Other security reports

Naturparkmagazin.de is an online magazine dedicated to German nature parks, providing news, event information, product promotions, and educational content targeted at nature enthusiasts and visitors. The website operates on a WordPress platform with modern SEO and cookie consent tools, indicating a moderate level of digital maturity. The technical infrastructure includes Cloudflare DNS services and standard WordPress plugins, ensuring reasonable performance and security. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with a comprehensive privacy policy and cookie consent banner. Business credibility is supported by consistent branding, partner links, and professional content, although direct contact details like emails or phone numbers are not explicitly provided. Overall, the website presents a trustworthy and professional front for its niche audience.

Zentralstelle Deutschland is a small non-profit organization focused on the collection, coordination, and online presentation of biological data related to organisms in Germany, specifically mosses, lichens, and fungi. The website serves as an informational hub for researchers, biologists, and enthusiasts, providing distribution maps and data coordination support. The organization collaborates with regional and scientific partners to maintain and expand biological data coverage. Technically, the website is built using Bootstrap and jQuery, with a basic but functional design. It lacks modern CMS features and advanced SEO or accessibility optimizations. Security posture is modest, with no detected HTTPS enforcement or security headers, though no sensitive data collection is present. Privacy compliance is minimal, with a privacy policy page but no cookie consent mechanism. Overall, the site is trustworthy for its niche but would benefit from improved security and privacy practices.

The website www.moose-deutschland.de serves as an authoritative informational platform dedicated to the documentation and dissemination of data related to moss species in Germany. Operated by the Zentralstelle Deutschland, it provides comprehensive checklists, distribution data, photographs, and educational content targeting researchers, bryologists, and nature enthusiasts. The site maintains a consistent and professional brand presence with clear navigation and relevant content focused on biodiversity and environmental education. Technically, the site employs modern web technologies including HTML5, Tailwind CSS for styling, and jQuery for scripting, hosted likely on a stable infrastructure with no detected blocking or WAF interference. The content is responsive and optimized for mobile devices, though some accessibility features are basic. SEO practices are adequately implemented with proper meta tags and structured navigation. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and a cookie consent mechanism, which are recommended for enhanced security and GDPR compliance. No incident response or vulnerability disclosure information is provided, indicating room for improvement in security transparency. Overall, the website presents a low-risk profile with a good level of trustworthiness and business credibility. Strategic enhancements in privacy compliance and security best practices would further strengthen its posture and user trust.

The website www.flechten-deutschland.de is a specialized scientific project operated by Zentralstelle Deutschland, focusing on the distribution, description, and photographic documentation of lichens in Germany. It serves a niche audience of biologists, environmentalists, and nature enthusiasts by providing comprehensive data, checklists, and community engagement opportunities such as mapping and data maintenance. The site is supported by reputable Bavarian environmental and botanical institutions, enhancing its credibility and trustworthiness. Technically, the website employs modern frontend technologies including Tailwind CSS and jQuery, hosted on INWX infrastructure, and is optimized for mobile devices with good navigation and content structure. Security posture is moderate with HTTPS usage but lacks explicit security headers and published security policies. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional, trustworthy, and well-aligned with its scientific mission.

The website pilze-ammersee.de serves as an educational and informational platform dedicated to the fungi species of the Ammersee region in Germany. It offers extensive photographic content, distribution maps, and detailed descriptions of over 3000 mushroom species, targeting nature enthusiasts, mycology hobbyists, and conservationists. The project is regionally focused and supported by local governmental and mycological organizations, positioning it as a niche but valuable resource within Bavaria and potentially broader German-speaking audiences. Technically, the site is built on the Mezzanine CMS with Bootstrap and jQuery 1.7.1, indicating a somewhat dated but functional technology stack. The site is moderately optimized for mobile and accessibility, with clear navigation and good content relevance. However, there is no evidence of modern security headers or advanced performance optimizations. The absence of HTTPS confirmation and use of an outdated jQuery version pose potential security risks. From a security and compliance perspective, the site lacks visible privacy and cookie policies, GDPR compliance indicators, and contact information for incident response or data protection officers. No analytics or tracking scripts were detected, suggesting minimal user tracking. The WHOIS data is limited but consistent with a legitimate domain registered via GoDaddy's nameservers. No WAF or blocking mechanisms were detected, and the content is safe and appropriate for general audiences. Overall, the site is a credible, regionally focused educational resource with moderate technical maturity and some security and compliance gaps. Strategic improvements in security posture, privacy compliance, and technical modernization would enhance trust and resilience.

F

F11 - The One-Stop-Platform For Digital Advertising

f11-ads.com

56

The website www.factor-eleven.com appears to be a Wix-hosted site with standard Wix scripts and polyfills. However, the absence of WHOIS registration data raises concerns about the domain's legitimacy and registration status. The website lacks critical compliance documents such as privacy and cookie policies, and no contact information is provided, which diminishes business credibility. Technically, the site uses modern JavaScript polyfills and Wix platform technologies but lacks advanced security headers and practices. Overall, the security posture is weak, and the site does not demonstrate GDPR compliance or incident response readiness. The content quality and business information are minimal, limiting the ability to assess the company's market position or services. Strategic recommendations include verifying domain registration, implementing privacy and cookie policies, enhancing security headers, and providing clear contact information to improve trust and compliance.

