Security Directory

The website sefeaimpact.it currently serves a robot challenge screen implementing a proof-of-work captcha mechanism to verify visitors. This indicates the presence of a Web Application Firewall (WAF) or security layer blocking direct access to the actual website content. Due to this, no business-related content, contact information, or policies are accessible for analysis. The domain is registered since 2016 with DNSSEC enabled, suggesting a legitimate registration, but the lack of accessible content limits further trust evaluation. Technically, the site uses custom JavaScript with Web Workers and cryptographic hashing to implement the captcha challenge. The hosting leverages AWS Cloudfront CDN for content delivery. However, no SEO, accessibility, or privacy compliance features are present on the challenge page. Security headers and HTTPS configuration details are not visible in the provided data. The security posture shows some strengths in DNSSEC and captcha usage but lacks visible security headers and privacy compliance mechanisms. The site does not expose forms or inputs, reducing attack surface but also limiting user interaction. Overall, the site is currently inaccessible for normal users without passing the challenge, which impacts usability and trust. Given these factors, the overall risk is moderate due to the blocking mechanism, but the lack of transparency and policies is a concern. Strategic recommendations include implementing visible security headers, publishing privacy and cookie policies, providing contact and incident response information, and improving user experience post-challenge.

B

BPER Banca

bper.it

70

BPER Banca is a large Italian banking group offering a wide range of financial services including retail banking, corporate banking, wealth management, loans, mortgages, and digital banking services. The website targets private individuals, businesses, and wealth management clients, providing comprehensive product offerings and digital access points. The site is built on a modern technical infrastructure using Liferay CMS, React, and various JavaScript libraries, ensuring a good user experience and mobile optimization. Security posture is strong with HTTPS enforced and bot protection via reCAPTCHA, though explicit security headers and published security policies are lacking. Privacy compliance is partially addressed with a cookie consent mechanism but no visible privacy policy or terms of service links in the main content. Overall, the website is professional, trustworthy, and well-positioned in the Italian banking sector.

C

Coopfond

coopfond.com

68

Coopfond is a mutualistic fund affiliated with Legacoop, dedicated to promoting cooperation and supporting the creation and sustainable growth of cooperatives in Italy. The organization has a strong market position with over 30 years of history, offering financial and strategic support to cooperatives, emphasizing sustainability, innovation, and solid growth. The website reflects a mature digital infrastructure built on WordPress with modern plugins and analytics tools, demonstrating a good level of digital maturity. Security posture is solid with HTTPS enforced and privacy compliance mechanisms in place, including cookie consent and GDPR-aligned policies. No critical vulnerabilities or blocking mechanisms were detected, indicating a secure and trustworthy online presence. Overall, Coopfond presents as a credible and professional organization with a clear mission and well-implemented digital presence.

B

Bad Egelsee

badegelsee.ch

60

Bad Egelsee is a public family and sports swimming facility located in Kreuzlingen, Switzerland, offering a variety of aquatic and wellness services including sport pools, family pools, saunas, and steam baths. The website presents a professional and consistent brand image targeting families, sports swimmers, and wellness seekers in the local community. The business model focuses on providing recreational and health-related aquatic services with a clear emphasis on family-friendly and sports-oriented offerings. Technically, the website uses modern JavaScript frameworks such as Alpine.js and integrates Matomo for analytics, indicating a moderate level of digital maturity. The site is mobile-optimized and SEO-friendly with good accessibility features, although some accessibility aspects could be improved. Security posture is solid with HTTPS enforced and cookie consent implemented, but lacks published security policies or incident response information. Overall, the website is trustworthy and professionally maintained with no signs of malicious activity or content safety concerns.

A

Albert und Barbara von Metzler-Stiftung

metzler-stiftung.de

61

The Albert und Barbara von Metzler-Stiftung is a small non-profit foundation based in Germany, focused on supporting children and youth through targeted social projects primarily in Frankfurt and surrounding areas. Established in 1998, the foundation operates with a clear mission to improve societal well-being through financial support and active engagement in projects. The website reflects a professional and consistent brand image, emphasizing transparency and community involvement. Technically, the site is hosted on Colt's infrastructure and likely uses an enterprise CMS, delivering a moderate performance with good mobile optimization and SEO practices. Security-wise, the site implements cookie consent mechanisms and avoids exposing sensitive data, but lacks explicit security policies or incident response information. Overall, the foundation demonstrates a trustworthy online presence with strong business credibility and privacy compliance.

S

Schaffhauser Fernsehen

shf.ch

55

Schaffhauser Fernsehen is a regional television broadcaster serving the Schaffhausen region in Switzerland, providing local news, cultural programming, and entertainment through multiple distribution channels including traditional TV providers and online livestreams. The website reflects a small media business focused on regional content with a modest digital presence. Technically, the site uses the phpwcms content management system and integrates various third-party advertising and tracking scripts, indicating a moderate level of digital maturity. However, the site lacks modern security headers and explicit privacy or cookie policies, which are critical for compliance and user trust. The security posture is basic, with no visible vulnerabilities but also no advanced protections or disclosures. Overall, the site is accessible and safe for general audiences but would benefit from enhanced privacy compliance and security hardening to improve trust and regulatory adherence.

P

Projektträger Jülich (PtJ) / Bundesministerium für Wirtschaft und Energie (BMWi)

enargus.de

59

EnArgus is an official German government internet portal managed by the Federal Ministry for Economic Affairs and Energy (BMWi) and Projektträger Jülich (PtJ). It provides comprehensive information on ongoing and completed energy research projects funded under the 7th Energy Research Programme. The portal offers multilingual support, a searchable project database, funding data visualizations, and a wiki for energy research terminology. The website targets researchers, policymakers, and industry stakeholders interested in energy research funding and project details within Germany. Technically, the site employs modern JavaScript frameworks including Bootstrap, Leaflet.js for mapping, and jQuery for DOM manipulation, delivering a responsive and user-friendly experience with moderate performance.

