Security Directory

C

Commission de Surveillance du Secteur Financier

cssf.lu

76

The Commission de Surveillance du Secteur Financier (CSSF) is a public institution responsible for supervising professionals and products within the Luxembourg financial sector. It serves both professionals and consumers by providing regulatory frameworks, publications, and guidance. The CSSF holds a key market position as Luxembourg's financial regulatory authority, offering services such as supervision of financial entities and dissemination of financial data. The website targets financial sector stakeholders and consumers seeking authoritative information and regulatory updates. Technically, the website is built on WordPress, utilizing modern web technologies including jQuery and Font Awesome, and integrates Matomo for analytics. The site demonstrates good digital maturity with responsive design, accessibility features, and a cookie consent mechanism compliant with GDPR. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and employs cookie-based security measures. However, explicit HTTP security headers are not detected, and no public security or incident response policies are found. No vulnerabilities or exposed sensitive data are evident. The absence of WHOIS data limits domain trust verification, but the official nature and content quality support legitimacy. Overall, the CSSF website is a professional, secure, and compliant platform serving as a trusted source for financial regulation in Luxembourg. Strategic recommendations include enhancing HTTP security headers, publishing security policies, and improving WHOIS transparency to strengthen trust and security posture.

S

SMART Design | Gregic Advisory

sm-art-design.com

37

SMART Design | Gregic Advisory is a Croatian technology company specializing in advanced SMART web solutions, including custom web shops, web applications, and AI integrations. Positioned as a leader in the Zagreb region, the company targets businesses and professionals seeking high-performance, secure, and adaptive digital platforms. Their offerings emphasize nano-optimized code, dynamic content, and loyalty programs, reflecting a modern and innovative approach to web development. The website demonstrates a high level of digital maturity with professional design, responsive layouts, and comprehensive GDPR-compliant cookie management. Security posture is solid with HTTPS and secure forms, though explicit security policies and incident response details are absent. Overall, the company presents a trustworthy and professional image with strong client references including government and educational institutions.

O

Onlysollo

onlysollo.cz

42

Onlysollo.cz is a niche e-commerce website specializing in premium gymnastics and bodyweight training equipment. Founded by a professional gymnast, the brand leverages expert knowledge to offer high-quality mats, balance tools, and accessories, targeting athletes and fitness enthusiasts primarily in the Czech Republic but shipping worldwide. The website is built on WordPress with WooCommerce, featuring a modern and responsive design with integrated social media and multi-currency support. Security posture is adequate with HTTPS and anonymized analytics but lacks advanced security headers and published policies. Privacy compliance is limited due to missing cookie consent mechanisms and GDPR-specific disclosures. Overall, the site presents a trustworthy and professional front for a small retail business with room for improvement in privacy and security transparency.

C

Czech Gymnastics Federation

gymtv.cz

55

GymTV is the official TV channel of the Czech Gymnastics Federation, providing live streaming and archived video content of gymnastics competitions. The website serves a niche audience of gymnastics enthusiasts primarily in the Czech Republic and operates as a non-profit media outlet affiliated with the national federation. The digital infrastructure is based on WordPress CMS with common plugins for analytics, translation, and UI enhancements, reflecting a moderate level of digital maturity. The site is well-branded, mobile-optimized, and offers a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enforced and cookie consent implemented, though it lacks advanced security headers and published security policies. The absence of WHOIS registrant data is likely due to privacy protection, which is common for such organizations. Overall, the website is legitimate, professional, and focused on its core mission of gymnastics event broadcasting.

F

forward

forward.live

55

The website forward.live represents the 'fwd: Bundesvereinigung Veranstaltungswirtschaft e.V.', a German non-profit association dedicated to the event industry. It serves as a central platform for members of the event sector, focusing on political advocacy, networking, knowledge transfer, and sustainability initiatives. The organization positions itself as a key voice for the industry at the national and regional levels, with a clear emphasis on community and future-oriented development. The site content is professionally presented in German, targeting industry professionals and stakeholders. Technically, the website is built on WordPress using Elementor and several Jet plugins, with SEO optimization via Yoast. It employs modern web technologies including jQuery and Google Tag Manager for analytics. The site is mobile-optimized and features a cookie consent mechanism compliant with GDPR, reflecting a mature digital infrastructure. Performance is moderate, with room for improvement in accessibility and security headers. From a security perspective, the site enforces HTTPS and implements cookie consent, but lacks visible security headers such as CSP or HSTS. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected, which is justified for this type of organization. No explicit security or incident response policies are publicly available, suggesting an area for enhancement. Overall, the website demonstrates a strong business credibility and compliance posture with good content quality and technical implementation. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to further strengthen trust and compliance.

