Security Directory

S

Sanofi

sanofigenzyme.com

0

Sanofi is a leading global healthcare and pharmaceutical company specializing in innovative medicines across specialty and general medicine areas. The website reflects a mature enterprise with comprehensive content targeting patients, healthcare professionals, investors, and partners. The technical infrastructure leverages modern web technologies including React and Material-UI, hosted on AWS CloudFront with Magnolia CMS. Privacy and cookie policies are well implemented with GDPR compliance, and the site integrates marketing and analytics tools such as Google Tag Manager and OneTrust. However, a critical security gap exists due to the absence of a valid SSL certificate and lack of TLS protocol support, significantly impacting the security posture. This exposes users to potential risks and undermines trust despite strong content and business credibility. Strategic remediation of SSL/TLS and related security configurations is essential to align the website with industry best practices and regulatory requirements.

S

SCHMIDT Groupe

cuisines-schmidt.com

0

SCHMIDT Groupe operates a comprehensive and professionally designed website focused on custom interior design solutions including kitchens, furniture, and bathrooms. The company is a leading French manufacturer with a strong market position and a large-scale retail business model. The website demonstrates a mature digital infrastructure with modern JavaScript frameworks, extensive use of analytics and marketing tools, and a clear focus on user experience and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR requirements. Overall, the site is content-rich and trustworthy but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

L

Legrand

legrand.com

0

Legrand is a global specialist in electrical and digital building infrastructures, offering a wide range of products and solutions tailored for various countries and global markets. The company positions itself as a leader in its industry, targeting both B2B and B2C customers seeking advanced electrical infrastructure solutions. The website reflects a professional and consistent brand image with good content quality and clear navigation, although some key contact information is not directly visible on the landing page. Technically, the website is built on Drupal 10 and leverages modern technologies such as Google Tag Manager and tarteaucitron.js for cookie consent management, hosted via Amazon CloudFront CDN. While the site shows basic mobile optimization and accessibility features, performance data is unavailable. SEO optimization is basic but present through meta tags and Open Graph data. From a security perspective, the site implements several important HTTP security headers and a content security policy. However, the lack of a valid SSL certificate and absence of TLS protocols severely undermine the security posture, exposing users to risks and reducing trust. No vulnerabilities like Heartbleed or POODLE were detected, but the SSL misconfiguration is a critical issue. Overall, the website demonstrates moderate digital maturity and business credibility but requires urgent remediation of SSL issues to improve security and user trust. Privacy compliance is good with clear cookie consent mechanisms and GDPR-aligned policies. Strategic improvements in security infrastructure and enhanced contact transparency would strengthen the company's online presence and risk posture.

Arthur Hunt is a French-based human resources consulting firm specializing in executive search, HR strategy consulting, transition management, and talent development across France and Europe. The company positions itself as a medium-sized, established player with a professional and consistent brand presence. The website is built on WordPress using the Divi theme and incorporates modern plugins for multilingual support and user experience enhancements. However, the technical infrastructure lacks a valid SSL certificate and does not support modern TLS protocols, which poses a significant security risk. The site includes GDPR-compliant cookie consent mechanisms and clear contact information but lacks explicit security policies or incident response details. Overall, the business is credible and professionally presented, but the absence of HTTPS critically impacts the security posture.

The website buron-avocat.fr represents a small legal practice operating in the Forbach and Saarbrücken regions, providing legal services primarily to French and German-speaking clients. The site itself is minimal, serving mainly as a redirect to a localized subdirectory, with very limited content on the landing page. The business appears to be established since 2009, supported by a mature domain registration. However, the digital presence is basic and lacks modern web features or comprehensive business information. From a technical perspective, the website is hosted on an Apache server via IONOS SE, but it lacks HTTPS support and a valid SSL/TLS certificate, which is a significant security concern. The site does not implement security headers or advanced web technologies, and performance data is unavailable, indicating potential slow or unoptimized loading. There is no evidence of analytics or tracking tools, and no privacy or cookie policies are present, which raises compliance concerns. Security posture is weak due to the absence of HTTPS, lack of security headers, and no incident response or vulnerability disclosure information. The domain registration is consistent and mature, but the lack of domain protection locks and security best practices lowers trustworthiness. Overall, the website presents a low security and privacy compliance profile, which could impact user trust and regulatory adherence. Strategic recommendations include immediate implementation of HTTPS with a valid certificate, addition of privacy and cookie policies to comply with GDPR, enhancement of security headers, and inclusion of clear contact information to improve business credibility and user trust.

U

Under The Milky Way

underthemilkyway.com

0

Under The Milky Way is a well-established global digital film distribution company with a strong market presence and partnerships with major VoD platforms. Their website reflects a professional business focused on digital distribution and marketing services, supported by a proprietary software solution for revenue optimization. Technically, the site is built on Squarespace with modern web technologies and includes basic SEO and mobile optimization. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is partially addressed with a cookie banner and privacy policy, but lacks comprehensive GDPR indicators and terms of service. Overall, the business appears legitimate and credible, but security posture requires urgent improvement.