P

Pilztag

pilztag.de

63

Pilztag is a small niche educational website focused on mushrooms and related vocabulary, primarily targeting German-speaking audiences interested in mycology. The site offers a digital mushroom word collection, articles on mushroom species, mushroom cuisine, and information about the European Mushroom Day. It operates on a WordPress platform using the Divi theme and several plugins including Yoast SEO and Borlabs Cookie for GDPR-compliant cookie management. The website demonstrates good SEO practices, mobile optimization, and a consistent branding approach. Social media presence on Facebook and Twitter supports community engagement. Security posture is solid with HTTPS enforced, use of Google reCAPTCHA, and cookie consent mechanisms, though additional security headers could enhance protection. No critical vulnerabilities or exposed sensitive data were detected. The site lacks explicit business contact information and formal security or incident response policies, which could be improved for enhanced trust and compliance. Overall, Pilztag presents as a trustworthy, well-maintained educational resource with moderate technical sophistication and good privacy compliance.

The website 'Bloggers Unite' hosted at xperta.es is a basic WordPress blog platform primarily serving general audiences with blog content. The site currently contains minimal content, including the default 'Hello world!' post, indicating it may be newly established or under development. The business model appears to be content publishing with no evident commercial or transactional services. Technical infrastructure is based on WordPress CMS with standard web technologies such as HTML5, CSS3, and JavaScript. The site demonstrates moderate mobile optimization and basic SEO but lacks advanced technical or security features. Security posture is minimal with no detected security headers or policies, and the site lacks privacy, cookie, or terms of service documentation. The domain registration is privacy protected, which is common for small personal blogs but limits trust signals. Overall, the site scores low to moderate on content quality, security, and privacy compliance, reflecting a basic web presence without professional or business-grade features.

B

Babygalerie24 - Babygalerie24.de/babysmile24

babygalerie24.de

29

The website babygalerie24.de appears to be a simple, small-scale platform focused on baby photo galleries, targeting German-speaking parents or families. The site content is minimal and lacks detailed business descriptions, contact information, or interactive features. Technically, the site uses legacy jQuery libraries and basic CSS styling without modern frameworks or CMS indications. Mobile optimization and accessibility are poor, and no advanced SEO or analytics tools are detected. Security posture is weak with no visible HTTPS enforcement or security headers, and no cookie consent mechanisms are present. The WHOIS data shows an active domain with standard nameservers but lacks registrant details, limiting trust assessment. Overall, the site is functional but basic, with significant room for improvement in content richness, security, and compliance.

D

Deutscher Tennis Bund

mypadel.de

75

mypadel.de is an official platform dedicated to the sport of Padel in Germany, operated under the Deutscher Tennis Bund. It provides comprehensive information including news, club and coach directories, event details, and partner information, serving players, coaches, clubs, and partners. The website is professionally designed with consistent branding and clear navigation, targeting the German Padel community. Technically, the site is built on Adobe Experience Manager with modern JavaScript frameworks and integrates third-party services for analytics, advertising, and cookie consent management. Security posture is strong with HTTPS enforced and secure form implementations, though some security headers could be improved. Privacy compliance is well addressed with accessible privacy and cookie policies and GDPR consent mechanisms. Overall, the site demonstrates high business credibility and trustworthiness with official federation backing and partner endorsements.

D

Deutscher Tennis Bund (DTB)

tennis.de

11

tennis.de is the official digital platform for tennis in Germany, operated under the Deutscher Tennis Bund (DTB). It serves as a centralized hub for tennis players, clubs, fans, and stakeholders, offering services such as player profiles, tournament and league searches, training offers, news, and licensing for ranked players. The platform is well-positioned as the authoritative source for tennis-related activities in Germany, leveraging partnerships with major tennis equipment brands and regional tennis federations. Technically, the website is built on Adobe Experience Manager, hosted on Adobe's cloud infrastructure, and integrates modern JavaScript frameworks and advertising technologies. The site demonstrates good performance, mobile optimization, and accessibility standards. Security posture is solid with HTTPS and secure form handling, though it lacks explicit security policies and vulnerability disclosure mechanisms. Privacy compliance is strong with clear privacy and cookie policies, and GDPR adherence is evident. Overall, tennis.de is a professional, trustworthy, and comprehensive platform for the German tennis community.

SailingAdmin is a specialized software platform developed primarily for the administration of sailors and officials affiliated with Swiss Sailing. It provides member data management and regatta registration functionalities, partially accessible to clubs and classes. The platform emphasizes data privacy and confidentiality, allowing members to control their personal data visibility and usage. The website reflects a niche market position focused on Swiss Sailing's community with a small-scale business model and a consistent brand presence. Technically, the site uses standard web technologies including Bootstrap and jQuery, with moderate performance and basic mobile optimization. Security posture is moderate, with no explicit security headers detected and no visible vulnerabilities, but lacking advanced security policies or incident response information. Privacy compliance is partially met with a privacy policy present but missing cookie consent mechanisms and terms of service. Overall, the website is professional, trustworthy, and safe for general audiences, with a legitimate domain registration consistent with the business history and location.

Swiss Sailing operates the Swiss eSailing Championship, a national-level virtual sailing competition leveraging the Virtual Regatta Inshore platform. The website serves as an informational and promotional portal for the 2025 season, targeting Swiss citizens interested in eSailing. The organization collaborates with recognized partners such as World Sailing and Virtual Regatta, and benefits from sponsorship by Allianz, enhancing its market credibility. The business model focuses on event organization, participant engagement, and partnership-driven promotion within the niche eSports sailing community. Technically, the website uses a modern but straightforward tech stack including Bootstrap, jQuery, and FontAwesome, with integration of social media SDKs for Facebook. The site is mobile optimized and provides clear navigation and relevant content. Hosting and domain registration are consistent with the Swiss focus, though DNSSEC is not enabled. Performance is moderate, with room for improvement in SEO and accessibility. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which are recommended to enhance protection. No cookie consent mechanism or detailed privacy compliance features are present, which could be improved to meet GDPR standards more fully. The WHOIS data shows privacy protection but aligns with the Swiss entity and domain age is appropriate, supporting legitimacy. Overall, the website is professional and trustworthy with good business credibility but could benefit from enhanced security practices and privacy compliance measures to reduce risk and improve user trust.

