Security Directory

S

SHT Haustechnik GmbH

sht-gruppe.at

0

SHT Haustechnik GmbH is a leading Austrian wholesaler specializing in sanitary, heating, installation, and electrical products, serving primarily professional installers and industry partners. The company operates a comprehensive digital presence including a WordPress-based website, an online shop (sht.at), and regional offices across Austria, positioning itself as the market leader in the haustechnik sector. The website content is well-structured, professionally designed, and includes customer testimonials and partner logos, reinforcing trust and credibility. Technically, the site uses a modern WordPress stack with PHP 8.1 and React components, but lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. Privacy compliance is addressed with a cookie consent mechanism and clear privacy and terms of service pages. However, the absence of HTTPS and security headers significantly undermines the security posture. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, and enhancing security headers and policies to protect user data and improve trust.

Schrack Technik GmbH is a well-established Austrian company founded in 1920, specializing in the distribution and provision of electrical products and solutions across energy technology, building technology, industrial applications, networking, and lighting. The company operates a comprehensive online shop and physical stores, targeting electricians and industrial clients primarily in Austria and Central/Eastern Europe. Their market position is strong, supported by a broad product portfolio and personal customer service. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates a consent management platform for privacy compliance. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical vulnerability. Privacy and cookie policies are well implemented, and the site shows good business credibility with ISO certification and trust marks. Overall, the website is professional and content-rich but requires urgent security improvements.

I

ICB Engineering GmbH

icb-engineering.at

0

ICB Engineering GmbH is a small Austrian engineering firm specializing in energy and process plant engineering, offering services such as pre-engineering, process design, and project management. The company emphasizes quality and environmental responsibility, holding ISO 9001 and ISO 14001 certifications. Their website is professionally designed using WordPress and common plugins, targeting industrial clients and engineering professionals. However, the absence of HTTPS is a critical security flaw that undermines trust and data protection. The site includes cookie consent mechanisms but lacks explicit privacy policy and incident response disclosures. Overall, the company presents a credible business with moderate digital maturity but requires urgent security improvements.

H

HOERBIGER

hoerbiger.com

0

HOERBIGER is a large industrial company specializing in emissions solutions and performance-defining components across sectors such as energy, automotive, and hydrogen industries. The company holds a strong market position as a world leader in compression and rotary unions, providing innovative products and services aimed at increasing efficiency, safety, and sustainability. The website reflects a professional and well-branded digital presence, leveraging modern technologies such as Neos CMS and Flow Framework, with multimedia content and clear navigation tailored for industrial clients and partners. Technically, the website employs advanced content security policies, privacy compliance tools like Cookiebot, and analytics via Matomo, indicating a mature digital infrastructure. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which severely impacts the site's security posture and user trust. Other security headers are well implemented, but the lack of encryption exposes users to potential risks. Overall, the security posture is weak due to missing HTTPS, but privacy compliance and business credibility are strong. The site is accessible without WAF or blocking mechanisms, allowing full content analysis. Strategic improvements in SSL deployment and enhanced security practices are essential to elevate the site's trustworthiness and compliance. The risk assessment highlights the urgent need for SSL certificate installation and enabling HTTPS to protect data integrity and confidentiality. The company should also consider publishing vulnerability disclosure policies and incident response contacts to further strengthen security culture and transparency.

A

ATMOsphere

shecco.com

0

ATMOsphere is a specialized business focused on accelerating the clean cooling and heating economy by providing market intelligence, training, conferences, and a marketplace for natural refrigerants. The company positions itself as a key enabler for stakeholders in the sustainable cooling sector, offering comprehensive reports, labels, and educational resources. The website is professionally designed using WordPress with Elementor and WooCommerce, demonstrating a mature digital presence with good SEO and structured data implementation. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. Security headers are partially implemented, but critical TLS protocols and encryption are missing, exposing the site to potential risks. Privacy compliance is minimal, with no visible privacy or cookie policies, and contact information is limited to a contact form without direct emails or phone numbers. Overall, the site is credible and professional but requires urgent security and privacy improvements to meet modern standards.

BWF Envirotec, a subsidiary of the BWF Group, is a global leader in industrial filtration solutions, specializing in manufacturing industrial filters, needle felt roll goods, and providing comprehensive services for filter houses. The company targets industrial sectors requiring air pollution control and sustainability solutions. Their website is professionally designed, content-rich, and supports multiple languages, reflecting a mature digital presence. Technically, the site runs on TYPO3 CMS with PHP backend and is hosted on Schlundtech servers. However, a critical security gap exists as the website lacks HTTPS, exposing users to potential risks. Security headers are partially implemented, and no incident response or vulnerability disclosure information is found. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business demonstrates strong credibility and trust indicators but must urgently address the lack of SSL to improve security posture and user trust.

