Security Directory

K

Kassenärztliche Bundesvereinigung (KBV)

116117.de

56

The website www.116117.de is the official patient service platform operated by the Kassenärztliche Bundesvereinigung (KBV) in Germany, providing comprehensive medical on-call services, appointment booking, and healthcare information. It serves as a critical public healthcare resource, offering 24/7 telephone medical advice and digital tools such as symptom assessment and doctor search. The platform is well-positioned as the national gateway for non-emergency medical assistance, targeting patients across Germany. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript with jQuery, hosted on Akamai CDN infrastructure for performance and reliability. The site is mobile-optimized, accessible, and SEO-friendly, with multilingual support and accessibility features such as sign language and easy language options. Privacy and cookie consent mechanisms are robustly implemented, reflecting compliance with GDPR requirements. From a security perspective, the site enforces HTTPS and employs cookie consent banners but lacks explicit security headers and public security policies or incident response disclosures. No vulnerabilities or sensitive data exposures were detected in the content. The WHOIS data and hosting details align with a legitimate, professionally managed government healthcare service domain. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with minor recommendations to enhance security headers and publish security policies. The risk profile is low, making it a reliable and safe resource for healthcare information and services in Germany.

A

Transporteur

ageneau-online.com

58

The website ageneau-online.com appears to be a newly registered domain (April 2024) related to transportation services, as indicated by the page title 'Transporteur' and branding references to 'Bary'. However, the website content is minimal, primarily showing a loading placeholder with no substantive business or contact information. The technical infrastructure is based on the JHipster framework with modern JavaScript modules and uses Google Fonts and Font Awesome for styling. The hosting provider is IONOS SE, consistent with the domain registrar. Security posture is basic with HTTPS enabled but lacking security headers and DNSSEC. No privacy or cookie policies are present, and no contact or incident response information is provided. Overall, the website is in an early stage of deployment or under construction, limiting its business credibility and user trust.

A

ASTR

astr.fr

47

ASTR is a well-established French national groupement d'achats (purchasing group) and service provider for road transport companies, founded in 2000. It offers a broad range of services including fuel, toll badges, tires, spare parts, insurance, training, and more, targeting transport companies and professionals. The website reflects a mature business with a strong market position supported by over 800 shareholder companies and a large fleet and workforce. Technically, the site is built on WordPress with modern web technologies, optimized for SEO, accessibility, and mobile devices. Security posture is good with HTTPS and cookie consent mechanisms, though security headers are not explicitly detected, indicating room for improvement. Overall, the site is professional, trustworthy, and compliant with GDPR, with clear contact information and a transparent partner ecosystem.

C

Collectivité européenne d'Alsace

alsace.eu

68

The Collectivité européenne d'Alsace (CeA) is a regional governmental entity serving the Alsace region in France. The website provides comprehensive information about public services, social aid, cultural events, transport, environment, and education, targeting residents and stakeholders of Alsace. The site is well-branded, consistent, and professionally maintained, reflecting its official government status. Technically, the website uses modern web standards including HTML5, CSS3, and JavaScript, with privacy-conscious analytics via Matomo and a cookie consent mechanism powered by OreJime. The site is mobile-optimized and accessible, with good SEO practices and structured data for enhanced search engine understanding. From a security perspective, the site enforces HTTPS and uses script integrity checks but lacks some recommended security headers such as Content-Security-Policy and X-Frame-Options. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with GDPR-aligned policies and clear cookie consent. Overall, the website presents a low risk profile with high trustworthiness and professionalism. The lack of WHOIS data is due to EURid privacy policies and is typical for .eu domains. Strategic improvements include adding security headers and publishing a security policy or vulnerability disclosure to enhance transparency and security posture.

S

Stadtwerke Rheinfelden (Baden)

stadtwerke-rheinfelden.de

52

Stadtwerke Rheinfelden (Baden) is a regional municipal utility company providing essential water and heat supply services to the Rheinfelden community in Germany. The website clearly communicates their role as a reliable local service provider focused on citizen welfare. Their business model is that of a municipal utility, serving residential and commercial customers with sustainable and efficient energy and water solutions. The site features clear navigation, relevant content, and partner affiliations that reinforce their local market position. Technically, the website is built on the cEasy CMS platform and incorporates modern JavaScript libraries such as jQuery and Slick Carousel for UI elements. It uses Matomo for privacy-conscious analytics and includes accessibility features and mobile optimization. Hosting is managed via domaincontrol.com DNS, typical for small to medium enterprises. Performance is moderate with good SEO and metadata implementation. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR. However, it lacks a publicly available security policy and incident response contacts, which are recommended for enhanced transparency and trust. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is minimal but consistent with the business identity, supporting legitimacy. Overall, the website presents a professional and trustworthy digital presence for a small municipal utility. Strategic improvements include publishing a dedicated security policy, incident response information, and enhancing security headers to strengthen the security posture further.

A

Abfallwirtschaft Landkreis Lörrach

abfallwirtschaft-loerrach-landkreis.de

51

Abfallwirtschaft Landkreis Lörrach is a government-operated waste management service provider serving the Landkreis Lörrach region in Germany. The website offers comprehensive information on waste collection schedules, container ordering, recycling, hazardous waste disposal, and related public services. It targets residents and businesses within the local jurisdiction, providing essential public service functions with a focus on environmental sustainability and regulatory compliance. The site is well-structured with clear navigation and relevant content tailored to its audience.

