Security Directory

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Royal Avebe is a well-established cooperative specializing in the production and supply of potato-based ingredients such as potato starch and protein. With a history dating back to 1919, the company serves diverse markets including food, industrial applications, and animal nutrition. The website reflects a mature business with comprehensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress with modern SEO and tracking tools but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Privacy compliance is well addressed with detailed policies and a cookie consent mechanism. Contact information and social media presence are clearly provided, enhancing business credibility.

'

's Heeren Loo

sheerenloo.nl

0

's Heeren Loo is a large, established healthcare organization in the Netherlands specializing in providing tailored care and support for people with intellectual and other disabilities. Their services span diagnostics, treatment, home support, education, work and day activities, and residential care. The organization targets clients with disabilities, their families, and care professionals, emphasizing a mission to help clients live as well as possible with appropriate care levels. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuex, integrates Matomo analytics for user tracking, and uses Google Tag Manager for marketing. Accessibility and SEO are well addressed, with good mobile optimization and structured data markup. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, the website is professional, content-rich, and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and maintain trust.

R

Randstad

randstad.com

0

Randstad is a global leader in the HR services industry, providing a wide range of staffing, recruitment, and workforce management solutions. The company targets job seekers, employers, investors, and press with a comprehensive digital presence and multiple country-specific subsidiaries. Their business model focuses on delivering specialized talent solutions at scale, supported by digital and enterprise services. The website reflects a mature and professional brand with strong market positioning and trust indicators. Technically, the website uses modern technologies including React and Drupal CMS, hosted on Amazon Web Services infrastructure. While the site is well-structured and mobile-optimized, performance data is unavailable. Security headers are properly configured, but the SSL certificate is invalid or missing, which is a critical vulnerability that undermines secure communications. The security posture shows good practices in headers and cookie management but lacks proper SSL/TLS implementation and explicit security or incident response policies. Privacy and cookie policies are present with consent mechanisms, indicating good compliance with GDPR. Contact information is primarily via forms, with no direct emails or phone numbers publicly listed. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions and maintain business credibility.

S

Spring GDS

spring-gds.com

0

Spring GDS is an established international delivery company specializing in cross-border e-commerce shipping solutions since 2001. Positioned as part of the PostNL group, it offers a comprehensive suite of services including global shipping, returns, customs clearance, and integrations tailored for online businesses. The company emphasizes sustainability and holds an EcoVadis certification, reinforcing its commitment to environmental responsibility. The website targets businesses seeking efficient international logistics with a focus on last-mile delivery expertise. Technically, the website employs modern web technologies such as Google Tag Manager and Sentry for analytics and error monitoring, and is hosted behind Akamai CDN. However, performance is impacted by slow DNS resolution and the absence of a valid SSL certificate, which critically undermines the security posture. The site is mobile-optimized with excellent design and navigation, supporting a positive user experience. Security analysis reveals significant weaknesses: no valid SSL/TLS certificate is deployed, no TLS protocols are enabled, and critical security features like OCSP stapling and session resumption are missing. While security headers are present, the lack of HTTPS severely limits the site's trustworthiness and exposes users to risks. Privacy compliance is good with clear policies and GDPR adherence, but incident response and vulnerability disclosure mechanisms are not publicly documented. Overall, Spring GDS presents a credible and professional business with strong market positioning and comprehensive service offerings. The primary risk lies in its deficient SSL configuration, which should be urgently addressed to protect customer data and maintain trust. Strategic improvements in security infrastructure will enhance the company’s digital maturity and safeguard its reputation.

E

evofenedex

evofenedex.nl

0

Evofenedex is a well-established Dutch association focused on trade and logistics, serving over 10,000 members with knowledge, advice, products, and services related to goods transport, import/export, and storage. The website reflects a mature organization with a clear business model centered on membership benefits and industry support. Technically, the site employs modern JavaScript frameworks such as React and uses Google Tag Manager and Visual Website Optimizer for analytics and marketing. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Privacy compliance is weak, with no visible privacy or cookie policies, although cookie consent is denied by default via the consent management setup. Overall, the site is functional and professionally designed but requires urgent security and compliance improvements.

E

Evides N.V.

evides.nl

0

Evides N.V. is a large, established public utility company providing reliable and sustainable drinking water services to approximately 2.5 million consumers and businesses in the southwest Netherlands. The company operates a comprehensive digital infrastructure including a customer portal (Mijn Evides), extensive self-service options, and detailed information resources. Their market position is strong with a focus on quality, sustainability, and customer engagement. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, hosted on Microsoft Azure, and integrates analytics and marketing tools such as Google Analytics, Hotjar, and Google Tag Manager. Security measures are in place including a strict Content Security Policy and multiple security headers; however, the SSL certificate is currently invalid and no modern TLS protocols are enabled, representing a critical security risk. Privacy compliance is robust with comprehensive GDPR-aligned policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions.

