Security Directory

W

WestLotto

westlotto.de

70

WestLotto.de is the official state lottery operator for North Rhine-Westphalia (NRW), Germany, providing a range of lottery and gaming services including LOTTO, Eurojackpot, KENO, TOTO, and GlücksSpirale. The website targets adult residents of NRW and positions itself as a secure and reliable state-run gaming platform. The business model is focused on regulated lottery services under government oversight, with a strong regional market presence.

The website 'Vereinssuche Landessportbund Nordrhein-Westfalen e.V.' serves as an informational platform for searching sports clubs affiliated with the Landessportbund Nordrhein-Westfalen, a regional non-profit sports federation in Germany. The site targets residents and sports enthusiasts in North Rhine-Westphalia, providing a centralized resource for club information. The business model is non-profit and focused on public service rather than commercial revenue. Technically, the site employs modern web technologies including Blazor WebAssembly and Bootstrap CSS, indicating a contemporary frontend infrastructure. Hosting appears to be managed via Deutsche Telekom infrastructure, inferred from the nameservers. The site shows moderate performance and basic mobile optimization, with dynamic content loading via Blazor. However, the content on the main HTML is minimal, relying on client-side rendering. From a security perspective, the site uses HTTPS, but no explicit security headers were detected in the provided data. There are no visible privacy or cookie policies, nor contact information for security incidents, which limits compliance and user trust. No forms or data collection mechanisms were found on the landing page, reducing immediate attack surface but also limiting user engagement features. Overall, the website is legitimate and consistent with its stated purpose and regional focus. However, improvements in privacy compliance, security headers, and contact transparency are recommended to enhance trust and regulatory adherence.

P

peakzone

peakzone.de

46

Peakzone is a German-based e-commerce retailer specializing in sportswear, equipment, and accessories across a broad range of sports including basketball, football, rugby, volleyball, handball, running, and fitness. The website is built on the Shopware platform and integrates modern payment solutions such as PayPal and Klarna, indicating a mature digital infrastructure. The site offers a well-structured navigation system catering to sports enthusiasts, teams, referees, and lifestyle customers, positioning itself as a niche regional sports retail provider. Technically, the website demonstrates good mobile optimization and moderate performance, though there is room for improvement in SEO and accessibility features. Security posture is solid with HTTPS enabled and secure payment integrations; however, the absence of security headers and explicit privacy and terms of service pages suggests gaps in compliance and best practices. No blocking mechanisms or WAF challenges were detected, allowing full content accessibility. Overall, the site is safe for general audiences with no adult or questionable content. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and security maturity.

L

Leichtathletik Shop

leichtathletik-shop.info

72

Leichtathletik Shop is the official online merchandise store of the Deutscher Leichtathletik Verband (German Athletics Association), offering athletics apparel and related products primarily targeting athletes and fans in Germany. The website is built on the Shopify platform, leveraging modern e-commerce technologies and integrations such as Judge.me for customer reviews and Facebook Pixel for marketing analytics. The site demonstrates a good level of digital maturity with fast performance, mobile optimization, and clear navigation. Security posture is strong with HTTPS enforced, use of security headers, and form protection via hCaptcha, although explicit security and incident response policies are not publicly available. Privacy compliance is well addressed with comprehensive privacy and cookie policies aligned with GDPR requirements. Overall, the site presents a professional and trustworthy e-commerce presence with room for improvement in transparency of security and contact information.

T

Turn10

turn10.eu

49

Turn10 is a specialized platform dedicated to apparatus gymnastics (Gerätturnen) targeting clubs, schools, trainers, and gymnastics associations primarily in Austria and Germany. The website provides news, training programs, event schedules, results, and an online shop, positioning itself as a niche regional sports information hub. The presence of partner logos from recognized sports organizations enhances its credibility and trustworthiness. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with some use of external libraries such as iframe-resizer. The site is mobile-optimized with good navigation and SEO practices, though no CMS or hosting provider details are evident. Performance is moderate with no major technical issues detected. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism indicating GDPR compliance. However, it lacks explicit security headers and published security or incident response policies. No vulnerabilities or tracking analytics were detected, suggesting a low-risk profile but with room for improvement in security best practices. Overall, the website is professionally maintained, trustworthy, and compliant with privacy regulations. The absence of WHOIS data due to privacy restrictions limits domain registration insights but does not detract from the site's legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and considering a vulnerability disclosure program to further strengthen trust and security posture.

D

Deutscher Turner-Bund e.V.

frankfurt26.de

45

The website frankfurt26.de serves as the official digital platform for the 2026 Rhythmic Gymnastics World Championships hosted in Frankfurt, Germany. It is operated by Deutscher Turner-Bund e.V., the German Gymnastics Federation, and provides comprehensive event information, ticket sales links, volunteer recruitment, and social media engagement. The site targets sports fans, athletes, volunteers, and ticket buyers, positioning itself as a central hub for this major international sporting event. The business model revolves around event promotion and community engagement rather than direct sales or e-commerce.

D

DTB-Shop

dtb-shop.de

62

DTB-Shop is a professional e-commerce platform serving as the official online store for the Deutscher Turner-Bund, offering gymnastics apparel, accessories, and exercise materials primarily targeting gymnastics enthusiasts in Germany. The website leverages the Shopify platform with a modern Dawn theme, ensuring a fast, mobile-optimized, and accessible user experience. The presence of privacy and cookie policies with consent mechanisms demonstrates compliance with GDPR requirements. Security posture is strong with HTTPS enforced and appropriate security headers, although explicit security policies and incident response contacts are absent. Overall, the site presents a trustworthy and professional digital storefront with strong branding and social media integration.

