Other security reports

Eesti Ehitusinseneride Liit (EEL) is a non-profit voluntary association representing construction engineers in Estonia. Founded in 1991, it serves approximately 500 individual members and several collective members, providing professional membership services, certification, training, and information resources. The website positions EEL as a reputable and established professional body within the Estonian construction sector. Technically, the site is built on WordPress with common plugins and libraries, featuring moderate performance and good mobile optimization. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers are absent and privacy compliance is minimal due to lack of privacy and cookie policies. Overall, the website is professional, trustworthy, and well-aligned with the organization's mission, but could improve in privacy and security policy transparency.

V

Veeühing (GWP Estonia)

veeyhing.ee

43

Veeühing (GWP Estonia) is a voluntary association based in Estonia focused on water management and related environmental issues. It operates as part of the Global Water Partnership network, aiming to improve water management and protection globally. The organization hosts events such as seminars and conferences to engage stakeholders and disseminate knowledge. The website is professionally designed using WordPress and is actively maintained with regular event updates. The technical infrastructure is modern, leveraging standard WordPress plugins and libraries, and the site is served over HTTPS with no detected blocking or WAF interference. However, the site lacks explicit privacy and cookie policies, which impacts GDPR compliance and privacy posture. Contact information such as emails or phone numbers is not explicitly provided, which may affect user trust and communication. Overall, the website demonstrates a good level of professionalism and technical maturity but would benefit from enhanced privacy compliance and clearer contact channels.

The website estlat.eu is currently inaccessible due to a Cloudflare Turnstile security challenge page that blocks access to any substantive content. As a result, no business information, contact details, or policy documents are available for analysis. The site appears to be protected by Cloudflare's security infrastructure, indicating an intent to prevent automated or malicious access. However, this also limits the ability to assess the site's business operations, technical maturity, or security posture beyond the presence of Cloudflare protections. The lack of accessible content and absence of privacy or cookie policies suggest the site is either under maintenance, restricted, or not publicly available at this time. From a security perspective, the use of Cloudflare's WAF and Turnstile challenge is a positive indicator of baseline protection, but no further security best practices or vulnerabilities can be evaluated. Overall, the site currently presents a high risk due to lack of transparency and accessibility, and further direct access or cooperation from the site owners would be necessary for a comprehensive assessment.

I

Itero – Digitālā marketinga aģentūra

itero.lv

24

The website www.itero.lv appears to be a small business site hosted on WordPress with minimal content and limited digital maturity. The site lacks essential legal documents such as privacy policy, cookie policy, and terms of service, which are critical for compliance and user trust. Contact information and social media presence are not evident, reducing accessibility and credibility. Technically, the site uses standard web technologies but lacks advanced security headers and optimization features. The security posture is basic with no visible incident response or vulnerability disclosure mechanisms. Overall, the site presents a low-risk profile but requires significant improvements in compliance, security, and content quality to enhance trust and professionalism.

E

Eesti Põllumajandus-Kaubanduskoda

epkk.ee

44

Eesti Põllumajandus-Kaubanduskoda (EPKK) is a well-established Estonian organization founded in 2010, serving as a key chamber representing agricultural producers, food processors, forestry, and land management enterprises. The website provides comprehensive information about the organization's advocacy efforts, events, vocational qualifications, and market information services. The target audience primarily consists of Estonian agricultural and related sector stakeholders. The business model is non-profit and focused on supporting stable development and fair competition within the agricultural sector. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Modern Events Calendar, ensuring good SEO and event management capabilities. The site is hosted by a reputable Estonian registrar and uses HTTPS, providing a secure browsing experience. However, there are gaps in privacy compliance, notably the absence of privacy and cookie policies and consent mechanisms. Security posture is moderate with HTTPS and secure forms but lacks advanced security headers and published security policies. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

B

Baltic Sea Culinary Routes

balticseaculinary.com

44

Baltic Sea Culinary Routes is a regional cultural project website dedicated to promoting the culinary heritage and traditions of countries surrounding the Baltic Sea. The site offers rich content including country-specific culinary descriptions, recipes, chef testimonials, and project documentation aimed at strengthening regional identity and supporting rural vitality through culinary tourism. The target audience includes tourists, culinary enthusiasts, chefs, and cultural stakeholders interested in Baltic Sea cuisine. Technically, the website employs a traditional tech stack with jQuery 1.8.1, jQuery UI, and several JavaScript libraries for UI components and sliders. The site is mobile responsive and has a clear navigation structure, but uses outdated JavaScript libraries that pose security risks. SEO and accessibility are basic but functional. No CMS or hosting provider details are explicitly detected. From a security perspective, the site uses HTTPS and has domain transfer protections, but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. The use of outdated jQuery versions introduces potential vulnerabilities. No privacy or cookie policies are present, indicating compliance gaps with GDPR. No contact emails or incident response information is provided, limiting transparency and user trust. Overall, the website is functional and content-rich with moderate business credibility but has notable security and privacy compliance shortcomings. Strategic improvements in security headers, library updates, and privacy policy implementation are recommended to enhance trust and compliance.