ROSMARIE is a small Dutch theatrical business focused on monologue performances and play instruction, led by Rosmarie 'Roos' Blaauboer. The website serves as a professional portfolio and booking platform, targeting theater audiences and cultural event organizers. The business operates with a niche market position emphasizing artistic productions and cultural heritage. Technically, the site is built on WordPress with common plugins for SEO and sliders, but suffers from lack of HTTPS and performance optimization. Security posture is weak due to missing SSL, lack of security headers, and absence of privacy and cookie policies. The domain is mature and consistent with the business history, but domain protection is minimal. Overall, the site is functional and professional in content but requires urgent security and privacy improvements to reduce risk and improve trust.

dsm-firmenich is a leading global innovator in nutrition, health, and beauty, formed by the combination of two major companies. The website presents a comprehensive and professional digital presence with detailed information about their business units, sustainability efforts, and investor relations. The technical infrastructure is modern, leveraging Adobe Experience Manager CMS and marketing tools such as Marketo and Adobe Helix RUM. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the website is content-rich and professionally designed but requires urgent security improvements to meet industry standards.

S

SPAR International

spar-international.com

0

SPAR International is a well-established global voluntary food retail group founded in 1932, operating over 13,900 stores across 48 countries. The business model focuses on licensed wholesalers and retailers working in partnership to deliver diverse store formats and retail solutions. The website reflects a mature digital presence with comprehensive content, clear navigation, and a focus on partner engagement and responsible retailing. Technically, the site is built on WordPress with common plugins and libraries, but suffers from significant security shortcomings including lack of a valid SSL certificate and DNS configuration issues. Privacy compliance is well addressed through Cookiebot consent management and a comprehensive privacy policy. However, the absence of HTTPS and security headers poses risks to user data and trust. Overall, the site is professional and content-rich but requires urgent security improvements to align with best practices and user expectations.

N

NOA

noa-vu.nl

0

NOA is a Dutch company specializing in scientifically validated online assessments and psychological tests, primarily serving educational institutions, HR professionals, and reintegration sectors. With over 25 years of experience and origins linked to the Vrije Universiteit, NOA holds a strong market position supported by ISO 9001 and ISO 27001 certifications. The website reflects a professional and consistent brand with comprehensive content and clear navigation, targeting Dutch-speaking audiences. Technically, the site uses Microsoft IIS with ASP.NET and Umbraco CMS, integrating modern tools like Google Tag Manager and Elmah.io for error logging. However, the absence of HTTPS is a critical security gap, exposing users to potential risks. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Contact information is complete and accessible, enhancing business credibility.

G

Gymnasium Camphusianum

camphusianum.nl

0

Gymnasium Camphusianum is a small, community-oriented gymnasium school located in Gorinchem, Netherlands, providing secondary education focused on broad academic knowledge and personal development. The website reflects a well-structured educational institution with clear communication channels, active social media presence, and comprehensive privacy and cookie policies compliant with GDPR. Technically, the site is built on WordPress with modern plugins and themes, leveraging Cloudflare CDN for content delivery. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. This exposes users to potential data interception risks and reduces trustworthiness from a security perspective. Overall, while the content and business credibility are strong, the lack of HTTPS is a major vulnerability that must be addressed promptly.

ALSO Holding AG operates in the technology sector, primarily focusing on IT distribution and related services. The domain also.nl currently serves as a minimal placeholder that immediately redirects users to the main corporate site also.com, indicating that the primary web presence is maintained elsewhere. The business targets B2B customers and partners within the technology industry, positioning itself as an established player with a large organizational size and international reach. Technically, the site is hosted on Apache servers with managed IP DNS services but lacks modern web infrastructure features such as SSL/TLS encryption, security headers, and performance optimizations. The absence of HTTPS and security best practices represents a significant security risk and lowers trustworthiness. No privacy or cookie policies are present, and no contact information is provided on this domain, which further reduces compliance and user trust. Overall, the domain appears legitimate and consistent with the corporate identity but requires urgent improvements in security and content to meet modern standards.

The website chavabeijk.nl represents a personal artist site for soprano Chava Beijk, providing information about her musical repertoire, collaborations, and contact details for concerts and singing lessons. The site targets classical music enthusiasts, concert organizers, and students interested in vocal training. The business model is focused on personal promotion and service offerings in the niche classical music sector, with a small scale and localized presence in the Netherlands. Technically, the site is hosted on an Apache server with basic JavaScript for UI interactions and is hosted by Mijndomein. The site lacks modern frameworks, CMS, or advanced performance optimizations, resulting in slow loading and poor mobile optimization. No analytics or tracking technologies are detected, indicating minimal digital maturity. From a security perspective, the site lacks HTTPS and a valid SSL certificate, exposing users to potential risks. No advanced security headers or policies are implemented, and no privacy or cookie policies are present, indicating poor compliance with GDPR and modern privacy standards. The DNS configuration is basic with SPF but lacks DNSSEC and CAA records. Overall, the security posture is weak, with critical recommendations needed to improve encryption and security headers. Overall, the site is functional for its purpose but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect visitors. The lack of HTTPS is a critical issue that significantly lowers the security score and overall AI rating.

