Other security reports

C

Cluster Forst und Holz BW

cluster-forstholz-bw.de

54

The website represents the Cluster Forst und Holz BW, a cluster initiative in Baden-Württemberg, Germany, focused on promoting innovation and collaboration within the forestry and wood industry sectors. It serves as a platform for companies and research institutions to access funding programs, project information, and networking opportunities. The site highlights its strong market position with significant economic impact in the region, supported by partnerships with government and EU funding bodies. Technically, the website is built on the Yii framework with Bootstrap and jQuery, hosted on Hetzner servers, and demonstrates good mobile optimization and SEO practices. Security measures include HTTPS enforcement and CSRF protection, though some security headers and policies are not explicitly published. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page. Overall, the site is professional, trustworthy, and well-structured, though it lacks direct contact emails and explicit security or incident response policies.

A

ARAG SE

arag-karriere.de

64

ARAG SE is a well-established German insurance company specializing in legal protection insurance and related services, with a strong market position as the largest family-owned insurer in Germany and a global leader in its niche. The website serves as a professional career portal targeting job seekers interested in joining ARAG, featuring comprehensive content about company values, culture, and job opportunities. Technically, the site uses modern web technologies including jQuery, Google Tag Manager, Matomo analytics, and a proprietary recruitment platform by talentsconnect, ensuring good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS enforcement, cookie consent mechanisms, and privacy compliance, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR, with no signs of blocking or suspicious activity.

S

Stiftung z'Rieche

zrieche.ch

48

Stiftung z'Rieche is a Swiss cultural foundation dedicated to publishing the annual 'Jahrbuch z’Rieche', a yearbook focusing on the history, culture, and societal developments of the Riehen community near Basel. Established in 1961, the foundation serves a niche audience interested in regional heritage and cultural documentation. The website is built on TYPO3 CMS and integrates modern web technologies such as Google Analytics and Google Tag Manager for visitor tracking. The site is well-designed, mobile-optimized, and provides clear navigation to its key offerings including yearbook sales and news updates. However, direct contact information such as emails or phone numbers is not explicitly displayed, relying instead on a contact form.

K

Startseite - Kunstspaziergang Riehen

kunstspaziergang-riehen.ch

46

The website 'Kunstspaziergang Riehen' serves as an informational platform focused on art walks in the municipality of Riehen, Switzerland. It provides visitors with navigation and cultural insights related to local art installations. The site is built on WordPress and integrates Google Maps API for interactive map features. The design is professional and mobile-optimized, offering a good user experience with clear navigation. However, the site lacks critical privacy and cookie policies, which may impact GDPR compliance. No explicit contact information or security policies are present, limiting direct communication and transparency regarding data protection. Security headers are absent, representing a potential vulnerability. Overall, the website is functional and trustworthy for its cultural purpose but requires improvements in privacy, security, and contact transparency to enhance compliance and user trust.

A

Autistici/Inventati

autistici.org

63

Autistici/Inventati is a volunteer-driven organization founded in 2001 that provides free internet services and digital self-defense tools to activists and grassroots collectives. Their platform emphasizes privacy, non-commercial use, and solidarity, supporting individuals aligned with anticapitalist and digital rights movements. The website content reflects a strong commitment to these principles, with manual service request processing and no commoditization of user data. Technically, the website uses modern frontend technologies including Bootstrap and Typeahead.js, with responsive design and good SEO practices. However, some security best practices such as security headers and cookie consent mechanisms are not evident. The site does not expose sensitive data and uses HTTPS, but lacks explicit security policy or incident response information. From a security perspective, the site shows a moderate security posture with no visible vulnerabilities or tracking scripts. The absence of WHOIS data is consistent with privacy protection, which aligns with the organization's mission. No advertising or analytics services are detected, supporting their privacy-centric approach. Overall, the website is trustworthy, well-structured, and safe for general audiences. Strategic recommendations include enhancing security headers, adding cookie consent, publishing security policies, and improving accessibility to further strengthen their security and compliance posture.

B

B-Seite - Agenda für Basel

bseite.info

48

B-Seite is a niche community-driven agenda platform focused on providing an overview of subversive, alternative, and activist events in Basel, Switzerland. The website offers a calendar of events, event creation capabilities, and communication channels such as a newsletter and Telegram channel to engage its target audience. The platform serves a specialized community interested in political, cultural, and social activism. Technically, the website is built on Ruby on Rails with modern frontend technologies like Turbo Rails and Trix editor, providing a responsive and user-friendly experience. Security posture is moderate with HTTPS enforced and CSRF protections in place, but lacks advanced security headers and explicit privacy or cookie policies. The WHOIS data is privacy protected, which aligns with the nature of the site’s community focus. Overall, the site is functional, trustworthy, and well-positioned within its niche but could improve compliance and security transparency.

Gewerbeverein Turbenthal und Umgebung is a local business association representing approximately 130 members from the municipalities of Turbenthal, Wila, Wildberg, and Zell in Switzerland. The association focuses on supporting local businesses across various sectors including retail, manufacturing, hospitality, and services. Their activities include organizing events such as the Gewerbeausstellung GEWA trade exhibition, providing networking platforms, and contributing to the local economy by fostering employment and training young professionals. The website is well-structured, primarily in German, and targets local businesses and residents in the Tösstal region. It uses the ClubDesk CMS platform and integrates modern web technologies such as jQuery, FontAwesome, and Owl Carousel.

