Security Directory

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 13 security findings identified across all modules.

A

Agence de Développement et d'Innovation Nouvelle-Aquitaine

accel-na.fr

0

Accel-NA is a regional business accelerator focused on supporting small and medium enterprises (PME) and intermediate-sized enterprises (ETI) primarily in the Nouvelle-Aquitaine and Charente regions of France. The website presents multiple acceleration programs tailored to companies of varying sizes and revenue thresholds, offering structured support, seminars, and workshops to foster business growth. The site includes testimonials, news updates, and partner references, indicating an active engagement with its target audience. Technically, the website is built on WordPress using the Avada theme and Fusion Builder, integrating common web technologies such as jQuery, YouTube embeds, and Matomo analytics. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of modern TLS protocols, resulting in insecure HTTP connections. Security headers and email authentication records are also missing or incomplete, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanism or explicit GDPR indicators. Overall, the website is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

I

Invest in Nouvelle Aquitaine

invest-in-nouvelle-aquitaine.fr

0

Invest in Nouvelle Aquitaine is a regional business support network in France, specializing in assisting companies with their implantation projects in the Nouvelle-Aquitaine region. The organization offers personalized and free services including real estate search, administrative procedures, public funding, and networking with regional experts. The website is built on WordPress using the Avada theme and integrates various plugins for enhanced functionality and user experience. Despite a professional design and good content quality, the site lacks a valid SSL certificate, which impacts its security posture significantly. Additionally, there is no cookie consent mechanism or DMARC record, indicating partial privacy compliance. The presence of Google Analytics and Matomo Tag Manager shows moderate user tracking. Overall, the website serves its business purpose well but requires critical security improvements to enhance trust and compliance.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 10 security findings identified across all modules.

V

Vade

vadesecure.com

0

Vade is a leading enterprise-level cybersecurity company specializing in AI-powered email security solutions, protecting over 1.4 billion mailboxes globally. Their flagship product, 365 Total Protection, integrates advanced AI and machine learning to provide comprehensive protection against phishing, ransomware, malware, and business email compromise, primarily targeting Microsoft 365 and Google Workspace users. The company is recognized as a leader in the cybersecurity market, with strong trust indicators such as G2 awards and a broad partner ecosystem. Technically, the website is built on HubSpot CMS, leveraging Cloudflare CDN and modern web technologies, offering a responsive and professional user experience. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which is a critical vulnerability that must be addressed. Privacy compliance is well managed with clear policies and consent mechanisms. Overall, Vade demonstrates strong business credibility and digital maturity but requires urgent improvements in SSL/TLS configuration to ensure secure communications and maintain trust.

N

Néo Terra - Demain devient possible

neo-terra.fr

0

Néo Terra is a regional government initiative by the Région Nouvelle-Aquitaine focused on accelerating ecological and social transition in the Nouvelle-Aquitaine region of France. The website serves as a platform to promote projects, engage stakeholders, and provide information about the region's ambitions in areas such as natural resources, solidarity, agriculture, economy, mobility, and health. The target audience includes public and private actors, partners, and citizens interested in sustainability and ecological transition. The business model is centered on community engagement and regional support rather than commercial activities. Technically, the website is built on WordPress 6.8.1 using PHP 8.2.28 and the Yootheme theme with UIkit framework. It is hosted on OVH infrastructure. SEO is well implemented with Yoast SEO plugin and structured data (JSON-LD) is used for enhanced search engine understanding. However, performance metrics are missing and the site is likely slow. Mobile optimization is good, but accessibility is basic. From a security perspective, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical issue. No modern TLS protocols or cipher suites are enabled, and several security best practices are missing. The only positive security header is HSTS, but without HTTPS it is ineffective. No explicit security or incident response policies are published. Privacy compliance is good with a clear privacy and cookie policy and GDPR adherence. Overall, the site is functional and professional but has a critical security vulnerability due to missing SSL. Strategic improvements in SSL deployment and security hardening are essential to protect user data and improve trust.

A

Agence Locale Pour la Coopération Européenne (ALPC)

europe-en-nouvelle-aquitaine.eu

0

The website europe-en-nouvelle-aquitaine.eu serves as the official digital presence of the Europe office for the Nouvelle-Aquitaine region in France. It provides comprehensive information and support related to European funding, project submission, and regional development initiatives. The site targets a diverse audience including regional businesses, public entities, associations, and individual beneficiaries seeking European aid and partnership opportunities. The business model is that of a public regional agency facilitating access to European funds and promoting regional cooperation. Technically, the website is built on the Drupal CMS platform, utilizing common web technologies such as Bootstrap, jQuery, Google Fonts, and Google Maps API. While the site is mobile-optimized and offers good navigation and content relevance, its performance is slow with a page load time exceeding 12 seconds. SEO and accessibility are basic but functional. From a security perspective, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS protection. No security headers or DNS security features like DNSSEC or CAA records are implemented. Cookie consent is present, but privacy and security policies are basic. The absence of HTTPS and security headers significantly lowers the security posture, posing risks to user data confidentiality and integrity. Overall, the website is professionally designed and serves its informational purpose well but requires urgent improvements in security infrastructure, especially SSL implementation and security headers. Enhancing performance and accessibility would also benefit user experience and trustworthiness.

