Security Directory

F

Fondazione Bambino Gesù ETS

donaora.it

0

The website donaora.it serves as a fundraising platform for Fondazione Bambino Gesù ETS, a non-profit organization focused on pediatric healthcare support in Italy. The site aims to facilitate donations to support scientific research, medical care, and assistance to children and their families. The business model revolves around charitable giving and donor engagement, targeting individuals interested in supporting pediatric health causes. The organization is mature, with a domain age of 17 years, aligning with its founding date in 2007. Technically, the website employs basic modern web technologies such as Google Tag Manager and Google Fonts, with integration of GestPay for payment processing. However, the site suffers from significant performance issues, including a very slow load time and large page size. Mobile optimization and accessibility are basic, and SEO practices are minimal. The absence of a valid SSL certificate and HTTPS support is a critical flaw, exposing users to security risks. From a security perspective, the website lacks essential protections such as HTTPS, HSTS, DMARC, DNSSEC, and domain protection locks. The presence of exposed sensitive tokens or API keys in the HTML source is a severe vulnerability that could lead to exploitation. No privacy, cookie, or terms of service policies are present, indicating poor privacy compliance. The WHOIS data confirms the domain is mature and consistent with the organization's profile but highlights a high expiry risk and lack of domain locks. Overall, the website's risk profile is elevated due to critical security shortcomings and poor privacy compliance. Strategic improvements in SSL implementation, security headers, privacy policies, and domain management are urgently recommended to enhance trustworthiness and protect donor data.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Gift Voucher Solutions appears to be a small business that previously operated a gift voucher store, which is now discontinued as indicated by the website content. The site serves primarily as a service update and support contact point for customers holding vouchers, directing them to contact the original purchasing company or email support at giftpro.co.uk. The technical infrastructure is minimal, relying on a single external CSS library (Tailwind CSS) and lacking a valid SSL certificate, resulting in no HTTPS support. Performance is slow despite the low resource count, and no analytics or tracking technologies are present. Security posture is weak with no security headers, no DNSSEC, and no SSL certificate, exposing the site to risks and reducing trustworthiness. The domain registration is confirmed but shows no DNS records, which is unusual and suggests the domain is inactive or misconfigured. Overall, the website is accessible but provides only basic information with limited business credibility and poor security and privacy compliance.

F

Five Nines Digital Ltd

try.be

0

Trybe is a specialized SaaS provider offering next-generation bookings and business management software tailored for the spa and leisure industry. The platform targets spa businesses seeking to streamline their booking processes, inventory management, team scheduling, and payment processing. Positioned as a cloud-based, open-API solution, Trybe emphasizes ease of use, integration capabilities, and operational efficiency. The company is UK-based, operating under Five Nines Digital Ltd, and holds ISO27001 certification, reinforcing its commitment to security standards. Technically, the website is built using modern web technologies including React and Gatsby, with Tailwind CSS for styling. Hosting appears to be on AWS infrastructure. While the site is well-designed, mobile-optimized, and rich in content, performance is hindered by slow load times and a high number of resources. SEO and accessibility features are well implemented, contributing to a positive user experience. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data protection. No major vulnerabilities or exposed sensitive data were detected, and the presence of ISO27001 certification and GDPR-compliant privacy policies indicate a mature security posture. However, improvements in SSL/TLS configuration and security headers are urgently recommended. Overall, Trybe presents a professional and credible business offering with strong market positioning in the hospitality sector. The main risk lies in its current SSL/TLS configuration, which should be addressed promptly to ensure secure communications and maintain customer trust.

R

Ryanair

laudamotion.com

0

Laudamotion.com is the official website for Laudamotion, a subsidiary of Ryanair Holdings, operating as a low-cost airline primarily serving European markets. The website serves as a booking platform integrated closely with Ryanair's infrastructure. However, the current HTML content is minimal, showing only a loading spinner, indicating that the full site content is either blocked or not loaded, limiting content and user experience. The technical infrastructure is modern, leveraging AWS hosting, CloudFront CDN, and multiple third-party analytics and marketing tools. Security posture is strong with a valid EV SSL certificate and comprehensive security headers, although HSTS is not fully enabled. Privacy and cookie policies are not visible in the provided content, which is a compliance gap. No contact information or forms are present in the analyzed content, reducing transparency and user trust. Overall, the site demonstrates strong technical and security foundations but lacks accessible content and visible compliance documentation, which impacts user experience and privacy assurance.