G

Gesamtverband Deutscher Holzhandel e. V

gdholz.de

41

Gesamtverband Deutscher Holzhandel e. V (GD Holz) is a representative industry association for the German wood trade sector, aggregating the interests of 800 member companies. The organization focuses on advocacy, education, sustainability, and regulatory compliance support such as EUTR/EUDR. The website reflects a professional and well-structured digital presence with a modern WordPress infrastructure, SEO optimization, and active social media engagement. However, explicit privacy and cookie policies are not found, and contact information is not clearly presented on the homepage. Security posture is adequate with HTTPS enabled but lacks visible security headers and incident response information. Overall, the site is trustworthy and serves its target audience effectively.

B

Brands for Employees

brandsforemployees.com

61

Brands for Employees is a Swiss-based platform offering weekly exclusive discount deals targeted at employees of participating companies. The website is built using modern web technologies including React and Next.js, hosted behind Cloudflare, and integrates analytics tools such as Hotjar and Cloudflare Insights. The platform aims to provide value through employee-exclusive offers, positioning itself as a niche service in the employee benefits market. Technically, the site demonstrates good mobile optimization and moderate performance, though accessibility features are basic. Security posture is adequate with HTTPS enforced and use of CDN security, but lacks explicit security headers and visible privacy or cookie policies. Contact information and legal disclosures are absent from the main page, which impacts trust and compliance perception. Overall, the site is safe for general audiences and does not contain adult or questionable content.

K

Karate Academy Hamburg e.V.

karateacademy.de

56

Karate Academy Hamburg e.V. is a specialized martial arts dojo located in Hamburg, Germany, offering karate training for children, youth, and adults across various skill levels. The organization emphasizes respect, self-defense, and physical and mental development through karate. The website is built on the Squarespace platform, featuring a professional design with good mobile optimization and clear navigation. Contact information and social media presence are clearly provided, enhancing business credibility. Security posture is adequate with HTTPS enforced but lacks advanced security headers and cookie consent mechanisms. Privacy policy is present and GDPR compliant but could be improved with explicit cookie management. Overall, the website reflects a trustworthy small business with a focus on community and training services.

The website du-machst-uns-aus.de appears to be a recruiting platform related to SGVHT, targeting job seekers in Germany. The site is built on TYPO3 CMS and incorporates a comprehensive cookie consent mechanism via Cookiebot, indicating awareness of privacy compliance requirements. However, the absence of a dedicated privacy policy, terms of service, and contact information limits its compliance and trustworthiness. Technically, the site uses modern technologies and is hosted on German servers, but SEO is minimal and the site is set to noindex, reducing discoverability. Security posture is moderate with HTTPS implied and cookie consent implemented, but lacks visible security headers or incident response information. Overall, the site is functional but requires improvements in privacy disclosures, contact transparency, and SEO to enhance credibility and compliance.

H

Helvetiarockt

helvetiarockt.ch

48

Helvetiarockt is a Swiss non-profit organization dedicated to empowering girls, women, intersex, non-binary, trans, and agender individuals through music workshops, sensitization events, and networking platforms. The organization positions itself as a niche player in the Swiss cultural and social empowerment sector, leveraging partnerships such as musicdirectory.ch and diversityroadmap.org to extend its reach and impact. The website is multilingual, supporting German, French, Italian, Romansh, and English, reflecting its inclusive and broad audience approach. Technically, the website is built on WordPress with modern integrations including Google Analytics, Google Tag Manager, and Elfsight widgets. It uses jQuery and GSAP for animations and interactive elements. The site demonstrates good mobile optimization and SEO practices, although some accessibility features could be enhanced. Performance is moderate, with deferred script loading to improve user experience. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks advanced security headers and explicit security or incident response policies. Privacy compliance is basic, with privacy and cookie policies present but no active consent mechanism. The site collects user data via newsletter subscription forms and uses tracking scripts moderately. Overall, Helvetiarockt presents a trustworthy and professional online presence with a clear mission and audience. Security and privacy practices are adequate but could be improved to meet higher compliance standards. The domain registration data aligns well with the organization's profile, supporting legitimacy. Strategic recommendations include enhancing security headers, implementing cookie consent, and publishing explicit security policies to strengthen trust and compliance.

