United States security reports

S

Schwartzco, Inc. d/b/a Commercial Type

commercialtype.com

68

Commercial Type is a specialized font foundry and licensing company established in 2007, offering a wide range of professional fonts and custom font design services. Their business model revolves around e-commerce font licensing with detailed legal agreements and secure payment processing via Stripe. The website is professionally designed with good navigation and mobile optimization, reflecting a mature digital presence. Technically, the site uses modern web technologies including Ruby on Rails, Hotwired Turbo, and Stimulus, with a custom CMS named GrayMatter. Security posture is solid with HTTPS and CSRF protections, but lacks some security headers and explicit security policies. Privacy compliance is a notable gap, with no privacy or cookie policies detected. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business.

S

Site Editor

edit.site

66

Site Editor operates as a SaaS platform providing website building and publishing services primarily targeting general users seeking easy-to-use website creation tools. The platform is positioned within the technology sector and appears to be a small-sized business founded in 2018. The website content is minimal, focusing on user login functionality, with basic legal compliance links such as privacy policy, terms of service, and GDPR information. Technically, the site employs modern web technologies including React and JavaScript ES modules, hosted on Cloudflare infrastructure, ensuring good SSL configuration and moderate performance. However, DNSSEC is not enabled, and security headers are absent, indicating room for security enhancements. Privacy compliance is partially met with legal documents present but lacks cookie consent mechanisms. No direct contact information or incident response policies are visible, which may impact user trust and compliance. Overall, the site is functional and moderately secure but would benefit from improved security practices and transparency.

D

Domains By Proxy, LLC

cactus.chat

62

Cactus Comments is an open source federated comment system built on the Matrix protocol, targeting web developers and website owners who want decentralized, privacy-respecting comment functionality. The project is small and community-funded, with source code openly available under LGPLv3 and AGPLv3 licenses. The website is professionally designed with good content quality and clear navigation, reflecting a mature open source project. Technically, it uses modern web standards and is hosted on Hetzner, a reputable provider. However, there are gaps in privacy compliance and security policies, with no visible privacy or cookie policies and no incident response information published. The security posture is moderate, with HTTPS implied but no explicit security headers detected. Overall, the domain registration is privacy protected but consistent with the nature of the project, and no suspicious patterns were found.

E

Evangelical Council for Financial Accountability

ecfa.org

68

The Evangelical Council for Financial Accountability (ECFA) is a well-established non-profit organization dedicated to promoting financial transparency, integrity, and accountability among churches and ministries. With over 2,700 accredited members and a significant reach to donors and the public, ECFA positions itself as a trusted leader in evangelical financial stewardship. Their services include accreditation, coaching, and providing resources to enhance trust between ministries and donors. The website reflects a professional and consistent brand image, targeting ministries, churches, and donors primarily in the United States. Technically, the website employs a mature technology stack including ASP.NET WebForms, Bootstrap 5, jQuery, and modern analytics and marketing tools such as Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. The site is mobile optimized and demonstrates good performance and SEO practices, although accessibility features could be improved. Security posture is strong with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and published security policies. From a security and compliance perspective, the site does not display a cookie consent mechanism despite using tracking scripts, which may impact GDPR compliance. WHOIS data is unavailable or malformed, limiting domain registration trust assessment. However, the website content and branding strongly indicate legitimacy. No adult or questionable content is present, making the site safe for general audiences. Overall, ECFA's website is a credible and professional platform supporting its mission. Strategic improvements in privacy compliance, security transparency, and WHOIS data availability would enhance trust and compliance posture further.

L

Language Creation Society

fiatlingua.org

52

Fiat Lingua is an educational and archival website dedicated to constructed language (conlang) articles, operated by the Language Creation Society, a US-based organization. The site serves a niche audience of linguists, conlang enthusiasts, and scholars by providing professionally authored content and downloadable resources. The business model is non-commercial, focusing on community and educational value rather than direct monetization. The website is built on WordPress and hosted by DreamHost, leveraging modern web technologies and providing a generally good user experience with clear navigation and mobile optimization. However, the site lacks explicit privacy and cookie policies, which impacts compliance and user trust. Security posture is solid with HTTPS enabled and domain transfer protections, but could be improved by enabling DNSSEC and adding security headers. No contact information or incident response details are provided, limiting direct communication channels. Overall, the site is trustworthy and professionally maintained but would benefit from enhanced privacy and security disclosures.

J

Jarrod Blundy

heydingus.net

51

HeyDingus is a personal blog operated by Jarrod Blundy, focusing on technology, outdoor activities, and curated internet content. The site serves a niche audience of technology enthusiasts and outdoor lovers, offering blog posts, shortcuts, and digital products. The business model is primarily content-driven with monetization through tips, affiliate marketing, and a small store. The website is well-branded, professionally designed, and regularly updated, reflecting a small but engaged community presence. Technically, the website is hosted on Blot.im, leveraging a simple but effective tech stack including HTML5, CSS, JavaScript, and integrations with Micro.blog and Carbon Ads. The site is mobile-optimized and performs well, with fast loading times and good SEO practices. Accessibility is basic but functional. The site uses HTTPS with a strong SSL configuration, though it lacks DNSSEC and some recommended security headers. From a security perspective, the site demonstrates good baseline practices such as HTTPS enforcement and domain transfer/update protections. However, it lacks explicit privacy and cookie policies, security.txt files, and vulnerability disclosure mechanisms, which are important for compliance and transparency. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the website content and shows no suspicious patterns. Overall, HeyDingus is a trustworthy, well-maintained personal blog with solid technical foundations but could improve its privacy compliance and security posture by adding formal policies and security headers. The risk level is low, but enhancements in compliance and security best practices are recommended to maintain trust and meet evolving standards.

