Retail security reports

B

Bodytalk

bodytalk.com

69

Bodytalk is a Greek retail company specializing in apparel and accessories for women, men, children, and infants. The company operates a well-structured e-commerce platform offering a wide range of clothing categories and accessories, targeting a general audience primarily in Greece. The website demonstrates a consistent brand presence and professional design, supporting a medium-sized retail business model with a strong online presence. Technically, the website leverages modern web technologies including React, Google Tag Manager, TikTok Pixel, and Klaviyo for marketing automation. It employs cookie consent management and integrates multiple payment and analytics services, indicating a mature digital infrastructure. Security-wise, the site enforces HTTPS and uses reCAPTCHA and cookie consent mechanisms, but lacks explicit security policies and incident response contacts, which could be improved. Overall, the website is trustworthy, well-optimized for SEO and mobile, and compliant with GDPR requirements, though it would benefit from enhanced security transparency and published vulnerability disclosure information.

K

Kolmiokirja Oy

kolmiokirja.fi

51

Kolmiokirja Oy operates a Finnish e-commerce platform specializing in the sale of magazines, puzzle books, and hobby-related reading materials. The website targets a general audience interested in leisure reading and hobby activities, offering a variety of products including subscription packages and gift cards. The company appears to be a small-sized retail business with a consistent brand presence and a well-structured online store. The website is professionally designed with good content quality and clear navigation, supporting Finnish language users primarily. Technically, the site employs a modern JavaScript stack including jQuery, Bootstrap, Swiper, and other libraries to enhance user experience and performance. It uses asynchronous loading for analytics and tracking scripts such as Google Tag Manager and Iterable Analytics. Mobile optimization is good, and SEO practices are adequately implemented. However, no CMS or hosting provider details are explicitly detected. From a security perspective, the site enforces HTTPS and uses standard analytics and marketing tools. There is a lack of visible security headers and no public security or incident response policies, which suggests room for improvement in security posture. No vulnerabilities or suspicious content were detected in the HTML content. Privacy and cookie policies are present and indicate GDPR compliance. Overall, the website is trustworthy and professionally maintained, with a solid business model focused on retail e-commerce in Finland. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to strengthen compliance and user trust.

P

Parcero Marketing Partners Oy

retale.fi

45

ReTALE, operated by Parcero Marketing Partners Oy and affiliated with Aller Media Nordic, is a Finnish retail media specialist focused on helping businesses monetize customer interactions through innovative advertising solutions. The company targets a broad range of sectors including retail stores, shopping centers, gyms, medical centers, and hospitality. The website is professionally designed using WordPress with modern SEO and analytics tools, reflecting a digitally mature infrastructure. Security posture is solid with HTTPS and cookie consent mechanisms, though improvements in security headers and explicit privacy policies are recommended. Overall, the domain registration data aligns well with the business claims, indicating a trustworthy and legitimate operation.

Answear.it is a large-scale European e-commerce platform specializing in fashion apparel, shoes, and accessories for women, men, and children. The company operates in multiple European markets, offering a wide range of premium brands and fast delivery services, positioning itself as a premium online fashion retailer. The website demonstrates a modern technical infrastructure leveraging React, Redux, and service workers, ensuring good performance and mobile optimization. Security posture is strong with HTTPS and DNSSEC enabled, though some advanced security headers and explicit security policies are missing. Privacy compliance is partial, with cookie consent implemented but no explicit privacy or terms of service pages found. Overall, the platform is professional and trustworthy, but could improve transparency and security documentation.

Answear.si is a large-scale European fashion e-commerce platform operating in multiple countries, offering over 200,000 products from more than 500 global brands. The website targets general consumers interested in fashion apparel, shoes, and accessories, providing fast delivery and loyalty discounts. Technically, the site is built on modern web technologies including React and service workers, supported by a robust CDN infrastructure likely from Akamai. Security posture is strong with HTTPS, security headers, and reCAPTCHA integration, although explicit privacy and terms policies are not found in the provided content. Overall, the site demonstrates a mature digital presence with good performance and user experience but could improve transparency around privacy and contact information.

Answear.gr is a well-established e-commerce platform specializing in fashion products for women, men, and children, offering a wide range of over 200,000 items from more than 600 global brands. The company operates in multiple European countries, providing fast delivery and free returns, supported by a loyalty program to enhance customer retention. Technically, the website employs modern web technologies including React, Redux, and integrates advanced monitoring tools like Sentry, ensuring a robust and performant user experience. Security practices are strong with HTTPS enforcement and security headers, although explicit privacy and terms policies are not found in the analyzed content, indicating room for compliance improvement. Overall, the platform demonstrates a mature digital presence with good market positioning but should enhance transparency and contact accessibility to improve trust and regulatory compliance.

