. The website serves primarily as a login portal, indicating a business model focused on payment processing or financial services. The domain is registered with Cloudflare, Inc. and protected against unauthorized transfer, reflecting a legitimate and consistent registration profile. Technically, the site uses modern JavaScript modules, Google Fonts, and Google Tag Manager for analytics, but suffers from slow load times and lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled and SPF records configured, but lacks important security headers, HSTS, and DMARC records. Privacy compliance is minimal with no visible privacy or cookie policies, and no GDPR indicators. Overall, the site is functional but requires significant improvements in security, privacy, and performance to enhance trust and compliance.

R

Rocket.net

rocket.net

53

Rocket.net is a managed WordPress hosting provider targeting agencies, creatives, bloggers, enterprises, and WooCommerce store owners. The company positions itself as a leader in speed, security, and ease of use, leveraging Cloudflare Enterprise CDN and a suite of security features including a website firewall and malware protection. The website content is rich, professionally designed, and well-structured, providing clear information about services, customer testimonials, and multiple calls to action for demos and pricing plans. Technically, the site is built on WordPress with modern tools such as WP Rocket, HubSpot, and CookieYes for analytics and compliance. However, a critical security gap exists as no valid SSL certificate or HTTPS is detected, severely impacting the security posture. The site uses extensive third-party tracking and advertising networks but maintains GDPR compliance with a cookie consent mechanism. Overall, Rocket.net demonstrates a strong market presence and business credibility but must urgently address SSL/TLS and security header implementations to improve trust and security.

P

Pantheon Systems, Inc.

pantheon.io

56

Pantheon Systems, Inc. operates Pantheon.io, a leading WebOps platform designed for building, hosting, and managing high-impact websites primarily using WordPress, Drupal, and Next.js. The company positions itself as a comprehensive solution provider integrating operations, workflows, and governance to enable agile teams and fast digital launches. Their market position is strong, supported by recognized industry badges and a broad partner ecosystem including Google Cloud. Technically, the website is built on Drupal 10 and leverages modern marketing and analytics tools such as Marketo, Segment, and VWO, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with comprehensive policies and consent mechanisms via OneTrust. Overall, Pantheon.io demonstrates a professional, enterprise-grade web presence with excellent content and user experience but requires urgent improvements in SSL configuration to enhance security and trust.

R

Rhubarb Tech Inc.

objectcache.pro

65

Object Cache Pro is a specialized technology company providing a high-performance Redis object cache backend tailored for WordPress users. The company positions itself as a premium service provider with dedicated engineering support and a subscription-based business model. Their website reflects a mature and professional presence with strong endorsements from notable hosting partners, indicating a solid market position within the WordPress hosting and performance optimization niche. Technically, the website is built on WordPress and integrates modern tools such as Intercom for customer engagement and Google Analytics for tracking. However, the site suffers from a critical security flaw due to the absence of a valid SSL certificate, which undermines the security posture and user trust. While privacy policies are present, cookie consent mechanisms are lacking, which may pose compliance risks. Overall, the business appears credible and well-established, but immediate attention to SSL and privacy compliance is recommended.

I

Intermedia.net, Inc

intermedia.net

53

Intermedia.net, Inc is a well-established cloud communications company founded in 1993, providing a comprehensive suite of unified communications, business email, VoIP, contact center, security, and backup services to over 135,000 businesses. The company holds a strong market position as a leader in UCaaS, supported by multiple industry awards and certifications such as J.D. Power. Their target audience primarily consists of businesses seeking integrated cloud communication solutions. Technically, the website employs modern marketing and analytics tools including Marketo, Google Tag Manager, and Microsoft Clarity, but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms in place. Overall, the business credibility is high, supported by consistent WHOIS data and clear contact information.