T

Toode

toode.ee

0

Toode AS is an established Estonian company specializing in roofing materials, rainwater systems, and roofing accessories, with a history dating back to 1991. The company serves the Baltic region with a medium-sized business model that includes manufacturing, retail, and e-commerce components. Their website reflects a consistent brand presence and targets customers seeking quality roofing solutions. Technically, the site is built on WordPress with a variety of plugins and third-party integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of security headers, and no advanced TLS configurations. Privacy compliance is basic with a privacy policy and cookie consent mechanism present but could be enhanced. Overall, the domain and WHOIS data confirm the legitimacy and maturity of the business. Strategic improvements in security and performance are recommended to enhance trust and compliance.

I

IFE, Institute for Energy Technology

ife.no

0

IFE, Institute for Energy Technology, is a Norwegian research institute specializing in energy and nuclear technology. The organization focuses on research and development, innovation, and managing technology properties, serving researchers, industry partners, and students. The website reflects a medium-sized, established entity with ISO certifications and a clear presence in the energy sector. Technically, the site is built on WordPress with modern SEO and cookie consent implementations but suffers from slow performance and lacks a valid SSL certificate, which impacts security. The security posture is basic with HSTS enabled but missing critical SSL configurations and OCSP stapling. Privacy compliance is strong with GDPR-aligned cookie consent and a comprehensive privacy policy. Contact information and social media presence enhance business credibility. Overall, the site is professional but requires improvements in security and performance to enhance trust and user experience.

N

NORIN

norin.no

0

NORIN is a Norwegian research alliance comprising three prominent institutes: IFE, NIVA, and NILU. The alliance focuses on advancing research in energy, environment, climate, digitalization, and societal security. The website presents a professional and consistent brand image, targeting stakeholders in research, policy, and environmental sectors. Technically, the site is built on WordPress with Elementor and several plugins, hosted likely by ProISP. However, the site lacks a valid SSL certificate, resulting in HTTP-only access, which is a significant security concern. The cookie consent mechanism is implemented and appears GDPR compliant, but no privacy policy or terms of service are found, which may affect compliance and user trust. Security headers are missing, and performance is slow with a high load time and large page size. Overall, the site is functional and informative but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Truckee Donner Public Utility District is a public utility organization providing electric and water services to the Truckee, California community. The website reflects a medium-sized regional utility with a focus on sustainability, customer service, and community engagement. It offers various services including outage alerts, rebates, and conservation programs. The site is built on Vision CMS with AngularJS and jQuery, integrating modern web technologies but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is weak due to missing HTTPS, lack of security headers, and no cookie consent mechanism, which are critical for compliance and user data protection. Business credibility is strong with clear contact information, social media presence, and recognized awards for transparency and financial reporting. Overall, the site is functional and informative but requires urgent security improvements to protect users and comply with best practices.

A

Acteon Group Operations (UK) Limited

utecsurvey.com

0

UTEC, a brand under Acteon Group Operations (UK) Limited, is a mature and established provider of survey, inspection, and data management services primarily serving the energy sector globally. The website presents comprehensive business information, showcasing a wide range of geo-services and leveraging advanced technologies to meet client needs. The digital infrastructure is built on WordPress with integrations of multiple marketing and analytics tools, reflecting a moderate level of digital maturity. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines its security posture. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms in place. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

P

phs Compliance Limited

phscompliance.co.uk

0

phs Compliance Limited is a well-established UK-based company specializing in statutory electrical and fire safety testing and remedial services. With a large workforce and nationwide coverage, it holds a leading market position in the energy and facilities management sectors. The company offers a broad range of compliance and maintenance services, including electrical inspections, mechanical maintenance, fire and security projects, and electric vehicle charging solutions. Their website reflects a professional business model targeting commercial and public sector clients across the UK. Technically, the website employs modern web technologies such as Google Tag Manager, Bootstrap, and a CMS platform (DuoCMS). However, performance is hindered by slow load times and a large page size. Mobile optimization and SEO are adequately addressed, but accessibility is basic. The site lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. No security headers or incident response policies are publicly available, indicating gaps in security posture. Security-wise, the absence of HTTPS and security headers significantly lowers the site's security score. While no active vulnerabilities or WAF blocks are detected, the lack of encryption exposes users to risks. Privacy compliance is moderate, with cookie consent implemented and GDPR policies present, but tracking scripts raise privacy considerations. Business credibility is strong, supported by clear contact information, accreditations, and consistent branding. Overall, the website is functional and professional but requires urgent security improvements, especially SSL implementation, to protect users and enhance trust. Strategic recommendations include enabling HTTPS, adding security headers, publishing security policies, and optimizing performance to improve user experience and compliance.