R

R.I.F.E.L. Research Institute for Exhibition and Live-Communication e.V.

rifel-institut.de

45

R.I.F.E.L. Research Institute for Exhibition and Live-Communication e.V. is a small, Germany-based non-profit organization specializing in research within the exhibition and live communication sectors. The website serves as a platform to showcase their research activities, provide access to an online shop, and offer contact channels for stakeholders. Their market position is niche, targeting professionals and organizations involved in exhibitions and live events. The business model combines research services with e-commerce capabilities, supporting their mission and outreach. Technically, the website is built on WordPress with WooCommerce integration, leveraging common web technologies such as jQuery and PHP. Hosting is managed via Corpex DNS, and the site employs HTTPS with a good SSL configuration. The site demonstrates moderate performance and good mobile optimization, though accessibility and SEO optimizations are basic. The presence of Jetpack and WooCommerce analytics indicates moderate user tracking. From a security perspective, the site uses HTTPS but lacks advanced security headers and explicit security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance compliance and security posture, supporting the organization's credibility and user trust.

B

BrandEx

brand-ex.org

60

BrandEx is a specialized event and award platform focused on recognizing excellence in live communication and brand experience within the German-speaking market. Established in 2017, it organizes annual award ceremonies celebrating creativity and innovation in categories such as architecture, events, and special awards. The website serves as a hub for ticket sales, jury information, news updates, and industry networking, targeting marketing professionals, event organizers, and creative agencies. Technically, the site is built on WordPress with modern plugins for SEO, cookie management, and analytics, hosted behind Cloudflare DNS. Security posture is solid with HTTPS and cookie consent mechanisms, though some advanced security headers and DNSSEC are not implemented. Privacy compliance is strong, reflecting GDPR requirements with detailed cookie categories and user consent options. No critical vulnerabilities or suspicious indicators were found. Overall, BrandEx presents a professional, trustworthy, and well-maintained digital presence aligned with its business goals.

E

Eurosystem Procurement Coordination Office (EPCO)

epco.lu

54

The Eurosystem Procurement Coordination Office (EPCO) is an institutional entity established by the European Central Bank to coordinate joint procurement activities among the central banks of the Eurosystem and the European System of Central Banks (ESCB). Hosted by the Banque centrale du Luxembourg since 2008, EPCO facilitates cost-efficient procurement, contract management, and promotes best practices across its member institutions. The website reflects a professional and consistent brand image, targeting central banks and related governmental entities involved in procurement activities. Technically, the site is built on WordPress with modern frontend technologies and includes GDPR-compliant cookie consent mechanisms. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. The absence of explicit privacy and terms of service policies is a notable gap. Overall, the site is trustworthy and well-positioned as an official coordination office for Eurosystem procurement.

C

Comité du Risque Systémique

cdrs.lu

32

The website cdrs.lu represents the Comité du Risque Systémique, an institutional entity likely focused on systemic risk in Luxembourg. The site is primarily informational, presented in French, and built on WordPress using the Divi theme. The technical infrastructure is standard for a small institutional website, with moderate performance and basic mobile optimization. However, the site lacks critical privacy and security policies, contact information, and advanced security headers, which limits its compliance and trustworthiness. No WAF or blocking mechanisms were detected, indicating full accessibility. The WHOIS data shows Luxembourg-based name servers consistent with the domain's country code but lacks detailed registrant information, limiting full legitimacy assessment. Overall, the site is safe and suitable for general audiences but requires improvements in privacy, security, and contact transparency to enhance trust and compliance.

B

Banque centrale du Luxembourg

apieceofluxembourg.lu

60

The website 'A Piece of Luxembourg' is an official platform managed by the Banque centrale du Luxembourg, offering unique numismatic products that celebrate Luxembourg's culture, history, and heritage. It targets collectors and enthusiasts interested in Luxembourg-themed euro coins and related products, positioning itself as a niche leader in this specialized market. The business model revolves around e-commerce sales combined with cultural promotion, leveraging the authority and trust of the central bank. Technically, the website is built on WordPress and employs modern web technologies such as jQuery, FontAwesome, Swiper.js, and integrates Google Tag Manager for analytics. The site is mobile-optimized with good SEO practices and a moderate performance profile. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. From a security perspective, the site uses HTTPS with an excellent SSL configuration and implements cookie consent. However, it lacks explicit security headers and publicly available security policies or incident response information. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data reduces domain registration transparency but does not significantly detract from the site's legitimacy given its official affiliation. Overall, the website presents a low-risk profile with strong business credibility and good technical and security posture. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to further strengthen trust and compliance.

D

Dopravní koridor Poodří, z.s.

dopravnikoridorpoodri.cz

59

Dopravní koridor Poodří, z.s. is a Czech non-profit organization focused on advocating for transportation corridor development, particularly high-speed rail projects, in the Poodří region. The organization collaborates with multiple municipalities and regional authorities to influence infrastructure planning and environmental considerations. Their website serves as an information hub and communication platform for stakeholders and the public. Technically, the website is built on WordPress using the Avada theme and Fusion Builder framework, incorporating modern JavaScript libraries like Splide.js for interactive elements. The site is hosted under the REG-GRANSY registrar with consistent DNS settings. Performance and mobile optimization are good, though accessibility is basic. SEO practices are adequately implemented. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks explicit security headers and a vulnerability disclosure policy. No critical vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present and GDPR compliant, enhancing user trust. Overall, the website presents a professional and trustworthy front for the organization, with clear contact information and relevant content. Strategic improvements in security headers and incident response documentation could further strengthen their posture.