Answear.bg is a well-established online fashion retail platform targeting women, men, and children in Bulgaria. It offers a wide range of clothing, footwear, and accessories from over 500 original brands, positioning itself as a multi-brand e-commerce leader in the region. The company emphasizes fast delivery, secure payment options, and a loyalty program to enhance customer engagement. Technically, the website leverages modern web technologies including React, Redux, service workers, and integrates marketing and analytics tools such as Google Tag Manager and Braze. The hosting and CDN infrastructure is robust, utilizing Akamai's network for performance and reliability. Security posture is strong with HTTPS enforcement and standard security headers, though DNSSEC is not implemented and no explicit security or incident response policies are publicly disclosed. Privacy compliance is evident with GDPR-aligned policies and cookie consent mechanisms. Overall, the site presents a professional, trustworthy, and user-friendly experience with a high degree of technical maturity.

Answear.cz is a well-established online multi-brand fashion retailer operating primarily in the Czech Republic and multiple European countries. The platform offers a wide range of clothing, footwear, and accessories for women, men, and children, featuring over 500 brands including premium and sports labels. The company emphasizes fast delivery, free returns, and a loyalty program to enhance customer experience. Technically, the website is built on modern web technologies including React and service workers, hosted on Akamai infrastructure, and integrates marketing and analytics tools such as Google Tag Manager and Braze. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers and policies could be improved. Privacy compliance is partial, with cookie consent implemented but no visible privacy policy or terms of service pages in the provided content. Overall, the website presents a professional and trustworthy e-commerce experience with room for enhanced transparency and security documentation.

Answear.ro is a well-established Romanian e-commerce platform specializing in fashion apparel and footwear for women, men, and children. Operating since 2010, it serves multiple European markets with a broad portfolio of over 500 global brands. The website offers a comprehensive shopping experience with features like free delivery and returns, a loyalty program, and fast shipping. Technically, the site is built on a modern React framework with integrations for analytics (Google Tag Manager, Braze) and error monitoring (Sentry), hosted on Akamai infrastructure. Security posture is strong with HTTPS enforced and proactive monitoring, though DNSSEC is not enabled and explicit security headers could be improved. Privacy and cookie policies are not explicitly found in the provided content, indicating an area for compliance enhancement. Overall, the platform demonstrates a mature, professional online retail presence with good technical and business credibility.

Answear.hr is a regional e-commerce platform specializing in fashion apparel, footwear, and accessories for women, men, and children. It operates as part of a larger European network of Answear branded sites, offering products from over 500 global brands. The platform is well-established with a domain age consistent with its business expansion timeline. Technically, the website leverages modern web technologies including React, Redux, and integrates advanced analytics and marketing tools such as Google Tag Manager and Braze. The site is optimized for performance and mobile use, providing a good user experience with clear navigation and professional design. Security posture is strong with HTTPS enforced and error monitoring via Sentry, though explicit security policies and incident response contacts are not publicly detailed. Privacy compliance is evident with cookie consent mechanisms and a comprehensive privacy policy, though contact information is not prominently disclosed. Overall, the site is trustworthy, professionally managed, and safe for general audiences.

Superprieks.lv is an e-commerce fashion store based in Latvia, operated by the legal entity Sabiedriba ar ierobezotu atbildibu "Golin Riga". The store sells clothing and accessories featuring designs created by SOS Children's Villages families, with all profits supporting the charitable organization. The website is built on the Shopify platform, leveraging modern web technologies and integrations such as Printful for fulfillment. It targets Latvian-speaking consumers interested in socially responsible fashion. The site demonstrates good content quality, clear navigation, and consistent branding, supported by active social media channels.

N

Nema predaje

nemapredaje.hr

44

Nema predaje is a Croatian-based e-commerce retailer specializing in premium sports equipment. Established in 2015, the company targets sports enthusiasts and athletes within Croatia, offering a curated selection of sports goods through a WordPress and WooCommerce powered website. The site features a professional design, clear navigation, and is optimized for mobile devices, providing a good user experience. Technically, the website leverages modern web technologies including jQuery, Google Tag Manager, and several WordPress plugins to enhance functionality such as appointment booking and product filtering. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although security headers could be further improved to enhance protection. Privacy compliance is well addressed with accessible privacy and cookie policies aligned with GDPR requirements. Business credibility is supported by clear contact information and consistent domain registration data. Overall, the website presents a trustworthy and professional online presence for a small retail business.

L

Lidl Hrvatska

lidl.hr

80

Lidl Hrvatska operates as a retail supermarket chain in Croatia, providing a broad range of grocery and household products. The website serves as an information portal for customers, highlighting weekly offers and store locations. The company is positioned as a large retail player in the Croatian market, with a business model focused on physical retail supported by digital presence. Technically, the website employs modern web technologies including JavaScript frameworks, YouTube integration, and cookie consent management via OneTrust, hosted on Akamai infrastructure ensuring reliable performance and security. The security posture is strong with HTTPS enforcement, cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is robust, with comprehensive GDPR-aligned policies and user consent management. Overall, the website reflects a mature digital presence with good user experience and trustworthiness.