Store Norske Spitsbergen Kulkompani AS is a historic Norwegian company with over 100 years of industrial activity in the Arctic region, primarily focused on coal mining, real estate, logistics, and energy production including renewable energy initiatives. The company maintains a strong local presence in Longyearbyen, Svalbard, and serves a diverse audience including industry partners, local residents, and tourists. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site uses modern frameworks such as Nuxt.js and Craft CMS, hosted on DigitalOcean, but suffers from slow performance and lacks HTTPS, which is a critical security concern. Security posture is weak due to absence of SSL/TLS, security headers, and modern protocols. Privacy compliance is good with a clear cookie consent mechanism and a comprehensive privacy policy. Contact information and social media presence are clearly provided, enhancing business credibility. The domain is very recently registered, which is inconsistent with the company's long history, suggesting a recent domain acquisition or migration. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance trust.

EnergyEfficiency4SMEs is an EU co-funded project coordinated by Eurochambres, focused on increasing energy efficiency uptake in SMEs across sectors such as Accommodation and Food services, Agri-food, and Metalwork. The project delivers capacity building, energy audits, financial guidance, and scoping studies to support SMEs in improving energy efficiency. The website is built on WordPress using the OceanWP theme and Elementor, featuring a moderate level of technical maturity but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Contact information and partner logos are clearly presented, enhancing business credibility. However, the absence of HTTPS and security headers exposes the site to risks and undermines user trust.

The Energy Efficiency 4 HORECA website represents a European Union co-funded project focused on promoting energy efficiency and renewable energy adoption within the HORECA sector. The project is coordinated by Eurochambres, a Brussels-based organization, and offers capacity building, expert assistance, and funding guidance to companies in the hospitality and catering industries. The website is built on WordPress using the OceanWP theme and Elementor page builder, featuring a professional design and clear navigation. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines user trust and data security. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site provides valuable content and services but requires urgent security improvements to meet modern standards.

E

EU Business Hub

eubusinesshub.eu

0

The EU Business Hub website serves as an EU-funded platform supporting European companies in the green, digital, and healthcare sectors to access the markets of Japan and the Republic of Korea. It offers business missions, coaching, networking, and logistical support to facilitate market entry and partnerships. The site is built on Drupal 10 and uses modern web technologies including Matomo for analytics. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear cookie policies and consent mechanisms. The business model is credible and well-aligned with EU initiatives, but contact information is limited to web forms without direct emails or phone numbers.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including transformers, reactors, and power controllers. The company targets industrial sectors such as energy, transportation, and medical technology, emphasizing sustainability and technological innovation. Their website is multilingual and professionally designed, supporting a global B2B audience. Technically, the website is built on WordPress with Elementor and several plugins for SEO and multilingual support, hosted on kasserver.com. However, the site lacks a valid SSL certificate and HTTPS support, representing a critical security vulnerability. While privacy and legal documents are linked, no cookie consent mechanism is present, which may affect GDPR compliance. Social media presence and clear contact information enhance business credibility. Overall, the site is functional and content-rich but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacture and supply of electromagnetic compatibility components, chokes, transformers, and resistors primarily for industrial and energy sectors. The company emphasizes innovation and sustainability in its product offerings and maintains a global presence with multiple language-specific websites. The website is built on WordPress using Elementor and Yoast SEO, indicating a modern CMS approach with SEO optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. While contact information and legal pages are well presented, the lack of cookie consent mechanisms and security policies indicates partial privacy compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including EMV components, transformers, power controllers, and vibratory conveyor technology. The company targets industrial clients globally, emphasizing sustainability and technological innovation. Their website is built on WordPress with Elementor and optimized for Spanish-speaking markets, reflecting a multilingual corporate presence. Technically, the site uses modern CMS and SEO tools but lacks a valid SSL certificate, resulting in an insecure HTTP-only connection. Security posture is weak due to missing HTTPS, lack of security headers, and no domain protection locks. Privacy compliance is moderate with a clear privacy policy but no cookie consent mechanism. Contact information and social media presence are well established, supporting business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

REO ITALIA S.r.l. is a medium-sized Italian company specializing in the production and supply of inductive, resistive, and electronic components, serving industrial and energy sectors globally. The company emphasizes sustainability and offers customized product development, training, repair, and technical support services. The website is built on WordPress with WooCommerce and multilingual support, providing a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability that undermines user trust and data protection. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the business presents a credible and professional digital presence but must urgently address its security posture to protect users and comply with best practices.