L

lankeleisi-bikes

lankeleisi-bikes.com

69

Lankeleisi-bikes.com is the official e-commerce website for Lankeleisi, a company specializing in dual motor electric bikes, including all-terrain, fat tire, and city commuter models. The site emphasizes a three-year warranty, positioning itself as a reliable brand in the electric bike market. The website is built on the Shopify platform, leveraging modern e-commerce technologies and integrations such as Judge.me for customer reviews and ShipGuard for shipping protection services. Multilingual support is provided through TranslationLab, targeting a broad international audience. Technically, the site is well-structured with good SEO and mobile optimization, though some accessibility features could be improved. Security posture is solid with HTTPS and domain status protections, but lacks DNSSEC and explicit security policies. Privacy compliance is basic, with cookie consent implemented but no visible privacy or terms of service pages. Overall, the site presents a professional and trustworthy front for its business, though it would benefit from enhanced transparency in privacy and security policies.

O

OneStore

one.store

65

OneStore is a technology company specializing in AI-powered customer engagement and marketing solutions tailored for e-commerce businesses. Their platform offers a comprehensive suite of tools including abandoned cart recovery, social proof notifications, gamified popups, email and SMS marketing, and integrations with major e-commerce platforms such as Shopify, WooCommerce, and BigCommerce. The company has established a strong market presence with over 150,000 businesses using their services and more than 2,450 five-star reviews on the Shopify App Store, indicating high customer satisfaction and trust. Technically, the website employs a modern technology stack with JavaScript frameworks, analytics tools like Google Analytics and ProfitWell, and customer support integrations such as Crisp chat. The site is hosted behind Cloudflare, ensuring performance and security benefits. The website is well-optimized for mobile devices, accessible, and SEO-friendly, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and uses domain status protections to prevent unauthorized transfers or updates. Cookie consent mechanisms are implemented in compliance with GDPR and CCPA regulations. However, there is no explicit security policy or incident response contact information published, and DNSSEC is not enabled, which could be improved to enhance security posture. Overall, OneStore presents a professional, trustworthy, and technically sound online presence with strong privacy compliance and business credibility. Strategic improvements in security transparency and DNS security would further strengthen their risk profile.

Omnisend operates as an omnichannel marketing platform specializing in email and multi-channel messaging services designed to help businesses engage customers effectively and compliantly. The website analyzed is a minimal landing page primarily used for tracking links from emails sent via Omnisend's platform and providing an abuse reporting contact. The business is positioned as a technology provider in the marketing automation space, founded in 2017, with a medium-sized operational scale. Technically, the website is hosted via Cloudflare with basic HTML, CSS, and JavaScript technologies. The site lacks advanced frameworks or CMS indications and shows moderate performance and basic mobile optimization. No analytics or tracking scripts were detected in the provided content, indicating a privacy-conscious minimal landing page. From a security perspective, the domain is registered with a reputable registrar and protected against unauthorized transfers. However, DNSSEC is not enabled, and no security headers were detected, representing areas for improvement. The presence of an anti-abuse contact email demonstrates incident response readiness, but the absence of privacy and cookie policies indicates compliance gaps. Overall, the website is functional for its purpose but limited in content and compliance documentation. Strategic improvements in security headers, privacy policies, and mobile optimization would enhance trust and compliance posture.

Swatch is a globally recognized watch brand operating an official Finnish e-commerce website offering a wide range of watches. The site is built on Salesforce Commerce Cloud, indicating a mature digital infrastructure supporting e-commerce functionalities such as product search, cart, and checkout. The website demonstrates strong branding consistency and professional design, targeting general consumers in Finland. Technically, the site uses modern web technologies and integrates multiple analytics and marketing tools, including Google Tag Manager and TikTok Analytics, with a cookie consent mechanism ensuring GDPR compliance. Security posture is solid with HTTPS enforced and CSRF protections, though explicit security headers should be verified. WHOIS data was unavailable from the raw output, likely due to query restrictions, but the domain is a well-known brand domain, reducing suspicion. Overall, the site is trustworthy, professional, and compliant with privacy regulations.

S

search.ch AG

search.ch

71

search.ch AG operates a leading Swiss local search engine and directory platform offering a wide range of services including phone directory, weather, maps, route planning, timetables, TV guides, cinema listings, and web search. The website targets Swiss residents and users seeking localized information, positioning itself as a comprehensive and trusted Swiss information hub. The business model centers on providing free access to local data supported by advertising revenue, with partnerships such as localsearch.ch enhancing its ecosystem. Technically, the site employs modern JavaScript libraries, advertising technologies, and analytics tools, delivering a good user experience with mobile optimization and multilingual support. Security posture is strong with HTTPS enforced and secure login forms, though formal security policies and incident response contacts are not publicly documented. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism, trustworthiness, and technical maturity.

M

modmore development

modmore.com

68

modmore is a specialized technology company focused on developing premium and open source extras for the MODX Revolution CMS platform. Established in 2012 and based in the Netherlands, modmore serves a professional audience of web developers and agencies with high-quality software products, support services, and a remote site management platform called SiteDash. The company maintains a strong market position within the MODX ecosystem, supported by a loyal user base and active community engagement. Technically, the website is built on modern web standards with a robust tech stack including jQuery, Google Analytics, Disqus, and Cloudflare DNS, ensuring fast performance and mobile optimization. Security posture is solid with HTTPS enforcement and domain transfer protections, though DNSSEC is not enabled and explicit security policies are not published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, modmore demonstrates a mature digital presence with professional branding, comprehensive content, and trustworthy business information.

