Security Directory

T

Tabular Editor

tabulareditor.com

54

Tabular Editor is a technology company specializing in providing a productivity tool for Analysis Services and Power BI Tabular modeling. Their flagship product, Tabular Editor 3, is positioned as a trusted solution among BI professionals worldwide, offering features to build, debug, and optimize data models efficiently. The website reflects a professional and well-branded presence with comprehensive content, testimonials, and clear calls to action for purchasing or trialing the software. Technically, the site is built on HubSpot CMS with integrations for analytics and marketing, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the business demonstrates strong market positioning and credibility but needs to address critical security issues to improve trust and compliance.

T

twoday

twoday.dk

40

twoday is a large Danish technology company specializing in digital transformation, AI, software engineering, business applications, and cloud platform services. With over 3,000 specialists and more than 8,000 customers across the Nordic region, twoday positions itself as a leading Microsoft Solution Partner delivering comprehensive IT consulting and digital solutions for private and public sectors. The website is professionally designed, content-rich, and well-branded, targeting organizations seeking advanced technology services. Technically, the site leverages HubSpot CMS and modern JavaScript libraries but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are present but cannot compensate for the missing SSL/TLS configuration. Privacy compliance is strong with clear privacy and cookie policies and a consent mechanism. Overall, the site demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

T

twoday

twoday.lt

54

twoday is a large IT services company based in Lithuania, specializing in advanced software development, software modernization, and business analytics and AI solutions primarily for the Nordic and Northern European markets. The company positions itself as a leading technology partner with a strong focus on SaaS products and digital transformation, serving over 8000 customers with nearly 3000 employees. The website is professionally designed, content-rich, and well-structured, leveraging HubSpot CMS and modern JavaScript libraries for enhanced user experience and marketing analytics. However, a critical security concern is the invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are present and integrated with consent management tools, indicating good privacy compliance. No explicit terms of service or security incident response policies are publicly disclosed. Strategic improvements in SSL configuration and security best practices are recommended to enhance overall security and trust.

T

twoday

twoday.se

40

twoday is a large Nordic IT consultancy specializing in IT consulting, data and AI, software engineering, digital experiences, business applications, and cloud platforms with security focus. The company serves over 8,000 clients in both public and private sectors, supported by a team of 2,700 technology experts. The website is professionally designed, content-rich, and well-structured, targeting large and medium-sized organizations primarily in Sweden and the Nordic region. Technically, the site uses HubSpot CMS, Bootstrap, jQuery, and modern JavaScript libraries, hosted behind Cloudflare. However, the SSL/TLS configuration is currently invalid or missing, which significantly impacts the security posture. Security headers are present but cannot compensate for the lack of valid HTTPS. Privacy compliance is strong with a clear privacy policy, cookie policy, and consent mechanisms implemented via Cookiebot. Contact information is clearly provided including email, phone, and a contact form. Overall, the site is professional and trustworthy but requires urgent SSL/TLS fixes to improve security and trust.

T

twoday

twoday.no

56

twoday is a leading Nordic IT solutions provider specializing in digital transformation, data-driven technologies, and consultancy services for both public and private sectors. The company offers a broad range of services including Data & AI, Software Engineering, Digital Experiences, Business Applications, and Cloud Platforms and Security. Their market position is strong, supported by strategic partnerships with government agencies and recognition as a top employer. Technically, the website is built on HubSpot CMS with modern JavaScript libraries and frameworks, hosted via Cloudflare, and integrates multiple marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled HTTPS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a professional and trustworthy image but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

T

twoday

twoday.com

74

twoday is a large Nordic IT services company specializing in software development, data & AI solutions, consulting, and digital transformation services for public and private sector clients. The company holds a strong market position as a Nordic leader in AI and data engineering, reinforced by strategic acquisitions such as Kaito Insight and major contracts with government agencies. Their website reflects a mature digital presence built on HubSpot CMS, leveraging modern JavaScript libraries and cloud hosting via Cloudflare. Security posture is strong with HTTPS enforcement, security headers, and no detected vulnerabilities, though improvements in HSTS and transparency compliance are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, twoday demonstrates a professional, trustworthy, and technically sound online presence suitable for its B2B audience.

T

twoday

twoday.fi

40

twoday.fi is the official website of twoday, a large Finnish technology consulting company specializing in digital transformation, data and AI solutions, business applications, and software development. The company serves Finnish enterprises and public sector clients, positioning itself as a leading Nordic technology partner with a strong workforce of 3000 experts. The website is built on HubSpot CMS, hosted behind Cloudflare, and employs modern web technologies and security best practices. Security headers and HTTPS are properly configured, with minor recommendations for enhancement. Privacy and cookie policies are comprehensive and GDPR compliant, supported by a consent mechanism. The site features rich content including client case studies, blog posts, and news updates, reflecting a mature digital presence. Overall, the website demonstrates a high level of professionalism, technical maturity, and security awareness, making it a trustworthy platform for its target audience.