K

Kneipp-Bund e.V.

kneippvisite.de

38

Kneipp-Visite is the official health guidance platform of the Kneipp-Bund e.V., a well-established German non-profit association representing over 660 Kneipp clubs and 160,000 members. The website serves as a comprehensive health advisor focusing on natural therapies based on the Kneipp principles, including water therapy, nutrition, movement, plants, and lifestyle. It supports affiliated organizations such as Kneipp-Verlag and Sebastian-Kneipp-Akademie, offering educational and publishing services. The target audience includes individuals interested in natural health and wellness, particularly within Germany.

K

Kneipp-Verlag GmbH

kneippverlag.de

45

Kneipp-Verlag GmbH is a specialized publishing company focused on health and natural healing methods, particularly those related to the Kneipp tradition. Established in 1975 as part of the Kneipp-Bund, it publishes the Kneipp-Journal, various Fachbücher, and operates an online shop offering health products. The company targets Kneipp association members and health-conscious individuals, positioning itself as a niche publisher and retailer within Germany. The website is professionally designed, content-rich, and consistent with the company's branding and mission. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies with good mobile optimization and SEO practices. The site is served over HTTPS with a cookie consent mechanism in place, indicating a good level of digital maturity. However, some security headers are missing, and no explicit security or incident response policies are published, which could be improved. From a security perspective, the site shows no signs of vulnerabilities or malicious content. Privacy compliance is strong with clear privacy and cookie policies aligned with GDPR. Contact information is complete and transparent, enhancing trustworthiness. Overall, the site presents a low-risk profile with room for security policy enhancements. Strategically, the company should focus on implementing security headers, publishing a security policy, and possibly a vulnerability disclosure program to further strengthen its security posture and trust with users.

B

BVA BikeMedia GmbH

fahrrad-buecher-karten.de

67

BVA BikeMedia GmbH operates www.fahrrad-buecher-karten.de as a specialized e-commerce platform focused on cycling maps, books, and related media products. The company holds a strong market position in Germany as a leading provider of cycling literature and maps, targeting cycling enthusiasts and travelers. The website offers a well-structured catalog of products, including digital downloads and magazines, supported by clear navigation and professional design. Technically, the site uses modern web technologies including JavaScript, CSS3, and integrates Google Analytics with privacy-conscious configurations such as IP anonymization. The hosting is managed via INWX nameservers, and the site enforces HTTPS, ensuring secure data transmission. Privacy compliance is robust with a detailed cookie consent mechanism and accessible privacy policy. However, explicit security headers are not evident in the HTML content, suggesting room for improvement in security hardening. Contact information is comprehensive, including email, phone, physical address, and contact forms, enhancing business credibility. Overall, the site demonstrates a mature digital presence with good privacy and security practices, suitable for its retail and media business model.

T

Talleux & Zöllner GbR

talleux-zoellner.de

47

Talleux & Zöllner GbR is a small German internet agency specializing in the conception and programming of websites and web applications, primarily using TYPO3 CMS. They serve medium-sized companies, organizations, and agencies, offering services from project conception to ongoing maintenance and support. Their market position is that of a niche provider with certified TYPO3 developers and a focus on tailored web solutions. Technically, the website is built on TYPO3 CMS with PHP, Python, and JavaScript technologies, featuring a moderate performance and good mobile optimization. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers and incident response policies are lacking. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is professional, trustworthy, and business-focused.

B

BTFB Sport Events GmbH

btfb-services.berlin

50

BTFB Sport Events GmbH operates a niche sports event and service platform primarily serving the Berlin region. The company focuses on marketing and distributing BTFB activities, managing events such as FEUERWERK DER TURNKUNST and NIGHT OF SPORTS, and supporting brand development within DTB brands. Their business model includes ticket sales, rental services, and a specialized shop for sports and club merchandise. The website is built on the SIQUANDO Shop 12 CMS and uses standard web technologies like jQuery and JavaScript. While the site is accessible and provides a good user experience with clear navigation and relevant content, it lacks advanced technical SEO and accessibility features. Security posture is basic with HTTPS enabled but missing DNSSEC and security headers, which should be addressed to improve resilience. Privacy compliance is partially met with cookie consent but lacks detailed GDPR indicators and contact information. Overall, the site is functional and trustworthy but would benefit from enhanced security and compliance measures.

The Bildungsportal des Hamburger Sportbundes is a specialized educational platform focused on providing sports-related training and seminars primarily for the Hamburg region. It serves as a centralized portal for various sports federations and organizations to offer their educational programs, targeting volunteers, professionals, and sports enthusiasts. The platform is positioned as a trusted non-profit educational resource with a clear focus on accessibility and user-friendly navigation. Technically, the website employs standard modern web technologies including Bootstrap and jQuery, with a responsive design and good accessibility features. Hosting is provided by Host Europe Group, consistent with the domain registration data. Security posture is adequate with HTTPS enforced and cookie consent implemented, though improvements such as enabling DNSSEC and adding security headers are recommended. No critical vulnerabilities or suspicious elements were detected. Overall, the site demonstrates a solid balance of content quality, technical implementation, and privacy compliance, making it a reliable resource for its target audience.

The website moku.de currently serves as a placeholder page indicating that a new homepage is under construction. It lacks any substantive business description, contact information, or user engagement features. The site is hosted on t-online.de name servers and uses basic JavaScript tracking scripts from Xiti Analytics and RefinedAds, but does not implement HTTPS or security headers, which significantly weakens its security posture. There are no privacy or cookie policies, nor any GDPR compliance indicators, which raises concerns about privacy and regulatory adherence. Overall, the site appears to be in an early or dormant state with minimal digital maturity and poor content quality.