T

Thought Machine Group Limited

thoughtmachine.net

0

Thought Machine Group Limited is a leading provider of cloud-native core banking and payments platforms, offering innovative solutions such as Vault Core and Vault Payments. Their technology empowers banks and fintechs worldwide to build flexible, scalable financial products and payment schemes. Recognized as a leader in the 2025 Gartner Magic Quadrant for Retail Core Banking Systems, Thought Machine serves a global clientele including major financial institutions and investors. The website reflects a mature digital presence with comprehensive content, multi-language support, and strong branding. Technically, the site leverages modern web technologies including Webflow CMS, JavaScript libraries, and integrates marketing and analytics tools such as HubSpot, Google Analytics, and LinkedIn Insight. However, the site suffers from a lack of a valid SSL certificate and absence of key security headers, which significantly impacts its security posture. Performance is suboptimal with slow load times and a large number of resources. Security-wise, while no critical vulnerabilities or malware indicators were found, the missing HTTPS and security headers represent a major risk that should be addressed promptly. Privacy compliance is well-handled with a clear privacy policy and cookie consent mechanism via Cookiebot. Contact information is detailed with multiple global office addresses and a contact form, but no direct company emails or phone numbers were found. Overall, Thought Machine's website is professional and content-rich, supporting its position as a trusted technology provider in the finance sector. Addressing the SSL and security header issues would greatly enhance trust and security for visitors and clients.

G

Guidewire Software, Inc.

guidewire.com

0

Guidewire Software, Inc. is a leading enterprise technology company specializing in Property and Casualty (P&C) insurance software and cloud platforms. Founded in 2001 and headquartered in the United States, Guidewire offers a comprehensive suite of products including InsuranceSuite for policy administration, claims management, and billing, as well as InsuranceNow, a cloud-based platform designed for rapid deployment. The company serves a global market with customers in over 40 countries and maintains a strong presence through partnerships, professional services, and an extensive marketplace ecosystem. Guidewire is recognized as a market leader with multiple industry awards and a robust social media presence. Technically, Guidewire's website leverages modern web technologies such as Next.js and React, hosted on Vercel, and managed via Sitecore CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, providing a professional and user-friendly experience. The use of Marketo forms and integration with marketing and analytics tools like Google Tag Manager and Cookiebot indicates a mature digital marketing infrastructure. From a security perspective, the site employs several security headers and enforces HTTPS, although the SSL certificate is currently invalid, which is a critical issue. The absence of full HSTS enforcement and OCSP stapling are areas for improvement. The company provides clear security and privacy policies, including incident response contact information, reflecting a responsible security posture. No major vulnerabilities or exposed sensitive data were detected. Overall, Guidewire presents a strong business and technical profile with excellent content quality and business credibility. The primary risk lies in the SSL certificate status, which should be promptly addressed to maintain trust and security. Strategic recommendations include enhancing SSL management, fully enabling HSTS, and continuing to strengthen privacy compliance and security best practices.

E

economiesuisse

economiesuisse.ch

0

economiesuisse is the leading umbrella organization representing the interests of the competitive, internationally connected, and responsible Swiss economy. The website provides comprehensive information about their advocacy, publications, news, and events targeting Swiss businesses and policymakers. Technically, the site is built on Drupal 10 and integrates modern tools such as Google Tag Manager and Hotjar for analytics and user tracking. However, the site suffers from a lack of a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While cookie consent and privacy policies are well implemented, the absence of security headers and HTTPS reduces trust and security. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

D

Digital et Assurance

digital-et-assurance.com

0

Digital et Assurance is a specialized French media platform focused on delivering weekly curated news, analyses, and interviews related to innovation in the insurance sector and insurtech developments. It operates under the parent company Eficiens and targets insurance professionals and industry stakeholders. The website is built on WordPress, leveraging plugins such as Yoast SEO and Algolia for search functionality, hosted on OVH infrastructure. While the site offers good content quality and user experience with responsive design, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are present but hosted on the parent domain, and contact information relies on a personal email address, which may affect trust. Overall, the site is functional but requires urgent security improvements to protect user data and enhance credibility.

