Security Directory

H

Hi Bro

hibro.co

0

Hi Bro is a Turkish digital marketing and creative agency specializing in web design, SEO, social media management, PPC advertising, and production services. The company targets businesses primarily in Kocaeli, Kıbrıs, İstanbul, and Ankara, offering tailored digital solutions with over 15 years of experience. Their website demonstrates a professional design with modern technologies and interactive content, reflecting a mature digital presence. The technical infrastructure includes Bootstrap, jQuery, Google Tag Manager, Facebook Pixel, and Cloudflare DNS, supporting a moderate performance and good mobile optimization. Security posture is adequate with HTTPS and reCAPTCHA usage, but lacks advanced security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. WHOIS data shows domain privacy protection typical for agencies, with domain age consistent with business claims. Overall, the website is functional, professional, and credible but could improve privacy transparency and security practices.

H

Havaş

havas.net

0

Havaş is a well-established Turkish transportation and ground services company, founded in 1999, specializing in airport ground handling, bus services, and cargo warehousing. The website reflects a professional and modern digital presence with a focus on service offerings relevant to airlines, airports, and passengers. The technical infrastructure leverages popular front-end frameworks like Bootstrap and integrates multiple analytics tools such as Google Analytics and Yandex Metrika, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and domain transfer protections in place, but lacks advanced DNS security (DNSSEC) and security headers, which are recommended for enhanced protection. Privacy compliance is weak due to the absence of visible privacy and cookie policies or consent mechanisms, which could pose regulatory risks. Overall, the website is functional and credible but would benefit from improvements in privacy transparency and security hardening.

B

Baklavacı Güllüoğlu

gulluoglu.com

0

Baklavacı Güllüoğlu operates a well-established e-commerce website specializing in traditional Turkish desserts such as baklava, kadayıf, lokum, and chocolates. The company targets consumers interested in authentic Turkish sweets and offers a variety of products with online ordering and delivery options. The website demonstrates a good level of digital maturity with modern technologies including jQuery, Google Tag Manager, Facebook Pixel, and Google Analytics integrated for marketing and analytics purposes. The site is built on the Hipotenus e-commerce platform, indicating a professional infrastructure. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although some HTTP security headers are not explicitly detected. Privacy compliance is robust, with a comprehensive privacy policy and cookie consent banner supporting GDPR requirements. However, the absence of WHOIS data for the domain raises concerns about domain registration transparency, which slightly impacts overall trustworthiness. No evidence of WAF or blocking mechanisms was found, allowing full content accessibility and analysis.

I

INTATI TOUR

iati.com

0

IATI is a well-established online travel platform primarily serving the Turkish market and selected international countries. Founded in 2003, it positions itself as Turkey's largest online travel platform, offering travel booking services and technology solutions. The website is professionally designed with consistent branding and clear navigation, targeting travelers and tourism industry stakeholders. The technical infrastructure leverages common web technologies such as jQuery, Bootstrap, and Google Tag Manager, hosted likely on AWS infrastructure. While the website uses HTTPS and has a long-standing domain, it lacks some advanced security features such as DNSSEC and security headers. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism. Contact information is limited on the main page, which may impact user trust. Overall, the site demonstrates moderate digital maturity with room for security and privacy improvements.

S

SEOPix

seopix.net

0

SEOPix is a Turkish digital marketing agency specializing in conversion-focused services including SEO, Google Ads consultancy, content marketing, web design, and social media management. The company targets businesses in Turkey seeking to enhance their digital presence and customer acquisition through professional marketing strategies. The website demonstrates a mature digital infrastructure with modern technologies such as Bootstrap, jQuery, Owl Carousel, Swiper, Google reCAPTCHA, Google Tag Manager, and Facebook Pixel, indicating a high level of digital maturity and marketing sophistication. Security measures include HTTPS enforcement and CAPTCHA integration on forms, though the absence of security headers and explicit cookie consent mechanisms suggests room for improvement. The WHOIS data is missing or inaccessible, which raises some concerns about domain registration transparency, but the website's professional content and client case studies support its legitimacy. Overall, SEOPix presents a strong market position in the Turkish digital marketing sector with a well-optimized and user-friendly website.