S

SA Jõgevamaa Arendus- ja Ettevõtluskeskus

kultuuritee.ee

44

Kultuuritee.ee is a regional cultural tourism website managed by SA Jõgevamaa Arendus- ja Ettevõtluskeskus, promoting the cultural heritage and tourism opportunities in the Jõgevamaa region of Estonia. The site provides information about cultural routes, events, maps, and local attractions, targeting tourists and cultural visitors interested in exploring Estonian history and culture. The business model is non-profit and focused on regional development and cultural promotion. Technically, the website is built on WordPress with common plugins like Yoast SEO and uses Google Analytics and Tag Manager for visitor tracking. The hosting is provided by Zone Media OÜ, and the domain is registered since 2019, consistent with the site's purpose. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is functional, well-branded, and provides relevant content but could improve in privacy and security practices.

S

SportAccord

aimsisf.org

43

The Alliance of Independent Recognized Members of Sports (AIMS) operates as a non-profit international sports alliance representing various independent sports federations. The organization is positioned as a key stakeholder in the global sports governance ecosystem, partnering with major entities such as the International Olympic Committee (IOC), SportAccord, WADA, and ITA. The website serves as a communication platform providing news, member federation information, and partnership details to its target audience of sports professionals and federations worldwide. Technically, the website is built on WordPress using the Elementor page builder, hosted on StableServer infrastructure. The site demonstrates good mobile optimization, clear navigation, and a professional design, although some accessibility features could be improved. Performance is moderate, with no major technical issues detected in the HTML content. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but DNSSEC is not enabled and some security headers are not explicitly detected, suggesting room for improvement. From a security and compliance perspective, the website lacks explicit privacy, cookie, and terms of service policies, which impacts its privacy compliance score. No incident response or vulnerability disclosure information is available, and no direct contact emails or phone numbers are provided, limiting transparency in communication channels. The WHOIS data is consistent and transparent, confirming the legitimacy of the domain ownership and alignment with the organization's identity. Overall, the website is trustworthy and professionally maintained but would benefit from enhanced privacy compliance measures, improved security header implementation, and clearer contact information to strengthen user trust and regulatory adherence.

S

SportAccord

sportaccord.com

60

SportAccord is a globally recognized organization dedicated to connecting International Sport Federations, cities, right holders, and businesses to shape the future of sport. The website reflects a professional and well-established entity with a strong market position in the sports event and federation engagement sector. Key services include organizing major events such as the SportAccord Convention and the International Federation Forum, alongside providing platforms for sustainability and membership applications. The technical infrastructure is built on WordPress with modern plugins and analytics tools, ensuring a robust digital presence. Security posture is strong with HTTPS enforcement, security headers, and monitoring tools like New Relic, although explicit security policies and incident response details are not publicly disclosed. Overall, the website demonstrates high professionalism, good privacy compliance, and trustworthy business credibility.

S

SportAccord

gaisf.sport

60

SportAccord is a globally recognized organization dedicated to connecting International Sport Federations, cities, right holders, and businesses to shape the future of sport. The website reflects a professional and well-structured platform offering information about major events such as the SportAccord Convention and the International Federation Forum. The organization positions itself as a key player in the sports event and federation engagement sector, supported by the International Olympic Committee and a broad network of partners. The digital infrastructure is built on WordPress with modern plugins and analytics tools, ensuring a good user experience and performance. Security posture is strong with HTTPS enforcement and privacy compliance mechanisms like Usercentrics CMP. However, WHOIS data is privacy protected, limiting transparency on domain ownership, though this is common and justified for such entities. Overall, the website demonstrates a mature digital presence with good content quality, technical implementation, and business credibility.

Ü

Ühendus Sport Kõigile

sportkoigile.ee

41

Ühendus Sport Kõigile is an Estonian sports association dedicated to promoting sports activities and events across multiple disciplines. The website serves as an informational portal providing event calendars, organizational details, sports facilities, and coaching resources primarily targeting Estonian sports enthusiasts and organizations. The domain is well-established since 2010 and hosted under a reputable Estonian registrar, indicating a stable online presence. Technically, the website employs a traditional web stack with jQuery, Owl Carousel, Fancybox, and AOS for animations. While the technology is somewhat dated, it remains functional and provides a moderate performance experience. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. However, there is room for improvement in SEO and accessibility. From a security perspective, the site uses HTTPS but lacks visible security headers and formal privacy or cookie policies. No analytics or tracking scripts were detected, suggesting minimal user tracking. The absence of GDPR compliance indicators and consent mechanisms is a notable gap given the European context. No forms collecting sensitive personal data were found except a basic search form. Overall, the website presents a moderate risk profile with no critical vulnerabilities detected but with compliance and security best practices needing enhancement. Strategic improvements in privacy policy publication, cookie consent, security headers, and GDPR compliance would strengthen the site's trustworthiness and security posture.