O

OWNBIT GmbH

ownbit.net

56

OWNBIT GmbH is a Swiss web agency specializing in custom websites and web applications, with a strong focus on user-centered digital solutions. The company targets Swiss SMEs, corporations, and design agencies, offering tailored WordPress and web development services. With over 12 years of market presence and more than 200 clients, OWNBIT holds a reputable position in the local technology sector. The website reflects a professional and consistent brand image, supported by client testimonials and a 5-star Google rating. Technically, the website is built using modern frameworks such as Vue.js and Gridsome, ensuring fast performance and excellent mobile optimization. The use of WordPress for client projects indicates flexibility in CMS solutions. The site includes cookie consent mechanisms and a comprehensive privacy policy, demonstrating good GDPR compliance. However, explicit security headers and SSL configuration details are not evident from the data, suggesting areas for security enhancement. The security posture is moderate with no visible vulnerabilities or exposed sensitive data, but the absence of detailed security policies and incident response information indicates room for improvement. The WHOIS data is privacy protected, which is justified for this business type, though it limits domain age verification. Overall, the website is trustworthy, professional, and compliant with privacy regulations, with recommendations to strengthen security headers and transparency. Strategically, OWNBIT should focus on enhancing security best practices and publishing vulnerability disclosure policies to further build client trust and compliance readiness.

J

Jubla Region Basel

jublabasel.ch

10

Jubla Region Basel is a non-profit youth organization dedicated to providing children and adolescents in the Basel region with meaningful leisure activities such as group meetings, camps, and events. The organization emphasizes community, nature exploration, responsibility, and friendship, serving approximately 20 groups locally. The website is built on modern web technologies and the Neos CMS platform, offering a good user experience with mobile optimization and clear navigation. Security posture is solid with HTTPS enforced and no exposed sensitive data, though it lacks some security headers and formal security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the domain registration aligns well with the organization's identity, indicating legitimacy and trustworthiness.

O

Offene Kirche Elisabethen Basel

offenekirche.ch

54

Offene Kirche Elisabethen Basel operates as a non-profit church organization based in Switzerland, providing community church services and event hosting. The website serves as a platform for event information and booking, leveraging WordPress and the EventPrime plugin for event management. The target audience is the general public interested in church activities and community events. The organization holds a local market position as the first city church in Switzerland, focusing on community engagement rather than commercial activities. Technically, the website is built on a modern CMS with standard plugins, offering moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and nonce-based AJAX security, but lacks advanced security headers and explicit privacy and cookie policies, which are areas for improvement. The site does not employ extensive tracking or advertising, indicating a privacy-conscious approach, though GDPR compliance is incomplete due to missing policies. Overall, the domain registration data aligns well with the website's claims, supporting legitimacy. Strategic recommendations include enhancing security headers, publishing privacy and cookie policies, and improving accessibility and compliance to strengthen trust and security.

C

Caritas beider Basel

caritas-beider-basel.ch

11

Caritas beider Basel is a regional non-profit organization focused on providing social and legal support services, integration assistance, and emergency aid to individuals in the Basel-Landschaft and Basel-Stadt regions of Switzerland. The organization operates multiple service locations and offers a wide range of programs including social counseling, legal advice related to social welfare, secondhand clothing stores, affordable meals, child sponsorships, and support for caregivers. Their market position is strong within the regional social services sector, supported by their ZEWO certification which attests to their trustworthy handling of donations. Technically, the website employs modern web technologies including JavaScript, Google Tag Manager, and SEOmatic for SEO management. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and professional design. Privacy and cookie policies are implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Analytics usage is extensive, leveraging Google Analytics and Tag Manager, with transparent cookie consent. From a security perspective, the site uses HTTPS and includes CSRF tokens, but explicit security headers are not clearly visible in the HTML content. No critical vulnerabilities or exposed sensitive data were detected. The domain WHOIS data aligns well with the organization's identity and location, indicating legitimacy and consistency. No WAF or blocking mechanisms interfere with content access. Overall, Caritas beider Basel presents a professional, trustworthy, and well-maintained online presence that supports its mission of social aid and community support. Strategic recommendations include enhancing security headers, publishing a formal security policy, and establishing a vulnerability disclosure process to further strengthen their security posture.

ÖKK is a Swiss insurance company specializing in providing health insurance products tailored to private clients. The company positions itself as a reliable and sensible insurance provider with a focus on customer needs. The website reflects a professional and consistent brand image, targeting private clients primarily within Switzerland. The business model revolves around offering various insurance models and supplementary services to meet diverse client requirements. Technically, the website employs modern web technologies including JavaScript frameworks, font services, and third-party consent management tools, ensuring a responsive and user-friendly experience. Security-wise, the site enforces HTTPS, implements strong security headers, and uses reCAPTCHA to protect forms, although it lacks a dedicated security policy or incident response page. Overall, the website demonstrates a mature digital presence with good privacy compliance and trustworthy business information.

K

Karate Academy Hamburg e.V.

karateacademy.de

56

Karate Academy Hamburg e.V. is a specialized martial arts dojo located in Hamburg, Germany, offering karate training for children, youth, and adults across various skill levels. The organization emphasizes respect, self-defense, and physical and mental development through karate. The website is built on the Squarespace platform, featuring a professional design with good mobile optimization and clear navigation. Contact information and social media presence are clearly provided, enhancing business credibility. Security posture is adequate with HTTPS enforced but lacks advanced security headers and cookie consent mechanisms. Privacy policy is present and GDPR compliant but could be improved with explicit cookie management. Overall, the website reflects a trustworthy small business with a focus on community and training services.