K

Kunstmuseum Basel

kunstmuseumbasel.ch

61

Kunstmuseum Basel is a prestigious and historic public art museum located in Basel, Switzerland, recognized as the oldest public art collection in the world. The museum offers a rich collection of paintings, sculptures, installations, videos, drawings, and prints spanning seven centuries. It serves a diverse audience including art enthusiasts, families, researchers, and educational groups through exhibitions, workshops, guided tours, and research initiatives. The museum operates as a non-profit cultural institution with a strong market position in the art and cultural sector. Technically, the website employs a modern JavaScript stack including Google Tag Manager, Google Analytics, Facebook Pixel, and Visual Website Optimizer for analytics and marketing purposes. The site is well-structured, mobile-optimized, and uses HTTPS with good SSL configuration. However, it lacks a visible cookie consent mechanism and explicit security policies, which are areas for improvement in privacy compliance and security transparency. From a security perspective, the website demonstrates good practices such as HTTPS enforcement and no visible sensitive data exposure. The WHOIS data confirms the legitimacy and consistency of the domain registration with the museum's identity. No WAF or blocking mechanisms were detected, allowing full content accessibility. Overall, Kunstmuseum Basel's website is professional, trustworthy, and content-rich, but could enhance privacy compliance by implementing cookie consent and publishing security policies. Strategic improvements in these areas would strengthen user trust and regulatory adherence.

i-Run is a well-established French e-commerce retailer specializing in sports shoes, apparel, and equipment for running, trail, hiking, and fitness. The website targets French-speaking sports enthusiasts and offers a wide range of products from major brands with fast delivery options. The digital infrastructure incorporates modern web technologies, including JavaScript frameworks, consent management via Didomi, and analytics tools such as Realytics and Ab Tasty, indicating a mature digital presence. Security posture is strong with HTTPS enforced and multiple security headers present, though the absence of a public security policy and incident response contacts suggests room for improvement in transparency. Privacy compliance is robust with clear cookie consent mechanisms and a comprehensive privacy policy in French. Overall, the website presents a professional, trustworthy, and user-friendly experience with no signs of malicious activity or content blocking.

D

Direct Running

direct-running.fr

54

Direct Running is a French-based e-commerce retailer specializing in running shoes, sportswear, and related equipment. The company offers a wide range of products from major brands such as Adidas, Saucony, Puma, and Mizuno, targeting runners and sports enthusiasts primarily in France and Europe. The website demonstrates a mature digital presence with a professional design, clear navigation, and mobile optimization. It integrates multiple marketing and analytics tools including Google Analytics, Facebook Pixel, TikTok Pixel, and Criteo, supported by a consent management platform to ensure GDPR compliance. Security posture is strong with HTTPS enforced and modern security headers implemented, although no dedicated security policy or incident response page was found. Overall, the site is trustworthy and well-positioned in the retail e-commerce market.

H

Hochschule für Technik und Wirtschaft des Saarlandes

wissenwasverbindet.de

67

The Hochschule für Technik und Wirtschaft des Saarlandes (htw saar) is a well-established higher education institution in Germany, specializing in dual study programs that combine academic learning with practical work experience. The website effectively communicates its educational offerings, cooperation with industry partners, and benefits for students. It targets prospective students and companies interested in dual education partnerships. The institution holds multiple certifications and maintains an active social media presence, reinforcing its credibility and market position. Technically, the website is built on TYPO3 CMS and employs Matomo for analytics, reflecting a modern and privacy-conscious infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. However, there is room for improvement in security headers and cookie consent mechanisms to enhance privacy compliance. From a security perspective, the site uses HTTPS with a strong SSL configuration and shows no signs of exposed sensitive data or vulnerable libraries. The absence of explicit security policies and incident response information suggests an opportunity to strengthen transparency and preparedness. Overall, the website demonstrates a solid security posture but could benefit from additional security best practices and compliance features. The overall risk assessment is low, with no critical vulnerabilities detected. Strategic recommendations include implementing security headers, adding cookie consent for GDPR compliance, publishing security policies, and establishing a vulnerability disclosure process to further enhance trust and security culture.

G

Guidle AG

kallaender.ch

50

The website www.kallaender.ch is a local event listing platform focused on the municipality of Allschwil, Switzerland. Operated by Guidle AG, it provides users with information about upcoming events and allows event organizers to submit their events via a dedicated page. The site targets residents and visitors interested in community activities, positioning itself as a localized event management and information service. The business model revolves around providing a centralized platform for event discovery and submission within the Allschwil community. Technically, the website employs modern web technologies including JavaScript modules, SVG graphics, and the Vite build system. It uses HTTPS to secure communications and loads external scripts from trusted domains such as guidle.com and ajax.googleapis.com. The site is mobile-optimized with responsive design elements and good navigation clarity. However, it lacks some advanced accessibility features and security headers that could enhance its security posture. From a security perspective, the site benefits from HTTPS encryption and does not expose sensitive data in its HTML content. There are no detected vulnerabilities or malicious scripts. However, the absence of security headers like Content-Security-Policy and Strict-Transport-Security, as well as the lack of a cookie consent mechanism, represent areas for improvement. No explicit privacy or security policies are published beyond an impressum page, and no incident response or vulnerability disclosure information is provided. Overall, the website is functional, trustworthy, and serves its community purpose well but would benefit from enhanced privacy compliance and security hardening. Strategic recommendations include implementing cookie consent, publishing detailed privacy and security policies, adding security headers, and considering a vulnerability disclosure program to improve trust and compliance.

