Security Directory

A

Arvato SE

arvato.com

0

Arvato SE is a global enterprise specializing in third-party logistics (3PL), supply chain management, and digital logistics solutions. The company serves a diverse range of industries including e-commerce, B2B, and transportation, offering services such as warehousing, fulfillment, transport management, and digital customer experience solutions. Their market position is strong with a broad international footprint and multiple regional subsidiaries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed service descriptions. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from slow load times and lacks a valid SSL certificate, impacting security posture. Security-wise, the absence of HTTPS and security headers are critical issues, though cookie consent and privacy compliance are well implemented. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

B

BMG Rights Management GmbH

bmg.com

0

BMG Rights Management GmbH operates as a global music publishing and record company, providing a broad range of services to music creators including publishing, recordings, and sync licensing. Positioned as a longtime home for artists and songwriters, BMG leverages a global network combined with innovative technology to empower its clients. The company is a division of the global media conglomerate Bertelsmann, indicating a strong market presence and enterprise scale. The website reflects a professional and consistent brand image targeting music industry professionals and creators. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and a consent management platform to comply with privacy regulations. However, the hosting infrastructure appears to be Google Cloud Storage with DNS managed by Arvato Systems. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

R

RTL Group

rtlgroup.com

0

RTL Group is a major European entertainment company with a broad portfolio of TV channels, streaming services, radio stations, and content production subsidiaries. The company is publicly traded and majority owned by Bertelsmann, with a strong market position in multiple European countries. The website presents comprehensive business information, investor relations, career opportunities, and corporate responsibility content, reflecting a mature and professional digital presence. Technically, the site uses nginx and a custom CMS, with Google Tag Manager for analytics. However, a critical security weakness is the lack of a valid SSL certificate and absence of HTTPS, which severely impacts the security posture. Privacy and cookie policies are not explicitly found, though a consent mechanism is present. Overall, the site is well-designed and content-rich but requires urgent security improvements.

B

Bertelsmann SE & Co. KGaA

bertelsmann.com

0

Bertelsmann SE & Co. KGaA is a leading international media conglomerate headquartered in Germany, operating through multiple divisions such as RTL Group, Penguin Random House, BMG, and Arvato Group. The company provides a wide range of media, publishing, entertainment, and service offerings targeting journalists, investors, applicants, and the general public. The website reflects a mature digital presence with comprehensive corporate, investor, and media information, supported by strong branding and consistent content quality. Technically, the site uses established technologies like jQuery, Bootstrap, and Cookiebot for consent management, hosted on AWS CloudFront CDN. However, the absence of a valid SSL/TLS certificate and disabled HTTPS protocols represent critical security gaps. Security headers and content security policies are implemented but cannot compensate for the lack of HTTPS, which is essential for protecting user data and trust. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

B

Bertelsmann

createyourowncareer.de

0

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

R

Roca Sanitario S.A.U.

roca.com

0

Roca Sanitario S.A.U. is a global leader in bathroom products with a presence in over 170 countries. The company offers a wide range of innovative, sustainable bathroom solutions targeting both consumers and professionals. Their website reflects a mature digital presence built on Liferay DXP, featuring rich content including product collections, professional resources, and corporate information. The site is well-branded and professionally designed, with good navigation and mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user trust and data security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via forms and social media, with no direct emails or phone numbers exposed. Overall, the website is functional and credible but requires urgent security improvements to protect users and enhance trust.

L

Landitec GmbH

landitec.com

0

Landitec GmbH is a medium-sized German company specializing in high-quality, flexible, and high-performance appliance solutions and services for the B2B sector. They focus on customized IT security appliances and software solutions, including network hardware, edge AI, 5G, and industrial applications. The company holds a strong market position as an OPNsense Platinum Partner and collaborates with notable partners such as SECUDOS and Barracuda. Their offerings include both hardware and software appliances, tailored to customer needs from initial concept to final product delivery. Technically, the website is built on Joomla CMS with the Helix Ultimate framework, utilizing modern libraries like jQuery and Bootstrap. The site is well-structured, mobile-optimized, and includes SEO best practices. However, the absence of a valid SSL certificate and HTTPS significantly impacts their security posture. Security headers are partially implemented, and cookie consent mechanisms are in place, indicating good privacy compliance. Analytics usage is moderate, primarily via Google Analytics and Tag Manager. Security-wise, the lack of valid HTTPS is a critical issue that lowers the overall security score. Other security best practices such as HSTS, OCSP stapling, and session resumption are not implemented. No explicit security policy or incident response information is found. The company provides clear contact information and maintains a professional online presence, but should prioritize securing their website with valid SSL certificates to enhance trust and compliance. Overall, Landitec GmbH presents a professional and credible business with solid technical infrastructure but requires urgent improvements in security configuration to meet modern standards and ensure customer trust.