S

SPORTSKI ŽIVOT D.O.O.

sportlife.hr

44

Sportlife.hr is a Croatian-based distributor and retailer specializing in professional and home fitness equipment. The company represents multiple well-known international fitness brands and offers services including equipment sales, maintenance, and fitness space planning. The website is professionally designed using WordPress and WooCommerce, targeting fitness centers, gyms, and individual consumers. The domain is well-established since 2010, consistent with the business's market presence. Technically, the site uses modern web technologies and is mobile optimized, though performance is moderate. Security posture is adequate with HTTPS enabled but lacks visible security headers and privacy policies, indicating room for improvement in compliance and security best practices. Contact information is clearly provided, enhancing business credibility.

I

Instar center d.o.o.

instar-informatika.hr

67

Instar center d.o.o. operates a professional e-commerce website specializing in the sale of computers, PC components, and related accessories primarily targeting the Croatian market. Established in 2008, the company presents a well-structured online catalog with detailed product categories and brand offerings, positioning itself as a reputable retailer in the technology retail sector. The website demonstrates good design quality, mobile optimization, and user-friendly navigation, supporting a positive user experience for both consumers and business clients. Technically, the site employs modern web technologies including jQuery, Google Tag Manager, and Facebook Pixel for analytics and marketing, with HTTPS enabled ensuring secure data transmission. However, the absence of explicit privacy and cookie policies, as well as missing security headers, indicates gaps in compliance and security best practices. Contact information is limited to phone numbers without email or physical address details visible in the provided content. Overall, the domain registration data aligns with the business claims, supporting legitimacy and trustworthiness.

C

Coca-Cola Hellenic Kosova

coca-colahellenickosovo.com

47

Coca-Cola Hellenic Kosova operates as a major distributor of Coca-Cola products in Kosovo, serving as a key player in the non-alcoholic beverage industry since 2003. The website reflects a regional branch of the larger Coca-Cola Hellenic Bottling Company, with consistent branding and a focus on beverage distribution. The business targets a general audience including consumers and partners in Kosovo, leveraging a business model centered on product distribution and sales within the retail sector. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and integrates Google Analytics and Google Tag Manager for analytics and marketing purposes. Hosting and DNS services are provided via Cloudflare, enhancing performance and security. The site includes a OneTrust cookie consent mechanism, indicating awareness of privacy compliance requirements, although explicit privacy and terms of service pages are not detected. From a security perspective, the site uses HTTPS with a good SSL configuration and Cloudflare DNS, but lacks DNSSEC and some recommended security headers. No critical vulnerabilities or WAF blocking were detected. The WHOIS data is consistent with the business claims, showing a well-maintained domain with no privacy protection, supporting legitimacy. Overall, the website presents a professional and trustworthy digital presence for Coca-Cola Hellenic Kosova, with room for improvement in privacy policy transparency and enhanced security headers to strengthen compliance and security posture.

C

Coca-Cola Hellenic Bottling Company

cchbcshop.com

59

The website cchbcshop.com serves as the customer portal for Coca-Cola Hellenic Bottling Company (Coca-Cola HBC), a major beverage bottler operating across multiple countries. The portal enables customers to place orders, track shipments, access invoices, and benefit from exclusive discounts, supporting a B2B e-commerce business model focused on beverage distribution. The site branding and content align well with Coca-Cola HBC's corporate identity, reflecting a large, established enterprise with a professional online presence. Technically, the site leverages modern web technologies including React and Microsoft Bot Framework Web Chat, integrated with third-party services such as Gigya for customer identity management and WordLift for content enhancement. The site is mobile optimized and demonstrates moderate performance, though some SEO and accessibility features could be improved. Hosting and domain registration are managed through reputable providers, with HTTPS enforced and domain status protections in place. From a security perspective, the site benefits from HTTPS and domain registration safeguards but lacks visible security headers and explicit privacy or cookie policies on the prelogin page. No incident response or vulnerability disclosure information is provided, which could be improved to enhance trust and compliance. No suspicious or vulnerable libraries were detected, and no adult or questionable content is present, indicating a safe environment for users. Overall, the website presents a trustworthy and professional portal for Coca-Cola HBC customers, though improvements in privacy compliance, security headers, and transparency around incident response would strengthen its security posture and regulatory adherence.

S

SPAR Business Services GmbH

spar-ics.com

72

SPAR ICS is the IT unit of the SPAR Österreich Group, providing comprehensive IT solutions across three business fields: food retail, sport & fashion retail, and shopping centers. Operating in seven countries, it supports digital processes for major retail brands including SPAR, INTERSPAR, HERVIS, and SES. The company positions itself as a key enabler of seamless retail experiences and future-oriented retail technology. The website reflects a professional corporate presence with clear branding and partner logos, targeting IT professionals and potential employees.