D

DATA HİDROLİK MAKİNA SANAYİ A.Ş.

datahidrolik.com

0

DATA Hidrolik Makina Sanayi A.Ş. is a Turkish company specializing in the design and manufacturing of hydraulic steering systems and deck machinery for maritime vessels since 1945. The company positions itself as a respected and established brand in the marine hydraulic equipment sector, serving a professional maritime audience with a focus on quality and innovation. Their website reflects a professional digital presence with clear product categories, corporate information, and multimedia content to engage visitors. Technically, the website uses modern frameworks such as Bootstrap and jQuery, integrates Google Tag Manager and Facebook Pixel for analytics and marketing, and is mobile optimized with good SEO practices. Security-wise, the site enforces HTTPS and includes CSRF tokens and cookie consent mechanisms, but lacks advanced security headers and published security policies. The absence of WHOIS registration data is a notable concern, impacting domain legitimacy trust. Overall, the website is functional, professional, and compliant with basic privacy regulations, but would benefit from enhanced security transparency and domain registration verification.

Aksa Akrilik Kimya Sanayii is a leading manufacturer specializing in acrylic fibers, holding the position as the world's largest and Turkey's sole producer in this sector. Established in 1971, the company has a strong market presence supported by numerous certifications and awards, reflecting its commitment to quality and sustainability. The website targets industry professionals, investors, and potential employees, providing comprehensive corporate, sustainability, and investor relations information. Technically, the website employs a modern tech stack including Bootstrap, jQuery, and FontAwesome, hosted on Microsoft Azure DNS infrastructure. The site is mobile-optimized with good navigation and content quality, although some accessibility features are basic. Analytics tools such as Google Analytics and Google Tag Manager are used for user tracking at a moderate level. From a security perspective, the site uses HTTPS and domain locking mechanisms but lacks explicit security headers and a cookie consent mechanism, which are areas for improvement. No critical vulnerabilities or blocking mechanisms were detected, indicating a generally secure posture. Overall, the website is professional and trustworthy, with a well-established domain and consistent WHOIS data. Strategic recommendations include enhancing privacy compliance with cookie consent, implementing security headers, and publishing incident response and vulnerability disclosure policies to strengthen security and compliance posture.

S

SUNSEEKER TURKEY

sunseekerturkey.com

0

Sunseeker Turkey represents a luxury motor yacht brand targeting affluent customers interested in high-end marine vessels. The website showcases the brand's commitment to design and engineering excellence, positioning itself as a leading distributor in Turkey. The technical infrastructure is modern, leveraging React and Next.js frameworks, with integration of Google Tag Manager and OneTrust for analytics and cookie consent respectively. The site is mobile optimized and provides a professional user experience with clear navigation and branding consistency. However, the absence of WHOIS registration data raises concerns about domain legitimacy, which impacts overall trustworthiness. Security posture is adequate with HTTPS enforced but lacks comprehensive security headers and explicit security policies. Privacy compliance is partial, with cookie consent present but no visible privacy or terms of service pages. Contact information is available primarily via phone and social media channels, but no verified company emails were found. Overall, the website is functional and professional but requires improvements in domain legitimacy verification, privacy policy transparency, and security best practices to enhance trust and compliance.

B

Bahçeşehir Üniversitesi

applybau.com

0

ApplyBAU is an educational platform operated by Bahçeşehir University, providing a unique university admission and scholarship system that considers personal talents and projects beyond traditional exam scores. The platform targets prospective students in Turkey and has been operational since 2013, positioning itself as a pioneering admission model in the region. The website is professionally designed, mobile optimized, and integrates multiple social media channels and video content to engage its audience. Technically, the site uses a modern tech stack including Bootstrap, jQuery, and various analytics and marketing tools such as Google Analytics, Facebook Pixel, TikTok Pixel, Hotjar, and Microsoft Clarity. Hosting and DNS are managed via Cloudflare, enhancing performance and security. Security posture is adequate with HTTPS enforced and domain transfer protections, but lacks visible security headers and explicit privacy or cookie policies, which are critical for compliance and user trust. The WHOIS data confirms domain legitimacy and consistency with the business history. Overall, the site is functional and credible but would benefit from enhanced privacy compliance and security best practices.