X

XING

prescreen.io

0

The website prescreen.io redirects or is represented by recruiting.xing.com, a platform operated by XING, a subsidiary of NEW WORK SE. The site offers the onlyfy Bewerbungsmanager, a comprehensive talent acquisition and applicant tracking solution designed for companies seeking to modernize and streamline their recruiting processes. The platform integrates active and passive sourcing, multiposting, social media campaigns, and detailed reporting to support holistic recruiting workflows. Technically, the site is built on WordPress with modern front-end frameworks like Bootstrap and jQuery, hosted on AWS infrastructure. While the site demonstrates good SEO, structured data usage, and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact its security posture. Privacy compliance is well addressed with visible privacy and cookie policies and consent management via Usercentrics. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and maintain trust.

S

SIDN fonds : een sterk internet voor iedereen

sidnfonds.nl

0

SIDN fonds is a Dutch non-profit organization dedicated to supporting innovative internet projects that contribute to a safer and more inclusive internet. With over 400 projects funded since 2015, it holds a strong position within the Dutch internet community, focusing on themes such as cybersecurity, digital accessibility, and public values. The website provides comprehensive information about its mission, funding opportunities, and supported projects, targeting innovators and organizations involved in internet initiatives. Technically, the website is hosted on Google Cloud infrastructure using OpenResty as the web server. It employs a robust Content Security Policy and integrates multiple analytics and marketing tools including Piwik PRO and Google Analytics. The site is mobile-optimized with good accessibility and SEO practices. However, a critical security gap is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the security posture. Security-wise, while several security headers are implemented, the lack of HTTPS and disabled TLS protocols expose the site to risks such as data interception and man-in-the-middle attacks. No explicit security or incident response policies are published, and no vulnerability disclosure mechanisms are evident. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the site is professionally designed and content-rich but requires urgent improvements in SSL/TLS deployment to enhance security and trustworthiness. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security headers to protect users and data effectively.

X

Xanadu

xanadu.ai

0

Xanadu is a Canadian quantum computing company focused on developing photonic quantum hardware and quantum software tools such as PennyLane and Catalyst. The company positions itself as an innovator in scalable, networked, and modular quantum computers, targeting researchers, developers, and enterprises interested in quantum technologies. Their partnerships with major automotive companies like Volkswagen and BMW highlight their industry collaborations and market relevance. Technically, the website is built on modern frameworks like React and Gatsby, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of security headers, and no advanced TLS configurations. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

V

Valmet

valmet.com

0

Valmet is a global enterprise specializing in technologies, services, and automation solutions for the pulp, paper, tissue, and energy industries. The company positions itself as a reliable technology partner with a comprehensive offering that supports customers' performance improvements. The website reflects a mature digital presence with multi-language support, detailed industry-specific content, and extensive navigation structures. Technically, the site uses modern web technologies including jQuery, Bootstrap, Vue.js, and integrates analytics and marketing tools such as Google Analytics, Microsoft Application Insights, and Pardot. However, a critical security concern is the invalid SSL certificate, which undermines the site's HTTPS security posture despite the presence of security headers and cookie protections. Privacy and cookie policies are well implemented with consent mechanisms, indicating good compliance with GDPR. Overall, the site demonstrates strong business credibility and professional quality but requires urgent remediation of SSL issues to enhance security and trust.

N

Neste

neste.com

0

Neste is a leading global producer of sustainable aviation fuel and renewable diesel, focusing on mitigating climate change and advancing the circular economy. The company holds a strong market position in the energy and transportation sectors, offering renewable solutions that enable customers to reduce greenhouse gas emissions. The website reflects a mature digital presence with rich multimedia content, multiple language support, and comprehensive corporate disclosures. Technically, the site is built on modern frameworks such as Next.js and React, hosted on Microsoft Azure, and incorporates advanced marketing and consent management tools. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which severely impacts the site's security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL configuration to ensure secure user interactions.

