Security Directory

A

Arianespace

arianespace.com

0

Arianespace is a leading global satellite launch company providing a versatile family of launch vehicles including Ariane 6, Soyuz, and Vega C. The company serves commercial and institutional customers worldwide, offering launch services to various orbits and ground services expertise. The website reflects a mature digital presence with comprehensive content, strong SEO, and active social media engagement. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which poses a critical risk to secure communications. Privacy compliance is supported by clear policies but lacks an explicit cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

T

Transdev North America, Inc.

transdevna.jobs

0

Transdev North America, Inc. operates a comprehensive career portal focused on transportation jobs across North America. As the largest private-sector provider of multiple transportation modes including transit, rail, and on-demand services, the company targets job seekers interested in diverse roles such as drivers, management, safety, and technical positions. The website provides detailed information about career opportunities, benefits, and hiring processes, supported by a consistent brand presence and trust indicators such as an EEO statement and a Code of Business Conduct. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, with integrations for Google Analytics, Facebook Pixel, and other marketing tools. However, performance is slow and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate, lack of security headers, and missing DNS security records, which poses significant risks to user data and trust. Privacy compliance is basic with a cookie consent mechanism and a privacy policy, but GDPR compliance is not clearly demonstrated. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance credibility.

A

ArianeGroup

ariane.group

0

ArianeGroup is a leading European aerospace company specializing in civil and military space transportation, including the development and manufacturing of launchers such as Ariane 6 and Maia. The company positions itself as a global industrial leader supporting Europe's independence and security in space. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation targeting aerospace industry stakeholders, government entities, and potential employees. Technically, the site is built on WordPress with SEO optimizations and uses modern web technologies, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security-wise, the absence of HTTPS and security headers is a critical vulnerability, although no WAF or blocking mechanisms are detected. Privacy compliance is supported by a comprehensive privacy policy, but no cookie consent mechanism is present. Overall, the site is professional and trustworthy but requires urgent improvements in security configurations to protect user data and enhance trust.

N

Naval Group

naval-group.com

0

Naval Group is a leading European naval defence company serving over 50 navies worldwide. The company specializes in the design, construction, integration, and support of submarines and surface ships, positioning itself as an international player in the naval defence sector. The website reflects a mature business with comprehensive content targeting customers, candidates, journalists, suppliers, and employees. Technically, the site is built on Drupal 10 with modern JavaScript libraries and includes a cookie consent mechanism and Matomo analytics for user tracking. However, the absence of a valid SSL certificate and lack of modern TLS protocols significantly weaken the security posture. No advanced security headers or session management features are implemented, exposing the site to potential risks. Privacy compliance is well addressed with GDPR-aligned policies and consent management. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

T

Transdev United States

transdevna.com

0

Transdev United States operates as the largest private sector operator of multiple modes of transit in North America, providing services including bus, paratransit, rail, health solutions, microtransit, shuttle, autonomous mobility, fleet services, and ferry operations. The company targets public transportation clients and transit authorities, positioning itself as a leading integrator and operator in the transportation sector. The website reflects a large, well-established enterprise with a focus on safety, innovation, and sustainability. Technically, the site is built on WordPress with a modern tech stack including WPBakery Page Builder, jQuery, and Google services, hosted on WP Engine with Cloudflare CDN. Performance is fast, mobile optimization is good, and accessibility features are implemented via third-party tools. Security posture is strong with HTTPS, modern TLS protocols, CSP, and secure cookie settings, though improvements such as enabling HSTS and DNSSEC are recommended. Privacy compliance is addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional, trustworthy, and well-structured, supporting the company's market position and business model effectively.

T

Transdev Canada

transdev.ca

0

Transdev Canada operates as a global mobility operator and integrator, providing a wide range of transportation services including bus, rail, ferry, cargo, and autonomous mobility solutions. The company holds a strong market position with a large operational footprint in Canada and is part of the larger Transdev Group. Their services target passengers, public authorities, and companies, emphasizing efficiency, safety, and sustainability. The website reflects a professional and comprehensive digital presence with rich content, news updates, and recruitment information. Technically, the site is built on WordPress with Elementor and integrates advanced search via Algolia, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of HTTPS enforcement. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Social media integration is robust, enhancing business credibility. Overall, while the business and content aspects are strong, the security posture requires urgent improvement to protect user data and maintain trust.