Cody Schultz operates a personal brand website focused on photography, writing, and creative podcasting. The site serves as a portfolio and content hub targeting enthusiasts and professionals interested in landscape photography and creative philosophy. The business model centers on content creation, podcast hosting, and newsletter distribution, positioning itself as a niche media entity within the creative arts sector. The website is small scale and founded in 2016, consistent with the domain registration data. Technically, the website is built with standard HTML5 and CSS3, leveraging custom fonts and hosted likely on Squarespace infrastructure. The site demonstrates good mobile optimization, SEO metadata, and a clean, consistent design. However, no CMS or advanced frameworks are detected, indicating a simple static or lightly dynamic site. Performance is moderate with no evident technical debt but lacks advanced accessibility features. From a security perspective, the domain registration includes transfer and update prohibitions, enhancing domain security. However, DNSSEC is not enabled, and no security headers are detected in the provided data, representing areas for improvement. The site lacks privacy, cookie, and terms of service policies, which are critical for GDPR and general compliance. No contact information or incident response details are published, limiting transparency and trust. Overall, the website is professionally presented and trustworthy for its niche but requires enhancements in privacy compliance and security best practices to improve its risk posture and user trust. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and publishing contact information for security incidents.

Luke’s Wild Website is a personal portfolio and blog site operated by Luke Harris, a developer and designer based in Chicago. The site serves as a platform for sharing blog posts, notes, and personal insights, targeting a general audience interested in technology and personal content. The website is built on the Ghost CMS platform, utilizing modern web technologies such as HTML5, CSS3, and JavaScript, with a clean and consistent design that supports good user experience and mobile optimization. However, the site lacks explicit contact information, privacy policies, and security headers, which impacts its overall trustworthiness and compliance posture. From a technical perspective, the website demonstrates moderate performance and good SEO optimization but lacks advanced security configurations such as HTTPS enforcement and security headers. The absence of WHOIS registration data raises concerns about domain legitimacy, although the site content appears genuine and updated recently. No advertising or analytics services are detected, indicating minimal user tracking and a privacy-conscious approach, albeit without formal policies. Security posture is currently weak due to missing HTTPS confirmation, lack of security headers, and no visible incident response or data protection policies. The site does not expose sensitive data or show signs of vulnerabilities but would benefit from implementing standard security best practices and publishing privacy and cookie policies to improve compliance and user trust. Overall, the website is functional and professional for a personal blog but requires improvements in security and compliance to enhance credibility and protect visitors.

B

Ben Werdmuller

werd.io

57

Werd I/O is an independent media and blogging platform authored by Ben Werdmuller, focusing on topics at the intersection of technology, media, and democracy. The website operates on a reader-supported subscription model, providing thoughtful essays and articles to a general audience interested in societal and technological issues. The market position is niche but credible, with a small but engaged audience. The business is small-sized, US-based, and founded in 2013, reflecting a mature presence in independent digital media. Technically, the site is built on the Ghost CMS platform, leveraging modern web technologies including JavaScript, CSS, and Cloudflare DNS services. The site demonstrates good performance, mobile optimization, and SEO practices. However, accessibility is basic and could be improved. The technical infrastructure is modern and well-maintained, supporting a smooth user experience. From a security perspective, the site enforces HTTPS and uses clientTransferProhibited status on the domain, indicating domain transfer protection. However, DNSSEC is not enabled, and no security headers are detected, which are areas for improvement. There is no visible privacy or cookie policy, nor incident response or vulnerability disclosure information, which impacts compliance and trust. No critical vulnerabilities or exposed sensitive data were found. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices. Strategic recommendations include enabling DNSSEC, publishing privacy and cookie policies, adding security headers, and providing incident response contacts to improve user trust and regulatory compliance.

Skyhold.org is a personal website operated by C Jackdaw, a writer and witch, serving as a platform for creative expression, personal blogging, and resource sharing. The site targets a niche audience interested in writing, witchcraft, solarpunk, ADHD, and related topics. It is a small-scale, non-commercial site with regular content updates and a modest but consistent brand presence. The business entity behind the domain is Private by Design, LLC, a US-based organization, which aligns with the website's personal and creative nature. Technically, the site is hand-coded with standard HTML, CSS, and JavaScript, leveraging modern IndieWeb protocols such as IndieAuth and Webmention. Analytics are implemented via privacy-conscious services like GoatCounter and Tinylytics, reflecting a minimal user tracking approach. The site demonstrates good mobile optimization and basic accessibility but lacks advanced SEO and security headers. Hosting details are not explicit, but DNS indicates use of messagingengine.com name servers, possibly related to email hosting. From a security perspective, the site uses HTTPS and has domain status protections against unauthorized transfer or deletion. However, it lacks DNSSEC and common security headers, which are recommended to enhance security posture. No privacy or cookie policies are present, indicating compliance gaps. No forms or input fields are present, reducing attack surface but also limiting user interaction. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the personal nature and limited business impact of the site. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and considering a security.txt file for vulnerability disclosure. These steps would improve trust, compliance, and security without significant overhead.

M

Matt Stein

mattstein.com

59

Matt Stein's website serves as a personal portfolio and blog showcasing his work as a web designer, developer, and writer based in Bend, Oregon. The site is well-structured, featuring curated writings and recent posts, targeting a general audience interested in technology and personal insights. The business model is that of a personal brand, with no commercial storefront but with links to social media and donation platforms such as Ko-fi. The domain is well-established, created in 2004, indicating a mature online presence. Technically, the site is built using modern technologies including Astro framework and JavaScript, hosted via Cloudflare infrastructure. It demonstrates excellent mobile optimization, good accessibility, and SEO practices. The use of Umami analytics reflects a privacy-conscious approach to user tracking. The site loads quickly and is free from broken elements or errors. From a security perspective, the website enforces HTTPS and has domain transfer protections in place. However, it lacks DNSSEC and important security headers such as Content-Security-Policy. There are no visible vulnerabilities or exposed sensitive data. Privacy and cookie policies are absent, which is a compliance gap. Incident response and vulnerability disclosure mechanisms are not present. Overall, the website is trustworthy, professional, and safe for general audiences. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and providing incident response contacts to enhance security posture and compliance.