E

EC2U

ec2u.eu

0

EC2U is a European educational alliance focused on collaboration among city universities, providing joint academic programs, mobility opportunities, and research initiatives. The website targets students, staff, researchers, and citizens, offering multilingual content and resources. Technically, the site is built on WordPress with a modern tech stack including jQuery and various plugins, hosted via Gandi. While the site has good design, accessibility, and SEO practices, it critically lacks a valid SSL certificate, exposing users to security risks. Security headers are present but their effectiveness is diminished without HTTPS. Privacy and cookie policies are implemented with consent mechanisms, supporting GDPR compliance. Overall, the domain registration is consistent and trustworthy, with active social media presence enhancing credibility.

A

AFEC

afec.fr

0

AFEC is a well-established French professional training organization specializing in continuing education and alternance programs. Founded in 1975, it serves job seekers, apprentices, and employees aiming to develop skills or change careers. The website presents a comprehensive portfolio of training services, including certifications, VAE accompaniment, and competency assessments, supported by strong trust signals such as Qualiopi certification and partner endorsements. Technically, the site is built on WordPress with common plugins and tracking tools, but suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with visible GDPR and cookie policies, including consent mechanisms. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and enhance trust.

M

Muséum national d'Histoire naturelle

mnhn.fr

0

The Muséum national d'Histoire naturelle is a prominent French national institution dedicated to natural history research, education, and public exhibitions. It operates multiple sites across Paris and regions, serving a broad audience including families, scientists, educators, and professionals. The website reflects a well-structured, content-rich platform with excellent design and navigation, supporting its mission to disseminate knowledge and engage the public. Technically, the site is built on Drupal 10 with modern web technologies and uses caching and analytics tools such as Varnish, Matomo, and ContentSquare. Mobile optimization and SEO are well addressed, though performance is moderate. However, the critical security weakness is the absence of a valid SSL certificate and disabled TLS protocols, severely impacting secure communications and user trust. Security headers and policies are implemented, but the lack of HTTPS and modern TLS support is a major vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact and legal information. Social media presence is official and consistent, enhancing credibility. Overall, the site is professionally managed with strong business credibility but requires urgent remediation of SSL/TLS issues to improve security posture and user trust. Strategic recommendations include installing valid certificates, enabling modern TLS, and enhancing security policies.

École polytechnique is a prestigious French engineering school offering a wide range of educational programs including Bachelor, Master, Doctorate, and Executive Education. It is a founding member of the Institut polytechnique de Paris and focuses on research, innovation, and entrepreneurship. The website targets students, researchers, entrepreneurs, alumni, and corporate partners, providing comprehensive information about academic programs, research labs, innovation centers, and community engagement. Technically, the site is built on Drupal CMS with modern frontend technologies but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms. Social media presence is strong with official accounts on Facebook, YouTube, LinkedIn, and Instagram. Overall, the site is professional and trustworthy but requires urgent security improvements to enable HTTPS and modern TLS protocols.

The website dondusang.net represents the official French public blood service, Etablissement français du sang (EFS). It provides comprehensive information and services related to blood, plasma, and platelet donations across France. The site is well-branded, content-rich, and targets donors, associations, and the general public with clear calls to action and partner engagement. Technically, the site is built on Drupal CMS, uses modern tracking and analytics tools, and integrates multiple partner domains. However, it lacks HTTPS support, which is a critical security flaw exposing users to risks. Security headers are well configured but cannot compensate for the absence of SSL/TLS. Privacy policies and cookie consent mechanisms are present and GDPR compliant. Overall, the site demonstrates a high level of professionalism and trustworthiness but requires urgent security improvements.

The domain 20minutes.fr is a mature media website with a registration age of 23 years, indicating a well-established presence in the French media sector. However, the website content is currently inaccessible due to a CloudFront 403 error, which blocks access and prevents content retrieval. The technical infrastructure relies on Amazon CloudFront for hosting and DNS services via AWS, consistent with a large-scale media operation. Despite this, the absence of a valid SSL certificate and lack of HTTPS support significantly undermine the site's security posture. No privacy, cookie, or terms of service policies are detectable, and no contact or social media information is available from the provided HTML content. Overall, the site exhibits a weak security configuration and poor content availability, limiting the ability to perform a full analysis.

Desmet is a well-established global engineering company specializing in custom plants and equipment for the food, feed, and biofuel industries. With a large workforce and multiple brands, it holds a strong market position supported by extensive experience and a professional digital presence. The website is content-rich, well-structured, and uses modern technologies, but critically lacks HTTPS/SSL, which severely impacts its security posture. While security headers are implemented, the absence of valid SSL/TLS and related configurations exposes the site to risks. Privacy compliance is partially addressed with visible privacy and cookie policies, but no explicit consent mechanism is detected. Business credibility is high due to clear branding, contact information, and WHOIS consistency. Strategic improvements in security infrastructure and incident response readiness are recommended.