RETHMANN SE & Co. KG is a well-established German family-owned holding company founded in 1934, operating primarily in the transportation and energy sectors through its subsidiaries REMONDIS, Rhenus, SARIA, and a significant stake in Transdev. The company provides comprehensive services in recycling, logistics, sustainable product manufacturing, and public mobility solutions, targeting industrial clients, municipalities, and private customers. The website is built on TYPO3 CMS, featuring good content quality, clear navigation, and professional design, though it lacks a valid SSL certificate, which is a critical security concern. Privacy policies are comprehensive and GDPR compliant, but no cookie consent mechanism is present. The company demonstrates strong business credibility with detailed contact information and legal disclosures.

W

WeWard

wewardapp.com

0

WeWard is a medium-sized company operating a popular walking rewards app that incentivizes users globally to walk more by converting steps into financial rewards, gifts, and charitable donations. The company has a strong market presence with 20 million users across 29 countries and is certified as a B Corp, indicating commitment to social and environmental responsibility. The website is professionally designed, mobile-optimized, and provides clear navigation and rich content that supports user engagement and trust. Technically, the site leverages modern web technologies including Webflow CMS, Matomo analytics, and Rive animations, hosted on Cloudflare CDN for performance and reliability. Security posture is good with HTTPS, modern TLS protocols, and key security headers, though improvements like enabling HSTS and OCSP stapling are recommended. Privacy compliance is supported by comprehensive privacy and cookie policies, though no explicit cookie consent mechanism was detected. Contact is primarily via a Typeform-based contact form, with no direct emails or phone numbers publicly listed. Overall, the site demonstrates a mature digital presence with good security hygiene and user trust indicators.

T

Tanlib

tanlib.com

0

Tanlib operates as the public transportation network for the Niort Agglomeration in France, providing a free bus service across Niort and 45 surrounding communes. The website offers comprehensive information on routes, schedules, mobility services including bike rentals and carpooling, and real-time traffic alerts. The business is positioned as a key local transportation provider with partnerships including Niort Agglo and Transdev. Technically, the site is built on a PHP backend with modern JavaScript libraries and integrates third-party widgets such as Moovit for route planning and Matomo for privacy-conscious analytics. However, the lack of a valid SSL certificate and HTTPS implementation is a significant security shortfall. Privacy and cookie policies are well documented and include consent mechanisms, reflecting good GDPR compliance. Overall, the site is user-friendly, accessible, and professionally maintained but requires urgent improvements in security infrastructure.

R

Retis

retis-innovation.fr

0

Retis Innovation is a French national network dedicated to supporting and promoting territorial innovation ecosystems. The organization focuses on assisting innovation actors, public institutions, and private experts to foster the creation and growth of innovative companies across French territories. The website reflects a mature digital presence built on WordPress with modern technologies and SEO best practices. Security posture is solid with HTTPS, SPF, and DMARC configured, though improvements in HTTP security headers and DNS security could enhance protection. Privacy compliance is strong, featuring comprehensive GDPR-aligned policies and cookie consent mechanisms. Contact information is transparent and multi-channel, supporting business credibility. Overall, Retis Innovation demonstrates a professional and trustworthy online presence suitable for its sector and audience.

Acropolis Warehousing Inc. is a medium-sized Canadian company specializing in third-party logistics and warehousing services primarily across Western Canada. Founded in 1993 as an independent arm of Rosenau Transport Ltd., it offers integrated supply chain solutions including warehousing, order fulfillment, and direct distribution. The company positions itself as a premier warehouse provider with a focus on customer service and operational excellence. Technically, the website is built on WordPress with Bootstrap and jQuery, incorporating modern marketing and analytics tools such as Google Analytics and Microsoft Clarity. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture. Privacy compliance is basic, with privacy and terms pages present but lacking cookie consent mechanisms. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

C

Carrier Logistics

carrierlogistics.com

0

Carrier Logistics is a medium-sized transportation technology company specializing in customizable transportation management software called FACTS™. The company serves transportation and logistics businesses, offering software solutions, training, and consultation services. It holds a recognized market position with industry awards and client testimonials, indicating a trusted brand in the transportation sector. The website is built on WordPress with a responsive design and includes modern marketing and analytics tools. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture. Additionally, cookie consent mechanisms are missing despite the use of tracking scripts, raising privacy compliance concerns. Overall, the website provides good content quality and business credibility but requires urgent security and privacy improvements.