D

Deutsche Stiftung für junge Erwachsene mit Krebs

junges-krebsportal.de

49

The Deutsche Stiftung für junge Erwachsene mit Krebs operates the Junges Krebsportal, a specialized online platform providing young cancer patients in Germany with direct access to expert advice and support. The portal offers multiple communication channels including online chats, telephone consultations, and in-person meetings, complemented by a Tandem-Beratung program where affected individuals support each other. The foundation is supported by recognized partners and foundations, reinforcing its credibility in the healthcare non-profit sector. Technically, the website is built using modern web standards including HTML5, CSS3, JavaScript, and the UIkit framework, hosted on a reputable German hosting provider. The site is mobile-optimized with good SEO practices and clear navigation, although accessibility features are basic. No major performance or technical issues were detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and explicit security or incident response policies. Privacy compliance is good with a comprehensive privacy policy, but no cookie consent mechanism is evident. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. Overall, the website presents a trustworthy, professional, and focused service with a strong business credibility score. Security posture is solid but could be improved with additional headers and policies. The absence of cookie consent mechanisms and incident response information are notable gaps. The domain WHOIS data is limited but consistent with the business purpose. No WAF or blocking mechanisms interfere with content access.

D

Deutsche Krebshilfe

bewegung-bei-krebs.org

65

The website bewegung-bei-krebs.org is a specialized German-language informational platform focused on the role of sport and physical activity in cancer therapy and rehabilitation. It is supported and funded by the reputable Deutsche Krebshilfe and is part of the IMPLEMENT project. The platform targets cancer patients, their relatives, and healthcare professionals, providing scientifically validated content, therapy offers, and free sports counseling. The site demonstrates a clear mission to support oncological rehabilitation through movement therapy, positioning itself as a trusted resource in this niche healthcare segment. Technically, the website uses modern web technologies including the Scrivito CMS, Bootstrap for styling, and Matomo for privacy-conscious analytics. Hosting appears to be on AWS infrastructure, and the site is mobile-optimized with good SEO practices. However, some security enhancements such as enabling DNSSEC and adding security headers could improve the overall security posture. From a security perspective, the site enforces HTTPS and has domain transfer protections in place. Cookie consent mechanisms are implemented, and privacy policies are present and GDPR compliant. No critical vulnerabilities or suspicious content were detected. The absence of a security policy or incident response contact is noted as an area for improvement. Overall, the website scores well on content quality, business credibility, and privacy compliance, with moderate scores in technical implementation and security posture. It is a professionally maintained, trustworthy platform serving a sensitive healthcare niche with a clear non-profit orientation.

The website gemeinsamgesund-hessen.de represents a regional health promotion program "teamw()rk für Gesundheit und Arbeit" in Hessen, Germany, focused on improving health and social participation for unemployed individuals. It is funded by the GKV-Bündnis für Gesundheit and coordinated by HAGE, collaborating with local job centers and community partners. The site provides detailed program information, team contacts, and a variety of health-related offerings both online and in-person. Technically, the site uses modern frameworks such as UIkit and Flatpickr, with interactive SVG maps and a cookie consent mechanism, indicating a moderate to good digital maturity. Security posture is adequate with HTTPS and cookie consent but lacks explicit security policies and headers. Overall, the site is professional, trustworthy, and compliant with GDPR, serving a non-profit healthcare and social inclusion mission.

F

FIGGE+SCHUSTER AG

figge-schuster.de

58

FIGGE+SCHUSTER AG is a Munich-based internet agency specializing in high-quality websites and online presences for medium-sized companies, with over 20 years of experience. Their core competencies include website relaunches, Weblication CMS development, SEO, Google Ads, film and video production, and corporate design. The company targets clients primarily in the German-speaking region, focusing on complex industries such as healthcare, real estate, and technology. The website reflects a professional and consistent brand image with comprehensive content and clear navigation. Technically, the site is built on the Weblication CMS platform, uses modern JavaScript libraries, and integrates etracker analytics. Mobile optimization and SEO practices are well implemented, though accessibility is basic. Security posture is good with HTTPS and cookie consent mechanisms, but lacks explicit security policies or incident response information. WHOIS data is consistent with the business profile, and no suspicious patterns were detected. Overall, the website is trustworthy, professional, and compliant with GDPR requirements.

S

Sparkassen- und Giroverband Hessen-Thüringen (SGVHT)

mein-fahrtwind.de

55

Mein Fahrtwind is a promotional website operated by the Sparkassen- und Giroverband Hessen-Thüringen (SGVHT), a public financial association in Germany. The site hosts a contest offering participants the chance to win one of eight electric scooters, targeting residents of Hessen, Thüringen, and parts of Rheinland-Pfalz. The website is professionally designed with comprehensive legal and privacy documentation, reflecting a strong commitment to GDPR compliance and user data protection. The contest employs a double opt-in mechanism to ensure participant consent and data accuracy. Technically, the site uses modern web technologies including Google Tag Manager, Matomo analytics, Adobe Typekit fonts, and a cookie consent management system. Hosting is managed via DomainControl, indicating a professional infrastructure. The site is mobile-optimized and accessible, with good SEO practices. Security measures include HTTPS and IP masking in analytics, though HTTP security headers are not explicitly detected. From a security perspective, the site demonstrates good practices with no visible vulnerabilities or exposed sensitive data. Privacy policies are detailed and transparent, including a named data protection officer contact. No incident response or vulnerability disclosure policies are found, which could be areas for improvement. Overall, the site presents a low risk profile with strong compliance and trust indicators. Strategically, the site effectively supports the SGVHT's marketing and public engagement goals, leveraging digital tools to promote sustainable mobility. The integration of multiple marketing and tracking tools is balanced with user privacy considerations, positioning the organization as responsible and trustworthy in its digital presence.