A

Amaris Consulting

amaris.com

0

Amaris Consulting is a well-established global technology consulting firm founded in 2007, operating across multiple sectors including technology, healthcare, finance, transportation, and energy. With a workforce of approximately 7,600 employees spread over 60 countries, it serves over 1,000 clients worldwide. The company is part of the Mantu group, which is confirmed by website footer references and structured data. The website presents a professional and consistent brand image, with comprehensive content describing its services, centers of excellence, and industry focus. Technically, the site is built on WordPress using Elementor and optimized with WP Rocket, but suffers from a critical security issue due to the lack of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is partially addressed with a clear privacy policy and GDPR-compliant contact form, but lacks a cookie consent mechanism. Overall, the site demonstrates good business credibility and user experience but requires urgent security improvements.

R

Rexel

rexel.com

0

Rexel is a global leader in multichannel distribution for the energy sector, providing sustainable and innovative solutions to professional customers worldwide. The company operates in 17 countries with nearly 2,000 branches and a workforce of approximately 27,000 employees. Their business model focuses on supporting electricians, installers, commercial and industrial companies, and suppliers with a broad portfolio of energy-related products and services. The website reflects a mature digital presence with comprehensive content, investor relations, and sustainability commitments. Technically, the site is built on WordPress with modern SEO plugins and integrates multiple analytics and marketing tools. However, the absence of a valid SSL certificate and HTTPS support is a critical security deficiency that undermines user trust and data protection. The site implements strong cookie consent mechanisms and complies with GDPR requirements, but lacks explicit security policies or incident response information. Overall, Rexel's website demonstrates high professionalism and business credibility but requires urgent security improvements to align with best practices.

Q

QESTIT

qcentris.com

0

QESTIT is a mature and established company specializing in AI-driven quality assurance and software testing services. The company offers a broad range of services including software testing, intelligent automation, AI-powered quality, cybersecurity, SAP migration, and UX design. Their market position is supported by 25 years of expertise and a professional online presence. Technically, the website is built on HubSpot CMS, uses modern analytics tools, and is hosted behind Cloudflare, but lacks a valid SSL certificate, which is a critical security gap. The security posture is basic with some security headers present but no HTTPS, no OCSP stapling, and no session resumption. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite tracking scripts. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and improve trust.

U

Ubisoft Nadeo

nadeo.com

0

Ubisoft Nadeo is a well-established video game development studio based in Paris, France, known for its innovative multiplayer games such as Trackmania and Shootmania. As a subsidiary of Ubisoft, it benefits from a strong market position and a mature digital presence. The website content is professional, well-structured, and targets gamers interested in competitive and virtual reality gaming experiences. Technically, the site uses modern frameworks like React and Express, hosted on AWS infrastructure with CDN support, but lacks a valid SSL certificate and HTTPS enforcement, which is a critical security gap. Security headers are partially implemented, and no major vulnerabilities are detected, but the absence of TLS protocols and HSTS reduces the security posture significantly. Privacy compliance is good with clear privacy and cookie policies, and GDPR considerations are addressed. Contact information is primarily via support portals and social media, with no direct emails or phone numbers publicly listed. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain trust.

M

Mersen

mersen.com

0

Mersen is a global industrial company specializing in electrical power and advanced materials, serving high-tech industries with customized solutions and key products. The company operates worldwide with over 50 industrial sites and 21 R&D centers across 33 countries, positioning itself as a leader in its sector. The website reflects a mature digital presence with comprehensive content, multi-language support, and active social media engagement. Technically, the site is built on Drupal 10 and leverages modern CDN and observability tools, but lacks a valid SSL certificate and modern TLS support, which is a critical security gap. Privacy and cookie policies are well implemented and GDPR compliant, but no explicit security policy or incident response information is provided. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect users and maintain credibility.

A

Air Liquide

airliquide.com

0

Air Liquide is a global leader in gases, technologies, and services for industry and healthcare, operating in 60 countries with a large workforce and millions of customers. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding. However, the technical security posture is weak due to an invalid SSL certificate and disabled TLS protocols, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. The absence of direct contact information and vulnerability disclosure policies suggests areas for improvement in transparency and incident response readiness. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy.