O

Option finance

optionfinance.fr

0

Option Finance is a well-established French financial media company providing news, analysis, and specialized content for finance professionals. The website serves as a hub for multiple partner publications and offers subscription-based premium content, events, and advertising services. Technically, the site is built on TYPO3 CMS and integrates modern marketing and analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, impacting its security posture. Privacy and cookie policies are present with consent mechanisms, reflecting good compliance practices. Overall, the site offers rich, professional content with a strong brand presence but requires urgent security improvements to protect user data and enhance trust.

F

France FinTech

francefintech.org

0

France FinTech is a prominent French fintech association dedicated to supporting and representing the fintech ecosystem in France. The website serves as a hub for news, events, member information, and initiatives such as educational programs and fintech panoramas. It targets fintech companies, investors, and ecosystem stakeholders, positioning itself as a key national player in fintech advocacy and networking. Technically, the site is built on WordPress using the Divi theme, integrating various plugins for content display, social media feeds, and newsletter management. While the site offers good content quality and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS enforcement, which undermines user trust and data security. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy or terms of service policies. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

A

ADI Nouvelle-Aquitaine

adi-na.fr

0

ADI Nouvelle-Aquitaine is a regional development and innovation agency focused on supporting businesses and territories in the Nouvelle-Aquitaine region of France. The organization provides services including innovation support, project financing, business acceleration, and partner networking to foster sustainable economic growth and transitions. The website reflects a strong regional presence with comprehensive content, clear navigation, and multiple trust signals such as testimonials and partner logos. Technically, the website is built on Drupal CMS, served by nginx, and integrates modern JavaScript libraries like Splide.js and Matomo for analytics. The site is mobile-optimized and accessible, with good SEO practices. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, limiting the site's security posture. Security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options are present, but the lack of TLS protocols and HSTS reduces overall security. Privacy compliance is well addressed with visible privacy and cookie policies and a consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

A

Altæ Technopole Niort Deux-Sèvres

altae-technopole.fr

0

Altæ Technopole Niort Deux-Sèvres is a regional innovation and entrepreneurship hub based in the Deux-Sèvres region of France. The organization focuses on catalyzing innovation and supporting startups and entrepreneurs through ecosystem animation, tailored accompaniment programs, and promoting territorial attractiveness. The website is built on WordPress using Elementor and Yoast SEO, with a modern but basic technical infrastructure hosted likely on OVH. While the site offers good content quality and SEO optimization, it lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security gap. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is limited to a contact form, with no explicit emails or phone numbers found. Social media presence includes LinkedIn and YouTube. The site integrates Piwik PRO analytics and uses WP Rocket for performance optimization, though performance data indicates slow loading. Security posture is weak due to missing HTTPS and lack of security headers. Strategic recommendations include implementing HTTPS, enabling modern TLS protocols, adding security headers, and improving privacy compliance. Overall, the site is functional and professional but requires significant security improvements to meet modern standards.

The website medef79.fr serves as a minimal event landing page for Medef's 2025 event invitation validation, currently displaying a message that the event has ended. The site lacks substantive business information, contact details, or interactive features, indicating a very limited digital presence. Technically, the site is hosted behind Cloudflare DNS but does not have a valid SSL/TLS certificate, resulting in HTTP-only access which severely impacts security posture and user trust. The absence of privacy, cookie, and terms policies further reduces compliance with GDPR and other regulations. Security headers and best practices are not implemented, exposing the site to potential risks. Overall, the website's technical and content maturity is low, with significant room for improvement in security, compliance, and user experience.

F

Finance Innovation

finance-innovation.org

0

Finance Innovation is a French competitive cluster established in 2007, focused on supporting financial startups and innovation. It operates as a membership and partnership network with over 600 members, including startups, large companies, and SMEs. The organization provides services such as visibility, networking, fundraising assistance, and event organization, positioning itself as a leader in the French fintech ecosystem. The website reflects a mature digital presence with structured data, SEO optimization, and multilingual support. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which critically impacts security posture. Despite these issues, the site maintains good privacy compliance with clear cookie consent mechanisms and comprehensive privacy policies. The business credibility is reinforced by government affiliations and a strong partner ecosystem.

P

PLANETE CSCA

planetecsca.fr

0

PLANETE CSCA is a professional syndicate representing insurance brokers in France, providing advocacy, legal assistance, training, and operational tools to its members. The website is well-structured, content-rich, and targets insurance professionals and brokers. Technically, it is built on WordPress with modern technologies such as PHP 8.3, Apache, and integrates SEO and search optimization tools like Yoast SEO and Algolia. The site uses HTTPS with TLS 1.3 and 1.2 protocols, but lacks some advanced SSL security features such as HSTS and OCSP stapling. Privacy and cookie policies are present with consent mechanisms, indicating good GDPR compliance. Contact information is available primarily through a contact page, with no direct emails or phone numbers exposed. Social media presence is active, enhancing trust and engagement. Overall, the site demonstrates a good balance of business professionalism, technical implementation, and security posture.