S

Sparkassen- und Giroverband Hessen-Thüringen (SGVHT)

finanzen-mit-daniel-jung.de

47

The website 'finanzen-mit-daniel-jung.de' is an educational platform focused on financial literacy, primarily targeting students and educators in the Hessen and Thüringen regions of Germany. It is operated under the auspices of the Sparkassen- und Giroverband Hessen-Thüringen, a reputable financial association. The site offers a series of well-structured, easy-to-understand videos and learning materials to enhance financial knowledge. The partnership with Sparkassen and the inclusion of the Sparkassen-SchulService platform reinforce its credibility and regional relevance. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and integrates Google Tag Manager and Matomo for analytics, alongside a GDPR-compliant cookie consent mechanism. The site is hosted on servers indicated by the nameservers 'your-server.de' and related domains, suggesting a professional hosting environment. The site is mobile-optimized and demonstrates good SEO and accessibility practices, though some improvements in accessibility and security headers could be made. From a security perspective, the site uses HTTPS with strong SSL configuration and implements cookie consent for privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies and terms of service are comprehensive and clearly presented, with a designated data protection officer contact provided. The site does not employ a vulnerability disclosure policy, which could be considered for future enhancement. Overall, the website presents a low-risk profile with strong business credibility and compliance posture. It effectively serves its educational mission with professional content and transparent governance. Strategic recommendations include enhancing HTTP security headers, formalizing a vulnerability disclosure process, and improving accessibility features to further strengthen the site's security and user experience.

G

Geschwister Meier Stiftung

gmstiftung.ch

61

The Geschwister Meier Stiftung is a Swiss non-profit foundation dedicated to supporting music and cultural activities ranging from traditional folk music to avant-garde experimental sounds. The website serves as an informational platform to present the foundation's mission and activities, targeting a general audience interested in arts and culture within Switzerland. The foundation operates in a niche cultural sector with a small organizational size and a focused business model centered on cultural funding and promotion. Technically, the website is built on the Wix platform, utilizing Wix's standard JavaScript libraries and hosting infrastructure. The site demonstrates moderate performance and good mobile optimization, with basic accessibility and SEO features. The technical stack is modern but limited to Wix's ecosystem, which simplifies maintenance but may restrict advanced customization. From a security perspective, the site benefits from HTTPS and a good SSL configuration. However, it lacks several security best practices such as security headers and explicit privacy and cookie policies, which are critical for GDPR compliance and user trust. No incident response or vulnerability disclosure information is provided, indicating room for improvement in security transparency and readiness. Overall, the website is professionally designed and consistent with the foundation's branding and mission. The absence of contact details and privacy-related policies slightly diminishes trust and compliance posture. Strategic enhancements in privacy compliance, security headers, and contact transparency would strengthen the foundation's digital presence and user confidence.

B

Bajour

bajour.ch

61

Bajour is a Swiss media company specializing in community journalism focused on Basel and its local community. The website offers news articles, community engagement features, and membership options, positioning itself as a trusted local media outlet. The content is professionally presented with a modern design and clear navigation, targeting residents interested in local news and cultural topics. Technically, the site is built on modern web technologies including React and Next.js, ensuring fast performance and excellent mobile optimization. Security posture is good with HTTPS enforced, but lacks some security headers and explicit privacy and cookie policies, which are areas for improvement. Overall, the domain registration and website content are consistent and legitimate, reflecting a trustworthy business entity.

Avadis Vorsorge AG is a Swiss financial services company specializing in pension fund management and investment solutions for institutional and private clients. The company offers a range of services including pension fund administration, private equity investments, real estate investments, and financial planning. With over 450 institutional clients and a strong presence in Switzerland, Avadis positions itself as a reliable and independent partner in the financial sector. The website reflects a professional and consistent brand image, targeting institutional investors and private individuals seeking investment opportunities and pension solutions. Technically, the website employs modern JavaScript frameworks, Google Analytics, and OneTrust for cookie consent, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Security-wise, the site uses HTTPS with strong SSL configuration and appropriate security headers, but lacks publicly available security policies or incident response contacts. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates a high level of professionalism and trustworthiness, with minor recommendations to enhance security transparency and incident response readiness.

M

mediacampus-frankfurt

mediacampus-frankfurt.de

66

Mediacampus Frankfurt is an established educational institution specializing in seminars, training, and educational programs for the book trade and media industry in Germany. The website presents a professional and well-structured platform offering a variety of courses, webinars, and training sessions targeting professionals, newcomers, and specialists in publishing and media sectors. The institution maintains a strong social media presence and provides detailed event information, enhancing its market position as a key player in media education. Technically, the website employs modern web technologies including JavaScript, Algolia Search for site search functionality, and Google Tag Manager for analytics, which is loaded conditionally upon cookie consent. The site is hosted on Anexia servers, uses HTTPS with good SSL configuration, and is optimized for mobile devices with good accessibility and SEO practices. However, some security headers are not explicitly detected, and no explicit security or incident response policies are published. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and privacy-aware analytics loading. No vulnerabilities or exposed sensitive data were found in the provided content. The WHOIS data aligns with the business claims, showing consistent domain registration and hosting. Privacy and cookie policies are not explicitly found in the provided content, which is a compliance gap. Overall, the site is safe, professional, and trustworthy with room for improvement in privacy disclosures and security policy transparency.

À

À la lyonnaise

alalyonnaise.fr

61

À la lyonnaise is a French lifestyle media company focusing on the city of Lyon, offering content related to food, shopping, cultural discoveries, and leisure activities. The website serves as a digital platform complementing their print magazine editions, targeting residents and visitors interested in Lyon's local culture and lifestyle. Their market position is that of a niche local media outlet with a consistent brand presence and active social media engagement. Technically, the website employs modern JavaScript libraries, Matomo and Google Analytics for tracking, and uses HTTPS with cookie consent mechanisms, indicating a moderate level of digital maturity. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS and cookie consent but lacks explicit security headers and public security policies, suggesting room for improvement in security posture. No critical vulnerabilities or blocking mechanisms were detected. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, though it could enhance transparency around terms of service and incident response. Strategic recommendations include implementing security headers, publishing security policies, and improving SEO and accessibility compliance.