A

Aalto-yliopisto

aalto.fi

0

Aalto-yliopisto is a leading multidisciplinary university in Finland specializing in technology, business, and arts. The website reflects a mature digital presence with comprehensive content targeting students, researchers, staff, and partners. It offers extensive information on education programs, research initiatives, events, and community engagement. The site is multilingual and well-branded, emphasizing sustainability and innovation. Technically, the site is built on Drupal 10 CMS, leveraging modern JavaScript libraries, CDN caching via Fastly, and integrates analytics and consent management tools such as Google Tag Manager and Cookiebot. The site is mobile-optimized, accessible, and SEO-friendly, with fast loading times and clear navigation. Security posture is strong with HTTPS enforced, valid SSL certificates, and multiple security headers. However, DNSSEC and CAA records are not implemented, which could enhance DNS security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is available but lacks explicit security incident response contacts. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing DNS security, publishing vulnerability disclosure information, and improving incident response transparency.

D

Destruction For Nada

destructionfornada.com

0

Destruction For Nada is a focused advocacy campaign operating primarily in Los Angeles County, aiming to halt freeway widening projects that contribute to increased traffic, pollution, and displacement of communities. The campaign promotes investment in public and active transportation alternatives to address climate change and housing crises. The website is built on Squarespace, leveraging standard web technologies and integrates Mailchimp for email list management. While the site presents clear messaging and partner affiliations, it lacks critical security infrastructure such as a valid SSL certificate, which undermines user trust and data security. Privacy and cookie policies are absent, indicating gaps in compliance with data protection regulations. Overall, the site serves as an informational and engagement platform for a small non-profit advocacy group but requires significant improvements in security and privacy to enhance credibility and user safety.

I

Inland Southern California Climate Collaborative

iscclimatecollaborative.org

0

The Inland Southern California Climate Collaborative (ISC3) is a regional, cross-sectoral network focused on advancing equitable climate resilience solutions in Inland Southern California. The organization facilitates collaboration among agencies, organizations, and institutions to address climate risks such as heat, drought, and wildfires. The website serves as an informational platform providing resources, membership information, and regional climate reports. Technically, the site is built on WordPress with common plugins and libraries but suffers from a lack of a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication DNS records. Privacy compliance is minimal, with no privacy or cookie policies detected. Business credibility is moderate, supported by university facilitation and government partnerships, but could be improved with more transparent policies and contact information. Overall, the site is functional and content-rich but requires significant security and privacy improvements to enhance trust and compliance.

P

PBS SoCal

kcet.org

0

PBS SoCal is a prominent public media organization serving the Greater Los Angeles and Southern California region. As a non-profit entity and a member of the Public Media Group of Southern California, it provides a wide range of PBS programming, local content, and educational resources. The website reflects a strong brand presence with consistent messaging and a focus on community engagement through various media formats including video, news, and educational tools. Technically, the website employs modern web technologies such as Polymer for custom elements, integrates multiple analytics and advertising platforms including Google Tag Manager, Facebook SDK, and Fathom Analytics, and is hosted on Amazon AWS infrastructure. However, the site suffers from a critical security issue due to an invalid or missing SSL certificate, which undermines the security posture and user trust. Performance is moderate with a relatively high page size and load time, but mobile optimization and accessibility are well addressed. From a security perspective, the absence of a valid SSL certificate and lack of security headers are significant vulnerabilities that need immediate remediation. Privacy compliance is well handled with clear privacy and cookie policies, including GDPR compliance indicators and consent mechanisms. Business credibility is strong with clear contact information, social media presence, and trust signals such as PBS Passport membership. Overall, while the site excels in content quality and business credibility, the security shortcomings notably reduce its overall risk posture. Strategic improvements in SSL implementation and security headers are recommended to enhance user trust and compliance.

E

EnviroMetro

envirometro.org

0

EnviroMetro is a small non-profit coalition focused on advocating for green, equitable, and healthy transportation policies in Los Angeles. The coalition collaborates with Metro and other organizations to influence transportation investment priorities and has played a key role in shaping regional ballot measures. The website is built on WordPress and uses common plugins such as Yoast SEO and MailChimp for marketing and analytics. While the site provides useful content and contact information, it lacks critical security features such as a valid SSL certificate and security headers, which exposes visitors to risks. Additionally, privacy and cookie policies are absent, indicating compliance gaps. The site’s performance is slow, and technical implementation could be improved to enhance user experience and security.

