Security Directory

D

DeepL

deepl.com

74

DeepL is a leading technology company specializing in AI-powered language translation services. Their flagship product, DeepL Translator, offers highly accurate translations for individuals, teams, and enterprises, supported by additional tools such as DeepL Write and DeepL Voice. The company targets a broad audience including businesses requiring localization, legal, marketing, and customer service solutions. The website demonstrates a mature digital presence with modern technologies like React and Gatsby, optimized for performance and mobile use. Security posture is strong with HTTPS enforcement and standard security headers, though explicit incident response and vulnerability disclosure information are not publicly available. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, DeepL presents a professional, trustworthy, and technically sound online presence.

M

MANDARIN CARE

mandarin-care.de

58

MANDARIN CARE is a specialized digital transformation partner focused on the healthcare and social economy sectors in Germany. The company offers services including employer branding, digital recruiting, digital communication, marketing, and IT services tailored to organizations such as social welfare associations, healthcare providers, municipalities, and public administration. Their market position is that of a niche provider with a professional and consistent brand presence supported by a well-structured and mobile-optimized website. Technically, the website is built on Drupal 10, leveraging modern web technologies and integrating comprehensive cookie consent management aligned with GDPR requirements. The site demonstrates good SEO, accessibility, and performance characteristics, with active use of analytics and marketing tools such as Google Analytics and Facebook Pixel, managed through a granular consent mechanism. From a security perspective, the site enforces HTTPS and integrates consent-based tracking controls but lacks explicit security policy documentation and incident response contacts. No critical vulnerabilities or suspicious patterns were detected, though security headers could be improved. WHOIS data is minimal but consistent with the business identity, supporting legitimacy. Overall, the website and business demonstrate a mature digital presence with strong privacy compliance and professional credibility. Strategic improvements could focus on enhancing security transparency and incident response readiness to further strengthen trust and compliance.

M

MANDARIN

mandarin.digital

58

MANDARIN is a German one-stop agency specializing in marketing, digital transformation, employer branding, and IT services. The company positions itself as a holistic partner for change and transformation, targeting businesses seeking to improve their digital presence and internal processes. The website reflects a mature digital infrastructure using modern technologies such as Next.js and React, with excellent mobile optimization and SEO practices. Security posture is strong with HTTPS, security headers, and a comprehensive cookie consent mechanism. Privacy compliance is well addressed with a detailed privacy policy and GDPR-aligned cookie consent. The WHOIS data is privacy protected, which is common for agencies, and does not raise immediate concerns. Overall, MANDARIN presents as a professional and trustworthy digital agency with a solid market position and a broad service portfolio.

T

TheDive GmbH

thedive.com

56

TheDive GmbH is a German-based consultancy specializing in organizational development and sustainable business models. Their website targets organizations interested in adapting to modern work environments with services including change management, leadership development, and agile methodologies. The company positions itself as a niche player focused on sustainability and adaptability in business. Technically, the website employs modern JavaScript, CSS, and third-party services such as Google Tag Manager and Cookiebot for analytics and cookie consent management. The site is mobile-optimized with good SEO practices but lacks visible security headers and explicit contact information, which could be improved. Security posture is moderate with no detected vulnerabilities but missing some best practices like security headers and incident response contacts. The WHOIS data is missing, raising some concerns about domain legitimacy, though the professional site content and compliance with privacy regulations mitigate this risk. Overall, the site is functional and professional but would benefit from enhanced transparency and security hardening.

W

WTSH GmbH

wasserstoffwirtschaft.sh

58

The website represents the Landeskoordinierungsstelle Wasserstoffwirtschaft SH, operated by WTSH GmbH, a government-affiliated entity focused on promoting and coordinating the green hydrogen economy in Schleswig-Holstein, Germany. It serves as a regional hub for supporting hydrogen projects, facilitating funding, knowledge transfer, and networking among stakeholders. The site is professionally designed, content-rich, and targeted at businesses, policymakers, and researchers involved in the hydrogen sector. Technically, it uses the gradwerk CMS platform with modern web technologies and demonstrates good mobile optimization and accessibility. Security posture is adequate with HTTPS enforced and domain management best practices observed, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is strong with clear policies and cookie consent mechanisms. Contact information is complete and transparent, enhancing business credibility. Overall, the site is trustworthy, well-maintained, and aligned with its stated mission.

I

i+m NATURKOSMETIK BERLIN

iplusm.berlin

54

i+m NATURKOSMETIK BERLIN is a small German company specializing in natural, fair, organic, and vegan cosmetics. The website serves as an e-commerce platform targeting consumers interested in ethical and natural skincare products. The business appears to be well-established with a domain age since 2014, consistent with its market presence. Technically, the website is built on WordPress, utilizing Yoast SEO for optimization and Google Tag Manager for analytics, indicating a moderate level of digital maturity. Performance and mobile optimization are adequate, though accessibility features could be improved. Security posture is basic with HTTPS enabled but lacking DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Overall, the site is professional and trustworthy but would benefit from improved security and privacy practices.

B

Bertelsmann Stiftung

bertelsmann-stiftung.de

50

Bertelsmann Stiftung is a well-established non-profit foundation based in Germany, focusing on societal change through projects, studies, and events. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content aimed at a broad audience including policymakers, researchers, and the general public. Technically, the site is built on TYPO3 CMS with modern web technologies and demonstrates good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and basic security headers, though explicit security policies and incident response information are not publicly disclosed. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professionally managed, with no signs of malicious activity or vulnerabilities.