T

The University of Oklahoma

ou.edu

65

The University of Oklahoma operates as a large, comprehensive public research university with a strong market position in the education sector. It serves a diverse audience including students, faculty, staff, and alumni, offering extensive academic programs and research initiatives across multiple campuses. The website reflects a mature digital presence with modern technologies, good mobile optimization, and comprehensive content that supports its educational mission. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security headers and incident response policies could be more visible. Privacy compliance is well addressed with clear policies and consent banners. Overall, the site projects professionalism and trustworthiness consistent with a major educational institution.

The website worldlit.org currently serves a security challenge page that blocks direct access to its content, indicating the presence of a Web Application Firewall or similar security mechanism. The domain is registered with privacy protection via Domains By Proxy, LLC, and uses Cloudflare DNS services. The visible metadata reveals the use of very outdated content management systems (Joomla 1.5 and WordPress 2.5), which pose significant security risks. No business or contact information, privacy policies, or terms of service are present on the accessible page, limiting the ability to assess the business or compliance posture. The site links externally only to bitninja.io, a security service provider, suggesting some level of security monitoring. Overall, the site appears minimal and likely inactive or under maintenance, with a poor security and compliance posture based on available data.

T

Transurban Limited

transurbanuscareers.com

74

Transurban Limited operates as a major global toll-road operator with a strong presence in Australia and North America. The careers subdomain provides detailed information about job opportunities, company culture, benefits, and recruitment processes, targeting potential employees and interns. The website is professionally designed, consistent with corporate branding, and integrates modern web technologies including Adobe Experience Manager, Google Analytics, and Microsoft Clarity. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers and explicit policies could be improved. Privacy compliance is partial with a clear privacy policy but lacking explicit cookie consent mechanisms. WHOIS data for the subdomain is unavailable, which is typical for subdomains, and does not detract from the legitimacy of the site. Overall, the site is trustworthy and well-maintained, supporting Transurban's business objectives in talent acquisition.

C

Commonwealth of Virginia

virginia.gov

68

Virginia.gov is the official digital portal for the Commonwealth of Virginia, providing residents, businesses, and visitors with access to a wide range of government services and resources. The website serves as a centralized hub for information on state government, business, education, health, transportation, and public safety. It is positioned as a trusted and authoritative source for Virginia state government information and services. Technically, the site employs modern web technologies including jQuery, Font Awesome, and Google Tag Manager, with a focus on accessibility and mobile responsiveness. The site is well-structured with clear navigation and comprehensive metadata, supporting good SEO and user experience. Performance is moderate, with opportunities for optimization. From a security perspective, the site uses HTTPS and follows several best practices, though it lacks some security headers and explicit security policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or GDPR indicators. WHOIS data is unavailable due to privacy protection, which is typical for government domains. Overall, Virginia.gov presents a high level of trustworthiness and professionalism, suitable for its role as a government portal. Strategic improvements in privacy compliance and security transparency would further enhance its posture.

T

The tilde.zone Team

tilde.zone

65

tilde.zone operates as a niche Mastodon instance within the fediverse, providing a platform for social networking focused on collaboration, creativity, and community engagement. The service is community-driven and targets users interested in open social networks without ads or algorithms. The website is technically modern, leveraging React, TypeScript, and Ruby on Rails, and is optimized for mobile devices. It uses HTTPS and WebSockets for real-time communication, but lacks some advanced security configurations such as DNSSEC and security headers. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service. Contact information is not publicly visible, which is common for community-run platforms. Overall, the site is trustworthy and professional, but could improve in privacy and security practices.

S

Swyftlight

hiram.io

70

The website hiram.io represents a solopreneur and indie hacker named Hiram Núñez, operating under the organization Swyftlight. The business focuses on building and launching multiple digital projects aimed at improving the web, with an emphasis on privacy, no-code/low-code development, and emerging technologies. The site showcases a portfolio of ventures including privacy-respecting analytics, digital product sales, and consulting services. The market position is niche but credible, targeting tech enthusiasts, startups, and business strategists. Technically, the site is built on the Dorik platform, uses modern JavaScript libraries like jQuery and Typed.js, and is hosted and registered via Cloudflare, ensuring reliable infrastructure. The site is mobile optimized and has good SEO practices, though accessibility is basic. Security posture is moderate with HTTPS enforced and clientTransferProhibited domain status, but lacks DNSSEC and security headers. Privacy compliance is limited due to absence of privacy and cookie policies. Overall, the site is professional and trustworthy but would benefit from enhanced compliance and security disclosures.

B

Bitwarden, Inc.

bitwarden.com

85

Bitwarden, Inc. operates a leading open source password management platform trusted by millions globally, serving individuals, families, businesses, and enterprises. Their product suite includes password management, secrets management, passwordless authentication, and developer tools, positioning them strongly in the cybersecurity technology market. The company emphasizes transparency, security, and compliance, supported by certifications such as SOC 2 and ISO 27001. Their business model is primarily SaaS with free and paid tiers, including self-hosting options for enterprises. Technically, Bitwarden employs a modern React-based web platform, leveraging Cloudflare for hosting and CDN services, and integrates analytics tools like Google Tag Manager and Plausible Analytics. The website demonstrates excellent performance, mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure. Security posture is robust, with enforced HTTPS, comprehensive security headers, a bug bounty program, and regular compliance audits. However, DNSSEC is not enabled, and a security.txt file is absent, representing areas for improvement. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information is available primarily via contact forms, with no explicit phone numbers or emails disclosed. Overall, Bitwarden presents a high-trust, professional, and secure online presence with minimal risk. Strategic recommendations include enabling DNSSEC, publishing a security.txt file, and enhancing incident response transparency to further strengthen their security and compliance posture.

P

PrivacyGuardian.org llc

sakurajima.moe

63

Sakurajima.moe is a specialized Mastodon server catering to the Anime, Manga, and Japanese media fandom and content creator community. It offers a decentralized social media platform with enhanced moderation, custom features, and integration with related platforms such as Misskey/Sharkey and forums. The server emphasizes a safe, inclusive, and non-toxic environment, supported by a small but active user base and funded through donations. Technically, it leverages a customized Mastodon Glitch fork, hosted on ReliableSite with media storage on Linode, and employs Elasticsearch and Meilisearch for search capabilities. Security practices include daily backups, strict moderation policies, and domain transfer protections, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is partial, with a comprehensive privacy policy but no cookie consent mechanism. Overall, the site demonstrates a mature and professional approach to community management and technical infrastructure, suitable for its niche audience.