G

GKV-Spitzenverband

gkv-spitzenverband.de

66

The GKV-Spitzenverband website serves as the official portal for Germany's statutory health and long-term care insurance umbrella organization. It provides comprehensive information on health insurance, care insurance, policy updates, research, and services for insured persons and healthcare providers. The site is well-structured, professionally designed, and offers content in German and English, targeting insured individuals, healthcare professionals, policymakers, and the public. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and Matomo analytics with a strong emphasis on privacy and consent. Security posture is robust with HTTPS enforcement and cookie consent mechanisms, though formal security policies and incident response contacts are not explicitly published. Overall, the site reflects a mature digital presence consistent with a large, government-related healthcare entity.

H

Holz-Tusche GmbH & Co. KG

holztusche.de

58

Holz-Tusche GmbH & Co. KG is a medium-sized, established family business in Germany specializing in high-quality wood-based materials and innovative services for the construction and manufacturing sectors. The company operates a professional e-commerce platform built on Shopware 6, offering a wide range of wood products including panels, doors, and construction timber. Their market position is supported by partnerships with reputable suppliers such as Egger, Finsa, and Resopal. Technically, the website employs modern JavaScript libraries, integrates advanced search via Fact Finder, and uses analytics tools like Google Tag Manager and PostHog, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforced and error monitoring via Sentry, though additional security headers and explicit policies could enhance compliance and trust. Overall, the site is well-structured, mobile-optimized, and trustworthy, targeting B2B customers in the wood materials industry.

C

Carl Götz

carlgoetz.de

63

Carl Götz is a medium-sized German company specializing in the retail and distribution of wood products and related construction materials. The website presents a comprehensive catalog of products including panels, wood construction materials, flooring, doors, and garden-related items, targeting both business and private customers. The company maintains multiple physical locations and offers digital services such as customer login, configurators, and sample services. Technically, the website is built on the Shopware CMS platform, uses modern web technologies including Google reCAPTCHA and Google Tag Manager, and is hosted on a reliable DNS provider. Security posture is good with HTTPS enforced and CSRF protection on forms, though additional security headers and policies could enhance protection. Privacy compliance is basic with a cookie consent mechanism but lacks a visible privacy policy or terms of service. Overall, the website is professional, trustworthy, and well-structured, with room for improvement in privacy and security transparency.

H

Holz Adrian

holz-adrian.de

67

Holz Adrian operates as a wood wholesaler and retailer primarily serving the construction, craft, and industrial sectors in Germany. The company offers a broad range of wood products including construction timber, parquet, doors, stairs, and garden wood products. Their market position is that of a regional supplier with a focus on B2B customers. The website is built on WordPress with WooCommerce, indicating a mature e-commerce infrastructure. Plugins for search, anti-spam, and cookie consent are implemented, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and anti-spam measures in place, but lacks advanced security headers and explicit privacy or terms policies, which are areas for improvement. Overall, the website is professional and trustworthy, but could enhance compliance and security transparency.

D

DigiShop GmbH

kloepfer.de

60

Klöpfer Holzhandel operates a professional B2B e-commerce platform specializing in wood and wood-related construction materials, targeting professional tradespeople and commercial customers primarily in Germany. The website offers a comprehensive product catalog, planning tools, and customer account management features, positioning itself as a leading provider in the German wood trade market. Technically, the site uses a modern JavaScript stack with Bootstrap, jQuery, Slick Slider, and a ColdFusion backend, hosted likely on Deutsche Telekom infrastructure. The site is mobile-optimized and provides a good user experience with clear navigation and product categorization. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security headers and published privacy or terms policies. No WAF or blocking mechanisms were detected, and no suspicious or adult content is present. Overall, the site is professional, trustworthy, and well-structured but could improve privacy transparency and security header implementation.

B

Bundesministerium für Bildung und Forschung

bne-portal.de

61

The BNE-Portal is an official German government platform managed by the Bundesministerium für Bildung und Forschung (BMBF) dedicated to promoting education for sustainable development (Bildung für nachhaltige Entwicklung - BNE). It serves as a comprehensive resource hub offering educational materials, news, event calendars, and information on funding opportunities. The portal targets educators, learners, policymakers, and the general public interested in sustainability education. Technically, the site is built on the Government Site Builder CMS, employs modern web standards, and is optimized for accessibility and mobile devices. Security-wise, the site uses HTTPS and provides a cookie consent mechanism with anonymized analytics via Matomo, but lacks explicit security policies or incident response contacts. Overall, the site demonstrates a strong professional and trustworthy presence consistent with a government educational service.

D

Deutscher Gründerpreis für Schüler:innen

dgp-schueler.de

56

The Deutscher Gründerpreis für Schüler:innen is a German educational initiative focused on promoting entrepreneurship education among students, primarily targeting those in the 9th grade and above, as well as teachers and Sparkasseninstitutes. The initiative organizes competitions, provides educational materials, and fosters practical learning experiences to sensitize young people to economic topics and entrepreneurial self-employment. The website is professionally designed, well-structured, and consistent with the brand's mission, supported by recognized partners such as Sparkasse, ZDF, Porsche, and others. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with embedded YouTube videos and Google Tag Manager for analytics. The site appears to be built on TYPO3 CMS, indicated by URL patterns and asset naming conventions. Performance and mobile optimization are good, with accessibility features implemented. Privacy compliance is strong, featuring a cookie consent banner and a comprehensive privacy policy aligned with GDPR requirements. From a security perspective, the site uses HTTPS with good SSL configuration and anonymizes IP addresses in analytics. However, no explicit security headers were detected in the HTML content, and there is no visible incident response or vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were found. The domain WHOIS data is consistent with the website's purpose, supporting legitimacy. Overall, the website presents a low-risk profile with a solid security posture and good privacy compliance. Strategic recommendations include enhancing security headers, publishing incident response contacts, and adding a security.txt file to improve vulnerability disclosure transparency.