S

Home

swiss-sailing-league.ch

9

The Swiss Sailing League website serves as an informational and promotional platform for a niche sports league focused on sailing activities in Switzerland. The site primarily provides basic content about the league and links to its social media channels. The technical infrastructure is based on Joomla CMS with standard web technologies such as FontAwesome and Google Fonts. HTTPS is properly configured, and basic security measures like CSRF tokens are implemented, indicating a reasonable security posture for a small organization. However, the site lacks critical compliance elements such as privacy and cookie policies, contact information, and security headers, which limits its overall trustworthiness and compliance standing. There are no signs of malicious content or blocking mechanisms, and the content is safe for general audiences.

Swiss Sailing Team is a Swiss sports organization dedicated to competitive sailing, supporting elite and youth athletes. The website serves as a platform for news, team information, event updates, and partner engagement. It targets sailing enthusiasts, athletes, and sponsors within Switzerland. The business model is centered on athlete development and sponsorship partnerships, positioning itself as a national leader in sailing sports. Technically, the site is built on WordPress with common libraries such as jQuery, Bootstrap, and Slider Revolution, hosted by omega.influent.solutions. The site is moderately performant and mobile-optimized with basic accessibility and SEO features. Security posture is adequate with HTTPS and Google reCAPTCHA implemented, but lacks advanced security headers and explicit privacy/cookie policies. Contact information is clearly provided, including company emails and physical address, alongside active social media presence. Overall, the website is professional and trustworthy but could improve privacy compliance and security hardening.

E

EUROSAF

eurosaf.org

9

EUROSAF is the European Sailing Federation, a non-profit organization dedicated to governing and promoting sailing activities across Europe since 1998. The website serves as an information hub for governance, committees, events, and regulatory frameworks related to sailing in Europe. The site targets sailing organizations, athletes, officials, and enthusiasts, positioning itself as a key continental federation in the sailing sports sector. Technically, the website is built on WordPress with common plugins and frameworks such as Bootstrap and WPBakery Page Builder, hosted via a reputable registrar and DNS provider. The site is moderately performant and mobile-optimized but lacks some advanced SEO and accessibility features. Security posture is adequate with HTTPS enabled and domain transfer protection, but it lacks DNSSEC and important security headers, which should be addressed to improve resilience. Privacy compliance is weak due to missing privacy and cookie policies, which is a significant gap given GDPR requirements in Europe. Overall, the website is professional and trustworthy but would benefit from enhanced security and privacy practices.

W

World Sailing

sailing.org

10

World Sailing is the official international governing body for the sport of sailing, providing comprehensive information on sailors, international regattas, events, boat classes, member federations, and rankings across multiple sailing disciplines including fleet racing, match racing, para sailing, and e-sailing. The organization serves a global audience of sailing enthusiasts, athletes, and affiliated federations, positioning itself as the authoritative source for sailing governance and event information worldwide. The website reflects a medium-sized, professional non-profit entity with consistent branding and good content quality. Technically, the website employs modern web technologies such as Vue.js and is hosted on a CDN infrastructure (Amazon CloudFront), ensuring moderate to good performance and mobile optimization. The presence of Google Tag Manager indicates active analytics and marketing tracking, although privacy compliance measures such as cookie consent and privacy policies are not evident in the provided content. From a security perspective, the site enforces HTTPS and follows some best practices but lacks visible security headers and explicit privacy or incident response policies. No vulnerabilities or suspicious elements were detected in the content. The WHOIS data is unavailable or privacy-protected, which is common for organizations of this nature, and does not raise immediate concerns. Overall, the website is professional, trustworthy, and safe for general audiences, but improvements in privacy compliance and security header implementation are recommended to enhance trust and regulatory adherence.

P

Peter Frisch GmbH

frisch-homepage.de

8

Peter Frisch GmbH is a small local business based in München, Germany, with an online presence hosted on the Wix platform. The website provides basic contact information including a phone number and physical address but lacks detailed business descriptions or service listings. The technical infrastructure is standard for Wix-hosted sites, utilizing Wix's Thunderbolt framework and common web technologies such as JavaScript and JSON-LD for structured data. Mobile optimization appears adequate, but SEO and accessibility features are basic. Security posture is moderate with HTTPS implied but no explicit security headers or policies found. Privacy and cookie policies are absent, indicating potential compliance gaps. Overall, the site is functional but could benefit from enhanced content, security, and compliance features to improve trust and professionalism.

Headspin AS is a Norwegian creative agency based in Trondheim, specializing in integrated communication services including strategy, campaign development, design, text production, 3D visualization, website and app development, and film production. The company targets businesses and organizations seeking comprehensive communication and branding solutions. The website reflects a professional and consistent brand image with a medium-sized team and a solid client portfolio. Technically, the site is built on WordPress with modern technologies such as Google Fonts, Google Maps API, and multiple analytics platforms including Matomo and Plausible, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and no visible vulnerabilities, though improvements can be made by adding security headers and cookie consent mechanisms. Overall, the site is trustworthy and well-maintained, with clear business information and certifications such as Miljøfyrtårn enhancing credibility.

B

Black Hole Experience

blackholeexperience.com

60

The Black Hole Experience website presents a mobile exhibition that combines the awe of nature and the cosmos with meditative reflection. The site is built using modern web technologies such as Next.js and React, and integrates privacy-conscious analytics via Plausible. While the website is accessible and professionally designed, it lacks publicly available WHOIS registration data, which raises some concerns about domain legitimacy. No direct contact information or detailed business credentials are provided, limiting business credibility assessment. Security posture is moderate with HTTPS enabled but missing key security headers. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page. Overall, the site appears legitimate and focused on a niche experiential offering but would benefit from enhanced transparency and security hardening.