The Lucille Werner Foundation is a small Dutch non-profit organization dedicated to improving the visibility and inclusion of people with disabilities through media, events, and labor market initiatives. The website reflects this mission with clear content and navigation but lacks critical compliance elements such as privacy and cookie policies. Technically, the site is built on the JouwWeb CMS platform and hosted on Google Cloud infrastructure, but it suffers from an invalid SSL certificate, resulting in no proper HTTPS security. Security headers are partially implemented, and minimal user tracking is done via Plausible Analytics, indicating some privacy awareness. Overall, the security posture is weak due to missing HTTPS and lack of advanced security configurations. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic improvements in SSL configuration, privacy compliance, and contact transparency are recommended to enhance trust and security.

S

Stork

stork.com

0

Stork is an established industrial services company focused on asset management, maintenance, and consultancy primarily in the energy and process industries. Recently acquired by Bilfinger, Stork operates under its umbrella in several key countries including Belgium, the Netherlands, Germany, and the USA. The website presents a comprehensive overview of their services and global presence, targeting industrial clients seeking lifecycle asset support. Technically, the site uses modern React technology but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies including consent mechanisms. However, explicit contact details like emails and phone numbers are not readily available, relying mainly on contact forms. Overall, the site is professional and trustworthy but would benefit from improved security configurations and performance optimizations.

R

Roswel

roswel.nl

0

Roswel is a small international wholesale company specializing in fittings, piping systems, and sustainable heating technologies, including pellet stoves. Established in 2009, it serves various sectors such as water technology, agriculture, and installation technology, primarily targeting businesses in the Netherlands and Germany. The company also acts as a distributor for SALUS CONTROLS in the Netherlands, offering products and support for heating and cooling control systems. The website reflects a professional business with clear product offerings and contact channels but lacks advanced security measures.

N

Nameshift.com

racon.co.uk

0

The website racon.co.uk is a domain sales landing page operated by Nameshift.com, a small technology business based in the Netherlands specializing in domain name transfers and escrow services. The business model focuses on providing a safe, fast, and fee-free domain transfer experience for buyers, with the seller paying commissions. The site content is minimal and primarily serves as a transactional interface for domain purchase via Nameshift.com. Technically, the site uses modern frameworks such as SvelteKit and is hosted by Hosting Concepts B.V., but suffers from poor performance and incomplete content presentation. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, alongside malformed DNS CAA records and lack of domain protection locks. Privacy compliance is minimal, with no visible privacy or cookie policies, and no contact emails or phone numbers provided. Overall, the site presents moderate trustworthiness but requires significant improvements in security and privacy to meet professional standards.

E

EasyAds

easyads.eu

0

EasyAds is a Dutch online marketing bureau specializing in e-commerce growth through automation, marketing optimization, and integration with marketplaces and advertising channels. The company has a solid market position supported by recognized partnerships with Channable, Google, Microsoft, and Cookiebot, and has been operating since 2006. Their services include datafeed management, marketplace integrations, advertising channel management, and managed campaign services, targeting retailers and brands seeking scalable online growth. Technically, the website is built on WordPress with Elementor and several plugins, hosted on WordPress.com's Atomic infrastructure. The site is multilingual and uses modern marketing and analytics tools, including Google Analytics and LinkedIn Insight, with a cookie consent mechanism via Cookiebot. However, the SSL certificate is invalid or missing, resulting in no HTTPS support, which is a critical security issue. Security headers are partially implemented, but TLS protocols are disabled, and no DNSSEC or CAA records are configured. Contact information is available via email, phone, and contact forms, but no explicit privacy policy or terms of service pages were found. Overall, the website is professional and content-rich but requires urgent security improvements to ensure trust and compliance.

S

Studiewereld Laudius

laudius.nl

0

Laudius is a well-established Dutch education provider specializing in affordable, recognized home study courses. With over 40 years of experience, it targets individuals seeking flexible learning options for career advancement and personal development. The website is built on TYPO3 CMS and hosted via Cloudflare, integrating Google Tag Manager for analytics and marketing. Despite good content quality and professional design, the absence of a valid SSL certificate significantly weakens the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact channels including phone and social media. Certifications and customer reviews enhance trustworthiness. Strategic improvements in SSL implementation and security best practices are recommended to elevate overall security and user trust.

A

APG

apg.nl

0

APG is a large Dutch pension fund service provider specializing in pension administration, asset management, and advisory services. The website is content-rich, professionally designed, and targets pension participants and institutional investors. The technical infrastructure includes Cloudflare hosting, Umbraco CMS, and multiple marketing and analytics tools such as Google Tag Manager and Cookiebot. However, a critical security issue is the absence of a valid SSL certificate and enabled TLS protocols, which severely impacts the security posture. Security headers are well implemented, but the lack of HTTPS reduces trust and security. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via web forms, with no explicit emails or phone numbers found. Social media presence is active on LinkedIn, Facebook, and Instagram. Overall, the website is professional and trustworthy but requires urgent SSL/TLS configuration improvements to enhance security and user trust.