M

Museum Allschwil – Haus für Kultur und Geschichte

museumallschwil.ch

61

Museum Allschwil is a local cultural and historical institution based in Allschwil, Switzerland, dedicated to preserving and showcasing regional culture and history. The website serves as an informational portal for visitors, providing details about the museum and its offerings. The business model is typical for a small museum, focusing on exhibitions and cultural education for the general public. The website is built on the Wix platform, leveraging Wix's Thunderbolt framework and standard web technologies such as HTML5, CSS, and JavaScript. It includes multilingual support and basic SEO metadata but lacks comprehensive privacy and terms of service documentation. Security measures include HTTPS enforcement and cookie consent mechanisms, with some security hardening scripts in place. However, there is no visible incident response or vulnerability disclosure information, which could be improved to enhance trust and compliance. Overall, the website is professionally designed and functional, suitable for its purpose but with room for improvement in privacy and security transparency.

I

Intersnack Deutschland SE

intersnack.de

61

Intersnack Deutschland SE is a large German-based manufacturer and retailer of popular salty snacks, emphasizing sustainability and responsible production. The company operates a professional, well-structured website powered by TYPO3 CMS, targeting general consumers and potential employees. The site offers comprehensive information about their brands, sustainability initiatives, and career opportunities, with a clear corporate identity and consistent branding. Technically, the website uses modern web technologies and includes analytics via eTracker, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and secure form handling, though some advanced security headers and policies are not explicitly published. Privacy compliance is well addressed with clear privacy and cookie policies. WHOIS data aligns with the corporate identity, showing a legitimate and consistent domain registration. Overall, the website reflects a mature digital presence suitable for a large enterprise in the retail food sector.

I

Immigrantarch

immigrantarchitects.org

46

The Immigrant Architects Coalition (IAC) operates as a nonprofit organization dedicated to supporting immigrant architects in the United States. Their services include mentoring, public speaking, authorship, and contributions aimed at helping immigrant architects build prosperous careers. The website is built on the Wix platform, leveraging standard Wix technologies and polyfills, indicating a moderate level of technical maturity. The site design is professional and mobile-optimized, though accessibility and SEO optimizations are basic. Security posture is moderate with no explicit security headers detected and no visible SSL configuration details. Privacy and cookie policies are absent, which is a compliance gap. The WHOIS data is privacy protected, common for nonprofits, but limits transparency. Overall, the site is functional and serves its niche audience effectively but would benefit from enhanced security and compliance measures.

G

Grimshaw Foundation

grimshaw.foundation

50

The Grimshaw Foundation is a charitable trust established in 2020 by Grimshaw Architects, dedicated to promoting creativity and supporting young people aged 11-15 in exploring creative careers, particularly in architecture and the built environment. The foundation provides educational resources, stories, and opportunities to empower youth and address social and economic equity. The website reflects a focused non-profit mission with a clear target audience and consistent branding. Technically, the site uses modern web technologies including HTML5, CSS3, JavaScript, and integrates third-party services such as Mailchimp for newsletter subscriptions and Vimeo for video content. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS with a valid SSL certificate and has domain registration protections such as clientTransferProhibited status, but lacks DNSSEC and security headers, which are recommended for enhanced security. Privacy compliance is limited as no privacy or cookie policies are present, representing a compliance gap. Overall, the site is professional and trustworthy but could improve in privacy and security policy transparency.

K

kv.digital GmbH

kv.digital

58

kv.digital GmbH is a medium-sized digital healthcare company based in Germany, fully owned by the Kassenärztliche Bundesvereinigung (KBV). It specializes in providing secure medical communication solutions, including KIM services and the 116117 appointment service software, serving healthcare providers and software manufacturers. The company acts as a central innovation platform and competence center for digitalization in ambulatory healthcare. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and includes a GDPR-compliant cookie consent mechanism. The presence of ISO 27001 certification demonstrates a strong commitment to information security. Security posture is robust with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Overall, the website is professional, trustworthy, and well-structured, supporting the company's credibility in the healthcare technology sector.

P

Paul Mellon Centre for Studies in British Art and Yale Center for British Art

britishartstudies.ac.uk

59

British Art Studies is a specialized academic digital publication focusing on peer-reviewed scholarship in British art, with a current thematic issue on Queer Art in Britain since the 1980s. The website is affiliated with reputable institutions such as the Paul Mellon Centre for Studies in British Art and the Yale Center for British Art, positioning it as a trusted source in its niche academic field. The content is rich, well-structured, and targeted towards academics, researchers, and students interested in British and queer art history. Technically, the site uses a modern JavaScript framework (Quire) and is hosted on Netlify, with Google Tag Manager implemented for analytics. The site demonstrates good mobile optimization and accessibility, though SEO could be improved. Security posture is moderate with HTTPS implied but lacks explicit security headers and formal privacy or cookie policies. No forms or contact information for incident response are present, which limits user engagement and security transparency. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

CosmoCaixa Barcelona is a science museum operated by Fundación “la Caixa”, a well-established non-profit foundation in Spain. The website serves as an educational platform offering exhibitions, conferences, and divulgative activities aimed at the general public interested in science. The site is professionally designed, localized in Spanish, and uses a modern CMS platform (Liferay) with integrated analytics and cookie consent mechanisms. The domain is long-standing and registered transparently, reflecting a mature and credible organization. Security posture is good with HTTPS enabled and cookie consent implemented, though some security headers and explicit policies are missing. Overall, the website is trustworthy and serves its educational mission effectively.