The website creatorsoftomorrow.com is currently inaccessible due to a paused deployment on the Vercel hosting platform, resulting in a 503 SERVICE_UNAVAILABLE error page. No business content, metadata, or interactive elements are available for analysis. The domain is registered with Gandi SAS since 2018, indicating a stable and legitimate registration history. However, the lack of accessible content prevents a full assessment of the company's business model, services, or market position. From a technical perspective, the site is hosted on Vercel but currently not operational. No information about CMS, frameworks, or analytics tools is available. Security posture cannot be fully evaluated due to missing security headers and SSL configuration details. No privacy or cookie policies are present, indicating non-compliance with GDPR and related regulations. The security posture is weak due to the absence of accessible content and security best practices. No contact or incident response information is provided, limiting the ability to assess the organization's readiness for security incidents. The domain WHOIS data is consistent and shows no suspicious patterns, supporting the legitimacy of the domain ownership. Overall, the website is currently non-functional, which severely limits trust and credibility. Strategic recommendations include resuming the deployment to restore service, implementing comprehensive privacy and cookie policies, adding security headers, and providing clear contact and incident response information to improve compliance and trust.

N

Naturpark Mecklenburgische Schweiz und Kummerower See

naturpark-mecklenburgische-schweiz.de

52

Naturpark Mecklenburgische Schweiz und Kummerower See is a regional nature park organization in Germany focused on conservation, education, and tourism. The website provides comprehensive information about the park, including guided tours, events, and educational resources. It targets nature enthusiasts, tourists, and educational groups, positioning itself as a quality-certified nature park with a strong regional presence. Technically, the site is built on TYPO3 CMS, uses modern JavaScript libraries for maps and UI, and is hosted on regional infrastructure. The site is mobile-optimized, accessible, and SEO-friendly. Security-wise, HTTPS is enforced, cookie consent is implemented with granular controls, and privacy-respecting analytics (Matomo) is used. However, explicit security policies and incident response information are not published. Overall, the site is trustworthy, professional, and compliant with GDPR, with no critical vulnerabilities detected.

D

Deutscher Tennis Bund

dtb-tennis.de

72

The Deutscher Tennis Bund (DTB) operates the official tennis federation website for Germany, providing comprehensive information on national teams, training programs, membership offers, and tennis events. The site targets tennis enthusiasts, players, coaches, and fans within Germany, positioning itself as the authoritative source for tennis-related content in the country. The business model is non-profit and focused on sports promotion and community engagement. Technically, the website leverages Adobe Experience Manager (AEM) as its CMS, hosted on Adobe's cloud infrastructure, and integrates modern technologies such as Cookiebot for consent management, Google Tag Manager for analytics, and Smart AdServer for advertising. The site demonstrates good mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, uses secure cookies, and implements consent mechanisms aligned with GDPR. While explicit security headers are not fully visible in the HTML, the use of reputable third-party services and secure hosting suggests a strong security posture. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a low-risk profile with strong business credibility and compliance with privacy regulations. Strategic recommendations include enhancing visible security policies, publishing incident response contacts, and verifying security headers to further strengthen trust and security culture.

S

Schweizerischer Turnverband

stv-fsg.ch

60

The Schweizerischer Turnverband (Swiss Gymnastics Federation) operates the website stv-fsg.ch as the official national body for gymnastics in Switzerland. The site provides extensive information on various gymnastics disciplines, training programs, events, memberships, and partnerships. It targets athletes, trainers, clubs, and sports enthusiasts within Switzerland, positioning itself as a key non-profit organization in the Swiss sports sector. The business model focuses on member services, education, event management, and sponsorship collaborations. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including Google Tag Manager and Hotjar for analytics and user experience insights. The site demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. Privacy and cookie consent mechanisms are well implemented, reflecting compliance with GDPR requirements. From a security perspective, the site enforces HTTPS, employs standard security headers, and avoids exposing sensitive data. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not present, representing areas for improvement. The WHOIS data confirms the domain's legitimacy and consistency with the organization's identity. Overall, the website is professional, trustworthy, and well-maintained, with a strong focus on user privacy and compliance. Strategic enhancements in security transparency and contact information would further strengthen its posture.

S

Swiss Sailing

swiss-sailing.ch

65

Swiss Sailing is the official Swiss national association dedicated to sailing, windsurfing, kitesurfing, and wingfoiling. It serves as the governing body for these sports in Switzerland, providing event organization, training programs, and athlete development. The website reflects a well-established organization with a clear focus on both recreational and competitive sailing communities. It maintains strong partnerships with recognized insurers and sport promotion entities, and is affiliated with international sailing bodies such as World Sailing and Swiss Olympic. The target audience includes sailing clubs, athletes, officials, and enthusiasts across Switzerland. Technically, the website is built on the Neos CMS platform using the Flow PHP framework, incorporating modern web technologies such as Google Tag Manager for analytics and Google Fonts for typography. The site is mobile optimized, accessible, and SEO friendly, with a clear navigation structure and professional design. Performance is moderate, with no major technical issues detected. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. However, it lacks publicly available formal security policies and incident response contacts. No security headers were detected in the provided data, suggesting room for improvement in hardening the site against common web threats. No vulnerabilities or exposed sensitive data were found in the HTML content. Overall, Swiss Sailing presents a trustworthy and professional online presence with strong business credibility and compliance posture. Strategic recommendations include publishing a formal security policy, enhancing security headers, and providing incident response contact information to improve transparency and security readiness.

