Security Directory

U

UiT Norges arktiske universitet

uit.no

0

UiT Norges arktiske universitet is a prominent Norwegian university specializing in Arctic education and research. The website serves a broad audience including students, researchers, and staff, providing comprehensive information about study programs, research initiatives, and public services. The institution maintains a strong digital presence with extensive use of third-party services for analytics, marketing, and content delivery. Technically, the site employs modern frameworks like Bootstrap and jQuery, along with Font Awesome for icons, and integrates a robust cookie consent mechanism via Cookiebot. However, the website suffers from an invalid SSL certificate, which significantly impacts its security posture. While privacy compliance is well addressed with detailed cookie policies and GDPR adherence, the absence of explicit terms of service and security headers indicates areas for improvement. Overall, the site is professional and trustworthy but requires urgent attention to its SSL configuration to ensure secure user interactions.

D

Direktoratet for høyere utdanning og kompetanse

diku.no

0

Direktoratet for høyere utdanning og kompetanse (HK-dir) is a Norwegian government agency responsible for national administration and policy implementation in higher education, vocational education, and competence development. Established in 2021 through a merger of several agencies, it serves as a key authority in Norway's education sector, providing services such as career guidance, foreign education recognition, funding programs, and statistical reporting. The website targets professionals and stakeholders in education and workforce development within Norway. Technically, the website is built using modern web technologies including Next.js and Sanity CMS, with integration of Google Fonts and Siteimprove Analytics. The site is well-structured, mobile-optimized, and provides good accessibility and SEO features. However, performance is moderate with a load time of approximately 5.8 seconds. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No security headers or advanced TLS configurations are present, exposing the site to potential risks. Privacy compliance is strong, with a comprehensive GDPR-compliant privacy policy and clear contact information. No cookie consent mechanism or terms of service were found. Overall, while the business and content aspects are solid and trustworthy, the lack of HTTPS and proper SSL configuration significantly lowers the security posture and overall risk rating. Immediate remediation of SSL/TLS issues is recommended to protect user data and enhance trust.

H

Havforskningsinstituttet

imr.no

0

Havforskningsinstituttet is the largest marine research institute in Europe, based in Norway, focusing on marine research, advisory services, and environmental monitoring. The website reflects a well-established government entity with a large staff and a comprehensive content offering targeted at researchers, policymakers, and the public interested in marine science. Technically, the site uses modern web technologies and frameworks, ensuring good accessibility, SEO, and user experience. However, a critical security weakness is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and contact information is clearly provided. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

Svalbard Integrated Arctic Earth Observing System

sios-svalbard.org

0

SIOS (Svalbard Integrated Arctic Earth Observing System) is an established international research infrastructure focused on long-term Earth system science measurements in the Svalbard region. The organization operates a mature website providing access to data portals, research infrastructure information, and community resources targeting scientists and researchers in Arctic studies. The website is built on Drupal 10 with modern frontend libraries, offering a good user experience and clear navigation. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Privacy and cookie policies are present and GDPR compliant, reflecting attention to regulatory requirements. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect users and data.

T

The Norwegian Scientific Academy for Polar Research

polar-academy.com

0

The Norwegian Scientific Academy for Polar Research operates a specialized educational and research website focused on polar regions and interdisciplinary scientific challenges. The organization is positioned uniquely as the sole scientific academy dedicated to polar research with a global perspective. The website serves researchers, academics, and students with information about membership, events such as summer schools, publications, and news. Technically, the site is built on the Squarespace platform using standard web technologies including jQuery and Typekit fonts. While the design and content quality are good with consistent branding and clear navigation, the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is addressed with a cookie banner and a privacy policy page, indicating GDPR awareness. Contact information is clearly provided, including a company email and physical address in Norway. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