E

Eurener

eurener.com

47

Eurener is a Spanish photovoltaic module manufacturer specializing in high-quality, durable solar panels primarily targeting the European residential and commercial markets. The company emphasizes sustainability, advanced solar technologies, and premium design, supported by industry certifications and awards such as the TOP Brand seal and Ecovadis platinum medal. The website is built on WordPress with Elementor, featuring modern web technologies and multilingual support, providing a professional user experience with good navigation and mobile optimization. Security posture is adequate with HTTPS and domain registration protections, but lacks advanced DNS security and explicit security policies. Privacy compliance is limited due to missing privacy and cookie policies. Overall, the website reflects a credible and established business with room for improvement in privacy and security transparency.

F

Fair-ON-Pay Association

fair-on-pay.com

52

Fair-ON-Pay Association is a Swiss-based non-profit organization founded in 2022 that promotes equal pay in companies through certification and auditing services. It offers a recognized certification process with multiple levels, audited by SGS, to help companies demonstrate their commitment to equal pay and social responsibility. The association is a member of the Equal Pay International Coalition (EPIC), enhancing its credibility and international standing. The website is professionally designed using WordPress and the Divi theme, with good SEO and mobile optimization. It integrates Google Analytics and a GDPR-compliant cookie consent mechanism, reflecting a mature digital presence. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or incident response information is published. Overall, the website and business present a trustworthy and professional image with clear contact information and partner relationships.

E

E3/DC

e3dc.com

50

E3/DC operates as a German-based company specializing in energy storage solutions, particularly for photovoltaic systems. The website presents a professional and well-structured digital presence built on WordPress, leveraging modern technologies such as Bootstrap and various marketing and analytics tools. The company positions itself as a price-winning provider in the energy storage sector, targeting end customers with photovoltaic installations. Technically, the site is well-optimized for mobile and SEO, with HTTPS enforced and cookie consent mechanisms in place. However, the absence of WHOIS data and lack of explicit privacy and security policies reduce the overall trustworthiness and compliance posture. Security best practices such as security headers and incident response information are missing, indicating room for improvement in security maturity. Overall, the website is functional and professional but would benefit from enhanced transparency and security documentation.

E

EVBox

evbox.com

11

EVBox is a well-established global provider of electric vehicle charging stations and software solutions, founded in 2007. The company targets businesses, resellers, distributors, installers, OEMs, and electric vehicle users, offering scalable and modular charging solutions alongside partner support and maintenance services. Their market position is strong within the energy and transportation sectors, supported by a global partner network and certifications. Technically, the website is built on WordPress with modern SEO and analytics tools, hosted by OVH sas, and optimized for performance and mobile devices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though DNSSEC is not enabled and some security headers could be added. The domain registration is consistent and trustworthy, with no privacy protection but with domain status flags to prevent unauthorized changes. Overall, the website is professional, secure, and compliant with GDPR, providing a trustworthy digital presence for EVBox.

E

Ecodenta

ecodenta.lt

38

Ecodenta.lt is a Lithuanian-based healthcare e-commerce website specializing in dental care products and services. The company has been established since 2014 and operates primarily in the Lithuanian market. The website is built on WordPress using the WooCommerce plugin and the Divi theme, indicating a standard but effective e-commerce platform. The site is moderately optimized for mobile devices and provides a generally good user experience with clear navigation and professional design. However, it lacks explicit privacy and terms of service pages, which are important for compliance and user trust. Security posture is adequate with HTTPS enabled and cookie consent implemented, but the absence of security headers and incident response information suggests room for improvement. Overall, the domain registration data aligns well with the business claims, supporting the legitimacy of the site.

K

Kökstavlor.se

xn--kkstavlor-07a.se

48

Kökstavlor.se is a Swedish niche affiliate marketing website specializing in kitchen posters and wall art. The site aggregates product information and links to partner retailers such as Designtorget, KitchenTime, Confident Living, and Solhem Inredning, providing users with curated selections and price comparisons. The business model relies on affiliate commissions while maintaining editorial independence and transparency through affiliate disclosures. The website is built on WordPress using Elementor and Yoast SEO, indicating a mature digital infrastructure with good SEO practices and mobile optimization. Security posture is solid with HTTPS enforced and standard security headers, though improvements like DNSSEC and Content-Security-Policy headers are recommended. Privacy compliance is partial, with a cookie consent mechanism but no visible privacy policy or terms of service pages. Overall, the site is professional, trustworthy, and well-positioned within its retail niche.

W

Weingut Christen

weingutchristen.at

56

Weingut Christen is a small regional wine producer based in Austria, specializing in the production and sale of wines from Niederösterreich. The company operates through direct sales including an Ab-Hof-Verkauf (farm gate sales) and participates in local wine festivals and events, targeting wine enthusiasts and regional customers. The website reflects a professional and consistent brand image with clear business and contact information. Technically, the site is built on WordPress with WooCommerce for e-commerce capabilities, leveraging modern frameworks like Bootstrap and libraries such as jQuery and FontAwesome. SEO is well implemented with Yoast SEO plugin and the site is mobile optimized. Security posture is good with HTTPS enforced and GDPR-compliant cookie consent mechanisms in place, although additional security headers could enhance protection. No critical vulnerabilities or suspicious content were detected. Overall, the site is trustworthy and well-maintained, suitable for its business purpose.