S

Sportcast GmbH

sportcast.de

50

Sportcast GmbH is a specialized media production company focused on live TV production for the Bundesliga and 2. Bundesliga football leagues. As a subsidiary of the DFL Deutsche Fußball Liga, it holds a leading position in the German sports broadcasting market, producing over 600 games per season. The company leverages modern technology and a skilled workforce to deliver high-quality sports content to millions of fans worldwide. The website reflects a professional and consistent brand image with clear contact information and multilingual support. Technically, the site is built on TYPO3 CMS, hosted likely on AWS infrastructure, and demonstrates good performance and mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though some security headers and policies could be improved. Privacy compliance is adequate with accessible privacy and cookie policies, though no explicit consent mechanism was detected. Overall, the site is trustworthy and well-maintained, supporting the company's business credibility and market presence.

DFL Digital Sports GmbH is a subsidiary of Deutsche Fußball Liga GmbH, focused on digital content creation and media production for the Bundesliga, Germany's premier football league. The company operates from Cologne with a medium-sized team and freelancers, delivering innovative digital experiences to football fans and partners. The LinkedIn profile reflects a professional and active organization with strong branding and consistent content updates. Technically, the company leverages the LinkedIn platform for its online presence, utilizing modern web technologies and video streaming capabilities. The website is well-optimized for performance, mobile, and accessibility, with good SEO practices. Security posture is strong, with HTTPS enforced and standard security headers implied. No vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are managed by LinkedIn, ensuring GDPR compliance and user consent mechanisms. Overall, the risk profile is low given the use of a reputable platform and professional content. Recommendations include maintaining security best practices and monitoring third-party scripts. The domain linkedin.com is a trusted platform, though WHOIS data for linkedin.com is not publicly available here, the legitimacy of the company page is unquestioned.

H

hantha. Die Webexperten

hantha.com

50

Hantha. Die Webexperten is a small technology-focused web agency based in South Tyrol, Italy, specializing in web design, programming, SEO, e-commerce, and web applications. The company targets businesses primarily in German-speaking regions, offering professional digital solutions with a strong emphasis on design and innovation. Their market position is supported by a portfolio of notable clients including world market leaders and regional enterprises. Technically, the website is built on TYPO3 CMS with modern JavaScript and CSS technologies, delivering fast performance and excellent mobile optimization. The site includes cookie consent mechanisms and uses analytics tools such as Microsoft Clarity and Google Tag Manager, reflecting a moderate user tracking level with good privacy compliance. Security posture is generally good with HTTPS enforced and no exposed sensitive data, but lacks published security policies, incident response contacts, and security headers, which are areas for improvement. The absence of WHOIS data for the domain is a significant anomaly that lowers the trust score, although the professional website and consistent business information mitigate some concerns. Overall, the website is professional, trustworthy, and well-optimized, but would benefit from enhanced transparency in security and domain registration details.

The website hostay.fr is currently inaccessible due to a Cloudflare Turnstile CAPTCHA security challenge, which blocks direct access to any business content or information. The domain is registered with Scaleway and uses Cloudflare nameservers, indicating a hosting and security setup consistent with a French-based small business or service. Due to the lack of visible content, no privacy, cookie, or terms of service policies are available, nor is there any contact or security policy information. The technical infrastructure includes modern security measures such as Cloudflare's WAF and CAPTCHA, but the absence of accessible content limits the ability to assess the website's full digital maturity or business model. The security posture is moderate based on the presence of Cloudflare protections, but the lack of visible security headers or policies reduces confidence. Overall, the site is low in trustworthiness and content quality due to the blocking mechanism.

B

Transporteur

baryshop.com

60

The website baryshop.com presents minimal accessible content, primarily a loading placeholder with no substantive business or contact information. The site title 'Transporteur' suggests a focus on transportation services, but no detailed description or services are provided. The domain is registered since 2020 with Squarespace Domains and uses Google Cloud DNS, indicating a small business or startup digital presence. The technical infrastructure includes the JHipster framework and standard web fonts, but lacks advanced SEO, accessibility, or performance optimizations. Security posture is weak with no detected security headers, no DNSSEC, and no privacy or cookie policies, which raises compliance concerns especially under GDPR. No contact or incident response information is available, limiting trust and business credibility. Overall, the site appears to be in early development or poorly maintained, with significant gaps in content, security, and compliance.

D

Dinas Lingkungan Hidup Kota Semarang

dlhkotasemarang.id

42

Dinas Lingkungan Hidup Kota Semarang is a government environmental agency responsible for managing environmental affairs in Semarang city, Indonesia. The website serves as an official portal providing information about the agency's structure, mission, and public services such as business permits, environmental impact assessments, and public reporting. The site targets the general public and stakeholders interested in environmental governance. Technically, the website uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts, with Cloudflare DNS services. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and important security headers. Privacy and cookie policies are absent, which impacts compliance. The domain WHOIS data shows an anomalous future creation date, which may be a data error but slightly reduces trust. Overall, the website is a credible government resource with room for improvement in security and privacy compliance.