Rosenau Transport Ltd. is a large transportation and logistics company operating primarily in Western Canada, offering a broad range of freight and supply chain services including Less Than Truckload, Full Truckload, warehousing, and specialized transport. The company is part of GLS Logistics Systems Canada Ltd., which is affiliated with the GLS Group and Royal Mail Group plc, positioning it strongly in the regional market. The website presents a professional and content-rich platform targeting businesses and individuals needing reliable shipping solutions across Canada and the Western U.S. The technical infrastructure is based on WordPress CMS with common optimization and analytics tools, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Security posture is weak due to missing HTTPS, lack of security headers, and incomplete email security configurations. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and credible but requires significant security improvements to meet modern standards.

G

General Logistics Systems US, Inc. (GLS)

gls-us.com

0

General Logistics Systems US, Inc. (GLS) operates a regional parcel delivery service focused on the Western United States, providing faster delivery services across multiple states including California, Washington, Oregon, Idaho, and Colorado. The company offers a variety of shipping tools, account management, and integration options for business customers. The website reflects a medium-sized transportation business with a clear focus on parcel delivery and customer support. Technically, the site uses modern JavaScript frameworks such as Vue.js and integrates multiple marketing and analytics tools including HubSpot, Marketo, Google Analytics, and Hotjar. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture and trustworthiness of the site. Privacy compliance is basic, with a privacy policy present but no visible cookie consent mechanism. Overall, the site provides good content and user experience but requires urgent security improvements to protect user data and enhance trust.

G

GLS Portugal

gls-portugal.pt

0

GLS Portugal is a well-established parcel delivery and logistics company operating since 2005, serving both business and private customers with a broad range of national and international shipping services. It is part of the GLS Group, leveraging a large European logistics network. The website demonstrates a mature digital presence with multilingual support, comprehensive parcel tracking tools, and client portals. Technically, the site is built on WordPress with modern libraries and hosted on Google Cloud, ensuring good performance and mobile optimization. Security posture is solid with HTTPS, HSTS, and reCAPTCHA Enterprise integration, though some security headers and OCSP stapling could be improved. Privacy compliance is strong with GDPR-aligned cookie consent and detailed policies. Overall, GLS Portugal presents a professional, trustworthy, and user-friendly online platform supporting its logistics business effectively.

G

GLS Canada

gls-canada.com

0

GLS Canada is a large transportation and logistics company providing parcel, freight, warehousing, and logistics services primarily in Canada with a strong connection to the GLS Group. The website offers comprehensive information about their services, including shipment tracking, shipping tools, and customer support. The company maintains a professional online presence with consistent branding and active social media channels. Technically, the website uses modern JavaScript libraries and analytics tools but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, the absence of HTTPS and security headers represents a significant security risk. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

S

Saarländische Nahverkehrs-Service GmbH

saarvv-profil.de

0

The website represents Saarländische Nahverkehrs-Service GmbH, a regional public transportation service provider in Saarland, Germany. It offers information about the saarVV public transport network, focusing on sustainability, digitalization, and service improvements. The site targets local public transport users and stakeholders. Technically, the website is built on WordPress using Elementor, with common web technologies like jQuery and Swiper.js. The site is mobile-optimized but suffers from slow load times and lacks some advanced performance optimizations. Security-wise, the site uses HTTPS with a valid certificate but lacks important security headers, HSTS, and OCSP stapling. No cookie consent mechanism or comprehensive privacy compliance features are present. Contact information is clearly provided, including email, phone, and physical address. Social media presence is active on major platforms. Overall, the site is functional and professional but could improve in security and privacy compliance to enhance trust and user safety.

BMW M GmbH operates the official BMW M website, showcasing its high-performance vehicles, motorsport heritage, and driving experiences. The company holds a strong market position in the premium automotive segment, targeting enthusiasts and customers seeking performance and motorsport engagement. The website reflects a mature digital presence with rich multimedia content, clear navigation, and comprehensive legal and privacy documentation. Technically, the site uses modern web technologies, including Adobe Experience Manager CMS, Akamai CDN, and performance monitoring tools, delivering a good user experience across devices. Security posture is solid with HTTPS, SPF, DMARC, and no critical vulnerabilities detected, though improvements like HSTS and additional security headers are recommended. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness.