BE Semiconductor Industries N.V. (Besi) is a leading technology company specializing in the development and manufacturing of advanced semiconductor assembly equipment and processes. Their product portfolio includes solutions for die attach, packaging, plating, and cleaning, serving diverse markets such as electronics, automotive, industrial, and renewable energy sectors. The website reflects a mature business with a strong investor relations presence and comprehensive corporate governance disclosures, indicating a well-established market position. Technically, the website is built on the TYPO3 CMS platform, utilizing jQuery and Google Tag Manager for analytics and tracking. While the site has a professional design and clear navigation, it lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols exposes the site to potential risks and undermines user trust. Additionally, no cookie consent mechanism or detailed privacy compliance features are present, which may pose compliance challenges. From a security perspective, the site implements several security headers and restricts device permissions, but the invalid SSL configuration and lack of session resumption or OCSP stapling reduce overall security effectiveness. No incident response or vulnerability disclosure policies are publicly available, limiting transparency in security management. Overall, the website demonstrates solid business credibility and content quality but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect user data effectively.

N

Nameshift.com

ibk.fr

0

The website ibk.fr is a domain sales landing page managed by Nameshift.com, a company specializing in domain name transfers and escrow services. The business model focuses on providing a safe, fast, and fee-free domain transfer experience for buyers, with the seller paying commissions. The site targets individuals and businesses looking to purchase domain names securely. Technically, the site uses modern frameworks such as SvelteKit and is hosted on a CDN associated with Nameshift.com. However, the website suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Additionally, privacy and cookie policies are missing, and DNS security configurations are incomplete or malformed. These factors reduce trust and compliance with data protection regulations. Overall, the site presents a basic but functional domain sales platform with room for significant security and compliance improvements.

S

Skyliner Automatisering B.V.

skyliner.nl

0

Skyliner Automatisering B.V. is a mature Dutch ICT service provider established in 1999, offering a broad range of ICT solutions including system management, cloud services, VoIP, software development, and security services. The company targets businesses and organizations in the Netherlands seeking reliable and comprehensive ICT support. Their market position is supported by long domain tenure, recognized certifications, and positive customer testimonials. Technically, the website is built on WordPress with modern plugins and scripts, but suffers from a lack of proper SSL/TLS configuration, impacting security posture. The site is well structured with good SEO and mobile optimization, though performance metrics indicate slow loading. Security-wise, the absence of HTTPS and security headers are critical issues, though no active vulnerabilities or WAF blocking were detected. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, the website reflects a credible and professional ICT business but requires urgent improvements in SSL security to enhance trust and compliance.

P

Post & Co

post-co.com

0

Post & Co is an independent provider specializing in marine liability and logistics insurance, serving a broad range of clients in the maritime and logistics sectors including ship owners, charterers, terminal and transport operators, and port authorities. The company emphasizes quality service, innovation, and market focus, with a presence in Rotterdam, Antwerp, and Frankfurt. Their website reflects a professional business with multilingual support and clear contact channels. Technically, the site is built on WordPress using common plugins and frameworks but lacks a valid SSL certificate, which significantly impacts security posture. The site uses Google Analytics and has cookie consent mechanisms in place, indicating some privacy compliance. However, the absence of HTTPS and modern TLS protocols presents a critical security risk. Overall, the business appears legitimate and established, but the website requires urgent security improvements to protect user data and enhance trust.

N

Nameshift.com

kontext.nl

0

Nameshift.com operates as a domain name brokerage and escrow service focused on providing safe, fast, and fee-free domain transfers for buyers. The business model centers on charging sellers a commission while offering buyers a secure and straightforward purchasing experience. The website content is minimal and primarily serves as a landing page to facilitate domain purchases via Nameshift.com. Technically, the site uses modern web technologies such as SvelteKit and is hosted on a Caddy server, but lacks proper SSL/TLS configuration, resulting in no HTTPS availability. This significantly impacts the security posture and user trust. Security headers are partially implemented, but critical vulnerabilities exist due to the absence of a valid SSL certificate and TLS protocols. Privacy and cookie policies are missing, and no contact emails or phone numbers are provided, limiting compliance and user support capabilities. Overall, the site demonstrates a basic digital presence with room for significant improvements in security, privacy, and content completeness.

R

Rituals Cosmetics

rituals.com

0

Rituals Cosmetics operates a large-scale international e-commerce platform specializing in cosmetics and lifestyle products. The website offers a localized shopping experience with multiple country and language options, leveraging Salesforce Commerce Cloud technology. The technical infrastructure includes modern JavaScript libraries, tag management, and analytics tools, but suffers from a lack of a valid SSL certificate and security headers, which significantly impacts the security posture. Privacy compliance is addressed with cookie consent mechanisms and a comprehensive privacy policy, though explicit contact and security policy information is limited. Overall, the website is professional and trustworthy from a business perspective but requires urgent improvements in security configuration to protect user data and maintain trust.