D

Detas SpA

evchargers.it

0

Detas SpA operates the EVchargers division, providing a comprehensive range of electric vehicle charging solutions tailored for private users, businesses, and public infrastructures in Italy. Their offerings include WallBox home chargers, commercial charging stations, ultra-fast chargers, and complementary software platforms for mobile and desktop management. The company holds ISO9001 and ISO14001 certifications, indicating a commitment to quality and environmental standards, and serves notable clients such as Esselunga and Pirelli, positioning itself as a reputable player in the energy and transportation sectors. Technically, the website is built on a modern stack leveraging Webflow CMS, Cloudflare CDN, Weglot for multilingual support, and Plausible Analytics for privacy-conscious user tracking. The site demonstrates good design quality, mobile optimization, and SEO practices. However, performance metrics are unavailable, and accessibility is basic. From a security perspective, the site suffers from critical issues including the absence of a valid SSL certificate and HTTPS support, lack of TLS protocol enablement, and missing security headers like HSTS. While some security best practices are partially implemented (e.g., secure cookies), the overall security posture is weak, exposing users and the business to potential risks. Privacy compliance is adequate with visible privacy and cookie policies and GDPR adherence. Overall, the website presents a professional business front with solid content and branding but requires urgent security improvements to protect data integrity and user trust. Strategic enhancements in SSL deployment, security headers, and incident response transparency are recommended to elevate the security maturity and compliance posture.

D

Detas SpA - Divisione Dleds

dleds.com

0

Detas SpA - Divisione Dleds is an Italian company specializing in the design and manufacture of advanced LED lighting solutions for street, industrial, office, and school environments. The company holds ISO9001 and ISO14001 certifications, indicating a commitment to quality and environmental management. Their website reflects a professional presence with clear product categories, technical resources, and multilingual support via Weglot, targeting business and public sector clients in the energy and transportation sectors. Technically, the website is built on Webflow, uses Cloudflare for hosting and CDN, and integrates modern web fonts and analytics tools. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. Privacy policies are present but lack a cookie consent mechanism, and no incident response or vulnerability disclosure information is provided. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

G

Green & Durable Group

greenanddurablegroup.com

0

Green & Durable Group is a Belgian-based company specializing in sustainable energy solutions for both private individuals and businesses. Their business model focuses on wholesale distribution of solar and storage systems alongside installation services for energy-saving systems. The company positions itself as a leader in the green energy sector with ambitions to expand pan-Europe and achieve significant revenue growth. The website is professionally designed, multilingual, and provides clear contact information and privacy compliance via Iubenda. Technically, the site uses Google Tag Manager and Google Fonts, hosted on Combell infrastructure. However, a critical security weakness is the absence of a valid SSL certificate and lack of HTTPS support, which severely impacts the security posture. Privacy compliance is strong with a comprehensive cookie and privacy policy and consent mechanism. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and trust.

A

Alpiq Holding Ltd.

alpiq.com

0

Alpiq Holding Ltd. is a leading Swiss electricity producer and energy service provider operating across Europe. The company focuses on electricity generation, energy trading, and renewable energy management, positioning itself as a key player in the energy sector with a large operational footprint and multiple subsidiaries in European countries. The website reflects a mature and professional business with comprehensive content and clear branding. Technically, the site is built on TYPO3 CMS and hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of security headers, and no modern TLS protocols enabled. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism implemented via OneTrust. Overall, the website is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

P

Petroliam Nasional Berhad (PETRONAS)

petronas.com

0

PETRONAS is a leading Malaysian national oil and gas company with a strong global presence and diversified energy portfolio. The website reflects a mature enterprise with comprehensive information on its business units, sustainability initiatives, investor relations, and corporate governance. The technical infrastructure is modern, leveraging Drupal 9 CMS, Algolia search, and Azure hosting, with good mobile optimization and SEO practices. However, the security posture is critically weakened by the absence of a valid SSL certificate and HTTPS support, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to improve security and user confidence.

C

Cotes

cotes.com

0

Cotes is a Denmark-based company specializing in tailor-made adsorption dehumidifiers and humidity management solutions primarily for industrial sectors such as wind energy, battery manufacturing, building drying, and food & beverage production. The company holds a strong market position with significant global offshore wind turbine market share and partnerships including UNICEF. Their website is professionally designed, leveraging HubSpot CMS and modern marketing tools, with clear navigation and multilingual support. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue that undermines user trust and data security. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Contact information and social media presence are clearly provided, enhancing business credibility.