O

Oma Säästöpankki Oyj

omasp.fi

40

Oma Säästöpankki Oyj operates as a Finnish savings bank providing comprehensive banking services to both individual and corporate customers. The company emphasizes personalized customer service through digital channels, direct phone contact, and physical branches. Their market position is that of a trusted, customer-centric financial institution with a strong local presence in Finland. Key services include loans, savings, investments, and digital banking solutions. The website reflects a mature digital infrastructure built on Drupal CMS, hosted on AWS, and integrates modern marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. Security posture is robust with HTTPS enforced, strong cipher suites, and OCSP stapling, though improvements like TLS 1.3 and HSTS could enhance security further. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the website is professional, trustworthy, and user-friendly, though performance optimization could be improved due to a relatively slow load time.

H

Highspot

highspot.com

59

Highspot is a leading sales enablement platform provider offering a unified, AI-driven solution to improve marketing effectiveness, sales productivity, and revenue growth. The company targets global enterprise customers and provides a comprehensive suite of tools including sales content management, playbooks, buyer engagement, training, coaching, and analytics. Recognized by industry analysts and awards, Highspot holds a strong market position in the technology sector. The website demonstrates a mature digital presence with extensive marketing and analytics integrations, professional design, and comprehensive privacy compliance. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. The site lacks explicit security and incident response policies, which could be improved to enhance overall security posture. Performance is suboptimal with slow load times and large page size, suggesting opportunities for optimization. Strategic recommendations include immediate remediation of SSL/TLS issues, enabling modern security protocols, and enhancing transparency around security policies to strengthen trust and compliance.

O

Onninen Oy

onninen.com

54

Onninen Oy is a large technical wholesale company specializing in HEPAC, electrical, refrigeration, and energy products. It serves contractors, industry, infrastructure builders, and retail dealers primarily in Finland and several other European countries through a network of physical stores and electronic channels. The company is part of the K Group, a significant player in building and technical trade with substantial international presence. Technically, the website is built using modern frontend technologies such as React and Next.js and uses Google Tag Manager for analytics. However, the website suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The site also lacks privacy and cookie policies, security headers, and other best practices, which impacts its security posture and privacy compliance negatively. Performance is slow, but mobile optimization and content quality are good, with clear business information and consistent branding. Overall, the website is functional but requires urgent improvements in security and privacy compliance to meet modern standards.

K

Kesko Oyj

k-lataus.fi

40

K-Lataus is a nationwide electric vehicle charging network operated under Kesko Oyj and its subsidiary K-Auto. The service offers a comprehensive network of charging stations across Finland, including basic, fast, and high-power charging options, all powered by renewable energy, primarily domestic wind power. The platform supports both private and corporate customers with features such as mobile applications, RFID tags, and corporate accounts. The website provides extensive content including news, instructions, pricing, and customer support, reflecting a mature and customer-focused business model. Technically, the website is built on Microsoft IIS with ASP.NET backend, uses Contentful CMS for content management, and employs modern JavaScript libraries such as jQuery and lazy loading for images. The site is hosted on Elisa's infrastructure with CDN usage for assets. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a significant security concern. DNS configuration lacks DNSSEC and CAA records, and security headers and best practices are minimal. Security posture is weak due to missing HTTPS and related protections, although no active vulnerabilities like Heartbleed or POODLE were detected. Privacy compliance is good with clear privacy and cookie policies, GDPR adherence, and strong DMARC email policies. Business credibility is high with clear company information, extensive content, and active customer engagement. Overall, while the business and content quality are excellent, the lack of HTTPS and modern security configurations significantly lowers the security score and overall risk posture. Addressing these security gaps is critical to protect user data and maintain trust.

B

Becca

hellobecca.com

66

Becca is a hospitality advisory and communications agency with a strong market presence, operating from offices in New York, Los Angeles, and London. The company focuses on shaping stories, honing visions, and growing audiences for hospitality brands, positioning itself as a strategic partner in the hospitality industry. Their key services include communications, experiences, social media, and strategic advisory through their Parrish Co brand. The website reflects a professional and modern digital presence, leveraging WordPress and associated technologies to deliver a rich user experience with strong SEO and social media integration. Security posture is good with HTTPS, modern TLS protocols, and Cloudflare CDN, though some advanced security headers and DNS protections could be improved. Privacy and cookie policies are present and GDPR compliant, with user data collected primarily via secure forms. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its target audience in the hospitality sector.

O

Onninen Oy

onninen.fi

40

Onninen Oy is a leading Finnish technical wholesaler specializing in HVAC, electrical, refrigeration, and energy products. The company serves professional customers through a comprehensive e-commerce platform and a nationwide network of Express stores. Onninen emphasizes energy efficiency and sustainability, offering a broad range of products including solar panels, heat pumps, and smart home solutions. Their digital maturity is evident with integrated services such as mobile apps, procurement system interfaces, and extensive product information. Security posture is strong with HTTPS, HSTS, CSP, and secure cookie practices. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Onninen presents a professional, trustworthy, and well-structured platform supporting its business operations and customer engagement.