G

Gut Klostermühle

gut-klostermuehle.com

49

Gut Klostermuehle is a boutique hospitality and wellness provider located in Brandenburg, Germany, offering unique accommodation, spa, culinary, and event services in a natural lakeside setting. The website is professionally designed using TYPO3 CMS and integrates modern tracking and marketing tools such as Google Tag Manager and Facebook Pixel. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Security posture is generally good with HTTPS enforced, but lacks some recommended security headers and incident response information. The domain WHOIS data is unavailable, which slightly impacts trust but the website content and business information appear consistent and professional. Overall, the site presents a trustworthy and user-friendly digital presence for its hospitality business.

SEENcard.de is a regional print media business focused on distributing compact flyers for the Mecklenburgische Seenplatte tourism region. Their business model centers on placing SEENcardBOX units at well-frequented tourist and commercial locations to provide targeted advertising and information to tourists and residents. The website is primarily in German and targets local businesses and visitors. Technically, the site uses legacy JavaScript libraries such as jQuery 1.3.2 and Cufon for font replacement, indicating some technical debt. Google Analytics is implemented with IP anonymization, and a cookie consent banner is present, showing basic privacy compliance. However, no advanced security headers or modern frameworks are detected, and the site lacks visible contact emails or phone numbers, relying on a contact form instead. The WHOIS data is limited but consistent with a small business using commercial hosting. Overall, the site is functional and professionally presented but would benefit from modernization and enhanced security measures.

M

MANDARIN

mandarin-medien.de

58

MANDARIN is a German-based one-stop agency specializing in marketing, digital transformation, IT services, and employer branding. The company positions itself as a holistic partner for change and transformation, targeting businesses seeking to improve their digital presence and internal processes. The website showcases a professional design with rich multimedia content, including videos and client references, indicating a mature digital infrastructure. Technically, the site is built on modern frameworks such as Next.js and React, optimized for performance and mobile responsiveness. Security posture is strong with HTTPS, security headers, and GDPR-compliant cookie consent mechanisms integrated with Google Consent Mode. However, no explicit security policy or incident response information is published, which could be improved. The WHOIS data is privacy protected, common for agencies, and does not raise immediate concerns. Overall, the site reflects a credible and professional digital agency with a solid market presence.

D

DashBO your User-Generated Content (UGC) platform

dashbo.xyz

57

DashBO is a small technology platform launched in 2023 that offers a dashboard for user-generated content focused on NFT services, 3D modeling, animation, and AI-generated chatbots. The website presents a niche offering targeting creators and users interested in digital and NFT-related creative services. The platform uses modern frontend technologies such as React and hosts static assets on Google Cloud Storage, indicating a contemporary technical infrastructure with moderate performance and mobile optimization. However, the site lacks comprehensive SEO and accessibility features. From a security perspective, the website uses HTTPS (implied by the URL) but lacks visible security headers and does not provide privacy, cookie, or terms of service policies, which are critical for compliance and user trust. No contact or incident response information is available, limiting transparency and user support. The domain registration is consistent with the business claims, being recently created in 2023 and registered with Go Daddy, LLC, with standard domain status protections in place. Overall, the website is functional but basic in content quality and security posture. It does not exhibit any adult or questionable content and targets a general audience interested in digital creative services. The lack of privacy and contact information, as well as missing security best practices, reduces the overall trustworthiness and compliance level. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, adding contact and incident response information, enabling DNSSEC, and improving security headers and SEO features to enhance trust, compliance, and security posture.

F

Finanzamt Neubrandenburg (RiA)

finanzamt-rente-im-ausland.de

51

The website www.finanzamt-rente-im-ausland.de is the official online presence of the Finanzamt Neubrandenburg (RiA), the central German tax office responsible for pensioners living abroad. It provides comprehensive information on the taxation of German pensions for residents outside Germany, including legal frameworks, payment options, and contact details. The site targets retirees receiving German pensions abroad and offers multilingual support to accommodate diverse users. The business model is public sector service provision under the Finanzministerium des Landes Mecklenburg-Vorpommern, positioning it as a unique and essential government entity in this niche. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with a moderate performance profile and basic mobile optimization. SEO practices are good with proper meta tags and structured navigation. However, no advanced frameworks or CMS are detected, and hosting details remain unknown. Security posture is adequate with HTTPS usage implied, but lacks explicit security headers and formal security or incident response policies. Privacy compliance is strong with a clear and comprehensive privacy policy, though no cookie consent mechanism is present. Security-wise, the site shows no signs of vulnerabilities or exposed sensitive data. The absence of a security.txt or vulnerability disclosure policy is a minor gap. Contact information is transparent and professional, enhancing trust. No advertising or tracking technologies are detected, supporting user privacy. Overall, the site is trustworthy, professional, and well-suited for its government service role. The overall risk is low given the official nature and content safety. Strategic recommendations include enhancing security headers, adding vulnerability disclosure information, improving mobile and accessibility features, and implementing cookie consent mechanisms to align with best privacy practices.

B

Bundeszentralamt für Steuern

bzst.de

65

The Bundeszentralamt für Steuern (Federal Central Tax Office) operates as the official German federal government agency responsible for tax administration and related services. The website serves multiple target audiences including private individuals, businesses, and government authorities, providing comprehensive tax-related information, digital services, and regulatory guidance. It holds a strong market position as the authoritative tax authority in Germany. Technically, the website is built on the Government Site Builder CMS and hosted by ITZBund, the federal IT service provider. It employs Matomo analytics hosted internally to ensure privacy compliance. The site is well-structured, mobile-optimized, and accessible, reflecting a mature digital infrastructure suitable for a government entity. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR. While explicit security headers and vulnerability disclosure pages are not detected, no critical vulnerabilities or exposed sensitive data were found. The WHOIS data aligns consistently with the official government entity, reinforcing legitimacy. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with minor recommendations to enhance security headers and publish incident response or vulnerability disclosure information.