E

e-pixler GmbH

patientenberatung-der-zahnaerzte.de

44

The website 'Zahnärztliche Patientenberatung' provides a comprehensive, nationwide, and free dental patient advisory service in Germany. It is operated by the (Landes-)Zahnärztekammern and Kassenzahnärztlichen Vereinigungen, offering expert, independent advice on dental health, treatments, and costs to both statutory and private insured patients. The site is professionally designed and well-structured, targeting patients and their families with clear navigation and relevant content. It also links to authoritative health organizations and provides video resources to enhance user understanding. Technically, the website is built on TYPO3 CMS, hosted on sldomains.de nameservers, and uses modern web technologies including JavaScript and CSS. The site is mobile-optimized and performs moderately well, with good SEO practices and accessibility features. No blocking or WAF mechanisms interfere with content access, ensuring full availability. From a security perspective, the site uses HTTPS with excellent SSL configuration but lacks explicit security headers and incident response contact information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is adequate with a clear privacy policy, though no cookie consent mechanism was found. Contact information is present but limited, and no social media or tracking scripts are used, indicating minimal user tracking. Overall, the website is trustworthy, professional, and serves an important public health function. Strategic improvements include implementing cookie consent, adding security headers, and publishing incident response details to enhance security posture and compliance.

CIRS dent operates as a specialized error reporting and learning platform targeted at dental practices in Germany. The website provides anonymous and sanction-free reporting of undesired events in dental practice workflows, aiming to improve patient safety and professional learning. The project is supported by reputable German dental organizations BZÄK and KZBV and collaborates with medical experts, enhancing its credibility and niche market position. The platform offers services such as report creation, database search, publications, and user feedback mechanisms, positioning itself as a valuable resource in healthcare quality management for dentists. Technically, the website employs a traditional web stack with jQuery and Matomo analytics, hosted on German infrastructure (netcologne.de). The site is mobile-optimized with clear navigation and a cookie consent mechanism, reflecting moderate digital maturity. Security posture is adequate but could be improved by implementing security headers and explicit incident response policies. Privacy compliance is basic but present, with a GDPR-compliant privacy policy and cookie banner. Overall, the website is professional, trustworthy, and aligned with its healthcare mission.

F

fenaco Genossenschaft

fenaco.ch

53

fenaco Genossenschaft is a large Swiss agricultural cooperative with a 150-year history, serving over 40,000 members including active Swiss farmers. The organization operates across multiple sectors including agriculture, food industry, retail, and energy, with well-known subsidiary brands such as UFA, RAMSEIER, Volg, LANDI, and AGROLA. The website reflects a mature digital presence built on Drupal 11, featuring comprehensive content, multimedia, and multilingual support. It demonstrates good technical infrastructure with modern tracking and marketing tools integrated, including Facebook Pixel and Google Tag Manager. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers and incident response contacts are not clearly published. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional and consistent branding and content. Overall, fenaco's website is a trustworthy and well-maintained digital asset supporting its cooperative business model and stakeholder engagement.

S

Statsforvalteren

fylkesmannen.no

66

Statsforvalteren.no is the official website of the Norwegian government agency representing the state at the county level. The agency is responsible for implementing decisions, goals, and guidelines from the Norwegian Parliament and government, acting as a vital link between municipalities and central authorities. The website provides access to public services, complaint handling, forms, news, and job postings relevant to the agency's functions. It targets Norwegian citizens, public sector employees, and municipalities, offering content primarily in Norwegian with language options including English and regional languages. Technically, the website employs modern web technologies including Bootstrap for responsive design, JavaScript libraries, and integrates analytics tools such as Azure Application Insights, Hotjar, Maze Analytics, and Siteimprove Analytics. The site is served over HTTPS with good mobile optimization and accessibility features, though explicit security headers are not evident. The site lacks a cookie consent mechanism despite using tracking scripts, which is a privacy compliance gap. From a security perspective, the site demonstrates a solid posture with HTTPS enforcement and no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security headers and a published security or incident response policy are areas for improvement. The WHOIS data is unavailable due to Norid's privacy policies, but the domain's .no TLD and consistent government-related content strongly indicate legitimacy and trustworthiness. Overall, Statsforvalteren.no is a professionally maintained government website with good content quality and technical implementation. Strategic recommendations include enhancing privacy compliance with cookie consent, publishing security policies, and adding security headers to strengthen the security posture and user trust.

A

Altinn

altinn.no

59

Altinn is a well-established Norwegian government digital platform that facilitates communication between citizens, businesses, and public authorities. It offers access to digital forms, message inboxes, and relevant public information, serving as a critical infrastructure for public sector digital services in Norway. The platform targets Norwegian citizens and businesses, providing a trusted and accessible interface for government interactions. Technically, the website employs modern web technologies including JavaScript, jQuery, and Microsoft Application Insights for telemetry and analytics. The site is hosted on Microsoft Azure infrastructure, ensuring reliable performance and scalability. The design is responsive and accessible, with good SEO and navigation clarity, supporting a positive user experience. From a security perspective, the site enforces HTTPS and uses telemetry to monitor performance and errors. However, it lacks explicit security headers and a cookie consent mechanism, which are recommended for enhanced security and privacy compliance. The absence of WHOIS data limits domain registration trust analysis, but the official government branding and consistent content strongly support legitimacy. Overall, Altinn demonstrates a mature digital presence with strong business credibility and technical implementation. Strategic improvements in security headers, privacy consent, and public security policies would further strengthen its security posture and compliance standing.

G

Gatsby

gatsbyjs.com

68

Gatsby is a leading React-based open source framework designed for building performant, scalable, and secure websites and applications. It targets developers and enterprises seeking fast web development with modern technologies such as React and GraphQL. The company is positioned strongly in the web development ecosystem, supported by its parent company Netlify, which provides deployment and hosting services. The website reflects a mature digital presence with excellent design, mobile optimization, and SEO practices. Technically, Gatsby leverages modern JavaScript frameworks and integrates with reputable platforms, ensuring a robust infrastructure. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response details are not publicly documented. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including GDPR considerations. Overall, the website and business demonstrate high professionalism and trustworthiness, though WHOIS data is unavailable likely due to privacy protection, which slightly impacts business credibility scoring.