Energreen is a mature Belgian company specializing in high-quality, sustainable energy solutions including solar panels, home batteries, electric vehicle charging stations, heat pumps, and intelligent energy management systems. The company positions itself as a comprehensive provider for both residential and commercial customers, emphasizing energy independence and cost reduction. The website is built on modern technologies such as Next.js and React, hosted on AWS Cloudfront, and integrates multiple analytics and marketing tools with user consent mechanisms. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. The company provides clear contact information and maintains comprehensive privacy and cookie policies, supporting GDPR compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

The website for gruppohera.it is currently inaccessible due to a CloudFront 403 error page blocking access, which prevents retrieval of any meaningful content or metadata. The domain is registered and consistent with an Italian energy sector business, but the lack of a valid SSL certificate and HTTPS support severely impacts the security posture. Additionally, a DNS subdomain takeover vulnerability was detected on the ftp subdomain, posing a risk of unauthorized control. The technical infrastructure relies on Amazon CloudFront for content delivery but is misconfigured, resulting in blocked access and poor performance. Overall, the site exhibits critical security and accessibility issues that must be addressed to restore trust and functionality.

Istabai Ltd operates a smart heating system business focused on providing homeowners with remote heating control, home security features, and energy-saving automation. The company targets environmentally conscious consumers seeking convenience and cost savings through smart home technology. The website presents a professional and consistent brand image with clear product offerings and starter kits. However, the technical infrastructure shows signs of aging with AngularJS and jQuery usage, and the lack of a valid SSL certificate significantly undermines security and user trust. Advertising and analytics tools are integrated, but privacy compliance is lacking due to missing privacy and cookie policies. Overall, the business appears legitimate and established in Latvia with a niche market position in smart home energy solutions.

O

Onninen Oy

onninen.com

0

Onninen Oy is a large technical wholesale company specializing in HEPAC, electrical, refrigeration, and energy products. It serves contractors, industry, infrastructure builders, and retail dealers primarily in Finland and several other European countries through a network of physical stores and electronic channels. The company is part of the K Group, a significant player in building and technical trade with substantial international presence. Technically, the website is built using modern frontend technologies such as React and Next.js and uses Google Tag Manager for analytics. However, the website suffers from a lack of a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The site also lacks privacy and cookie policies, security headers, and other best practices, which impacts its security posture and privacy compliance negatively. Performance is slow, but mobile optimization and content quality are good, with clear business information and consistent branding. Overall, the website is functional but requires urgent improvements in security and privacy compliance to meet modern standards.

K

Kesko Oyj

k-lataus.fi

0

K-Lataus is a nationwide electric vehicle charging network operated under Kesko Oyj and its subsidiary K-Auto. The service offers a comprehensive network of charging stations across Finland, including basic, fast, and high-power charging options, all powered by renewable energy, primarily domestic wind power. The platform supports both private and corporate customers with features such as mobile applications, RFID tags, and corporate accounts. The website provides extensive content including news, instructions, pricing, and customer support, reflecting a mature and customer-focused business model. Technically, the website is built on Microsoft IIS with ASP.NET backend, uses Contentful CMS for content management, and employs modern JavaScript libraries such as jQuery and lazy loading for images. The site is hosted on Elisa's infrastructure with CDN usage for assets. However, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a significant security concern. DNS configuration lacks DNSSEC and CAA records, and security headers and best practices are minimal. Security posture is weak due to missing HTTPS and related protections, although no active vulnerabilities like Heartbleed or POODLE were detected. Privacy compliance is good with clear privacy and cookie policies, GDPR adherence, and strong DMARC email policies. Business credibility is high with clear company information, extensive content, and active customer engagement. Overall, while the business and content quality are excellent, the lack of HTTPS and modern security configurations significantly lowers the security score and overall risk posture. Addressing these security gaps is critical to protect user data and maintain trust.

N

Neste

neste.fi

0

Neste is a leading Finnish energy company specializing in renewable fuels, heating oils, and transportation services. The website targets private consumers and businesses in Finland, offering a broad range of services including fuel retail, electric vehicle charging, car washes, and customer loyalty programs. The company maintains a strong market position with a comprehensive service station network and a focus on sustainability. Technically, the website is built on modern frameworks such as React and Next.js, hosted on Microsoft Azure, and employs advanced cookie consent and optimization tools. However, the SSL certificate is currently invalid or missing, which impacts the security posture. Security headers are well implemented, but improvements in SSL and TLS configurations are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the website is professional, user-friendly, and trustworthy, but addressing SSL issues is critical to enhance security and user trust.

O

Onninen Oy

onninen.fi

0

Onninen Oy is a leading Finnish technical wholesaler specializing in HVAC, electrical, refrigeration, and energy products. The company serves professional customers through a comprehensive e-commerce platform and a nationwide network of Express stores. Onninen emphasizes energy efficiency and sustainability, offering a broad range of products including solar panels, heat pumps, and smart home solutions. Their digital maturity is evident with integrated services such as mobile apps, procurement system interfaces, and extensive product information. Security posture is strong with HTTPS, HSTS, CSP, and secure cookie practices. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Onninen presents a professional, trustworthy, and well-structured platform supporting its business operations and customer engagement.