The website formulare-bfinv.de serves as the official online portal for the German Federal Finance Administration, providing electronic access to tax and customs forms. It is positioned as a government service platform facilitating seamless and barrier-free interaction between citizens, businesses, and federal authorities. The site prominently features links to the Bundesfinanzministerium and Bundeszollverwaltung, reinforcing its official status and trustworthiness. From a technical perspective, the website employs basic HTML and CSS technologies without advanced frameworks or CMS detected. The site is moderately optimized for performance and accessibility, with specific mention of barrier-free usage for visually impaired users. However, there is room for improvement in mobile responsiveness, SEO metadata, and modern security practices such as implementing security headers and cookie consent mechanisms. Security posture is adequate but could be enhanced by adding HTTPS verification, security headers, and explicit incident response policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially addressed with a privacy policy present, but cookie management is lacking. Overall, the site demonstrates high business credibility as an official government resource but could benefit from technical and security enhancements. Strategically, the site should focus on improving technical infrastructure, enhancing security best practices, and increasing transparency around privacy and incident response to maintain trust and compliance in the evolving regulatory landscape.

O

OSZ I Technik des Landkreises Potsdam-Mittelmark

osz-teltow.de

53

OSZ I Technik des Landkreises Potsdam-Mittelmark is a regional vocational school in Germany specializing in technical education across multiple disciplines such as electrical engineering, IT, automotive mechatronics, media, sanitary and heating technology, and water construction. The institution serves students and apprentices primarily within the Potsdam-Mittelmark district, providing structured vocational training and apprenticeship programs. The website reflects a professional educational institution with clear contact information and program offerings but lacks comprehensive privacy and cookie policies, which are important for GDPR compliance. Technically, the website is built on WordPress 6.8.3, utilizing standard web technologies such as HTML5, CSS, and JavaScript. The site is moderately optimized for performance and mobile devices, with basic accessibility features. Security posture is adequate with HTTPS enabled but could be improved by implementing security headers and a vulnerability disclosure policy. No tracking or advertising scripts were detected, indicating a privacy-conscious approach, though the absence of privacy and cookie policies is a notable compliance gap. Overall, the security posture is moderate with room for improvement in privacy compliance and security best practices. The domain registration data aligns well with the website's identity, showing legitimacy and consistency. The site is safe for general audiences, with no adult or explicit content detected. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enhancing security headers, adding a vulnerability disclosure policy, and improving accessibility compliance to strengthen trust and regulatory adherence.

V

Verfassungsschutz Mecklenburg-Vorpommern

verfassungsschutz-mv.de

62

The website www.verfassungsschutz-mv.de serves as the official online presence of the Verfassungsschutz (Office for the Protection of the Constitution) of Mecklenburg-Vorpommern, Germany. It provides comprehensive information about the agency's mission to protect the democratic constitutional order against extremist threats. The site targets citizens, political stakeholders, and interested parties by offering detailed content on various extremist fields, legal frameworks, reports, and public service announcements. The business model is that of a government agency focused on transparency and public awareness. Technically, the website is built on standard web technologies including HTML5, CSS, and JavaScript, likely managed via a custom or proprietary CMS. The site is moderately performant, mobile-optimized, and accessible, with clear navigation and structured content. No advanced frameworks or third-party analytics/tracking tools were detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS (assumed from domain and typical government standards), implements cookie consent mechanisms, and avoids exposing sensitive data. However, no explicit security headers or incident response policies are published, and forms use GET methods without sensitive data collection. No vulnerability disclosure or security.txt files are present, which could be improved. Overall, the website is trustworthy, professional, and compliant with GDPR requirements, providing valuable public service content. The domain and hosting align with regional government infrastructure, supporting legitimacy. Recommendations include enhancing security headers, publishing security policies, and adding incident response contacts to strengthen security posture and user trust.

S

Steuerportal Mecklenburg-Vorpommern

steuerportal-mv.de

10

Steuerportal Mecklenburg-Vorpommern is an official government portal dedicated to providing tax-related information and services for the Mecklenburg-Vorpommern region in Germany. It serves citizens, businesses, and tax professionals by offering access to local tax offices, tax law guidance, service brochures, appointment scheduling, and up-to-date tax news. The portal is positioned as an authoritative regional government resource with a clear focus on public service and compliance facilitation. Technically, the website employs standard web technologies such as HTML5, CSS, and JavaScript, with a likely custom content management system tailored for government use. The site demonstrates good mobile optimization, accessibility, and SEO practices, although no major modern frameworks or platforms are explicitly detected. Performance is moderate, and the site includes a cookie consent mechanism to comply with privacy regulations. From a security perspective, the portal uses HTTPS (implied by the domain and typical government standards), but explicit security headers and incident response policies are not visible. No vulnerabilities or exposed sensitive data were detected in the HTML content. The site lacks a published security.txt or vulnerability disclosure policy, which could enhance transparency and security posture. Overall, the website is trustworthy and professional, with high content relevance and clear navigation. The absence of direct contact emails or phone numbers on the homepage is typical for government portals that centralize contact through other channels. The WHOIS data is limited but consistent with regional government hosting, supporting legitimacy. No WAF or blocking mechanisms interfere with content access, enabling full analysis. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and providing clearer contact channels for security issues to strengthen trust and compliance.