T

The Horatio Alger Association of Canada, Inc.

horatioalger.ca

53

The Horatio Alger Association of Canada is a mature, medium-sized non-profit organization dedicated to providing scholarships and support services to young Canadians overcoming adversity. The website reflects a professional and consistent brand with clear messaging and a focus on education and empowerment. Technically, the site is built on WordPress with common plugins and tracking tools, but suffers from slow load times and lacks a valid SSL certificate, which significantly impacts security posture. Privacy policies are present but lack a cookie consent mechanism, indicating partial compliance with privacy regulations. Overall, the domain registration and WHOIS data align well with the organization's identity, supporting legitimacy. Strategic improvements in security and privacy compliance would enhance trust and user safety.

G

Gimbal

gimbal.com

51

Gimbal, operating under the Infillion brand, is a large media technology company specializing in omnichannel advertising solutions including DSP, location intelligence, and engagement advertising. The company targets agencies, publishers, resellers, and retail media networks with a comprehensive suite of products such as MediaMath, TrueX, and Gimbal location software. Their market position is strong, supported by partnerships with premium publishers and recognition in industry reports. Technically, the website is built on WordPress with a modern marketing technology stack including Google Analytics, Marketo, and Adobe Experience Platform. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and maintain trust.

C

CorroHealth

para-hcfs.com

61

CorroHealth is a clinically led healthcare analytics and technology company focused on optimizing revenue cycle management for hospitals and health systems. The company offers a comprehensive suite of services including utilization management, clinical documentation improvement, medical coding, chargemaster services, claims management, denials management, and value-based care solutions. Their market position is strong within the healthcare technology sector, targeting healthcare providers seeking to improve financial performance through intelligent technology and analytics. The website reflects a mature business with a professional and consistent brand presence, supported by structured data and social media integration. Technically, the website is built on WordPress using the Divi theme and incorporates modern marketing and analytics tools such as HubSpot, Google Tag Manager, Hotjar, and Microsoft Clarity. However, performance is moderate to slow, and accessibility features are basic. The site is hosted likely on Amazon AWS infrastructure and uses a Sucuri Cloudproxy WAF for protection. From a security perspective, while several security headers are properly configured and HSTS is enabled, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. There is no cookie consent mechanism despite the presence of tracking scripts, indicating a gap in privacy compliance. No explicit security or incident response policies are found on the site. Overall, the website demonstrates good business credibility and content quality but suffers from significant security shortcomings that should be addressed promptly to protect user data and maintain trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, implementing cookie consent, and enhancing privacy and security policies.

S

Smelt by Polaria

smeltbypolaria.no

50

Smelt by Polaria is a Norwegian e-commerce retailer specializing in sustainable, locally sourced interior and lifestyle products. The company targets environmentally conscious consumers in Norway, offering a broad product range from Nordic and European suppliers. Their business model focuses on online sales with additional services like click-and-collect and flexible payment options. The website demonstrates good content quality, clear navigation, and consistent branding, supported by trust signals such as certifications and customer reviews. Technically, the site uses modern JavaScript libraries and frameworks but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which severely impacts security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and build trust.

T

Talentech

reachmee.com

40

Talentech operates a mature and comprehensive recruitment and HR SaaS platform targeting growing companies and public sector organizations primarily in Sweden and the Nordic region. The platform offers integrated recruitment, onboarding, HR management, and AI-driven decision support services, positioning itself as a top-ranked solution with a large user base and extensive customer testimonials. Technically, the website is built on WordPress with common SEO and performance plugins, but suffers from a critical lack of a valid SSL certificate and slow page load times, which negatively impact security and user experience. Privacy policies and GDPR compliance are well addressed, with clear cookie and terms of service pages. The domain registration data aligns well with the business claims, indicating legitimacy and consistency. Overall, while the business and content quality are strong, the security posture requires urgent improvement to meet modern standards.