M

Meester Schabergschool

schabergschool.nl

0

Meester Schabergschool is a small Christian primary school located in The Hague, Netherlands, operating under the Stichting Christelijk Onderwijs Haaglanden foundation. The website provides relevant information about the school, its educational offerings including newcomer education, and contact details for parents and guardians. The site is built on a legacy Microsoft IIS and ASP.NET technology stack with the Ziber CMS platform. While the content is well structured and professionally presented, the technical infrastructure shows signs of aging with no valid SSL certificate and outdated TLS configurations, impacting security and user trust. The absence of privacy and cookie policies indicates non-compliance with GDPR requirements, which is critical for an EU-based educational institution. Contact information is clearly provided, including email, phone, physical address, and a contact form with Google reCAPTCHA v3 integration to prevent spam. Overall, the website serves its informational purpose but requires urgent security and privacy improvements to meet modern standards.

W

WeAreDevelopers

wearedevelopers.com

0

WeAreDevelopers operates as Europe’s leading developer community platform, providing a comprehensive ecosystem for developers and companies to connect through job boards, events, and educational content. The platform hosts major events such as the WeAreDevelopers World Congress and offers extensive resources including tech talks and salary calculators. Their market position is strong within the European technology sector, targeting developers and tech companies with a large and active user base. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted via Cloudflare with Imgix for image delivery, and integrates video content hosted on Vimeo. The site demonstrates good design quality, mobile responsiveness, and SEO practices, although performance metrics are unavailable. Accessibility is basic but present. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data security. Other security headers are partially implemented but insufficient. Privacy and cookie policies are present and indicate GDPR compliance, supporting responsible data handling. Overall, the platform is professionally managed with strong business credibility and content quality but requires urgent improvements in security infrastructure to protect users and maintain trust. Strategic recommendations include immediate SSL deployment, enabling HTTPS, and enhancing security headers and practices.

N

Nameshift.com

unterweger.eu

0

The website unterweger.eu is a domain sales and transfer service platform operated in partnership with Nameshift.com, a domain escrow and marketplace service. The business model focuses on providing a secure and simple way for buyers to purchase domain names with escrow protection, free assistance, and VAT invoicing. The target audience includes individuals and businesses seeking domain ownership with minimal risk. The website is built using modern web technologies such as SvelteKit and is hosted on a CDN associated with Nameshift.com. However, performance metrics are not available, and the site shows basic content quality with limited interactive elements. From a security perspective, the website lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability impacting user trust and data security. Although some security headers are present, the absence of TLS protocols and HSTS reduces the overall security posture significantly. No privacy or cookie policies are published, indicating poor privacy compliance. Contact information is limited to a physical address in the Netherlands, with no emails or phone numbers provided, which may affect user confidence. Overall, the website demonstrates a basic level of technical implementation and business credibility but suffers from critical security and privacy compliance gaps. Strategic improvements in SSL/TLS deployment, privacy policy publication, and contact transparency are essential to enhance trust and security. The domain registration data aligns well with the business claims, showing consistency and legitimacy without privacy protection, which is appropriate for this type of service.

I

International Commission on Missing Persons

icmp.int

0

The International Commission on Missing Persons (ICMP) is a globally recognized non-profit organization dedicated to addressing the issue of missing persons resulting from conflicts, disasters, and other causes. The organization collaborates with governments, civil society, and international bodies to provide expertise, data systems, and forensic services. Their website reflects a mature digital presence with comprehensive content, multilingual support, and clear navigation tailored to a diverse audience including families of missing persons and governmental agencies. Technically, the site is built on WordPress with modern plugins and Cloudflare CDN protection, but it suffers from a critical lack of a valid SSL certificate and proper TLS configuration, which significantly impacts its security posture. Privacy compliance is well addressed with GDPR-aligned cookie and privacy policies. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent improvements in SSL/TLS security to protect user data and maintain credibility.

P

PerfectView CRM Online

perfectview.nl

0

PerfectView CRM Online is a well-established Dutch CRM software provider with over 36 years of experience and a strong customer base exceeding 5,200 clients. The company offers a comprehensive SaaS CRM platform targeting Dutch businesses, emphasizing data privacy by hosting data within the Netherlands and maintaining ISO 27001 certification. The website reflects a professional and consistent brand presence with good content quality and clear navigation. Technically, the site is built on WordPress using common frameworks like Bootstrap and jQuery, with integration of marketing and analytics tools such as Google Tag Manager, Facebook Pixel, Hotjar, and LinkedIn Insight Tag. However, the website suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture and user trust. Other security best practices like HSTS and security headers are also missing. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Overall, the site is functional and credible but requires urgent security improvements to protect user data and enhance trust.

E

efficy

tribecrm.nl

0

Tribe CRM is a Dutch-based SaaS company offering a customizable CRM platform integrated with AI features, targeting businesses seeking to grow customer loyalty and optimize sales and marketing processes. The company operates under the parent company efficy and has a mature domain with consistent registration data. Technically, the website is built on WordPress with modern marketing and analytics tools such as Piwik PRO, Cookiebot, and VWO, supporting multiple languages and SEO best practices. However, a critical security weakness is the absence of a valid SSL certificate, resulting in no HTTPS support and lack of security headers, which significantly impacts the security posture. Privacy compliance is well addressed with comprehensive cookie and privacy policies and consent mechanisms. Overall, the website presents a professional and trustworthy business front but requires urgent security improvements to protect user data and enhance trust.