P

Paprec Schweiz

paprec.ch

53

Paprec Schweiz is a well-established Swiss company specializing in sustainable recycling, waste management, and secure data destruction services. With over 125 years of experience and multiple subsidiaries across key Swiss regions such as Aargau, Basel, Geneva, Lucerne, and Zurich, the company offers comprehensive solutions for both corporate and private clients. Their business model focuses on environmental sustainability and resource recovery, leveraging modern technologies and eco-friendly processes. The website reflects a professional and consistent brand image, supported by structured data and active social media presence. Technically, the website is built on WordPress with popular plugins like Yoast SEO and Borlabs Cookie for SEO and privacy compliance. The site is mobile-optimized and uses interactive mapping tools to showcase locations. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers could be improved. Analytics usage is minimal and privacy-conscious, with Google Analytics disabled by default. No critical vulnerabilities or security issues were detected. However, the absence of a visible privacy policy and terms of service pages is a compliance gap. Contact information is clearly presented with multiple phone numbers and physical addresses for subsidiaries. Overall, the site demonstrates a mature digital presence aligned with the company's market position. Strategic recommendations include enhancing security headers, publishing comprehensive privacy and security policies, and improving accessibility features to further strengthen trust and compliance.

The website speaz.com currently presents an empty HTML page with no visible content, metadata, or interactive elements. The domain is registered with OVH sas since April 2020 and is locked against unauthorized transfers or deletions, indicating some level of domain management maturity. However, the lack of any website content or policies suggests the site is either under development or abandoned. There are no contact details, privacy policies, or security disclosures available, which limits the ability to assess the business or security posture comprehensively. Technically, the site is hosted by OVH but lacks modern web technologies, SEO optimizations, or accessibility features. Security headers and DNSSEC are not implemented, and SSL configuration is basic. Overall, the site scores low on content quality, technical implementation, privacy compliance, and business credibility.

S

Home | Stadtkloster Zürich

stadtkloster.ch

61

The website www.stadtkloster.ch is a small-scale, community-oriented site hosted on the Wix platform, primarily serving a Swiss audience. The site uses Wix's Thunderbolt framework and standard JavaScript libraries, indicating a modern but basic technical infrastructure. The content is minimal with no visible business or contact information, privacy policies, or terms of service, which limits its professional and compliance stature. Security posture is basic with no advanced headers or policies detected, and no forms or data collection mechanisms are apparent. Overall, the site appears safe and suitable for general audiences but lacks critical compliance and security features.

H

Human Rockstars

human-rockstars.com

47

Human Rockstars is a small coaching business based in Germany, specializing in systemic coaching, microdosing, and psychedelic integration. The website presents a professional and consistent brand with a strong focus on personal development and educational content, including a podcast featuring expert guests. The business targets individuals interested in microdosing and psychedelic experiences, offering personal and group coaching programs. Technically, the site is built on WordPress using Elementor and several plugins for SEO, cookie management, and podcasting. Security measures include HTTPS, reCAPTCHA on forms, and cookie consent mechanisms, though some security headers could be improved. Privacy policies are comprehensive and GDPR compliant. No direct contact emails or phone numbers are publicly listed, with contact primarily via a secured form. The domain registration is consistent with the business age and claims, enhancing trustworthiness.

I

INL – Privates Institut für Nachhaltige Landbewirtschaftung GmbH

nachhaltige-landbewirtschaftung.de

39

INL – Privates Institut für Nachhaltige Landbewirtschaftung GmbH is a specialized institute focused on measuring ecological sustainability in agriculture. With over 16 years of experience, the company offers consulting, certification, monitoring, and scientific services primarily targeting agricultural businesses, retailers, and environmental stakeholders in Germany. The website reflects a niche market position with a professional presentation and clear service offerings. Technically, the website is built on WordPress 6.8.2 with a modern plugin ecosystem including OpenLayers for mapping and WP Statistics for analytics. Hosting is provided by Cloudpit, and the site uses HTTPS with good SSL configuration. Mobile optimization and SEO are well addressed, though accessibility is basic. No major technical issues or vulnerabilities were detected in the visible content. From a security perspective, the site uses HTTPS and some security best practices but lacks explicit security headers and published security or incident response policies. No vulnerabilities or exposed sensitive data were found. Privacy compliance is supported by a privacy policy and cookie consent mechanism, aligning with GDPR requirements. Overall, the site presents a low risk profile with a good balance of content quality, technical implementation, and business credibility. Strategic improvements could focus on enhancing security headers, publishing incident response information, and adding direct contact details for security and data protection officers.

S

Skiclub Graue Hörner

grauehoerner.ch

49

Skiclub Graue Hörner is a well-established non-profit ski club based in Mels, Switzerland, founded in 1935. The club offers a variety of skiing-related activities including youth racing groups, ski touring, ski gymnastics, and social events for members. The website serves as an information hub for members and prospective members, providing event schedules, membership applications, and news updates. The club maintains a local presence with sponsorships and active social media channels on Facebook and Instagram. Technically, the website is built on WordPress with a modern plugin stack including Events Manager and Beaver Builder, providing a functional and moderately optimized user experience. Security posture is adequate with HTTPS enforced and spam protection via honeypot, but lacks advanced security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professional, suitable for its community-focused purpose.

S

Error

suddl.ch

50

The domain suddl.ch currently hosts a Wix error page indicating that the domain is not connected to an active website. There is no business information, contact details, or privacy policies present, which suggests the domain is either unused or under development. The website is built on the Wix platform using AngularJS and jQuery libraries, but no custom content or services are offered. The technical infrastructure is basic and lacks modern SEO and accessibility features. Security posture is minimal with no detected security headers or policies, and the domain registration is privacy protected, limiting transparency. Overall, the site presents a low trust profile and minimal business presence.