I

IDEMIA

idemia.com

0

IDEMIA is a global leader in biometrics and cryptography, providing advanced technology solutions that enable secure payments, identity verification, connectivity, and public safety. The company serves governments, enterprises, and financial institutions worldwide, positioning itself as a trusted partner with a strong market presence and extensive customer references. The website reflects a mature digital infrastructure with modern JavaScript libraries, SEO best practices, and a professional design that supports a positive user experience. However, the current lack of a valid SSL certificate and HTTPS implementation significantly impacts the security posture, exposing the site to potential risks. Privacy policies and cookie consent mechanisms are well implemented, and a Data Protection Officer contact is provided, indicating good privacy compliance. Overall, the site demonstrates high business credibility but requires urgent improvements in SSL/TLS security to align with best practices and user trust expectations.

S

Sanofi

sanofi.com

0

Sanofi is a globally recognized, research and development-driven biopharmaceutical company leveraging artificial intelligence to innovate in healthcare. The company focuses on developing medicines and vaccines across multiple therapeutic areas, positioning itself as a leader in the healthcare industry with a strong commitment to improving patient outcomes. The website reflects a mature enterprise with comprehensive content targeting healthcare professionals, patients, investors, and partners. Technically, the site employs modern frameworks and libraries such as Material UI and Font Awesome, with integrations for analytics and cookie consent management. However, the security posture is currently weak due to the absence of a valid SSL/TLS certificate and missing security headers, which poses significant risks for user trust and data protection. Privacy compliance is well addressed with clear policies and consent mechanisms, aligning with GDPR requirements. Overall, while the business credibility and content quality are high, urgent improvements in security infrastructure are recommended to enhance trust and protect users.

B

BWT Holding GmbH

bwt.fr

0

BWT Holding GmbH operates a comprehensive website focused on water treatment solutions, targeting private consumers and professional sectors in France. The site offers detailed product and service information, supported by a consistent brand presence and multiple customer contact channels. Technically, the website uses modern JavaScript libraries, Google Tag Manager, and performance optimization tools, hosted behind Cloudflare. However, a critical security weakness is the invalid SSL certificate and lack of TLS protocol support, which significantly undermines the site's security posture. Privacy and cookie policies are present and appear GDPR compliant, with consent mechanisms implemented. Overall, the site is professional and content-rich but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

S

Syensqo

cytec.com

0

Syensqo is a global science company focused on developing advanced, forward-looking solutions that enhance various sectors including energy, transportation, and manufacturing. The company positions itself as a market leader with a strong emphasis on innovation, sustainability, and investor transparency. Their website reflects a mature digital presence with comprehensive content targeting industrial clients, investors, and potential employees. Technically, the site is built on Drupal 10 with modern web technologies and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue for trust and data protection. Despite strong security headers and privacy policies, the missing SSL significantly impacts the overall security score. The domain registration details are consistent with the business claims, indicating legitimacy. Strategic recommendations include immediate SSL implementation and enhancement of security configurations to align with best practices.

P

Pierre Fabre Laboratories

pierre-fabre.com

0

Pierre Fabre Laboratories is a well-established French pharmaceutical and dermocosmetics group with a global presence and a strong portfolio of brands. The company focuses on developing innovative healthcare and beauty solutions inspired by patients and consumers. Their website reflects a mature digital presence with comprehensive content, multilingual support, and clear business information. However, the technical infrastructure shows weaknesses, particularly in security, as the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical issue for user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism implemented via OneTrust. Overall, the website is professional and trustworthy but requires urgent security improvements to meet modern standards.

N

Newrest

newrest.eu

0

Newrest is a global leader in multi-sector catering and out-of-home food service solutions, operating in 53 countries with a workforce exceeding 60,000 employees. The company offers a broad range of services including inflight catering, rail catering, remote site management, concessions, and retail services, targeting corporate clients in transportation, energy, and retail sectors. The website is professionally designed, multilingual, and provides comprehensive business and CSR information, reflecting a mature global enterprise. Technically, the site is built on WordPress with modern plugins for SEO, multilingual support, and privacy compliance, but suffers from a critical lack of HTTPS and valid SSL certificates, severely impacting security posture. Privacy compliance is well addressed with clear policies and a consent manager. The security headers are partially implemented, but the absence of TLS protocols and HSTS reduces the site's security effectiveness. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain business credibility.

S

SOPREMA

soprema.com

0

SOPREMA is a well-established global manufacturer specializing in waterproofing, insulation, and roofing products with a broad international footprint. The company operates through numerous subsidiaries and sales offices worldwide, targeting construction professionals and distributors. The website reflects a multinational business model with a focus on manufacturing and distribution. Technically, the website runs on Apache with PHP backend and Magento CMS, integrating Google Maps for location display. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture. No privacy or cookie policies are present, indicating poor privacy compliance. Contact information is comprehensive and professional, supporting business credibility. Overall, the site requires urgent security improvements to protect user data and enhance trust.