S

Safran

safran.com

0

Safran is a UK-based medium-sized company specializing in project management software and risk analytics solutions, serving industries such as energy, aerospace, defense, and construction. Positioned as a global leader, Safran offers integrated tools for project planning, risk management, and execution, supported by professional services including consulting, training, and partner services. The website is professionally designed, content-rich, and targets project managers and risk professionals. Technically, the site is built on HubSpot CMS with multiple modern JavaScript libraries and integrates various analytics and marketing tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which critically impacts HTTPS security. Privacy policies and terms of service are present and comprehensive, but no cookie consent mechanism is detected. Social media presence and customer testimonials enhance business credibility. Overall, the site is functional and professional but requires urgent SSL/TLS remediation to improve security and trust.

R

Red Bull

redbullmusicstudios.com

0

Red Bull Music Studios operates a global network of creative recording studios designed to support artists and producers with state-of-the-art equipment and facilities. The website reflects a professional and consistent brand presence aligned with the larger Red Bull corporate identity. It targets artists worldwide, providing studio spaces in key cities such as Los Angeles, Paris, and Berlin. The business model focuses on offering creative environments rather than direct product sales. Technically, the site is hosted on Amazon AWS infrastructure with valid SSL encryption and uses modern web technologies including JavaScript and CSS. Performance is moderate with room for optimization. Security posture is adequate with valid SSL and strict SPF records, but lacks advanced HTTP security headers and DNSSEC. Privacy compliance is strong, featuring a comprehensive privacy policy and cookie consent mechanism via OneTrust. Overall, the site is trustworthy and professionally maintained, though security enhancements are recommended.

T

TÜV NORD GROUP

hydrohub.de

0

HydroHub is a specialized consulting and engineering center focused on hydrogen technology and infrastructure, operating as an initiative within the TÜV NORD GROUP. The website presents a professional and comprehensive overview of their services, targeting manufacturers, grid and storage operators, industrial users, public sector entities, and investors. The technical infrastructure is based on TYPO3 CMS with modern JavaScript libraries and includes cookie consent and tracking mechanisms. However, the site lacks HTTPS encryption, which is a critical security deficiency. The security posture is weak due to missing SSL, security headers, and DNSSEC, exposing the site to potential risks. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the site is professionally designed and trustworthy but requires urgent security improvements to protect user data and enhance trust.

D

DMT GROUP

dmt-group.com

0

DMT GROUP is a well-established global engineering services and consulting company with a history dating back to 1737. It operates primarily in the energy, infrastructure, mining, and engineering sectors, offering a broad range of services including engineering, consulting, geotechnics, exploration, and critical infrastructure protection. The company is part of the TÜV NORD GROUP, which enhances its market credibility and access to resources. The website reflects a professional and comprehensive digital presence with clear business information, structured data, and rich content targeting industrial clients worldwide. Technically, the website is built on TYPO3 CMS and uses common web technologies such as Apache server, Google Analytics, and LinkedIn Insight Tag for analytics and marketing. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. The absence of modern TLS protocols and security headers further weakens its security posture. Performance is rated slow due to missing SSL and possibly other optimizations. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Security-wise, the site has configured SPF and DMARC records for email security and shows no signs of common vulnerabilities like Heartbleed or POODLE. However, the lack of HTTPS and security headers significantly reduces the overall security score. There is no explicit incident response or vulnerability disclosure information available on the site. Overall, the website is professional and content-rich but requires urgent improvements in security infrastructure, especially SSL/TLS implementation, to protect user data and enhance trust. Privacy compliance could also be improved by adding cookie consent mechanisms. Strategic recommendations include implementing HTTPS, enhancing security headers, and improving privacy transparency.

T

TÜV NORD GROUP

tuv-nord.com

0

TÜV NORD GROUP operates as a global service provider specializing in testing, certification, inspection, and training services across multiple sectors such as energy, transportation, real estate, and industry. The company maintains a strong market position as a large enterprise with a broad international presence and multiple subsidiaries. Their website reflects a professional and well-structured digital presence targeting both business and private customers. Technically, the site is built on TYPO3 CMS and integrates various marketing and analytics tools, including Pardot, HubSpot, and Google Analytics, with a good level of GDPR compliance and consent management. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses a critical risk to secure communications. The site implements strong security headers and content security policies but requires urgent remediation of SSL/TLS issues to ensure data protection and user trust. Overall, the website is functional and professional but needs immediate security improvements to align with best practices and compliance standards.