T

treenerikutse.ee

treenerikutse.ee

46

The website treenerikutse.ee serves as a portal for coaching certification and related educational services primarily targeting the Estonian market. It offers functionalities such as application control, certification verification, self-training campaigns, and registers related to education and sports disciplines. The business operates in a niche sector focused on professional coaching and sports education within Estonia, with a domain registered in 2019 and hosted by Spin TEK AS, an Estonian registrar and hosting provider. Technically, the website employs a variety of common web technologies including jQuery, Bootstrap, FlexSlider, and DataTables, indicating a moderate level of digital maturity. The site is structured with responsive design elements but lacks advanced SEO optimization and accessibility features. The absence of CMS detection suggests a custom or lightweight platform. Performance is moderate, with no explicit indicators of slow loading but also no advanced optimization. From a security perspective, the site lacks visible security headers and does not provide explicit HTTPS status in the provided data, which is a concern. The cookie consent mechanism is implemented, indicating some awareness of privacy compliance, but no privacy policy or terms of service are present, limiting GDPR compliance. No contact information or incident response channels are provided, reducing transparency and trust. Overall, the website presents a basic but functional service portal with moderate business credibility. Security and privacy practices require significant improvement to meet modern standards. Strategic recommendations include implementing HTTPS with strong SSL/TLS, publishing comprehensive privacy and security policies, adding security headers, and providing clear contact information to enhance trust and compliance.

The website esbl.ee serves as an Estonian sports biographical lexicon, providing historical data and biographies of Estonian sports figures. It is operated by Spin TEK AS, a company registered since 2013, which aligns with the domain age and content maturity. The site targets sports enthusiasts and researchers interested in Estonian sports history. The business model is informational, focusing on archival and reference content rather than commercial services. Technically, the website is built on static HTML enhanced with JavaScript, notably using an outdated jQuery version (1.7.2). There is no evidence of a modern CMS or frameworks, and the site shows basic performance and accessibility features. Mobile optimization is poor, and SEO practices are minimal. Hosting appears to be managed by Spin TEK AS, consistent with the WHOIS data. From a security perspective, the site lacks modern security headers and uses outdated libraries, which could expose it to vulnerabilities. HTTPS usage and SSL configuration details are not explicitly provided but should be verified. The site implements a cookie consent mechanism and provides a privacy policy document, indicating some compliance with GDPR. However, no terms of service, security policies, incident response contacts, or vulnerability disclosure mechanisms are present. Overall, the website is functional and moderately credible but requires technical and security improvements to enhance trust and protect user data. Strategic recommendations include updating JavaScript libraries, implementing security headers, improving SSL configuration, and publishing comprehensive security and contact policies.

The website elva.ee is currently inaccessible beyond a Cloudflare security challenge page, which prevents access to any substantive content. The domain is registered since 2010 with a legitimate Estonian registrar, indicating a stable domain ownership. However, no business information, contact details, or compliance policies are visible due to the access restriction. The technical infrastructure relies on Cloudflare services for security and performance, but no further technical or business details can be assessed. The security posture cannot be fully evaluated given the lack of accessible content, but the presence of Cloudflare WAF indicates a baseline security measure. Overall, the site is currently not analyzable for business or compliance insights due to the WAF block.

R

Rohelise Jõemaa Koostöökogu

joemaa.ee

39

Rohelise Jõemaa Koostöökogu is a small regional cooperative organization based in Estonia, focused on sustainable rural economic development, cultural heritage preservation, and tourism promotion. The website serves as an informational and promotional platform highlighting the organization's mission, events, and regional identity. The technical infrastructure is based on WordPress with common plugins such as Yoast SEO and Contact Form 7, supported by standard web technologies like jQuery and Bootstrap. The site is moderately optimized for performance and mobile devices but lacks advanced accessibility features. Security posture is basic with HTTPS enabled but missing important security headers and policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is functional and professional but requires improvements in privacy, security, and compliance to enhance trust and user protection.

G

Geopeitus MTÜ

geopeitus.ee

41

Geopeitus.ee is a niche community platform dedicated to geocaching activities in Estonia, operated by Geopeitus MTÜ. The website offers geocache listings, user forums, event announcements, and user-generated content such as logs and photos. It targets geocaching enthusiasts primarily within Estonia, fostering an active and engaged community with premium membership features and event support. The platform's market position is that of a specialized community hub rather than a commercial enterprise. Technically, the site uses legacy JavaScript libraries like jQuery 1.6.4 and jQuery Fancybox 1.3.4, along with Google Tag Manager for analytics. The CMS appears custom-built, with basic mobile optimization and accessibility features. Security posture is moderate but could be improved; the site lacks modern security headers and uses outdated libraries that may expose vulnerabilities. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service. Contact information is limited to an obfuscated email and a login form; no phone numbers or physical addresses are provided. Overall, the site is functional and community-focused but would benefit from modernization and enhanced security and privacy practices.