H

Horatio Alger Association

horatioalger.org

62

The Horatio Alger Association is a well-established 501(c)(3) non-profit organization dedicated to promoting the American Dream through scholarships and support services for students facing adversity. With a mature domain dating back to 1997 and a strong market position as one of North America's largest need-based scholarship providers, the organization demonstrates a clear commitment to education and philanthropy. The website reflects a professional and consistent brand image, targeting students, donors, and supporters with rich content and multimedia elements. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Google Site Kit, leveraging Cloudflare for hosting and CDN services. While the site is mobile-optimized and SEO-friendly, performance metrics are not fully available. Security posture is currently weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical issue that must be addressed to protect user data and maintain trust. Privacy compliance is partially met with the presence of privacy and legal policies, but lacks a cookie consent mechanism and explicit GDPR compliance indicators. Contact information is comprehensive and clearly presented, enhancing business credibility. Overall, the site is trustworthy and professional but requires urgent security improvements to align with best practices. Strategic recommendations include immediate SSL/TLS implementation, enabling modern security headers and protocols, and introducing cookie consent mechanisms to improve privacy compliance and user trust.

B

Black Student Fund

blackstudentfund.org

71

Black Student Fund is a mature, established non-profit organization focused on advancing STEM education, scholarships, and test preparation for students in the DMV area. The website reflects a strong community-oriented mission with clear educational programs and support services. The organization has a solid market position with a history dating back to 1963 and demonstrates trust through testimonials and social media presence. Technically, the site uses modern web technologies including Webflow CMS, jQuery, and Google Tag Manager, hosted behind Cloudflare CDN, providing moderate performance and good mobile optimization. Security posture is good with HTTPS enforced and key security headers present, though improvements such as HSTS preload and OCSP stapling are recommended. Privacy compliance is lacking due to absence of privacy and cookie policies, which should be addressed to meet GDPR and other regulations. Overall, the site is professional, trustworthy, and functional with minor gaps in privacy and security best practices.

I

Infillion

infillion.com

58

Infillion is a mature advertising technology company founded in 2014, offering a comprehensive omnichannel media platform that integrates managed service ad products and demand-side solutions. Their key services include MediaMath DSP, TrueX engagement ads, and location intelligence software like Gimbal. The company targets agencies, publishers, resellers, and retail media networks, positioning itself as a customizable and scalable solution provider with strong industry partnerships and privacy compliance. Technically, the website is built on WordPress with the Divi theme and integrates multiple marketing and analytics tools, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the business demonstrates strong branding, professional content, and a high trustworthiness level, but must urgently address its SSL and security posture to improve user trust and security.

K

Kelly Services Inc.

kellyconnect.com

52

KellyConnect is a business-to-business service provider specializing in contact center workforce and outsourcing solutions. The company operates as a subsidiary of Kelly Services Inc., a well-established enterprise founded in 1946 in the United States. KellyConnect offers tailored contact center optimization, managed services, and outsourcing solutions to enhance customer experience and operational efficiency for its clients. The website is professionally designed, targeting businesses seeking contact center services, and demonstrates consistent branding and good content quality. Technically, the site is built on the HubSpot CMS platform and integrates various marketing and analytics tools such as Google Analytics, Cookiebot, and Cheq for bot protection. However, the website suffers from a critical security issue: it lacks a valid SSL certificate and does not serve content over HTTPS, which significantly undermines its security posture. Other security best practices such as HTTP security headers and modern TLS protocols are also absent. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including GDPR-compliant consent mechanisms. Contact information is primarily available through contact forms, with no explicit emails or phone numbers found in the HTML content. Overall, while the business and content aspects are strong, the lack of HTTPS is a major risk that should be urgently addressed to protect user data and maintain trust.

K

Kelly Services Inc.

kellyfusion.com

52

Kelly Fusion is a business unit of Kelly Services Inc. specializing in people-first automated work solutions including digital workers, cobots, and workforce automation consulting. The company positions itself as a leader in global staffing and recruitment services with a focus on enhancing productivity and employee engagement through automation. The website is built on the HubSpot CMS platform and integrates various marketing and analytics tools such as Google Tag Manager and HubSpot Analytics. While the content is professionally presented and the site includes comprehensive privacy and cookie policies, the technical security posture is weak due to the absence of a valid SSL certificate and lack of security headers. This exposes the site to risks and undermines user trust. Performance is also suboptimal with slow load times. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and performance to align with best practices.