The website mauris-lacasa.ch is currently non-functional, displaying a critical WordPress error page with no accessible business content or user interface. This indicates a significant technical failure preventing normal operation and user engagement. The lack of privacy, cookie, or terms of service policies further suggests the site is not currently maintained or compliant with standard regulations. Technically, the site uses WordPress CMS but lacks visible security headers, performance optimizations, or SEO best practices. The absence of HTTPS confirmation and security policies raises concerns about the security posture. Overall, the site presents a high risk due to its inaccessibility and lack of compliance, requiring urgent remediation to restore functionality and trust.

The website sofdi.com is currently inaccessible beyond a standard 503 Service Temporarily Unavailable error page, indicating maintenance downtime or capacity issues. Due to this, no business content, metadata, or user-facing information is available for analysis. The domain is registered with 1API GmbH since 2009, showing a mature domain age and active registration until 2026, which supports legitimacy. However, the lack of registrant details and absence of website content limits the ability to assess the company's business model, services, or market position. Technically, the site lacks DNSSEC and security headers, and no HTTPS enforcement details are available from the provided data. No privacy or cookie policies, contact information, or security disclosures are present, indicating poor compliance and transparency at this time.

The website stefan-aufdermaur.ch serves as a personal or professional portfolio site for Stefan Auf der Maur, likely showcasing artistic or photographic work. The site is minimalistic with limited metadata and no structured data, focusing primarily on visual content. The target audience appears to be general visitors interested in the individual's work, with no commercial or transactional features evident. Technically, the site uses basic HTML, CSS, and JavaScript with lazy loading for images, but lacks advanced SEO, accessibility, and performance optimizations. Security posture is weak, with no visible security headers or privacy policies, and no HTTPS status confirmed from the provided data. No contact information or forms are present, limiting user engagement and trust signals. Overall, the site is functional but basic, with room for significant improvements in security, privacy compliance, and user experience.

Genossenschaft Haus Oslo Ateliers is a small cooperative likely focused on providing atelier spaces or community services for artists and creatives in Switzerland. The website is primarily informational, presented in German, and built on the CraftCMS platform. The technical infrastructure is moderate with HTTPS enabled and hosted on an Apache server, but lacks advanced security headers and privacy compliance features. No contact or policy information is provided, which limits user trust and compliance with regulations such as GDPR. The site does not employ analytics or advertising technologies, indicating a minimal digital footprint. Overall, the website serves its niche audience but requires improvements in privacy, security, and contact transparency to enhance credibility and compliance.

Julian Salinas Fotografie is a small photography business based in Switzerland, focusing on artistic and commissioned photography services primarily in Basel and Zurich. The website presents basic information about the business and its offerings, including art works, commissioned projects, exhibitions, portraits, and video projects. The target audience is general, including art enthusiasts and potential clients seeking photography services. Technically, the website is built using React and standard web technologies such as JavaScript and CSS. The site appears moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. There are no detected content management systems or third-party analytics or advertising tools integrated. From a security perspective, the website lacks visible security headers and privacy or cookie policies, indicating a low maturity level in security and compliance. No forms or data collection mechanisms are present, reducing immediate data protection concerns but also limiting user engagement. The absence of HTTPS information prevents a full SSL configuration assessment. No WAF or blocking mechanisms were detected, and the site content is fully accessible. Overall, the website presents a basic but functional online presence for a small photography business. Key recommendations include implementing HTTPS, adding privacy and cookie policies, improving security headers, and providing clear contact information to enhance trust and compliance.

J

Jugendkulturfestival Basel (JKF)

jkf.ch

45

Jugendkulturfestival Basel (JKF) is a small-scale cultural festival focused on youth engagement in Basel, Switzerland. The website serves as an informational platform for the festival's upcoming events, providing program links, partner information, and contact details. The festival targets youth and cultural enthusiasts in the region, positioning itself as a key local cultural event. Technically, the site is built on WordPress with modern web standards, including HTTPS and responsive design, but lacks advanced SEO and accessibility features. Security posture is moderate with HTTPS enabled but missing important security headers and no visible incident response or security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is functional and professional but could improve in compliance and security transparency.

The analyzed URL corresponds to a Chrome internal error page (chrome-error://chromewebdata/) which serves as a placeholder when the browser cannot load the requested website content. The page includes the offline dinosaur game scripts and styles but contains no actual business or website content. Consequently, there is no identifiable company information, business description, or market positioning. The technical infrastructure is limited to client-side JavaScript for the embedded game, with no server-side or hosting details available. Security posture cannot be assessed due to the absence of real website content, security headers, or HTTPS information. Privacy compliance elements such as privacy policies, cookie consent, or contact information are missing. Overall, this is not a functional website but a browser error page, and thus the risk assessment is that no meaningful business or security evaluation can be performed.