G

Grupo Soma

somagrupo.com.br

0

Grupo Soma is a large Brazilian retail group operating a platform of multiple fashion brands including Animale, Farm, and Hering among others. The website serves as a corporate and investor relations portal, providing information about the company, its brands, sustainability efforts, and compliance policies. The target audience includes consumers and investors interested in the fashion retail sector in Brazil. Technically, the website is built on WordPress and uses modern JavaScript libraries and Google Analytics for tracking. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. Security headers are partially implemented but critical TLS protocols and HSTS are missing, reducing the overall security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism via OneTrust. Business credibility is supported by clear brand listings and compliance pages but lacks explicit contact emails or phone numbers on the homepage. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

H

Hopscotch Groupe

hopscotchgroupe.com

0

Hopscotch Groupe is a French communication agency specializing in creative communication and relational capital services. The company targets businesses seeking expertise in public relations, event management, and specialized agency services. The website presents a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress and uses common web technologies such as jQuery, Mapbox, and Google Tag Manager. However, the site lacks HTTPS, which is a critical security vulnerability. Security headers are minimal, and no advanced security frameworks or incident response policies are evident. Privacy compliance is supported by comprehensive privacy and cookie policies with consent mechanisms. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

S

Svalbard Integrated Arctic Earth Observing System

sios-svalbard.org

0

SIOS (Svalbard Integrated Arctic Earth Observing System) is an established international research infrastructure focused on long-term Earth system science measurements in the Svalbard region. The organization operates a mature website providing access to data portals, research infrastructure information, and community resources targeting scientists and researchers in Arctic studies. The website is built on Drupal 10 with modern frontend libraries, offering a good user experience and clear navigation. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to potential risks. Privacy and cookie policies are present and GDPR compliant, reflecting attention to regulatory requirements. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect users and data.

T

The Norwegian Scientific Academy for Polar Research

polar-academy.com

0

The Norwegian Scientific Academy for Polar Research operates a specialized educational and research website focused on polar regions and interdisciplinary scientific challenges. The organization is positioned uniquely as the sole scientific academy dedicated to polar research with a global perspective. The website serves researchers, academics, and students with information about membership, events such as summer schools, publications, and news. Technically, the site is built on the Squarespace platform using standard web technologies including jQuery and Typekit fonts. While the design and content quality are good with consistent branding and clear navigation, the site suffers from a critical security issue: the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is addressed with a cookie banner and a privacy policy page, indicating GDPR awareness. Contact information is clearly provided, including a company email and physical address in Norway. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

T

The Nansen Legacy

arvenetternansen.com

0

The Nansen Legacy website represents a collaborative Arctic research project focused on the Barents Sea and related environmental studies. It serves as an information portal for research activities, team members, publications, and events. The project is supported by multiple Norwegian academic and governmental institutions, indicating a strong presence in the education and research sector. The website targets researchers, early career scientists, and stakeholders interested in Arctic science. Technically, the site is built on WordPress with Elementor and hosted on WordPress.com infrastructure. While the site uses HTTPS and modern web technologies, its performance is slow with a high number of resources loaded. Accessibility and SEO are basic to good, but there is room for improvement in security headers and advanced SSL configurations. Security posture is moderate with valid SSL but lacking HSTS and OCSP stapling. No explicit privacy or cookie policies were found, which is a compliance gap especially under GDPR. Contact information is limited to an email address, with no phone numbers or detailed business registration data visible. Social media presence is active on major platforms. Overall, the site is a credible academic project portal but would benefit from enhanced privacy compliance, improved security headers, and performance optimizations to strengthen trust and user experience.

F

Framsenteret Drift AS

framsenteret.no

0

Framsenteret Drift AS operates as a Norwegian Arctic research center focused on interdisciplinary climate and environmental research of high international standard. The organization collaborates with numerous research institutions and partners, positioning itself as a key player in Arctic research and policy support. The website serves as a platform for disseminating research findings, hosting events, and providing information about ongoing projects and collaborations. The target audience includes researchers, policymakers, environmental stakeholders, and the general public interested in Arctic issues. Technically, the website is built on WordPress with a modern tech stack including jQuery, Font Awesome, and Matomo analytics for privacy-conscious user tracking. The site is well-structured with good SEO metadata and accessibility features, though performance is slow with a load time exceeding 12 seconds. Mobile optimization is good, and navigation is clear and professional. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols are enabled, and advanced security features like OCSP stapling and session resumption are missing. The site does implement HSTS but without HTTPS, this is ineffective. No explicit security or incident response policies are found, indicating gaps in security governance. Overall, the site is trustworthy and professionally maintained with strong business credibility and content quality. However, the lack of HTTPS and security policies significantly lowers its security posture and overall risk profile. Strategic improvements in SSL/TLS deployment and security governance are recommended to enhance trust and compliance.