M

Ministerium für Wirtschaft, Infrastruktur, Tourismus und Arbeit Mecklenburg-Vorpommern

investorenportal-mv.de

10

The website www.investorenportal-mv.de serves as the official government portal for economic development and investor support in Mecklenburg-Vorpommern, Germany. It provides comprehensive information on investment opportunities, regional advantages, sector strengths, and support services including funding and workforce availability. The portal targets investors and businesses interested in establishing or expanding operations in the region, positioning itself as a trusted government resource. Technically, the site is built on the OpenCms content management system and employs standard web technologies such as HTML5, CSS, and JavaScript. It features a responsive design with good accessibility and SEO practices. The cookie consent mechanism is robust, offering granular user control and compliance with GDPR requirements. Analytics usage is minimal and privacy-conscious, relying on server log analysis and optional third-party video embed tracking. From a security perspective, the site uses HTTPS and implements cookie consent but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious domains were detected. The WHOIS data is limited but consistent with a legitimate government domain. Overall, the site demonstrates a solid security posture with room for improvement in formal security documentation and header implementation. The overall risk is low given the official nature and content safety of the site. Strategic recommendations include enhancing security headers, publishing a security policy, and maintaining privacy best practices to further strengthen trust and compliance.

3

3sat / Satellitenfernsehen des deutschen Sprachraums

3sat.de

61

3sat is a well-established public broadcasting media platform serving the German-speaking audience with a focus on cultural, scientific, and societal content. The website offers video streaming, live TV, documentaries, and magazines, positioning itself as a trusted source of quality media content. It operates under the umbrella of ZDF, a major German public broadcaster, ensuring strong market presence and credibility. The platform targets a general audience interested in educational and cultural programming.

G

GNK Dinamo

gnkdinamo.hr

11

GNK Dinamo is a prominent Croatian football club with a well-established digital presence, offering comprehensive services including news, membership, ticketing, merchandising, and academy information. The website targets football fans and club members, providing a professional and engaging user experience. The technical infrastructure leverages modern web technologies, including Cloudflare DNS, Google Analytics, Microsoft Clarity, and Facebook Pixel for analytics and marketing. Hosting is managed by a Croatian provider, ensuring regional consistency. Security posture is strong with HTTPS enforced and secure forms, though formal security policies and incident response details are absent. Privacy compliance is robust with clear policies and cookie consent mechanisms. Overall, the website demonstrates high professionalism, trustworthiness, and digital maturity.

E

ee-hub

ee-hub.de

54

ee-hub.de is a professional platform focused on the renewable energy sector, providing industry news, event management, and educational content primarily targeting energy professionals in Germany. The website leverages modern web technologies including Laravel and the Statamic CMS, hosted on DigitalOcean infrastructure, and integrates Google Tag Manager for analytics. Security posture is solid with HTTPS enforced, though improvements in security headers and explicit cookie consent mechanisms are recommended. Privacy policies and terms of service are present and comprehensive, supporting GDPR compliance. Overall, the site presents a trustworthy and professional digital presence with moderate technical maturity and good user experience.

The website 'Ondervoeding op het Menu' is a Dutch-language health awareness campaign managed by Nutricia, a subsidiary of Danone. It focuses on educating the public about undernutrition, especially related to illness, targeting the general Dutch population including elderly and caregivers. The site offers educational content, downloadable campaign materials, and contact options for further support. Technically, the site is built on Adobe Experience Manager hosted on Adobe AEM Cloud, using modern web technologies and tracking tools such as Adobe Helix RUM and TagCommander. The website is mobile-optimized with good SEO and accessibility basics. Security posture is solid with HTTPS enforced and cookie consent implemented, though it lacks explicit security headers and published security policies. The domain registration is consistent with the business and geographic focus, enhancing trustworthiness. Overall, the site is professional, trustworthy, and serves its awareness purpose effectively.

H

HADO-SPORT

hado-sport.de

36

HADO-SPORT is a small German sports retail business specializing in branded products for table tennis, tennis, and football. The website provides basic information about the company, its services, and brand partnerships, targeting sports enthusiasts and clubs. The technical infrastructure is simple, relying on standard HTML, CSS, JavaScript, and Google Analytics for tracking. Hosting is provided by domainFACTORY. Security posture is basic with no advanced headers or policies detected, and privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the website is functional but could benefit from modernization and improved compliance.

The website 'LitVideo Trailer-Datenbank' operated by qub media GmbH provides a niche service focused on the online distribution of book trailers for publishers, authors, bloggers, and online shop operators. The platform aims to enhance marketing efforts by integrating video content to increase user engagement and conversion rates. The business model centers on providing a specialized media service within the German market, targeting a small-sized company profile with consistent branding and a clear service offering. Technically, the website employs a basic but functional technology stack including HTML, CSS, JavaScript with jQuery, and Google Analytics for tracking. Hosting appears to be managed via generic German hosting providers as inferred from the nameservers. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. No CMS or modern frameworks were detected. From a security perspective, the site lacks visible security headers and cookie consent mechanisms, despite using Google Analytics, which raises privacy compliance concerns. HTTPS status and SSL configuration could not be confirmed from the data provided. No incident response or security policies are published, and no forms or input fields were detected to assess input security. The WHOIS data is structured and publicly available, with no privacy protection, supporting legitimacy, though the domain status 'connect' is unusual. Overall, the website is functional and serves its business purpose but requires improvements in security posture, privacy compliance, and technical modernization to enhance trust and user experience. Strategic recommendations include implementing HTTPS with strong SSL, adding security headers, deploying cookie consent mechanisms, and publishing clear security and incident response policies.