K

Kespro

kespro.com

47

Kespro is a large Finnish foodservice wholesaler owned by Kesko Oyj, serving a broad range of customers including restaurants, hotels, cafes, public institutions, and retail chains. The company positions itself as the largest foodservice wholesaler in Finland, offering extensive product selections and digital services to enhance customer experience. The website reflects a professional and well-branded digital presence with comprehensive content and clear navigation, targeting hospitality and retail sectors in Finland. Technically, the site uses modern JavaScript frameworks such as React and integrates marketing and consent management tools like Google Tag Manager and OneTrust. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and HTTPS is not enabled, exposing users to potential risks. Security headers are absent, and performance is slow with a high page load time. Privacy compliance is strong with clear policies and consent mechanisms. Contact information is complete and prominently displayed, including phone, email, and physical address. Social media presence is active across major platforms. Overall, the site is professional and content-rich but requires urgent security improvements to protect users and enhance trust.

K-Plussa is a comprehensive loyalty program operated by Kesko, a major Finnish retail company. The website serves as a portal for members to access personalized offers, manage their membership, and learn about benefits across a wide network of retail and service partners. The program targets Finnish consumers, including specific segments such as students and shareholders, positioning itself as the leading loyalty program in Finland with extensive partner integration. Technically, the site is built using modern web technologies including React and styled-components, hosted behind Cloudflare, and integrates Google Tag Manager for analytics. However, the site lacks a valid SSL certificate, which severely impacts its security posture. While privacy and cookie policies are well documented and GDPR compliant, the absence of HTTPS and security headers exposes the site to risks. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and maintain trust.

B

Budget Sport

budgetsport.fi

40

Budget Sport is a Finnish-based large retail e-commerce platform specializing in affordable sportswear and equipment. It operates under the parent company Intersport Finland Oy and targets Finnish consumers with a broad product range including running, cycling, football, and golf gear. The website is well-structured with clear navigation, multiple product categories, and a consistent brand presence. Technical infrastructure includes modern web technologies such as lazy loading and templating, hosted via Cloudflare with integration of Google Tag Manager and Google Maps API. However, the site currently suffers from a critical security issue: the SSL certificate is invalid or missing, and TLS protocols are disabled, severely impacting the security posture. Despite this, privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site scores well on content quality and business credibility but requires urgent remediation of SSL/TLS configuration to improve security and trust.

T

Taikala Oy

clubway.de

40

Clubway is a cloud-based SaaS platform developed by Taikala Oy, specializing in administrative software for sports clubs. It offers comprehensive features such as member management, course registrations, event scheduling, attendance tracking, financial management, and mobile app support. The company is well-positioned in the European market with over 950 clubs as customers, emphasizing GDPR compliance and user-friendly solutions. Technically, the website leverages modern frameworks like React and Gatsby, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Privacy compliance is strong with clear policies and consent mechanisms. Security weaknesses include missing HTTPS and modern TLS protocols, which are critical to address. Overall, Clubway presents a professional and trustworthy service with room for technical and security improvements.

B

Brookfield Real Estate Income Trust

brookfieldreit.com

64

Brookfield Real Estate Income Trust (Brookfield REIT) is a large-scale real estate investment trust providing individual investors access to private real estate opportunities focused on income generation and capital appreciation. The company leverages a global network of experts and a partnership with Brookfield Oaktree Wealth Solutions to deliver diversified real estate investment products. The website is professionally designed, content-rich, and targets both individual investors and financial advisors with clear calls to action and comprehensive disclosures. Technically, the site is built on Drupal 10, hosted on Pantheon infrastructure, and employs modern web technologies including Google Tag Manager and OneTrust for cookie consent. The site is mobile optimized, accessible, and SEO friendly with structured data enhancing search visibility. Performance is fast with no blocking or WAF detected. Security posture is solid with HTTPS enforced and key security headers present, though improvements are recommended in HSTS configuration and DNS security (DNSSEC, CAA). No critical vulnerabilities or exposed sensitive data were found. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with strong business credibility and trust indicators. Strategic recommendations include enhancing DNS security, strengthening HSTS policies, and publishing explicit security and incident response policies to further improve trust and compliance.

B

Brookfield

brookfield.com

61

Brookfield is a globally recognized investment firm specializing in managing and investing in high-quality assets across sectors such as renewable energy, infrastructure, private equity, real estate, and credit. The company targets institutional investors, financial advisors, and shareholders, offering a diversified portfolio and long-term value creation. The website reflects a mature digital presence with a professional design, comprehensive content, and multi-language support. Technically, the site is built on Drupal 10, hosted on Pantheon, and integrates modern tools like Google Tag Manager and OneTrust for privacy compliance. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a significant risk. Privacy and cookie policies are well implemented with consent mechanisms, and business credibility is high due to clear branding and detailed investor information. Overall, the site is functional and professional but requires urgent remediation of SSL/TLS issues to improve security and trust.