X

XLENT Sverige

xlent.se

64

XLENT Sverige is a Swedish IT consulting company specializing in digital transformation, AI readiness, cybersecurity, CRM systems, and sustainability reporting. The company positions itself as a trusted partner for organizations undergoing change, offering a broad range of consulting services with local expertise across multiple Swedish offices. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content about their offerings and corporate culture. Technically, the site uses modern web technologies including Google Tag Manager and CookieTractor for cookie consent management, and it employs HTTPS with good SSL configuration. Security best practices are partially implemented, with room for improvement in security headers and incident response transparency. Privacy compliance is strong, with detailed cookie policies and GDPR-aligned consent mechanisms. Overall, the website reflects a credible and established business with a strong digital presence and good user experience.

O

Online Now! GmbH

online-now.de

10

Online Now! GmbH is a specialized digital agency based in Berlin, Germany, focusing on TYPO3 CMS development, responsive web design, and social media integration. The company positions itself as a certified TYPO3 integrator with a strong portfolio of reference projects, offering end-to-end services including consulting, design, programming, hosting, and support. Their target audience primarily consists of businesses and organizations seeking professional web solutions with a focus on usability and mobile optimization. Technically, the website is built on TYPO3 CMS with PHP and JavaScript technologies, incorporating modern libraries such as jQuery and bxSlider for UI components. The site demonstrates good mobile responsiveness, accessibility, and SEO practices. Analytics are implemented via Google Analytics and Matomo, with privacy-conscious configurations such as IP anonymization and cookie consent mechanisms. From a security perspective, the site uses HTTPS with a strong SSL configuration and employs cookie consent banners to comply with GDPR. However, explicit HTTP security headers and a published security policy or incident response contacts are absent, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website and domain exhibit a high level of professionalism, trustworthiness, and compliance with privacy regulations. The domain registration is consistent with the business, though registrant details are protected per DENIC policy. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure mechanism to further strengthen trust and security posture.

T

Timber Construction Europe

timber-construction.eu

43

Timber Construction Europe is a well-established European umbrella association representing the carpentry and timber construction trades across multiple countries including Germany, Italy, Luxembourg, Switzerland, and Austria. The organization focuses on networking, education, advocacy, and promoting sustainable timber construction practices. The website is professionally designed using TYPO3 CMS, providing multilingual content primarily in German with English and French options. It offers clear navigation, relevant industry information, and educational resources, targeting professionals and organizations in the timber construction sector. Technically, the website employs a modern CMS platform with JavaScript and CSS for interactivity and styling. It uses HTTPS with a valid SSL configuration ensuring secure communications. The presence of a cookie consent banner and privacy policy indicates GDPR compliance. Analytics are implemented via Piwik, reflecting moderate user tracking with privacy considerations. However, no explicit security headers were detected, and no published security or incident response policies were found. From a security perspective, the site shows good baseline practices such as HTTPS enforcement and cookie consent but could improve by implementing additional security headers and publishing incident response information. The WHOIS data is unavailable due to EURid privacy restrictions, but the website content and contact details support legitimacy. Overall, the site presents a trustworthy and professional digital presence for a non-profit industry association. Strategically, the organization should enhance its security posture by adding security headers, publishing security policies, and maintaining transparency about data protection officers and incident response. These steps will strengthen trust and compliance in the evolving regulatory landscape.

E

Ege Carpets

egecarpets.com

10

Ege Carpets is a Denmark-based company specializing in designing and manufacturing high-quality carpets for commercial use, including wall-to-wall carpets, carpet tiles, planks, and rugs. The company emphasizes sustainability and innovative design, targeting commercial sectors such as hospitality, office, retail, healthcare, and marine industries. Their website showcases rich multimedia content, custom design tools, and a strong sustainability agenda, positioning them as a reputable player in the commercial carpet market. Technically, the website employs modern JavaScript libraries, video integrations, and cookie consent management, reflecting a mature digital infrastructure. Security posture is generally good with HTTPS and cookie consent but lacks some advanced security headers and published security policies. WHOIS data is unavailable, which raises some legitimacy concerns, but the presence of detailed contact information and social media presence supports business credibility. Overall, the website is professional, user-friendly, and trustworthy, with room for improvement in security transparency and domain registration clarity.

A

AXOR

axor-design.com

72

AXOR is a premium luxury brand specializing in avant-garde design for bathrooms and kitchens, collaborating with leading designers to offer high-end mixers, showers, and fixtures. The website targets discerning consumers and design professionals seeking luxury bathroom and kitchen products. The business operates primarily in the retail sector with a B2C and partner network model, positioning itself strongly in the luxury market segment. The website content is professionally presented, multilingual, and consistent with the brand's premium image. Technically, the website leverages a modern technology stack including SAP Hybris as the CMS, advanced analytics platforms such as Google Analytics, Piwik PRO, New Relic, and Visual Website Optimizer, and integrates a comprehensive GDPR-compliant consent management system. The site is well-optimized for performance and mobile devices, with good SEO and accessibility basics in place. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not visible in the HTML, the use of CSRF tokens and asynchronous loading of scripts indicates adherence to security best practices. No vulnerabilities or suspicious content were detected. However, the absence of visible privacy policy, terms of service, and contact information pages in the provided content suggests areas for improvement. Overall, AXOR's website demonstrates a mature digital presence with strong business credibility and compliance posture. Strategic recommendations include publishing explicit privacy and terms pages, enhancing security headers, and providing clear contact and incident response information to further strengthen trust and compliance.