O

Office du Tourisme et des Congrès de la métropole de Lyon

visiterlyon.com

69

The website www.visiterlyon.com serves as the official tourism portal for Lyon and its metropolitan area, operated by the Office du Tourisme et des Congrès de la métropole de Lyon. It provides comprehensive tourism information, online booking services for hotels, restaurants, leisure activities, and city passes such as the Lyon City Card. The site targets tourists, families, business travelers, and groups, positioning itself as an authoritative and trusted source for visiting Lyon. The content is rich, professionally presented, and available in multiple languages, enhancing accessibility and user experience. Technically, the website employs modern web technologies including Alpine.js for interactivity, Swiper.js for sliders, and MapLibre GL for mapping. It integrates Google Tag Manager and Google reCAPTCHA for analytics and security. The site is mobile-optimized, accessible, and SEO-friendly, with good performance metrics. Security best practices are observed with HTTPS enforcement, security headers, and secure forms, although explicit security policy and incident response information are not published. The security posture is strong with no detected vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies, GDPR adherence, and consent mechanisms. However, WHOIS data for the domain is missing or unavailable, which is unusual for an official entity and slightly impacts trustworthiness. Despite this, the website's certifications, social media presence, and comprehensive content support its legitimacy. Overall, the website is a high-quality, secure, and user-friendly platform for promoting tourism in Lyon. Strategic recommendations include publishing a dedicated security policy, incident response contacts, and a vulnerability disclosure policy to further enhance trust and transparency.

P

ProveSource

provesrc.com

61

ProveSource operates as a SaaS provider specializing in social proof and live sales notification tools designed to boost online sales conversions. The company positions itself as a market leader in this niche, targeting e-commerce businesses and online marketers. The website reflects a modern WordPress-based infrastructure with Elementor and Yoast SEO plugins, supported by AWS hosting inferred from DNS servers. The technical setup includes multiple analytics and marketing scripts such as Mixpanel, Facebook Pixel, and Google Tag Manager, indicating a mature digital marketing strategy. Security posture is adequate with HTTPS enabled and domain registration protections in place, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies, which is a notable gap for GDPR and other regulations. Overall, the site is professional and trustworthy but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

S

SAIO

saio.io

60

SAIO is a small ecommerce service provider specializing in Shopify development, offering custom themes, live webshop tweaks, and app development. The company positions itself as an industry leader trusted by thousands of shop owners worldwide. The website is built on Squarespace, leveraging standard web technologies and Google Analytics for tracking. The technical infrastructure is modern and mobile-optimized, though performance is moderate. Security posture is basic with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and published security policies. WHOIS data is incomplete and privacy-protected, which limits transparency but is common for small businesses. Overall, the website is professional and trustworthy with room for improvement in security and compliance documentation.

K

Keyweb AG

keymachine.de

75

Keyweb AG is a well-established German technology company specializing in custom-built dedicated servers and hosting services. With over 20 years of experience and TÜV certification, the company offers high-performance, sustainable server solutions tailored to business needs. Their close partnership with Keymachine Server Manufaktur enables rapid and flexible server manufacturing, supporting a broad range of IT infrastructure and hosting services. The website reflects a professional and trustworthy business with clear contact channels and comprehensive service offerings. Technically, the site uses modern web technologies including Bootstrap and JavaScript, is mobile-optimized, and performs well. Security posture is strong with HTTPS, cookie consent, and secure forms, though explicit security policies and incident response contacts are not published. Overall, the domain and WHOIS data align with the company's history and legitimacy, supporting a high trust level.

J

JAXForms AG

jaxforms.com

70

JAXForms AG is a Swiss technology company specializing in digital form and workflow solutions, offering a range of services from simple forms to tailored complete solutions. The company positions itself as a competent partner for digital transformation projects, serving a business audience primarily in Switzerland. Their website reflects a mature digital presence with professional design, clear navigation, and comprehensive content including success stories and job postings, indicating active operations and growth. Technically, the site is built on WordPress with modern JavaScript libraries and integrates Google Analytics for user tracking. Security posture is strong with HTTPS enforced and security headers present, though the absence of a dedicated security policy and incident response information suggests room for improvement. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a high level of professionalism, trustworthiness, and technical maturity, suitable for its business clientele.

F

Finom

finom.co

80

Finom is a fintech company founded in 2019, providing online business banking and financial management solutions tailored for SMEs, freelancers, and entrepreneurs across multiple European countries. The platform offers business accounts with local IBANs, cashback rewards, electronic invoicing, and accounting integrations, leveraging partnerships with licensed banks SolarisBank and Treezor. Finom positions itself as a fast, reliable, and secure financial platform with multilingual support and regulatory compliance under De Nederlandsche Bank (DNB). Technically, the website is built on modern frameworks such as Next.js and React, hosted on Amazon Cloudfront CDN, and optimized for mobile and SEO. The site employs TLS encryption and security best practices, including strong security headers and GDPR compliance. The user experience is professional, with clear navigation, comprehensive content, and trust signals like awards and customer reviews. Security posture is strong, with encrypted data transfers, no exposed sensitive information, and deposit insurance coverage. However, the site lacks a dedicated security policy and incident response contact details, which could enhance transparency and trust. Overall, the domain registration aligns well with the business claims, supporting legitimacy and credibility. The website is safe for general audiences, contains no adult or questionable content, and provides clear contact channels primarily via email and web forms. Strategic recommendations include publishing explicit security and incident response policies, enhancing vulnerability disclosure, and maintaining rigorous third-party script audits to sustain security and compliance.