P

Prosek Partners

prosek.com

51

Prosek Partners is a well-established integrated communications and marketing firm with over 30 years of experience, primarily serving clients in finance, investor relations, and related sectors. The company offers a broad range of services including PR, crisis management, digital marketing, and public affairs, positioning itself as a future-focused leader in its industry. The website reflects a professional and polished brand image with comprehensive content and strong SEO and accessibility features. Technically, the site is built on WordPress with modern plugins and integrations but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS enforcement. This significantly impacts the security posture and trustworthiness from a technical perspective. Privacy and cookie policies are present and indicate GDPR compliance, though no explicit security or incident response policies are published. Overall, the site is user-friendly and credible but requires urgent security improvements to protect user data and enhance trust.

Oaktree Capital Management, L.P. operates a comprehensive real estate investment platform focusing on undervalued properties with an emphasis on risk control and value-added strategies. The company targets institutional and public investors, leveraging a global footprint and extensive industry expertise to manage and grow real estate assets. The website reflects a mature enterprise with professional content, consistent branding, and a clear business model centered on real estate investment management. Technically, the site uses modern frameworks such as Bootstrap 5 and jQuery, hosted likely behind Cloudflare, and employs Sitefinity CMS. However, performance is slow with a high resource count and long load times. Security posture is weak due to the absence of a valid SSL certificate, lack of security headers, and missing DNSSEC, which significantly lowers the security score. Privacy compliance is well addressed with a cookie consent banner and a comprehensive privacy policy. Overall, the site is professional and trustworthy but requires urgent security improvements to protect users and data.

B

Brookfield Oaktree Wealth Solutions

brookfieldoaktree.com

60

Brookfield Oaktree Wealth Solutions is a prominent investment management firm specializing in alternative investments including real estate, infrastructure, private equity, renewables, credit, and equities. The company leverages the expertise of its parent and partner companies, Brookfield Corporation and Oaktree Capital Management, to provide institutional-caliber solutions to financial advisors and private wealth investors. The website is professionally designed with comprehensive content and clear navigation, targeting a sophisticated financial audience. Technically, the site is built on Drupal 10 and hosted on Pantheon, employing modern web technologies and analytics tools such as Google Tag Manager and LinkedIn Insight Tag. Security posture is moderate; while security headers are implemented, the SSL certificate is invalid, which poses a significant risk. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms in place. Overall, the site demonstrates high business credibility and professionalism but requires urgent SSL certificate remediation to improve security and trust.

Paytrail Oyj is a leading Finnish payment institution specializing in providing a comprehensive range of payment methods for online merchants under a single agreement. The company serves over 20,000 customers including major Finnish banks and large enterprises, positioning itself as a trusted and scalable payment service provider in the Finnish e-commerce and finance sectors. It operates as part of the Nexi/Nets Group, leveraging strong partnerships and brand recognition. The website is professionally designed, content-rich, and targets online merchants, developers, and partners with detailed service information and customer testimonials. Technically, the site is built on HubSpot CMS with modern marketing and analytics tools integrated, including Cookiebot for consent management and Google Tag Manager for tracking. However, a critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts the site's security posture. While security headers and privacy policies are well implemented, the lack of proper HTTPS undermines trust and compliance. Overall, the site demonstrates good business credibility and privacy compliance but requires urgent remediation of SSL/TLS issues to ensure secure operations and maintain customer trust.

O

Oaktree Capital Management

oaktreecapital.com

51

Oaktree Capital Management is a global investment firm specializing in alternative investments, including credit, equity, and real estate strategies. The company positions itself as a leader and pioneer in alternative investments, targeting investors and financial professionals. The website presents comprehensive business information, including detailed strategy descriptions, investor resources, and press coverage, reflecting a mature and enterprise-level business model. Technically, the website uses modern frameworks such as Bootstrap 5 and jQuery, with a CMS likely Sitefinity, and integrates marketing and analytics tools like Google Tag Manager and Evidon for cookie consent. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and HTTPS is not properly enabled, severely impacting the security posture. No security headers are present, and advanced SSL features like HSTS and OCSP stapling are missing. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

M

Mallaskoski

mallaskoski.com

53

Mallaskoski is a Finnish brewery with a rich heritage dating back to 1921, specializing in craft beers that emphasize quality, authentic flavors, and respect for Finnish brewing traditions. The company targets beer enthusiasts and horeca businesses within Finland, offering a range of seasonal and specialty beers, horeca supply services, and a brewery restaurant experience. The website reflects a medium-sized business with consistent branding and a professional online presence, including active social media channels and newsletter engagement. Technically, the site is built on WordPress with modern performance optimizations and uses Cloudflare for CDN and security. However, the absence of a valid SSL certificate and HTTPS configuration is a critical security gap. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. The site lacks explicit terms of service and detailed security or incident response policies. Overall, the business demonstrates solid market positioning but requires urgent security improvements to protect user data and enhance trust.