Coca-Cola HBC AG is a leading consumer packaged goods company and a strategic bottling partner of The Coca-Cola Company. The company operates across multiple countries primarily in Europe and Africa, offering a broad portfolio of beverages. The website reflects a mature enterprise with extensive market presence, multiple country-specific sites, and a customer portal, indicating a well-established business model focused on bottling and distribution. Technically, the website is built on Adobe Experience Manager, leveraging modern JavaScript libraries and compliance tools such as OneTrust for cookie consent and UserWay for accessibility. The infrastructure appears robust with good performance, mobile optimization, and SEO practices. Hosting is likely via Akamai, enhancing content delivery and security. Security posture is strong with HTTPS enforced, presence of key security headers, and no visible vulnerabilities or exposed sensitive data. The site demonstrates compliance with GDPR and other privacy regulations, supported by comprehensive privacy and cookie policies. However, the absence of a public vulnerability disclosure policy and incident response contact details suggests areas for improvement. Overall, the website and business present a low-risk profile with high trustworthiness. Strategic recommendations include enhancing transparency on security incident response, maintaining up-to-date third-party components, and formalizing vulnerability disclosure processes to further strengthen security and compliance.

L

LEDO plus d.o.o.

ledo.hr

57

LEDO plus d.o.o. is the largest domestic producer of industrial ice cream and the leading distributor of frozen food in Croatia, with a strong market presence and a comprehensive product portfolio. The company targets general consumers in Croatia and surrounding regions, offering a variety of frozen food products and culinary inspiration through recipes. The website reflects a mature digital presence with professional design, clear navigation, and mobile optimization. Technically, the site uses modern JavaScript libraries, Google Analytics, Facebook Pixel, and Google Tag Manager, hosted likely by Hrvatski Telekom, ensuring good performance and SEO. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and vulnerability disclosures are absent. WHOIS data confirms domain legitimacy and consistency with business claims. Overall, the website is trustworthy, compliant with GDPR, and professionally maintained.

S

SPAR Hrvatska

spar.hr

67

SPAR Hrvatska operates a professional retail website serving as the digital presence for SPAR supermarkets and INTERSPAR hypermarkets in Croatia. The site offers product catalogs, recipes, and customer services, targeting general consumers seeking groceries and household products. The business is positioned as a large retail entity with a consistent brand and a well-structured website. Technically, the website is built on Adobe Experience Manager, leveraging Adobe Analytics and modern JavaScript libraries. It employs Cloudflare Turnstile captcha for bot protection and a consent manager for GDPR compliance, indicating a mature digital infrastructure. Performance and mobile optimization are good, though accessibility could be improved. Security posture is solid with HTTPS enforced and bot protection in place, but lacks explicit security headers and visible security policies. Privacy compliance is partial, with cookie consent but no visible privacy or terms of service pages. No contact information or incident response details are publicly available, which could be improved. Overall, the website is trustworthy and professional with no signs of malicious content or blocking. Strategic improvements in privacy transparency, security headers, and contact availability would enhance compliance and user trust.

J

jatrgovac.com

jatrgovac.com

55

Ja TRGOVAC is a well-established Croatian media portal specializing in retail and the fast-moving consumer goods (FMCG) industry. Founded in 2008, it serves as a leading source of news, analysis, and market communication for professionals and stakeholders in the retail sector. The website offers categorized content, including news, market trends, and promotional information, supported by subscription and advertising services. Its market position is strong within the Croatian retail media landscape, targeting industry professionals and businesses.

S

Studenac d.o.o.

studenac.hr

46

Studenac d.o.o. is a leading Croatian retail chain specializing in food and household products, operating over 1000 stores nationwide. Founded in 1991 and headquartered in Omiš, Croatia, it is owned by the Polish Enterprise Fund VIII since 2018. The company offers a broad range of services including weekly promotions, mobile app-based coupons, and additional services such as package pickup and delivery via third-party platforms. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site employs modern JavaScript libraries and asynchronous loading techniques, ensuring good performance and mobile responsiveness. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response information are absent. Overall, the site is trustworthy, professionally maintained, and compliant with GDPR regulations.

S

Sport Vision

sportvision.hr

60

Sport Vision is a leading Croatian retail chain specializing in sports equipment and apparel, featuring over 500 stores across 13 countries. The website serves as a comprehensive e-commerce platform offering products from major brands such as Nike, adidas, Champion, and Reebok. The business model combines online sales with physical retail presence, targeting sports enthusiasts and general consumers in Croatia and the surrounding region. The company demonstrates a strong market position with a loyalty program and multiple customer service channels. Technically, the website is built on the NBSHOP 7 CMS platform, utilizing modern web technologies including Bootstrap 4, Google Tag Manager, and Usercentrics for cookie consent. The site is mobile-optimized and SEO-friendly, with moderate performance and basic accessibility features. Security posture is good with HTTPS enforced and some security best practices observed, though additional security headers and published security policies would enhance trust. No critical vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and compliant with basic privacy and cookie regulations.

Z

Zagrebačka pivovara d.o.o.

ozujsko.com

50

Ožujsko.com is the official website for the Ožujsko beer brand, a leading Croatian beer produced by Zagrebačka pivovara, a subsidiary of Molson Coors. The site provides detailed information about the beer, its production process, packaging, social events, and promotes responsible drinking. It targets adult consumers in Croatia and surrounding regions, emphasizing legal compliance and age verification. The website is professionally designed with consistent branding and clear navigation, supporting a positive user experience.