T

Teachers On Call, a Kelly Education company

teachersoncall.com

69

Teachers On Call, a division of Kelly Education and Kelly Services, operates as a leading staffing service specializing in providing licensed teachers, paraeducators, tutors, and early childhood education staff to over 150 school districts and 450 education centers primarily in the US Midwest and Northwest. The company has a mature online presence with a professionally designed website built on the HubSpot CMS platform, featuring comprehensive content and clear navigation tailored to both job seekers and school clients. The technical infrastructure leverages modern web technologies and integrates extensive marketing and analytics tools, ensuring robust user tracking and data collection with GDPR-compliant consent mechanisms. Security posture is strong with HTTPS, DMARC enforcement, and domain protection, though improvements such as enabling HSTS and DNSSEC could enhance resilience. Overall, the website reflects a trustworthy and credible business with a clear market position in the education staffing sector.

N

NextGen | GTA

kellytelecom.com

54

NextGen | GTA, a Kelly Telecom company, is a leading provider of innovative engineering, deployment, and talent solutions in the telecommunications and digital infrastructure industry. The company specializes in staffing, scope of work, and direct hire services, serving Tier-1 carriers and technology firms across the United States and Canada. Their market position is strong, supported by extensive client testimonials, industry awards, and a comprehensive service portfolio including 5G, fiber, RF design, and network optimization. Technically, the website is built on WordPress with modern plugins and integrations such as Gravity Forms, Cookiebot, and Google Analytics, hosted behind Cloudflare CDN. However, the site lacks a valid SSL certificate and HTTPS, which is a critical security gap. Security headers are partially implemented but the absence of TLS protocols and certificate transparency compliance significantly lowers the security posture. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the website is professional and trustworthy but urgently needs to address SSL/TLS issues to improve security and user trust.

R

Rotunda Software

ministryschedulerpro.com

49

Ministry Scheduler Pro is a specialized software solution designed to simplify church volunteer scheduling, targeting churches and ministries. The company, Rotunda Software, positions itself as a trusted provider with over 3,800 churches using its services. The platform offers automated scheduling, communication tools, and a mobile app to enhance volunteer engagement. Technically, the website employs modern JavaScript libraries, analytics, and animation technologies, hosted on AWS infrastructure. However, the absence of HTTPS and security headers significantly undermines the security posture, exposing users to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the business credibility is strong, supported by testimonials and a clear market focus, but urgent security improvements are necessary to protect users and maintain trust.

C

Cass County Memorial Hospital

casshealth.org

47

Cass Health is a mature healthcare provider organization based in the United States, specifically serving southwest Iowa. The website reflects a medium-sized rural hospital with a strong community focus, offering a wide range of medical services including specialty clinics, obstetrics, and rapid care. The organization is well-established with a domain age of 26 years and multiple awards that reinforce its market position and trustworthiness. Technically, the website is built on WordPress with modern front-end frameworks and integrates third-party services such as Algolia for search and Google Tag Manager for analytics. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security gap. Privacy and cookie policies are not found, indicating potential compliance issues. The site includes contact information and social media links, supporting user engagement but lacks explicit security or incident response policies. Overall, while the business and content quality are strong, the security posture and privacy compliance require urgent improvements to protect user data and enhance trust.

C

CMA CGM

cma-cgm.com

54

CMA CGM is a global leader in sea, land, air, and logistics solutions, offering a comprehensive range of services including maritime shipping, intermodal transport, air freight, and logistics. The company targets businesses requiring integrated supply chain and transportation services worldwide. The website reflects a mature digital presence with extensive content, customer portals, and service offerings, supported by a modern technology stack including Cloudflare CDN, Google Tag Manager, and bot protection services. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which poses significant risks to data confidentiality and user trust. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent remediation of SSL and encryption issues to enhance security and trust.

Expedia Group operates a leading B2B travel technology platform offering comprehensive solutions to partners across various travel-related industries. Their website reflects a mature enterprise with a strong market position, extensive partner ecosystem, and a focus on delivering technology-driven growth and traveler experience enhancements. Technically, the site is built on Adobe Experience Manager with integrations for marketing and analytics, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy policies are present and GDPR compliant, but contact information is not prominently displayed. Security posture is weak due to missing SSL and security headers, exposing the site to potential risks. Overall, the site is professional and content-rich but requires urgent security improvements.