J

Jan Becher – Karlovarská Becherovka, a.s.

becherovka.cz

50

Jan Becher – Karlovarská Becherovka, a.s. operates a professional and well-branded website promoting its iconic Czech herbal bitter liqueur, Becherovka. The company has a strong market position as a traditional and internationally recognized brand with a history dating back to 1807. The website offers product information, cocktail recipes, company history, and visitor experiences, targeting adult consumers with appropriate age verification. Technically, the site is built on WordPress with modern plugins and tracking tools, providing a good user experience with multilingual support and mobile optimization. Security measures include HTTPS, cookie consent management, and an age gate, although no explicit incident response or vulnerability disclosure policies are published. WHOIS data is missing, which slightly impacts trust but the overall digital presence and compliance indicate a legitimate and professional operation.

Q

Qcells North America

qcells.com

56

Qcells North America operates a professional website focused on delivering cutting-edge solar technology and sustainable energy solutions. The company targets a broad audience interested in renewable energy products and services, positioning itself as a significant player in the North American solar market. The website is built on WordPress with Elementor and incorporates modern technologies such as React and Google Maps API, indicating a mature digital infrastructure. The presence of cookie consent mechanisms and structured data enhances user experience and SEO. However, the absence of WHOIS domain registration data and lack of visible privacy policy or terms of service pages present compliance and trust challenges. Security posture is generally good with HTTPS enforced, but could be improved by adding security headers and explicit incident response contacts. Overall, the site is professional and trustworthy but would benefit from enhanced transparency and compliance documentation.

E

Ektaco AS

ektaco.ee

53

Ektaco AS is an established Estonian technology company specializing in point-of-sale (POS) systems and workforce management solutions, with over 35 years of market presence. Their flagship products, CompuCash and CompuAccess, cater primarily to retail, hospitality, and manufacturing sectors, offering integrated hardware and software solutions. The company maintains a strong local market position supported by ISO 9001 certification and positive customer testimonials. Technically, the website is built on WordPress with modern integrations such as Google Analytics, Facebook Pixel, and Tawk.to live chat, complemented by a robust cookie consent mechanism ensuring GDPR compliance. Security posture is solid with HTTPS enforcement and reCAPTCHA protection on forms, though some security headers could be enhanced. Overall, the digital infrastructure supports a professional and trustworthy online presence.

K

Kuratorium Deutsche Altershilfe Wilhelmine-Lübke-Stiftung e. V.

kda.de

62

Kuratorium Deutsche Altershilfe Wilhelmine-Lübke-Stiftung e. V. (KDA) is a well-established German non-profit organization founded in 1962, focused on promoting a humane society for aging and self-determined living. It operates under the patronage of the German Federal President and provides research, consultancy, project management, and advocacy services in the fields of aging, care, and social participation. The organization targets older adults, care professionals, public and private institutions, and policymakers primarily in Germany with European outreach. The website is professionally designed, content-rich, and well-structured, reflecting a mature digital presence.

BitByte, obrt za IT usluge, is a Croatian small IT service provider specializing in computer servicing, network solutions, website development, and fiscal software hosting. The company targets both private and business customers, emphasizing professional diagnostics, OEM parts, and secure fiscal solutions via Remaris Master hosted in their data center. The website reflects a professional and consistent brand image with clear service offerings and distributor partnerships. Technically, the site is built on WordPress using Elementor and Yoast SEO, with HTTPS and Google reCAPTCHA implemented for security. However, the absence of privacy and cookie policies and limited WHOIS transparency due to GDPR reduce the overall privacy compliance and trust slightly. Security headers are not evident, suggesting room for improvement in security posture. Overall, the site is functional, well-structured, and suitable for its business purpose.

Pag Outdoor is a small Croatian tourism and outdoor activity provider specializing in kayaking and related experiences on the island of Pag. The website is professionally designed using WordPress with Elementor and Astra theme, supporting multiple languages and optimized for SEO with structured data. The technical infrastructure is modern but lacks some security best practices such as security headers and explicit privacy policies. The security posture is moderate with HTTPS enabled but could be improved with additional headers and vulnerability disclosures. The domain WHOIS data is missing, which raises concerns about registration transparency and trustworthiness. Overall, the website serves its business purpose well but should enhance privacy compliance and security transparency to improve trust and compliance.

Europe Direct Dubrovačko-neretvanske županije operates as a regional EU information center in Croatia, providing citizens with access to EU-related information, events, and services. The website serves as a communication platform to engage the public in discussions about the European Union's future and policies. It is funded by the European Union and acts as a trusted source for regional EU news and resources. The organization targets local citizens and stakeholders interested in EU affairs, promoting transparency and participation.