E

Eficiens

eficiens.com

0

Eficiens is a specialized digital agency focused on the insurance sector, providing services such as website creation and redesign, UX design for insurance quote and subscription journeys, maintenance, email marketing, and digital advertising. The company holds a strong market position in France as a leading digital agency dedicated to insurance and related financial services. Their client portfolio includes major insurance and mutual companies, supported by positive client testimonials and a high customer satisfaction rating. Technically, the website is built on WordPress with modern JavaScript libraries and SEO optimizations, but lacks a valid SSL certificate, which is a critical security gap. The absence of HTTPS and security headers exposes the site to potential risks and undermines user trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site demonstrates professional design and content quality but requires urgent security improvements to align with best practices.

The website newsassurancespro.com is currently inaccessible beyond a Cloudflare security challenge page, which blocks access to any substantive content. As a result, no business information, privacy policies, or contact details are available for analysis. The site uses Cloudflare for security and hosting, with a valid SSL certificate but lacks advanced SSL configurations such as HSTS or DNSSEC. The presence of Cloudflare's managed challenge indicates a strong security posture at the perimeter but prevents content inspection. No metadata, forms, or external business links are present in the accessible content. Overall, the site appears to be in a protected state, but this limits the ability to assess its business model, compliance, or user experience.

The website swissre.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that blocks direct access to the actual content. As a result, no business descriptive content, metadata, or contact information is available for detailed analysis. The domain is associated with the finance sector, likely representing a large enterprise given the domain and DNS configuration. The technical infrastructure leverages Cloudflare for security and hosting, with strong security headers and a valid SSL certificate indicating a good security posture. However, DNSSEC is not enabled, and no public security or privacy policies are detectable in the served content. The website employs Cloudflare Insights for minimal analytics tracking. Overall, the site is well protected but currently inaccessible for content and compliance evaluation due to the WAF challenge.

G

GFT Technologies SE

gft.com

0

GFT Technologies SE is a global technology company specializing in digital transformation and IT modernization services, primarily serving the banking, insurance, and manufacturing sectors. The company leverages advanced technologies such as cloud computing, AI, blockchain, and IoT to deliver innovative solutions that help enterprises stay competitive. Their strong partner ecosystem includes major cloud providers and fintech innovators, reinforcing their market position. Technically, the website is built on modern frameworks like Vue.js and managed via Magnolia CMS, with integrations for analytics and consent management tools such as Google Tag Manager, Microsoft Clarity, and Cookiebot. While the site is mobile-optimized and well-structured for SEO and accessibility, performance metrics were not available. The hosting is supported by Fastly CDN, ensuring global content delivery. From a security perspective, the site implements several best practices including a Content Security Policy, secure cookie flags, and security headers. However, the SSL certificate is invalid or missing, and modern TLS protocols are not supported, which significantly impacts the security posture. No explicit security policy or incident response information is publicly available, and no vulnerability disclosure or security.txt file was found. Overall, the website presents a professional and trustworthy image with comprehensive privacy and cookie policies, but the lack of valid SSL and modern TLS support are critical issues that should be addressed promptly to improve security and user trust.

W

Wevioo

wevioo.com

0

Wevioo is an international consulting company specializing in digital transformation, IoT, and innovation, serving major clients in banking, insurance, industry, logistics, and public sectors. The website is built on Drupal 8 and hosted on OVH infrastructure, leveraging modern web technologies such as Bootstrap and jQuery. While the site offers good content quality, clear navigation, and social media integration, it critically lacks HTTPS support, exposing visitors to security risks. The presence of cookie consent and privacy policies indicates some GDPR compliance, but absence of terms of service and security policies reduces overall trust. Strategic improvements in security posture and SSL implementation are essential to enhance user trust and compliance.

D

DARVA

darva.com

0

DARVA is a French software platform editor specializing in innovative service platforms that connect insurers, their partners, and clients across automotive, habitation, and health insurance sectors. The company offers a suite of solutions including claims management platforms, electronic invoicing, contract termination solutions, and partner network creation tools. DARVA maintains a medium-sized presence with a consistent brand and a strong client base in the insurance industry. Technically, the website is built on WordPress with modern SEO and privacy tools such as Yoast SEO and Cookiebot, and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to risks and undermining trust. The DNS configuration shows partnerships with email security providers like Vade Secure and Oodrive. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, DARVA presents a professional and trustworthy online presence but must urgently address its SSL/TLS deficiencies to improve security posture and user trust.