N

Norsk institutt for kulturminneforskning (NIKU)

niku.no

54

Norsk institutt for kulturminneforskning (NIKU) is a Norwegian research institute specializing in cultural heritage research and consultancy services for both public and private sectors. The website presents a professional and content-rich platform showcasing their projects, news, and services, targeting stakeholders interested in archaeology, conservation, and cultural heritage. The organization maintains a consistent brand presence with active social media channels and a newsletter subscription option. Technically, the site is built on WordPress hosted on WP Engine with integrations such as Algolia Search, Google Tag Manager, and Hotjar, indicating a moderate level of digital maturity. However, the website suffers from a critical security issue with an invalid SSL certificate and lacks modern TLS protocol support, which undermines user trust and security. Privacy compliance is partial, with a clear privacy policy but no cookie consent mechanism detected. Overall, the site is credible and professional but requires urgent security improvements.

N

Norsk institutt for bioøkonomi

nibio.no

60

NIBIO (Norsk institutt for bioøkonomi) is a large Norwegian government research institute specializing in bioeconomy, agriculture, environment, and resource management. With approximately 750 employees, it holds a strong market position as a key knowledge provider in sustainable food production, plant health, forestry, and agricultural economics. The website reflects a mature and professional organization with comprehensive content targeting researchers, policymakers, and agricultural stakeholders. Technically, the site employs modern analytics (Matomo), consent management (Cookiebot), and uses frameworks like Bootstrap and Handlebars, hosted likely on Uninett infrastructure. However, the security posture is weak due to the absence of a valid SSL certificate and HTTPS, which is a critical vulnerability. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained but urgently needs to address its SSL/TLS configuration to improve security and user trust.

K

Kystverket

kystverket.no

60

Kystverket is a Norwegian government agency responsible for maritime safety, navigation, and environmental protection along the Norwegian coast. The website serves as a portal for digital maritime services, including navigation aids, real-time ship tracking, and environmental alerts. It targets maritime professionals, coastal communities, and the general public interested in maritime affairs. The agency holds a strong national position as the authoritative maritime body in Norway. Technically, the website leverages Microsoft Azure infrastructure, ASP.NET Core framework, and integrates advanced analytics and consent management tools such as Microsoft Application Insights, Google Tag Manager, and Cookie Information. The site uses Episerver CMS and Cloudflare for CDN services. Despite a rich technical stack, the site suffers from critical SSL/TLS misconfigurations, lacking a valid certificate and disabling all TLS protocols, which severely impacts security posture. Security-wise, while the site implements HSTS with preload and includes no known major vulnerabilities like Heartbleed or POODLE, the absence of a valid SSL certificate and TLS support is a critical flaw. Cookie consent and privacy policies are comprehensive and GDPR compliant, reflecting good privacy practices. Contact information and social media presence enhance trust and transparency. Overall, the site is professionally designed with good content quality and user experience but requires urgent remediation of SSL/TLS issues to ensure secure communications. Strategic recommendations include fixing the SSL certificate, enabling modern TLS protocols, and improving OCSP stapling and session resumption. These steps will significantly enhance the security posture and user trust.

K

Kartverket

kartverket.no

58

Kartverket is the Norwegian government agency responsible for geographic information, managing the national property register, and registering property ownership and shares in housing cooperatives. The website serves a broad audience including Norwegian citizens, public agencies, and businesses requiring geographic and property data. It holds a strong market position as the authoritative source for mapping and property registration in Norway. Technically, the site uses modern JavaScript frameworks and Google Tag Manager for analytics but suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw. The security posture is weak due to missing HTTPS, TLS protocols, and security headers, exposing users to potential risks. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