T

TRP

trpparts.com

9

TRP operates an e-commerce platform specializing in automotive parts and accessories, targeting vehicle owners and automotive professionals primarily in the United Kingdom and Europe. The website is professionally designed with multi-language support, indicating a broad international audience. The technical infrastructure leverages modern web technologies such as React.js and is hosted on Microsoft Azure, ensuring scalability and reliability. Google Tag Manager is used for analytics and marketing tracking, reflecting a standard digital maturity level. Security posture is adequate with HTTPS enforced; however, the absence of visible privacy and cookie policies, security headers, and incident response information indicates areas for improvement. Overall, the website is legitimate and professionally managed, but enhancements in privacy compliance and security transparency are recommended to strengthen trust and regulatory adherence.

S

Sparkasse Zwickau

spk-zwickau.de

69

Sparkasse Zwickau is a regional financial institution in Germany offering a broad range of banking and financial services including online banking, accounts, credit cards, loans, investments, insurance, and real estate services. The website targets both private and corporate customers and positions itself as a trusted local financial partner with a strong digital presence. The site is well-structured, professionally designed, and provides comprehensive product information and customer support channels. Technically, the website uses modern web technologies and is likely built on Adobe Experience Manager CMS, ensuring a robust and scalable platform. Mobile optimization and accessibility features are well implemented, enhancing user experience across devices. Security posture is strong with HTTPS enforced and session management features, although some security headers could be improved. Privacy compliance is evident with clear cookie consent mechanisms and detailed privacy policies. Overall, the website reflects a mature digital infrastructure suitable for a large financial institution with high trustworthiness and professionalism.

M

Mibau Stema Group

mibau-stema.com

53

The website 'Mibau Stema Group' presents a basic corporate presence with minimal content and limited business information. The domain WHOIS data is unavailable, indicating either a very recent registration, privacy protection, or incomplete WHOIS records, which raises concerns about domain legitimacy. The site loads external scripts from cloud.ccm19.de but lacks visible contact details, privacy policies, or terms of service, limiting trust and compliance indicators. Technically, the site uses standard web technologies but lacks advanced frameworks or CMS detection. Security posture is weak due to missing HTTPS and security headers. Overall, the site appears functional but lacks critical trust and security features.

N

NetIQ

validcoupons.net

49

ValidCoupons.net is a coupon and promotional deal aggregator primarily targeting the US market, operated by NetIQ, a Czech-based company. The website offers a large catalog of coupons, deals, freebies, and competitions, positioning itself as one of the largest portals in the US coupon space. The business model revolves around providing free discount codes and promotional offers to consumers, with additional incentives for registered users through bonus programs and cash prizes. The site maintains a consistent brand presence and leverages social media channels for outreach. Technically, the site uses a custom-built platform with standard web technologies including HTML, CSS, JavaScript, and Google Tag Manager for analytics. Hosting and domain registration are managed by Gransy, s.r.o., with nameservers indicating Czech hosting infrastructure. Security posture is moderate with HTTPS enabled and CAPTCHA protections on forms, but lacks advanced security headers and DNSSEC. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professional but could improve in security and privacy transparency.

C

Caminovo

caminovo.at

68

Caminovo is a specialized HR consulting firm based in Austria, focusing on providing HR business partner services on demand, personnel search, organizational development, and team coaching primarily for medium-sized and owner-managed companies. The website presents a professional and well-structured digital presence built on WordPress with modern tools such as Bricks Builder and Rank Math SEO, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement and appropriate security headers, complemented by GDPR-compliant privacy and cookie policies with active consent mechanisms. No critical vulnerabilities or blocking mechanisms were detected, supporting a trustworthy and reliable online presence. Overall, Caminovo demonstrates a solid market position in the HR consulting niche with a clear value proposition and professional digital maturity.

E

EDF power solutions Deutschland

mit-energie-arbeiten.de

54

EDF power solutions Deutschland is a medium-sized company specializing in the development, construction, and operation of renewable energy projects including onshore and offshore wind, photovoltaic systems, and battery storage solutions. As part of the international EDF power solutions group, it holds a strong market position in the German renewable energy sector. The website is professionally designed, mobile-optimized, and provides comprehensive information about the company’s services, values, and career opportunities. Technically, the site uses modern web technologies including Craft CMS, JavaScript modules, and Splide.js for interactive elements, hosted on performant infrastructure. Security posture is solid with HTTPS, CSRF protections, and cookie consent mechanisms, though it lacks explicit security policies or incident response contacts. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

B

Berufsgenossenschaft für Gesundheitsdienst und Wohlfahrtspflege (BGW)

bgw-online.de

62

The Berufsgenossenschaft für Gesundheitsdienst und Wohlfahrtspflege (BGW) operates as a statutory accident insurance provider for individuals working in the health and social services sectors in Germany. The website serves as a comprehensive portal offering information on accident insurance, prevention, rehabilitation, health protection, and training services. It targets professionals and organizations within the healthcare and welfare industries, positioning itself as a trusted and established institution within the German social system. Technically, the website is built on the CoreMedia CMS platform, hosted on Colt Technology Services infrastructure, and employs modern web technologies including JavaScript and CSS. It integrates analytics tools such as Matomo and eTracker for user behavior tracking, although it lacks a visible cookie consent mechanism. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. From a security perspective, the site enforces HTTPS and mentions the use of two-factor authentication for member services, indicating a commitment to protecting user data. However, explicit security headers are not evident, and no public security or incident response policies are found. The WHOIS data shows professional hosting but limited registrant details, which is typical for large institutional domains. Overall, the website demonstrates a strong business credibility and technical maturity with minor gaps in privacy compliance and security transparency. It is safe for general audiences and free from adult or questionable content.