A

Adrenaator Grupp

adrenaator.ee

40

Adrenaator Grupp operates the website adrenaator.ee, providing adventure and outdoor experiences such as canoe trips, hiking, and team events primarily in the Aidu quarry area in Estonia. The company targets families, friends, and corporate groups seeking unique adventure activities. The business is positioned as a niche local provider with a focus on experiential tourism and event hosting. The website is built on WordPress with modern SEO and GDPR compliance plugins, indicating a moderate level of digital maturity. Technical infrastructure includes Google Analytics and Tag Manager for tracking, and the site is hosted by Zone Media OÜ, a known Estonian registrar and hosting provider. Security posture is adequate with HTTPS enabled and cookie consent implemented, though some security headers are missing and no explicit security or incident response policies are published. Overall, the site is professional and trustworthy with room for improvement in security and contact transparency.

The website www.budgetlac.com is currently inaccessible due to a Cloudflare Turnstile security challenge page that blocks access to any substantive content. The WHOIS lookup for the domain returned no registration data, indicating the domain may not be registered or the data is unavailable, which raises concerns about the legitimacy and transparency of the site. No business information, contact details, or privacy-related policies are present or accessible. The technical infrastructure relies on Cloudflare services for security and performance, but the lack of accessible content and metadata prevents a full assessment of the site's business or security posture. Overall, the site presents a high risk due to lack of transparency and accessibility.

The website www.rescue.ee is currently inaccessible due to a Cloudflare security challenge page requiring human verification via Turnstile captcha. As a result, no actual website content, metadata, or business information is available for analysis. The site is protected by Cloudflare's security mechanisms, which block automated access and prevent content scraping. Without access to the real content, it is impossible to assess the business overview, technical infrastructure, security posture, or compliance status. This limitation significantly impacts the ability to provide meaningful insights or recommendations.

The website mirko.ee is currently inaccessible beyond a Cloudflare Turnstile human verification challenge page, which blocks access to any substantive content. The domain is registered with Zone Media OÜ in Estonia since 2022, indicating a relatively new but legitimate registration. Due to the WAF challenge, no business information, contact details, or policies are visible, limiting the ability to assess the company's operations or compliance posture. The technical infrastructure relies on Cloudflare services for security and performance, but no additional frameworks or CMS platforms are detectable. Security headers and privacy compliance measures are not observable due to the blocked content. Overall, the site appears to be protected by Cloudflare's security mechanisms but lacks publicly accessible information for a full evaluation.

E

Eesti Kergejõustikuliit

ekjl.ee

42

Eesti Kergejõustikuliit is the national athletics federation of Estonia, providing organizational support, event management, and athlete services within the Estonian athletics community. The website serves as a comprehensive portal for news, competition calendars, results, rankings, and educational materials targeting athletes, coaches, clubs, and fans. It holds a strong market position as the official governing body for athletics in Estonia. Technically, the website is built on WordPress with modern JavaScript libraries such as jQuery and Swiper.js, and uses Bootstrap for responsive design. The site demonstrates good digital maturity with structured data, SEO optimization, and mobile responsiveness, although some accessibility features could be improved. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and uses standard libraries without visible vulnerabilities. However, it lacks some security headers and does not provide explicit security or incident response policies. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the website is professional, trustworthy, and well-aligned with its business purpose. Strategic improvements in privacy compliance, security policy transparency, and accessibility would enhance its security posture and user trust.

E

Eesti Jalgpalli Liit

jalgpall.ee

44

Eesti Jalgpalli Liit is the official governing body for football in Estonia, managing national teams, leagues, and grassroots football development. The website serves as a comprehensive portal for football news, events, and organizational information targeted at players, fans, and stakeholders within Estonia's football community. The site integrates multimedia content including live scores, videos, and social media feeds, reflecting a mature digital presence. Technically, the website employs a custom CMS with modern JavaScript libraries and asynchronous loading of third-party SDKs such as Facebook and Google Analytics, ensuring moderate performance and good mobile optimization. Security posture is strong with enforced HTTPS and no visible vulnerabilities, though security headers could be improved. Privacy compliance is basic but includes cookie consent and a privacy policy in Estonian. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the organization.

L

Lääne-Virumaa Spordiliit

lvsl.ee

55

Lääne-Virumaa Spordiliit is a regional sports organization based in Rakvere, Estonia, focused on leading and developing sports activities in the Lääne-Virumaa region. The website serves as an informational portal primarily targeting local residents and sports enthusiasts. The business model is non-profit and community-oriented, with a clear regional focus. The website is built on the Wix platform, leveraging Wix Thunderbolt and standard web technologies, providing a moderate level of performance and mobile optimization. However, the site lacks comprehensive privacy and cookie policies, which impacts compliance and user trust. Security posture is adequate with HTTPS and some JavaScript hardening but could be improved with additional security headers and incident response information. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security transparency.