C

Coface

coface.com

0

Coface is a global leader in trade credit insurance, debt collection, and business information services, supporting over 100,000 clients across approximately 200 countries. Founded in 1946 and headquartered in France, the company offers comprehensive solutions to help businesses manage credit risks and optimize credit management. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its target audience of businesses seeking credit risk solutions. Technically, the site uses modern web technologies including a CDN (CloudFront), a CMS (Ibexa), and integrates advanced consent management and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, Coface's website demonstrates high business credibility and professionalism but requires urgent SSL/TLS remediation to improve security and trust.

V

Valneva

valneva.com

0

Valneva is a specialty vaccine company focused on the development, manufacturing, and commercialization of prophylactic vaccines addressing infectious diseases with unmet medical needs. The company has a strong market position with multiple commercialized vaccines and a robust pipeline targeting diseases such as chikungunya, Lyme disease, Shigella, and Zika. The website reflects a professional corporate presence with comprehensive investor relations and media resources, targeting healthcare professionals, investors, and partners globally. Technically, the website is built on WordPress with modern SEO and marketing tools, including Google Tag Manager and social media integrations. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses significant risks to data confidentiality and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and credible but requires urgent remediation of SSL/TLS issues to improve security and trust.

A

alwaysdata

alwaysdata.com

0

alwaysdata is a French cloud hosting provider established in 2001, offering a range of developer-friendly services including public and private cloud hosting, domain registration, managed databases, and email hosting. The company targets developers, educational institutions, and open-source projects, positioning itself as a niche player focused on ease of use and flexibility. Their platform supports multiple programming languages and provides automated deployment options, appealing to a technical audience. The website is professionally designed with clear navigation and comprehensive content, reflecting a mature digital presence. Technically, alwaysdata utilizes Django as its web framework and integrates Matomo for analytics, emphasizing privacy compliance with cookie consent mechanisms. The site is mobile-optimized and accessible, with good SEO practices. However, the security posture is weakened by the absence of a valid SSL certificate and HTTPS support, alongside missing security headers and advanced TLS features. This represents a significant risk for user data protection and trust. While privacy policies, cookie policies, and terms of service are well documented and GDPR compliant, the lack of SSL undermines overall security. The company maintains a bug bounty program, indicating a proactive approach to vulnerability management. Contact options are clear, including a phone number and detailed contact forms. Overall, alwaysdata presents a strong business and technical profile but must urgently address SSL and HTTPS implementation to enhance security and user trust. Strategic improvements in security headers and TLS configurations are also recommended to align with best practices.

N

NuxtLabs

nuxt.studio

0

Nuxt Studio is a specialized SaaS platform offering a Git-based CMS and editing experience tailored for Nuxt Content users. The company, NuxtLabs, founded in 2022 and based in France, targets developers and content editors seeking a streamlined content management solution integrated with GitHub and Google authentication. The platform emphasizes ease of content editing, media management, and publishing workflows, positioning itself as a niche player in the Nuxt ecosystem. Technically, the website leverages modern web technologies including Nuxt.js and Tailwind CSS, with integrations for analytics (Plausible) and user support (Crisp chat). However, the site lacks a valid SSL certificate, which is a significant security concern. Security headers and DNSSEC are also absent, indicating room for improvement in security posture. Privacy compliance is minimal, with no privacy or cookie policies detected, though a Terms of Service page is present. Overall, the domain registration is consistent with the business claims, enhancing trustworthiness. Strategic improvements in security and privacy compliance are recommended to strengthen the platform's credibility and user trust.

E

efficy

tribecrm.fr

0

Tribe CRM is a French-language SaaS CRM platform operated by efficy, targeting businesses seeking a flexible, AI-powered CRM solution. The website presents a professional, content-rich experience with clear business offerings, pricing, and multilingual support. Technically, the site is built on WordPress with modern marketing and analytics integrations, but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which severely impacts security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. Overall, the business appears legitimate and well-positioned in the CRM market, but the security weaknesses pose risks that should be urgently addressed.

C

CMA CGM

cma-cgm.com

0

CMA CGM is a global leader in sea, land, air, and logistics solutions, offering a comprehensive range of services including maritime shipping, intermodal transport, air freight, and logistics. The company targets businesses requiring integrated supply chain and transportation services worldwide. The website reflects a mature digital presence with extensive content, customer portals, and service offerings, supported by a modern technology stack including Cloudflare CDN, Google Tag Manager, and bot protection services. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which poses significant risks to data confidentiality and user trust. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent remediation of SSL and encryption issues to enhance security and trust.