D

Direktoratet for strålevern og atomsikkerhet

dsa.no

74

Direktoratet for strålevern og atomsikkerhet (DSA) is a Norwegian government directorate responsible for radiation protection and nuclear safety. The organization operates as a national authority providing regulatory oversight, monitoring radioactive emissions, and disseminating information to the public and relevant sectors such as veterinary and medical fields. The website serves as an official communication channel offering news, regulatory information, publications, and contact resources. It targets Norwegian citizens, government agencies, and professional sectors involved with radiation safety. Technically, the website is built on the Enonic CMS platform, hosted on Fastly CDN, and employs modern web technologies including jQuery and Google Tag Manager. The site supports TLS 1.3 and 1.2 with strong cipher suites, ensuring secure communications. However, performance is suboptimal with a slow load time and a large page size. Accessibility and SEO optimizations are well implemented, and the site is mobile responsive. From a security perspective, the site enforces HTTPS with valid certificates and implements SPF and DMARC email authentication policies with strict reject rules, reducing email spoofing risks. The absence of HSTS and DNSSEC are notable gaps. No critical vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the website demonstrates a strong security posture and credible business presence consistent with a government agency. Recommendations include enabling HSTS, DNSSEC, and OCSP stapling to further harden security. Performance improvements would enhance user experience. The domain registration data aligns well with the organization's identity, supporting high trustworthiness.

H

Havforskningsinstituttet

imr.no

54

Havforskningsinstituttet is the largest marine research institute in Europe, based in Norway, focusing on marine research, advisory services, and environmental monitoring. The website reflects a well-established government entity with a large staff and a comprehensive content offering targeted at researchers, policymakers, and the public interested in marine science. Technically, the site uses modern web technologies and frameworks, ensuring good accessibility, SEO, and user experience. However, a critical security weakness is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site is professional and trustworthy but requires urgent security improvements.

A

Archdiocese of Washington

adwcatholicschools.org

40

The Archdiocese of Washington Catholic Schools website serves as a comprehensive informational portal for a network of 90 Catholic educational institutions ranging from preschool to high school across Washington D.C. and surrounding Maryland counties. The site effectively communicates the organization's mission, educational offerings, and community engagement, targeting families seeking faith-based education. The business model is non-profit and education-focused, with a medium-sized regional presence and a well-established brand identity. Technically, the website is built on WordPress with common libraries such as jQuery and FontAwesome, and integrates marketing and analytics tools including Google Analytics, Facebook Pixel, and LiveChat. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. SEO and mobile optimization are handled well, but accessibility features are basic. From a security perspective, the absence of HTTPS and modern TLS protocols is a major vulnerability. No security headers or consent mechanisms for cookies are present, exposing the site to potential data privacy compliance issues, especially under GDPR. Contact information is clearly provided, but no dedicated security or incident response policies are visible. Overall, while the website is content-rich and professionally presented, the lack of fundamental security measures and privacy compliance mechanisms poses significant risks. Strategic improvements in SSL deployment, security headers, and privacy policies are essential to enhance trust and protect user data.

K

Kelly Education

kellyeducation.com

68

Kelly Education is a well-established education staffing and workforce solutions provider operating primarily in the United States. The company serves over 10,000 schools and 1,000+ districts, offering a broad range of staffing services including substitute teaching, special education, tutoring, and HR administration. The website reflects a mature and professional business with consistent branding and a strong market position as a leader in education staffing. Technically, the site is built on HubSpot CMS, uses modern web technologies, and is hosted behind Cloudflare, ensuring good performance and security. Security posture is strong with HTTPS, proper security headers, and SPF/DMARC email protections, though some improvements like HSTS preload and certificate transparency compliance are recommended. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is trustworthy, user-friendly, and aligned with the company's business objectives.

K

KellyOCG

kellyocg.com

54

KellyOCG is a well-established enterprise workforce solutions provider with over 75 years of industry experience, serving primarily Fortune 100 companies and large global enterprises. Their service offerings include managed service provider solutions, recruitment process outsourcing, payroll outsourcing, and talent consulting. The website is built on HubSpot CMS and integrates multiple marketing, analytics, and advertising technologies, reflecting a mature digital marketing strategy. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security weaknesses that expose users to risks and reduce trust. Privacy compliance is well addressed with comprehensive cookie consent mechanisms and a detailed privacy policy, supporting GDPR compliance. Overall, the website demonstrates strong business credibility and content quality but requires urgent security improvements to meet enterprise-grade standards.