C

Climate Resolve

climateplans.la

0

Climate Plans Los Angeles is a small, niche advocacy and informational website focused on promoting climate-conscious community planning within the City of Los Angeles. The site provides resources and information about local community plan areas and encourages integration of climate considerations into urban development. Technically, the site is built on WordPress with Elementor and uses common web technologies such as jQuery and Bootstrap. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. The absence of privacy and cookie policies, as well as contact information, further reduces trust and compliance posture. Tracking technologies like Facebook Pixel and Google Analytics are present, indicating moderate user tracking without clear privacy disclosures. Overall, the site is functional but basic in content quality and technical implementation, with significant security and privacy gaps that should be addressed to improve user trust and regulatory compliance.

C

Climate Resolve

coolestinla.org

0

Climate Resolve is a well-established non-profit organization focused on climate advocacy and community engagement in Los Angeles. Their flagship event, Coolest in LA, celebrates 15 years of climate action and brings together leaders, advocates, and sponsors to promote sustainable solutions. The website is professionally designed using WordPress and Elementor, with good SEO and social media integration. The technical infrastructure leverages modern web technologies and Cloudflare for hosting and CDN services, ensuring good performance and availability. Security posture is adequate with HTTPS and valid SSL, but could be improved by enabling HSTS and DNSSEC. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Contact information is clearly provided, including obfuscated emails and a phone number. Overall, the site presents a credible and trustworthy image for a medium-sized non-profit organization.

C

Content Pass GmbH

contentpass.net

0

Content Pass GmbH operates contentpass.net, a subscription-based platform offering users ad-free and tracking-free access to over 500 digital publications. The company positions itself as a privacy-conscious alternative to traditional ad-supported content, distributing subscription revenues to publishers to compensate for lost advertising income. The service targets privacy-aware consumers in Europe, emphasizing GDPR compliance and user data protection. The platform integrates multiple payment providers and offers multi-device access with a user-friendly interface. Technically, the website is built on a modern React/Next.js stack with Apollo GraphQL and hosted on OVH and Google Cloud Platform, leveraging Bunny.net CDN for performance optimization. However, the site suffers from a critical security flaw due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy policies and terms of service are comprehensive and well-documented, reinforcing trust and compliance.

A

A1

a1partnering.com

0

A1 Partnering is a strategic business unit of A1, Austria's leading telecommunications provider with over 7.1 million customers. The website promotes business partnerships and investment opportunities for B2C companies aiming to enter the Austrian and Central European markets. The company leverages its strong market position, customer base, and marketing expertise to facilitate market entry and growth for partners. Technically, the website uses modern frontend technologies such as Tailwind CSS and Alpine.js, and integrates OneTrust for cookie consent management. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site presents professional content and branding but requires urgent security improvements.

M

McCourt Global, Inc

mccourt.com

0

McCourt Global, Inc is a private family-owned diversified company with a 132-year legacy focused on real estate, sports, technology, media, and capital investment. The company operates globally with a strong emphasis on social impact and community value. The website is professionally designed with rich content, clear navigation, and good SEO practices, targeting investors, partners, and community stakeholders. Technically, the site is built on WordPress with modern JavaScript modules and uses Matomo for privacy-conscious analytics. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. Performance is slow, and security headers are missing, indicating room for improvement in security posture. Privacy compliance is good with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates high business credibility but requires urgent security enhancements to protect visitors and improve trust.

P

Project Liberty

ourbiggestfight.com

0

OurBiggestFight.com is a professionally developed WordPress website dedicated to promoting the book 'OUR BIGGEST FIGHT: Reclaiming Liberty, Humanity, and Dignity in the Digital Age' authored by Frank H. McCourt, Jr. and Michael J. Casey. The site serves as a platform to advocate for a healthier internet and supports the Project Liberty initiative, a 501(c)(3) non-profit organization focused on responsible technology development and digital rights. The website features rich content including testimonials from notable figures, event listings, media coverage, and calls to action such as book purchases and newsletter signups. Technically, the site uses modern web technologies including WordPress Gutenberg blocks, Yoast SEO, Matomo analytics, and HubSpot forms, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DMARC records, exposing the site to potential risks. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism despite active tracking. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect users and enhance trust.

P

Project Liberty LLC

thepeoplesbid.com

0

The People's Bid for TikTok is an initiative led by Project Liberty LLC aiming to create a consortium to purchase TikTok and migrate it to a decentralized platform that empowers users with control over their data. The website positions itself as a movement to reclaim digital rights and reshape social media governance. Technically, the site is built on Webflow, hosted on AWS infrastructure, and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS protocols, lack of security headers, and no cookie consent mechanism, which significantly impact its security posture. Privacy policies and terms of service are present but basic, and contact information is limited to an email address. Overall, the site presents a professional and consistent brand image with good content quality but requires urgent security improvements to protect users and build trust.