N

NAEF PARTNERS AG

naefpartners.ch

52

NAEF PARTNERS AG is a Swiss-based boutique consulting firm specializing in corporate development, sales performance, change management, and leadership coaching. The company targets business professionals and organizations seeking tailored consulting services to enhance strategy implementation and leadership effectiveness. Their market position is that of a high-end consulting boutique with a focus on personalized and human-centric business development approaches. Key services include strategy development, leadership empowerment, sales optimization, and change management interventions. Technically, the website is built on the SilverStripe CMS platform and incorporates modern web technologies such as Google Analytics and Google Tag Manager for analytics, along with jQuery-based UI components like Fancybox and Flexslider. The site is mobile-optimized with good navigation and SEO practices, though some accessibility features could be improved. Performance is moderate with asynchronous loading of analytics scripts. From a security perspective, the site enforces HTTPS with an excellent SSL configuration and anonymizes IP addresses in Google Analytics, reflecting some privacy awareness. However, it lacks important security headers such as Content-Security-Policy and X-Frame-Options, and does not provide a cookie consent mechanism or a published security policy. No vulnerability disclosure or incident response contacts are present, which could be improved to enhance trust and compliance. Overall, the website is professional, trustworthy, and well-aligned with the business's consulting focus. The main risks relate to privacy compliance gaps and missing security best practices. Strategic improvements in these areas would strengthen the security posture and regulatory adherence, supporting the company’s credibility and client trust.

B

B Studio

bossert.studio

52

The website bossert.studio currently serves as a minimal placeholder with very limited content, primarily displaying a waving hand emoji and a brief 'in progress' description. There is no substantive business information, contact details, or policies presented, indicating the site is under development or not actively maintained. The technical infrastructure is based on modern web technologies such as React and Next.js, suggesting a contemporary development approach, but the lack of content and metadata limits the site's digital maturity. Security posture is weak due to absence of visible HTTPS confirmation, security headers, and privacy compliance documentation. Overall, the site presents a low trust profile with minimal risk but also minimal utility or engagement potential at this time.

Bänziger Hug is a Swiss-based design agency founded in 2011 by Samuel Bänziger and Olivier Hug. The agency specializes in print and interactive design, offering services such as book design, exhibitions, publications, identities, and website design primarily for cultural institutions, businesses, and individuals. The company has a strong market position within its niche, supported by numerous prestigious design awards, indicating a high level of professional recognition and trust. Technically, the website is built using modern web standards including HTML5, CSS3, and JavaScript, with the use of Modernizr for feature detection and Google Analytics for visitor tracking. The site is mobile optimized and performs moderately well, though accessibility features are basic. The absence of a CMS or hosting provider information limits deeper infrastructure insights. From a security perspective, the website benefits from HTTPS with excellent SSL configuration, but lacks important security headers such as Content-Security-Policy and X-Frame-Options. No forms or input fields are present, reducing attack surface, but the absence of privacy and cookie policies indicates compliance gaps. WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional website content. Overall, the website is professional and trustworthy in appearance and content, but the lack of WHOIS transparency and privacy compliance policies present moderate risks. Strategic improvements in security headers, privacy documentation, and domain registration transparency are recommended to enhance trust and compliance.

N

Nora Vögeli Grafik Design

noravoegeli.com

60

Nora Vögeli Grafik Design is a small, professional design atelier based in Zürich, Switzerland, specializing in art direction, graphic design, branding, and spatial design. The website showcases a comprehensive portfolio of projects including corporate design, event branding, publications, and digital applications, targeting clients seeking creative design services primarily in the Zürich region. Technically, the site is built on the Squarespace platform, leveraging modern web technologies such as HTTPS with HSTS, Google Fonts, and YouTube embeds, providing a moderate performance and good mobile optimization. Security posture is solid with HTTPS and HSTS, but lacks additional security headers and formal privacy or cookie policies. The absence of WHOIS data limits domain legitimacy verification, though the professional presentation and content quality suggest a legitimate business. Overall, the site is well-designed and functional but would benefit from enhanced privacy compliance and clearer contact information to improve trust and security.

Aio Frei is a small creative professional or artist specializing in sound art, listening performance, feminist listening practices, and related artistic projects. The website serves as a portfolio showcasing various projects, workshops, and publications. The target audience includes artists, researchers, and enthusiasts in experimental sound and performance arts. The business model is primarily portfolio-based, focusing on artistic exposure and engagement. Technically, the website is built on WordPress, utilizing jQuery and Swiper.js for frontend interactions. It is hosted by 1API GmbH and uses HTTPS with a valid SSL certificate. The site is moderately optimized for performance and mobile devices, with a responsive design and basic accessibility features. SEO optimization is basic, with essential meta tags present but no advanced structured data or rich snippets detected. From a security perspective, the website has HTTPS enabled and domain transfer protection. However, DNSSEC is not enabled, and no security headers were detected, which could be improved. There is no privacy policy, cookie policy, or terms of service, indicating gaps in compliance with GDPR and other privacy regulations. Contact information is limited to an email address, with no phone or physical address provided. No incident response or vulnerability disclosure mechanisms are present. Overall, the website is functional and professionally presented but lacks important privacy and security compliance elements. Strategic improvements in privacy policies, security headers, and DNS security would enhance trust and compliance.

H

Hubertus Design

hubertus-design.ch

43

Hubertus Design is a Swiss-based design studio specializing in graphic, book, editorial, branding, and multimedia design projects. The website serves as a portfolio showcasing a wide range of creative works for cultural institutions, architects, and enterprises, positioning itself as a niche player in the design industry. The business model is project-based, focusing on delivering high-quality design services to a professional audience. Technically, the website is built on WordPress and leverages several plugins including MonsterInsights for analytics, Getwid for blocks, and Animate Blocks for animations. It uses modern web technologies such as jQuery and Google Analytics with IP anonymization and opt-out features, indicating a moderate level of digital maturity. The site is mobile optimized and has good SEO practices, though accessibility features are basic. From a security perspective, the site enforces HTTPS with SSL and includes some privacy-conscious configurations in analytics. However, it lacks important security headers and does not provide vulnerability disclosure or incident response information. Privacy and cookie policies are absent, which is a compliance gap. No contact information is explicitly provided, which may affect user trust and support. Overall, the website is professional and content-rich but could improve in privacy compliance and security best practices. The risk level is moderate due to missing policies and security headers, but no critical vulnerabilities or blocking mechanisms were detected.