S

Stelliant

stelliant.com

0

Stelliant is a large French company specializing in comprehensive insurance-related services including risk prevention, expertise, client relations, post-claim solutions, crisis management, and innovation through dedicated campuses and labs. With approximately 3000 employees, it positions itself as a major player offering agile and personalized services to insurance professionals and clients. The website is built on WordPress with modern plugins and SEO optimizations, providing a professional and user-friendly experience with clear navigation and multilingual support. However, the technical infrastructure shows weaknesses in security, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts the security posture. Security headers are partially implemented but insufficient to compensate for the missing TLS security. Privacy compliance is weak, with no visible privacy or cookie policies and no GDPR compliance indicators. Contact information is available via email and contact forms, and social media presence is established on major platforms. Overall, the site is functional and professional but requires urgent improvements in security and privacy compliance to meet modern standards.

I

innovAARE AG

parkinnovaare.ch

0

innovAARE AG operates the Park Innovaare, a high-tech innovation and industrial park in Switzerland focused on accelerating deep-tech research and commercialization. The park provides modern office, laboratory, and specialized research spaces, along with community and networking services to startups, SMEs, and R&D departments. The website is professionally designed, content-rich, and well-structured, targeting innovation ecosystem participants. Technically, the site uses TYPO3 CMS with modern frontend libraries and is hosted by cyon AG. However, a critical security gap is the lack of HTTPS/SSL, exposing users to risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Business credibility is strong with clear contact details and legal information.

Switzerland Innovation Park Biel/Bienne AG is a private Swiss non-profit organization focused on applied research and development, bridging the gap between research and industry. It operates as part of the Switzerland Innovation Foundation network, promoting innovation, startups, and research investment in Switzerland. The website is professionally designed using WordPress and Elementor, showcasing multiple research centers, projects, and partnerships. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The overall security posture is basic with room for significant improvement in SSL/TLS configuration and security headers.

S

Switzerland Innovation Park Basel Area AG

sip-baselarea.com

0

Switzerland Innovation Park Basel Area AG operates a comprehensive innovation hub and coworking space platform focused on healthcare, life sciences, and technology sectors in Switzerland. The company provides flexible workspace solutions including ready-made offices, coworking spaces, lab spaces, and customizable workspaces tailored to startups, SMEs, and research institutions. Positioned as a key player in the Basel Area innovation ecosystem, it supports collaboration and growth through community building and event hosting. Technically, the website is built on WordPress with modern plugins and tracking tools, but lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. The site is professionally designed with excellent content quality and user experience, though performance data is limited. Security weaknesses include missing HTTPS, HSTS, DMARC, DNSSEC, and vulnerability disclosure mechanisms, which should be prioritized to improve trust and compliance. Overall, the business demonstrates strong market positioning and digital maturity but requires urgent security enhancements to protect user data and maintain credibility.

U

UserScape

laracon.net

0

Laracon Online is a prominent digital event focused on the Laravel web framework community, produced by UserScape and Laravel News. It offers free streaming of new talks and keynotes from influential Laravel figures, targeting developers and enthusiasts worldwide. The website is professionally designed with excellent content quality and clear navigation, supporting community engagement through partnerships and viewing parties globally. Technically, the site uses modern frontend technologies and is hosted behind Cloudflare, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Security headers are present, but the absence of TLS protocols and HSTS reduces the security posture. Privacy and cookie policies are missing, and no direct contact information is provided, limiting compliance and user trust aspects. Overall, the site is functional and credible but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

T

Thermostat

thermostat.io

0

Thermostat.io is a specialized SaaS provider offering Net Promoter Score (NPS) survey software designed to simplify customer satisfaction measurement through one-question surveys. The company targets businesses, particularly SaaS and e-commerce, seeking actionable customer feedback with flexible survey administration methods including email, popup, link, and API. The website demonstrates a professional and consistent brand presence with clear pricing tiers and a 30-day money-back guarantee, positioning itself as a trustworthy niche player in the customer feedback software market. Technically, the site leverages modern frontend frameworks such as Alpine.js and Livewire, is hosted behind Cloudflare with a valid SSL certificate and strong security headers, and integrates with third-party services like Zapier and Fathom Analytics for marketing and analytics. However, privacy compliance is basic, with no cookie consent mechanism and a privacy policy hosted on a third-party domain. Security posture is good but could be improved with DNSSEC, CAA records, and published incident response policies. Overall, the website is well-implemented, secure, and credible but would benefit from enhanced privacy and security transparency.