D

DMARC Advisor

dmarcadvisor.com

0

DMARC Advisor is a specialized technology company focused on providing DMARC and related email security services to businesses primarily in Europe and Africa. Their market position is strong as leading DMARC service experts, offering a comprehensive suite of tools and managed services including DMARC reporting, SPF management, DKIM validation, and BIMI hosting. The company emphasizes protecting domains against email abuse and phishing, targeting organizations that require robust email authentication solutions. Technically, the website is built on WordPress with modern JavaScript frameworks like Vue.js, and integrates various marketing and analytics tools such as Google Tag Manager and Microsoft Clarity. However, the website currently lacks a valid SSL certificate and modern TLS protocol support, which is a critical security gap. The security posture is further impacted by missing DNSSEC and improperly configured CAA records, though DMARC policies are correctly set to reject unauthorized emails. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms and a comprehensive privacy policy. Overall, the company demonstrates a professional and trustworthy online presence but should urgently address SSL/TLS and DNS security to enhance trust and security.

C

Convesio

convesio.nl

0

Convesio.nl is a specialized managed WordPress hosting provider focused on delivering scalable, high-performance hosting solutions using innovative Docker container technology. The company targets business-critical WordPress websites including WooCommerce shops, membership sites, and e-learning platforms, emphasizing automatic scaling, speed, and security. The website is professionally designed, content-rich, and well-structured, reflecting a mature digital presence. Technically, the site leverages modern web technologies including WordPress CMS, GeneratePress theme, and integrates with Google and Amazon cloud platforms. Security posture is adequate with HTTPS and TLS 1.3 support, but lacks advanced configurations such as HSTS, DMARC, and OCSP stapling, which are recommended for improvement. Privacy compliance is strong with a comprehensive cookie policy and GDPR consent mechanisms. Overall, the site presents a credible and trustworthy business with room for security enhancements.

U

Universiteit Utrecht

uu.nl

0

Universiteit Utrecht is a large, internationally recognized research university based in the Netherlands, providing higher education and research services primarily to students and academic professionals. The website is built on Drupal 10 with modern JavaScript libraries and integrates Google Tag Manager for analytics. Despite rich content and excellent design quality, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security shortfall. No advanced security headers or incident response policies are publicly disclosed, indicating room for improvement in security posture. Privacy policy is present and appears GDPR compliant, but no cookie consent mechanism was detected. Overall, the website is professional and trustworthy but requires urgent security enhancements to protect user data and improve compliance.

The PETRA-E Network website serves as an educational platform dedicated to literary translation, connecting institutions and individuals across Europe. It offers a professional framework for literary translation competences and fosters collaboration through resource sharing and events. The network is positioned as a niche educational entity with partnerships across multiple European universities and organizations. Technically, the website is built on WordPress with common web technologies such as jQuery and Bootstrap, hosted likely by Utrecht University. While the site provides good content quality and user experience, it lacks critical security implementations such as a valid SSL certificate and proper HTTPS configuration. Privacy and cookie policies are absent, which impacts compliance with GDPR standards. The site includes minimal user tracking via a lightweight analytics plugin and provides contact primarily through email and social media channels. Overall, the website is functional and professional but requires significant improvements in security and privacy compliance to enhance trust and protect users.

Soundcheck B.V. is a small Dutch rental company specializing in sound and lighting equipment for events such as theater productions, festivals, concerts, TV productions, weddings, and corporate events. The company has a mature domain registered since 2002, consistent with its stated business history. The website content is basic and primarily in Dutch, targeting local event organizers and production companies. Technically, the website uses legacy HTML and JavaScript without modern frameworks or CMS, resulting in slow load times and poor mobile optimization. Critically, the site lacks HTTPS support, exposing users to security risks. No privacy or cookie policies are present, and no contact information is explicitly provided on the homepage, which impacts trust and compliance. The DNS and MX records are properly configured, but security configurations such as DNSSEC, HSTS, and security headers are missing. Overall, the website demonstrates a low security posture and basic digital maturity, requiring significant improvements to meet modern security and privacy standards.

S

Spotler

spotler.nl

0

Spotler is a Dutch technology company founded in 2017 specializing in data-driven marketing software solutions. Their product suite includes customer data platforms, AI-powered chatbots, CRM, email marketing automation, and social media management tools. The company serves over 5,000 organizations, positioning itself as a trusted mid-sized player in the marketing technology sector. The website is professionally designed, multilingual, and rich in content including customer case studies and detailed product information. Technically, the site is built on WordPress, uses Cloudflare for hosting and CDN, and integrates modern marketing tools like Google Tag Manager. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS support, which is a critical issue for trust and compliance. Privacy and cookie policies are present and GDPR compliant, and the company holds ISO 27001 certification, indicating a commitment to information security. Overall, the website is credible and professional but requires urgent security improvements to protect user data and enhance trust.