T

TÜV NORD GROUP

tuev-nord-group.com

0

The TÜV NORD GROUP is a well-established enterprise headquartered in Germany, specializing in safety, certification, inspection, and consulting services across multiple sectors including energy and transportation. With over 150 years of experience and a global presence in more than 100 countries, the company positions itself as a trusted provider of quality and safety solutions. The website reflects a professional and comprehensive digital presence, targeting businesses and organizations seeking expert services in safety and compliance. Technically, the site is built on TYPO3 CMS and utilizes modern JavaScript libraries and consent management tools, although performance is hindered by slow load times and an invalid SSL certificate. Security posture is weakened by the lack of a valid SSL certificate and absence of security headers, which poses risks to user trust and data protection. Privacy compliance is strong, with clear GDPR-aligned policies and cookie consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent security improvements to enhance user confidence and compliance.

N

Neste

nesteoil.com

0

Neste is a leading global company specializing in renewable energy solutions, particularly sustainable aviation fuel and renewable diesel. The company positions itself as a pioneer in mitigating climate change and advancing the circular economy by refining waste and residues into high-quality renewable fuels and raw materials. Their market position is strong as a world leader in sustainable aviation fuel production, targeting businesses and consumers focused on sustainability. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built on modern web technologies including React and Next.js, hosted likely on Google Cloud infrastructure. SEO and accessibility practices are well implemented, and the site is mobile optimized. However, performance data is limited but inferred to be moderate. The site uses cookie consent mechanisms and integrates marketing tools such as OneTrust and Visual Website Optimizer. From a security perspective, the site employs strong security headers and HSTS policies, but critically suffers from an invalid or missing SSL certificate and lack of enabled TLS protocols, which significantly undermines its security posture. No explicit security policies or incident response information are published, and no vulnerability disclosure program is evident. Privacy compliance is strong with comprehensive policies and GDPR adherence. Overall, while the business and content aspects are robust and professional, the security weaknesses related to SSL/TLS must be urgently addressed to ensure trust and secure user interactions. Strategic improvements in certificate management and enabling modern TLS protocols are recommended to elevate the security posture and overall website score.

S

Sunrise Movement LA

sunrisemovementla.org

0

Sunrise Movement LA is a youth-led environmental justice organization focused on combating climate change and promoting the Green New Deal within the Greater Los Angeles area. The organization operates as a grassroots non-profit movement, recruiting young activists and engaging the community through events, political advocacy, and educational efforts. Their digital presence is built on the Squarespace platform, leveraging modern web technologies and integrating social media and donation platforms to facilitate engagement and fundraising. The website is well designed with clear navigation and mobile optimization, though performance metrics suggest room for improvement. Security posture is adequate with HTTPS and some security headers, but lacks advanced configurations such as full HSTS and DMARC for email protection. Privacy compliance is weak due to the absence of privacy and cookie policies, which poses regulatory risks. Overall, the website reflects a credible and professional organization with moderate trustworthiness but requires enhancements in privacy and security policies to strengthen compliance and user trust.

V

Valmet

jamesbury.com

0

Valmet's Jamesbury brand website presents a comprehensive offering of high-performance valves and automation solutions targeted at industrial sectors such as pulp & paper, energy, and chemical processing. The site reflects a mature enterprise with a strong market position, emphasizing product reliability, safety, and efficiency. Technically, the website employs modern web technologies including jQuery, Bootstrap, and Microsoft Azure monitoring tools, hosted on a secure TLS 1.3 enabled infrastructure. Security posture is solid with proper email authentication (SPF, DMARC) and no evident vulnerabilities, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism, good user experience, and trustworthy business credibility.

L

Lintec Ind. Com. de Motores e Equip. Movim. Materiais Ltda.

lintecmotores.com.br

0

Lintec Motores is a Brazilian company specializing in the manufacturing and distribution of energy generators, including diesel and gasoline models, as well as related equipment such as motobombas and motors. It operates as a subsidiary of Agrale S.A., leveraging the parent company's certification and quality standards to position itself as a provider of cost-effective and robust energy solutions primarily for the Brazilian market. The website serves as a platform for product information, distributor location, and post-sales support, targeting customers seeking reliable energy generation equipment. Technically, the website employs a traditional technology stack including nginx web server, jQuery libraries, Google Analytics, and Google reCAPTCHA for form security. However, it lacks modern security implementations such as HTTPS, valid SSL certificates, and advanced security headers, which exposes users to potential risks. The site shows basic mobile optimization and accessibility features but suffers from slow performance and outdated libraries. From a security perspective, the absence of HTTPS and TLS protocols is a critical vulnerability. While the site includes comprehensive privacy and cookie policies compliant with GDPR principles, it lacks explicit terms of service, security policies, and incident response contacts. The cookie consent mechanism is implemented via Popupsmart, providing users with control over cookie preferences. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. The overall risk assessment indicates a medium risk level due to missing HTTPS and outdated technologies. Strategic recommendations include immediate SSL implementation, upgrading security headers, modernizing the tech stack, and enhancing transparency with clear security and incident response policies to improve user trust and compliance.