Streets For All operates as a focused non-profit advocacy organization dedicated to advancing sustainable and equitable transportation policies in California. Their website serves as a comprehensive platform to assess and report on the performance of state legislators regarding transportation legislation, providing transparency and accountability to the public and stakeholders. The organization positions itself as a key influencer in California's transportation policy landscape, emphasizing legislative sponsorship, support, and public engagement. Technically, the website employs modern web technologies including React and Material-UI, hosted on DigitalOcean infrastructure. While the site offers rich content and a professional design, performance issues such as slow load times and lack of some security headers are noted. The site uses Umami for privacy-focused analytics, indicating a moderate approach to user tracking. From a security perspective, the site benefits from a valid SSL certificate but lacks advanced security headers and DNS protections like DNSSEC and DMARC. Privacy compliance is weak due to the absence of privacy and cookie policies and no visible consent mechanisms. Contact information is limited to an email address, with no phone or physical address provided. Overall, the website is a credible and professional resource for transportation policy advocacy but would benefit from enhanced security practices and privacy compliance to strengthen trust and protect users. Performance optimizations and clearer privacy disclosures are recommended to improve user experience and regulatory adherence.

The Hill to Sea Corridor website provides informational content about a proposed 28-mile transportation route connecting multiple transit lines and regional amenities. The site targets local residents and commuters interested in regional transit development. The business model appears to be informational or advocacy-focused without commercial transactions or services. Technically, the site uses a modern JavaScript module approach, likely React or a similar framework, hosted on DigitalOcean with DNS managed by DigitalOcean nameservers. However, the site suffers from slow load times and minimal content depth. Security posture is weak, with no valid SSL certificate, no HTTPS enabled, and absence of security headers or best practices. Privacy and compliance policies are missing, and no contact or business information is provided, limiting trust and credibility. Overall, the site is accessible but lacks fundamental security and compliance features, resulting in a low security and trust score.

S

Streets For All San Francisco

streetsforallsf.org

0

Streets For All San Francisco is a small non-profit advocacy organization dedicated to improving transportation safety and public space in San Francisco. Their website serves as a platform for community engagement, initiatives, events, and fundraising. The organization positions itself as a local leader in advocating for safer, greener streets and better transit options. Technically, the website is built on Squarespace, leveraging standard web technologies and third-party services such as Mailchimp for email marketing and ActBlue for donations. While the site is visually consistent and user-friendly, performance is somewhat slow and SEO/accessibility features are basic. Security posture is adequate with modern TLS protocols and no known SSL vulnerabilities, but lacks advanced security headers, DNS protections, and privacy compliance mechanisms. Contact information is limited to an email address and social media links, with no phone or physical address provided. Overall, the site is functional and professional but would benefit from enhanced privacy policies, security hardening, and performance optimization.

Brussels Airlines is an enterprise-level transportation company operating primarily in Belgium and is part of the Lufthansa Group. The website is currently inaccessible due to a Web Application Firewall or security mechanism, resulting in an Access Denied page served by AkamaiGHost. This prevents access to any meaningful content, metadata, or business information on the site. The technical infrastructure includes Akamai CDN and Barracuda Networks for email security, with SPF and DMARC records properly configured. However, the SSL/TLS configuration is severely lacking, with no valid certificate or modern TLS protocols enabled, exposing the site to significant security risks. Security headers are minimal, and no privacy or cookie policies are detectable on the landing page. Overall, the site’s security posture is weak, and the lack of accessible content limits the ability to assess business credibility or compliance. The site is heavily tracked by multiple advertising and analytics services as indicated by the content security policy, but these cannot be verified due to the blocked content.

V

VIENNA SIGHTSEEING TOURS

viennasightseeing.at

0

Viennasightseeing.at is a medium-sized tourism and transportation business specializing in guided sightseeing tours, hop-on-hop-off bus services, day trips, and sightseeing passes in Vienna, Austria. The company positions itself as a market leader in Vienna's sightseeing tour sector, targeting tourists seeking convenient and flexible travel experiences. The website is built on TYPO3 CMS and integrates modern marketing and tracking tools such as Google Tag Manager, Trustpilot, and Usercentrics for consent management. However, the site suffers from critical security issues including an invalid SSL certificate, lack of HTTPS enforcement, and a subdomain takeover vulnerability on its shop subdomain. These issues significantly impact the site's security posture and trustworthiness. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the site offers good content quality and user experience but requires urgent security improvements to protect user data and maintain business credibility.