B

Bahçeşehir Üniversitesi Kuluçka Merkezi

bau-hub.com

0

BAU Hub is a technology startup incubation center affiliated with Bahçeşehir University, established in 2021. It focuses on accelerating early-stage and fast-growing startups primarily in the gaming, education, and deep technology sectors. The center offers tailored incubation programs, mentorship, office infrastructure, and access to funding and business networks. The website is professionally designed using WordPress and Elementor, with a moderate performance profile and good mobile optimization. Security posture is adequate with HTTPS and Cloudflare DNS but lacks advanced security headers and published security policies. Privacy compliance is weak due to missing privacy and cookie policies. Contact information is comprehensive, including email, physical addresses, and contact forms. The domain registration is transparent and consistent with the business identity, enhancing trustworthiness.

B

BAU Global

bauglobal.com

0

BAU Global is a well-established international education network founded in 2014, offering a broad range of academic programs through its universities, liaison offices, language schools, and K12 institutions. The website reflects a mature digital presence with a clear focus on education and cultural exchange, targeting students and academic professionals worldwide. Technically, the site leverages WordPress CMS with modern JavaScript libraries and integrates Google Analytics for user insights. Security posture is adequate with HTTPS and some security headers, though improvements such as DNSSEC and CSP are recommended. Privacy compliance is addressed with visible policies and consent mechanisms. Overall, the site demonstrates a strong business credibility and trustworthy domain registration, supporting its position in the education sector.

A

Alantron Bilisim Ltd.

alantron.com

0

Alantron Bilisim Ltd. is a well-established Turkish technology company specializing in domain registration, web hosting, VPS, dedicated servers, email hosting, and SSL certificate services. Founded in 2003, it holds the distinction of being Turkey's first ICANN accredited domain registrar, positioning itself as a trusted local provider with over 20 years of industry experience. The company targets businesses and individuals in Turkey seeking comprehensive internet infrastructure services. Technically, the website employs modern web technologies including Bootstrap, jQuery, and GSAP for animations, offering a responsive and user-friendly experience. However, some technical improvements could enhance performance and security. Security posture is moderate; while HTTPS is implied and basic form security is implemented, the absence of key security headers and anti-CSRF protections suggests room for improvement. Privacy compliance is weak, with no visible privacy or cookie policies, which could pose regulatory risks. Overall, the domain registration details align well with the company's claims, reinforcing legitimacy and trustworthiness.

İGA İstanbul Havalimanı operates one of the world's largest and busiest airports, providing comprehensive airport management, cargo logistics, commercial leasing, and career development services. The website reflects a mature enterprise with a strong market position in the transportation sector, targeting passengers, business partners, and job seekers. Technically, the site uses modern web technologies including Google Tag Manager, YouTube API, and cookie consent tools, delivering a responsive and well-structured user experience. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. No critical vulnerabilities or exposed sensitive data were found. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, though explicit terms of service and security policy pages are absent.

Bahçeşehir Üniversitesi is a prominent private higher education institution based in Turkey, offering a wide range of undergraduate and graduate programs, research centers, and international academic collaborations. The university positions itself as a global university with campuses and partnerships across multiple countries. The website reflects a mature digital presence with a professional design, clear navigation, and mobile optimization, supporting a large and diverse audience including students, academics, and international stakeholders. Technically, the site employs modern frameworks such as Bootstrap and integrates advanced analytics and tracking tools like Google Analytics and Facebook Pixel, indicating a data-driven approach to user engagement and marketing. Security posture is strong with HTTPS enforcement and standard security practices, although there is room for improvement in publicly disclosing privacy and cookie policies as well as security policies. Overall, the domain registration and WHOIS data align well with the university's claims, supporting its legitimacy and trustworthiness.