T

Tera Tehnopolis d.o.o.

tera.hr

53

Tera Tehnopolis d.o.o. is a Croatian business incubator and technology transfer organization established in 2003, focused on promoting innovation, entrepreneurship, and the connection between science and the economy. The company offers a range of services including business incubation, technology transfer, consulting, education, and 3D laboratory services, targeting entrepreneurs, startups, and SMEs primarily in the Osijek region and beyond. The website demonstrates a professional digital presence with consistent branding and active social media channels. Technically, the site is built on WordPress with modern plugins and SEO tools, providing moderate performance and good mobile optimization. Security posture is adequate with HTTPS and basic best practices, but lacks published security policies and vulnerability disclosure mechanisms. Privacy compliance is weak due to absence of explicit privacy and cookie policies. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness.

Y

Yufe

yufe.hr

70

YUFE (Young Universities for the Future of Europe) is a European University Alliance comprising 10 partner universities, focused on providing innovative educational opportunities, civic engagement activities, and staff development across Europe. The alliance is recognized by the European Commission and aims to add a European dimension to studies and careers. The website is professionally designed, content-rich, and well-structured, targeting students, researchers, academic staff, citizens, and organizations. It leverages modern web technologies including WordPress, Google Tag Manager, and multimedia embeds to deliver an engaging user experience. Security posture is good with HTTPS and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is evident with GDPR-aligned policies and cookie management. The domain is privacy-protected under EURid, which is typical for .eu domains and justified for this type of organization. Overall, the website presents a trustworthy and credible digital presence for an educational alliance.

Y

Yufe

yufe.eu

70

YUFE (Young Universities for the Future of Europe) is a European University Alliance comprising 10 partner universities. The organization focuses on providing innovative educational programs, including on and offline university-level courses, civic engagement activities, language courses, and staff development opportunities across Europe. The website presents a professional and well-structured digital presence, targeting students, researchers, academic staff, citizens, and organizations interested in European higher education collaboration. Technically, the site is built on WordPress with modern integrations such as Google Tag Manager, Mailchimp, and video embeds from Vimeo and YouTube, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and privacy compliance mechanisms in place, although no explicit security policy or incident response contacts are published. Overall, the site is trustworthy, well-branded, and compliant with GDPR, supporting its role as a reputable educational alliance.

Z

Zavod za kulturo, turizem in šport Murska Sobota

visitmurskasobota.si

50

Visit Murska Sobota is a regional tourism and cultural promotion website managed by the Zavod za kulturo, turizem in šport Murska Sobota. The site provides comprehensive information about local events, sustainable transport options, accommodation, dining, and cultural experiences targeting tourists and local visitors. The business operates as a small regional institute focused on enhancing the visibility and attractiveness of Murska Sobota and the Pomurje region. Technically, the website is built on WordPress with multilingual support and integrates common marketing and analytics tools such as Google Analytics and Tag Manager. The site is hosted by NEOSERV.si, a Slovenian hosting provider, and uses HTTPS with a good SSL configuration. Security posture is adequate with cookie consent and GDPR compliance, though it lacks some security headers and has an expired Instagram API token causing feed errors. Overall, the website is professional, trustworthy, and well-structured, with clear contact information and partner affiliations. Strategic improvements include renewing third-party API tokens, enhancing security headers, and improving accessibility features.

D

e-Documenta Pannonica – Čezmejna baza podatkov o kulturni dediščini izbranih 120 krajev na čezmejnem slovensko-madžarskem območju – Prekmurja v Sloveniji in Železne županije na Madžarskem

documenta-pannonica.si

52

The website www.documenta-pannonica.si serves as a cross-border cultural heritage database focusing on 120 selected locations in the Slovenian-Hungarian border region, specifically Prekmurje in Slovenia and the Železna županija in Hungary. It provides detailed information on archival materials, immovable and intangible cultural heritage, notable personalities, and audio-visual content. The platform targets researchers, historians, and cultural enthusiasts interested in this niche area. The multilingual support (Slovenian, Hungarian, English) enhances accessibility for a broader audience. Technically, the site is built on WordPress with common plugins for multilingual content and GDPR cookie compliance, hosted by a Slovenian provider. Performance is moderate with good mobile optimization and basic accessibility features. Security posture is adequate with HTTPS and cookie consent but lacks visible security headers and formal privacy or security policies. Analytics are implemented via Google Analytics with moderate user tracking. Overall, the site is professionally designed with consistent branding and trustworthy content, though it would benefit from enhanced privacy documentation and security hardening.

Općina Krapinske Toplice operates an official municipal website providing comprehensive information and services to residents and stakeholders of the Krapinske Toplice municipality in Croatia. The site offers detailed administrative content including organizational structure, public notices, procurement, and community engagement resources. The website is positioned as a local government authority portal, serving a small-sized municipality with a focus on transparency and public service. Technically, the site is built on WordPress CMS using Elementor page builder, leveraging modern web technologies such as jQuery and Font Awesome for UI elements. Hosting and domain registration are consistent with a Croatian academic network provider, ensuring local presence and legitimacy. Security posture is adequate with HTTPS enabled and no exposed sensitive data, though improvements in security headers and incident response documentation are recommended. Privacy compliance is supported by clear privacy and cookie policies, though a cookie consent mechanism is absent. Overall, the website is professional, trustworthy, and safe for general audiences, with a good balance of content quality and technical implementation.