R

Ruedi Walti Fotografie

ruediwalti.ch

47

Ruedi Walti Fotografie is a small Swiss photography business specializing in architecture, flora, and publication photography. The website serves primarily as a portfolio or informational site with minimal content and no visible contact or policy information. The technical infrastructure is based on modern frontend technologies such as React and Webpack, indicating a contemporary approach to web development. However, the site lacks advanced SEO, accessibility, and performance optimizations, reflecting a basic digital maturity level. Security posture is minimal with no detected security headers or privacy policies, and no HTTPS status was explicitly provided, suggesting room for improvement in securing the site and enhancing user trust. Overall, the risk level is moderate due to the absence of critical security flaws but also due to missing compliance and contact information.

U

unterdessen.ch

unterdessen.ch

48

The website unterdessen.ch presents minimal accessible content with no visible business description, contact information, or policies. The site uses a modern JavaScript framework (SvelteKit) and custom fonts, indicating some technical maturity, but lacks SEO, accessibility, and user engagement features. Security posture is weak due to absence of security headers and privacy policies, and WHOIS data is privacy protected, limiting transparency. Overall, the site appears to be a small or early-stage project with limited public-facing information, resulting in low trust and credibility scores.

A

ateliernord.ch

ateliernord.ch

44

The website ateliernord.ch presents minimal accessible content with no metadata, structured data, or visible business information. The site uses the SvelteKit JavaScript framework, indicating a modern technical foundation, but lacks visible SEO, accessibility, or security features. No privacy, cookie, or terms of service policies are found, and no contact information or forms are present, limiting user engagement and trust. Security posture cannot be fully assessed due to lack of headers and SSL details. Overall, the site appears to be in an early or minimal state with limited business or security maturity.

Christine Moser's website serves as an online portfolio showcasing her art exhibitions and objects, primarily targeting art enthusiasts and museum visitors. The site highlights projects such as 'Double Face' at the Museum für Gestaltung Zürich, positioning her as a niche artist in the contemporary art and design space. The business model is centered on artistic presentation rather than commercial sales or services. Technically, the website employs modern frontend technologies including Svelte and Swiper.js for interactive galleries, indicating a moderate level of digital maturity. The site appears mobile-optimized with good design quality and navigation clarity, although accessibility features are basic. No CMS or hosting provider details are evident. From a security perspective, the site lacks key security headers and explicit privacy or cookie policies, which lowers its compliance posture. The absence of contact information and incident response details further limits trust and security transparency. However, no vulnerabilities or suspicious elements were detected, and the content is safe for general audiences. Overall, the website is functional and professionally presented but would benefit from enhanced security practices, privacy compliance, and clearer contact information to improve trustworthiness and regulatory adherence.

The website mirjamplattner.ch appears to be a minimal personal or professional portfolio site built using the SvelteKit framework. The content is very limited, primarily displaying a logo image with no additional textual or metadata content. There is no evidence of privacy policies, cookie consent mechanisms, or terms of service, indicating a basic digital maturity level. The technical infrastructure is modern in terms of framework choice but lacks visible SEO, accessibility, or performance optimizations. Security posture is minimal with no detected security headers or HTTPS confirmation in the provided data, and no contact or incident response information is available. Overall, the site presents a low-risk profile due to minimal content and no suspicious elements, but it lacks many standard compliance and security features expected for professional or business websites.

3

3 Mai Avocates

3mai.ch

58

3 Mai Avocates is a small, multilingual law firm based in Geneva, Switzerland, specializing in criminal law, torts and contracts, and public law. The firm is led by founding partners Xenia Rivkin and Sofia Suarez-Blaser and serves clients in French- and German-speaking Switzerland as well as in international disputes. The website is professionally designed with good content quality and clear navigation, supporting multiple languages to cater to a diverse client base. Technically, the site uses modern frameworks such as SvelteKit and integrates Google Maps for location display, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled but lacks advanced security headers and published security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site presents a trustworthy and professional image but would benefit from enhanced compliance and security documentation.

S

szenografieschweiz.ch

szenografieschweiz.ch

43

The website szenografieschweiz.ch currently presents minimal accessible content, primarily consisting of a basic HTML structure with JavaScript modules loaded via the SvelteKit framework. There is no visible textual content, metadata, or structured data to provide insights into the business operations, services, or market positioning. The absence of privacy, cookie, or terms of service policies, as well as contact information, limits the ability to assess compliance and user engagement. Technically, the site uses modern JavaScript frameworks but lacks visible performance or security optimizations. Security posture is weak due to missing HTTPS/SSL information and absence of security headers or policies. Overall, the site appears to be in an early or placeholder state, with significant gaps in content, compliance, and security.

M

Miranda Roux

mirandaroux.net

51

Miranda Roux is a Danish artist based in Geneva, specializing in figurative art that explores surrealism, classical sculpture, and taboo themes. The website serves as a portfolio showcasing her selected works, biography, news, texts, and contact information. The site targets art enthusiasts, collectors, and galleries interested in contemporary European art. Technically, the website is built using the modern Svelte framework, hosted by Infomaniak Network SA, and employs HTTPS with domain transfer protection. However, it lacks DNSSEC and a defined Content-Security-Policy header, which are recommended for enhanced security. The site does not provide privacy or cookie policies, nor does it include direct contact emails or phone numbers, relying solely on a contact form for communication. No tracking or advertising technologies are detected, indicating a privacy-conscious approach but also a lack of compliance documentation. Overall, the website is professional and well-structured but would benefit from improved security headers and privacy compliance measures.