T

The Nansen Legacy

arvenetternansen.com

0

The Nansen Legacy website represents a collaborative Arctic research project focused on the Barents Sea and related environmental studies. It serves as an information portal for research activities, team members, publications, and events. The project is supported by multiple Norwegian academic and governmental institutions, indicating a strong presence in the education and research sector. The website targets researchers, early career scientists, and stakeholders interested in Arctic science. Technically, the site is built on WordPress with Elementor and hosted on WordPress.com infrastructure. While the site uses HTTPS and modern web technologies, its performance is slow with a high number of resources loaded. Accessibility and SEO are basic to good, but there is room for improvement in security headers and advanced SSL configurations. Security posture is moderate with valid SSL but lacking HSTS and OCSP stapling. No explicit privacy or cookie policies were found, which is a compliance gap especially under GDPR. Contact information is limited to an email address, with no phone numbers or detailed business registration data visible. Social media presence is active on major platforms. Overall, the site is a credible academic project portal but would benefit from enhanced privacy compliance, improved security headers, and performance optimizations to strengthen trust and user experience.

F

Framsenteret Drift AS

framsenteret.no

0

Framsenteret Drift AS operates as a Norwegian Arctic research center focused on interdisciplinary climate and environmental research of high international standard. The organization collaborates with numerous research institutions and partners, positioning itself as a key player in Arctic research and policy support. The website serves as a platform for disseminating research findings, hosting events, and providing information about ongoing projects and collaborations. The target audience includes researchers, policymakers, environmental stakeholders, and the general public interested in Arctic issues. Technically, the website is built on WordPress with a modern tech stack including jQuery, Font Awesome, and Matomo analytics for privacy-conscious user tracking. The site is well-structured with good SEO metadata and accessibility features, though performance is slow with a load time exceeding 12 seconds. Mobile optimization is good, and navigation is clear and professional. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols are enabled, and advanced security features like OCSP stapling and session resumption are missing. The site does implement HSTS but without HTTPS, this is ineffective. No explicit security or incident response policies are found, indicating gaps in security governance. Overall, the site is trustworthy and professionally maintained with strong business credibility and content quality. However, the lack of HTTPS and security policies significantly lowers its security posture and overall risk profile. Strategic improvements in SSL/TLS deployment and security governance are recommended to enhance trust and compliance.

B

bioCEED

bioceed.no

0

bioCEED is a Norwegian Centre for Excellence in Biology Education focused on developing biology education that integrates scientific knowledge, practical skills, and societal applications. The organization targets biology students, educators, and researchers, providing a range of educational resources, research projects, and student engagement platforms. The website reflects a mature and established educational entity with consistent branding and a good content quality level. Technically, the site is built on WordPress with common plugins and themes but suffers from slow performance and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support represents a major security risk. Privacy compliance is weak, with no visible privacy or cookie policies. Overall, the site is credible but requires urgent security and compliance improvements.

I

iEarth

iearth.no

0

iEarth is a Norwegian educational center focused on integrated earth science education, fostering innovative and student-centered learning environments. It collaborates with major Norwegian universities and research centers to provide educational resources, events, and research support for future earth scientists. The website reflects a well-structured and professionally branded platform targeting students and educators in the geosciences sector. Technically, the site is built on Webflow with modern technologies including jQuery, Google Analytics, and Weglot for multilingual support. Performance is moderate with some room for optimization. Security posture is basic with HTTPS enabled but lacking advanced features such as HSTS and OCSP stapling, and the SSL certificate is close to expiry. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the domain registration is consistent and mature, supporting the legitimacy of the site.

U

UNIS

unis.no

0

UNIS (The University Centre in Svalbard) is a specialized educational and research institution focused on Arctic studies, offering courses and research opportunities in biology, geology, geophysics, technology, and safety. It serves students and researchers interested in polar science and provides comprehensive student support and facilities. The website is professionally designed, content-rich, and well-structured, targeting students and academic researchers. Technically, it is built on WordPress with modern plugins and hosted on Hostinger with LiteSpeed server technology. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Security headers are well implemented, but the absence of HTTPS significantly lowers the security posture. Privacy compliance is moderate with a privacy policy present but no visible cookie consent mechanism. Business credibility is strong with clear contact information, organizational transparency, and social media presence. Overall, the site is trustworthy but requires urgent security improvements to protect user data and enhance trust.