D

Dinas Lingkungan Hidup Kota Depok

dlhdepok.id

43

Dinas Lingkungan Hidup Kota Depok is the official government agency responsible for environmental management in Depok city, Indonesia. The website serves as a public information portal providing services such as environmental permits, waste management, and public complaint reporting. The agency operates under local government regulations and targets local citizens and stakeholders interested in environmental governance. Technically, the website is built with standard web technologies, uses HTTPS, and is hosted behind Cloudflare DNS, indicating a moderate level of digital maturity. However, the absence of privacy and cookie policies, lack of security headers, and no incident response information highlight areas for improvement in security and compliance. The domain WHOIS data shows a future creation date, which is inconsistent with the agency's founding year, suggesting a data anomaly but not necessarily a legitimacy issue. Overall, the website is professional, trustworthy, and safe for general audiences.

D

Dinas Lingkungan Hidup Kota Bekasi

dlhbekasi.id

50

Dinas Lingkungan Hidup Kota Bekasi is a government environmental agency responsible for managing environmental affairs in Bekasi city, Indonesia. The website serves as an official portal providing information about the agency, its organizational structure, and public services such as business permits, environmental impact assessments, and complaint reporting. The site targets the general public and local businesses requiring environmental services. Technically, the website uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts, with Cloudflare DNS hosting. It is mobile responsive and employs lazy loading for images, contributing to moderate performance and good user experience. However, the site lacks advanced SEO and accessibility features and does not use a known CMS.

D

Dinas Lingkungan Hidup Kota Bandung

dlhbandung.id

51

Dinas Lingkungan Hidup Kota Bandung is the official government environmental agency for Bandung city, Indonesia, responsible for managing environmental affairs including waste management, forestry, and public works related to environmental issues. The website serves as an information portal offering services such as business permit information, registration for technical permits, environmental impact assessment network access, and public reporting. The site targets the general public and government stakeholders, positioning itself as a leading local government agency in environmental management. Technically, the website uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts, hosted with Cloudflare DNS services. It is mobile responsive with good navigation and basic SEO optimization. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy and cookie policies are absent, indicating compliance gaps. Overall, the site is professional and trustworthy but could improve in privacy and security practices.

D

Dinas Lingkungan Hidup Kota Jakarta

dlhkotajakarta.id

51

Dinas Lingkungan Hidup Kota Jakarta operates as the official government environmental agency for Jakarta city, focusing on environmental governance, waste management, and public environmental services. The website serves as an information portal for citizens and stakeholders, providing contact details and links to related government services. Technically, the site uses standard web technologies with Cloudflare DNS but lacks advanced CMS or frameworks. Security posture is moderate with HTTPS enabled but missing DNSSEC and security headers. Privacy and cookie policies are absent, indicating compliance gaps. The domain WHOIS data shows inconsistencies, including a future creation date and a private registrar, which may warrant further verification. Overall, the site is functional, safe, and professional but could improve in security and compliance.

D

DLH Provinsi Sumatera Selatan

dlhsumateraselatan.id

49

The website dlhsumateraselatan.id serves as the official online portal for the Dinas Lingkungan Hidup (Environmental Agency) of South Sumatra Province, Indonesia. It provides public information including news, announcements, documents, and contact details relevant to environmental management and policies. The site targets residents and stakeholders within the province, functioning as a government information dissemination platform. Technically, the site employs standard web technologies such as Bootstrap, jQuery, and Font Awesome, hosted behind Cloudflare DNS services. The design and content quality are basic but functional, with moderate mobile optimization and navigation clarity. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy and cookie policies are absent, indicating compliance gaps. WHOIS data shows inconsistencies with a future domain creation date and a private registrar, raising legitimacy concerns. Overall, the site is accessible and safe for general audiences but requires improvements in security and privacy compliance to enhance trust and resilience.

H

Haufe-Lexware GmbH & Co. KG

lexfree.de

70

Haufe-Lexware GmbH & Co. KG operates the website lexware.de, providing comprehensive business software solutions primarily targeting small and medium-sized enterprises, freelancers, and founders in Germany. The company is a market leader with over 360,000 customers and offers a broad range of services including accounting, invoicing, payroll, e-invoicing, and integrated banking solutions. The website is professionally designed, well-structured, and optimized for mobile devices, reflecting a mature digital presence. Technically, the site is built on TYPO3 CMS and leverages modern JavaScript libraries and consent management tools to ensure compliance and user experience. Security posture is strong, with HTTPS enforced, TÜV and ISO certifications, and GDPR compliance clearly demonstrated. No critical vulnerabilities or blocking mechanisms were detected, indicating a secure and trustworthy platform. Overall, the site scores highly on content quality, technical implementation, security, privacy compliance, and business credibility.

H

Haufe-Lexware GmbH & Co. KG

lexrocket.de

66

Haufe-Lexware GmbH & Co. KG is a well-established German software company specializing in business and accounting software solutions for self-employed individuals, freelancers, and small to medium-sized enterprises. Operating since 1993 as part of the Haufe Group, Lexware holds a strong market position in Germany, offering a range of products including accounting, payroll, and business management software, complemented by educational content and tools for entrepreneurs. The website content is professionally curated, targeting entrepreneurs and business owners with relevant knowledge and practical advice on business formation and management. Technically, the website is built on the TYPO3 CMS platform and integrates modern technologies such as Usercentrics for consent management, Econda for analytics, and Kameleoon for marketing optimization. The hosting infrastructure is managed by the Haufe Group, ensuring reliable performance and security. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs consent management to comply with privacy regulations. While explicit security headers are not visible in the provided data, no vulnerabilities or exposed sensitive data were detected. The company maintains comprehensive privacy and cookie policies, indicating a mature approach to data protection and GDPR compliance. However, the absence of a public security policy or incident response information suggests areas for improvement. Overall, Haufe-Lexware's website reflects a mature, trustworthy, and professional digital presence with strong business credibility and compliance posture. Strategic enhancements in security transparency and header implementation could further strengthen its security stance and user trust.