U

UserScape, Inc.

helpspot.com

0

HelpSpot, operated by UserScape, Inc., is a specialized help desk software provider focused on transforming chaotic email support into an efficient, unified system. Established in 2005, the company targets businesses and organizations that require streamlined customer support solutions. Their offerings include email ticketing, automation, reporting, and self-service portals, available as both cloud-hosted and on-premise deployments. The website demonstrates strong branding, comprehensive content, and a professional user experience, positioning HelpSpot as an affordable and customizable alternative in the help desk software market. Technically, the site uses modern web technologies such as Alpine.js, Livewire, and Cloudflare CDN, hosted on AWS infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation significantly impacts the security posture. Security headers are present, but critical TLS protocols and encryption are missing, exposing the site to potential risks. Privacy compliance is supported by a comprehensive privacy policy and terms of service, though cookie consent mechanisms are not evident. Overall, while the business and technical maturity are solid, the lack of HTTPS is a critical vulnerability that must be addressed to ensure trust and security.

P

PowerDNS

powerdns.com

0

PowerDNS is a well-established provider of secure open-source and commercial DNS software solutions, targeting large-scale DNS service providers such as mobile operators, broadband providers, enterprises, and hosting companies. The company emphasizes stability, security, and performance, boasting a decade without a Severity 1 support case. Their offerings include DNS resolving, infrastructure DNS, parental controls, malware protection, and DNS solutions tailored for 5G networks. The website is professionally designed, content-rich, and well-branded, with active blog updates and case studies highlighting partnerships with major industry players. Technically, the site uses HubSpot CMS, Cloudflare CDN, and modern web technologies, but suffers from a critical security issue due to an invalid SSL certificate and lack of modern TLS protocol support. Security headers and policies are well implemented, but the absence of a cookie consent mechanism and visible contact information slightly reduce privacy compliance and user trust. Overall, the site demonstrates a strong market position and technical maturity but requires urgent SSL and privacy improvements.

L

Lander Systems

landersystems.com

0

Lander Systems is a technology company specializing in developing software products that automate, integrate, and streamline business workflows. Their product suite includes ActivitySource, Cloudfuse, Momentum, and Forms, targeting businesses seeking to improve operational efficiency. The website is built on modern web technologies including React and Next.js, hosted on Vercel and served via Cloudflare CDN. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism or terms of service. Contact information is limited to a web form without direct emails or phone numbers. Overall, the site presents a professional image but requires urgent security improvements to protect user data and enhance trust.

The website roomies.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content, including business descriptions, policies, or contact information. The SSL configuration is valid and secure with HSTS enabled, indicating good baseline security practices at the infrastructure level. However, the lack of accessible content and metadata severely limits the ability to assess the business model, technical maturity, or compliance posture. The website performance is poor due to the challenge page load time, and no privacy or security policies are visible. Overall, the site is effectively blocked from analysis, resulting in a low AI score and limited insights.

B

Bifrost Technology, LLC

nativephp.com

0

NativePHP, operated by Bifrost Technology, LLC, is a technology company focused on enabling PHP and Laravel developers to build native desktop and mobile applications using familiar tools. The website positions itself as a niche provider in the cross-platform native app development space, supported by a community and corporate sponsors. Technically, the site uses modern frontend technologies such as Alpine.js, GSAP, Livewire, and Tailwind CSS, hosted behind Cloudflare. However, the site suffers from a critical security issue: it lacks a valid SSL certificate and does not support HTTPS, which severely impacts its security posture. Privacy and cookie policies are absent, and no direct contact information is provided, which may affect compliance and user trust. Overall, the site is professionally designed with excellent content quality and user experience but requires urgent security and compliance improvements.

U

URL Networks

url.net.au

0

URL Networks is an Australian telecommunications provider specializing in business telephony and internet services, including hosted cloud PBX, SIP trunking, and various internet connectivity plans. The company positions itself as a trusted provider for businesses seeking stress-free telecommunications solutions. Their website is built on WordPress with modern plugins and tools, targeting Australian business customers with a focus on cloud and virtualized telephony services. The site includes detailed service descriptions and multiple contact channels, including phone, email, and social media. Technically, the website uses a WordPress CMS with Elementor, Yoast SEO, and several marketing and analytics tools such as Google Tag Manager and Chatlio live chat. Hosting appears to be on AWS infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Performance data is missing, and no cookie consent mechanism is present, indicating limited privacy compliance. Security posture is weak due to the absence of HTTPS, no security headers, and no modern TLS protocols enabled. While no active vulnerabilities like Heartbleed or POODLE are detected, the lack of encryption exposes users to significant risks. Privacy policy is present and comprehensive but GDPR compliance is uncertain due to missing cookie consent. Incident response and security policies are not published. Overall, the website is functional and professionally designed but requires urgent security improvements, especially enabling HTTPS and implementing security best practices. Privacy compliance should be enhanced with cookie consent mechanisms. Business credibility is supported by clear contact information and social media presence, but security gaps reduce trustworthiness.