The website vittoriosantoro.info serves as an online portfolio for the artist Vittorio Santoro, showcasing current and past exhibitions, recent works, and publications. It targets art enthusiasts, galleries, and cultural institutions interested in the artist's work. The business model is primarily promotional, focusing on visibility and information dissemination rather than direct sales. The site is niche and small scale, consistent with an individual artist's portfolio. Technically, the site is built using modern JavaScript technologies, specifically the SvelteKit framework, and includes interactive elements such as a swiper for featured content. The site is mobile optimized and has a good design quality, though accessibility and SEO optimizations are basic. No CMS or hosting provider details are evident from the content. From a security perspective, the site lacks visible security headers and privacy-related policies, which lowers its security posture. No HTTPS or SSL configuration details were available from the data, and no contact or incident response information is provided. The WHOIS data is incomplete due to unsupported TLD WHOIS queries, limiting domain trust assessment. Overall, the site appears legitimate but would benefit from improved security and compliance measures. The overall risk is moderate with recommendations to implement security headers, add privacy and cookie policies, provide contact information, and verify SSL/TLS configurations to enhance trust and compliance.

The eMuseum website serves as the digital archive platform for the Museum für Gestaltung Zürich and the Archive of the Zurich University of the Arts (ZHdK). It provides extensive access to a large collection of design and art objects, positioning itself as the largest Swiss online database in this domain. The platform targets researchers, curators, designers, collectors, and the general public interested in design and art history. The business model is non-profit, focusing on cultural preservation and digital access rather than commercial activities. Technically, the website is built on a custom CMS leveraging the Apache Tapestry framework, with frontend technologies including Bootstrap, jQuery, OpenLayers, and Font Awesome. It employs Matomo for analytics and AddToAny for social sharing. The site is mobile-optimized with moderate performance and basic accessibility features. SEO optimization is basic, with room for improvement in structured data and meta tags. From a security perspective, the site enforces HTTPS and uses secure form tokens, but lacks several security headers and published policies such as privacy, cookie, and incident response. No vulnerabilities or malicious content were detected. The WHOIS data aligns well with the institutional identity, confirming legitimacy and trustworthiness. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance, improved security headers, and more transparent contact and incident response information to strengthen user trust and regulatory adherence.

B

Beisheim Holding

beisheim.com

61

Beisheim Holding operates as a holding and capital management company with a professional online presence focused on corporate stakeholders and investors. The website is structured using modern web technologies including Nuxt.js and integrates Cookiebot for comprehensive cookie consent management, reflecting a commitment to privacy compliance. However, the absence of WHOIS registration data raises concerns about domain legitimacy, despite the professional appearance and GDPR-compliant cookie practices. The site lacks explicit contact information, terms of service, and security policies, which limits transparency and user trust. Security posture is moderate with HTTPS enforced but missing key security headers and incident response information. Overall, the website is functional and compliant in privacy aspects but would benefit from enhanced transparency and security disclosures.

H

Start - Hannover sauber! Gemeinsam für eine schöne Stadt.

hannover-sauber.de

46

The website www.hannover-sauber.de represents a community-driven initiative focused on promoting cleanliness and beautification in the city of Hannover, Germany. The site serves as a platform for residents and community members to engage in activities aimed at maintaining a clean urban environment. The business model is non-commercial and primarily community-oriented, with a small scale and local focus. The website was first published in 2021 and uses WordPress CMS with the Divi theme, supplemented by various plugins for enhanced functionality such as event management, testimonials, and social media feeds. From a technical perspective, the site employs modern web technologies including HTTPS, Google Fonts, Cookiebot for cookie consent, and Google Analytics for visitor tracking with IP anonymization. The site is mobile-optimized and demonstrates good SEO practices. However, there is room for improvement in accessibility and performance optimization. The technical stack is typical for small to medium WordPress sites, leveraging popular plugins and themes. Security posture is moderate with HTTPS enabled and bot protection via Google reCAPTCHA. Cookie consent is actively managed through Cookiebot, indicating awareness of privacy regulations. However, the absence of security headers and lack of explicit privacy and security policies reduce the overall security maturity. No vulnerability disclosure or incident response information is provided, which could be a concern for transparency and trust. Overall, the website is safe for general audiences, with no adult or questionable content detected. The lack of detailed contact information and formal policies slightly impacts business credibility and privacy compliance scores. Strategic recommendations include adding privacy and security policies, implementing security headers, and providing clear contact channels for incident response. These steps would enhance trustworthiness and compliance with data protection regulations.

K

KIZ | Kommunikations- und Innovations-Zentrum

kiz.de

50

KIZ | Kommunikations- und Innovations-Zentrum is a well-established German company specializing in career coaching, business consulting, and support for self-employment. With over 28 years of experience, it offers services such as job and career coaching, startup and business coaching, and digital projects including online programs. The website is professionally designed, content-rich, and targets individuals seeking professional development and entrepreneurial support primarily in Germany. Technically, the site is built on TYPO3 CMS, uses modern JavaScript libraries, and integrates consent management and analytics tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers and explicit policies could be improved. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and credible with no signs of suspicious activity or content safety concerns.