H

Haufe X360

lexbizz.de

62

Haufe X360 is a cloud-based ERP platform tailored for small and medium-sized enterprises (KMU) primarily in German-speaking countries. It offers a comprehensive suite of integrated business functions including finance, inventory, CRM, production, and e-commerce, supported by a strong partner ecosystem and over 60 integration interfaces. The platform leverages modern technology partnerships with Acumatica and Microsoft Azure to deliver scalable, secure, and user-friendly ERP solutions. The website reflects a mature digital presence with professional design, clear navigation, and a focus on data security and compliance. Security posture is strong, with ISO 27001 certification and data hosting in German data centers, though explicit privacy and terms policies are not directly found in the provided content. Overall, Haufe X360 positions itself as a trusted, innovative ERP provider for the mid-market segment.

G

GKV-Bündnis für Gesundheit

gkv-buendnis.de

59

The GKV-Bündnis für Gesundheit website represents a collaborative initiative of statutory health insurance funds in Germany focused on advancing health promotion and prevention across various life settings such as communities, schools, and care facilities. The site provides practical resources and information targeting health professionals and stakeholders involved in these sectors. The business model is non-profit and government-related, emphasizing public health improvement. Technically, the website employs modern web standards with responsive design, accessibility features, and uses Matomo analytics with a consent mechanism, reflecting a privacy-conscious approach. Hosting and DNS infrastructure align with official statutory health insurance IT services, indicating a stable and trustworthy technical foundation. From a security perspective, the site enforces HTTPS, uses cookie consent, and avoids exposing sensitive data. However, it lacks explicit security policy documentation and incident response contacts, which could be improved to enhance transparency and trust. No vulnerabilities or suspicious elements were detected. Overall, the website is professional, trustworthy, and well-aligned with its public health mission. Strategic recommendations include publishing dedicated security and incident response policies, enhancing security headers, and providing clearer contact information to strengthen user trust and compliance.

R

Repair-Café Tösstal

repair-cafe-toesstal.ch

36

Repair-Café Tösstal is a small, community-driven non-profit organization based in Switzerland, focused on providing free repair services for various household and personal items to reduce waste and promote sustainability. Founded in 2018, it operates with a volunteer team and enjoys strong local support from municipalities and schools. The website reflects a well-structured and informative platform that clearly communicates its mission, services, and contact information. Technically, the site uses standard web technologies such as HTML5, CSS3, JavaScript, and jQuery, with moderate performance and good mobile optimization. However, there is a lack of formal privacy and cookie policies, and no visible security headers, which are areas for improvement. The security posture is moderate with no visible vulnerabilities or sensitive data exposure, but the absence of security best practices and compliance documentation lowers the overall security score. Overall, the website is trustworthy and professional, serving its target audience effectively with a clear business model and community focus.

G

Gewerbeausstellung GEWA | 17. – 19. April 2026 | Reithalle Turbenthal

gewa-turbenthal.ch

61

The website www.gewa-turbenthal.ch appears to represent a small Swiss business, likely in the energy or local services sector, based on the domain and partial content context. The site is built on the Wix platform, utilizing Wix Thunderbolt framework and standard Wix hosting infrastructure. The technical infrastructure is modern but basic, with no advanced SEO or accessibility features detected. Security posture is moderate with HTTPS enabled but lacks security headers and formal privacy or cookie policies. No contact or business registration information is clearly presented, limiting trust and compliance assessment. Overall, the site is functional but minimal in content and security maturity.

B

Bundesinstitut für Öffentliche Gesundheit (BIÖG)

j1-info.de

65

The website www.j1-info.de is an official public health information portal managed by the Bundesinstitut für Öffentliche Gesundheit (BIÖG) in Germany. It provides comprehensive information about the J1 health check for adolescents aged 12 to 14, including educational content, appointment scheduling assistance, and a doctor search feature. The site targets youth, their parents, and healthcare professionals, positioning itself as a trusted government resource in the healthcare sector. The content is well-structured, multilingual, and includes accessible media, enhancing user engagement and inclusivity. Technically, the site is built on TYPO3 CMS, employs Matomo for privacy-conscious analytics, and uses modern web technologies including accessible video players and responsive design. The website demonstrates good performance and SEO practices, with strong accessibility features. Hosting details are not explicitly disclosed, but data processing for analytics is localized in Germany, aligning with GDPR requirements. From a security perspective, the site enforces HTTPS, anonymizes IP addresses in analytics, and implements a clear cookie consent mechanism. While some security headers like Content-Security-Policy are not explicitly found, the overall posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy compliance is excellent, with detailed policies and user consent mechanisms in place. Overall, the website presents a low-risk profile with high trustworthiness, serving as a professional and reliable source of health information for its audience. Strategic recommendations include enhancing security headers and publishing explicit security policies to further strengthen trust and compliance.