W

Wijzer in geldzaken

financieelfittewerknemers.nl

0

Financieel fitte werknemers is a Dutch government-backed initiative by the Ministry of Finance aimed at helping employers support employees with financial wellbeing. The website provides informational resources, toolkits, e-learning, and guidance to recognize and address financial stress in the workplace. It targets employers and HR professionals in the Netherlands, positioning itself as a niche government platform with consistent branding and good content quality. Technically, the site is hosted on a DigitalOcean IP, served by nginx, and uses modern web technologies including Google Tag Manager and ReadSpeaker for accessibility. However, the site suffers from critical security issues including an invalid or missing SSL certificate and no enabled TLS protocols, which severely impact its security posture. Performance is slow, but mobile optimization and accessibility are good. SEO practices are well implemented. Security-wise, while some best practices like HSTS header presence exist, the lack of valid SSL and TLS support is a major vulnerability. No incident response or security policy pages are found, and DNSSEC is not enabled. Privacy compliance is strong with clear cookie consent and privacy policies aligned with GDPR. Overall, the site is a credible government resource with good content and user experience but requires urgent security improvements to protect user data and trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, fixing DNS CAA records, and enhancing security headers and incident response readiness.

W

Wijzer in geldzaken

weekvanhetgeld.nl

0

Week van het geld is a Dutch national initiative focused on promoting financial literacy among children and youth through educational programs and partnerships with government and financial sector entities. The website serves as an information hub offering thematic packages, guest lessons, explainer videos, and toolkits for schools and parents. The initiative is positioned as a trusted, government-related non-profit with a clear target audience in the education sector. Technically, the website uses a modern stack including nginx, Google Tag Manager, and accessibility tools like ReadSpeaker. However, it suffers from a critical security flaw: the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. The site is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security-wise, the lack of HTTPS and proper SSL configuration is a major vulnerability. While other security headers are partially present, the site does not implement advanced protections such as OCSP stapling or session resumption. No explicit security or incident response policies are published, which could be improved to enhance trust. Overall, the website is functional and professional but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling HTTPS, fixing DNS CAA records, and publishing security policies to improve compliance and user confidence.

W

Wijzer in geldzaken

geldlessen.nl

0

Geldlessen.nl is a Dutch educational platform operated by Wijzer in geldzaken, dedicated to improving financial literacy among school-aged children and youth in the Netherlands. The platform offers a comprehensive range of educational materials, teacher training, podcasts, and subsidy information to support financial education across primary, secondary, and vocational education sectors. It holds a strong market position as a trusted non-profit initiative with consistent branding and a clear mission. Technically, the website is built on a modern stack using nginx, JavaScript modules, and integrates Google Tag Manager and ReadSpeaker for accessibility and analytics. The hosting appears to be on DigitalOcean. The site is well-structured, mobile-optimized, and SEO-friendly, providing an excellent user experience. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. From a security perspective, the site lacks a valid SSL/TLS certificate, uses no modern TLS protocols, and has malformed CAA DNS records. While some security headers like HSTS are present, the overall security posture is weak, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is a credible and professional educational resource but requires urgent security improvements, particularly in SSL/TLS deployment, to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, DNS record corrections, and publishing security policies to strengthen the security posture and compliance.

S

Stichting De Friesland

stichtingdefriesland.nl

0

Stichting De Friesland is a Dutch non-profit foundation focused on supporting innovative healthcare projects that improve the quality of care and life for people. The website presents clear information about their mission, supported projects, and application procedures, targeting healthcare organizations and innovators. The foundation appears to have a solid market position within the regional healthcare sector in the Netherlands, with consistent branding and trust indicators such as ANBI status and links to reputable partners like Achmea. Technically, the website is built on Sitecore CMS with Vue.js and jQuery, hosted likely on Microsoft Azure. However, the site suffers from a lack of a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Performance is slow, with a high page load time, and some DNS misconfigurations are present. Privacy compliance is basic but present, with privacy and cookie policies available. Contact information is limited to a contact form, with no direct emails or phone numbers found. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

I

Insocial

insocial.nl

0

Insocial is a Dutch-based experience management platform founded in 2012, offering a suite of tools to collect and analyze customer and employee feedback. The company targets businesses aiming to enhance their brand, customer, service, user, and employee experiences through actionable insights and AI-powered analytics. The website is professionally designed, content-rich, and well-structured, leveraging HubSpot CMS and various marketing technologies. However, a critical security gap exists due to the absence of a valid SSL certificate, exposing users to potential risks. Security headers are implemented, but the lack of HTTPS and malformed DNS CAA records significantly weaken the security posture. Privacy compliance is partially addressed with a privacy policy and GDPR alignment, but no cookie consent mechanism is detected. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the site demonstrates a mature business with good digital presence but requires urgent security improvements.