S

Suomen Asianajajat – Finlands Advokater – Finnish Bar Association

asianajajaliitto.fi

36

Suomen Asianajajat is the Finnish Bar Association, a government-related professional organization regulating and supporting lawyers in Finland. The website serves as an authoritative source for legal professionals and the public, offering information on regulation, education, membership, and legal assistance. The site is multilingual and professionally designed, reflecting a mature digital presence. Technically, it is built on WordPress with modern plugins and hosted on a LiteSpeed server, but lacks a valid SSL certificate, which is a critical security flaw. Email security is well managed with SPF and DMARC records. Overall, the security posture is weak due to missing HTTPS, but privacy compliance and business credibility are strong. Strategic improvements in SSL deployment and security policies are recommended to enhance trust and compliance.

V

Valvontalautakunta

valvontalautakunta.fi

35

Valvontalautakunta is a Finnish government supervisory authority overseeing legal professionals including lawyers, public legal aid attorneys, and licensed legal representatives. The website serves as an official portal providing information on supervision, complaint filing, fee disputes, and publishing supervisory decisions. It targets legal professionals and clients seeking regulatory information in Finland. The organization is small-sized and founded around 2020, with a clear government sector focus. The website content is professionally structured and consistent with the organization's mission.

A

Applied Systems, Inc.

useindio.com

58

Indio, a platform operated by Applied Systems, Inc., offers a SaaS solution focused on digitizing and simplifying the insurance application and renewal process for agencies and brokers. The website presents a professional and user-friendly experience targeting insurance professionals seeking to modernize workflows. Technically, the site integrates multiple marketing and analytics tools, including Google Analytics, Facebook Pixel, LinkedIn Insight, Marketo, and OneTrust for cookie consent, hosted behind Cloudflare. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS enforcement, which is a critical issue for trust and compliance. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms. Overall, the site is well-branded and content-rich but requires urgent security improvements to meet modern standards.

I

Ivans

ivans.com

64

Ivans is an enterprise-level technology company specializing in digital insurance software that connects carriers, MGAs, and agencies. Positioned as a leading industry network, Ivans offers a suite of solutions designed to streamline workflows across the insurance lifecycle, enhancing connectivity and business growth. The company operates under the parent organization Applied Systems, Inc., and targets insurance professionals including agents and brokers. Their offerings include digital distribution platforms, claims communications, and industry insights, supported by a strong brand presence and multiple awards. Technically, the Ivans website employs a modern technology stack including jQuery, Bootstrap, and various marketing and analytics tools such as Marketo, Google Tag Manager, and Drift Chat. The site is hosted with Cloudflare DNS and supports TLS 1.3 and 1.2, ensuring secure HTTPS connections. However, performance is suboptimal with a slow page load time and large page size, and some security best practices like HSTS and certificate transparency are not fully implemented. From a security perspective, Ivans demonstrates a solid baseline with no critical vulnerabilities detected, valid SPF records, and OCSP stapling enabled. The absence of a publicly available security policy or incident response contact is a notable gap. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR considerations. The site integrates extensive tracking and marketing tools, indicating a high level of user data collection and tracking. Overall, Ivans presents a professional, trustworthy, and well-branded digital presence with strong business credibility. The main areas for improvement include enhancing website performance, strengthening SSL/TLS security configurations, and publishing explicit security policies and incident response information to bolster trust and compliance.

A

Applied Systems, Inc.

tarmika.com

67

Tarmika.com is a commercial quoting tool website operated by Applied Systems, Inc., targeting independent insurance agents and carriers. The platform offers a single-entry quoting solution designed to streamline commercial insurance quoting processes, enabling agencies to increase efficiency and expand market reach. The website positions itself as a niche SaaS provider within the insurance technology sector, leveraging Applied Systems' brand and partnerships to enhance credibility. Technically, the site is built on WordPress with Elementor, integrating multiple marketing and analytics tools such as Google Tag Manager, Marketo, and Drift chat. While the SSL certificate is valid and SPF/DMARC records are properly configured, the site lacks advanced security headers and a cookie consent mechanism, which are important for GDPR compliance and security hardening. Performance metrics indicate a slow load time and large page size, suggesting optimization opportunities. Overall, the site demonstrates a good level of professionalism, content quality, and business credibility but could improve in privacy compliance and security posture.

A

Applied Client Network

appliedclientnetwork.org

53

Applied Client Network is an independent global user community focused on the Applied Systems insurance software ecosystem. It provides education, industry advocacy, peer networking, and product influence to insurance agencies and professionals. The organization positions itself as a key resource for various roles within insurance agencies, including IT managers, account managers, and principals. Technically, the website is built on the DNN CMS platform, hosted on Amazon AWS infrastructure, and utilizes modern web technologies such as jQuery, Font Awesome, and Google Tag Manager. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a significant security concern. The presence of cookie consent mechanisms and a comprehensive privacy policy indicates good privacy compliance. Overall, the site offers good content quality and business credibility but requires urgent improvements in security posture to protect user data and enhance trust.