Costa Coffee's Croatian website serves as a localized digital presence for the internationally recognized coffeehouse brand. The site primarily focuses on showcasing coffee products and brand information tailored to the Croatian market. The business operates within the retail sector, targeting general consumers and coffee enthusiasts. The website reflects a consistent brand identity aligned with Costa Coffee's global image and is supported by The Coca-Cola Company as its parent entity. Technically, the website leverages modern web technologies including React and Gatsby, supported by Akamai CDN for optimized performance. The site is mobile-optimized and employs standard security best practices such as HTTPS enforcement and security headers. Cookie consent is managed through OneTrust, indicating a basic level of privacy compliance. From a security perspective, the site demonstrates a solid posture with no detected vulnerabilities or exposed sensitive data. However, the absence of explicit privacy policy, terms of service, and incident response contact details suggests areas for improvement in compliance and transparency. The WHOIS data confirms the domain's legitimacy and consistency with the brand's regional presence. Overall, the website is professional, secure, and trustworthy, but would benefit from enhanced privacy and security disclosures to meet higher compliance standards.

T

The Coca-Cola Company

coca-cola.com

79

The Coca-Cola Company website for the Finnish market presents a professional and comprehensive digital presence focused on promoting its beverage products such as classic Coca-Cola, Coca-Cola Zero, and Coca-Cola Light. The site is well-branded, consistent, and targets a general consumer audience with clear product information and brand history. The technical infrastructure leverages modern web technologies including Adobe Experience Manager, Google Tag Manager, AWS RUM, and OneTrust for privacy compliance, indicating a mature digital ecosystem. Security posture is strong with HTTPS enforcement, security headers, and content security policies, although explicit security policy and incident response information are not publicly disclosed. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations.

K

Kaufland

kaufland.hr

64

Kaufland.hr is the Croatian online presence of Kaufland, a large retail supermarket chain operating in Croatia since at least 2000. The website offers weekly promotions, recipes, and product information targeting general consumers in Croatia. The site is professionally designed with consistent branding and good user experience, optimized for mobile devices. Technically, the site uses modern marketing and analytics tools such as Google Tag Manager and Adobe Launch, and is likely built on Adobe Experience Manager. Security posture is moderate with HTTPS implied and cookie consent implemented, but lacks explicit security policies and vulnerability disclosure information. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, the site is trustworthy and professional but could improve privacy compliance and security transparency.

U

University Frames

universityframes.com

68

University Frames operates a professional e-commerce platform specializing in handcrafted custom diploma frames for colleges, universities, and professional institutions across the United States. The website showcases a broad product range with detailed customization options, targeting graduates and educational institutions. The company emphasizes quality craftsmanship and customer service, positioning itself as a leading provider in this niche market since 1990. Technically, the website employs modern web technologies including Bootstrap, jQuery, and multiple analytics and marketing tools, ensuring a responsive and engaging user experience. Security posture is strong with HTTPS and no visible vulnerabilities, though the absence of security headers and explicit privacy policies indicates room for improvement. The lack of WHOIS registration data is a notable anomaly that impacts trustworthiness and requires further investigation. Overall, the site is professional, well-branded, and safe for general audiences.

EUROBAUSTOFF Handelsgesellschaft mbH & Co. KG operates a comprehensive cooperation platform for the building materials trade sector in Germany. The company provides a wide range of services including procurement, logistics, marketing, finance, personnel management, and IT services to its members and partners. The website reflects a mature digital presence with detailed service descriptions, partner links, and a professional design consistent with a large enterprise in the retail and manufacturing sectors. The company holds recognized industry awards such as the Plus X Award, reinforcing its market position. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and includes mobile optimization, accessibility features, and SEO best practices. The site uses HTTPS with good security headers and implements cookie consent mechanisms, indicating a solid privacy compliance posture. However, explicit security policies and incident response contacts are not found, which could be improved. Security-wise, the site shows good practices with secure forms and no obvious vulnerabilities. The absence of WHOIS data is a notable anomaly, possibly due to privacy protection or registrar issues, which slightly impacts trust but does not detract from the overall legitimacy based on content and external references. Overall, the website is professional, secure, and compliant with privacy regulations, serving a clear business purpose with a strong brand presence. Strategic recommendations include publishing explicit security policies, incident response contacts, and vulnerability disclosure information to enhance trust and security transparency.

I

i&M Bauzentrum

i-m.de

46

i&M Bauzentrum is a well-established Fachhandelsmarke (specialist retail brand) under the EUROBAUSTOFF group, serving the German building materials market with over 130 locations. The company focuses on providing high-quality building materials, expert advice, and comprehensive services to both private customers and professional builders. Their digital presence is powered by TYPO3 CMS with a modern Bootstrap-based design, offering good mobile optimization and user experience. The website includes multimedia content and a cookie consent mechanism aligned with GDPR requirements. Security posture is adequate with HTTPS and cookie management, but lacks some advanced HTTP security headers. No direct contact details are visible on the homepage, but social media channels are active. Overall, the site reflects a professional retail business with strong market positioning in Germany.