Arvato is an enterprise-level company specializing in innovative supply chain management, logistics, transport management, and digital solutions primarily targeting B2B clients in the transportation sector. The website presents a professional and comprehensive digital presence with multilingual support and detailed service offerings. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. The security configuration is basic, with no HTTPS enabled and missing security headers, although privacy compliance is well managed through Cookiebot consent mechanisms. Overall, the site is trustworthy and professional but requires urgent improvements in security infrastructure to protect user data and enhance trust.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, and e-commerce solutions primarily serving B2B clients. The company operates globally with a strong presence in Poland and multiple related domains indicating a broad international footprint. Their website is built on TYPO3 CMS and integrates modern technologies such as Vite JS and Cookiebot for consent management. Despite a professional design and comprehensive content, the site suffers from an invalid SSL certificate, resulting in a basic security posture. Cookie consent and privacy policies are well implemented, reflecting good GDPR compliance. The site uses Google Analytics and advertising networks for tracking and marketing purposes. Overall, Arvato presents a credible and professional business front but should urgently address SSL and security header issues to improve trust and security.

Arvato SE operates as a global enterprise specializing in innovative supply chain management, logistics, transport management, and digital solutions, targeting B2B clients with a focus on e-commerce and omnichannel distribution. The website reflects a mature digital presence with multilingual support and comprehensive content showcasing their services and success stories. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a critical lack of HTTPS, impacting security posture significantly. Cookie consent is robustly managed via Cookiebot, ensuring GDPR compliance and user privacy controls. However, the absence of a valid SSL certificate and security headers exposes the site to risks and reduces trustworthiness. Overall, the site is professional and content-rich but requires urgent security improvements to align with best practices.

Arvato SE operates a comprehensive supply chain management and e-commerce logistics platform targeting enterprise clients primarily in Spain and internationally. The website showcases a professional and well-structured digital presence powered by TYPO3 CMS and modern frontend technologies. Key services include supply chain management, logistics and fulfillment, transportation management, and digital solutions. The company demonstrates strong branding consistency and trust indicators such as client logos and social media presence. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism via Cookiebot. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

L

Los Angeles Walks

losangeleswalks.org

0

Los Angeles Walks is a small non-profit organization dedicated to promoting safe and walkable communities in Los Angeles. The organization focuses on community training, policy advocacy, and pedestrian safety initiatives, supported by donations and partnerships, notably with Community Partners as their fiscal sponsor. Their target audience includes local residents, families affected by traffic violence, and community advocates. Technically, the website is built on Webflow, uses Cloudflare CDN, and integrates Google Fonts and jQuery. The site is mobile optimized with good design and navigation but lacks advanced SEO and accessibility features. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which is a critical issue. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Arvato SE operates a comprehensive supply chain and logistics service platform with a strong focus on innovative digital solutions and e-commerce support. The company targets business clients seeking holistic supply chain management, logistics, transport, and digital commerce solutions. The website reflects a large enterprise with international reach, supported by multiple regional domains and a parent company affiliation with Bertelsmann. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a lack of HTTPS, resulting in a critical security gap. Cookie consent is managed professionally via Cookiebot, and analytics are extensively used with Google services. The security posture is weak due to missing SSL and security headers, which poses risks to user data and trust. Overall, the website is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

Arvato SE operates as a global third-party logistics provider specializing in supply chain management, logistics & fulfillment, transport management, and digital solutions. The company targets businesses in e-commerce and B2B sectors, offering scalable and innovative logistics services. The website demonstrates a strong market presence with multiple localized domains and partner sites, reflecting a large enterprise with a global footprint. Technically, the site is built on TYPO3 CMS with modern frontend tooling and integrates Cookiebot for GDPR-compliant cookie management. However, the main domain suffers from an invalid SSL certificate, impacting security posture. While no critical vulnerabilities are detected, the lack of HTTPS and security headers lowers the overall security score. Privacy compliance is well addressed with clear cookie consent and privacy policies. The website is professionally designed, mobile-optimized, and provides clear navigation and business information, though direct contact emails and phone numbers are not exposed publicly. Strategic improvements in SSL configuration and security headers are recommended to enhance trust and security.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, transport, and digital commerce solutions primarily targeting B2B clients. The website is professionally designed, multilingual, and powered by TYPO3 CMS with modern frontend technologies. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are mostly present, but critical SSL/TLS configurations and session management features are missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and consent mechanisms. Business credibility is strong with clear branding, client logos, and social media presence. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

A

Akzo Nobel N.V.

international-marine.com

0

International Marine, a division of Akzo Nobel N.V., operates a comprehensive website focused on marine coatings and performance solutions for vessels worldwide. The company positions itself as a global leader in marine coatings, offering specialized products and digital compliance solutions tailored to various vessel types and shipyard operations. The website reflects a B2B business model targeting marine industry professionals and ship operators, supported by strong corporate branding and a consistent user experience. Technically, the site is built on Adobe Experience Manager with React components and integrates modern marketing and analytics tools such as Google Tag Manager and OneTrust for cookie consent management. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of TLS protocol support, which severely impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates good content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and maintain trust.