S

Sikkens

sikkens.com

0

Sikkens is a coatings brand operating internationally under the AkzoNobel group, offering decorative, joinery, vehicle refinish, and yacht paint products. The website serves as a portal to multiple regional sub-sites tailored to different countries and languages. Technically, the site uses legacy technologies such as Cufon for fonts and jQuery 3.5.0, hosted on AWS infrastructure. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. Privacy compliance is weak, with no visible privacy or cookie policies or consent mechanisms. Performance is slow, and accessibility and SEO optimizations are basic. Overall, the site presents a moderate level of business credibility but requires urgent security and compliance improvements.

A

Akzo Nobel N.V.

international-pc.com

0

International-pc.com is the official website for AkzoNobel's International Protective Coatings brand, specializing in protective and fire protection coatings for industrial sectors such as energy, offshore oil and gas, wind power, mining, and infrastructure. The site presents a professional and content-rich experience with detailed case studies, product applications, and technical support information, targeting industrial B2B clients globally. Technically, the site is built on Adobe Experience Manager CMS and uses modern JavaScript frameworks including React and jQuery, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, significantly impacting its security posture. While security headers are partially implemented, the absence of HTTPS is a critical vulnerability. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is reinforced by strong branding, social media presence, and detailed content. Overall, the site scores moderately due to excellent content and business credibility but suffers from critical security configuration issues.

A

AkzoNobel Powder Coatings

interpon.com

0

AkzoNobel Powder Coatings, represented by the Interpon brand, is a global leader in manufacturing powder coatings tailored for diverse industries such as architectural, automotive, industrial, and agricultural equipment. The company emphasizes innovation, sustainability, and a broad color palette to meet varied customer needs. The website reflects a professional and consistent brand image with comprehensive content and clear navigation, targeting B2B customers in manufacturing sectors. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries and integrates privacy management tools like OneTrust and Google Tag Manager for analytics and consent management. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap, exposing users to potential risks. The site lacks explicit security policies and incident response information, which could be improved to enhance trust and compliance. Overall, the website is content-rich and professionally presented but requires urgent security enhancements to meet modern standards.

A

AkzoNobel Paints

dulux.co.uk

0

Dulux.co.uk is the official UK website for Dulux, a leading paint brand owned by AkzoNobel. The site offers a comprehensive range of paint products, decorating advice, and interactive tools such as a colour visualiser app. It targets both consumers and professional decorators, providing e-commerce capabilities and extensive content to support decorating projects. The website is well-branded, professionally designed, and integrates multiple marketing and social media channels to engage users. Technically, the site is built on Adobe Experience Manager and uses modern web technologies and third-party services for analytics, consent management, and social media integration. However, a critical security gap exists due to the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with clear consent mechanisms in place. No explicit security or incident response policies are published on the site. Overall, the site demonstrates strong business credibility and user experience but requires urgent security improvements to protect user data and maintain trust.

M

Munich Urban Colab GmbH

munich-urban-colab.de

0

Munich Urban Colab GmbH operates a prominent innovation and coworking space in Munich, Germany, focused on developing and testing solutions for the future city through interdisciplinary and cross-sector collaboration. Positioned as one of Europe's largest startup centers, it serves startups, entrepreneurs, researchers, and public sector entities with services including coworking spaces, event venues, and community building. The website reflects a professional and well-branded digital presence with strong partnerships from major corporations and academic institutions. Technically, the site uses modern JavaScript modules, animation libraries, and a cookie consent management platform, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security practices are basic, with no security headers or HSTS enabled, and no incident response or vulnerability disclosure policies found. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and professional but requires urgent improvements in SSL and security configurations to enhance user trust and compliance.

G

GoDaddy, LLC

unternehmertum-vc.de

0

The domain unternehmertum-vc.de is currently a parked domain managed by GoDaddy, with no active business content or services hosted. The site primarily serves as a placeholder offering the domain for sale. The technical infrastructure is basic, relying on standard JavaScript and CSS with embedded third-party widgets for cookie consent (TrustArc) and customer reviews (Trustpilot). The site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No security headers or advanced domain security configurations such as DMARC, DNSSEC, or CAA records are present. Privacy compliance is minimal but includes a cookie consent mechanism via TrustArc. Overall, the website quality is poor with slow load times and minimal content, reflecting its parked status rather than an operational business site.