Longyearbyen lokalstyre operates as the local government authority for Longyearbyen, Svalbard, providing essential municipal services, political information, and community engagement through its website. The site targets residents and visitors seeking local governance and public service information. Technically, the website is built on the SiteVision CMS platform, utilizing JavaScript libraries including React and jQuery. Despite a well-structured and content-rich site, the absence of a valid SSL certificate and HTTPS support is a critical security flaw, exposing users to potential risks. The site includes a privacy policy compliant with GDPR but lacks a cookie consent mechanism and terms of service. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

Store Norske Spitsbergen Kulkompani AS is a historic Norwegian company with over 100 years of industrial activity in the Arctic region, primarily focused on coal mining, real estate, logistics, and energy production including renewable energy initiatives. The company maintains a strong local presence in Longyearbyen, Svalbard, and serves a diverse audience including industry partners, local residents, and tourists. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site uses modern frameworks such as Nuxt.js and Craft CMS, hosted on DigitalOcean, but suffers from slow performance and lacks HTTPS, which is a critical security concern. Security posture is weak due to absence of SSL/TLS, security headers, and modern protocols. Privacy compliance is good with a clear cookie consent mechanism and a comprehensive privacy policy. Contact information and social media presence are clearly provided, enhancing business credibility. The domain is very recently registered, which is inconsistent with the company's long history, suggesting a recent domain acquisition or migration. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance trust.

N

Norsk helsenett SF

nhn.no

0

Norsk helsenett SF is a Norwegian state-owned enterprise responsible for delivering and maintaining national ICT infrastructure and e-health solutions for the healthcare sector. The organization is well-established with a domain age of 25 years and operates under the Ministry of Health and Care Services. Their services include healthcare registers, videoconferencing, electronic death notifications, and membership in the national health network, targeting healthcare professionals and Norwegian citizens. The website content is rich, professionally designed, and well-structured, providing clear navigation and relevant information about their offerings and events. Technically, the website uses modern frontend technologies such as Tailwind CSS and Matomo for analytics, hosted on Azure and served via Fastly CDN. The site is mobile-optimized and accessible, though performance is moderate with a page load time of approximately 4.8 seconds. SEO and metadata are well implemented, including Open Graph tags for social sharing. From a security perspective, the website currently lacks a valid SSL certificate, resulting in no HTTPS availability, which is a critical issue. Additionally, no security headers or HSTS are implemented, and TLS protocols are disabled, exposing the site to potential risks. The SPF DNS record is properly configured, and no subdomain takeover vulnerabilities were found. Privacy compliance is good, with a comprehensive privacy policy and cookie policy present, though no explicit cookie consent mechanism is implemented. Contact information is available via a contact page, but no direct emails or phone numbers are exposed on the site. Overall, the website is trustworthy and credible, reflecting its government ownership and mature domain registration. However, the lack of HTTPS and proper SSL configuration significantly impacts its security posture and user trust. Strategic improvements in SSL deployment, security headers, and cookie consent mechanisms are recommended to enhance security and compliance.

R

Rogaland fylkeskommune

rogfk.no

0

Rogaland fylkeskommune is the official regional government authority for Rogaland county in Norway, providing a broad range of public services including education, transportation, culture, health, and planning. The website serves as an information portal for residents and stakeholders, offering access to services, news, events, and contact information. The organization maintains a strong presence with clear branding, comprehensive privacy and cookie policies, and active social media channels. Technically, the site is built on Microsoft IIS with ASP.NET and uses Acos CMS, supported by Azure DNS infrastructure. While the site demonstrates good content quality, accessibility, and privacy compliance, it suffers from a critical security flaw: the absence of HTTPS/SSL encryption, exposing users to potential risks. This significantly impacts the overall security posture and trustworthiness of the site. Strategic improvements in SSL deployment and security best practices are urgently recommended to safeguard user data and enhance trust.