S

sigdal

sigdal.com

73

Sigdal is a well-established Norwegian company specializing in high-quality kitchen, bathroom, and wardrobe solutions. With over 70 years of history, it operates primarily in the retail sector, offering both products and design services. The website reflects a mature digital presence with comprehensive content, professional design, and multiple customer engagement channels including free design meetings and installation services. The company maintains consistent branding and leverages modern web technologies to deliver a responsive and user-friendly experience. Technically, the site uses a modern JavaScript framework (Vue.js), integrates telemetry and analytics via Microsoft Application Insights and Google Tag Manager, and employs cookie consent management to comply with privacy regulations. Security posture is generally strong with HTTPS enforced and no visible vulnerabilities, though the absence of explicit security policies and incident response contacts is noted. The WHOIS data for the domain is missing or unavailable, which is unusual for a commercial entity and slightly impacts trustworthiness. Overall, Sigdal presents a professional and trustworthy online presence with room for improvement in transparency of security policies.

I

Gardiner | Ia Torgersen design

ia-torgersen.no

53

The website www.ia-torgersen.no appears to be a small-scale business site built on the Wix platform. The content is minimal and lacks detailed business descriptions, contact information, or policy disclosures. The technical infrastructure relies on Wix's standard scripts and hosting, indicating a basic digital maturity level. Security posture is weak due to the absence of security headers, privacy policies, and WHOIS transparency. No forms or data collection mechanisms were detected, reducing immediate data protection concerns but also limiting user engagement. Overall, the site presents a low trust profile with significant gaps in compliance and security best practices.

N

Norfax AS

norfax.no

53

Norfax AS is a well-established Norwegian manufacturer specializing in the production and delivery of outdoor shelters (leskur) and furniture for both public and private sectors. With a founding date of 1946 and product delivery since 1984, Norfax positions itself as a quality-focused provider offering customized solutions tailored to client projects. The company maintains a strong digital presence with comprehensive contact information, social media engagement, and clear privacy and cookie policies, reflecting a mature business approach. Technically, the website employs modern JavaScript frameworks, analytics tools, and security best practices, ensuring a reliable and user-friendly experience. Security posture is robust with HTTPS enforcement and security headers, though there is room for improvement in publishing explicit security policies and incident response contacts. Overall, Norfax demonstrates a high level of professionalism, trustworthiness, and compliance, making it a credible and secure business entity online.

Duravit.no is the Norwegian localized website of Duravit, a well-established international brand specializing in bathroom furniture and porcelain products. The company has a long history dating back to 1817 and collaborates with renowned designers to offer high-quality, stylish, and functional bathroom solutions. The website provides rich content including product categories, design inspiration, and tools for customers to plan their bathrooms. Technically, the site uses modern JavaScript libraries, consent management tools, and performance monitoring, hosted likely on a CDN with good SSL configuration. Security posture is solid but could be improved with additional headers and explicit security policies. Privacy compliance is partially addressed with a cookie consent mechanism but lacks a clearly accessible privacy policy page in the provided content. No WHOIS data is publicly available due to Norwegian domain registry privacy policies, but the domain appears legitimate and consistent with the brand. Overall, the website is professional, trustworthy, and well-positioned in the retail bathroom products sector.

E

Essem Design

essem.se

61

Essem Design is a Swedish company specializing in the retail of hall furniture and interior accessories, focusing on design, sustainability, and functionality. Their website showcases a well-structured e-commerce platform with rich product offerings, design stories, and inspiration targeted at consumers interested in hall furnishings. The company maintains a consistent brand presence across multiple social media platforms and provides comprehensive privacy and cookie policies compliant with GDPR regulations. Technically, the website is built on the Umbraco CMS, uses modern JavaScript libraries such as Swiper.js, and integrates third-party services like Vimeo and Cookiebot for enhanced user experience and compliance. Security-wise, the site enforces HTTPS, employs strong security headers, and uses cookie consent mechanisms, although explicit security policies and incident response contacts are not published. The WHOIS data query for the subdomain 'www.essem.se' returned no results, which is expected as WHOIS data is typically registered for the root domain 'essem.se'. Overall, the website demonstrates a mature digital presence with good security posture and privacy compliance, suitable for its business model and audience.

P

Pemerintah Sako

dlhsako.com

56

The website dlhsako.com represents the official online presence of the Dinas Lingkungan Hidup Sako, a government environmental agency in Indonesia. It provides information about environmental management services, including waste management, pollution control, and public complaint handling. The site targets the general public and local community, aiming to inform and facilitate environmental governance. The domain is newly registered in 2024, consistent with a new government initiative. Technically, the website uses modern web technologies such as Laravel Livewire, Swiper.js, and FontAwesome, with a responsive design optimized for mobile devices. The site is hosted with Cloudflare DNS but lacks DNSSEC and some security headers, indicating room for security improvements. No analytics or tracking scripts were detected, suggesting minimal user tracking. From a security perspective, HTTPS is properly implemented, and domain transfer protections are in place. However, the absence of privacy and cookie policies, security headers, and vulnerability disclosure mechanisms represent compliance and security gaps. The site does not appear to be blocked by any WAF or security challenge, allowing full content access. Overall, the website is professional and trustworthy as a government entity but would benefit from enhanced privacy compliance and security hardening to improve user trust and regulatory adherence.

D

Dinas Lingkungan Hidup Kertapati

dlhkertapati.com

57

Dinas Lingkungan Hidup Kertapati operates as a local government environmental agency in Kertapati, Palembang, Indonesia, providing essential environmental management services such as waste management, pollution control, and public complaint handling. The website serves as an official portal offering information about their services, news updates, and contact details. The target audience primarily includes local residents and stakeholders interested in environmental issues and public services. Technically, the website is built using modern web technologies including Laravel Livewire, Swiper.js for interactive elements, and FontAwesome for icons. The site is hosted with NameCheap as registrar and uses Cloudflare DNS services. The website demonstrates moderate performance and good mobile optimization, though accessibility and SEO could be further enhanced. From a security perspective, the site enforces HTTPS and has domain transfer protection enabled. However, it lacks DNSSEC and additional HTTP security headers, which are recommended for improved security. No privacy or cookie policies are present, indicating compliance gaps with data protection regulations. No vulnerability disclosure or incident response contacts are provided. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security hardening. Strategic improvements in these areas will increase trustworthiness and regulatory adherence.