B

BCS Eventos

bcseventos.com.br

0

BCS Eventos is a Brazilian company specializing in intelligent solutions for events such as fairs, congresses, and shows. Established in 1997, it has served over 1,000 events and offers a comprehensive event management platform called SIGEVENT, alongside technical support and equipment rental services. The company targets event organizers and managers, positioning itself as an experienced and reliable provider in the event technology sector. Technically, the website is hosted on KingHost with an Apache server and uses modern JavaScript libraries and Google Fonts, but lacks HTTPS security and advanced security headers. The site is professionally designed with good content quality and navigation, though performance data is limited. Security posture is weak due to missing SSL certificate and security headers, posing risks to user data and trust. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is functional and professional but requires significant security improvements to enhance trust and compliance.

R

Redinter

redinter.cl

0

Redinter is a medium-sized energy company operating primarily in northern Chile, specializing in electrical transmission infrastructure. It is part of the larger Redeia group, which enhances its market position and credibility. The company focuses on ensuring secure and continuous electricity supply through its regional concessions and partnerships. The website reflects a professional corporate presence with clear business descriptions, contact information, and social media engagement. Technically, the site is built on Drupal 10, uses modern web technologies, and is hosted behind Imperva CDN, ensuring good performance and availability. Security posture is solid with HTTPS, OCSP stapling, and secure cookies, though improvements like full HSTS enablement and DNSSEC could be made. Privacy compliance is basic with a privacy policy and cookie consent implemented via Cookiebot. Overall, the site is trustworthy and well-maintained, supporting Redinter's business objectives effectively.

R

Redinter

redinter.pe

0

Redinter is a medium-sized energy sector company operating in Peru, specializing in the design, construction, operation, and maintenance of high voltage electrical transmission infrastructure. It is part of the Redeia group, a recognized leader in the energy transmission industry. The website presents a professional and well-structured digital presence with content primarily in Spanish, targeting energy sector clients and stakeholders in Peru. Technically, the site is built on Drupal CMS, uses modern web technologies, and is hosted behind Imperva Incapsula CDN/WAF, ensuring good performance and security. The SSL configuration is robust with OCSP stapling and no known vulnerabilities. Privacy compliance is basic but includes a cookie consent mechanism via Cookiebot. Contact information is clearly provided, enhancing business credibility. Overall, the site demonstrates a good balance of content quality, technical implementation, and security posture.

A

Attention Required! | Cloudflare

argoenergia.com.br

0

The website argoenergia.com.br is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) blocking page, preventing access to any substantive content. As a result, no direct business information, metadata, or contact details are available for analysis. The domain is associated with the energy sector in Brazil based on the domain extension and DNS records, but no further business insights can be derived from the blocked content. The technical infrastructure includes Cloudflare protection, a valid SSL certificate with basic configuration, and DNS records with SPF and DMARC policies indicating some email security measures. However, the absence of DNSSEC and CAA records suggests room for improvement in DNS security. Performance metrics indicate a slow load time, likely due to the WAF challenge page. Security posture is moderate due to HTTPS and email authentication but lacks advanced security headers and HSTS enforcement. Overall, the site’s security and compliance posture cannot be fully assessed due to the blocking mechanism.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 11 security findings identified across all modules.

D

Deciso

deciso.com

0

Deciso is a technology company specializing in network security solutions, primarily through its hardware and software firewall products, including the OPNsense platform. Positioned as a trusted partner for businesses seeking robust digital protection, Deciso emphasizes certified and community-driven security innovations. The website reflects a professional business model focused on product sales and customer engagement within the technology sector. Technically, the site is built on WordPress with common plugins and scripts, but suffers from a lack of HTTPS due to an invalid or missing SSL certificate, which significantly impacts security posture. The site includes Google Analytics and Tag Manager for user tracking but lacks privacy and cookie policies, indicating poor privacy compliance. Security headers are minimal, and no incident response or vulnerability disclosure policies are present, suggesting room for improvement in security governance. Overall, the website is content-rich and well-structured but requires urgent security enhancements to protect user data and improve trust.