G

Google

piaselect.com

60

The website analyzed is the localized German version of Google's main search homepage, representing a global technology leader in internet services and advertising. The site provides a clean, professional user interface with comprehensive privacy and cookie policies that comply with GDPR standards. The business model is primarily advertising-driven, targeting a broad audience of internet users worldwide. The technical infrastructure leverages Google's proprietary technologies and frameworks, delivering a fast and mobile-optimized experience. However, a critical security issue is present due to the lack of a valid SSL certificate and disabled TLS protocols, severely impacting the security posture. While security headers are well implemented, the absence of proper HTTPS undermines user trust and data protection. Overall, the site is highly professional and trustworthy but requires urgent remediation of SSL/TLS to ensure secure communications.

AutomationSG is a professional association based in Singapore focused on the Automation, Internet-of-Things (IoT), and Robotics sectors. It serves companies and professionals by providing membership services, industry initiatives such as the Singapore Pavilion funding support, Career Conversion Programme partnership, and the AIRHUB innovation platform. The website positions AutomationSG as a key industry association with a medium-sized presence in the Singapore technology sector. The digital infrastructure is built on Drupal 10 with Bootstrap 5, featuring good mobile optimization and accessibility, but lacks performance data. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, exposing the site to risks and lowering trust. Privacy compliance is minimal with no visible privacy or cookie policies. Contact information is clearly provided, including email, phone, and physical address, alongside social media presence on LinkedIn and YouTube.

A

Applied Systems, Inc.

appliednet.com

35

Applied Net is a specialized annual user conference organized by Applied Systems, Inc., targeting insurance agents, brokers, and software users within the Applied Systems ecosystem and its subsidiaries such as EZLynx, Tarmika, and Ivans. The event focuses on education, innovation, and networking, positioning itself as a premier industry gathering. The website reflects a mature digital presence with comprehensive content, structured data, and integration of modern web technologies. However, the absence of a valid SSL certificate and lack of HTTPS enforcement significantly undermine the site's security posture. While the site employs trusted third-party services like Google Tag Manager and Brightcove for analytics and media delivery, the missing cookie consent mechanism and incomplete security headers indicate areas for compliance improvement. Overall, the business credibility and content quality are strong, but technical and security enhancements are critical to ensure trust and compliance.

A

Applied Systems, Inc.

appliedsystems.com

50

Applied Systems, Inc. is a leading enterprise technology company specializing in insurance software and agency management solutions for independent insurance agencies and brokers. The company offers a comprehensive suite of cloud-based products including agency management platforms, marketing automation, digital payments, and business intelligence tools. With a strong market position evidenced by adoption among top insurance brokerages and multiple industry awards, Applied Systems serves a primarily US-based audience with a focus on innovation and digital transformation in the insurance sector. The company was founded in 1983 and operates several subsidiaries such as EZLynx, Ivans, Indio, and Tarmika, enhancing its product ecosystem. Technically, the website employs modern JavaScript libraries like jQuery and Bootstrap, integrates marketing tools such as Marketo Forms, and uses Google Tag Manager for analytics. Hosting is via Cloudflare, but a critical security gap exists due to the absence of a valid SSL certificate and disabled TLS protocols, severely impacting the security posture. The site is well-structured with comprehensive metadata, JSON-LD structured data, and good SEO practices, providing a professional and trustworthy user experience. Security-wise, the lack of HTTPS and TLS support is a major vulnerability, exposing users to risks and undermining trust. While privacy and cookie policies are present and GDPR compliant, no explicit incident response or vulnerability disclosure mechanisms were found. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to meet modern standards and protect user data effectively.

P

Progressive Casualty Insurance Company

progressiveagent.com

53

Progressive Agent is a prominent insurance platform offering expert advice and insurance products through a vast network of independent insurance agents across the United States. The website serves as a portal for consumers to find agents and explore a wide range of insurance products including auto, home, renters, motorcycle, commercial, and bundled insurance options. The company positions itself as a market leader in auto and commercial insurance through independent agents, emphasizing personalized service and comprehensive coverage options. Technically, the website employs modern JavaScript libraries such as jQuery, integrates advanced analytics and monitoring tools including Google Analytics, Quantum Metric, and AppDynamics, and uses a responsive design optimized for desktop and mobile devices. However, the site suffers from a critical security deficiency due to the absence of a valid SSL certificate and proper HTTPS configuration, which undermines user trust and data security. Security headers are partially implemented, providing some protection against common web vulnerabilities, but the lack of HTTPS and TLS support is a significant risk. Privacy compliance is moderate with a clear privacy policy present but lacking a visible cookie consent mechanism. Contact information is available primarily via phone and forms, with no direct company emails found. Social media presence is strong across major platforms. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to protect users and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, and implementing cookie consent to enhance privacy compliance.