The FC St. Pauli Museum website serves as a digital gateway promoting the museum's mobile app, targeting fans and visitors interested in the cultural heritage of the FC St. Pauli football club. The business operates as a non-profit cultural institution based in Germany, leveraging digital platforms such as Google Play and Apple App Store to distribute its app. The website content is well-structured, visually consistent, and provides clear calls to action for app downloads, supported by official social media channels and endorsements from reputable German cultural bodies. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with minimal external dependencies. It integrates Umami analytics for privacy-conscious user tracking. The site is mobile-optimized and offers a good user experience, although accessibility and SEO optimizations are basic. No advanced CMS or hosting details are evident from the content. From a security perspective, the website lacks visible security headers and does not provide explicit security or incident response policies. The absence of a cookie consent mechanism indicates partial GDPR compliance, though a privacy policy is present and accessible. No forms or direct contact information are provided, limiting data exposure risks but also reducing user engagement options. Overall, the website presents a trustworthy and professional front for the museum app, with low risk from a security and privacy standpoint. Strategic improvements in security headers, cookie consent, and published policies would enhance compliance and user trust. The domain WHOIS data was not provided, limiting the ability to assess domain registration legitimacy and history fully.

N

Nintendo

nintendo.com

81

Nintendo is a globally recognized leader in the video game industry, offering a wide range of gaming consoles, software, and digital services. The official German website serves as a localized portal providing product information, account management, and customer support tailored for German-speaking users. The site reflects Nintendo's strong market position and commitment to user engagement through a professional and well-branded online presence. Technically, the website employs modern web technologies, including CDN delivery, asynchronous JavaScript loading, and cookie consent frameworks, ensuring fast performance and compliance with privacy regulations such as GDPR. Security measures are robust, with HTTPS enforced and multiple security headers implemented, contributing to a high security posture. No critical vulnerabilities or suspicious activities were detected. The absence of WHOIS data is noted but likely due to privacy or registry policies rather than malicious intent. Overall, the website demonstrates a mature digital infrastructure aligned with Nintendo's enterprise status and global brand reputation.

L

Live for Speed

lfs.net

63

Live for Speed operates as a niche online racing simulator platform offering realistic car physics and multiplayer racing experiences. The business targets racing simulation enthusiasts with a freemium model that includes a free demo and purchasable additional content such as cars and tracks. The website is well-branded and maintains active community engagement through leagues, events, and forums. Technically, the site uses standard web technologies (HTML5, CSS, JavaScript) with moderate performance and basic mobile optimization. Security posture is solid with HTTPS enforcement and improved authentication mechanisms, though some security headers and cookie consent mechanisms are missing. WHOIS data is unavailable, which slightly impacts trust but is mitigated by the site's active presence and consistent branding. Overall, the site is professional, trustworthy, and focused on delivering a quality gaming experience.

B

BALTEX (The Baltic Sea Experiment)

baltex-research.eu

8

The BALTEX website represents a scientific research project focused on the Baltic Sea's hydroclimate and environmental systems. It serves as an archival resource for the project which was active primarily from 1993 to 2012, now succeeded by Baltic Earth. The site provides access to publications, project information, and links to partner organizations. The target audience includes researchers, environmental scientists, and policy makers interested in regional climate and water management. Technically, the website is built on legacy technologies such as Adobe GoLive with basic HTML and CSS, lacking modern CMS or responsive design. Security posture is weak with no visible HTTPS enforcement or security headers, and no interactive forms to assess input security. Privacy compliance is minimal with a basic privacy policy but no cookie consent mechanism. Overall, the site is trustworthy as an archival scientific resource but requires modernization and security improvements to meet current standards.

G

Generation Digitale GmbH & Co. KG

generationdigitale.net

53

Generation Digitale GmbH & Co. KG is a Hamburg-based digital agency specializing in web, video on demand, digital signage, and emerging technologies such as AR and VR. Established since 2002, the company offers comprehensive digital solutions including enterprise technology integration, UX/UI design, and online video platform development. Their market position is that of an experienced innovator serving businesses, brands, and public institutions with a focus on user-centered and technology-driven products. Technically, the website leverages modern Microsoft .NET technologies, Umbraco CMS, and cloud services like Azure, indicating a mature digital infrastructure. Privacy compliance is robust, with detailed GDPR-aligned policies and an opt-in cookie consent mechanism using Matomo analytics. Security posture is moderate, with room for improvement in security headers and explicit incident response disclosures. Overall, the website is professional, content-rich, and trustworthy, though the absence of WHOIS data for the domain introduces some uncertainty regarding domain legitimacy.

C

Colab Cooperative Inc

colab.coop

55

Colab Cooperative Inc is a US-based worker-owned agency specializing in crafting complex websites and custom applications for socially responsible organizations since 2010. The company positions itself as a niche provider focusing on cooperatives and non-profits, emphasizing listening and mission fulfillment. Their key services include discovery, design, development, support, maintenance, and Kubernetes hosting. The website reflects a professional and consistent brand image with strong trust indicators such as client testimonials and recognized certifications like B Corporation and US Federation of Worker Cooperatives. Technically, the site is built on WordPress, hosted on AWS infrastructure, and employs modern web standards with good mobile optimization and accessibility. Security posture is solid with HTTPS and anti-spam measures, though improvements are recommended in security headers and explicit security policies. Privacy compliance is partially met with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the site demonstrates high business credibility and technical maturity with minor gaps in privacy and security documentation.