The analyzed content corresponds to an internal Chrome browser error page (chrome-error://chromewebdata/) which is displayed when a requested website is not accessible or offline. This page includes embedded Chromium offline game scripts and styling but contains no actual business or website content. Consequently, there is no identifiable company, no privacy or cookie policies, no contact information, and no external links or marketing content. The technical infrastructure is limited to Chromium internal scripts and basic HTML/CSS, with no hosting or CMS details available. Security posture is minimal due to the nature of the page being an error display rather than a public website. Overall, this page does not represent a legitimate business website and cannot be evaluated for compliance or security beyond its role as a browser error page.

Unser-stadtplan.de is a German website operated by Städte-Verlag E. v. Wagner & J. Mitterhuber GmbH, providing digital and printed city maps, district maps, and comprehensive business directories. The platform also features job listings, targeting local residents and businesses in Germany. The website content is primarily in German and focuses on delivering detailed geographic and commercial information to its users. The business model revolves around map publishing and local business promotion, positioning itself as a regional leader in city planning and local information services. Technically, the website uses standard web technologies including JavaScript and CSS with custom scripts for UI interactions and animations. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. No CMS or major frameworks are detected. The hosting provider and SSL configuration details are not explicitly available, limiting a full technical assessment. From a security perspective, the site does not explicitly show HTTPS status or security headers in the provided data, indicating potential gaps in security best practices. No privacy or cookie consent banners are present, which is a compliance concern under GDPR. The site includes a privacy policy and contact form but lacks visible incident response or security policies. No vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website is functional and provides valuable local information but would benefit from enhanced security measures, improved privacy compliance, and better technical modernization to strengthen trust and user experience.

W

Weil am Rhein Wirtschaft und Tourismus GmbH

w-wt.de

55

The website for Weil am Rhein Wirtschaft und Tourismus GmbH serves as the official platform for economic development, tourism, and city marketing in the municipality of Weil am Rhein, Germany. It targets local businesses, tourists, and residents, providing information on commercial real estate, events, and tourism services. The site is built on the Weblication® CMS platform and features a well-structured navigation system with multilingual support. Accessibility is a key focus, evidenced by the dedicated accessibility menu offering font size, contrast, dark mode, and reading options. However, the site lacks explicit privacy, cookie, and security policies, which are critical for compliance and user trust.

The website revsci.net currently hosts extremely minimal content, consisting solely of a small JavaScript snippet that loads an external accessibility script. There is no metadata, no business information, no contact details, and no policies present on the site. The domain is newly registered in August 2023 via DropCatch.com, a domain drop-catching registrar, suggesting the site is either in early development or speculative. The lack of content and business information prevents any meaningful assessment of the company's market position or services. From a technical perspective, the site uses basic JavaScript but lacks modern web development best practices such as SEO metadata, accessibility features, or performance optimizations. There is no evidence of HTTPS or security headers, which poses a significant security risk. No analytics or advertising technologies are detected, indicating minimal digital maturity. Security posture is weak due to the absence of HTTPS, security headers, privacy policies, and contact information for incident response. The domain registration is legitimate but does not align with any visible business claims, reducing trustworthiness. No vulnerabilities or malicious indicators are detected, but the site is not production-ready. Overall, the site scores very low on content quality, security, privacy compliance, and business credibility. Strategic recommendations include enabling HTTPS, adding comprehensive privacy and cookie policies, publishing contact and security incident response information, and developing meaningful website content to establish trust and legitimacy.

S

Stadt Rheinfelden (Baden)

rheinfelden.de

49

Stadt Rheinfelden (Baden) operates an official municipal website providing extensive information and services to residents and visitors. The site covers a broad range of topics including citizen services, cultural events, urban planning, and tourism. The website is well-structured, professionally designed, and primarily targets local citizens and tourists. Technically, the site uses the cEasy CMS platform and integrates Matomo analytics for privacy-conscious user tracking. The infrastructure is modern with HTTPS enforced, but lacks some advanced security headers and cookie consent mechanisms. Security posture is moderate with no critical vulnerabilities detected. Overall, the site reflects a mature municipal digital presence with room for improvement in privacy compliance and security best practices.

L

Landkreis Lörrach

loerrach-landkreis.de

49

Landkreis Lörrach operates as a regional government authority in Germany, providing a broad range of public services including transportation, economic development, social and family support, environmental initiatives, and tourism promotion. The website serves residents and visitors with comprehensive information and digital services, reflecting a mature public sector entity with a consistent brand and professional presentation. Technically, the site is built on the cEasy CMS platform, employs modern web technologies, and integrates privacy-conscious analytics via Matomo. The site is well-optimized for mobile and accessibility standards, ensuring a good user experience. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though some security headers could be improved. No critical vulnerabilities or suspicious content were detected. Overall, the website demonstrates a trustworthy and professional digital presence aligned with its governmental role.

C

Collectivité européenne d'Alsace

haut-rhin.fr

68

The Collectivité européenne d'Alsace operates as a regional government entity providing a comprehensive range of public services and information to residents and stakeholders in the Alsace region of France. The website serves as an official portal with detailed information on social services, culture, transport, environment, and citizen engagement. It maintains a strong market position as the authoritative regional government body with a clear focus on transparency and public communication. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with privacy-conscious analytics via Matomo and a cookie consent mechanism powered by OreJime. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure suitable for a government portal. From a security perspective, the site enforces HTTPS and demonstrates good security hygiene with no exposed sensitive data or vulnerable libraries detected. However, it lacks explicit security headers and a published security policy or incident response contact, which are recommended for enhanced security posture. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. The absence of WHOIS data is standard for .eu domains and does not detract from the legitimacy of the site. Strategic recommendations include implementing security headers, publishing a security policy, and adding a vulnerability disclosure channel to further strengthen trust and security.