R

Rotunda Software LLC

rotundasoftware.com

53

Rotunda Software LLC is a small, self-funded technology company specializing in innovative volunteer management software solutions. Their products, including Volunteer Scheduler Pro and Ministry Scheduler Pro, serve non-profit organizations and volunteer-based groups, positioning them as a niche player in the volunteer management software market. The company emphasizes a fully remote, collaborative culture and showcases client testimonials and partnerships with reputable organizations such as The Salvation Army. Technically, the website employs modern JavaScript libraries, Google Analytics, and Google Tag Manager, hosted likely on AWS infrastructure. However, the site lacks a valid SSL certificate, resulting in insecure HTTP connections, which is a significant security concern. Privacy policies and terms of service are present on related domains but not directly on the main site, and no cookie consent mechanism is implemented. Overall, the security posture is basic with room for improvement in SSL/TLS configuration and security headers. The domain is mature and well-registered, supporting the legitimacy of the business. Strategic recommendations include implementing HTTPS, enhancing security headers, and improving privacy compliance to strengthen trust and security.

C

Catholic Foundation of Southwest Iowa

catholicfoundationiowa.org

50

The Catholic Foundation of Southwest Iowa is a mature, regionally focused non-profit organization dedicated to faith-based investing and planned giving within the Diocese of Des Moines. The foundation supports individuals, parishes, schools, and Catholic organizations by managing endowment funds, distributing grants, and providing philanthropic resources. The website reflects a well-structured and content-rich platform with clear navigation and active social media engagement. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and HTTPS enforcement, which poses significant risks to user trust and data protection. The foundation uses a WordPress CMS with multiple plugins and integrates Google Analytics and Stripe for payments, indicating a moderate level of digital maturity. Despite the lack of explicit privacy and security policies, the organization demonstrates transparency through annual reports and board information. Overall, the site is functional and professional but requires urgent security improvements to align with best practices and regulatory expectations.

F

Freelance diseñador Wordpress SEO Mònica Cabaní

monicacabani.com

36

Mònica Cabaní operates as a freelance web designer specializing in WordPress, SEO, and Google Ads based in Barcelona, Spain. With over 12 years of experience, she offers a comprehensive suite of services including custom WordPress website design, WooCommerce online stores, SEO optimization, Google Ads consultancy, website maintenance, and GDPR compliance. The website is well-structured, professionally designed, and targets startups, freelancers, companies, and agencies seeking effective online presence and digital marketing solutions. Technically, the site is built on WordPress using the Avada theme and several popular plugins, but suffers from a lack of valid SSL certificate and slow loading times, which are critical security and performance concerns. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business information is transparent and consistent with domain registration data, enhancing trustworthiness.

P

Programon

programon.co

47

Programon is a US-based small technology and marketing agency founded in 2021, specializing in digital growth solutions including marketing, web development, e-commerce, immersive experiences, and internal business applications. The company targets startups and established businesses seeking scalable and innovative digital strategies. Technically, the website is built on Webflow with modern JavaScript libraries and integrates marketing and analytics tools such as Google Tag Manager and ActiveCampaign. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, representing a critical security vulnerability. Privacy compliance is weak, with no visible privacy or cookie policies, and no incident response or security policies published. The domain is privacy protected, which is typical for small agencies, and shows no signs of suspicious activity or subdomain takeover risks. Overall, the website is professionally designed with rich content and clear contact information but requires urgent security and compliance improvements.

3

3dids.com Agencia de Marketing

3dids.com

56

3dids.com Agencia de Marketing is a well-established digital marketing and ecommerce agency based in Spain, specializing in Shopify platform services and ecommerce internationalization. As part of the Publicis Group, it leverages extensive industry experience and a broad partner ecosystem to deliver comprehensive digital strategies, CRM activation, SEO, and AI-driven productivity enhancements. The website reflects a mature digital presence with rich content, client testimonials, and strong branding. Technically, the site is built on Shopify with Cloudflare hosting and uses modern JavaScript libraries and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses a critical risk. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by strong trust signals and transparent domain registration.