JWP.com is a minimalistic website primarily serving as a login portal for users with credentials. The site lacks public-facing business descriptions or detailed service information, indicating it is likely an internal or restricted access platform. The domain is long-established, dating back to 1996, which suggests a mature presence, although no registrant organization details are publicly available. The hosting is provided by DreamHost, and the domain is registered through Epik LLC without DNSSEC enabled. Technically, the website uses basic HTML, CSS, and JavaScript with a PHP backend for form submission. There is no evidence of modern frameworks or CMS usage. The site shows basic design and accessibility but lacks mobile optimization and advanced SEO features. Security posture is weak, with no HTTPS enforcement visible in the provided data, no security headers, and no anti-CSRF or CAPTCHA protections on the login form. Privacy and cookie policies are absent, and no analytics or marketing tools are detected. Overall, the security posture is below average, with critical recommendations including enabling HTTPS, adding security headers, and implementing protections against automated login attacks. The site content is safe for general audiences, with no adult or questionable content detected. Contact information is limited to an obfuscated email address ([email protected]) and a login form, with no phone numbers or physical addresses provided. The overall risk assessment indicates a low trustworthiness level due to minimal content, lack of security best practices, and absence of compliance documentation. Strategic improvements in security, privacy compliance, and content transparency are recommended to enhance business credibility and user trust.

A

AccessPress Themes | Premium WordPress Themes & Plugins

accesspressthemes.com

3

AccessPress Themes operates a website offering premium WordPress themes and plugins targeting WordPress users and developers. The site presents professional design and content relevant to its niche. However, the absence of WHOIS registration data raises concerns about domain legitimacy or data availability. The technical infrastructure is based on WordPress with standard web technologies, showing moderate performance and good mobile optimization. Security posture is weak due to lack of visible HTTPS confirmation, security headers, and privacy compliance indicators. Overall, the site appears functional but lacks critical trust and security elements, increasing risk for users and business credibility.

S

stopsmoking

stopsmoking.ch

68

stopsmoking.ch is a professionally designed national platform based in Switzerland dedicated to supporting individuals in quitting smoking. It offers comprehensive educational content, counseling services, and tools tailored for both smokers and healthcare professionals. The platform is well-positioned in the healthcare and non-profit sectors, targeting a mature audience seeking tobacco cessation support. Technically, the site is built on TYPO3 CMS, employs modern JavaScript libraries like Swiper.js, and uses Matomo analytics hosted on a Swiss cloud provider, reflecting a good level of digital maturity and privacy awareness. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR and cookie regulations.

H

Helmholtz Munich

helmholtz-muenchen.de

60

Helmholtz Munich is a leading German research center specializing in health and environmental sciences. The organization focuses on biomedical research areas such as diabetes, obesity, environmental health, stem cells, bioengineering, and artificial intelligence. It serves a broad audience including researchers, healthcare professionals, and scientific partners, offering cutting-edge research, technology transfer, and scientific career development. The website reflects a strong market position as a reputable and well-established institution in the healthcare research sector. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and Matomo for analytics, indicating a mature digital infrastructure. The site is well-optimized for mobile devices, accessible, and SEO-friendly, with a professional design and clear navigation. Security measures include HTTPS enforcement, security headers, and script nonce usage, contributing to a robust security posture. Security-wise, the site demonstrates good practices with no visible vulnerabilities or exposed sensitive data. However, it lacks a visible cookie consent mechanism and a dedicated vulnerability disclosure policy, which are recommended for full GDPR compliance and security transparency. Incident response contact details are also not explicitly provided. Overall, the website is professional, trustworthy, and secure, with minor areas for improvement in privacy compliance and security transparency. The domain registration data aligns well with the organization's identity, reinforcing legitimacy and trustworthiness.

E

etracker GmbH

speisekarte.de

56

speisekarte.de is a well-established German online platform specializing in digital restaurant menus and restaurant search, operating since 2008. It serves a large user base with over 150,000 restaurants listed and millions of monthly visitors. The platform offers searchable menus, user accounts, and community features to enhance the dining experience. Technically, the website employs modern web technologies including JavaScript, CSS, and integrates third-party services such as Hotjar and eTracker for analytics, as well as a Consent Management Platform to ensure GDPR compliance. Hosting and DNS are managed via Cloudflare, providing robust performance and security. Security posture is strong with HTTPS enforced and consent mechanisms in place, though some security headers and explicit security policies are absent. Overall, the site is professional, user-friendly, and trustworthy with good privacy compliance and advertising transparency.

B

BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V.

bkk-care-life.de

48

BKK Care & Life is a healthcare-focused website dedicated to raising awareness about testicular cancer and promoting early detection through self-examination. The platform is supported by the BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V., a German statutory health insurance association. The website provides detailed educational content, including anatomy, function, and practical guides for self-checking testicles, targeting men primarily between 25 and 45 years old. The site is professionally designed, multilingual, and well-structured to serve its niche audience effectively. Technically, the website is built on WordPress 6.8.3 with WPML for multilingual support and uses standard web technologies including jQuery and custom JavaScript. Hosting is managed via domaincontrol.com name servers, indicating a stable and reputable hosting environment. Performance and mobile optimization are good, with accessibility and SEO features well implemented. From a security perspective, the site uses HTTPS with excellent SSL configuration but lacks some advanced security headers and a cookie consent mechanism. No forms collecting personal data were detected on the main page, reducing immediate privacy risks. The WHOIS data is consistent and legitimate, with no suspicious patterns. However, the site could improve by publishing a security policy, incident response contacts, and vulnerability disclosure information. Overall, BKK Care & Life presents a trustworthy, professional, and secure platform for health education with minor areas for improvement in privacy compliance and security best practices.