The website tixel.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page employing Turnstile captcha verification. This prevents access to any substantive content, metadata, or business information. The SSL configuration is valid and strong with HSTS enabled, but DNS security features like DNSSEC and CAA are not enabled. No privacy, cookie, or terms of service policies are detectable, nor is any contact information or structured data present. The site uses Cloudflare as a hosting and security provider, with external dependencies on Google mail services and marketing tools such as Sendinblue and Facebook tracking pixels. Performance is poor due to the challenge page, and no SEO or accessibility optimizations are evident. Overall, the site’s security posture is good in terms of SSL and HSTS but lacks DNS security and transparency policies. Due to the WAF blocking, the analysis is incomplete and scores are heavily penalized.

C

ClickHouse, Inc.

clickhouse.com

0

ClickHouse, Inc. operates a leading open-source column-oriented OLAP database management system designed for real-time analytical data processing using SQL queries. The company offers both open-source software and managed cloud services across major cloud platforms including AWS, GCP, and Azure. Their market position is strong, supported by a large developer community and enterprise customers such as Meta, Microsoft, and Spotify. The website demonstrates excellent content quality, professional design, and comprehensive resources targeting developers and enterprises requiring scalable real-time analytics solutions. Technically, the site uses modern frameworks like Next.js and React, with Cloudflare CDN for hosting and performance optimization. Security headers are well implemented, but the SSL/TLS configuration is currently inadequate, lacking valid certificates and modern protocols. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Contact information is primarily via forms, with no direct emails or phone numbers publicly listed. Overall, the website is professional and trustworthy but should improve SSL/TLS security to enhance user trust and security posture.

N

Nucleus

nucleus.com.au

0

Nucleus is a small Australian creative agency specializing in branding, design, digital communications, video production, and strategic marketing services. The company operates primarily in the media sector with offices in Adelaide and Melbourne, targeting businesses seeking comprehensive creative solutions. Their website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the site leverages modern web technologies including Google Analytics, LinkedIn Insight, Vimeo embeds, and Cloudflare hosting, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enabled and CSRF protections, though improvements such as HSTS and cookie consent mechanisms are recommended. Privacy compliance is basic with a privacy policy present but lacking detailed GDPR adherence indicators. Overall, the site is functional, trustworthy, and professionally maintained, scoring well across content, technical, and business credibility metrics.

I

Institut Polytechnique de Paris

ip-paris.fr

0

Institut Polytechnique de Paris is a leading French higher education and research institution that unites five prestigious engineering schools to deliver world-class science and technology education. The website reflects a strong focus on education, research, innovation, and entrepreneurship, targeting students, researchers, entrepreneurs, and companies. The digital infrastructure is built on Drupal 10 with modern PHP and includes integrations for analytics and consent management. However, the security posture is weakened by the absence of a valid SSL certificate and proper HTTPS configuration, which is a critical vulnerability. Privacy compliance is well addressed with clear cookie management and privacy policies. Overall, the website is professionally designed, content-rich, and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 8 security findings identified across all modules.

N

Niort Numeric

innn.fr

0

The website innn.fr represents Niort Numeric's flagship event focused on digital innovation, InsurTech, and risk management, held in Niort, France. It serves as a platform for networking, showcasing startups, and hosting conferences, targeting professionals and decision-makers in the insurance and technology sectors. The site is well-branded, content-rich, and optimized for SEO with structured data and social media integration. Technically, it is built on WordPress with modern JavaScript libraries for UI components and uses OVH as the hosting provider. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. The site implements cookie consent via Piwik PRO, indicating good privacy compliance practices. Overall, the site is professional and functional but requires urgent security improvements.

U

UserScape, Inc.

userscape.com

0

UserScape, Inc. is a small technology company founded in 2005 that specializes in developing software products such as HelpSpot (help desk software), LaraJobs (Laravel job board), and Thermostat (NPS survey software). They are deeply embedded in the Laravel PHP community, organizing official conferences and job boards, positioning themselves as a niche player with a strong community focus. The website reflects a professional and consistent brand with good content quality and clear navigation, targeting businesses and developers within the Laravel ecosystem. Technically, the website uses modern frontend technologies including Tailwind CSS and ES modules, hosted behind Cloudflare. However, the site suffers from a lack of a valid SSL certificate and does not support HTTPS, which is a critical security flaw. Performance is moderate, and mobile optimization is good, but accessibility and SEO optimizations are basic. No CMS or advanced analytics tools were detected. From a security perspective, while email security is well configured with SPF and DMARC policies, the absence of HTTPS, security headers, and other best practices significantly lowers the security posture. No incident response or security policy information is available, and no cookie or privacy consent mechanisms are implemented, indicating gaps in privacy compliance. Overall, the site is functional and professional but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect user data.