T

TÜV NORD

tuev-nord.de

0

TÜV NORD is a well-established enterprise-level company specializing in safety, certification, and training services across multiple sectors including energy, transportation, real estate, healthcare, and technology. The website presents a professional and consistent brand image with comprehensive content targeting both private and business customers. The technical infrastructure is based on TYPO3 CMS with integration of modern marketing and analytics tools, though performance metrics indicate room for improvement. Security posture is weakened by the absence of a valid SSL certificate and HTTPS, which is a critical issue. Privacy compliance is well addressed with consent management and GDPR-aligned policies. Overall, the site is trustworthy but requires urgent security enhancements to protect user data and improve trust.

V

Valmet

valmet.com

0

Valmet is a global enterprise specializing in technologies, services, and automation solutions for the pulp, paper, tissue, and energy industries. The company positions itself as a reliable technology partner with a comprehensive offering that supports customers' performance improvements. The website reflects a mature digital presence with multi-language support, detailed industry-specific content, and extensive navigation structures. Technically, the site uses modern web technologies including jQuery, Bootstrap, Vue.js, and integrates analytics and marketing tools such as Google Analytics, Microsoft Application Insights, and Pardot. However, a critical security concern is the invalid SSL certificate, which undermines the site's HTTPS security posture despite the presence of security headers and cookie protections. Privacy and cookie policies are well implemented with consent mechanisms, indicating good compliance with GDPR. Overall, the site demonstrates strong business credibility and professional quality but requires urgent remediation of SSL issues to enhance security and trust.

N

Neste

neste.com

0

Neste is a leading global producer of sustainable aviation fuel and renewable diesel, focusing on mitigating climate change and advancing the circular economy. The company holds a strong market position in the energy and transportation sectors, offering renewable solutions that enable customers to reduce greenhouse gas emissions. The website reflects a mature digital presence with rich multimedia content, multiple language support, and comprehensive corporate disclosures. Technically, the site is built on modern frameworks such as Next.js and React, hosted on Microsoft Azure, and incorporates advanced marketing and consent management tools. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL configuration to ensure secure user interactions.

C

Climate Resolve

climateplans.la

0

Climate Plans Los Angeles is a small, niche advocacy and informational website focused on promoting climate-conscious community planning within the City of Los Angeles. The site provides resources and information about local community plan areas and encourages integration of climate considerations into urban development. Technically, the site is built on WordPress with Elementor and uses common web technologies such as jQuery and Bootstrap. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. The absence of privacy and cookie policies, as well as contact information, further reduces trust and compliance posture. Tracking technologies like Facebook Pixel and Google Analytics are present, indicating moderate user tracking without clear privacy disclosures. Overall, the site is functional but basic in content quality and technical implementation, with significant security and privacy gaps that should be addressed to improve user trust and regulatory compliance.

A

Akzo Nobel N.V.

international-pc.com

0

International-pc.com is the official website for AkzoNobel's International Protective Coatings brand, specializing in protective and fire protection coatings for industrial sectors such as energy, offshore oil and gas, wind power, mining, and infrastructure. The site presents a professional and content-rich experience with detailed case studies, product applications, and technical support information, targeting industrial B2B clients globally. Technically, the site is built on Adobe Experience Manager CMS and uses modern JavaScript frameworks including React and jQuery, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, significantly impacting its security posture. While security headers are partially implemented, the absence of HTTPS is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is reinforced by strong branding, social media presence, and detailed content. Overall, the site scores moderately due to excellent content and business credibility but suffers from critical security configuration issues.

R

Redinter

redinter.cl

0

Redinter is a medium-sized energy company operating primarily in northern Chile, specializing in electrical transmission infrastructure. It is part of the larger Redeia group, which enhances its market position and credibility. The company focuses on ensuring secure and continuous electricity supply through its regional concessions and partnerships. The website reflects a professional corporate presence with clear business descriptions, contact information, and social media engagement. Technically, the site is built on Drupal 10, uses modern web technologies, and is hosted behind Imperva CDN, ensuring good performance and availability. Security posture is solid with HTTPS, OCSP stapling, and secure cookies, though improvements like full HSTS enablement and DNSSEC could be made. Privacy compliance is basic with a privacy policy and cookie consent implemented via Cookiebot. Overall, the site is trustworthy and well-maintained, supporting Redinter's business objectives effectively.