C

csad.cz

csad.cz

0

The website csad.cz appears to represent a transportation-related business, likely a bus or transport service based in the Czech Republic. However, the website content is extremely minimal, consisting only of a placeholder text with an IP address and no meaningful business or contact information. The technical infrastructure is outdated, running Apache 2.2.15 and PHP 5.6.11, with no SSL certificate installed, resulting in an unsecured HTTP-only site. There are no modern web technologies or CMS detected, and no performance or SEO optimizations are evident. Security posture is weak due to lack of HTTPS, missing security headers, and outdated software, exposing the site to potential risks. Privacy and compliance policies are absent, and no contact or incident response information is provided, limiting trust and credibility. Overall, the site is poorly maintained and lacks essential features for a professional online presence.

B

Big Bus Tours Ltd

bigbustours.com

0

Big Bus Tours Ltd operates as a leading global sightseeing bus tour provider, specializing in hop-on hop-off tours across major cities such as London, New York, and Paris. The company holds a strong market position as the largest operator of open-top sightseeing bus tours with over 30 years of service. Their business model focuses on tourism and travel services, offering additional experiences beyond bus tours to enhance customer engagement. The website reflects a professional and consistent brand presence targeting tourists worldwide. Technically, the website is built on Magento 2, leveraging modern web technologies including RequireJS, Google Tag Manager, and various marketing and analytics tools such as MoEngage and New Relic. Hosting and DNS services are provided by Cloudflare, ensuring global content delivery. While the site is mobile-optimized and SEO-friendly, performance metrics are not explicitly available. Accessibility is basic but functional. From a security perspective, the site implements several important HTTP security headers and a comprehensive Content Security Policy. However, a critical vulnerability is the absence of a valid SSL certificate and lack of TLS protocol support, severely impacting the security posture. This exposes users to risks and undermines trust. Privacy compliance is addressed with clear privacy and cookie policies, including consent mechanisms, but no explicit security or incident response policies are found. Overall, the website is functional and business credible but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing HSTS policies, and improving incident response readiness.

W

WienTourismus

viennacitycard.at

0

The website viennacitycard.at serves as the official platform for the Vienna City Card, a tourism product offering public transport access and discounts in Vienna. It is operated by WienTourismus and targets tourists seeking convenient mobility and sightseeing benefits. The site features a modern TYPO3 CMS infrastructure with Alpine.js for interactivity, hosted behind Cloudflare. While the site is content-rich, well-branded, and professionally designed with good mobile optimization and accessibility, it suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy compliance is strong, with a clear privacy policy, cookie consent via Usercentrics, and GDPR adherence. The site integrates Matomo analytics and Google Tag Manager for tracking, balanced with user privacy controls. Overall, the site is trustworthy and professional but requires urgent SSL/TLS remediation to ensure secure user interactions.

A

Arvato SE

arvato.com

0

Arvato SE is a global enterprise specializing in third-party logistics (3PL), supply chain management, and digital logistics solutions. The company serves a diverse range of industries including e-commerce, B2B, and transportation, offering services such as warehousing, fulfillment, transport management, and digital customer experience solutions. Their market position is strong with a broad international footprint and multiple regional subsidiaries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed service descriptions. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Security-wise, the absence of HTTPS and security headers are critical issues, though cookie consent and privacy compliance are well implemented. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

D

Destruction For Nada

destructionfornada.com

0

Destruction For Nada is a focused advocacy campaign operating primarily in Los Angeles County, aiming to halt freeway widening projects that contribute to increased traffic, pollution, and displacement of communities. The campaign promotes investment in public and active transportation alternatives to address climate change and housing crises. The website is built on Squarespace, leveraging standard web technologies and integrates Mailchimp for email list management. While the site presents clear messaging and partner affiliations, it lacks critical security infrastructure such as a valid SSL certificate, which undermines user trust and data security. Privacy and cookie policies are absent, indicating gaps in compliance with data protection regulations. Overall, the site serves as an informational and engagement platform for a small non-profit advocacy group but requires significant improvements in security and privacy to enhance credibility and user safety.