T

Transurban (USA) Operations Inc.

expresslanes.com

67

Express Lanes, operated by Transurban (USA) Operations Inc., is a well-established transportation service provider focused on express toll lanes in Northern Virginia. The website offers comprehensive services including toll payments, trip planning, and real-time traffic updates, supported by a mobile app to enhance user convenience. The company holds a strong market position as a key regional express lanes operator with a clear business model centered on transportation infrastructure and customer service. Technically, the website is built on Drupal 8, leveraging modern web technologies such as jQuery, Google Analytics, and Facebook Pixel for analytics and marketing. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Hosting and domain registration are stable and consistent with the business profile, with Amazon Registrar as the domain registrar and AWS DNS servers. From a security perspective, the site enforces HTTPS, employs domain status locks to prevent unauthorized changes, and implements a cookie consent mechanism aligned with GDPR requirements. However, DNSSEC is not enabled, and no explicit security or incident response policies are published, indicating areas for improvement. No vulnerabilities or suspicious content were detected. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, making it a reliable platform for its users. Strategic recommendations include enabling DNSSEC, publishing security policies, and implementing a vulnerability disclosure program to further enhance security posture and user trust.

W

World Literature Today

worldliteraturetoday.org

53

World Literature Today is a well-established international literary magazine affiliated with the University of Oklahoma, publishing contemporary literary content including interviews, essays, poetry, fiction, and book reviews. The website serves a global audience of literary readers and scholars, offering subscription services, literary prizes, and educational programs. The business model is primarily publishing and subscription-based, supported by donations and events. The site demonstrates consistent branding and high content quality, reflecting its long history and reputable market position.

L

Language Creation Society

conlang.org

52

The Language Creation Society operates a well-established website dedicated to the art and community of language creation. Founded in 1999 and based in the US, it serves a niche audience of conlang enthusiasts by providing membership services, conferences, grants, and a variety of resources. The website is built on WordPress with a modern theme and plugins, hosted by DreamHost, and demonstrates good technical maturity with responsive design and clear navigation. Security posture is adequate with HTTPS and domain transfer protections, but lacks advanced DNS security and security headers. Privacy compliance is supported by a comprehensive privacy policy, though cookie consent mechanisms are absent. Overall, the site is trustworthy, professional, and serves its community effectively.

P

Private by Design, LLC

lipukule.org

58

Lipukule.org is a niche cultural and linguistic website dedicated to the toki pona language and related content. It provides articles and posts that explore various themes in toki pona, targeting enthusiasts and learners of this constructed language. The website operates under the ownership of Private by Design, LLC, a US-based entity, with domain registration consistent with the site's scale and focus. The business model centers on content publication and community engagement via Discord and Telegram channels, without evident commercial transactions or e-commerce features. Technically, the website is built using the modern SvelteKit framework with JavaScript and CSS, delivering a good user experience with responsive design and clear navigation. Performance is moderate, and accessibility is basic but functional. No major technical debt or outdated technologies were detected. However, the site lacks advanced SEO optimization and accessibility features. From a security perspective, the site uses HTTPS but lacks security headers and published security policies. No privacy or cookie policies are present, and no contact information is provided, which limits compliance with GDPR and other privacy regulations. No vulnerability disclosure or incident response information is available. The domain registration is transparent and consistent with the website's purpose, supporting legitimacy. Overall, the website is safe, with no adult or explicit content detected. The content quality and business credibility are good, but privacy compliance and security posture need improvement. Strategic recommendations include implementing privacy and cookie policies, adding security headers, publishing a vulnerability disclosure policy, and enhancing accessibility and SEO.

ReliableRx Pharmacy operates as an online pharmacy platform primarily serving customers in the United States. The business focuses on distributing generic and prescribed drugs through an e-commerce model, positioning itself as a competitive player in the online pharmaceutical market. The website offers features such as product search by brand or generic name, customer support via contact forms and click-to-call functionality, and order tracking services. The platform leverages Magento 2 as its e-commerce CMS, integrating modern web technologies and marketing tools including Google Analytics, Google Tag Manager, and LivePerson chat for customer engagement and analytics. From a technical perspective, the website demonstrates a moderate level of digital maturity with a well-structured Magento 2 implementation, responsive design, and integration of various third-party marketing and analytics services. Performance is moderate with good mobile optimization and basic accessibility features. Security posture is generally good with HTTPS enforced and standard security headers present, although there is a lack of publicly available security policies or incident response information. A significant concern is the absence of WHOIS domain registration data, which is unusual for an active commercial website and raises questions about domain legitimacy and business transparency. Privacy and cookie policies are present and indicate GDPR compliance, supporting user privacy rights. Overall, the website appears professional and trustworthy in its content and user experience but would benefit from improved transparency regarding domain registration and security policies. Strategic recommendations include verifying and publishing domain registration information, enhancing security and incident response disclosures, improving accessibility compliance, and maintaining up-to-date third-party libraries to mitigate potential vulnerabilities.

D

The DIY HRT Directory 2.0 | The DIY HRT Directory 2.0

diyhrt.info

57

The DIY HRT Directory 2.0 is a niche informational website dedicated to providing transgender individuals with comprehensive guidance on safely performing DIY hormone replacement therapy. It offers specialized resources including transfeminine and transmasculine guides, telehealth and informed consent information, blood testing advice, and safe injection supply locations. The website operates as a non-commercial directory without selling products or services, targeting a sensitive and underserved community. The domain is relatively new, registered in 2022, and uses privacy protection likely justified by the nature of its content and audience. Technically, the site is built using modern static site generation technology (Astro) and leverages Cloudflare for DNS and CDN services, resulting in fast performance and good mobile optimization. The site includes accessibility and SEO best practices, with clear navigation and a professional design. However, it lacks some security headers and does not have DNSSEC enabled, which could be improved. The site uses minimal analytics via Cloudflare Insights, with no intrusive tracking detected. From a security perspective, the site enforces HTTPS and has domain transfer protections in place. No forms collect sensitive data, reducing risk exposure. However, the absence of privacy and cookie policies, as well as incident response contacts, indicates gaps in compliance and security transparency. The WHOIS data shows privacy protection but no suspicious patterns, supporting legitimacy. Overall, the website is a trustworthy, well-constructed resource with good content quality and technical implementation but would benefit from enhanced privacy compliance and security policies to improve user trust and regulatory adherence.