P

Povjerenik za informiranje

pristupinfo.hr

55

The website pristupinfo.hr serves as the official online presence of the Croatian Commissioner for Information, providing comprehensive resources related to the right of access to information. It targets both users seeking information and public authorities, offering legal frameworks, educational webinars, open data initiatives, and event calendars. The site is well-positioned as a government transparency and information access portal with a medium organizational size and a founding date consistent with its domain registration in 2013. Technically, the site is built on WordPress with a modern tech stack including Yoast SEO, Google Analytics, and Fusion Builder. It is hosted by CARNET, a reputable Croatian academic network, ensuring reliable infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. From a security perspective, the site enforces HTTPS and uses reCAPTCHA for form protection. However, it lacks some advanced security headers and does not publish explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is trustworthy, professional, and aligned with its governmental role. Strategic improvements in privacy compliance, security policy transparency, and enhanced security headers would further strengthen its posture.

R

Razvojna agencija Sotla

ra-sotla.si

40

Razvojna agencija Sotla is a Slovenian regional development agency established in 2003, focusing on regional development programs, entrepreneurship support, and project management primarily in the Obsotelje and Kozjansko regions. The agency operates as a non-profit entity serving local governments, entrepreneurs, and community stakeholders. Their website reflects a professional and consistent brand presence with clear navigation and relevant content tailored to their target audience. Technically, the site is built on WordPress using modern plugins such as Elementor and Events Manager, ensuring good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and standard security headers present, though there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is trustworthy, compliant with GDPR cookie requirements, and free from suspicious indicators.

M

MAMFORCE

incq-all.com

51

INC.Q, operated by MAMFORCE, is a recently established company (founded in 2023) specializing in Diversity, Equity, and Inclusion (DEI) certifications, consulting, and training services. The company positions itself as a leader in DEI initiatives across Europe, offering a range of services including DEI certification, equal pay certification, ESG data reporting, and employer branding. The website reflects a professional and consistent brand image, targeting businesses seeking to improve their DEI practices and employee engagement. The digital infrastructure is built on WordPress with modern marketing and analytics integrations, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and some best practices, though improvements such as enabling DNSSEC and publishing security policies are recommended. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the website is trustworthy and professionally maintained, though the domain is very new, aligning with the company's recent founding.

WBS.LEGAL is a well-established German law firm specializing in media, internet, e-commerce, and related legal fields with over 30 years of experience. The firm operates nationwide with a strong digital presence, offering comprehensive legal services and free initial consultations. Their website reflects a professional and trustworthy brand with extensive content, client testimonials, and active social media engagement. Technically, the site is built on WordPress with modern frameworks and integrates multiple analytics and marketing tools, ensuring good performance and user experience. Security posture is solid with HTTPS and consent management, though explicit security headers could be enhanced. Overall, the domain's WHOIS data is privacy-protected, which is typical for professional legal entities, and no suspicious indicators were found.

D

DGD Deutsche Gesellschaft für Datenschutz

dg-datenschutz.de

50

DGD Deutsche Gesellschaft für Datenschutz is a specialized small business providing professional external data protection officer services and consulting for companies, trade businesses, works councils, associations, and internal whistleblower offices under the German Whistleblower Protection Act. Their market position is that of a niche GDPR compliance and data protection consultancy focused on delivering expert advice and risk minimization to clients. The website is built on WordPress using Elementor, reflecting a moderate to good level of digital maturity with a professional design and good mobile optimization. Security posture is solid with HTTPS enforced and a comprehensive cookie consent mechanism, though lacking explicit security headers and incident response information. Overall, the site is trustworthy, compliant, and well-structured, serving its target audience effectively.

T

Tech Funding News

techfundingnews.com

68

Tech Funding News is a specialized online media platform delivering global technology startup funding news, covering sectors such as AI, fintech, crypto, and venture capital. The website targets technology startup founders, investors, and industry professionals seeking timely funding updates and insights. The platform operates on WordPress with a modern tech stack including Yoast SEO, Mailchimp integration, and Google Analytics for tracking and marketing. Hosting and DNS services involve GoDaddy and Cloudflare respectively, ensuring reliable domain management and performance. Security posture is solid with HTTPS enforced and domain locks in place, though DNSSEC is not enabled and no explicit privacy or security policies are published. The site includes cookie consent mechanisms but lacks a formal privacy policy and terms of service, which are critical for GDPR compliance. Contact is primarily through newsletter subscription forms without direct emails or phone numbers. Overall, the website presents professional content with good design and navigation, but could improve privacy transparency and security disclosures.