B

bioCEED

bioceed.no

0

bioCEED is a Norwegian Centre for Excellence in Biology Education focused on developing biology education that integrates scientific knowledge, practical skills, and societal applications. The organization targets biology students, educators, and researchers, providing a range of educational resources, research projects, and student engagement platforms. The website reflects a mature and established educational entity with consistent branding and a good content quality level. Technically, the site is built on WordPress with common plugins and themes but suffers from slow performance and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support represents a major security risk. Privacy compliance is weak, with no visible privacy or cookie policies. Overall, the site is credible but requires urgent security and compliance improvements.

The website at arcex.no is currently inaccessible, returning a 403 Forbidden error page with no accessible content. This prevents any meaningful analysis of the business, policies, or services offered. The domain is registered and hosted on hyp.net nameservers but lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. The technical infrastructure appears minimal with slow load times and no modern security protocols enabled. Due to the lack of accessible content and security controls, the overall risk posture is high, and the site cannot be trusted for secure communications or business interactions at this time.

I

iEarth

iearth.no

0

iEarth is a Norwegian educational center focused on integrated earth science education, fostering innovative and student-centered learning environments. It collaborates with major Norwegian universities and research centers to provide educational resources, events, and research support for future earth scientists. The website reflects a well-structured and professionally branded platform targeting students and educators in the geosciences sector. Technically, the site is built on Webflow with modern technologies including jQuery, Google Analytics, and Weglot for multilingual support. Performance is moderate with some room for optimization. Security posture is basic with HTTPS enabled but lacking advanced features such as HSTS and OCSP stapling, and the SSL certificate is close to expiry. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the domain registration is consistent and mature, supporting the legitimacy of the site.

A

ASDASD srl

fibersurf.it

0

FiberSurf is a small regional Italian ISP specializing in FTTH fiber optic internet services, offering multiple subscription plans with unlimited data and telephone services. The company targets residential and small business customers primarily in the Veneto region. The website provides comprehensive service details, customer testimonials, and contact information, reflecting a professional and customer-focused business model. Technically, the site uses common web technologies such as Bootstrap, jQuery, and tracking tools like Google Analytics and Facebook Pixel, but suffers from slow load times and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture and user trust. Privacy and cookie policies are present and appear GDPR compliant, though no explicit security or incident response policies are found. Overall, FiberSurf presents as a legitimate, small ISP with room for technical and security improvements.

A

ASDASD srl

popwifi.it

0

PopWiFi is a small Italian telecommunications company specializing in wireless internet connectivity and fiber optic services targeted at residential and business customers in select provinces of Italy. The company offers various internet plans with promotional pricing and includes VoIP telephone services as an experimental feature. The website demonstrates a consistent brand presence with customer testimonials and active social media links. Technically, the site uses a modern front-end stack including Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, exposing users to security risks. Privacy and cookie policies are present and appear GDPR compliant, though no explicit consent mechanism is implemented. Overall, the business appears legitimate and regionally focused, but the lack of HTTPS and security headers significantly impacts its security posture.

E

Epiq

epiqglobal.com

0

Epiq is a global leader in legal and compliance services, offering a broad portfolio of solutions including eDiscovery, class action administration, bankruptcy services, and business transformation. The company integrates technology, legal expertise, and process innovation to serve law firms, corporate legal departments, and compliance professionals worldwide. Their website reflects a mature digital presence with extensive content, clear navigation, and a professional design that supports their market position as a trusted partner in legal services. Technically, the site leverages modern web technologies and multiple analytics and marketing tools, indicating a high level of digital maturity. However, the security posture is currently weak due to the absence of a valid SSL certificate and missing security headers, which poses risks to user trust and data protection. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, Epiq demonstrates strong business credibility and digital sophistication but should urgently address critical security gaps to maintain trust and compliance.