E

Einwohnergemeinde Allschwil

allschwil.ch

62

The Einwohnergemeinde Allschwil website serves as the official digital presence of the municipal government of Allschwil, Switzerland. It provides comprehensive information on local government services, cultural events, political activities, and community resources. The site targets residents and stakeholders interested in municipal affairs, offering a broad range of services including administrative forms, event calendars, and contact information. The business model is that of a public sector entity focused on community service and governance. Technically, the website is built on the Weblication CMS platform, utilizing standard web technologies such as HTML5, CSS3, JavaScript, and jQuery. It integrates external resources like FontAwesome for icons and ReadSpeaker for accessibility. The site demonstrates good mobile optimization and accessibility features, with a moderate performance profile. SEO practices are adequately implemented with meta tags and structured navigation. From a security perspective, the site enforces HTTPS and uses some security headers, though it lacks advanced headers like Content-Security-Policy. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and a consent mechanism in place. However, no explicit security policy or incident response contact information is provided. Overall, the website is trustworthy and professional, reflecting the legitimacy of a municipal government entity. It maintains a good balance between usability, compliance, and security, with room for improvement in security header implementation and incident response transparency.

K

KaktusApps

kaktusapp.com

10

KaktusApps is a specialized eCommerce development company focused on providing a suite of innovative apps designed to enhance online store performance, increase sales, and improve customer engagement. Their offerings primarily target Shopify merchants but also extend to other eCommerce platforms. The company has established a solid market position with multiple apps available on the Shopify app store, supported by positive customer ratings and testimonials. Technically, the website is built using modern web technologies including Webflow CMS, Cloudflare DNS, and integrates marketing and analytics tools such as Google Tag Manager and Crisp Chat. The site is mobile optimized and demonstrates good performance and SEO practices. Security-wise, the domain is well protected with registrar locks and HTTPS is enforced, though DNSSEC is not enabled. However, the site lacks explicit privacy and cookie policies, and no direct contact information is provided, which are areas for improvement. Overall, the website is professional, trustworthy, and safe for general audiences.

S

Swiss Institute for Art Research (SIK-ISEA)

sikart.ch

10

The Swiss Institute for Art Research (SIK-ISEA) operates a specialized research portal focused on Swiss art and art history. The website serves as an authoritative platform offering access to the SIKART Lexicon, catalogues raisonnés, and collections/projects, targeting researchers, academics, and art enthusiasts. The business model is non-profit and research-oriented, positioning the institute as a key resource in the cultural heritage sector in Switzerland. Technically, the site employs modern web technologies including React and Font Awesome, with Matomo analytics for user tracking. The site is mobile-optimized and demonstrates good design and navigation clarity. Security posture is solid with HTTPS enforced and cookie consent implemented, though lacks visible advanced security headers and formal privacy or security policies. Overall, the site is trustworthy and professionally maintained, but could improve transparency by publishing privacy and terms of service documents.

S

Stiftung Stadt.Geschichte.Basel

stadtgeschichtebasel.ch

11

Stadt.Geschichte.Basel is a non-profit foundation focused on providing deep insights into the history of Basel through digital storytelling, research data platforms, and public engagement. The website serves a niche audience including history enthusiasts, students, and researchers by offering access to nine individual volumes and an overview volume of Basel's history, enriched with innovative data stories and a blog covering various historical epochs. The platform emphasizes open access to research data and collaborative dissemination through partnerships and events. Technically, the site is built on modern frameworks like SvelteKit, ensuring fast performance, mobile optimization, and good accessibility. The use of privacy-respecting analytics (Plausible) aligns with the foundation's educational mission. Security posture is solid with HTTPS and no visible vulnerabilities, though the absence of some security headers and incident response contacts suggests room for improvement. Overall, the site is professional, trustworthy, and well-aligned with its cultural and educational objectives.

C

Common Ground

app.cg

58

Common Ground is a web3 community platform aimed at serving users interested in blockchain and decentralized technologies. The website presents a minimal but consistent branding and content focused on the web3 community, with a clear emphasis on technology and community engagement. The platform appears to be in early or growth stages given the limited content and lack of detailed business information. Technically, the site uses modern frontend technologies such as React and Google Fonts, ensuring a responsive and moderately optimized user experience. However, the absence of privacy, cookie, and terms of service policies indicates gaps in compliance and user trust mechanisms. Security posture is adequate with HTTPS enforced, but lacks important security headers and incident response contact information, which are critical for a platform dealing with web3 users. Overall, the site is safe with no adult or questionable content detected, but improvements in privacy compliance and security best practices are recommended to enhance trust and regulatory adherence.