#

#HalfMyDAF

halfmydaf.com

59

The #HalfMyDAF website is a non-profit initiative focused on encouraging donors with donor advised funds to increase charitable giving by offering matching grants. The site is professionally designed using the Squarespace platform and provides clear instructions and resources for both donors and nonprofits. It partners with the Amalgamated Foundation, which sponsors the matching grants and promotes the initiative. Technically, the site uses modern web technologies and is mobile optimized with good SEO practices. Security posture is strong with HTTPS and HSTS enabled, though some security headers could be improved. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. The domain WHOIS data is missing or unavailable, which is unusual and slightly reduces trust, but the website content and partner association support legitimacy. Overall, the site is a credible and well-maintained platform serving a niche non-profit market.

P

Private by Design, LLC

unseen.ninja

57

The website unseen.ninja is a personal portfolio site representing an individual or small entity focused on design and coding services. The site presents a modern, clean design with SVG-based branding and uses Vue.js framework for frontend interactivity. The content is minimal but relevant, targeting a general audience interested in design and code. The domain is newly registered in early 2024, consistent with the site's apparent purpose as a personal portfolio. Technically, the site employs modern web technologies including ES modules, web fonts, and SVG graphics. It is hosted under a reputable registrar Porkbun LLC, though the hosting provider is not explicitly identified. The site is mobile optimized and has basic accessibility features. SEO is basic but includes proper meta tags and Open Graph data. From a security perspective, the site uses HTTPS but lacks DNSSEC and visible security headers, which are recommended for enhanced security. No forms or data collection mechanisms are present, reducing attack surface but also limiting user interaction. No privacy or cookie policies are provided, which is a compliance gap. The WHOIS data is consistent and transparent, with no privacy protection, appropriate for this type of site. Overall, the site is low risk with moderate trustworthiness but would benefit from improved security headers, privacy compliance, and contact transparency to enhance credibility and user trust.

M

mooncell07

mooncell07.me

56

Mooncell07 is a personal website and blog operated by an individual known as nova/mooncell07, focusing on web development learning, emulator development, network programming, gaming, and visual novels. The site serves as a platform to share open source projects and personal posts, targeting technology enthusiasts and developers. The website is built using modern frontend technology SvelteKit and hosted by Hostinger with privacy-protected domain registration, reflecting a small-scale personal project rather than a commercial enterprise. Technically, the site demonstrates a modern tech stack with good mobile optimization and basic SEO, though performance is moderate and accessibility is basic. Security posture is adequate with HTTPS and domain transfer protection but lacks DNSSEC and security headers, and no formal privacy or cookie policies are published. Overall, the site is safe, trustworthy, and professional for its intended personal use, but lacks formal compliance and security documentation typical of commercial sites.

The website duanin2.top currently presents no accessible content beyond an empty HTML skeleton. There is no metadata, no visible text, no forms, no contact information, and no business-related content. The domain is registered with HOSTINGER operations, UAB, with privacy protection enabled, and uses Cloudflare DNS servers. The domain age is approximately one year, consistent with a newly created or placeholder site. Due to the lack of content and contact details, the website does not provide any meaningful business information or user engagement opportunities. From a technical perspective, the site lacks any detectable technologies, scripts, or frameworks. There is no evidence of HTTPS or security headers, which are critical for secure web operations. The absence of privacy, cookie, or terms of service policies indicates non-compliance with common data protection regulations such as GDPR. No analytics or tracking mechanisms are present, suggesting minimal or no user data collection. Security posture is weak due to the absence of HTTPS and security headers, and no incident response or vulnerability disclosure information is available. The domain registration is privacy protected, which is common for small or new sites but reduces transparency. No suspicious patterns were detected, but the overall trustworthiness is low given the lack of content and business information. Overall, the website appears to be inactive or a placeholder with no substantive content or business presence. Strategic recommendations include implementing HTTPS, adding essential security headers, publishing privacy and cookie policies, providing clear contact information, and developing meaningful website content to improve trust, compliance, and user engagement.

P

Private by Design, LLC

dunkirk.sh

58

The website dunkirk.sh is a personal portfolio and blog site for Kieran Klukas, a 17-year-old homeschooled coder and content creator based in the United States. The site showcases personal interests such as filmmaking, FPV, and TypeScript programming, and provides contact information primarily via email. The domain is newly registered in 2024 under Private by Design, LLC, with transparent WHOIS data and appropriate domain security statuses. The site uses modern web technologies including TypeScript, Cloudflare DNS and CDN, and JavaScript, delivering a fast and mobile-optimized user experience with good SEO practices. From a security perspective, the site enforces HTTPS and benefits from Cloudflare's infrastructure, but lacks explicit security headers and formal privacy or cookie policies, indicating room for compliance improvement. No forms or sensitive data collection mechanisms are present, reducing attack surface. Analytics usage is minimal and privacy-conscious, relying on anonymous HTTP request counters. No vulnerabilities or suspicious content were detected. Overall, the site presents a moderate to good security posture with a strong technical foundation and clear business credibility as a personal portfolio. However, the absence of privacy and cookie policies and explicit security headers are notable gaps. Strategic improvements in these areas would enhance compliance and trustworthiness.