C

CMA CGM Group

cmacgm-group.com

0

CMA CGM Group operates as a global leader in transportation and logistics, providing integrated sea, land, air, and logistics solutions. The company targets a global customer base requiring comprehensive supply chain services. The website reflects a mature enterprise with consistent branding and a professional online presence. Technically, the site uses modern frameworks such as React and Next.js, hosted on AWS CloudFront with caching via Varnish, and a Drupal CMS backend. However, the absence of a valid SSL/TLS certificate critically undermines the security posture, exposing users to risks and reducing trust. Security headers are partially implemented but lack completeness, and no advanced security policies or data protection officer contacts are visible. The site includes cookie consent mechanisms and a responsible disclosure program, indicating some compliance awareness. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

H

Hopscotch Groupe

hopscotchgroupe.com

0

Hopscotch Groupe is a French communication agency specializing in creative communication and relational capital services. The company targets businesses seeking expertise in public relations, event management, and specialized agency services. The website presents a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress and uses common web technologies such as jQuery, Mapbox, and Google Tag Manager. However, the site lacks HTTPS, which is a critical security vulnerability. Security headers are minimal, and no advanced security frameworks or incident response policies are evident. Privacy compliance is supported by comprehensive privacy and cookie policies with consent mechanisms. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

S

Sia partners

sia-partners.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 23 security findings identified across all modules.

H

heaven

heaven.fr

0

heaven is a next generation advertising agency based in Paris, France, specializing in digital and social media campaigns targeting next-generation consumers. The company is part of the Hopscotch Group, indicating a strong backing and market presence. Their website showcases a portfolio of projects with major clients, emphasizing innovation and digital-first strategies. Technically, the website is built on WordPress and uses Cloudflare CDN for delivery, but lacks a valid SSL certificate, resulting in no HTTPS support which is a critical security concern. The site is mobile optimized and well structured with good content quality, but lacks explicit privacy, cookie, and security policies, which impacts compliance and trust. Overall, the security posture is weak due to missing HTTPS and security headers, and no incident response or vulnerability disclosure information is provided. Strategic improvements in SSL deployment, privacy compliance, and security transparency are recommended to enhance trust and reduce risk.

I

INTERNATIONAL CHAMBER OF COMMERCE

iccwbo.org

0

The International Chamber of Commerce (ICC) is a globally recognized organization representing the voice of world business. It provides advocacy, practical trade tools, dispute resolution services, and professional development to a diverse audience including multinational corporations, small businesses, government representatives, and chambers of commerce. The website reflects ICC's authoritative market position and comprehensive service offerings. Technically, the site is built on WordPress with modern SEO and analytics tools, though performance is moderate. Security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS support, despite HSTS being enabled. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is professional, trustworthy, and content-rich but requires urgent SSL remediation to improve security and user trust.

I

IDIMweb

idimweb.com

0

IDIMweb is a small, specialized web agency operating primarily in France and the Caribbean, with over 15 years of experience in custom website creation, development, SEO, and digital marketing. The company targets professionals, institutions, and individuals seeking tailored web solutions, leveraging Joomla CMS and modern frontend technologies. The website reflects a professional and consistent brand image with clear contact channels and a portfolio of client references. Technically, the site uses Joomla with Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security shortfall. Privacy compliance is well addressed with comprehensive cookie and privacy policies and a consent mechanism. Social media integration and analytics usage are moderate and transparent.

D

Dauphin Telecom Business

dauphintelecompro.com

0

Dauphin Telecom Business is a regional telecommunications and digital solutions provider focused on serving businesses in French overseas territories such as Guadeloupe, Martinique, Guyane, and the Northern Islands. The company offers a range of services including fiber internet (FTTH, FTTO), unified communication solutions, mobile plans, cloud and data center services, and VPN interconnection. Their website reflects a professional digital presence with clear navigation and relevant content tailored to their target audience. Technically, the website is built on Joomla CMS using the Helix Ultimate framework and Bootstrap 5, incorporating modern libraries like jQuery and Awesomplete. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent and privacy policies are implemented, showing good GDPR compliance, and Google Analytics is used with appropriate data retention policies. From a security perspective, the absence of HTTPS and security headers significantly lowers the security posture. While Google reCAPTCHA is used to protect forms, the lack of SSL/TLS encryption exposes users to risks. The WHOIS data confirms the domain is mature and registered transparently, consistent with the business claims. Overall, the website is functional and informative but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling security headers, and optimizing performance to improve user experience and security compliance.

D

Dauphin Telecom

dauphintelecom.com

0

Dauphin Telecom is a regional telecommunications provider serving the French Antilles, Saint Martin, and Saint Barthélemy. The company offers a variety of services including mobile plans, fiber internet, TV packages, and bundled offers, targeting both residential and business customers. With a local presence supported by multiple agencies and a customer service center based in Guadeloupe, Dauphin Telecom positions itself as a trusted and accessible operator in its market. Technically, the website is built on WordPress using the Elementor page builder and several Jet plugins, indicating a modern and flexible digital infrastructure. However, the site suffers from slow performance and lacks a valid SSL certificate, which impacts both user experience and security. The site is mobile-optimized and includes basic accessibility features, but there is room for improvement in performance and security hardening. From a security perspective, the absence of HTTPS and modern TLS protocols is a critical vulnerability. While the site implements cookie consent mechanisms and appears GDPR compliant, it lacks explicit security policies and incident response information. The use of SPF records for email authentication is a positive indicator, but the overall security posture is weak and requires urgent attention. Overall, Dauphin Telecom's website reflects a legitimate and established business with good content quality and business credibility. However, significant security improvements are necessary to protect user data and enhance trust. Addressing these issues will strengthen the company's digital presence and compliance standing.