B

B. Metzler seel. Sohn & Co. AG

metzler.com

10

Bankhaus Metzler is Germany's oldest family-owned bank, specializing in capital market services for institutions and discerning private clients. The company operates across four main business areas: Asset Management, Capital Markets, Corporate Finance, and Private Banking. The website reflects a strong market position with a focus on personalized, long-term financial solutions. The bank emphasizes stability, reliability, and a tradition of excellence in its services. Technically, the website is well-structured with modern HTML5, CSS, and JavaScript technologies. It is mobile-optimized and provides a good user experience with clear navigation and comprehensive content. The presence of structured data (JSON-LD) enhances SEO and trustworthiness. However, explicit security headers are missing, and no CMS or hosting provider details are evident from the source. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. No critical vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data for the domain is a notable concern for a financial institution, potentially indicating privacy protection or registry issues. No incident response or vulnerability disclosure information is publicly available, which could be improved to enhance transparency and trust. Overall, the website is professional, trustworthy, and compliant with privacy regulations, but improvements in security headers, incident response transparency, and WHOIS data availability are recommended to strengthen the security posture and business credibility.

C

Chatlio LLC

chatlio.com

72

Chatlio LLC operates a specialized SaaS platform offering live chat services integrated directly with Slack, targeting businesses that use Slack for communication. The company positions itself as a niche provider simplifying customer engagement by eliminating the need for separate chat clients. Founded in 2014, Chatlio maintains a small company profile with a consistent and professional web presence emphasizing ease of integration and customer support. Technically, the website is built using modern technologies including the Hugo static site generator, JavaScript, and Cloudflare for DNS and hosting. The site is performant, mobile-optimized, and uses frameworks such as AOS and Bootstrap for UI enhancements. The integration with Slack APIs is a core technical feature. However, some improvements could be made in accessibility and security headers. From a security perspective, the site enforces HTTPS and uses domain transfer protection, but lacks DNSSEC and visible security headers. There is no published security policy or incident response information, and no cookie consent mechanism was detected despite GDPR compliance indications. No vulnerabilities or exposed sensitive data were found in the HTML content. The domain registration is consistent and transparent, supporting legitimacy. Overall, Chatlio presents a trustworthy and professional online presence with a solid technical foundation and good business credibility. Strategic improvements in privacy compliance and security transparency would enhance trust and regulatory adherence.

T

Team PAPREC ARKÉA

teampaprecarkea.com

39

Team PAPREC ARKÉA is a French offshore sailing team prominently preparing for the Vendée Globe 2024-2025 race, sponsored by Paprec and Arkéa. The website serves as an official platform to share news, media, and team information, targeting sailing enthusiasts and sports fans. The business model revolves around sponsorship and promotion within competitive sailing circuits. Technically, the site employs modern web standards, including responsive design, accessibility features, and structured data, ensuring a good user experience across devices. Security posture is solid with HTTPS and consent management, though improvements in security headers and explicit incident response information are recommended. The absence of WHOIS data introduces some uncertainty regarding domain legitimacy, but the professional presentation and active social media presence support the site's credibility. Overall, the site is well-maintained, compliant with privacy regulations, and effectively supports the team's branding and communication objectives.

H

herzog kommunikation GmbH

herzogkommunikation.de

53

herzog kommunikation GmbH is a small digital agency based in Stuttgart, Germany, specializing in scalable and future-proof web and application development. Their services include customized web tools, mobile apps, digital installations, and concept development, targeting both established companies and startups. The website reflects a professional digital agency with a clear portfolio and contact information, positioning them as a regional player in the technology sector. Technically, the site uses modern web technologies such as HTML5, Bootstrap, PHP, and Docker, ensuring responsive design and moderate performance. Security posture is good with HTTPS enforced and CSRF tokens present, but lacks advanced security headers and formal security policies. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is trustworthy and professionally maintained.

A

Amnesty International

amnesty.de

68

Amnesty International Germany operates a comprehensive website focused on human rights advocacy and activism. The organization is positioned as the largest global human rights movement, targeting a broad audience interested in social justice and human rights. The website provides information about activism opportunities both locally and online, reflecting a non-profit business model centered on membership and campaign engagement. Technically, the site is built on Drupal 10, leveraging modern JavaScript libraries and third-party tools such as Cookiebot for consent management and Visual Website Optimizer for A/B testing and analytics. The infrastructure indicates a mature digital presence with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and cookie consent implemented; however, the absence of explicit security headers and vulnerability disclosure mechanisms suggests room for improvement. Privacy compliance is partially addressed through cookie consent but lacks a visible privacy policy and terms of service. Overall, the website is professional, trustworthy, and safe for general audiences, with a solid foundation for further enhancements in security and compliance.

E

EWE VERTRIEB GmbH

werder-strom.de

62

Werder Strom is a niche energy product offered by EWE Vertrieb GmbH targeting Werder Bremen football fans with 100% renewable electricity and fan engagement incentives such as monetary rewards per goal scored. The website is professionally designed, mobile optimized, and uses modern tracking and consent management technologies. Hosting is on AWS with DNS consistent with the business. Privacy compliance is strong with a comprehensive privacy policy linked to the EWE domain and an active cookie consent mechanism. However, the site lacks explicit security policy and incident response information, which could be improved to enhance trust. Overall, the site is secure, compliant, and credible with a good user experience and clear business focus.

W

Weiss Internet Services

wwweiss.de

45

Weiss Internet Services is represented by a minimalistic German-language website primarily serving as a digital presence. The company appears to operate in the technology sector, likely providing internet-related services, though no detailed business description or service listings are present. The website uses the Weblication® CMS platform, indicating a moderate level of digital maturity but lacks advanced technical or marketing features. Security posture is basic with no HTTPS verification visible in the provided data, no security headers, and no privacy or cookie policies, which indicates room for improvement in compliance and security best practices. Overall, the site is accessible and functional but minimal in content and security features, suggesting a small business or early-stage digital presence.