I

InterNations

internations.org

0

InterNations is a leading global community platform for expatriates, offering networking, events, and destination guides across 420 cities worldwide. The website targets expatriates and global minds seeking connection and information about living abroad. Technically, the site employs modern JavaScript frameworks, Webpack bundling, and integrates monitoring and analytics tools such as New Relic, Google Analytics, and Cookiebot for consent management. Hosting is via Cloudflare CDN, ensuring performance and availability. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, despite good security header configurations and secure cookie practices. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

L

Landitec GmbH

scope7.de

0

scope7.de is the online presence of Landitec GmbH's scope7® brand, specializing in hardware appliances tailored for open source solutions such as OPNsense®, flexiWAN, IPFire, Untangle®, and FRRouting. The company positions itself as a provider of powerful, cost-effective, and ready-to-use hardware platforms that are pre-installed with popular open source firewall and routing software. Their market position is strengthened by official certifications and partnerships, notably as an OPNsense Platinum Partner and flexiWAN certified hardware provider. The website reflects a professional and consistent brand image targeting businesses and professionals seeking vendor-independent open source security appliances. Technically, the site is built on Joomla CMS with modern frontend libraries and extensions, delivering good performance and mobile optimization. Security posture is solid with HTTPS enforced, HSTS header present, and no detected SSL vulnerabilities, though improvements like OCSP stapling and DNSSEC could enhance security further. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is available with a clear company phone number and contact forms, supporting business credibility. Overall, the website demonstrates a mature digital presence with strong business and security fundamentals.

G

Gaia-X 4 Future Mobility

gaia-x4futuremobility.de

0

Gaia-X 4 Future Mobility is a collaborative project family focused on developing and implementing future mobility applications based on the Gaia-X initiative. It is funded by the German Federal Ministry for Economic Affairs and Climate Action and coordinated by the DLR Institute for AI Security. The initiative involves about 80 participants from industry and research, aiming to build an open, decentralized data and service ecosystem for mobility. The website provides detailed information about the six constituent projects, their goals, participants, and related initiatives. Technically, the site is built on the Webflow platform, uses Google Fonts and jQuery, and is hosted on a CDN. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security concern. Privacy and terms of service pages are present, but no cookie consent mechanism is detected. Overall, the site is professionally designed with good content relevance and navigation but requires urgent security improvements.

P

Papoo Software & Media GmbH

epccm19.com

0

Papoo Software & Media GmbH operates the CCM19 Cookie Consent Manager, a comprehensive European alternative for cookie consent management software. The company offers multiple deployment options including on-premise, cloud, and agency versions, emphasizing data sovereignty by hosting all infrastructure in Germany. The website demonstrates a strong market position with extensive features, multilingual support, and a clear focus on compliance with GDPR, TDDDG, and other privacy regulations. The business targets website owners, agencies, and enterprises requiring robust consent management solutions. Technically, the site uses a modern stack with Apache, PHP, jQuery, and Foundation framework, hosted by Your-Server.de. Security posture is solid with HTTPS, security headers, and no known vulnerabilities, though some improvements like enhanced HSTS and CSP headers are recommended. Overall, the site is professional, well-structured, and trustworthy, with clear contact information and certifications. The privacy and cookie policies are comprehensive and GDPR compliant, supporting a positive privacy compliance score.

H

Hochschule Ruhr West

hs-ruhrwest.de

0

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

Z

ZENIT GmbH (Konsortialführerin), NRW.BANK (Konsortialpartnerin), NRW.Global Business GmbH, IHK NRW e.V.

nrweuropa.de

0

NRW.Europa is a regional representation of the Enterprise Europe Network in North Rhine-Westphalia, Germany, providing comprehensive support for internationalization, innovation, and funding to SMEs and research institutions. The website is built on TYPO3 CMS and features professional design, clear navigation, and multilingual support. However, the site lacks a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While privacy compliance is well addressed through a cookie consent mechanism and a comprehensive privacy policy, the absence of HTTPS and other security headers poses risks. The site maintains active content with news and event calendars, reinforcing its credibility and engagement with its audience. Strategic improvements in SSL deployment and security configurations are critical to enhance trust and compliance.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

0

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

B

Berufsgenossenschaft Rohstoffe und Chemische Industrie

bgrci.de

0

Berufsgenossenschaft Rohstoffe und Chemische Industrie (BG RCI) is a statutory accident insurance institution in Germany serving sectors such as mining, chemical industry, paper manufacturing, leather, sugar, and construction materials. The organization provides accident insurance, prevention, rehabilitation, and consulting services focused on occupational safety and health. The website targets entrepreneurs and insured members within these industries, offering information, publications, and access to online services such as a member portal. The site is built on TYPO3 CMS and uses modern JavaScript libraries and Matomo for analytics, indicating a moderate level of digital maturity. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR adherence, but cookie consent mechanisms are missing. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