Atelier Varga is a Swiss-based creative agency specializing in visual design, web design, corporate identity, and editorial design services. The website showcases a comprehensive portfolio of projects primarily in cultural, architectural, and artistic domains, targeting clients seeking high-quality visual communication solutions. The business operates as a small, niche design atelier with a consistent brand presence and a professional online portfolio. Technically, the website is built on WordPress, utilizing common plugins such as Yoast SEO and Google Analytics for SEO and visitor tracking. The site demonstrates good mobile optimization and moderate performance but lacks some advanced accessibility features. Security posture is adequate with HTTPS enabled and use of a security plugin, but it lacks important security headers and a vulnerability disclosure mechanism. Privacy compliance is weak due to the absence of privacy and cookie policies and no visible consent mechanism. Contact information is not explicitly provided on the homepage, which may affect user trust and compliance. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security practices.

M

Martin Stoecklin & Melina Wilson

a-language.net

44

A Language is a small, concept-driven visual communication studio co-founded by Martin Stoecklin and Melina Wilson, specializing in design for print, web, interactive platforms, and physical spaces. The studio serves a niche market including cultural and academic institutions, artists, and businesses. The website acts as a professional portfolio showcasing their work and expertise. Technically, the site is built on WordPress, utilizing common libraries such as jQuery and Swiper.js, hosted by 1API GmbH with SSL enabled, ensuring secure connections. However, the absence of DNSSEC and security headers indicates room for improvement in security hardening. The security posture is moderate, with no critical vulnerabilities detected but lacking advanced protections and policies. Privacy compliance is weak due to missing privacy and cookie policies and no consent mechanisms. Contact is available only through a web form, with no direct emails or phone numbers published. Overall, the website is professional and well-designed but would benefit from enhanced security and privacy practices to improve trust and compliance.

InnovationsTransfer Zentralschweiz (ITZ) is a regional innovation support organization based in Central Switzerland, founded in 2021. The company focuses on assisting startups, SMEs, and private individuals with innovation development, coaching, funding facilitation, and intellectual property consulting. The website presents a professional and consistent brand image, targeting innovation-driven businesses and individuals in the region. Technically, the site is built on WordPress with the Breakdance builder and integrates SEO and analytics tools such as Yoast SEO and Google Analytics. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place, though explicit security and incident response policies are not published. WHOIS data aligns well with the business claims, supporting legitimacy. Overall, the site is well-structured, compliant with privacy regulations, and trustworthy.

B

Berliner Ukulele Festival

berliner-ukulele-festival.de

50

The Berliner Ukulele Festival website represents a small cultural event organizer focused on Ukulele music festivals in Berlin, Germany. Established in 2016, the festival has become a recognized event within the German-speaking Ukulele community. The website is built on WordPress with a modern tech stack including WooCommerce, Yoast SEO, and Borlabs Cookie for consent management. The site is well-branded, mobile-optimized, and provides rich visual content including professional photography. However, it lacks explicit privacy and terms of service pages, and does not provide direct contact information or security incident response details. The SSL configuration is excellent, and no major vulnerabilities or suspicious patterns were detected. Overall, the site is trustworthy and professional but could improve compliance and security transparency.

The website buchhandelswelt.de is currently displaying a maintenance page with minimal content, indicating that the site is temporarily unavailable. Due to the lack of substantive content, no detailed business information, contact details, or privacy and cookie policies are present. The domain uses Anexia nameservers, suggesting a legitimate hosting provider, but no registrant details are available to confirm the business identity or history. The technical infrastructure cannot be fully assessed due to the minimal content and lack of metadata or scripts. Security posture is weak or unknown, with no visible security headers or SSL configuration data. Overall, the site is not currently functional for end users or business operations, resulting in a low trust and security score.

J

Julian Humm Gestaltung und Entwicklung

julianhumm.com

60

Julian Humm Gestaltung und Entwicklung is a small design and development office based in Basel, Switzerland, specializing in visual communication and publication solutions for both digital and analog spaces. The company offers services including branding, web design, poster creation, and identity development, targeting clients who require professional visual communication systems. The website showcases a portfolio of projects and client references, indicating a solid market presence within its niche. Technically, the website is built using modern technologies such as Svelte and Swiper.js, with good mobile optimization and a clean, professional design. However, there is a lack of privacy and cookie policies, and no security headers were detected, which are areas for improvement. The WHOIS data for the domain is missing or indicates the domain may not be registered, which is unusual but the website content and contact information suggest a legitimate business. Overall, the site is safe, professional, and trustworthy, but would benefit from enhanced security and privacy compliance measures.

S

Swiss Olympic

swissolympic.ch

63

Swiss Olympic is the umbrella organization for Swiss sports and serves as the National Olympic Committee of Switzerland. It supports and strengthens its members, including 83 national sports federations and 30 partner organizations, representing approximately 18,300 clubs and 2.2 million active sports participants. The organization is well-established with a strong market position and recognized trust indicators such as ISO 9001:2015 certification and partnerships with major national and international brands. The website reflects a professional and consistent brand image with comprehensive content tailored to its target audience of sports organizations, athletes, and partners. Technically, the website employs modern JavaScript libraries including jQuery, Slick Carousel, JWPlayer, and integrates Google Analytics and Tag Manager for analytics. Accessibility tools like Eye-Able are implemented, and the site is mobile-optimized with good SEO practices. Performance is moderate, with no critical technical issues detected. However, no CMS or hosting provider details were identified. From a security perspective, the site uses HTTPS and cookie consent mechanisms, but lacks explicit security policy pages, incident response contacts, and security headers such as Content-Security-Policy. No vulnerabilities or exposed sensitive data were found. The WHOIS data shows privacy protection consistent with organizational privacy needs, and no suspicious patterns were detected. Overall, the website is secure, professional, and compliant with privacy regulations, with room for improvement in formal security disclosures and enhanced security headers. The risk level is low, and the site effectively supports the organization's mission and stakeholder engagement.