E

Eesti Võrkpalli Liit

volley.ee

40

Eesti Võrkpalli Liit operates as the official Estonian Volleyball Federation, providing comprehensive information on volleyball teams, competitions, and related activities in Estonia. The website serves as a central hub for volleyball enthusiasts, players, coaches, and fans, offering news, schedules, and organizational details. The site is well-structured and professionally designed, reflecting its role as a national sports governing body. Technically, the website is built on WordPress with modern SEO and analytics tools integrated, including Yoast SEO, Google Analytics, and Facebook Pixel. It is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS and implements some best practices like opening external links in new windows with noopener. However, it lacks visible security headers and formal privacy or cookie policies, which are important for compliance and user trust. Overall, the domain is legitimate, well-established since 2010, and consistent with the organization's profile. Strategic improvements in privacy compliance and security headers would enhance the site's trustworthiness and regulatory adherence.

L

Lääne-Virumaa Kossuliiga

virukorvpall.ee

39

Lääne-Virumaa Kossuliiga operates a regional basketball league website serving the Lääne-Virumaa community in Estonia. The site provides schedules, results, team information, and news updates related to basketball events. The business model focuses on sports event promotion and community engagement within the regional sports sector. The website is built on WordPress with SportsPress Pro plugin, indicating a moderate level of digital maturity and technical infrastructure. Hosting is provided by Zone Media OÜ, a known Estonian hosting provider. Security posture is adequate with HTTPS enabled and no visible sensitive data exposure; however, the absence of security headers and privacy policies indicates room for improvement. The site uses common analytics and marketing tools such as Google Analytics and AddThis, but lacks explicit privacy compliance mechanisms. Overall, the website is functional and professional but would benefit from enhanced privacy and security practices to improve trust and compliance.

B

Bureau Veritas Eesti

bureauveritas.ee

68

Bureau Veritas Eesti is a well-established branch of the global Bureau Veritas Group, specializing in certification, inspection, and sustainability services. The company offers a broad portfolio of services including ISO management system certifications, food safety, information security, and sustainability consulting, targeting businesses in Estonia. The website reflects a professional and consistent brand image with clear navigation and relevant content for its audience. Technically, the site is built on Drupal 10, uses modern consent management tools (Didomi), and integrates Google Analytics and Tag Manager for tracking. Security posture is strong with HTTPS enforced and standard security headers present, though explicit security and incident response policies are not found. Privacy compliance is partially addressed via cookie consent but lacks a clearly accessible privacy policy page. Overall, the website demonstrates a mature digital presence with room for improvement in privacy transparency and incident response communication.

The website maaruum.ee is currently inaccessible beyond a Cloudflare Turnstile human verification challenge page, which blocks access to actual content. The domain is newly registered in November 2023 under an Estonian registrar, consistent with the domain's country. The site uses Cloudflare services for security and performance, including Cloudflare Insights for analytics and Turnstile for bot mitigation. Due to the WAF challenge, no business information, contact details, or policies are visible, limiting the ability to assess the business model or market position. The technical infrastructure shows modern security practices such as HTTPS and Cloudflare protection but lacks DNSSEC and security headers. Privacy compliance and security posture are incomplete due to missing policies and contact channels. Overall, the site appears legitimate but is in an early stage with minimal public content.

The website 'kaart.ee/epood/' appears to be a minimal online store page titled 'EOMAP-Veebipood' with very limited content and no visible interactive elements or contact information. The domain is registered since 2010 with Zone Media OÜ, a known Estonian registrar and hosting provider, indicating a legitimate domain registration history. However, the website itself lacks essential business information, privacy policies, and security features such as HTTPS, which significantly impacts its trustworthiness and user confidence. Technically, the site uses outdated HTML framesets and lacks modern web technologies, resulting in poor user experience and SEO performance. Security posture is weak due to absence of HTTPS and security headers, and no incident response or vulnerability disclosure mechanisms are present. Overall, the site presents a high risk from a security and compliance perspective and requires significant improvements to meet modern standards.

The website kik.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge page, which blocks access to any substantive content. The domain is registered since 2010 with Zone Media OÜ, an Estonian registrar, indicating a legitimate registration. However, no business information, contact details, or compliance policies are visible on the landing page. The technical infrastructure relies on Cloudflare's security and analytics services, but no CMS or other technologies are detectable due to the blocked content. Security posture cannot be fully assessed given the lack of accessible content, but the presence of Cloudflare protection is a positive indicator. Overall, the site lacks visible privacy, cookie, or terms of service policies, and no contact or incident response information is available, limiting trust and compliance evaluation.

The website sm.ee is currently inaccessible beyond a Cloudflare security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content or business information. The domain is registered since 2010 with an Estonian registrar, indicating a mature and legitimate domain. However, no privacy policies, cookie notices, terms of service, or contact information are visible on the challenge page. The technical infrastructure relies heavily on Cloudflare services for security and performance. Due to the WAF blocking, a full security and compliance assessment is not possible. The site lacks visible security headers and business trust indicators in the accessible content. Overall, the site appears legitimate but is currently inaccessible for detailed analysis.