P

Progressive Casualty Insurance Company

progressivecommercial.com

53

Progressive Commercial is a leading provider of commercial insurance products in the United States, specializing in commercial auto, business insurance, workers' compensation, general liability, cyber insurance, and professional liability. The website serves as a comprehensive portal for small to medium business owners to obtain quotes, access resources, and manage claims. The company holds a strong market position as the #1 commercial auto insurer and truck insurer based on industry data. Technically, the site uses modern JavaScript libraries, tracking tools, and is built on an ASP.NET MVC framework, providing a good user experience with mobile optimization and accessibility features. However, the security posture is weakened by the lack of a valid SSL certificate and HTTPS enforcement, which is critical for protecting user data and trust. Privacy compliance is partial, with privacy and terms pages present but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

I

Independent Agent Giving

agentgiving.com

58

Independent Agent Giving is a community-focused platform supporting independent insurance agents affiliated with Liberty Mutual and Safeco Insurance. The website promotes charitable giving, volunteerism, and awards programs to recognize agents' community contributions. It serves a niche market of insurance agents seeking to deepen their social impact and community engagement. The site is moderately sized and professionally branded with consistent messaging and trust signals linked to its parent companies. Technically, the site is built on WordPress and hosted on Pantheon, utilizing modern analytics and monitoring tools such as Google Tag Manager and New Relic. However, the site lacks a valid SSL certificate, which significantly impacts its security posture. Security headers are present but incomplete, and no cookie consent mechanism is detected, indicating partial privacy compliance. Overall, the website offers good content quality and user experience but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

E

EZLynx

ezlynx.com

46

EZLynx is a well-established software company specializing in cloud-based insurance agency software solutions, including comparative rating, agency management systems, and CRM software tailored for independent insurance agencies. Founded in 2003 and headquartered in the United States, EZLynx operates under the parent company Applied Systems, Inc. The company holds a strong market position supported by industry awards, a large user base, and a comprehensive suite of integrated services designed to streamline insurance agency workflows and improve operational efficiency. Their target audience primarily includes insurance agents and brokers seeking modern, cloud-based technology solutions.

Alma Media Oyj is a leading Finnish media company focused on sustainable growth by providing content and services that benefit users in everyday life, work, and leisure. The company operates across multiple sectors including media publishing, advertising, real estate services, automotive, recruitment, and investor relations. It holds a strong market position in Finland, reaching approximately 80% of the Finnish population weekly through its media channels. The website reflects a professional corporate presence with comprehensive content, structured data, and multilingual support.

P

Printify

printify.com

51

Printify is a well-established print on demand platform founded in 2015, headquartered in the US with additional offices in Latvia and Estonia. It serves a large global customer base of over 10 million sellers, offering integration with major eCommerce platforms such as Shopify, Etsy, TikTok, and Amazon. The platform enables entrepreneurs and businesses to create and sell custom products without upfront inventory costs, leveraging a global network of print providers for fulfillment. Technically, the website is built on modern Angular framework and uses Cloudflare for DNS and CDN services, alongside advanced analytics and marketing tools like Segment, Heap, and FullStory. However, the security posture is currently weak due to the absence of a valid SSL certificate and disabled TLS protocols, which poses a significant risk to user data and trust. Privacy and compliance policies are comprehensive and GDPR aligned, supporting the platform's global operations. Overall, Printify demonstrates strong business credibility and digital maturity but requires urgent improvements in its SSL/TLS configuration to enhance security and user trust.

T

Tower Hill Insurance Group, LLC

thig.com

54

Tower Hill Insurance Group, LLC is a well-established insurance provider specializing in residential and commercial property insurance in Florida and select other states. Founded in 1972, the company offers a broad range of insurance products including homeowners, renters, flood, commercial, and cyber insurance through a network of agencies. The website reflects a mature digital presence built on WordPress with common industry plugins and integrations such as Google Tag Manager and OneSignal for push notifications. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, which undermines user trust and data security. Privacy and cookie policies are present with consent mechanisms, indicating some compliance awareness. The site is content-rich with good navigation and branding consistency, targeting homeowners and commercial property owners primarily in Florida. Social media and trust signals such as BBB accreditation enhance credibility.

P

Progressive

progressive.com

55

Progressive is a major US-based insurance company with a strong market position and a comprehensive portfolio of insurance products including auto, home, renters, motorcycle, life, and commercial insurance. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding. Technically, the site uses modern web technologies, personalization, and monitoring tools, but suffers from an invalid SSL certificate and lack of modern TLS protocol support, which impacts its security posture. Privacy policies and cookie consent mechanisms are present and comprehensive, supporting GDPR compliance. Overall, the site is professional and trustworthy but requires urgent remediation of SSL and TLS issues to ensure secure user interactions.