T

Tech Nation

technation.io

66

Tech Nation is a prominent UK-based growth platform and industry body dedicated to supporting tech startups and entrepreneurs across the UK. Powered by Founders Forum Group, it offers a comprehensive suite of programmes, events, and policy advocacy initiatives designed to empower startups from seed stage to IPO and beyond. The organization targets ambitious tech founders, providing them with practical knowledge, networking opportunities, and peer communities to scale their ventures effectively. Its market position as a leading UK tech ecosystem enabler is reinforced by partnerships with major entities such as HSBC Innovation Banking and a strong alumni network including notable companies like Revolut and Deliveroo. Technically, the website is built on WordPress and leverages a modern technology stack including jQuery, slick.js, flatpickr, and multiple analytics and marketing tools such as Google Analytics, HubSpot, Facebook Pixel, and CookieHub. The site demonstrates excellent performance, mobile optimization, accessibility, and SEO practices. Hosting is via Amazon AWS, and the domain is secured with HTTPS and domain locking mechanisms, although DNSSEC is not enabled. From a security perspective, the site follows best practices with HTTPS, security headers, and cookie consent mechanisms. However, it lacks a publicly available security policy, incident response contacts, and vulnerability disclosure information. The domain WHOIS data is privacy protected but consistent with a legitimate and mature organization. No critical vulnerabilities or suspicious patterns were detected. Overall, Tech Nation presents a professional, trustworthy, and well-maintained digital presence aligned with its mission to support UK tech entrepreneurship. Strategic recommendations include enabling DNSSEC, publishing a security policy and incident response contacts, and adding a security.txt file to enhance transparency and security posture.

D

Domino dizajn

domino-dizajn.hr

55

Domino dizajn is a Croatian creative studio specializing in graphic design, printing, digital marketing, and modern web solutions including web shops and mobile applications. With nearly two decades of experience, the company serves businesses seeking comprehensive branding and digital presence services. The website is built on WordPress with Elementor, featuring good SEO, accessibility, and mobile optimization. Security posture is solid with HTTPS and cookie consent, though lacks explicit security policies and incident response contacts. Overall, the site reflects a professional and trustworthy business with a clear market position in the technology and creative services sector.

M

MAMFORCE

mamforce.hr

45

MAMFORCE is a Croatian-based organization specializing in Diversity, Equity, and Inclusion (DEI) certifications and consulting services aimed at improving workplace culture for families and women. Their offerings include multiple certification standards such as MAMFORCE Standard, DADFORCE Standard, and INC.Q EQUAL PAY, alongside training and employer branding services. The company positions itself as a leader in promoting fair and inclusive organizational cultures within Croatia. Technically, the website is built on WordPress with a modern tech stack including Google Analytics, Facebook Pixel, and various plugins enhancing user experience and tracking capabilities. The site is mobile-optimized and SEO-friendly, reflecting a good level of digital maturity. Security-wise, the site enforces HTTPS and uses some security best practices but lacks certain headers like Content-Security-Policy and X-Frame-Options, which are recommended for enhanced protection. No privacy policy or terms of service were found, which is a compliance gap. Overall, the domain registration is consistent with the business claims, and no suspicious patterns were detected, supporting a high legitimacy score.

B

Business Angels Impact Fund

baif.hr

54

Business Angels Impact Fund is a Croatian-based investment fund focused on supporting startups and companies that generate social and environmental impact. The website presents a professional and consistent brand image, targeting investors and social enterprises. The technical infrastructure is built on WordPress using Elementor and Astra theme, indicating a moderate level of digital maturity with good mobile optimization and basic SEO. Security posture is moderate with HTTPS enabled but lacking advanced security headers and policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is functional and trustworthy but would benefit from enhanced security and compliance measures.

R

Ride & Bike 2

rideandbike.eu

38

Ride & Bike 2 is a regional tourism promotion website focusing on the natural and cultural heritage of several regions in Croatia and Slovenia. It provides information about outdoor activities, cultural sites, and local attractions, targeting tourists and outdoor enthusiasts. The website leverages WordPress CMS with WPBakery Page Builder and integrates Google Tag Manager for analytics. While the site is well-structured and visually consistent, it lacks critical privacy and cookie policies, as well as explicit contact information, which impacts its compliance and trustworthiness. Security posture is moderate with HTTPS enabled but missing security headers and incident response contacts. Overall, the site is functional and serves its tourism promotion purpose but requires improvements in privacy compliance and security best practices.

Z

Zagorska razvojna agencija

cro-si-safe.eu

50

The CRO-SI-SAFE website represents a regional cooperation project aimed at enhancing cross-border partnerships among emergency rescue services in the Krapinsko-zagorska and Savinjska regions. The project focuses on improving civil protection systems and increasing resilience to disasters. The website is professionally designed using WordPress and Elementor, with clear navigation and multilingual support in Croatian, Slovenian, and English. Key services include training, publications, and collaborative activities supported by EU funding. The site demonstrates a solid market position as a government/non-profit regional initiative with trusted partners.

D

Dom za žrtve nasilja u obitelji NOVI POČETAK

novipocetak.hr

41

Dom za žrtve nasilja u obitelji NOVI POČETAK is a Croatian social care institution dedicated to supporting victims of domestic violence and their children. Founded and operated under the auspices of the Krapinsko-zagorska županija regional government, it provides safe accommodation, psychosocial counseling, and professional social work services. The website reflects a well-structured, professionally designed platform with clear navigation and relevant content tailored to its target audience. Technically, the site is built on WordPress with Elementor and Yoast SEO, integrating Google Analytics and reCAPTCHA for security and analytics purposes. Security posture is strong with HTTPS enforced and appropriate security headers, though it lacks published security policies and cookie consent mechanisms. WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, the site is trustworthy, compliant with GDPR in terms of privacy policy presence, but could improve cookie consent and incident response transparency.