Blimpie is a well-established sub sandwich franchise brand operating under Kahala Franchising, L.L.C., with nearly 50 years of history in the retail food service sector. The website serves as a digital storefront providing menu information, franchise opportunities, catering services, and online ordering. It targets a broad general audience including consumers and potential franchisees. Technically, the site leverages AMP technology for optimized mobile performance and integrates multiple marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and Cookiebot for privacy compliance. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and vulnerability disclosure mechanisms are absent. WHOIS data is unavailable, possibly due to privacy protection or domain aliasing, but the site’s professional presentation and linkage to a known parent company support its legitimacy. Overall, the site demonstrates good digital maturity and business credibility with room for security enhancements.

M

Marathon Tours USA

marathontours.com

61

Marathon Tours USA operates as the world’s largest running events tour operator, specializing in providing guaranteed entry and accommodation for major marathon events globally. Their market position is strong within the niche of marathon travel, targeting runners and enthusiasts seeking comprehensive travel packages for major running events. The website reflects a professional business model focused on event-based travel services with a medium-sized operational scale and a founding date consistent with their domain age (2002). Technically, the website is built on WordPress with integrations such as Cookiebot for cookie consent management and Google Tag Manager for analytics and marketing. The use of Cloudflare DNS and CDN services enhances performance and security, although DNSSEC is not enabled. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. From a security perspective, the site employs HTTPS and some security best practices but lacks explicit security headers and published security policies or incident response contacts. The cookie consent mechanism is robust and GDPR compliant, reflecting good privacy compliance. No critical vulnerabilities or suspicious patterns were detected. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. Strategic recommendations include enabling DNSSEC, enhancing security headers, and publishing security and incident response policies to further strengthen trust and security posture.

A

AG1

drinkag1.com

74

AG1 is a prominent global health and wellness company specializing in daily foundational nutrition supplements, particularly greens powders trusted by athletes and health enthusiasts. The company has a strong market position with a large customer base and recognized certifications, supported by a professional and well-branded website. The technical infrastructure leverages modern web technologies including Next.js, React, and cloud hosting, ensuring fast performance and mobile optimization. The site integrates multiple analytics and marketing tools with a consent management system, although explicit privacy and cookie policies are not clearly linked on the analyzed page. Security posture is solid with HTTPS and domain transfer protections, but could be improved by enabling DNSSEC and publishing security policies. Overall, the website is trustworthy, professional, and safe for general audiences.

S

Shopping Cart Holdings, Inc.

monotote.com

54

Monotote is a technology company specializing in AI-driven connected commerce solutions for retailers and publishers. Their platform integrates product discovery and purchasing directly into digital content, enhancing user engagement and driving revenue growth. With a history dating back to 2015 and partnerships with major brands such as Nike and eBay, Monotote positions itself as an innovator in intelligent e-commerce technology. The company offers a suite of tools including Smart Product Walls, instant checkout, AI marketing automation, and advanced notification systems, designed to seamlessly integrate with existing platforms and deliver measurable business results. Technically, the website is built on WordPress with modern plugins and libraries such as WPBakery, LiteSpeed Cache, and various JavaScript libraries for UI components and analytics. The site demonstrates good mobile optimization, SEO practices, and uses multiple tracking and marketing tools including Google Tag Manager and Facebook Pixel. However, the hosting provider is not explicitly identified, and performance is moderate. From a security perspective, the site enforces HTTPS and uses secure forms with consent mechanisms. While some standard security headers are not detected, no critical vulnerabilities or exposed sensitive data were found. Privacy compliance is strong, with a comprehensive GDPR policy and cookie consent mechanisms in place. Contact information is complete and professional, though no explicit security policy or incident response details are provided. Overall, the website presents a professional and trustworthy front for Monotote's business. However, the absence of WHOIS registration data for the domain raises concerns about domain legitimacy and registration consistency. This discrepancy should be investigated further to ensure full trustworthiness. Strategic recommendations include enhancing security headers, maintaining updated software, and improving transparency around domain registration.

The website micenest.xyz represents a nascent creative collective or idea incubation platform with minimal current content. The site serves primarily as a placeholder with a unique custom font and a promise of future content additions by 2025. The business behind the domain is registered under a privacy-protected entity, Private by Design, LLC, based in the US, consistent with the early-stage nature of the project. The lack of detailed business information, contact details, or policies indicates the site is not yet fully operational or publicly mature. From a technical perspective, the website employs basic HTML and CSS with a custom font and minimal external dependencies. Hosting is provided by Porkbun, LLC, the domain registrar. There is no evidence of advanced frameworks, CMS, or analytics tools. Performance and mobile optimization are basic but functional. SEO and accessibility features are minimal, reflecting the placeholder status. Security posture is limited; no security headers or DNSSEC are enabled, and no privacy or cookie policies are present. The domain uses privacy protection, which is reasonable for the business type and stage. No vulnerabilities or malicious indicators were detected. Overall, the site is safe but lacks maturity in security and compliance. The overall risk is low given the minimal content and no sensitive data handling. Strategic recommendations include implementing security best practices, adding privacy and cookie policies, and providing contact and incident response information to improve trust and compliance as the site develops.

A

Amalgamated Charitable Foundation

amalgamatedfoundation.org

72

Amalgamated Charitable Foundation is a US-based nonprofit organization specializing in philanthropic fund management, including donor advised funds, combined impact funds, and rapid response funds. The foundation has moved over $1 billion since 2018 to support social justice and equity causes. The website is professionally designed using Drupal 9, with moderate performance and good mobile optimization. It integrates common third-party tools such as Google Analytics and AddToAny for sharing. Security posture is adequate with HTTPS and domain transfer protections, but lacks DNSSEC and security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website is trustworthy and credible but could improve compliance and security transparency.