H

Hochwasser-Ratgeber

hochwasser-ratgeber.de

32

Hochwasser-Ratgeber is a German-language informational website focused on flood preparedness and building materials, serving homeowners and professionals in Germany. It acts as a partner platform for the Eurobaustoff Fachhändler network, providing comprehensive guidance on flood risk, prevention, and damage mitigation. The site offers key services such as flood preparedness advice, specialist dealer search, and educational content. Technically, the website is built on TYPO3 CMS with a modern tech stack including jQuery, FontAwesome, Google Fonts, and integrates Matomo analytics and Echobot marketing widgets. The site demonstrates good mobile optimization, clear navigation, and solid SEO practices. Security-wise, the site uses HTTPS and implements cookie consent mechanisms aligned with GDPR, but lacks explicit security headers and documented security policies or incident response contacts. Overall, the website is professional, trustworthy, and compliant with privacy regulations, though it could improve its security posture and transparency. The domain WHOIS data is limited but shows no suspicious indicators, supporting the site's legitimacy.

O

OPUS1

opus-1.eu

48

OPUS1 is a German-based company specializing in innovative paint and coating products for both interior and exterior applications. The website presents a professional image with a focus on quality products such as interior paints, facade paints, and lacquers, targeting DIY enthusiasts and professional painters. The company leverages a modern TYPO3 CMS platform with Bootstrap for responsive design, ensuring a good user experience across devices. The presence of a cookie consent mechanism and use of privacy-respecting Matomo analytics indicate a commitment to privacy compliance. Security posture is solid with HTTPS and no visible vulnerabilities, though improvements in security headers and explicit policies could enhance trust further. Overall, the website is well-structured, content-rich, and trustworthy, reflecting a medium-sized retail business in the home improvement sector.

E

EUROBAUSTOFF Handelsgesellschaft mbH & Co. KG

cerabella.de

44

Cerabella is a German-based retailer specializing in high-quality ceramic tiles and related accessories, operating under the EUROBAUSTOFF Handelsgesellschaft mbH & Co. KG umbrella. The company targets both retail customers and professional tile buyers, offering a broad product range including floor and wall tiles, mosaics, and tile accessories. The website reflects a well-structured and professionally designed digital presence, leveraging TYPO3 CMS and Bootstrap frameworks, with moderate performance and good mobile optimization. Matomo analytics is used for user tracking with a compliant cookie consent mechanism in place. Security posture is adequate but could be improved by implementing standard security headers and publishing explicit security policies. Contact information and company details are clearly presented, enhancing business credibility. No critical vulnerabilities or suspicious content were detected, and the site is fully accessible without WAF or blocking mechanisms.

F

FULLHAUS GmbH

gartenkatalog.com

55

The website www.gartenkatalog.com is a professionally designed German-language platform operated by FULLHAUS GmbH, offering a free garden catalog for the 2025 season. It targets homeowners and garden enthusiasts in Germany, providing inspiration and connecting users with EUROBAUSTOFF Fachhändler, a cooperative of specialist dealers in house and garden products. The business model centers on catalog distribution and lead generation for these dealers. Technically, the site is built on TYPO3 CMS, employs Usercentrics for consent management, and uses Matomo for analytics, indicating a modern and privacy-conscious infrastructure. Security posture is moderate with HTTPS implied but lacking explicit security headers and published security policies. The absence of WHOIS registration data is a notable anomaly, reducing domain trustworthiness despite the professional presentation and GDPR compliance. Overall, the site is functional, trustworthy in content, but would benefit from improved transparency in domain registration and enhanced security practices.

EUROBAUSTOFF Handelsgesellschaft mbH & Co. KG operates a cooperative network serving the building materials retail sector in Germany. The company provides a broad range of services including procurement, logistics, marketing, finance, personnel management, and IT support to its members. It holds a strong market position as a leading cooperation in the German building materials trade, supported by recognized awards such as the Plus X Award and a robust partner ecosystem including subsidiaries like i&M Bauzentrum. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and delivering a professional, mobile-optimized user experience. The site demonstrates good SEO and accessibility practices, with a moderate performance profile. Privacy compliance is well addressed through comprehensive privacy and cookie policies, including consent mechanisms. From a security perspective, the website enforces HTTPS and implements standard security headers, though explicit security and incident response policies are not publicly available. No vulnerabilities or exposed sensitive data were detected. However, the WHOIS data for the domain is missing or inaccessible, which raises concerns about domain registration transparency and trustworthiness. Overall, the website presents a professional and trustworthy front for the business, but the lack of WHOIS data and explicit security policies suggest areas for improvement in transparency and security governance.