D

Dauphin Telecom

topup.fr

0

Dauphin Telecom TopUp operates as a regional telecommunications service provider specializing in mobile credit recharge and related services for customers primarily in the French Caribbean region. The website offers a user-friendly platform for purchasing mobile credit, voice, and internet passes, supported by a mobile app and a network of resellers. The business targets individual consumers and resellers, positioning itself as a convenient and economical solution for mobile recharge needs. Technically, the site is built on the Wix platform using modern React frameworks and integrates various Wix services such as video, gallery, and forms. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the site's security posture. While basic privacy and cookie policies are present, they lack explicit consent mechanisms, and no dedicated security or incident response policies are found. The site demonstrates moderate digital maturity but requires urgent improvements in security to protect user data and build trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing privacy compliance measures.

D

Dauphin Telecom Business

dauphintelecom-business.com

0

Dauphin Telecom Business is a telecommunications company focused on providing digital transformation solutions to businesses in French overseas territories such as Guadeloupe, Martinique, Guyane, and the Northern Islands. Their offerings include fiber internet (FTTH, FTTO), unified communication solutions, mobile plans, cloud and data center services, and VPN solutions. The company positions itself as a regional partner for business digitalization with a medium-sized operation and a consistent brand presence. Technically, the website is built on Joomla CMS using the Helix Ultimate template and Bootstrap framework, with various JavaScript libraries for enhanced UI and forms. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security and trust concern. The site includes cookie consent mechanisms and privacy policies aligned with GDPR, and uses Google Analytics with consent management. Security posture is weak due to the absence of HTTPS and modern TLS protocols, no HSTS, and no OCSP stapling. Security headers are present but insufficient to compensate for the lack of encryption. There are no explicit security or incident response policies visible on the site. Overall, the website is functional and professional in content and design but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, and improving server security configurations.

The website com-saint-martin.fr currently serves a 404 error page indicating that the requested content is not found, resulting in no accessible business information or user-facing content. The domain is mature, registered since 2007 with a French registrar, and uses Google hosting infrastructure. However, the lack of a valid SSL certificate and HTTPS support severely impacts the security posture and user trust. Minimal security headers are present but some are misconfigured, and no privacy or cookie policies are found, indicating poor compliance with data protection regulations. Overall, the site appears abandoned or misconfigured, offering no business or contact information to visitors. Technically, the site is hosted on Google infrastructure with DNS managed by eolas.fr name servers. DNSSEC and CAA records are not enabled, which could improve DNS security. The site lacks modern TLS protocols and cipher suites, and no session resumption or OCSP stapling is configured. Performance data is unavailable due to the lack of content, but the minimal HTML suggests poor user experience and SEO. Security-wise, the absence of HTTPS and a valid SSL certificate is a critical vulnerability. The X-XSS-Protection header is disabled, and no advanced security headers like Content Security Policy are present. The DMARC policy is set to quarantine, which is a positive indicator for email security. No incident response or vulnerability disclosure information is available, limiting the ability to respond to security events. Given these findings, the overall risk level is high due to the lack of content, security controls, and compliance measures. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, improving security headers, publishing privacy and cookie policies, and providing clear contact information to enhance trust and compliance.

MRS is a French company specializing in corporate restaurant and employee catering services, operating multiple regional offices across France. The website currently displays a maintenance page indicating a site redesign to improve user experience. The business is established with a domain age of 26 years and a consistent registration history. Technically, the site runs on WordPress with Elementor and Yoast SEO plugins hosted on OVHcloud, but lacks HTTPS, which is a critical security deficiency. The security posture is weak due to absence of SSL/TLS, security headers, and privacy policies. Contact information and social media presence are available, but no forms or advanced privacy compliance mechanisms are implemented. Overall, the site is functional but requires significant improvements in security and privacy compliance to meet modern standards.