The website 'Scrumpy System' at uwu.gal represents a small technology-focused community comprising software engineers, community managers, and web developers. The site provides a professional and visually consistent experience with clear navigation and social media integration, targeting a general audience interested in technology and software development. The business model appears to be community and service-oriented without explicit commercial transactions or e-commerce features. The domain is relatively new, created in late 2022, aligning with the site's small-scale and emerging presence. Technically, the site employs modern web technologies including HTML5, CSS3, JavaScript, Google Fonts, and FontAwesome icons. Hosting and DNS are managed via Cloudflare, ensuring good SSL configuration and moderate performance. The site is mobile optimized and includes interactive elements such as clocks and a starmap iframe. However, accessibility features are basic, and SEO is adequately addressed through meta tags and Open Graph data. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and important security headers like Content-Security-Policy. There are no published privacy, cookie, or incident response policies, which limits compliance with GDPR and other regulations. No forms or data collection mechanisms are present on the main page, reducing immediate risk but also limiting user engagement features. Overall, the website is safe and professional but would benefit from enhanced privacy and security policies, improved transparency, and additional compliance measures. Strategic recommendations include enabling DNSSEC, publishing privacy and cookie policies, adding security headers, and establishing incident response and vulnerability disclosure protocols to strengthen trust and security posture.

MindnBody is a newly established e-commerce website specializing in the sale of pharmaceutical and health-related products targeted at adult customers. The business operates an online retail model offering products such as Casodex and Estradiol tablets, with a clear age restriction policy to ensure compliance with legal purchase age requirements. The website is designed with modern web technologies including jQuery, Bootstrap, and Cleave.js, providing a basic but functional user experience with mobile optimization and a simple navigation structure. From a security perspective, the site uses HTTPS and includes an age disclaimer modal, but lacks critical security headers and DNSSEC, which reduces its overall security posture. There are no visible privacy or cookie policies, nor contact information or incident response details, which are significant compliance and trust gaps. The domain is very new and uses privacy protection for WHOIS data, which is reasonable for this business type but limits transparency. Overall, the website demonstrates a basic level of technical implementation and business credibility but requires improvements in privacy compliance, security best practices, and transparency to enhance trustworthiness and regulatory adherence. The risk level is moderate due to the absence of key policies and security features, and strategic enhancements are recommended to mitigate these gaps.

P

Private by Design, LLC

fedi.gay

39

The website at fedi.gay is a minimal, non-commercial site containing only a literary poem themed on Elven lore from Tolkien's universe. There is no business description, contact information, or commercial content. The domain is registered to Private by Design, LLC, a US-based entity, but the website content does not reflect any business operations or services. The domain WHOIS data is suspicious due to a future creation date, which raises concerns about legitimacy. Technically, the site uses basic HTML and CSS with no advanced frameworks or scripts detected. There are no privacy, cookie, or terms of service policies, and no contact or incident response information is provided. Security posture is weak with no DNSSEC, no security headers, and unknown SSL status. Overall, the site appears to be a placeholder or personal page rather than a professional business site.

The website nea.moe is a personal portfolio and blog site for Linnea Gräf, a software developer specializing in JVM languages such as Kotlin and Java. The site highlights personal coding projects, including maintenance of the NotEnoughUpdates project, and provides contact information primarily via email and social media. The domain is privacy protected and registered through a US-based privacy service, consistent with the personal nature of the site. The technical infrastructure uses the Astro framework, delivering a modern, fast, and mobile-optimized experience with minimal tracking via Plausible Analytics. Security posture is generally good with HTTPS enforced and domain transfer protections in place, though the site lacks security headers and formal privacy or cookie policies. Overall, the site is trustworthy and professional for a personal portfolio but could improve compliance and security transparency.

P

Private by Design, LLC

symtrkl.gay

44

The website symtrkl.gay is a personal portfolio and creative hub for Jennifer (SymTrkl), a transfeminine artist and writer based in the United States. The site showcases her work in illustration, web design, FPV drone piloting, and writing, with links to various social media and creative platforms. The business model centers on personal branding, commissions, and community support through platforms like Ko-Fi and Patreon. The site targets a general audience with a mature content segment including erotica and adult social media links. Technically, the site is built with standard HTML, CSS, and JavaScript, hosted via Porkbun with domain privacy protection. The site is moderately optimized for mobile and performance but lacks advanced SEO and accessibility features. No CMS or major frameworks are detected, indicating a custom or static site approach. From a security perspective, the domain uses registrar locks to prevent unauthorized changes but lacks DNSSEC and security headers. There is no visible HTTPS enforcement information, no privacy or cookie policies, and no incident response contacts. The site does not use analytics or tracking scripts, minimizing privacy risks but also limiting business intelligence. Overall, the site is legitimate and consistent with a personal creative portfolio but would benefit from improved security practices, privacy compliance, and clearer contact information to enhance trust and professionalism.

The website nekomimi.party currently serves as a minimal placeholder page with very limited content and no clear business description or services. The domain is newly registered in early 2023 and uses Cloudflare as its registrar and hosting provider. There is no evidence of a mature or established business presence, and no contact or policy information is provided on the site. Technically, the site uses basic HTML and CSS with no advanced frameworks or CMS detected. Security posture is minimal with no security headers or DNSSEC enabled, and privacy compliance is absent due to missing policies. Overall, the site appears to be in an early or inactive stage of development with low trustworthiness and limited user engagement potential.

The website citrons.xyz is a personal website belonging to an individual named raven, featuring journal entries, podcasts, galleries, and personal anecdotes. It does not represent a commercial business or organization and lacks formal business information or contact details. The site is modest in technical sophistication, built with basic HTML and CSS, and hosted on Mythic Beasts servers. There is no evidence of advanced frameworks, CMS, or analytics tools. Security posture is minimal with no detected HTTPS or security headers, and no privacy or cookie policies are present, indicating low compliance with modern web security and privacy standards. The domain is privacy protected and registered in 2021, consistent with the personal nature of the site. Overall, the site is safe for general audiences but lacks professional and security maturity.

L

Leading Cities

leadingcities.org

56

Leading Cities is a global non-profit organization focused on advancing smart city innovation, sustainability, and urban resiliency by connecting government leaders, entrepreneurs, investors, and industry stakeholders. The organization operates various programs including accelerators, incubators, education, and consulting to support startups and urban transformation. The website reflects a mature digital presence built on modern web technologies such as React and Next.js, with integration of analytics and video content. Security posture is generally good with HTTPS and domain locking, though improvements are needed in DNS security and published privacy compliance documentation. Overall, the site is professional and trustworthy, serving a specialized audience in government and technology sectors.