R

Rostal S.A.

perlesdesalpes.ch

57

Perles des Alpes is a small Swiss retail business specializing in premium organic alpine food products such as herbal teas, edible flowers, and cashew nuts. The company emphasizes quality and organic certification, notably the Bio Suisse label, targeting gourmet and health-conscious consumers. The website is professionally designed with good content quality and clear navigation, supporting a positive user experience. Technically, the site uses jQuery and Google Analytics, with cookie consent implemented, but lacks advanced security headers and explicit security policies. The security posture is moderate with room for improvement in headers and incident response readiness. Overall, the website is trustworthy and compliant with basic privacy regulations, though it lacks a terms of service page and vulnerability disclosure mechanisms.

L

LIPO

lipo.ch

60

LIPO is a Swiss furniture discount retailer operating an e-commerce platform that offers affordable furniture with fast delivery and Click & Collect services. The website is built using modern technologies including Vue Storefront 2 and Shopware PWA, providing a progressive web app experience optimized for mobile and desktop users. The site demonstrates good design quality and user experience, with clear branding and relevant content focused on the Swiss market. Security posture is adequate with HTTPS enabled and no visible sensitive data exposure, but lacks some security headers and formal privacy and cookie policies. Analytics are implemented via Google Tag Manager, indicating moderate user tracking. Overall, the website is legitimate and professionally maintained but could improve compliance and security transparency.

Fnac is a leading French retail and e-commerce company specializing in cultural products, electronics, and household appliances. It operates a comprehensive online platform offering a wide range of products including books, music, video games, and ticketing services. The company holds a strong market position in France with an enterprise-scale operation and a well-established brand presence. The website demonstrates a mature technical infrastructure utilizing modern JavaScript frameworks, advanced marketing and analytics tools, and robust performance monitoring. Security posture is strong with HTTPS enforcement, security headers, bot protection, and cookie consent mechanisms in place. However, explicit security policies and incident response information are not publicly available, which could be improved. Overall, the website is professional, trustworthy, and compliant with GDPR, serving a broad consumer audience effectively.

D

David l’instant chocolat SA

davidchocolatier.ch

64

David l’instant chocolat SA is a Swiss artisanal chocolatier operating multiple retail shops and an online store, specializing in handcrafted chocolates and seasonal products. The company targets chocolate enthusiasts and gift buyers primarily within Switzerland. The website is professionally designed, mobile-optimized, and provides clear product and shop information, supporting a positive user experience and strong brand presence. Technically, the site uses Umbraco CMS with jQuery and Owl Carousel, integrates Google Analytics for tracking, and includes third-party widgets for enhanced marketing. Security posture is generally good with HTTPS enabled and no exposed sensitive data, but lacks some security headers and a cookie consent mechanism, which impacts privacy compliance. WHOIS data confirms the legitimacy and consistency of the business registration in Switzerland. Overall, the website is trustworthy and well-positioned in its niche, though improvements in privacy compliance and security headers are recommended.

R

Rostal

rostal.ch

58

Rostal is a small Swiss retail business specializing in aromatic herbs from the Grand Saint Bernard region, offering products such as spices, herbal teas, Genepi, and gift sets. The website serves as an informational and branding platform with links to partner e-commerce shops. The technical infrastructure is based on Umbraco CMS with standard web technologies including jQuery and Google Analytics. The site implements basic cookie consent and data protection notices but lacks comprehensive security policies or incident response information. Social media presence is established via Facebook and YouTube. Overall, the website is functional but could benefit from enhanced SEO, accessibility, and security practices.

F

Fromagerie Moléson SA

moleson-sa.ch

64

Fromagerie Moléson SA is a Swiss cheese and dairy product manufacturer and retailer specializing in traditional and innovative cheese varieties made from cow, goat, and sheep milk. The company targets both general consumers and professional buyers, offering products through retail outlets, resellers, and a professional e-shop. The website is professionally designed, multilingual (French and German), and showcases certifications and quality labels that reinforce its market position as a trusted regional specialty producer. Technically, the site is built on Umbraco CMS, uses jQuery and Google Analytics, and is moderately optimized for mobile and performance. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security headers and incident response information. Overall, the site is trustworthy, compliant with GDPR, and provides clear contact information and social media presence.

IKEA is a globally recognized enterprise specializing in retailing furniture, home accessories, and design inspiration for a broad consumer base. The website serves as a comprehensive platform for showcasing products, collections, and stories, supporting both brand engagement and e-commerce activities. The company targets general consumers seeking affordable and stylish home solutions. Technically, the website employs modern frameworks such as Astro and Svelte, integrates advanced analytics and error tracking tools like Google Analytics and Sentry, and implements cookie consent mechanisms to comply with privacy regulations. The site demonstrates excellent design quality, mobile optimization, and accessibility features, contributing to a positive user experience. Security posture is strong with HTTPS enforcement and multiple security headers, though explicit privacy and terms of service documents are not directly found in the homepage content. Overall, the site is legitimate, professional, and trustworthy, with minor gaps in privacy documentation.

