Complying with security standards and complying with web design standards are two entirely different things.
Many web sites don't comply with web design standards - it's an unfortunate fact of life. In a very many cases, it's because the sites are designed to work with Windows Internet Explorer* with no attempt to make sure the web sites work with any other browsers or on any other platforms. Usually that doesn't result in the inability of a web browser to access the site properly, but in some cases it does.
*(In case anyone thinks Windows Internet Explorer should
be the standard, this simply isn't realistic, despite possibly sounding sensible on the face of it.
Web design standards are based on usability guidelines and and well-researched methods to make web page code more practical, streamlined, and able to be used on a variety of devices and by people with a variety of needs. They're not just a set of rules that can be changed on a whim to conform to a certain web browser's quirky way of rendering sites. Internet Explorer is notorious for not being compliant with agreed upon web standards. Internet Explorer is even inconsistent in how it renders web pages from one IE version to the next, complicating matters even further.)