PuzzlePlayz.com is a Swedish website operated by Bulls, a company specializing in providing digital and printed crossword puzzles, sudoku, and similar puzzle content. The business positions itself as the largest provider of online crosswords in Sweden, targeting puzzle enthusiasts and publishers. Their services include responsive digital puzzles compatible across devices and digitalization of existing puzzles. The website content is professional and consistent with the business focus, though it lacks comprehensive privacy and cookie policies. Technically, the website uses standard web technologies including Bootstrap CSS and Google Analytics with Google Tag Manager for tracking. The domain is registered through a reputable registrar and hosted with DNS services via Cloudflare. The site is mobile optimized and performs moderately well but lacks advanced SEO and accessibility features. Security practices are basic with HTTPS enabled but missing important security headers and DNSSEC. From a security perspective, the website shows moderate maturity. HTTPS is implemented, and Google Analytics is configured with secure cookie flags. However, the absence of security headers, DNSSEC, and published privacy or incident response policies indicates room for improvement. No critical vulnerabilities or adult content were detected, and the domain registration is consistent and legitimate. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, security hardening, and transparency to improve trust and regulatory adherence.

The website e-pages.dk currently serves an error page indicating that the requested content is not found. There is no accessible business information, metadata, or contact details available on the page. The domain is registered since 2006 and is active, but the website content is minimal and lacks professional presentation or navigation. The technical infrastructure cannot be fully assessed due to the lack of content and metadata. Security posture is weak with no evidence of HTTPS or security headers, and no privacy or cookie policies are present. Overall, the website appears inactive or misconfigured, resulting in a poor user experience and low trustworthiness.

The website frontify-artifacts.com is currently inaccessible, presenting an Access Denied error page with no visible content or metadata. This indicates the presence of a web application firewall or security mechanism blocking access, preventing a full analysis of the site's content, policies, or business information. The domain is registered through Amazon Registrar, Inc. with DNS hosted on AWS, which is consistent and typical for legitimate businesses. However, the lack of accessible content and absence of privacy, cookie, or contact information limits the ability to assess the company's business model, market position, or compliance posture. From a technical perspective, the site shows minimal technical implementation with no detectable scripts, frameworks, or SEO optimizations. Security posture is basic with no DNSSEC enabled and no security headers observed, though HTTPS is presumably enabled given the domain uses AWS infrastructure. The domain registration is valid and not privacy protected, which supports legitimacy, but the inaccessible content significantly reduces trust and credibility. Security evaluation highlights the need for improved security headers, DNSSEC implementation, and visible privacy and cookie policies to meet compliance standards such as GDPR. The absence of contact or incident response information further weakens the security and compliance posture. Overall, the site currently poses a low trust level due to inaccessibility and lack of transparency. Strategic recommendations include enabling DNSSEC, publishing comprehensive privacy and cookie policies, improving security headers, and ensuring the website content is accessible to users and security scanners. These steps will enhance trust, compliance, and security maturity, enabling better business credibility and user confidence.

H

HIPMI

bpc-hipmi-rembang.com

10

HIPMI Kabupaten Rembang is a regional chapter of the Indonesian Young Entrepreneurs Association, focused on fostering entrepreneurship and economic independence among young businesspeople in the Rembang Regency. The organization offers membership benefits including networking, collaboration, capacity building, and access to capital and markets. The website is built on WordPress with modern plugins and SEO tools, hosted with reputable providers and secured with HTTPS. However, the domain is newly registered in 2025, which is inconsistent with the organization's founding year of 1974, suggesting a recent domain acquisition or rebranding. Security posture is moderate with HTTPS enabled but lacking DNSSEC and security headers. Privacy compliance is basic with no cookie consent mechanism detected. Overall, the site is professional and trustworthy but could improve security and privacy practices.

E

Europäischer Verband der Veranstaltungs-Centren e.V.

evvc.org

54

The Europäischer Verband der Veranstaltungs-Centren e.V. (EVVC) is a well-established association representing approximately 600 event venues across German-speaking Europe. Their website serves as a comprehensive platform offering membership information, a job portal, educational opportunities via the EVVC Akademie, and a partner network. The site is professionally designed using Drupal 8 and modern frontend technologies, providing good user experience and mobile optimization. Privacy compliance is addressed with a cookie consent banner and a detailed privacy policy in German. However, no explicit terms of service or security policies are publicly visible. The WHOIS data is unavailable due to privacy protection or malformed queries, which is common for such organizations. Overall, the website demonstrates a solid business presence with moderate technical sophistication and a good security posture, though improvements in security headers and transparency could be made.