D

DLN

dln.com.hk

0

DLN is a well-established architectural and engineering firm founded in 1972 in Hong Kong, recognized for its high-profile projects across Asia and globally. The company specializes in designing skyscrapers and complex building complexes, shaping urban landscapes with a strong market reputation. The website reflects a professional business presence with consistent branding and relevant content targeting clients in the real estate and construction sectors. Technically, the website is built on a custom PHP platform running on an Apache server with older software versions. It uses common web technologies such as jQuery and Bootstrap for frontend responsiveness and styling. However, the website lacks modern security implementations, notably missing HTTPS support and valid SSL certificates, which significantly impacts its security posture. Performance data is unavailable, but the site appears to have basic mobile optimization and SEO practices. From a security perspective, the absence of HTTPS and security headers exposes users to risks such as data interception and man-in-the-middle attacks. No privacy, cookie, or terms of service policies are present, indicating poor privacy compliance. No contact information or incident response channels are provided, limiting user trust and regulatory compliance. The WHOIS data aligns well with the business claims, showing a consistent and legitimate domain registration. Overall, the website demonstrates moderate business credibility and good content quality but suffers from critical security shortcomings and lack of privacy compliance. Strategic improvements in SSL implementation, privacy policies, and security best practices are essential to enhance trust and protect users.

Truckee Donner Public Utility District is a public utility organization providing electric and water services to the Truckee, California community. The website reflects a medium-sized regional utility with a focus on sustainability, customer service, and community engagement. It offers various services including outage alerts, rebates, and conservation programs. The site is built on Vision CMS with AngularJS and jQuery, integrating modern web technologies but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is weak due to missing HTTPS, lack of security headers, and no cookie consent mechanism, which are critical for compliance and user data protection. Business credibility is strong with clear contact information, social media presence, and recognized awards for transparency and financial reporting. Overall, the site is functional and informative but requires urgent security improvements to protect users and comply with best practices.

P

Pontifical North American College

pnac.org

0

The Pontifical North American College is a well-established non-profit educational institution focused on priestly formation and continuing theological education in Rome. The website reflects a mature organization with a clear mission and target audience of American seminarians and priests. The institution maintains a professional online presence with consistent branding and active social media channels. Technically, the website is built on WordPress with common plugins and frameworks such as Bootstrap and WooCommerce, hosted on Amazon AWS infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. No privacy or cookie policies are present, indicating gaps in compliance with modern privacy standards. Security headers and advanced protections are absent, increasing risk exposure. Overall, while the business credibility and content quality are good, the security and privacy compliance require urgent improvements to protect users and enhance trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

Archdiocese of Washington

adw.org

0

The Archdiocese of Washington operates a comprehensive website serving over 667,000 Catholics across Washington, D.C., and surrounding Maryland counties. The site provides extensive information on parishes, schools, faith formation, vocations, social concerns, and community events, positioning itself as a key religious and community resource. The business model is non-profit and community-focused, with a large established presence supported by a mature domain and consistent branding. Technically, the website is built on WordPress with modern plugins and libraries, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of HTTPS and security headers exposes users to potential risks. Privacy policies and terms of service are present but basic, with no cookie consent mechanism detected, indicating partial privacy compliance. Contact information is clearly provided, enhancing business credibility. Overall, the website is functional and content-rich but requires urgent security improvements to protect users and enhance trust.

I

Iglesia Cristiana El Lugar de Su Presencia

supresencia.com

0

Iglesia Cristiana El Lugar de Su Presencia is a medium-sized non-profit religious organization based in Bogotá, Colombia. The website serves as the official digital presence for the church, providing information about services, community groups, children's ministry, radio broadcasting, and donation options. The target audience is primarily Spanish-speaking Christians in Colombia. The organization maintains a multimedia presence including live streaming and social media engagement, supported by several subsidiary domains related to radio, media production, and community outreach. Technically, the website is built on Drupal 7 with common web technologies such as jQuery and Bootstrap, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security shortfall. Privacy policies exist but lack comprehensive GDPR compliance and cookie consent mechanisms. Security headers are partially implemented but TLS protocols and modern security features are missing, exposing the site to potential risks. Overall, the website is functional and professionally presented but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

The website studenteats.com is a domain marketplace landing page hosted by Atom, offering the premium domain StudentEats.com for sale. The business focuses on domain sales, branding contests, and related services targeting startups and businesses in the food and student demographic sectors. The platform provides multiple purchase options including escrow services and highlights strong buyer interest to build trust. Technically, the site uses modern JavaScript frameworks and New Relic for monitoring but suffers from a critical lack of HTTPS and valid SSL certificates, which severely impacts security posture. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is functional and professionally designed but requires urgent security improvements to protect users and enhance trust.