H

Hessischer Gründerpreis – Die Auszeichnung 🏆

hessischer-gruenderpreis.de

52

The Hessischer Gründerpreis website represents a well-established regional business award platform focused on startups and business successors in Hessen, Germany. It provides visibility, networking, media exposure, and professional support to companies in their first five years of operation or succession. The platform is backed by reputable partners and sponsors, including financial institutions, industry associations, and government bodies, enhancing its credibility and market position. Technically, the website is built on Joomla CMS with modern front-end frameworks like UIkit and uses common analytics and consent management tools such as Google Analytics, Google Tag Manager, and Usercentrics. The site is mobile-optimized, accessible, and SEO-friendly, with structured data implemented for enhanced search engine understanding. From a security perspective, the site enforces HTTPS and includes CSRF tokens, but lacks explicit security headers like Content-Security-Policy and X-Frame-Options. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, making it a reliable digital presence for the Hessischer Gründerpreis initiative.

B

BWT

bwt.com

58

BWT is a large, established European company specializing in water treatment technologies and sustainable water solutions for various sectors including residential, hospitality, industry, pharma, and pools. Their website reflects a mature digital presence with comprehensive content, multimedia integration, and multi-language support. Technically, the site uses modern JavaScript libraries, Google Tag Manager, and performance optimizations like Baqend SpeedKit, indicating a high level of digital maturity. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit incident response and vulnerability disclosure information are not publicly available. Overall, the site is professional, trustworthy, and well-optimized, but the lack of WHOIS data and direct contact details slightly reduce business credibility scores.

The Silvesterlauf Hannover website represents a well-established regional sports event organizer, eichels GmbH, focusing on running and triathlon events in Hannover, Germany. The site provides comprehensive event information, registration options, news updates, and media content, targeting athletes and local community members interested in active year-end celebrations and related sports activities. The business model centers on event management and community engagement with a strong local presence and partnerships with other regional sports events. Technically, the website is built on TYPO3 CMS and leverages common web technologies such as jQuery, Bootstrap, and Font Awesome. It demonstrates good mobile optimization and SEO practices, although performance is moderate. The site uses HTTPS with a solid SSL configuration and employs basic security best practices like email obfuscation and cookie consent mechanisms. However, it lacks advanced security headers and explicit security or incident response policies. From a security perspective, the site is generally secure with no visible vulnerabilities or exposed sensitive data. Privacy compliance is addressed with a GDPR-compliant privacy policy and cookie banner. Contact information is transparent and complete, enhancing business credibility. No suspicious or malicious content was detected, and the site is free from WAF or blocking mechanisms, allowing full content access. Overall, the website scores well on content quality, technical implementation, security posture, privacy compliance, and business credibility, making it a trustworthy and professional platform for its target audience.

E

eichels GmbH

triathlon-hannover.de

48

Triathlon Hannover is a regional sports event organizer specializing in triathlon and running events in Hannover, Germany. The company, eichels GmbH, manages multiple annual events including the Hannover Triathlon, Steinhuder Meer Triathlon, and other running competitions, targeting athletes and sports enthusiasts. The website serves as an information hub for participants and spectators, offering event details, registration, results, and media content. The business model revolves around event organization, sponsorships, and participant fees, positioning itself as a well-established regional player with consistent branding and a professional online presence. Technically, the website is built on TYPO3 CMS and employs a range of established front-end libraries such as jQuery, Bootstrap, and Font Awesome. The site demonstrates good mobile optimization and SEO practices, though some libraries are outdated which could pose security risks. Performance is moderate with a clean, navigable structure and clear content presentation. The site uses HTTPS and implements cookie consent mechanisms, reflecting GDPR compliance awareness. From a security perspective, the site uses HTTPS and obfuscates email addresses to reduce spam. However, it lacks explicit security headers like Content-Security-Policy and HSTS, and uses older JavaScript libraries that may have vulnerabilities. No incident response or security policy pages are found, indicating room for improvement in security maturity. No signs of tracking or analytics services were detected, suggesting minimal user tracking. Overall, the website is trustworthy, professionally maintained, and compliant with basic privacy regulations. The domain registration data aligns well with the business identity, supporting legitimacy. Strategic recommendations include updating libraries, implementing security headers, and publishing security policies to enhance trust and security posture.

E

eichels GmbH

steinhudermeer-triathlon.de

46

The Steinhuder Meer Triathlon website is a professionally managed platform dedicated to organizing and promoting a regional triathlon event in Steinhude, Germany. Operated by eichels GmbH, the site provides comprehensive event information, registration capabilities, results publication, and media galleries targeting athletes and sports enthusiasts. The business operates within the event management sector with a clear focus on triathlon sports, maintaining a strong regional presence and partnerships with relevant sponsors and related events. Technically, the website leverages TYPO3 CMS along with modern frontend libraries such as Bootstrap, jQuery, and Slick Carousel to deliver a responsive and user-friendly experience. The site is well-optimized for mobile devices and includes SEO best practices, although some accessibility features could be enhanced. Hosting details are not explicitly disclosed, but the site uses HTTPS with a strong SSL configuration, ensuring secure data transmission. From a security perspective, the website enforces HTTPS and employs email obfuscation to protect contact information. However, it lacks explicit HTTP security headers and does not provide a public security policy or incident response contacts, which are areas for improvement. No vulnerabilities or suspicious content were detected, and the site complies with GDPR requirements, including a cookie consent mechanism and privacy policy. Overall, the website demonstrates a solid security posture and business credibility with clear contact information and legal disclosures. The domain registration data is consistent and trustworthy, supporting the legitimacy of the business. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and improving accessibility features to further strengthen the site's security and compliance posture.