Õ

Õigusbüroo HUGO.legal õigusabi

hugo.legal

53

Õigusbüroo HUGO.legal is an Estonian legal services platform offering fast, accessible legal advice through professional jurists. The website provides multiple consultation channels including in-office, video, web, and phone, targeting residents of Estonia. The platform also offers legal applications to help users resolve debt and other legal issues efficiently. The business is positioned as a trusted local legal aid provider with a strong digital presence and content marketing through blogs and testimonials. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and WP Rocket, ensuring good performance, SEO optimization, and mobile responsiveness. The site uses HTTPS with a valid SSL certificate and integrates Google Analytics for user tracking. However, DNSSEC is not enabled, and security headers are missing, indicating room for security enhancements. From a security perspective, the site demonstrates good baseline practices including HTTPS and cookie consent mechanisms. There is no evidence of exposed sensitive data or vulnerable libraries. However, the absence of a published security policy, incident response contacts, and vulnerability disclosure reduces transparency. The domain registration is stable but shows partial privacy in WHOIS data, which is reasonable for this business type. Overall, the website is professional, trustworthy, and well-optimized for its target audience. Strategic improvements in security headers, DNSSEC, and published security policies would enhance its security posture and compliance. The business appears credible and well-established with a medium-sized market presence in Estonia.

The website info.vaivaravald.ee serves as a minimal informational portal primarily using a frameset to display content from an internal page and an external domain www.vaivara.ee. The site lacks substantive content, metadata, and modern web features, indicating a low level of digital maturity. There is no evidence of privacy policies, cookie consent mechanisms, or contact information, which limits user trust and compliance with data protection regulations. Technically, the site does not demonstrate use of modern frameworks, CMS, or security best practices such as HTTPS or security headers. The security posture is weak due to absence of encryption and lack of visible security controls. Overall, the site presents a low-risk profile due to minimal data collection but suffers from poor professionalism and trustworthiness.

The website juristaitab.ee is currently inaccessible due to a Cloudflare security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content, including business descriptions, contact information, or policies. The domain is registered since 2010 under Elkdata OÜ, an Estonian registrar, indicating a legitimate registration history. However, the lack of accessible content limits the ability to assess the company's market position, services, or technical maturity. The technical infrastructure relies on Cloudflare for security and performance, but no further technology stack details are available. Security posture is difficult to evaluate fully due to the blocked content, but the presence of Cloudflare indicates some level of protection. Privacy and compliance policies are not found, and no contact or business details are visible. Overall, the site currently presents a low trust profile due to inaccessibility and lack of transparency.

The website kriis.ee is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that requires human verification via Turnstile captcha. This security measure blocks access to the actual website content, preventing any meaningful analysis of business or security details. The domain is registered since 2010 with Zone Media OÜ, an Estonian registrar, indicating a legitimate and established domain. However, the lack of accessible content, absence of privacy or cookie policies, and no visible contact or business information significantly limit the ability to assess the website's business model, technical maturity, or security posture. The technical infrastructure relies on Cloudflare services for security and performance, but no advanced security headers or configurations are evident in the provided data. Overall, the site appears to be protected by strong perimeter security but lacks visible transparency or user-facing information.

The domain ehr.ee is currently inaccessible due to a Cloudflare Turnstile security challenge page, which prevents direct content analysis. The WHOIS data indicates the domain is registered with Zone Media OÜ in Estonia since 2010, suggesting a mature and legitimate registration. However, no business, contact, or policy information is publicly accessible on the landing page. The website relies heavily on Cloudflare's security and performance infrastructure, but no further technical or business details can be extracted due to the blocking mechanism. This limits the ability to assess the company's market position, services, or compliance posture. Security posture cannot be fully evaluated, but the presence of Cloudflare indicates some level of protection.

The website at v-maarja.eu is currently under construction, presenting only a frameset that redirects to a placeholder page. There is no meaningful content, metadata, or business information available on the site. The domain is registered through Zone Media OÜ, an Estonian registrar, but no further business details are provided. The lack of content and policies limits the ability to assess the business or its market position. Technically, the site lacks modern web features, security headers, and visible SSL configuration, indicating a low digital maturity level. Security posture is weak due to absence of HTTPS and security best practices, and no privacy or cookie policies are published, resulting in poor privacy compliance. Overall, the site presents a high risk due to minimal content and lack of transparency, requiring significant improvements before it can be considered trustworthy or compliant.