K

Kelly Services Inc.

kellyservices.com

0

Kelly Services Inc. is a global leader in staffing and workforce solutions, connecting job seekers with meaningful employment opportunities and providing companies with expert talent solutions. The company operates a comprehensive website with a strong global presence, offering services such as temporary staffing, managed services, and consulting. The website is professionally designed, well-branded, and targets both job seekers and employers effectively. Technically, the site leverages HubSpot CMS and marketing tools, Cloudflare for CDN, and includes modern JavaScript libraries. However, the SSL certificate is currently invalid, and no modern TLS protocols are enabled, which significantly impacts the security posture. Privacy and cookie policies are present and include consent mechanisms, indicating good privacy compliance. Contact information is clearly provided, including phone numbers and social media links. Overall, the website is credible and trustworthy but requires urgent SSL and TLS configuration fixes to improve security.

Vaticano Imóveis is a well-established real estate agency based in Curitiba, Brazil, with over 30 years of market presence. The company specializes in property sales, rentals, and digital rental services, targeting families and individuals seeking real estate opportunities in Curitiba and surrounding areas. Their business model leverages digital marketing and advanced management strategies to maintain a competitive edge in the local market. The website reflects a professional and consistent brand image with comprehensive service offerings and clear contact channels. Technically, the site is built on the Kenlo CMS platform, utilizing modern web technologies such as Marko.js, Google Tag Manager, and Matomo analytics. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy and cookie policies are well implemented, demonstrating good compliance with data protection regulations. Overall, the site is functional and user-friendly but requires urgent security improvements to meet modern standards.

ETTINGER GmbH is a well-established German family-owned company specializing in fastening technology and electromechanical components, serving industrial and trade customers through a comprehensive B2B online shop. The company offers a wide range of over 25,000 products, including custom manufacturing and special procurement services, with a focus on quality and fast delivery. The website reflects a mature digital presence with professional design, clear navigation, and rich content tailored to its target audience of manufacturers and industrial clients. Technically, the site is built on the Shopware CMS platform, leveraging modern technologies like Algolia for search and Google Tag Manager for analytics. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, exposing users to potential risks and undermining trust. Security headers are partially implemented but ineffective without HTTPS. Privacy and cookie policies are present and compliant with GDPR, including consent mechanisms. The domain registration is consistent and legitimate, with no privacy protection or suspicious patterns, supporting the company's credibility. Overall, while the business and content aspects are strong, immediate attention is required to secure the website with HTTPS to protect user data and enhance trust.

R

Rolls-Royce plc

rolls-royce.com

0

Rolls-Royce plc operates a globally recognized website delivering comprehensive information about its complex power and propulsion solutions across aerospace, defense, and energy sectors. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding consistency. Technically, the site leverages a modern tech stack including Sitecore CMS, Cloudflare CDN, and multiple analytics and marketing tools, although performance is moderate and accessibility is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, despite the presence of strong security headers and a robust content security policy. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is high, supported by detailed corporate governance, investor relations, and trust indicators. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

S

Sia partners

sia-partners.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 23 security findings identified across all modules.

L

Liberty University

liberty.edu

0

Liberty University is a large, well-established Christian university based in Virginia, USA, offering over 700 degree programs across undergraduate, graduate, and doctoral levels both on-campus and online. The website reflects a mature digital presence with comprehensive content, clear navigation, and extensive use of modern web technologies and marketing tools. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security vulnerabilities that expose users to risks and undermine trust. The institution maintains comprehensive privacy and cookie policies with consent mechanisms, indicating good privacy compliance. Overall, while the business and content aspects are strong, the security posture requires urgent improvement to meet modern standards.

A

Ayuntamiento de A Coruña / Concello da Coruña

coruna.es

0

The website coruna.es is the official digital presence of the City Council of A Coruña, Spain, serving as a comprehensive portal for municipal services, citizen engagement, and local government information. It targets residents and visitors, offering access to electronic services, news, events, and administrative procedures. The site is well-branded and consistent with government standards, providing content primarily in Galician with Spanish alternatives. Technically, the site uses a modern tech stack including jQuery, Ionic Framework, FullCalendar, and Leaflet for interactive maps, hosted on an Oracle FutureTense Content Server with CDN support from ZENEDGE. However, performance is moderate to slow, and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS support, which is a critical issue for user trust and data protection. The site implements a robust cookie consent mechanism aligned with GDPR requirements but lacks explicit contact information and security policies. WHOIS data confirms domain legitimacy and consistency with the municipal entity. Overall, the site is functional and professional but requires urgent security improvements to ensure safe user interactions.