E

EnviroMetro

envirometro.org

0

EnviroMetro is a small non-profit coalition focused on advocating for green, equitable, and healthy transportation policies in Los Angeles. The coalition collaborates with Metro and other organizations to influence transportation investment priorities and has played a key role in shaping regional ballot measures. The website is built on WordPress and uses common plugins such as Yoast SEO and MailChimp for marketing and analytics. While the site provides useful content and contact information, it lacks critical security features such as a valid SSL certificate and security headers, which exposes visitors to risks. Additionally, privacy and cookie policies are absent, indicating compliance gaps. The site’s performance is slow, and technical implementation could be improved to enhance user experience and security.

G

Gaia-X 4 Future Mobility

gaia-x4futuremobility.de

0

Gaia-X 4 Future Mobility is a collaborative project family focused on developing and implementing future mobility applications based on the Gaia-X initiative. It is funded by the German Federal Ministry for Economic Affairs and Climate Action and coordinated by the DLR Institute for AI Security. The initiative involves about 80 participants from industry and research, aiming to build an open, decentralized data and service ecosystem for mobility. The website provides detailed information about the six constituent projects, their goals, participants, and related initiatives. Technically, the site is built on the Webflow platform, uses Google Fonts and jQuery, and is hosted on a CDN. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security concern. Privacy and terms of service pages are present, but no cookie consent mechanism is detected. Overall, the site is professionally designed with good content relevance and navigation but requires urgent security improvements.

B

BG Verkehr

bg-verkehr.de

0

BG Verkehr is a German statutory accident insurance institution specializing in transportation and logistics sectors. The website provides comprehensive information about insurance coverage, prevention, rehabilitation, and training services tailored for employees and companies in these industries. The site targets German-speaking users and serves as an official communication channel for BG Verkehr's services and updates. Technically, the website is built on the Plone CMS platform, utilizing modern frontend libraries such as Bootstrap and Font Awesome, and integrates Piwik/Matomo for analytics and Cookiefirst for cookie consent management. However, a critical security shortfall is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks and undermining trust. The site lacks security headers and advanced SSL configurations, which further impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professionally designed with good content quality and navigation but requires urgent security improvements to meet modern standards.

A

Aerial Rapid Transit LLC

laart.la

0

Los Angeles Aerial Rapid Transit (LA ART) is a small-scale transportation project proposing a zero emissions aerial gondola system to connect key locations in Los Angeles, including Union Station, Chinatown, and Dodger Stadium. The project is affiliated with a non-profit and aims to reduce traffic congestion and pollution by providing an alternative transit option. The website serves as an informational and engagement platform, offering contact forms and social media links to connect with the community. Technically, the website is built on WordPress with common plugins and external integrations such as Google Analytics and Vimeo for media content. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The absence of modern security headers and privacy policies further weakens its compliance posture. From a security perspective, the site has basic SPF email protection but lacks HTTPS, HSTS, and DMARC records, exposing visitors to potential risks. No incident response or vulnerability disclosure information is provided. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. Strategically, the website should prioritize obtaining a valid SSL certificate, implementing privacy and cookie policies, and enhancing security headers. Improving site performance and accessibility will also benefit user experience and SEO. These steps will strengthen the project's credibility and support its mission to promote sustainable transportation in Los Angeles.

R

Railteam

railteam.eu

0

Railteam is a European rail alliance providing high-speed train services across more than 100 destinations in Europe. The alliance emphasizes sustainable travel, passenger comfort, and additional services such as lounges and flexible travel options like HOTNAT. The website is professionally designed with good content quality and clear navigation, targeting European rail travelers seeking efficient and environmentally friendly transport. Technically, the site uses Sweet CMS and common frontend libraries but suffers from critical security issues due to lack of a valid SSL certificate and absence of HTTPS, which severely impacts its security posture. Privacy policies and cookie consent mechanisms are present, but no direct contact information or security policies are found. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Airport Lines

viennaairportlines.at

0

Vienna Airport Lines is a transportation service operating express bus lines between Vienna city and Vienna International Airport. It is a business unit of the Österreichische Postbus Aktiengesellschaft, a subsidiary of ÖBB-Personenverkehr AG, positioning itself as a reliable and convenient airport shuttle provider. The website presents clear business information, service offerings, and partner links, targeting travelers and commuters in Vienna. The digital infrastructure includes a responsive design and uses Matomo analytics for user tracking. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. No cookie consent mechanism or comprehensive privacy compliance features are evident. The site is moderately performant and accessible but requires urgent security improvements to meet modern standards.