S

Swiss-Ski Store GmbH

swiss-ski.store

70

Swiss-Ski Store GmbH operates an official e-commerce platform specializing in Swiss-Ski branded merchandise including clothing, accessories, and performance wax products. Positioned as the official fan shop, it targets winter sports enthusiasts and fans of Swiss-Ski, offering premium ski equipment and fan apparel. The website demonstrates a mature digital infrastructure leveraging modern web technologies such as React and Next.js, with integration of third-party services like Vimeo for video content and Google Tag Manager for analytics. The site is well-optimized for mobile and accessibility, providing a seamless user experience. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response contacts are not publicly detailed. Privacy compliance is robust, with clear privacy and cookie policies and GDPR adherence. Overall, the domain registration and WHOIS data align with the business claims, supporting legitimacy and trustworthiness.

S

Salzquell Shop

salzquell.de

49

Salzquell.de is a German e-commerce website specializing in certified natural cosmetics based on refreshing brine and healing water from Bad Dürrheim, combined with pure plant substances. The site targets consumers interested in natural skincare products and operates a professional online shop using the Shopware platform. The business model focuses on direct online sales with additional customer engagement via a WhatsApp newsletter. Technically, the website employs modern web technologies including Google Analytics 4, Facebook Pixel, and accessibility tools like Eye-Able, indicating a mature digital infrastructure. The site is mobile-optimized and provides a good user experience with clear navigation and product presentation. Security posture is solid with HTTPS enforced and secure form handling, though it lacks some advanced security headers and explicit security policies. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service pages, representing a compliance gap. Overall, the domain appears legitimate with consistent WHOIS data and no signs of malicious activity. Strategic improvements in privacy disclosures and security policies would enhance trust and compliance.

S

SPAR Handels AG

spar.ch

59

SPAR Handels AG is a well-established Swiss grocery retailer operating a website primarily in German, targeting local customers with fresh food offers. The website is built on TYPO3 CMS and uses modern web fonts from Typekit, indicating a moderate level of digital maturity. However, the site lacks visible privacy and cookie policies, contact information, and security headers, which are critical for compliance and trust. The absence of these elements suggests room for improvement in privacy compliance and security posture. Overall, the website is accessible and functional but would benefit from enhanced security and compliance features to better protect users and align with regulatory requirements.

IKEA Schweiz operates as a leading furniture and home goods retailer in Switzerland, offering a comprehensive online shopping platform alongside physical stores. The website provides a rich catalog of products, localized content in German, and multiple customer services including delivery, assembly, and loyalty programs. The technical infrastructure leverages modern web technologies such as React, cookie consent management via OneTrust, and A/B testing with Optimizely, ensuring a responsive and user-friendly experience. Security posture is strong with HTTPS enforcement and multiple security headers, although public security policies and incident response contacts could be enhanced. Overall, the site demonstrates high professionalism, compliance with GDPR, and trustworthy brand representation.

F

Fnac

fnac.ch

61

Fnac Suisse operates a comprehensive e-commerce platform specializing in cultural and technological products for the Swiss French-speaking market. As a subsidiary of the well-known Fnac brand, it holds a strong market position with a broad product catalog including books, electronics, games, and household appliances. The website demonstrates a mature digital infrastructure with modern technologies such as service workers, Adobe Experience Platform, and bot protection services, ensuring a smooth and secure user experience. Privacy compliance is well addressed with a cookie consent mechanism and a detailed privacy policy, reflecting adherence to GDPR standards. Security posture is robust with HTTPS enforcement, security headers, and bot mitigation, although explicit security policies and incident response contacts are not publicly disclosed. Overall, the site is professional, trustworthy, and well-optimized for performance and accessibility.

B

Biofruits SA

biofruits.ch

66

Biofruits SA is a medium-sized Swiss company specializing in the retail and commercialization of organic fruits and vegetables sourced from seven local producers in the Valais region. The company operates both physical stores and an online shop, offering a variety of organic products including fresh produce, juices, compotes, and gift boxes. Their market position is strong regionally, supported by multiple certifications such as BioSuisse and ISO standards, which enhance their credibility and trustworthiness. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries and marketing tools including Google Tag Manager, Facebook Pixel, and Sendinblue for analytics and customer engagement. The site is mobile-optimized with good SEO practices and a clear navigation structure, providing a positive user experience. From a security perspective, the website uses HTTPS with good SSL configuration and implements cookie consent mechanisms compliant with GDPR. However, it lacks explicit security policies, incident response information, and vulnerability disclosure mechanisms, which are areas for improvement to enhance security posture and transparency. Overall, the website is professional, trustworthy, and compliant with privacy regulations, with moderate tracking and marketing practices. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and establishing incident response contacts to further strengthen security and compliance.

Z

Zenhäusern

chezzen.ch

66

Chezzen is a Swiss-based bakery and catering service provider specializing in fresh products and professional service with regional expertise in Valais. The website presents a professional image with clear navigation and relevant content targeting both general consumers and professionals in hospitality. The technical infrastructure leverages modern web technologies including Umbraco CMS, Bootstrap 5, Google reCAPTCHA, and analytics tools, ensuring a responsive and user-friendly experience. Security posture is strong with HTTPS, security headers, and form protections, though explicit privacy and security policies are missing. Overall, the site is trustworthy and well-maintained but could improve compliance documentation and transparency.