The website dewcrisp.com is currently inaccessible due to an account suspension by the hosting provider. The site displays only a minimal 'Account Suspended' page with no business content, services, or detailed company information. The domain is mature, registered since 2008, but the lack of active content and SSL/TLS security severely limits its digital presence and trustworthiness. Technically, the site runs on a LiteSpeed server and uses FontAwesome for icons, but lacks modern security configurations such as HTTPS, HSTS, and security headers. There are no privacy or cookie policies, no analytics or tracking, and minimal contact information limited to a webmaster email. Overall, the site is non-functional for end users and presents significant security and compliance gaps.

A

Aviva plc

aviva.com

0

Aviva plc is a leading diversified insurer headquartered in the United Kingdom, offering a broad range of insurance, wealth management, and retirement services primarily across the UK, Ireland, and Canada. The company targets investors, shareholders, career seekers, and socially conscious individuals, positioning itself as a trusted financial services provider with a strong market presence and extensive subsidiary network. The website reflects a professional and comprehensive corporate portal with rich investor relations content, leadership profiles, and sustainability initiatives. Technically, the website leverages modern JavaScript frameworks, Adobe Experience Manager CMS, and Akamai CDN for content delivery. It integrates advanced analytics and marketing tools such as Adobe Helix RUM and OneTrust for privacy compliance. The site is mobile-optimized, accessible, and SEO-friendly, providing a high-quality user experience. From a security perspective, while several best practices are implemented including CSP, X-Content-Type-Options, and HSTS headers, the SSL certificate is invalid and no TLS protocols are enabled, representing a critical vulnerability that undermines secure communications. No WAF or blocking mechanisms are detected, and privacy policies are comprehensive and GDPR compliant. The domain registration data aligns well with the business claims, indicating high legitimacy. Overall, the website is professional and credible but requires urgent remediation of SSL and TLS issues to ensure secure user interactions and maintain trust.

The website alwazzangrp.com presents minimal content with a simple HTML page last modified in January 2023. The business overview is not discernible from the site as no descriptive or contact information is provided. The site appears to be a placeholder or very basic landing page with no clear business model, target audience, or services detailed. Technically, the site is hosted on a LiteSpeed server, likely on Amazon AWS infrastructure, but lacks modern web technologies, mobile optimization, and SEO best practices. Critically, the site does not implement HTTPS, exposing visitors to security risks and undermining trust. No privacy or cookie policies are present, and no contact or business legitimacy indicators are available. Overall, the site’s digital maturity is low, and it lacks essential security and compliance features.

RTÉ (Raidió Teilifís Éireann) is Ireland's national public service broadcaster, providing television, radio, and online media services primarily to the Irish public. The organization holds a leading market position in the Irish media sector, operating as a large entity with a mature domain registered since 2000. The website is currently inaccessible due to a Cloudflare Turnstile CAPTCHA challenge, which blocks content access and prevents a full analysis of the site's content and policies. The technical infrastructure relies on Cloudflare for security and performance, but the absence of a valid SSL certificate and HTTPS support is a critical security gap. The DNS configuration lacks DNSSEC and has malformed CAA records, further indicating security weaknesses. The website performance is poor with slow load times and minimal content visible due to the security challenge. No privacy, cookie, or terms of service policies are detectable in the accessible content, and no contact information or forms are present. The WHOIS data confirms the domain's legitimacy and maturity, consistent with a well-established national broadcaster. Overall, the security posture is weak, and the site requires urgent improvements in SSL deployment and security header implementation to ensure user trust and compliance.

Z

Zong

zong.com.pk

0

Zong is a leading telecommunications provider in Pakistan, offering a wide range of prepaid, postpaid, business, and value-added services with a strong focus on 4G data coverage. The website reflects a mature digital presence with comprehensive service offerings and a consistent brand aligned with its parent company, China Mobile. Technically, the site uses modern JavaScript libraries and tracking technologies but suffers from critical security shortcomings due to the absence of a valid SSL certificate and HTTPS support. This exposes users to potential risks and undermines trust. Privacy compliance is minimal, with no cookie consent mechanisms or explicit GDPR indicators. Overall, while the business and content quality are strong, the security posture requires urgent improvement to protect users and enhance credibility.