The website elvl.ee is currently inaccessible due to a Cloudflare security challenge page employing Turnstile captcha, which blocks access to any substantive content. The domain is registered to Elkdata OÜ, an Estonian company, since 2017, indicating a legitimate registration and consistent domain ownership. However, no business-related content, contact information, or compliance policies are accessible on the site. The technical infrastructure relies heavily on Cloudflare services for security and performance, but the lack of accessible content prevents a full assessment of the site's digital maturity or business model. Security posture cannot be evaluated beyond the presence of Cloudflare's WAF and challenge mechanisms.

The website lasteabi.ee is currently inaccessible due to a Cloudflare Turnstile security challenge page, preventing access to any substantive content. The domain is registered since 2010 with an Estonian registrar, indicating a legitimate and established presence. However, no business, contact, or policy information is accessible for analysis. The technical infrastructure relies on Cloudflare services for security and performance, but the lack of accessible content limits the ability to assess digital maturity or business operations. Security posture cannot be fully evaluated beyond the presence of Cloudflare's WAF protection. Overall, the site is effectively blocked from analysis, resulting in a low AI score and limited insights.

The website livekluster.ehr.ee is currently inaccessible beyond a Cloudflare security challenge page that requires human verification via Turnstile captcha. This indicates a strong security posture at the perimeter, likely to protect sensitive electronic health record (EHR) data. However, due to the content being blocked, no business or contact information, privacy policies, or terms of service are visible, limiting the ability to assess the company's market position or services. The technical infrastructure leverages Cloudflare's security and performance services, but the lack of visible content and metadata results in poor content quality and SEO. Security best practices are partially implemented through WAF and bot mitigation, but no additional security headers or policies are observable. Overall, the site demonstrates a high-security perimeter but lacks transparency and compliance disclosures in the accessible content.

K

Kihnu Muuseum

kihnumuuseum.ee

43

Kihnu Muuseum is a small cultural heritage museum located in Estonia, dedicated to preserving and presenting the unique Kihnu heritage culture. The museum operates both physical exhibitions and virtual tours, offering educational workshops, group visits, event organization, and guided services. The website is built on WordPress using the OceanWP theme and Elementor page builder, hosted by Elkdata OÜ. It employs modern web technologies including jQuery and Font Awesome, and uses plausible.io for privacy-conscious analytics. The site is accessible, mobile-optimized, and professionally designed with clear navigation and relevant content for its target audience. Security posture is good with HTTPS enforced and no visible vulnerabilities, though it lacks security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism. Overall, the website is trustworthy and credible for its business purpose, though improvements in security headers and privacy compliance are recommended.

C

404 Page not found | Canary

cms-dt.com

48

The website cms-dt.com currently serves a 404 error page indicating that the requested content is not available or has been moved. There is no visible business information, contact details, or privacy-related policies on the accessible page. The domain is relatively new, registered in April 2023 via Amazon Registrar, Inc., and uses the Laravel framework with common JavaScript libraries such as jQuery and Bootstrap. The technical infrastructure appears standard but lacks advanced security configurations such as DNSSEC and security headers. The absence of privacy policies, cookie consent mechanisms, and contact information indicates low compliance with privacy regulations and poor user trust signals. Overall, the site is in an early or incomplete state, limiting its business credibility and security posture.

The website haljala.ee is currently inaccessible beyond a Cloudflare Turnstile human verification challenge page, which blocks access to any substantive content. The domain is registered since 2010 with an Estonian registrar, indicating a legitimate and longstanding registration. However, no business information, contact details, or privacy policies are visible on the accessible page, limiting the ability to assess the business or compliance posture. The technical infrastructure relies on Cloudflare services for security and performance, but no additional technologies or CMS platforms are detectable. Due to the content block, the security posture cannot be fully evaluated, though the presence of Cloudflare WAF indicates some level of protection. Overall, the site lacks visible trust indicators and business transparency in the accessible content.

The domain xn--jgeva-dua.ee is registered with Zone Media OÜ, an Estonian registrar, since 2017. The website is currently inaccessible due to a Cloudflare security challenge page employing Turnstile captcha, which blocks access to actual content. No business-related content, contact information, or policies are visible, indicating the site is either under protection or not publicly available. The technical infrastructure relies on Cloudflare for security and performance, but lacks DNSSEC and security headers, which are recommended for enhanced security. The SSL configuration is basic but present. Overall, the website's digital maturity is low due to the lack of accessible content and minimal technical optimizations.

The website rae.ee is currently inaccessible due to a Cloudflare security challenge page employing Turnstile captcha, which blocks access to the actual website content. The domain is registered since 2010 with an Estonian registrar, indicating a legitimate and stable registration. However, no business information, contact details, or policies are visible on the landing page. The technical infrastructure relies heavily on Cloudflare services for security and performance, but no further technical or business details can be extracted due to the access block. The security posture cannot be fully assessed, but the presence of Cloudflare WAF indicates a baseline security measure. Overall, the site’s risk assessment is limited by the lack of accessible content, and strategic recommendations focus on enabling access for proper evaluation and improving transparency.