Akbank T.A.Ş. is a leading Turkish bank offering a wide range of financial services including retail and corporate banking, digital banking, loans, investments, insurance, and payment services. The website is professionally designed, mobile-optimized, and provides comprehensive content and interactive tools such as loan calculators and market data. Technically, the site is built on Microsoft SharePoint with modern JavaScript libraries and integrates analytics and marketing tools like Google Analytics, Google Tag Manager, Adjust, and Dataroid. Security posture is strong with HTTPS enforced, secure forms, and no visible vulnerabilities, although explicit security policies and incident response contacts are not found. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. WHOIS data confirms the legitimacy and consistency of the domain with the business entity. Overall, the site demonstrates a mature digital presence with high trustworthiness and professionalism.

T

Turistik Hava Taşımacılık A.Ş.

corendon-airlines.com

0

Corendon Airlines is a well-established Turkish airline founded in 2004, providing affordable flight tickets and holiday services primarily targeting leisure travelers in Europe and Turkey. The company holds multiple industry certifications including IATA and IOSA, reflecting a strong market position and commitment to quality and safety. Their website offers comprehensive services including flight booking, online check-in, additional services like baggage and seat selection, group bookings, and partnerships for car hire and hotels. The digital infrastructure is modern, utilizing popular JavaScript libraries and marketing tools, with good mobile optimization and user experience. Security measures include HTTPS, reCAPTCHA, and use of security-conscious script loading, though additional security headers could enhance protection. The site is fully accessible without WAF or blocking mechanisms, indicating reliable availability. Overall, the website and business demonstrate high professionalism, trustworthiness, and compliance with privacy regulations.

S

Sermaye Piyasası Kurulu

spk.gov.tr

0

Sermaye Piyasası Kurulu (SPK) is the official Capital Markets Board of Turkey, serving as the primary regulatory authority overseeing capital markets, investment firms, and financial instruments within the country. The website provides comprehensive information and services targeted at investors, companies, and financial institutions, including regulatory frameworks, bulletins, licensing exams, and investor education. The site is well-branded, consistent, and professionally maintained, reflecting its authoritative government status. Technically, the website employs modern web technologies such as HTML5, CSS3, JavaScript libraries including Swiper.js for carousels and Tobii.js for lightbox functionality, and integrates Google Fonts and Google Tag Manager for analytics. The site is mobile-optimized with good navigation and SEO practices, although accessibility features could be enhanced. From a security perspective, the site enforces HTTPS with an excellent SSL configuration and follows best practices like opening external links in new tabs and avoiding exposed sensitive data. However, it lacks explicit security policies, incident response contacts, and a cookie consent mechanism, which are areas for improvement to enhance compliance and user trust. Overall, the website is a credible and authoritative source for capital market regulation in Turkey, with a strong business credibility score and good technical implementation. Strategic recommendations include adding privacy and security policy pages, implementing cookie consent, and enhancing accessibility and security headers to further strengthen the site's security posture and compliance.

E

EEistanbul

ee-istanbul.com

0

EE Istanbul is a medium-sized company specializing in project management, design, and consultancy services within the construction and real estate sectors. Their portfolio includes office buildings, retail stores, industrial facilities, and renovation projects primarily in Turkey. The website showcases a variety of completed projects and notable clients, indicating a solid market presence. Technically, the website uses a traditional tech stack including jQuery, Bootstrap, and ASP.NET MVC, with moderate performance and good mobile optimization. However, the absence of HTTPS and security headers significantly weakens the security posture. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the website is functional and professional but requires urgent security and compliance improvements.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

E

Eti

etietieti.com

0

Eti is a well-established Turkish food manufacturing company with a strong market presence and a diverse product portfolio including biscuits, chocolates, and health-oriented food products. The website serves as a comprehensive corporate portal providing product information, recipes, corporate governance details, career opportunities, and social responsibility initiatives. The site targets consumers interested in quality food products and healthy nutrition, leveraging a consistent brand identity and multiple language options for international reach. Technically, the website is built on ASP.NET WebForms and uses modern JavaScript libraries for UI enhancements. However, performance metrics are lacking and the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts user trust and security posture. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Social media integration and partner links enhance the brand's digital ecosystem. Overall, Eti's website is professional and content-rich but requires urgent security improvements to meet modern standards.