P

Pix

pix.org

0

Pix.org is a multilingual website offering localized content primarily in English and French, including regional variants for Belgium and France. The site appears to be an educational or informational platform branded as 'Pix', targeting a broad audience seeking language-specific access. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js and a headless CMS (Prismic), with analytics provided by Matomo and Plausible. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which critically undermines user trust and data protection. Additionally, no privacy, cookie, or terms of service policies are present, indicating poor compliance with data protection regulations. The website's performance is slow, and DNS configurations reveal misconfigured CAA records and lack of DNSSEC. Overall, while the site demonstrates modern technical choices and multilingual support, its security posture and privacy compliance require urgent improvement to meet industry standards and user expectations.

S

Switzerland Innovation

switzerland-innovation.com

0

Switzerland Innovation is a Swiss innovation park ecosystem that facilitates collaboration between companies, startups, and universities to accelerate the transformation of research into marketable products and services. It holds a leading position in the Swiss innovation landscape, offering access to world-class research institutions and a broad range of support services. The website is built on Drupal 10 and integrates modern web technologies and marketing tools such as Google Analytics and HubSpot. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. The site features comprehensive cookie consent mechanisms and clear contact information, supporting good privacy compliance. Overall, the website presents a professional and trustworthy image but requires urgent improvements in security infrastructure.

O

Open-Xchange

open-xchange.com

0

Open-Xchange is a leading global provider of open and trusted software solutions primarily focused on email platforms for service providers, telcos, and hosters. With over 220 million users, it holds a strong market position as the largest independent email provider worldwide. Their product portfolio includes cloud and on-premises email solutions, DNS products, and IMAP server platforms, targeting enterprise and public sector customers. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation.

M

Mantu

mantu.com

0

Mantu is a global consulting platform focused on providing guidance and services to businesses and entrepreneurs worldwide. With a large and diverse workforce spread across multiple continents, Mantu positions itself as a collaborative network of brands delivering transformative business solutions. The website reflects a professional and well-structured digital presence, leveraging WordPress CMS with modern tools such as Elementor and WP Rocket to optimize user experience and performance. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken the site's security posture. While DNS records show good email authentication practices with SPF and DMARC, the lack of security headers and modern TLS protocols exposes the site to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy, but no cookie consent mechanism was detected. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

E

EnviDat

envidat.ch

0

EnviDat is a specialized open-source platform dedicated to environmental research data management and publication, primarily serving researchers affiliated with Swiss institutions such as the Swiss Federal Institute for Forest, Snow and Landscape WSL and the ETH Domain. The platform supports FAIR data principles and integrates with major international data repositories to enhance data discoverability and reuse. Technically, the website employs modern JavaScript frameworks like Vue.js and Vuetify, but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS, absence of security headers, and no evident incident response or vulnerability disclosure policies. Privacy compliance is partial, with a cookie consent banner present but no explicit privacy policy found. Overall, the site is professional and trustworthy in content but requires significant improvements in security and privacy compliance to meet modern standards.

MeteoSchweiz is the Swiss Federal Office for Meteorology and Climatology, providing authoritative weather forecasts, climate monitoring, and natural hazard warnings for Switzerland. As a government agency, it holds a strong national market position and offers key services including meteorological data, public information, and specialized applications for weather and climate. The website is professionally designed, content-rich, and targets both the general public and specialized users such as government bodies and meteorology professionals. Technically, the site uses modern web technologies and is hosted via Google infrastructure, with good performance and accessibility features. However, a critical security issue is the lack of a valid SSL certificate and disabled TLS protocols, which undermines secure HTTPS access. Security headers and content policies are well implemented, but the absence of cookie consent mechanisms and some advanced security features reduces privacy compliance. Overall, the site is trustworthy and authoritative but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

W

WSL Institute for Snow and Avalanche Research SLF

whiterisk.ch

0

White Risk is a comprehensive avalanche prevention platform developed and published by the WSL Institute for Snow and Avalanche Research SLF in partnership with Suva and the Swiss Red Cross. It offers a suite of modules including avalanche knowledge resources, e-learning lessons, tour planning tools, and presentation software aimed at winter mountain tour participants and avalanche educators. The platform is well-established in the Swiss market and provides valuable educational and safety services. Technically, the website is built on a modern Angular framework with rich interactive content and multimedia integration, supporting both web and mobile platforms. However, the current lack of a valid SSL certificate and HTTPS implementation is a critical security weakness that undermines user trust and data protection. Privacy and legal compliance are well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to meet modern standards.