N

Nationwide Mutual Insurance Company

nationwide.com

52

Nationwide Mutual Insurance Company operates a comprehensive and professionally designed website offering a wide range of insurance and financial services including auto, home, life, pet, business insurance, and investment products. The company is a Fortune 100 enterprise with a strong market position in the finance sector, targeting individuals, families, and businesses. The website demonstrates consistent branding and high content quality, supporting a positive user experience and clear navigation. Technically, the site uses modern JavaScript libraries, a proprietary design system (Bolt), and integrates multiple analytics and marketing tools, hosted primarily via Akamai CDN services. However, the SSL certificate is invalid or missing, significantly impacting the security posture. Security headers are well implemented, but the lack of valid HTTPS undermines trust and security. Privacy and cookie policies are present and indicate GDPR compliance, with clear contact phone numbers and social media presence enhancing business credibility. Overall, the site is highly professional but requires urgent remediation of SSL issues to improve security and user trust.

C

Celtic Bank

celticbank.com

64

Celtic Bank is a medium-sized financial institution specializing in commercial financing and SBA loans, positioning itself as a top ten SBA Preferred Lender in the United States. The company offers a broad range of loan products tailored to small and medium business needs, including SBA 7(a), 504 loans, construction financing, equipment financing, and specialty loans such as renewable energy and supply chain financing. Their market position is strengthened by detailed customer testimonials, case studies, and a professional online presence. Technically, the website leverages modern frameworks like React and Next.js with a headless WordPress backend, hosted behind Cloudflare, ensuring a contemporary digital infrastructure. However, the SSL certificate is invalid and no TLS protocols are enabled, which is a critical security flaw. Security headers are well implemented but some security best practices need improvement, including enabling OCSP stapling and session resumption. Privacy compliance is basic, with no cookie consent mechanism despite the use of tracking and advertising scripts. Overall, the website is professional and credible but requires urgent security fixes to protect user data and maintain trust.

S

Spring EQ

springeq.com

52

Spring EQ is a specialized financial services company founded in 2016, focused on providing homeowners with flexible home equity loan and line of credit products. Positioned as a niche lender in the U.S. market, it offers fixed-rate and variable-rate HELOCs, home equity loans, and debt consolidation solutions. The company targets homeowners seeking fast access to home equity with customizable loan terms. The website is professionally designed, leveraging HubSpot CMS and integrated marketing and analytics tools, reflecting a moderate level of digital maturity. However, performance is somewhat slow and accessibility is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which are critical for protecting user data and maintaining trust. Privacy and legal compliance are well addressed with comprehensive policies and consent mechanisms. Overall, the site presents a credible and trustworthy business image but requires urgent improvements in security infrastructure to meet industry standards.

W

WebBank

webbank.com

54

WebBank operates as a financial institution specializing in providing banking services to fintech partners, aiming to foster innovation and financial inclusion. The website positions the company as a partner bank supporting fintech brands but provides minimal content and lacks detailed business or contact information. The technical infrastructure relies on Amazon Web Services with content delivery via CloudFront and uses common web technologies such as FontAwesome and Google Tag Manager. However, the website lacks a valid SSL certificate and does not support modern TLS protocols, significantly undermining its security posture. Security headers are present but insufficient to compensate for the absence of HTTPS. Privacy and cookie policies are not found, and no contact information or forms are provided, limiting user trust and compliance with data protection regulations. Overall, the site demonstrates basic digital maturity but requires urgent improvements in security and compliance to meet industry standards.

V

Vysoké učení technické v Brně

zvut.cz

40

Vysoké učení technické v Brně (Brno University of Technology) operates the website zvut.cz as a news portal focused on university-related news, research, and events. The site targets students, faculty, researchers, and the general public interested in academic and technological developments. The university is a large, well-established educational institution in the Czech Republic with a strong market position in technical education. Technically, the website uses a custom CMS with technologies such as nginx, jQuery, Bootstrap, and Google Tag Manager. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are present but insufficient to compensate for the lack of proper TLS encryption. Privacy and cookie policies are not found, indicating potential compliance gaps. Contact information is limited to an email and physical address in the footer, with no phone numbers or dedicated contact forms. Overall, the site is professionally designed with good content relevance and navigation but requires urgent improvements in security and privacy compliance.

O

OpenAsso

openasso.org

55

OpenAsso is a French collaborative platform dedicated to the associative sector, providing expert articles and a Q&A module to support association managers. The platform emphasizes openness, collaboration, and quality content contributed by experts and community members. Technically, the site uses a variety of JavaScript libraries and is hosted on Microsoft Azure, leveraging the Assoconnect CMS platform. However, the site currently lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent is managed via Axeptio, and analytics are implemented with Google Analytics, Google Tag Manager, and RudderStack, with consent-based activation. Overall, the site offers good content quality and user experience but requires urgent security improvements to enable HTTPS and strengthen its security posture.