S

Statens vegvesen

vegvesen.no

0

Statens vegvesen is the Norwegian government agency responsible for road infrastructure, traffic information, vehicle registration, and driver licensing services across Norway. The website serves as a comprehensive portal for citizens to access traffic updates, vehicle information, and licensing services, targeting Norwegian residents and road users. The business model is that of a public service provider with a national mandate, positioning itself as the authoritative source for transportation-related information and services in Norway. Technically, the website employs modern web technologies including Microsoft Application Insights for telemetry and Boost.ai for chat services, indicating a moderate level of digital maturity. The site is hosted likely on Microsoft Azure infrastructure and features responsive design and accessibility considerations. However, performance metrics were not available, and no CMS was explicitly detected. From a security perspective, the site suffers from critical SSL/TLS misconfigurations, lacking a valid certificate and proper HTTPS support, which significantly undermines user trust and security. While some security headers like Strict-Transport-Security are present, they are not fully enabled. No major vulnerabilities like Heartbleed or POODLE were detected, but the absence of proper encryption is a critical issue. Privacy compliance is strong with clear privacy and cookie policies, though no explicit security or incident response policies were found. Overall, the website is professionally designed and content-rich, serving its public service role well, but the lack of valid SSL/TLS is a major risk. Strategic improvements in security infrastructure and transparency around security policies are recommended to enhance trust and compliance.

T

twoday

twoday.no

0

twoday is a leading Nordic IT solutions provider specializing in digital transformation, data-driven technologies, and consultancy services for both public and private sectors. The company offers a broad range of services including Data & AI, Software Engineering, Digital Experiences, Business Applications, and Cloud Platforms and Security. Their market position is strong, supported by strategic partnerships with government agencies and recognition as a top employer. Technically, the website is built on HubSpot CMS with modern JavaScript libraries and frameworks, hosted via Cloudflare, and integrates multiple marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled HTTPS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a professional and trustworthy image but requires urgent remediation of its SSL configuration to ensure secure communications and maintain trust.

O

Ok

imgi.no

0

The website imgi.no presents a minimalistic and nearly empty web presence with only a single word 'ok' displayed on the homepage. There is no metadata, structured data, or any business-related content to provide insight into the company's operations, services, or market positioning. The domain is registered and hosted on Amazon Web Services with basic SSL security using TLS 1.2 and a strong cipher suite, but lacks modern security enhancements such as HSTS, DNSSEC, and certificate transparency compliance. No privacy, cookie, or terms of service policies are present, indicating a lack of compliance with common data protection regulations such as GDPR. The absence of contact information, forms, or social media links further limits the ability to assess the business or security posture. Overall, the website appears to be either under development or abandoned, with very low digital maturity and security posture.

Webmercs, developed by Data Design AS, is a mature e-commerce platform provider specializing in hosted webshop solutions with extensive integration capabilities. The company has a strong regional presence in the Nordic countries and is expanding into other European markets. Their platform offers a comprehensive suite of services including hosting, integration with ERP and payment systems, customizable design, and promotional tools. Technically, the website is built on ASP.NET MVC 5.1, uses Google Fonts and Google Analytics, and is hosted on infrastructure leveraging Google Cloud DNS. Security is addressed with an Extended Validation SSL certificate and strict transport security headers, but the site lacks modern TLS protocol support and published security or privacy policies. Overall, the platform demonstrates a solid business and technical foundation with room for improvement in security transparency and compliance documentation.

A

Advania

advania.no

0

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium-risk issues that could expose the business to regulatory penalties, reputational damage, and security breaches. Key weaknesses are evident in compliance with GDPR and NIS2 requirements, including the absence of privacy policies, cookie consent mechanisms, and formal security frameworks. Missing essential security headers and weak SSL configurations increase the risk of web-based attacks and data interception. While network and email security are robust, the gaps in policy documentation and incident response readiness pose significant operational risks. Immediate attention to regulatory compliance and cryptographic standards is necessary to protect customer data and ensure business continuity. Overall, the environment requires a focused remediation plan to elevate both security controls and governance policies to industry standards. Addressing these issues proactively will reduce legal exposure and enhance customer trust.