Empresas Polar is a well-established Venezuelan food and beverage company with a mature domain age of 26 years, reflecting its longstanding market presence. The company operates primarily in the food and beverage sector, serving consumers and business partners in Venezuela. However, the website is currently inaccessible due to a Cloudflare security challenge, which prevents direct content analysis and limits visibility into the company's online presence and policies. From a technical perspective, the website relies on Cloudflare for DNS and security services and employs Google's Turnstile captcha for bot mitigation. Unfortunately, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical security deficiency. Performance is poor with slow load times, and no SEO or accessibility optimizations are evident in the accessible content. Security posture is weak due to the absence of HTTPS, missing security headers, and lack of modern TLS protocol support. No privacy, cookie, or terms of service policies are detectable, indicating potential compliance gaps. The WHOIS data is consistent and trustworthy, showing strong domain protection and a reputable registrar. Overall, the site requires significant improvements in security, accessibility, and content availability to meet modern standards. Strategic recommendations include immediate implementation of a valid SSL certificate, enabling HTTPS, enhancing security headers, and improving site accessibility and performance. Additionally, publishing clear privacy and cookie policies and ensuring compliance with GDPR and other regulations will strengthen trust and legal standing.

A

Archdiocese of newark

rcan.org

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 27 security findings identified across all modules.

H

Holy Apostles Catholic Parish

hanb.org

0

Holy Apostles Catholic Parish and School is a well-established non-profit religious and educational organization serving the New Berlin, Wisconsin community since 1855. The website provides comprehensive information about mass times, sacraments, faith formation, community events, and school activities, targeting local parishioners and families. The digital infrastructure is built on the Wix platform, utilizing modern web technologies such as React and various Wix apps for enhanced user experience. However, the site currently lacks a valid SSL certificate, which poses a significant security risk. Additionally, no explicit privacy or cookie policies are present, indicating potential compliance gaps. The domain registration is consistent with the organization's identity and history, enhancing trustworthiness. Strategic improvements in security and privacy compliance are recommended to strengthen the site's overall posture.

W

Wegmans Food Markets

wegmans.com

0

Wegmans Food Markets is a well-established grocery retail company with a strong online presence offering grocery delivery, pickup, pharmacy, meals, and catering services. The website is professionally designed, mobile-optimized, and provides comprehensive content and navigation for its users. Technically, the site leverages modern frameworks such as Next.js and React, hosted on Vercel, and integrates multiple third-party services for analytics, marketing, and user experience enhancements. However, a critical security gap exists as the website lacks a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and legitimate domain registration data.

V

Valkyrie Enterprises

valkyrie.com

0

Valkyrie Enterprises is a defense contractor based in Virginia Beach, Virginia, specializing in mission-ready support services for the Department of Defense, aerospace, and commercial clients. Established in 2007, the company offers a range of services including systems engineering, modeling and simulation, maritime modernization, readiness and sustainment, critical communications, and electronic products. The website reflects a professional presence with consistent branding and a clear focus on its target audience in the government and defense sectors. Technically, the site is built on the Wix platform utilizing modern JavaScript frameworks such as React, but lacks a valid SSL certificate, which is a significant security concern. The absence of privacy and cookie policies indicates a gap in compliance with data protection regulations. Social media presence is active, providing additional trust signals. Overall, while the business appears credible and established, the website's security posture and privacy compliance require urgent improvements to enhance trust and protect user data.

I

IQ Solutions, Inc.

iqsolutions.com

0

IQ Solutions, Inc. is a well-established company founded in 1993, specializing in data-driven solutions to improve quality of life through communications, education, digital technology, and research. The company primarily serves government and healthcare sectors, with a strong market position supported by numerous awards and a large client base. Their website reflects a professional and consistent brand image with comprehensive content targeting public health and social issues. Technically, the site is built on Drupal 10 and integrates modern marketing and analytics tools, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Privacy compliance is basic, with no cookie consent mechanism detected despite the use of tracking scripts. Overall, the business credibility is high, supported by consistent WHOIS data and clear contact information. Strategic improvements in security and privacy compliance are recommended to enhance trust and protect users.

The website recoleta.cl is currently inaccessible due to a Cloudflare security block page preventing content access. The domain is mature, registered since 2001 through NIC Chile, and uses Cloudflare for DNS and security services. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security deficiency. No business, contact, or policy information is available on the landing page, limiting the ability to assess the company's operations or compliance posture. The technical infrastructure relies heavily on Cloudflare, but performance is slow and security configurations are minimal. Overall, the site presents a high security risk due to lack of encryption and blocked content, and no privacy or compliance policies are visible.