K

Kanzlei Dr. Peter Unmüßig

kanzlei-unmuessig.de

55

Kanzlei Dr. Peter Unmüßig is a small, regionally established German law firm specializing in traffic law, labor law, inheritance law, tenancy law, administrative offenses, insurance law, and civil law. The firm operates from a main office in Gundelfingen with multiple branch offices, and is a member of the Apraxa cooperative network of law firms. The website provides comprehensive legal service information, attorney biographies, and detailed privacy and legal disclaimers, targeting private clients and businesses seeking legal representation. Technically, the website uses legacy jQuery and standard HTML/CSS with moderate performance and basic mobile optimization. Security posture is moderate with no HTTPS or security headers explicitly confirmed, and an outdated jQuery version poses a potential risk. Privacy compliance is strong with a detailed GDPR-compliant privacy policy, though no cookie consent mechanism is present. Overall, the site is professional and trustworthy but would benefit from technical and security updates.

The Niedersächsisches Institut für Sportgeschichte e.V. (NISH) is a specialized non-profit institute dedicated to documenting and researching the sports history of Lower Saxony and surrounding regions. Founded in 1981 and supported by the LandesSportBund Niedersachsen, it offers extensive archival resources, a specialized library, and collections related to various sports disciplines. The website serves as an information hub for sports clubs, educational institutions, researchers, and enthusiasts. Technically, the site is built on WordPress with standard plugins for contact forms, newsletters, and cookie management, providing a moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers and incident response information are lacking. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, with clear contact details and transparent policies.

TuS Glarum is a local German sports club offering a wide range of sports and fitness activities for all age groups, including gymnastics, ball sports, dance, and rehabilitation programs. The website serves as an information portal for members and the local community, providing schedules, news, and contact details. The club maintains an active presence on social media platforms such as Facebook and Instagram, enhancing community engagement. Technically, the website is built on the Clansphere CMS platform, utilizing standard web technologies including HTML, CSS, and JavaScript. It employs legacy components such as FCKeditor and Ajax scripts. The site is hosted via INWX nameservers, indicating a German hosting provider. Performance and mobile optimization are moderate, with basic accessibility and SEO features implemented. From a security perspective, the website lacks visible security headers and modern security policies. The use of an outdated editor and absence of cookie consent mechanisms highlight areas for improvement. The email address is obfuscated to reduce spam, but no explicit incident response or security policy pages are present. The domain WHOIS data is consistent and transparent, supporting the legitimacy of the site. Overall, the website is functional and trustworthy for its community sports purpose but would benefit from enhanced security measures, privacy compliance improvements, and modernization of technical components to reduce risk and improve user trust.

G

GSV Oldenburg

gsv-ol.de

47

GSV Oldenburg operates as a local community sports organization based in Germany, providing various sports activities, events, and social engagement opportunities. The website serves as an information hub for members and interested parties, featuring event announcements, calendars, and news updates. The organization appears to be a small-sized non-profit entity focused on serving the Oldenburg community. Technically, the website is built on WordPress with a modern plugin ecosystem including Elementor, calendar, and polling tools. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and cookie consent mechanisms, which are recommended for GDPR compliance. No direct contact emails or phone numbers are visible on the homepage, which could be improved for better user engagement and trust. Overall, the website is professional and trustworthy for its intended audience but could enhance privacy and security features to align with best practices.

Sportabzeichen-Digital is a German digital platform dedicated to managing and facilitating the German Sports Badge program. It provides users with registration, login, and access to sport badge events and information, targeting sports participants and organizers within Germany. The platform leverages modern web technologies such as Nuxt.js and Vue.js and is hosted on Hetzner infrastructure, ensuring reliable performance and availability. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, including opt-in for analytics via Matomo. Security posture is adequate with HTTPS enforced and anti-bot measures in place, though improvements are recommended in implementing security headers and publishing incident response information. Overall, the website is professional, user-friendly, and trustworthy, serving a niche sports community effectively.

S

STUCO Fullservice GmbH

fullservice-stuco.de

55

STUCO Fullservice GmbH operates as a specialist fullservice provider for promotional products in Germany, offering comprehensive services from product conception to logistics and e-shop solutions. The company targets businesses seeking scalable and sustainable promotional merchandise solutions. The website reflects a professional digital presence with a modern WordPress and Elementor infrastructure, enhanced by SEO plugins and consent management tools. While the technical setup is solid, there is room for improvement in privacy compliance and security best practices. The absence of a published privacy policy and terms of service represents a compliance gap, and security headers are not detected, which could be enhanced to improve security posture. Overall, the site is trustworthy and well-positioned in its niche, with active social media engagement and recognized certifications such as EcoVadis.

V

Verbund Offener Werkstätten

offene-werkstaetten.org

54

Verbund Offener Werkstätten operates as a non-profit network of open workshops in Germany, providing shared access to craft and digital fabrication resources. The website serves as a community hub offering workshop search, membership information, and educational content. The organization targets individuals interested in maker culture and collaborative craftsmanship. Technically, the website employs modern JavaScript libraries such as Swiper.js and SweetAlert2, with accessibility features via Eye-Able scripts, hosted by a reputable German provider. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though improvements are recommended in DNSSEC and security headers. No critical vulnerabilities or blocking mechanisms were detected, indicating a trustworthy and accessible platform.