L

LiJOT

lijot.lt

53

LiJOT is a Lithuanian non-profit youth organization that unites national youth organizations and municipal youth councils. Established in 2000, it serves as a central body for youth engagement in Lithuania. The website is built on WordPress using the Elementor page builder, featuring good design quality and mobile optimization. It employs HTTPS and cookie consent mechanisms to enhance user privacy and security. However, the site lacks explicit privacy policies, terms of service, and contact information, which are important for compliance and user trust. The technical infrastructure is modern but could benefit from additional security headers and formalized incident response information.

D

Dansk Ungdoms Fællesråd

duf.dk

68

Dansk Ungdoms Fællesråd (DUF) is a well-established Danish non-profit umbrella organization founded in 1996, representing 78 nationwide youth and children's organizations. The organization focuses on promoting youth participation in democratic processes and supporting the development of youth associations through projects, funding, education, and international cooperation. The website reflects a mature market position with comprehensive content and clear communication tailored to youth organizations and stakeholders in Denmark. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web standards, responsive design, and privacy-conscious analytics tools. Security posture is solid with HTTPS enforced and script integrity checks, though some security headers and formal policies are absent. Overall, DUF demonstrates a high level of professionalism, trustworthiness, and compliance with GDPR, making it a credible and authoritative source in its sector.

E

European Youth Forum

youthforum.org

54

The European Youth Forum is a well-established non-profit organization representing the voice of young people across Europe. Their website clearly communicates their mission to empower youth and advocate for their rights, positioning them as a leading platform in the youth advocacy sector. The site offers comprehensive information about their actions, news, policy library, and membership, targeting youth organizations, policymakers, and young individuals. Technically, the website is built on a modern stack including Craft CMS, JavaScript frameworks, and uses Google Tag Manager for analytics. The site is well-optimized for mobile devices, features good accessibility practices, and loads quickly. The presence of a cookie consent mechanism and a detailed privacy policy indicates a strong commitment to privacy compliance. From a security perspective, the site enforces HTTPS and employs secure form handling with CSRF tokens. While explicit security headers are not fully confirmed, the overall posture is strong with no visible vulnerabilities or exposed sensitive data. The lack of WHOIS data is due to privacy protection, which is justified for this type of organization. No WAF or blocking mechanisms interfere with content access. Overall, the website presents a professional, trustworthy, and secure platform for youth advocacy in Europe. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure page to further strengthen trust and compliance.

M

Myndigheten för ungdoms- och civilsamhällesfrågor (MUCF)

mucf.se

56

MUCF is a Swedish government agency dedicated to improving the conditions for young people and civil society. It operates as the national office for EU youth programs such as Erasmus+ and the European Solidarity Corps, distributing grants and facilitating international exchanges. The website reflects a mature digital presence with a modern Drupal 11 CMS, integrated analytics via Matomo, and compliance with privacy regulations including GDPR. The site is well-structured, accessible, and professionally branded, reinforcing MUCF's authoritative position in its sector. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers could be enhanced. WHOIS data was not retrievable for the queried subdomain, but the domain's legitimacy is supported by official branding and content. Overall, MUCF's website is a trustworthy, well-maintained government resource serving youth and civil society stakeholders in Sweden.

S

SKD BKK

skd-bkk.de

57

SKD BKK is a German health insurance provider positioning itself as a premium 'S-Kasse' with unlimited health service benefits. The website presents a professional and consistent brand image, targeting general healthcare customers in Germany. The business model focuses on comprehensive health insurance services including family health, telemedicine, electronic patient records, and health courses. The company leverages TYPO3 CMS for its website platform, with custom theming by DSG1 GmbH, and employs privacy-conscious analytics via Matomo. Cookie consent is managed through Cookiebot, ensuring GDPR compliance. Security posture is solid with HTTPS and cookie consent mechanisms, though security headers and incident response policies are not explicitly published. Overall, the website is well-structured, mobile-optimized, and trustworthy, with no signs of malicious or adult content.

M

mhplus Krankenkasse

mhplus-krankenkasse.de

53

mhplus Krankenkasse operates as a health insurance provider in Germany, targeting private customers with a focus on excellent services and consultation. The website is built on TYPO3 CMS and hosted on plusserver.com infrastructure, indicating a stable and professional technical foundation. The site is well-designed, mobile-optimized, and provides relevant content for its audience. However, the absence of explicit privacy and cookie policies, security headers, and contact information reduces the overall security and compliance posture. The WHOIS data aligns with the business claims, showing legitimacy and consistent domain registration. Strategic improvements in privacy compliance and security practices are recommended to enhance trust and regulatory adherence.

U

Universitäres Herz- und Gefäßzentrum Frankfurt

herz-frankfurt.de

49

The Universitäres Herz- und Gefäßzentrum Frankfurt is a specialized heart and vascular center integrated within the Universitätsklinikum Frankfurt. It offers interdisciplinary cardiology, angiologie, heart and vascular surgery services, focusing on personalized patient care and advanced therapies. The center holds multiple certifications and maintains partnerships with reputable organizations, positioning itself as a leading healthcare provider in the region. The website reflects a professional and comprehensive digital presence with clear navigation and rich content tailored to patients, visitors, and medical professionals. Technically, the site is built on Craft CMS with modern web standards and includes privacy-conscious analytics implementations. Security posture is good with HTTPS and consent management, though explicit security policies and incident response details are absent. Overall, the site is trustworthy, compliant with GDPR, and well-optimized for user experience.