F

Fangamer

fangamer.com

69

Fangamer operates a professional e-commerce website specializing in licensed video game merchandise including apparel, plushes, figures, books, and accessories. The site targets video game enthusiasts and collectors, positioning itself as a niche leader in this market segment. The business model is retail-focused, leveraging the Shopify platform for online sales and distribution. The website demonstrates strong branding consistency and excellent content quality, with clear navigation and mobile optimization.

S

Sprouts Farmers Market

sprouts.com

75

Sprouts Farmers Market is a large retail grocery chain specializing in natural, organic, and gluten-free foods. The company operates neighborhood grocery stores offering fresh produce, meats, vitamins, supplements, and more, with a strong online presence including shopping, pickup, delivery, and catering services. The website is professionally designed, well-branded, and optimized for SEO and accessibility, targeting health-conscious consumers in the United States. Technically, the site is built on WordPress with modern frameworks and integrates multiple marketing and analytics tools such as Google Tag Manager, Facebook Pixel, and Criteo. Security posture is good with HTTPS enforced and standard security headers likely present, though explicit security policies and vulnerability disclosures are absent. WHOIS data is missing or privacy-protected, which is unusual for a major retail brand and slightly reduces trustworthiness. Overall, the website is safe, professional, and credible, with recommendations to enhance security transparency and WHOIS data clarity.

The Starlight Network is a small, privacy-focused technology and community project operated by two individuals, Alexia and Nelson. The website serves as a platform for their blog posts, community engagement, and hosting of services that emphasize privacy, decentralization, and usability. The business model is community-supported, relying on donations via Liberapay, and targets technology enthusiasts interested in privacy and social interaction. The domain is newly registered in 2025 with protections to prevent unauthorized transfers or deletions, aligning with the privacy-centric ethos of the project. Technically, the website is built with basic HTML and CSS, with no detected CMS or advanced frameworks. The site is moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. No analytics or tracking scripts are present, indicating a minimal data collection approach. The hosting provider is not explicitly identified, but the domain registrar is Porkbun, known for privacy-friendly services. From a security perspective, the site lacks DNSSEC, security headers, and visible HTTPS enforcement details, which lowers its security posture. There is no published security policy or incident response information, and no cookie or privacy consent mechanisms are implemented. However, domain registration protections and the absence of suspicious content or vulnerabilities suggest a moderate security maturity level. Overall, the website is safe for general audiences, with no adult or questionable content detected. The site is professionally presented but could benefit from enhanced security measures, privacy compliance improvements, and clearer contact information to increase trust and credibility.

The website 'mira's site' hosted on twoneis.site is a minimal personal presence site with a friendly and informal tone. It primarily serves as a placeholder with links to social platforms such as the Fediverse and Matrix, and provides a contact email. The site lacks substantive business content, policies, or commercial services, indicating a small-scale personal or community-oriented project. The domain WHOIS data is inconsistent, showing a future creation date and a registrant organization unrelated to the website content, which raises legitimacy concerns. Technically, the site is built with basic HTML and CSS, hosted via Porkbun, LLC. There is no evidence of advanced frameworks, CMS, or analytics tools. The site appears accessible without WAF or blocking mechanisms but lacks HTTPS confirmation and security headers, which weakens its security posture. Privacy and cookie policies are absent, and no forms or data collection mechanisms are present, limiting privacy compliance. Security-wise, the absence of HTTPS and security headers, combined with suspicious WHOIS data, lowers the trustworthiness and security score. No vulnerabilities or malware indicators were detected, but the site would benefit from implementing standard security best practices and compliance policies. Overall, the site is low risk but also low maturity in business and security terms. Strategic improvements in security, privacy compliance, and domain legitimacy verification are recommended to enhance trust and professionalism.

S

SelectCobb

selectcobb.com

55

SelectCobb is a regional economic development organization focused on promoting Cobb County, Georgia as an ideal location for business relocation, expansion, and investment. The website provides comprehensive resources including site selection assistance, workforce development programs, and investor relations. The organization positions itself as a trusted advocate for businesses, supporting them through planning and permitting processes to ensure long-term success. The site targets business decision-makers, investors, and workforce stakeholders, emphasizing Cobb County's competitive advantages and infrastructure. Technically, the website is built on WordPress using Elementor, with integration of Google Analytics and MonsterInsights for tracking. Hosting and DNS services involve GoDaddy and Cloudflare, providing a stable and secure infrastructure. The site demonstrates good SEO practices, mobile optimization, and accessibility features, although some accessibility aspects could be improved. Performance is moderate, with modern technologies and structured data enhancing search visibility. From a security perspective, the site uses HTTPS with a good SSL configuration and some security best practices. However, it lacks explicit security headers like Content-Security-Policy and does not provide a security policy or incident response contact information. No vulnerability disclosure or security.txt file is present. Privacy compliance is limited, with no visible privacy or cookie policies, which is a notable gap given the use of tracking technologies. Overall, the website is professional, trustworthy, and well-positioned for its business purpose. The main risks relate to privacy compliance and security transparency, which could be improved to enhance user trust and regulatory adherence. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, and providing clear incident response contacts to strengthen the security posture and compliance framework.

P

ParaFi Technologies LLC

parafi.tech

63

ParaFi Technologies LLC operates the website parafi.tech, providing infrastructure services for blockchain networks including staking on Solana, Ethereum (via Lido), Aptos, and Avalanche. The company is positioned as a niche technology infrastructure provider focused on decentralized networks, targeting blockchain operators and crypto users. The website is professionally designed with a modern tech stack based on Next.js and React, hosted on Cloudflare, and includes essential business and security policy pages. The technical infrastructure is modern and performant, with good SEO and mobile optimization. Security posture is solid with HTTPS and domain transfer protection, though improvements are recommended such as enabling DNSSEC and adding security headers. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite use of Google Analytics. Overall, the website is trustworthy and legitimate, with consistent WHOIS data and clear business information.