The website kosevald.ee is currently inaccessible due to a Cloudflare security challenge page employing Turnstile captcha, which blocks direct access to the site's content. The domain is registered since 2010 with a reputable Estonian registrar, indicating a stable domain history. However, no business, contact, or policy information is visible on the landing page, preventing a full assessment of the company's operations or compliance posture. The technical infrastructure relies heavily on Cloudflare's security and performance services, but no further technology stack or CMS details are available due to content blocking. Security posture cannot be fully evaluated, but the presence of Cloudflare WAF indicates some level of protection. Overall, the site scores low on content quality, privacy compliance, and business credibility due to lack of accessible information.

General Public is an independent branding and design agency based in Newcastle upon Tyne, UK, founded in 2009. The company focuses on providing creative branding and design services to a niche market of businesses and organizations seeking professional brand development. Their website reflects a consistent and professional brand image, with a clear presentation of their portfolio and thought leadership content. Technically, the website is built on WordPress with modern SEO and analytics tools integrated, including Yoast SEO and Google Analytics. The site is mobile optimized and performs moderately well, though accessibility features could be improved. Security posture is solid with HTTPS enabled and no visible vulnerabilities, but lacks security headers and formal privacy and cookie policies, which are compliance gaps. Overall, the business appears credible and established with a moderate trust level, but should enhance privacy compliance and security best practices to improve user trust and regulatory adherence.

T

Taararing OÜ

taararing.ee

42

Taararing OÜ is an Estonian company specializing in full solutions for deposit points and cleaning services for businesses, operating since 2006. The company serves retail stores and enterprises by managing deposit acceptance and providing cleaning services, employing approximately 50 people. Their market position is that of a trusted local service provider with a solid client base and over 16 years of experience in deposit acceptance management. Technically, the website is built on Concrete CMS with modern frontend technologies including Bootstrap 5 and jQuery, and integrates Google Analytics and Tag Manager for tracking. The site is mobile optimized and has good SEO practices, though accessibility is basic. Security posture is adequate with HTTPS enabled but lacks security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies and no consent mechanism. Overall, the website is professional and credible but could improve in compliance and security transparency.

M

MERI

mer.ee

43

MERI is a small Estonian artisan business specializing in unique metal art and jewelry, led by artist Merilin Pedastsaar. The website showcases a professional portfolio with detailed descriptions of bespoke metal artworks, collaborations, and awards, positioning MERI as a niche player in the Estonian art and design market. The technical infrastructure is modern, leveraging Bootstrap, Google Fonts, and Google Tag Manager, with a responsive and well-structured design that supports excellent user experience across devices. Security posture is adequate with HTTPS implied and secure form handling, but lacks explicit security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and professional but would benefit from enhanced compliance and security transparency.

V

Verband der Zoologischen Gärten (VdZ) e.V.

zoosciencelibrary.org

51

The Zoo Science Library is a specialized online platform documenting peer-reviewed scientific publications involving modern zoological gardens and aquaria. It serves as a knowledge transfer and networking tool for the zoological research community, supported by reputable organizations such as the Verband der Zoologischen Gärten (VdZ) e.V. and the European Association of Zoos and Aquaria (EAZA). The website is professionally designed, bilingual (German and English), and provides a searchable database of over 1400 publications from 2018 to 2022. Technically, the site is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and jQuery, and it uses Matomo for privacy-conscious analytics. Security posture is strong with HTTPS enforced and cookie consent implemented, though some HTTP security headers are missing and no explicit security or incident response policies are published. WHOIS data is unavailable due to malformed query responses, which slightly reduces domain trust but is mitigated by the site's affiliations and content quality. Overall, the site is a credible, niche scientific resource with good technical and security standards.

The Journal of Zoo and Aquarium Research (JZAR) is an open access academic journal affiliated with the European Association of Zoos and Aquaria, focusing on publishing peer-reviewed research related to zoos and aquaria. The journal operates on an open access model without publication fees, targeting researchers, academics, and professionals in the zoological and aquarium fields. The website is professionally designed and uses the Open Journal Systems platform, supported by modern web technologies such as jQuery and Bootstrap, hosted by Greenhost in the Netherlands. From a technical perspective, the site demonstrates good performance, mobile optimization, and accessibility. However, there is room for improvement in security practices, notably the absence of DNSSEC and security headers. The site enforces HTTPS and has domain transfer protections, which are positive indicators. Privacy compliance is lacking due to missing privacy and cookie policies, which should be addressed to meet GDPR and other regulations. Overall, the security posture is moderate with no critical vulnerabilities detected, but enhancements in security headers and explicit policies would strengthen trust. The domain WHOIS data aligns well with the business, showing a consistent and legitimate registration. The site maintains a minimal user tracking footprint and does not employ advertising or tracking scripts, supporting user privacy. Strategically, the journal should prioritize publishing privacy and cookie policies, enable DNSSEC, and implement security headers to improve compliance and security posture. These steps will enhance trust and align with best practices for academic publishing platforms.