H

Haufe-Lexware GmbH & Co. KG

lexware.de

70

Lexware, a division of the Haufe Group since 1993, is a leading German software provider specializing in business and accounting software for self-employed individuals, freelancers, and small to medium-sized enterprises. The company offers a comprehensive suite of products including invoicing, bookkeeping, payroll, e-invoicing, and integrated business banking solutions. With over one million customers and multiple industry certifications, Lexware holds a strong market position as a trusted provider in the German SME software market. The website reflects a mature digital presence with modern technologies, strong branding, and extensive customer engagement features.

B

blue-community.ch

bluecommunity.ch

48

Blue Community is a Swiss non-profit organization dedicated to advocating for water as a human right and promoting sustainable water management practices. The website serves as a community platform for municipalities, educational institutions, technical enterprises, church communities, and companies to demonstrate responsibility locally and globally. The organization positions itself as a niche player in the environmental non-profit sector with a focus on water resource protection and international partnerships. Technically, the website is built on WordPress using modern Gutenberg blocks, enhanced with Matomo analytics and Mautic marketing automation tools. It employs a cookie consent mechanism compliant with GDPR, ensuring user privacy and transparency. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and uses cookie consent best practices but lacks explicit security headers and published security policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms domain legitimacy and consistency with the organization's Swiss non-profit identity. Overall, the website presents a trustworthy, professional, and privacy-conscious platform with room for improvement in formal security documentation and incident response readiness.

E

Evang.-ref. Kirchgemeinde Zürich

migrationskirchen.ch

44

The Zentrum für Migrationskirchen (ZMK) is a non-profit church-affiliated organization under the Evangelisch-reformierte Kirchgemeinde Zürich, focused on supporting migration churches and fostering intercultural Christian dialogue in Zurich. The website provides comprehensive information about their services, including room rental for worship, support and mediation between migration churches and local reform churches, and current news. The organization is well-positioned regionally with clear contact details and a professional online presence. Technically, the site uses a CMS likely based on DynPG, with Bootstrap and Matomo analytics, delivering a mobile-optimized and user-friendly experience. Security posture is adequate with HTTPS and secure form handling, though security headers and explicit policies are not evident. Privacy compliance is strong with a clear cookie consent mechanism and a detailed privacy policy in German. Overall, the site is trustworthy, professional, and serves its community well.

S

Home | Stadtkloster Zürich

stadtkloster.ch

61

The website www.stadtkloster.ch is a small-scale, community-oriented site hosted on the Wix platform, primarily serving a Swiss audience. The site uses Wix's Thunderbolt framework and standard JavaScript libraries, indicating a modern but basic technical infrastructure. The content is minimal with no visible business or contact information, privacy policies, or terms of service, which limits its professional and compliance stature. Security posture is basic with no advanced headers or policies detected, and no forms or data collection mechanisms are apparent. Overall, the site appears safe and suitable for general audiences but lacks critical compliance and security features.

B

Bayerische Botanische Gesellschaft e.V.

bbgev.de

57

The Bayerische Botanische Gesellschaft e.V. is a long-established non-profit botanical society based in Munich, Germany, founded in 1890. The organization focuses on the scientific study and conservation of Bavaria's native flora, offering members educational programs, excursions, and publications. The website serves as an informational portal for members and interested parties, highlighting the society's history, activities, and protected areas it manages. Technically, the site is built on the Wix platform, leveraging Wix's Thunderbolt framework and standard web technologies. While the site is functional and professionally presented, mobile optimization and accessibility are basic, and there is room for improvement in SEO and privacy compliance. Security posture is adequate with HTTPS and standard headers, but lacks explicit security policies or incident response contacts. Overall, the site is trustworthy and suitable for its audience but could benefit from enhanced privacy and security features.

M

MVB GmbH

vlb.de

46

MVB GmbH operates the VLB (Verzeichnis Lieferbarer Bücher), a central platform for automated exchange of product information in the German-speaking book industry. The website serves key stakeholders including bookstores, publishers, self-publishers, and service providers, offering services such as order clearing (IBU), reference databases, and subscription discounts. The platform holds a strong market position as an authoritative source in its sector. Technically, the website employs modern web technologies including Bootstrap, Owl Carousel, and Google Tag Manager, hosted on Anexia infrastructure. It features responsive design, good SEO, and accessibility standards, with a cookie consent mechanism ensuring privacy compliance. The site is well-structured and professionally designed, providing a positive user experience. From a security perspective, the site uses HTTPS with good SSL configuration and no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policy pages, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced security posture. Overall, the website is trustworthy, professionally maintained, and compliant with GDPR. The WHOIS data aligns with the business entity, reinforcing legitimacy. Strategic improvements in security transparency and incident response readiness would further strengthen the platform's reliability.

N

National Geographic Partners, LLC

nationalgeographic.com

65

National Geographic Partners, LLC operates the National Geographic website, a globally recognized media organization specializing in science, exploration, geography, and environmental journalism. The website serves a broad audience interested in educational and documentary content, supported by flagship publications and television programming. Owned by The Walt Disney Company, it maintains a strong market position with consistent branding and high-quality content. Technically, the website employs modern web technologies including React and integrates advanced monitoring and consent management tools such as New Relic and OneTrust. Security posture is robust with HTTPS enforcement, security headers, and no detected vulnerabilities, although explicit vulnerability disclosure and incident response contacts are not publicly available. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the site demonstrates a mature digital presence with excellent content quality and user experience, suitable for a large enterprise media entity.