P

Pemerintahan Dinas Lingkungan Hidup Kemuning

dlhkemuning.com

50

Pemerintahan Dinas Lingkungan Hidup Kemuning is a local government environmental agency in Indonesia focused on environmental management, waste handling, pollution control, and community services. The website serves as an informational and service portal for residents and stakeholders in Kemuning, providing access to news, permits, complaint forms, and environmental programs. Technically, the site uses modern web technologies including Laravel Livewire, Swiper.js, and CountUp.js, delivering a responsive and user-friendly experience. Security posture is adequate with HTTPS and CSRF protection but lacks advanced security headers and incident response information. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is professional and trustworthy but could improve in compliance and security transparency.

T

Togel SDY

dlhpalembang.com

44

The website 'Togel SDY' operates as a niche informational portal providing daily lottery results and historical data for the Togel Sidney (SDY) lottery market, primarily targeting Indonesian lottery players. The business model centers on delivering timely and accessible lottery data to assist bettors in making informed decisions. The site is relatively new, with domain registration in late 2024, and uses Squarespace CMS hosted with Cloudflare DNS services. The technical infrastructure is modern but basic, with moderate performance and mobile optimization. Security posture is adequate with HTTPS and HSTS enabled, but lacks advanced security headers and DNSSEC, and no privacy or cookie policies are published, indicating compliance gaps. The site does not provide contact information or business credentials, which limits trust and credibility. Content is gambling-related, thus age-restricted and considered questionable for general audiences. Overall, the site is functional but requires improvements in privacy compliance, security hardening, and business transparency to enhance trust and regulatory adherence.

D

Dinas Lingkungan Hidup Muara Tebo

dlhmuaratebo.com

50

Dinas Lingkungan Hidup Muara Tebo is a local government environmental agency responsible for managing environmental preservation, waste management, pollution control, and public services related to environmental issues in Muara Tebo, Indonesia. The website serves as an official communication channel providing information about the agency's services, news, and contact details. The site targets residents and stakeholders in the Muara Tebo region, offering services such as permitting, complaint handling, and environmental education. Technically, the website is built using modern web technologies including Laravel Livewire, Swiper.js for sliders, and Font Awesome for icons. It is hosted securely over HTTPS and shows moderate performance with good mobile optimization. However, it lacks some advanced SEO and accessibility features. The site does not use common analytics or advertising tools, indicating a focus on public service rather than commercial interests. From a security perspective, the website enforces HTTPS and avoids exposing sensitive data. However, it lacks important security headers and formal privacy or cookie policies, which are critical for compliance and user trust. No vulnerability disclosure or incident response information is provided, which could be improved to enhance security posture. Overall, the website is a legitimate government resource with good content quality and business credibility. Strategic improvements in privacy compliance, security headers, and accessibility would strengthen its security and user trust. The domain WHOIS data aligns well with the website's claims, supporting its legitimacy.

P

Pemerintah Jambi

dlhjambi.com

54

Dinas Lingkungan Hidup Jambi operates as a government environmental agency providing public services related to environmental management, waste control, pollution monitoring, and public education in the Jambi province of Indonesia. The website serves as an official portal offering news, service information, complaint forms, and contact details to residents and stakeholders. Technically, the site uses modern web technologies including Laravel Livewire, Swiper.js, and FontAwesome, delivering a responsive and user-friendly experience. Security posture is moderate with HTTPS enabled and CSRF tokens in place, but lacks advanced security headers and formal vulnerability disclosure mechanisms. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and professionally maintained but would benefit from enhanced security and compliance features.

D

Dinas Lingkungan Hidup Senapelan

dlhsenapelan.com

49

Dinas Lingkungan Hidup Senapelan operates as a local government environmental agency in Pekanbaru, Indonesia, focusing on environmental preservation, waste management, and public service. The website serves as an information portal providing news, services, and contact details to residents and stakeholders. The technical infrastructure is modern, leveraging Laravel Livewire, Swiper.js, and other contemporary web technologies, hosted with Cloudflare DNS and registered via NameCheap. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and formal privacy or cookie policies, indicating room for compliance improvement. Overall, the website is professional and trustworthy, with clear contact information and relevant content, but would benefit from enhanced security and privacy measures.

D

Dinas Lingkungan Hidup Bina Widya

dlhbinawidya.com

56

Dinas Lingkungan Hidup Bina Widya operates as a local government environmental agency in Bina Widya City, Indonesia, providing services related to environmental management, waste control, pollution monitoring, and public engagement. The website serves as an official portal offering information, news, and access to public services such as permits and complaint reporting. The target audience primarily includes local citizens and stakeholders interested in environmental issues. Technically, the website is built using modern web technologies including Laravel Livewire, Swiper.js for UI components, and FontAwesome for icons. It is hosted with Cloudflare DNS and registered via NameCheap. The site is mobile-optimized with good navigation and content structure, though some SEO and accessibility features are basic. Performance is moderate with no major issues detected. From a security perspective, the site uses HTTPS and has domain transfer protections enabled, but lacks DNSSEC and important security headers. There is no visible privacy or cookie policy, nor incident response or vulnerability disclosure information, which are gaps in compliance and security posture. No WAF or blocking mechanisms are detected, and no suspicious or malicious content is found. Overall, the website is a legitimate government portal with good business credibility and content quality but requires improvements in privacy compliance and security best practices to enhance trust and protection for users.