D

Diocese of Des Moines

dmdiocese.org

0

The Diocese of Des Moines website serves as the official online presence for the Catholic Diocese in southwest Iowa, providing comprehensive information about its ministries, schools, events, and community services. The site targets the local Catholic community and families interested in faith formation and education. It offers key services such as Catholic schooling, mental health ministry, worship schedules, and charitable giving opportunities. The organization maintains a consistent brand and provides clear contact information, enhancing its credibility as a regional non-profit religious entity. Technically, the website is built on an ASP.NET framework with modern JavaScript libraries like jQuery and uses Google Tag Manager for analytics. The site employs asynchronous script loading and lazy loading for images, indicating a focus on performance and user experience. However, performance data is missing, and the site is rated as slow based on available indicators. Mobile optimization and SEO practices are good, but accessibility is basic. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. While several security headers are present, the absence of HTTPS and weak SSL configuration significantly reduce the site's security posture. There are no visible privacy policies, cookie consent mechanisms, or incident response contacts, indicating compliance gaps with GDPR and other privacy regulations. Overall, the website is functional and professional but requires urgent improvements in security and privacy compliance to protect users and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS, adding privacy and cookie policies, and establishing incident response protocols.

S

SUPER

super-web.es

0

SUPER is a small Spanish technology company specializing in virtual and digital ecosystem solutions targeted at European markets. Their website offers multilingual content and services including virtual expert consultations and technology-related blog posts. The technical infrastructure is based on WordPress with common plugins such as WooCommerce and LayerSlider, supported by Apache server technology. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Privacy and cookie policies exist but lack advanced compliance features such as consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional but requires urgent security improvements to protect user data and build trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

A

Asociación APSA

asociacionapsa.com

0

Asociación APSA is a well-established Spanish non-profit organization focused on providing comprehensive services for individuals with disabilities across various life stages including education, transition to adulthood, adult occupational and residential care, and elderly services. The organization has a mature online presence with a domain registered since 2003 and a consistent brand identity. Their website is built on WordPress using Elementor and related plugins, offering good content quality, clear navigation, and accessibility features. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The organization maintains active social media channels and partnerships with recognized entities, enhancing trust and outreach. Strategic improvements in SSL implementation, security headers, and domain protection are recommended to elevate security and user trust.

L

Landmarc Solutions

landmarcsolutions.com

0

Landmarc Solutions is a well-established service provider specializing in safe and sustainable training solutions for the Armed Forces in the United Kingdom. With over 20 years of experience, the company offers a range of services including training areas and ranges, rural management, project management, facilities management, and MOD event locations. The website reflects a professional and consistent brand image targeting military and government clients. Technically, the website is built on WordPress using Elementor and integrates modern tools such as Cookiebot for privacy compliance and Google Analytics for visitor insights. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support and lack of security headers, which significantly impacts its security posture. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the website is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

A

Abt Global

abtassociates.com

0

Abt Global is a well-established international consulting and social impact organization with over 60 years of history and a large workforce. The company focuses on leveraging data, innovation, and expertise across multiple sectors including health, environment, governance, and economic growth to improve lives worldwide. Their business model centers on providing consulting, technical assistance, and digital solutions to governments, organizations, and communities. The website reflects a professional and comprehensive digital presence with strong branding and relevant content targeting global development stakeholders. Technically, the website is built on Drupal 10 and uses modern JavaScript libraries and marketing/analytics tools such as Google Tag Manager, Google Analytics, LinkedIn Insight Tag, and HubSpot. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Mobile optimization and SEO are good, but accessibility is basic. The hosting appears to be via Fastly CDN. From a security perspective, the absence of a valid SSL certificate and HTTPS is a critical vulnerability, severely impacting the security posture. No security headers or advanced TLS configurations are present, and no incident response or security policies are published. Cookie consent mechanisms are implemented, indicating GDPR awareness, but no terms of service or vulnerability disclosure pages are found. Overall, the security maturity is low and requires urgent improvements. The overall risk assessment highlights the critical need for SSL/TLS implementation to protect user data and improve trust. Strategic recommendations include securing the site with HTTPS, enabling security headers, optimizing performance, and publishing clear security and incident response policies. The business credibility and content quality are strong, but technical and security shortcomings reduce the overall trust score.

S

San Francisco State University

sfsu.edu

0

San Francisco State University is a large public educational institution offering a wide range of undergraduate and graduate programs. The website serves a diverse audience including prospective and current students, faculty, staff, and alumni. It is part of the California State University system and maintains a strong regional presence with comprehensive academic, student life, and community engagement content. The site is built on Drupal 9 and uses modern web technologies such as Bootstrap and Google Tag Manager, reflecting a mature digital infrastructure. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken its security posture. While privacy policies are present, cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent security improvements to protect user data and enhance trust.