blaueQuelle Kommunikationsgesellschaft mbH is a small, professional advertising agency based in Germany, serving primarily the Göttingen and Kassel regions. The company offers a comprehensive range of services including web design, SEO, Google Ads management, print advertising, corporate design, and marketing workshops. Their market position is strengthened by memberships in local business organizations, indicating a trusted regional presence. The website reflects a clear business focus on helping clients improve their online visibility and branding through integrated marketing solutions. Technically, the website is built on the ProcessWire CMS platform and utilizes Matomo analytics with privacy-conscious settings such as disabled cookies and Do Not Track enabled. The site is mobile-optimized and demonstrates good SEO practices with proper meta tags and structured navigation. Hosting is managed via INWX, a reputable provider, and HTTPS is enforced, ensuring secure communications. From a security perspective, the site benefits from HTTPS and privacy-aware analytics but lacks visible security headers and a cookie consent mechanism, which are recommended for GDPR compliance. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website content, showing a consistent and legitimate domain registration without privacy protection, appropriate for this business type. Overall, the website presents a professional and trustworthy digital presence with moderate technical sophistication and a good security posture. Strategic improvements in security headers and cookie consent would enhance compliance and user trust further.

The website www.swisswine.com serves as an informational and promotional platform dedicated to Swiss wines, highlighting the diversity and cultural richness of Swiss wine production. It targets wine enthusiasts, tourists, and consumers interested in Swiss wines. The business model appears to be focused on education and promotion rather than direct sales. The website design is modern and visually appealing, utilizing Tailwind CSS and JavaScript libraries such as Swiper.js and Mapbox GL JS for interactive elements. However, the technical infrastructure lacks visible CMS or hosting details, and performance is moderate with good mobile optimization but basic accessibility and SEO features. Security posture is weak due to the absence of HTTPS verification in the provided data, missing security headers, and no visible privacy or cookie policies. The WHOIS data is unavailable, raising concerns about domain legitimacy and trustworthiness. Overall, the site provides relevant content but lacks critical security and compliance features, which could impact user trust and regulatory adherence.

The website at www.pierre-latine.com appears to be a WordPress-based site utilizing Gravity Forms and Font Awesome for icons. However, the content is minimal and primarily technical, with no substantive business or contact information visible in the provided HTML snippet. The WHOIS query for the domain returned no match, indicating that the domain may not be registered publicly or is protected by privacy services, which raises concerns about legitimacy. No privacy, cookie, or terms of service policies were found, and no contact emails or phone numbers are present, limiting the ability to verify the business identity or compliance with data protection regulations. Technically, the site uses modern iconography and form scripts but lacks visible security headers or advanced security configurations.

H

HIPMI

hipmi-sintang.org

54

HIPMI Kabupaten Sintang is a regional chapter of the Indonesian Young Entrepreneurs Association, focused on fostering entrepreneurship and economic independence among young businesspeople in Sintang, Indonesia. The organization has a long history dating back to 1974 and offers networking, training, and market access services to its members. The website serves as an official portal for news, events, membership registration, and organizational information. Technically, the site is built on WordPress with modern plugins and SEO tools, hosted with Cloudflare DNS and secured with HTTPS. However, the domain registration is recent, which may indicate a new domain acquisition or migration. Security posture is moderate with HTTPS enabled but lacks DNSSEC and security headers. Privacy compliance is basic with a privacy policy and terms of service present but no cookie consent mechanism. Overall, the website is professional and trustworthy but could improve in security and privacy transparency.

H

HIPMI

hipmi-papua.org

55

HIPMI Provinsi Papua is a regional branch of the Indonesian Young Entrepreneurs Association, focused on fostering entrepreneurship among youth in Papua. The organization has a long history since 1974 and serves over 3000 members with multiple branches. The website provides comprehensive information about the organization, its vision, mission, events, and membership opportunities. Technically, the site is built on WordPress with modern plugins and frameworks, hosted with Cloudflare DNS and registered via NameCheap. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is basic with no cookie consent mechanism detected. Overall, the site is professional and trustworthy but could improve security and privacy transparency.

H

HIPMI

hipmi-jambi.org

55

HIPMI Kota Jambi is a regional branch of the Indonesian Young Entrepreneurs Association, a non-profit organization established in 1974 to foster young entrepreneurs and economic independence in Indonesia. The website serves as an official portal providing information about the organization, its history, vision, mission, membership benefits, events, and news. It targets young entrepreneurs in Kota Jambi and surrounding regions, offering networking, collaboration, and capacity-building opportunities. The organization has a significant membership base and structured management. Technically, the website is built on WordPress using Oxygen Builder, with integrations of Google Fonts, Google Analytics, and Fluent Forms. It is hosted behind Cloudflare DNS and CDN services, ensuring good performance and security basics such as HTTPS and domain transfer lock. The site is moderately optimized for SEO and mobile devices, with clear navigation and professional design. From a security perspective, the site uses HTTPS and has domain transfer protection but lacks DNSSEC and explicit security or incident response policies. No cookie consent mechanism is present, which may affect privacy compliance. The domain registration is recent and partially inconsistent with the organization's long history, which may warrant further verification. Overall, the website is professional and trustworthy for its intended audience but could improve in privacy compliance and security transparency. Strategic recommendations include enabling DNSSEC, publishing security policies, and implementing cookie consent to enhance compliance and trust.