N

National Geographic España

nationalgeographic.es

55

National Geographic España operates as a prominent media brand delivering high-quality content focused on science, nature, history, and travel. The website serves a broad general audience with a mix of free and subscription-based content, supported by advertising partnerships and e-commerce through affiliated domains. The brand is well-established in Spain, leveraging multimedia content and digital subscriptions to maintain market relevance. Technically, the website employs a modern tech stack including advanced advertising technologies, consent management via Didomi, and multimedia delivery through JWPlayer. The site is mobile-optimized and uses HTTPS with appropriate security headers, reflecting a mature digital infrastructure. However, some areas such as explicit privacy policy publication and accessibility could be improved. Security posture is solid with HTTPS enforcement and consent mechanisms, but lacks visible vulnerability disclosure or incident response contacts. The absence of WHOIS data limits domain trust verification, though the website's professional presentation and branding strongly indicate legitimacy. Overall, the site presents a low-risk profile with good content quality and technical implementation, but should enhance transparency around privacy, contact information, and security disclosures to strengthen trust and compliance.

B

BOSS TONE EXCHANGE

bosstoneexchange.com

56

BOSS TONE EXCHANGE is a specialized online platform launched in 2022 that enables users of BOSS musical products to share original Livesets globally. The platform targets musicians and music producers who use BOSS gear, providing a community-driven service focused on content sharing. The website is professionally designed with good SEO and mobile optimization, leveraging modern web technologies and third-party services such as Google Analytics and OneTrust for cookie consent management. Hosting appears to be on AWS infrastructure, ensuring reliable performance. Security posture is adequate with HTTPS enforced and cookie consent implemented; however, DNSSEC is not enabled and security headers are missing, representing areas for improvement. No direct contact information or detailed security policies are published, which could impact user trust. Overall, the domain registration is consistent and legitimate, supporting the platform's credibility. The site contains no adult or questionable content and maintains a safe environment for general audiences.

A

ANSARO

ansaro.ch

62

ANSARO is a Swiss-based coffee roastery specializing in freshly roasted coffee beans and retailing coffee products. The company positions itself as a local Swiss quality brand with a focus on authentic taste and craftsmanship. The website is professionally designed using the Wix platform, indicating a moderate level of digital maturity suitable for a small retail business. The technical infrastructure leverages Wix's Thunderbolt framework, ensuring reasonable performance and mobile optimization. Security posture is adequate with HTTPS enforced, but lacks advanced security headers and visible privacy compliance mechanisms. Overall, the website is trustworthy and functional but would benefit from enhanced privacy and security features to meet compliance standards. Strategic recommendations include implementing privacy and cookie policies, adding security headers, and improving accessibility.

S

Swiss Olympic

coolandclean.ch

64

The website coolandclean.ch represents a national youth sports prevention program operated under the auspices of Swiss Olympic. It focuses on promoting healthy behaviors, fair play, and substance abuse prevention among young athletes and their leaders. The platform offers educational content, training tips, a material shop, and community support including regional ambassadors and consultation services. The site is well-branded, professionally designed, and targets youth sports organizations and their stakeholders in Switzerland. Technically, the site employs modern web technologies including Google Analytics, Facebook Pixel, and Google Maps API, likely built on a CMS such as Adobe Experience Manager. Security posture is strong with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response contacts are not visible. Overall, the domain registration aligns well with the business identity, supporting legitimacy and trustworthiness.

SWISS is a major international airline operating under the Lufthansa Group, providing comprehensive flight booking and travel services globally. The website is professionally designed, mobile-optimized, and offers a rich user experience with clear navigation and extensive travel-related content. Technically, the site leverages modern JavaScript frameworks, Adobe Helix RUM for performance monitoring, and Tealium for tag management, hosted on Akamai CDN ensuring fast and reliable delivery. Security posture is strong with HTTPS enforcement, secure login mechanisms, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high business credibility and trustworthiness, aligned with the Lufthansa Group's reputation.

Z

zurichnetgroup ag

netgroupcloud.ch

56

Zurichnetgroup ag is a Swiss ICT service provider specializing in cloud solutions tailored for small and medium-sized enterprises (KMU). The company leverages strong partnerships with Microsoft and Swisscom to offer a range of cloud services including private, public, hybrid clouds, and Microsoft 365 cloud solutions. Their market position is solidified by certifications such as ISO 9001, 14001, and 27001, and their focus on Swiss data protection standards appeals to privacy-conscious KMU clients. Technically, the website demonstrates a mature digital infrastructure with modern web technologies, responsive design, and good SEO practices. The use of JSON-LD structured data and lazy loading images enhances performance and search engine visibility. Hosting is implied to be with Swisscom, aligning with their service offerings. From a security perspective, the site enforces HTTPS, employs multiple security headers, and benefits from the robust encryption standards of their cloud partners. No critical vulnerabilities or exposed sensitive data were detected. However, explicit incident response and vulnerability disclosure policies are not publicly available, representing an area for improvement. Overall, the website and business present a trustworthy, professional image with strong compliance to privacy regulations and security best practices. The company is well-positioned in the Swiss KMU market with a comprehensive portfolio of cloud and IT services.

The website stefan-aufdermaur.ch serves as a personal or professional portfolio site for Stefan Auf der Maur, likely showcasing artistic or photographic work. The site is minimalistic with limited metadata and no structured data, focusing primarily on visual content. The target audience appears to be general visitors interested in the individual's work, with no commercial or transactional features evident. Technically, the site uses basic HTML, CSS, and JavaScript with lazy loading for images, but lacks advanced SEO, accessibility, and performance optimizations. Security posture is weak, with no visible security headers or privacy policies, and no HTTPS status confirmed from the provided data. No contact information or forms are present, limiting user engagement and trust signals. Overall, the site is functional but basic, with room for significant improvements in security, privacy compliance, and user experience.