Ö

ÖBB Nightjet

nightjet.com

0

ÖBB Nightjet operates a comprehensive overnight train service connecting over 25 European metropolitan cities, focusing on comfortable, climate-friendly travel options including vehicle transport. The website is well-branded, content-rich, and targets travelers seeking overnight rail journeys across Europe. Technically, the site uses modern web technologies such as ES modules and web components, but performance data is lacking. Security posture is weakened by the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy and terms policies are linked to official ÖBB domains, indicating good compliance practices. Contact information is provided primarily via phone and external contact forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

A

AGRALE S.A

agrale.com.br

0

Agrale S.A is a well-established Brazilian manufacturer specializing in tractors, trucks, buses, utility vehicles, and engines with over 50 years of market presence. The company operates primarily in the transportation sector, serving agricultural, commercial, and industrial clients through a broad dealer and service network. Their website reflects a solid business model focused on manufacturing and after-sales services, targeting national and regional markets in Brazil. The site content is relevant and professionally presented, supporting the company's market position as a national leader. Technically, the website uses an older technology stack including jQuery 1.7.1 and Apache server on Ubuntu, hosted via Embratel Cloud DNS infrastructure. While the site includes Google Maps integration and FontAwesome icons, it lacks modern CMS or frameworks and shows signs of technical debt such as outdated libraries and missing HTTPS support. Performance and mobile optimization are basic, with room for improvement in SEO and accessibility. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, severely impacting its security posture. No advanced security headers or mechanisms like HSTS or OCSP stapling are implemented. The site uses standard security headers but misses critical protections and vulnerability disclosures. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is uncertain. No incident response or security policy pages were found. Overall, the website is functional and business-credible but requires urgent security improvements, especially enabling HTTPS and updating outdated technologies. Strategic recommendations include implementing a valid SSL certificate, enhancing security headers, publishing vulnerability disclosure policies, and modernizing the technical stack to improve performance, security, and compliance.

Aerolux is a small Brazilian business specializing in road signaling products for the Brazilian market. The website is currently a 'Coming soon' placeholder with minimal content, indicating the business is either new or preparing for a launch. The site targets businesses or entities needing road signaling solutions in Brazil. Technically, the site is built using Hostinger Website Builder and the Astro framework, hosted on Hostinger's GCP infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but key security features like TLS protocols and OCSP stapling are missing. Privacy and cookie policies are absent, and no incident response or vulnerability disclosure information is provided. Overall, the site demonstrates basic digital maturity but requires significant improvements in security and compliance to build trust and protect user data.

M

mobilityportal gmbh

mobilityportal.de

0

mobilityportal gmbh operates a digital multimodal mobility platform focused on public transportation (ÖPNV) in Germany. The company offers integrated solutions for managing various transport modes including bus, tram, on-demand services, and e-scooters, enabling seamless door-to-door transport options. Their platform supports both front-end passenger services and back-office digital processes, targeting public transport operators, municipalities, and mobility providers. The website reflects a professional business presence with clear service descriptions and contact options, positioning the company as an innovative player in the transportation technology sector.

G

GAIA-X 4 KI

gaia-x4ki.eu

0

GAIA-X 4 KI is a medium-sized German research project focused on developing a data and service ecosystem for training and validating AI applications, particularly in the automotive and manufacturing sectors. The project emphasizes data sovereignty, transparency, and interoperability based on the GAIA-X infrastructure. The website provides detailed information about the project, consortium partners, news, and publications, targeting industry stakeholders, research institutions, and SMEs. Technically, the site uses modern TLS protocols, Bootstrap frontend, and likely a Ruby on Rails backend, hosted on Hetzner infrastructure. While HTTPS is properly implemented, the site lacks advanced security headers, DNS security features, and privacy/cookie policies, which lowers its security and privacy posture. Overall, the site is well-branded, professionally designed, and content-rich but could improve in privacy compliance and security hardening.

V

vedisys AG

vedisys.de

0

vedisys AG is a German software company specializing in providing modular, scalable software solutions for public transport companies (ÖPNV). Their flagship product, AMIS®7, supports multichannel sales, subscription management, ticketing, and customer dialogue platforms. The company has a strong market presence since 1996 and integrates with partner platforms such as mobilityportal® and payment services like Payone. The website reflects a professional and comprehensive digital presence with detailed product information, customer testimonials, and news updates. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security gap. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the security posture is basic and requires urgent improvements to SSL/TLS and security headers to protect user data and enhance trust.