B

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM)

bgetem.de

0

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM) is a German statutory accident insurance institution serving sectors including energy, textiles, electronics, and media. The organization provides prevention, rehabilitation, compensation, and member services to insured companies and individuals. The website reflects a well-structured, content-rich platform targeting employers, insured persons, and safety professionals with comprehensive information and resources. Technically, the site is built on the Plone CMS with Bootstrap and jQuery, integrating Matomo analytics and Cookiefirst for consent management. However, the site lacks HTTPS encryption, which is a critical security deficiency. No security headers or modern TLS protocols are configured, exposing the site to potential risks. Privacy and legal compliance are well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and ensure compliance with modern standards.

B

BG Verkehr

bg-verkehr.de

0

BG Verkehr is a German statutory accident insurance institution specializing in transportation and logistics sectors. The website provides comprehensive information about insurance coverage, prevention, rehabilitation, and training services tailored for employees and companies in these industries. The site targets German-speaking users and serves as an official communication channel for BG Verkehr's services and updates. Technically, the website is built on the Plone CMS platform, utilizing modern frontend libraries such as Bootstrap and Font Awesome, and integrates Piwik/Matomo for analytics and Cookiefirst for cookie consent management. However, a critical security shortfall is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks and undermining trust. The site lacks security headers and advanced SSL configurations, which further impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professionally designed with good content quality and navigation but requires urgent security improvements to meet modern standards.

B

BG Kliniken – Klinikverbund der gesetzlichen Unfallversicherung gGmbH

bg-kliniken.de

0

BG Kliniken is a large non-profit healthcare organization in Germany specializing in acute care and rehabilitation for severely injured and occupationally ill patients. It operates one of the largest trauma center networks in the country, offering comprehensive medical services, research, and professional training through its BG Kliniken Akademie. The website is professionally designed with clear navigation targeting patients, insurance carriers, referring physicians, and job applicants. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Usercentrics for cookie consent and Google Tag Manager for analytics. However, the site suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. DNS records show well-configured SPF and DMARC policies, enhancing email security. Overall, the site demonstrates strong business credibility and privacy compliance but requires urgent security improvements.

V

Versicherer im Raum der Kirchen

vrk.de

0

Versicherer im Raum der Kirchen (VRK) is a medium-sized German insurance provider specializing in sustainable and ethical insurance products tailored for individuals and church-related groups. The company offers a broad range of insurance services including auto, travel, home, liability, legal protection, health, and retirement products, with a strong emphasis on sustainability and customer-centric service. Their market position is niche but well-established within the church and non-profit sectors in Germany, supported by multiple sustainability and employer awards. Technically, the website is built on Adobe Experience Manager (AEM) and uses modern web technologies such as StencilJS components and responsive images. However, the site suffers from slow load times and lacks a valid SSL certificate, serving content over HTTP which significantly impacts security posture. Accessibility and SEO optimizations are well implemented, and the site is mobile-friendly with clear navigation. Security-wise, the absence of HTTPS and security headers is a critical weakness, exposing users to potential risks. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism in place. Overall, VRK's website demonstrates excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving performance to align with best practices.

C

Climate Resolve

climateresolve.org

0

Climate Resolve is a medium-sized non-profit organization focused on advancing equitable climate solutions primarily in the Los Angeles area. The organization builds collaborations among communities, organizations, and policymakers to address climate change through local action. Their key services include initiatives such as Keeping Cool, transportation solutions, outreach, climate planning and technical assistance, nature-based solutions, climate science, wildfire mitigation, smart growth, and zero emissions transit. The website reflects a strong market position as a local climate advocacy leader with a clear mission and impactful community engagement. Technically, the website is built on WordPress using Elementor and Yoast SEO, hosted behind Cloudflare DNS, and integrates various marketing and analytics tools including Facebook Pixel and Klaviyo. While the site is well-designed and content-rich, performance is somewhat slow due to a high number of resources. Security posture is basic with valid SSL and SPF/DMARC records but lacks advanced DNS security features like DNSSEC and CAA records. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite tracking pixels. Overall, the site is professional and trustworthy but could improve in security and privacy practices.