D

De christelijke zorgverzekeraar

prolife.nl

0

De christelijke zorgverzekeraar is a Dutch health insurance provider focused on integrating Christian values with healthcare services. It operates as part of the larger Zilveren Kruis and Achmea insurance group, offering a range of basic and supplementary insurance products, including dental and mental health care. The website targets the Dutch Christian community, providing comprehensive information, online self-help resources, and customer service support. The company maintains a strong market position with positive customer ratings and active social media engagement. Technically, the website uses modern web technologies including jQuery, Vue.js, and Coveo search integrated with Sitecore CMS. The hosting is managed through Brandshelter DNS services. While the site is well-structured and mobile-optimized with good SEO and accessibility basics, it suffers from critical security shortcomings due to the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts its security posture. Security headers are properly configured, and privacy policies are comprehensive and GDPR compliant, reflecting a mature privacy stance. However, the lack of HTTPS and secure SSL/TLS configuration poses significant risks to user data and trust. The site employs extensive analytics and marketing tools, indicating a high level of user tracking and data collection. Overall, the website is professional and credible from a business perspective but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security configurations to meet industry best practices.

Z

Zorgkantoor Friesland

zorgkantoorfriesland.nl

0

Zorgkantoor Friesland is a regional healthcare office responsible for the execution of the Long-term Care Act (Wlz) in Friesland, Netherlands. The organization provides long-term care advice, manages personal budgets (PGB), and coordinates care providers for consumers in the Friesland region. The website is professionally designed, well-structured, and targets consumers seeking long-term care services. It uses modern technologies including Sitecore CMS, Vue.js, and Coveo search integration, indicating a mature digital infrastructure. However, performance metrics are missing and inferred to be slow, suggesting room for optimization. Security posture is weak due to the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a healthcare-related site. Privacy policies and cookie policies are present and GDPR compliant, but no explicit consent mechanism is detected. Contact information is clear with a phone number and contact form available, enhancing business credibility. Overall, the site is trustworthy but requires urgent security improvements to protect user data and comply with best practices.

Stichting De Letselschade Raad is a Dutch non-profit organization focused on improving the personal injury claims process by collaborating with professional parties in the sector. It acts as an independent register and quality overseer, developing behavior codes, guidelines, and providing general information to victims and professionals. The organization is government-supported and recognized within the Dutch legal and healthcare sectors. Technically, the website is built on WordPress with common plugins like Yoast SEO and WP Rocket for performance optimization. However, a critical security shortfall is the lack of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Privacy and cookie policies are present and GDPR compliant with an opt-in consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

G

Grain Data Consultants

graindata.com

0

Grain Data Consultants is a specialized data consultancy firm based in the Netherlands, focusing on helping businesses leverage online data to increase sales, create relevance, find truth, and gain control through data-driven solutions. Their services include consultancy, data collection architecture, data cleaning and transformation, storage and distribution, analysis, and visualization. The company targets businesses seeking to optimize marketing and sales through advanced data science and machine learning techniques. Technically, the website uses a modern tech stack including nginx, Bootstrap, jQuery, and proprietary tools like Harvest, hosted on TransIP infrastructure. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Security headers are partially implemented but insufficient without proper SSL. Privacy compliance is weak, with no privacy or cookie policy found. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional in design and content but requires urgent security and compliance improvements.

A

Attens Hypotheken

attens.nl

0

Attens Hypotheken is a specialized mortgage provider focusing on employees in the healthcare and welfare sectors in the Netherlands. The company offers tailored mortgage advice and products, including sustainability incentives, positioning itself as a niche player in the finance and real estate sectors. The website content is professionally presented with clear navigation and relevant information for its target audience. Technically, the site uses common JavaScript libraries and tracking tools, hosted likely on Microsoft Azure infrastructure. However, the website lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security flaw. Privacy and cookie policies are comprehensive and include consent mechanisms, reflecting good compliance with GDPR requirements. The absence of direct contact emails or phone numbers on the site reduces immediate contactability but may be intentional to route inquiries through advisors. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and trust.

A

Achmea Bank N.V.

acierfinancieringen.nl

0

Acier Financieringen operates as a trade name of Achmea Bank N.V., providing mortgage financing, insurance mediation, and savings and investment products primarily targeting Dutch homeowners. The company is well-established with regulatory licenses from De Nederlandsche Bank and registration with the Dutch Authority for the Financial Markets, positioning it as a credible financial services provider in the Netherlands. The website content is professionally presented in Dutch, with clear navigation and relevant business information, although no direct contact emails or phone numbers are visible in the provided HTML content. Technically, the website uses jQuery and a consent monitoring script from Harvest Graindata, hosted on Brandshelter infrastructure. Performance is slow with a large page size and long load time, but mobile optimization and navigation clarity are good. However, the absence of a valid SSL certificate is a critical security flaw, exposing users to potential risks. DNS records show a strict SPF policy but malformed CAA entries, and no security headers or advanced TLS features are enabled. Security posture is weak due to missing HTTPS and lack of security policies or incident response information on the site. Privacy compliance is adequate with clear cookie and privacy policies and a consent mechanism. Business credibility is strong given the regulatory disclosures and professional presentation. Overall, the site requires urgent SSL implementation and security hardening to protect users and improve trust. Strategic recommendations include immediate installation of a valid SSL certificate, correction of DNS CAA records, enabling security headers and HSTS, publishing security and incident response policies, and improving site performance to enhance user experience and security posture.