The website demonstrates a strong overall security posture with no critical or high severity issues detected. Key foundational protections such as email security, SSL/TLS configurations, and network security are fully compliant and robust, scoring 100/100. However, medium-level concerns exist around security headers, GDPR compliance, NIS2 requirements, and DNS health, notably the absence of DNSSEC. These medium issues highlight potential vulnerabilities in regulatory compliance and domain security that could expose the business to data privacy risks and domain spoofing attacks. Low severity items, such as missing CAA records, further indicate opportunities to enhance domain certificate management. Addressing these gaps will strengthen regulatory alignment, improve trust with users, and mitigate risks from DNS-based threats. Prioritizing these improvements ensures the website remains resilient against evolving cyber threats and regulatory scrutiny.

This website has 1 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

F

Fabi AS

fabi.no

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

A

Aller Media AS

kk.no

0

The website kk.no currently exhibits a critically weak security posture, primarily due to the complete lack of HTTPS encryption and absence of fundamental security headers. Additionally, significant GDPR and NIS2 compliance gaps expose the business to legal, reputational, and operational risks. Immediate remediation is essential to protect user data, maintain regulatory compliance, and safeguard the organization’s digital assets.

The website retailconsult.no currently exhibits significant security and compliance gaps, particularly in data protection and information security governance. While no critical vulnerabilities were found, multiple high and medium risk issues—especially missing security headers, inadequate GDPR compliance, and absence of formal security policies—expose the business to regulatory, reputational, and operational risks. Immediate remediation is advised to strengthen trust, meet legal obligations, and reduce attack surface.

The website retailenergy.no exhibits significant security and compliance gaps, particularly in privacy policies, security governance, and network exposure, placing the business at risk of regulatory penalties and cyber incidents. While SSL/TLS and email security are relatively strong, critical issues such as missing security headers, lack of incident response plans, and exposure of high-risk services like FTP undermine the overall security posture.

The website klimatesten.no demonstrates significant security gaps, particularly in its security headers, GDPR compliance, and adherence to NIS2 requirements, resulting in an overall weak security posture. While network security and SSL/TLS implementations are relatively strong, critical omissions in security policies and privacy measures expose the business to regulatory, reputational, and operational risks. Immediate remediation is necessary to ensure compliance, protect user data, and mitigate potential cyber threats.

Retailgroup.no currently has a concerning security posture with multiple high-risk issues related to missing critical security headers, GDPR non-compliance, and absence of foundational information security policies. Although no critical vulnerabilities were detected, the presence of high-risk exposed services and lack of incident response and security documentation pose significant operational and compliance risks.

The website https://seeyou.no exhibits significant security and compliance gaps that expose the business to potential cyber threats and regulatory penalties. Key deficiencies in security headers, GDPR compliance, and incident response readiness indicate an immature security posture that requires urgent remediation to protect customer data and maintain trust.

The website payex.no exhibits significant security gaps, particularly in web security headers, GDPR compliance, and information security governance, resulting in a concerning overall risk posture despite no critical vulnerabilities identified. These deficiencies expose the business to legal risks, potential data breaches, and reputational damage if not urgently addressed. Immediate remediation efforts are necessary to align with regulatory requirements and industry best practices.

The website https://kundeserviceprisen.no currently exhibits a weak overall security posture, with significant gaps in security headers, GDPR compliance, and information security governance. While network and email security show relatively strong scores, the absence of critical policies and protections exposes the business to regulatory risks and potential cyber threats. Immediate remediation is essential to safeguard customer trust and maintain legal compliance.

The website https://telia.digital exhibits significant security vulnerabilities with critical gaps in security headers, GDPR compliance, and NIS2 framework adherence. Although no critical vulnerabilities were found, multiple high-risk issues such as missing security policies, exposed high-risk services, and lack of privacy and cookie policies place the business at risk of data breaches, regulatory non-compliance, and reputational damage.

The website proresult.no currently exhibits significant security weaknesses, particularly in foundational web security headers, GDPR compliance, and organizational security policies, resulting in a high-risk posture despite the absence of critical vulnerabilities. While network security and DNS health are relatively strong, the overall lack of key protections and documentation exposes the business to regulatory penalties, data breaches, and reputational damage. Immediate remediation is essential to align with industry standards and legal requirements, safeguarding customer trust and operational continuity.