The website atlas.net.tr is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page, which blocks direct access to the site's content. This prevents a full assessment of the business, its services, and compliance posture. The domain is registered in Turkey and uses Cloudflare for DNS and protection, but lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. No privacy, cookie, or terms of service policies are detectable, and no contact information is available on the landing page. The technical infrastructure relies on Cloudflare, but the absence of modern TLS protocols and security best practices reduces the security posture significantly. Overall, the site exhibits minimal content and poor user experience due to the blocking mechanism.

D

DenizBank A.Ş.

denizbank.com

0

DenizBank A.Ş. is a large Turkish financial institution offering a broad range of banking services including retail, corporate, and specialized banking sectors. The website reflects a mature digital presence with comprehensive service offerings, detailed legal disclosures, and strong branding consistency. The bank targets both individual and business customers with tailored products and digital banking solutions. The site includes rich content, interactive calculators, and marketing campaigns, indicating a well-developed digital marketing strategy. Technically, the website uses modern JavaScript frameworks and integrates third-party marketing and analytics tools such as Google Tag Manager and Adjust. However, performance metrics indicate slow loading times, and the SSL/TLS configuration is critically flawed with an invalid certificate and no TLS protocols enabled, posing significant security risks. Security posture is moderate with good use of security headers but undermined by the lack of valid SSL and TLS support. Privacy compliance is strong with detailed privacy policies and data protection disclosures, including a dedicated KVKK (Turkish data protection law) section. Contact information is clearly presented, enhancing business credibility. Overall, while the business and content aspects are strong, the critical SSL issues represent a major risk that must be addressed immediately to protect user data and maintain trust.

The website represents the Türkiye-EU Business Dialogue II (TEBD II), an EU-funded project implemented by Eurochambres to foster cooperation between Turkish and European chambers of commerce. The project focuses on capacity building, business dialogues, and grant schemes to support integration and awareness of Türkiye's potential EU accession. The website is currently under maintenance, providing visitors with contact information and social media links for updates. Technically, the site uses modern frontend technologies such as Tailwind CSS and Lucide icons but suffers from slow load times and lacks a valid SSL certificate, resulting in insecure HTTP access. Security posture is weak due to the absence of HTTPS, security headers, and modern TLS protocols. No privacy or cookie policies are present, indicating poor privacy compliance. Business credibility is moderate, supported by official EU funding logos and a professional maintenance notice. Overall, the site requires urgent security improvements and policy implementations to enhance trust and compliance.

T

Tur Assist

turassist.com

0

The website's overall security posture is critically weak, with multiple severe vulnerabilities primarily due to the absence of HTTPS encryption and inadequate security headers. The lack of HTTPS not only exposes sensitive data in transit but also results in non-compliance with GDPR and NIS2 regulations, posing significant legal and reputational risks. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to cross-site scripting and clickjacking attacks. Additionally, the absence of a privacy policy, cookie policy, and consent mechanisms indicates poor GDPR adherence, further risking regulatory penalties. The organization lacks foundational information security documentation, incident response procedures, and business continuity planning, undermining its ability to effectively manage and recover from security incidents. While email and network security appear strong, these do not compensate for the critical gaps in web and data protection. Immediate remediation is essential to protect customer data, maintain trust, and ensure compliance with legal frameworks. Overall, the current security posture exposes the business to high risk of data breaches, regulatory fines, and operational disruptions.