D

Dauphin Telecom

dauphintelecom.fr

0

Dauphin Telecom is a regional telecommunications provider serving the French Antilles, including Saint Martin and Saint Barthélemy. The company offers a comprehensive range of services including mobile plans (unlimited, blocked, prepaid), fiber internet, TV packages, and bundled offers. With over 26 years of market presence and multiple local agencies, Dauphin Telecom holds a strong position in its regional market. The website reflects a professional and well-branded digital presence, targeting both residential and business customers in the region. Technically, the website is built on WordPress with Elementor and various Jet plugins, indicating a modern CMS-based infrastructure. However, performance metrics suggest slow loading times, and there is no SSL/TLS certificate installed, which is a significant security concern. The site is mobile-optimized and includes SEO best practices, but accessibility features are basic. From a security perspective, the absence of HTTPS and modern TLS protocols severely impacts the security posture, exposing users to potential risks. Some security headers are present, but critical improvements are needed. Privacy compliance is well addressed with a clear privacy policy, cookie consent mechanism, and GDPR adherence. Contact information is clearly provided, enhancing business credibility. Overall, while the business and content quality are strong, the lack of HTTPS is a critical issue that must be addressed immediately to protect users and improve trust. Strategic recommendations include implementing SSL, enhancing security configurations, and maintaining compliance documentation.

L

lempire

tweethunter.io

0

Tweet Hunter is a specialized SaaS platform offering AI-powered tools to help individuals and brands grow and monetize their audience on X (formerly Twitter). The platform provides a comprehensive suite of services including content creation, scheduling, automation, CRM, and analytics, targeting users ranging from beginners to established influencers. The website is professionally designed with rich content and strong branding consistency, supported by extensive marketing and analytics integrations. Technically, the site is built on Webflow and leverages modern marketing and analytics tools, but suffers from critical security shortcomings due to an invalid or missing SSL certificate and lack of HTTPS enforcement. Privacy compliance is addressed with a comprehensive privacy policy and cookie consent management, though explicit security policies and incident response information are absent. Overall, the business appears legitimate and well-positioned in the technology sector, but the security posture requires urgent improvement to protect users and enhance trust.

T

Taplio

taplio.com

0

Taplio is a specialized AI-powered SaaS platform designed to help professionals and businesses grow their personal brand and engagement on LinkedIn. It offers a comprehensive suite of tools including AI-driven content creation, post scheduling, engagement building, analytics, and a Chrome extension to enhance LinkedIn experience. The platform targets LinkedIn users who want to optimize their content strategy and network growth efficiently. Technically, Taplio is built on WordPress with Elementor and leverages various modern web technologies and third-party integrations for analytics and marketing. However, a critical security gap is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The website is well-structured with good SEO and accessibility features, but lacks a cookie consent mechanism despite using multiple tracking tools. Overall, Taplio presents a professional and trustworthy brand with strong business credibility but needs urgent improvements in security to protect user data and trust.

O

Outbound Experts

outbound-experts.com

0

Outbound Experts is a specialized marketplace platform founded in 2023, focused on connecting B2B companies with vetted outbound sales agencies and freelancers. The platform offers a wide range of services including B2B prospecting, multichannel outreach, lead generation, appointment scheduling, and more. It positions itself as a trusted hub for scaling business outreach efforts with certified experts. Technically, the website is built on Webflow with modern JavaScript libraries and integrates Google Tag Manager for analytics. The site is mobile optimized and features a professional design with clear navigation. Security-wise, it uses HTTPS with a valid SSL certificate and has basic email security configurations like SPF and DMARC, but lacks advanced security headers and DNSSEC. Privacy and compliance documentation such as privacy policy and cookie consent are not found, indicating room for improvement in GDPR compliance. Overall, the site is legitimate, well-structured, and serves a niche market effectively, but should enhance its security and privacy posture to increase trust and compliance.

L

LEMPIRE

lempire.co

0

Lempire is a French-based technology company offering a suite of SaaS tools designed to help small and medium-sized businesses (SMBs) enhance their sales and marketing efforts. Their product portfolio includes lemlist for cold email outreach, lemwarm for email deliverability, lemcal for meeting scheduling, Taplio for LinkedIn personal branding, and Tweet Hunter for Twitter audience growth. The company positions itself as a comprehensive solution provider for ambitious businesses aiming to scale their outreach and brand presence. Technically, the website is built on modern web technologies including Webflow CMS, jQuery, and Swiper JS, with good design quality and user experience. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which poses significant risks. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, while the business and technical maturity are strong, the security weaknesses require urgent remediation to protect user data and maintain trust.

M

Mines Plus

mines-plus.org

0

Mines Plus is an alumni association website serving graduates of the Mines d'Albi, Alès, and Douai engineering schools in France. It offers networking, career services, event information, and regional group management for its members. The site targets alumni, students, and recruiters connected to these institutions. Technically, the website uses a custom CMS with a PHP/Apache backend and front-end technologies including jQuery, Bootstrap, and various JavaScript libraries. It integrates cookie consent management and social login options. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, and no TLS protocols are enabled, which severely impacts secure HTTPS access. Security headers are well implemented, but the lack of proper SSL/TLS undermines overall security. Privacy compliance is addressed with a cookie policy and consent mechanism, but no explicit privacy policy or terms of service pages are clearly found. Contact information is limited to an email address in the footer and a contact page link, with no phone numbers or physical addresses visible. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and trust.