H

HZHM

hzhm.hr

60

Hrvatski zavod za hitnu medicinu (HZHM) is a Croatian public healthcare institution specializing in emergency medicine and telemedicine services across Croatia. The website serves as an informational portal primarily in Croatian, with an English language option, targeting the general public and healthcare professionals. The institution operates within the healthcare sector, providing essential emergency medical services and telemedicine support, positioning itself as a key national healthcare entity. Technically, the website is built on WordPress using the Divi theme, incorporating Google Tag Manager for analytics. The site demonstrates moderate performance and good mobile optimization, with basic accessibility features and good SEO practices. Security posture is adequate with HTTPS enabled, but lacks several recommended security headers and explicit security policies. Privacy compliance is limited due to the absence of privacy and cookie policies or consent mechanisms. Overall, the domain registration data aligns well with the institution's identity and location, supporting its legitimacy. Strategic improvements in privacy compliance, security headers, and incident response transparency would enhance trust and security maturity.

P

Poliklinika Magdalena

magdalena.hr

48

Poliklinika Magdalena is a well-established healthcare provider specializing in cardiovascular care with over 25 years of experience. The organization operates multiple physical locations in Croatia, including Zagreb and Krapinske Toplice, and offers a comprehensive range of services from diagnostics to surgical interventions and telemedicine. The website reflects a professional and patient-focused approach, targeting individuals seeking specialized cardiovascular healthcare. Technically, the site is built on WordPress with modern tools such as Gravity Forms for data collection, Google Analytics and Facebook Pixel for analytics, and CookieYes for GDPR-compliant cookie consent. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is strong with HTTPS enforced, appropriate security headers, and no visible vulnerabilities. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website and domain registration details indicate a legitimate and trustworthy healthcare provider with a solid digital presence.

S

Specijalna bolnica za medicinsku rehabilitaciju Krapinske Toplice

sbkt.hr

47

Specijalna bolnica za medicinsku rehabilitaciju Krapinske Toplice is a specialized healthcare provider focused on medical rehabilitation services for neurological, cardiovascular, orthopedic, rheumatologic, and internal medicine patients, including both adults and children. The hospital also offers outpatient specialist services, health tourism, and preventive health programs. The website reflects a well-established regional medical institution with a clear market position and a comprehensive service portfolio. The target audience primarily includes patients and healthcare consumers seeking rehabilitation and wellness services in Croatia. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and various plugins for enhanced functionality such as forms and galleries. The site is mobile optimized, accessible, and SEO friendly, with good content quality and consistent branding. Security posture is solid with HTTPS enforced and CAPTCHA protection on forms, though there is room for improvement in implementing security headers and cookie consent mechanisms. Overall, the domain registration and WHOIS data align well with the business claims, supporting the legitimacy and trustworthiness of the entity.

L

Libela

libela.org

48

Libela.org is a Croatian non-profit organization dedicated to promoting gender equality and social justice through media and advocacy. The website serves as a platform for publishing articles, reports, and news focused on gender facts and social issues relevant to Croatia. It targets a general audience interested in social activism and equality. The organization has been active since 2009, reflecting a mature and stable presence in its niche. Technically, the website is built on WordPress and leverages modern web technologies such as jQuery, Lightbox2, and Swiper for enhanced user experience. It is hosted on Linode, ensuring reliable infrastructure. The site demonstrates good mobile optimization, accessibility features, and SEO practices, supported by plugins like Yoast SEO and GDPR cookie compliance tools. From a security perspective, the site uses HTTPS with a valid SSL certificate and employs domain transfer protection. However, DNSSEC is not enabled, and additional security headers could be implemented to strengthen defenses. Privacy compliance is well addressed with clear privacy and cookie policies and explicit user consent mechanisms. No critical vulnerabilities or suspicious activities were detected. Overall, Libela.org presents a trustworthy, professional, and content-rich platform with a solid security posture and compliance framework. Strategic improvements in DNS security and HTTP headers would further enhance its security maturity and resilience.

H

HDIT

hdit.hr

56

HDIT is a Croatian IT integration company established in 2006, specializing in IT system implementation, maintenance, custom software and web development, cybersecurity, and IT consulting. The company holds a strong market position as a leading system integrator and helpdesk support provider in Croatia. Their services cover comprehensive IT infrastructure and application solutions, supported by partnerships with major technology vendors. The website reflects a mature digital presence with professional design, clear navigation, and mobile optimization. Technically, the site is built on WordPress with modern plugins and follows good performance and accessibility standards. Security posture is solid with HTTPS, GDPR compliance, and ISO certifications, though some security headers and incident response disclosures could be improved. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

S

Sveučilište u Rijeci

uniri.hr

60

Sveučilište u Rijeci is a well-established public university in Croatia, recognized as the second oldest with continuous operation in the country. The institution offers a broad range of higher education programs, research initiatives, and community engagement activities. The website reflects a strong academic and institutional presence, targeting students, researchers, and the general public interested in education and research. It maintains a consistent brand identity and provides comprehensive information about its services and partnerships, including international collaborations such as ERASMUS and YUFE.