Security Directory

A

AFLAMUNA

daleel.film

45

Daleel.film is a specialized non-profit platform created by AFLAMUNA and partners to support independent Arab filmmakers by providing comprehensive guides focused on social and environmental engagement in filmmaking. The website offers multiple guides including funding resources, impact organizations, green production practices, and impact campaign toolkits. It targets independent filmmakers in the Arab region and aims to facilitate their journey with accessible, open resources. Technically, the website uses a modern tech stack including jQuery, Bootstrap, and Google Analytics, with a responsive design optimized for mobile users. Security posture is solid with HTTPS and CSRF protections, though it lacks visible security headers and privacy/cookie policies. The absence of WHOIS data suggests privacy protection, which is reasonable for this type of non-profit entity. Overall, the site is professional, trustworthy, and serves a niche community effectively.

K

Katholische Kirche in Oberösterreich, Diözese Linz

meinbeitrag.at

62

meinbeitrag.at is a professionally maintained non-profit website affiliated with the Catholic Church in Upper Austria (Diözese Linz). It provides diverse content related to Christian faith, church contributions, and community engagement. The site targets individuals interested in Christianity and church activities in the region. Technically, it uses a modern CMS (siteswift), popular JavaScript libraries, and implements GDPR-compliant cookie consent mechanisms. Security posture is moderate with room for improvement in HTTP security headers and explicit incident response policies. The website is fully accessible without WAF or blocking mechanisms, and content is safe for general audiences.

Ö

Österreichische Ordenskonferenz

ordensgemeinschaften.at

63

The website www.ordensgemeinschaften.at represents the Österreichische Ordenskonferenz, a non-profit organization serving as the central representative body for 191 religious orders in Austria. The site provides comprehensive information about these orders, their social, educational, and cultural activities, targeting the general public interested in religious and spiritual matters. The organization positions itself as a key advocate and information hub for religious communities in Austria. Technically, the website is built on the siteswift-CMS platform and employs a modern tech stack including jQuery, Swiper.js, and Matomo analytics. It features a responsive design optimized for mobile devices and includes a robust cookie consent mechanism via Klaro. The site demonstrates good SEO practices and accessibility features, although some improvements could be made. From a security perspective, the site enforces HTTPS, implements CSRF protection on forms, and includes standard security headers. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and GDPR-aligned consent management. However, the site lacks explicit security policies, incident response information, and terms of service. Overall, the website is trustworthy, professionally maintained, and aligned with its non-profit mission. Strategic recommendations include publishing security and incident response policies, enhancing accessibility, and providing clearer direct contact information to improve user trust and compliance.

B

BEZIEHUNGLEBEN.AT

beziehungleben.at

64

BEZIEHUNGLEBEN.AT is a regional non-profit organization based in Upper Austria focused on providing relationship counseling, marriage preparation, family support, and educational seminars. The website serves as an information and service portal targeting couples, families, and individuals seeking support in these areas. The organization appears well-established with a professional online presence and clear service offerings. Technically, the website is built on the siteswift-CMS platform and uses modern JavaScript libraries such as jQuery and Magnific Popup. It implements HTTPS with good security practices including CSRF tokens and cookie consent management via Klaro. However, some security headers could be improved. Privacy compliance is strong, with clear links to comprehensive privacy and cookie policies hosted on the diocesan domain. No terms of service or explicit security policies were found. Overall, the site is trustworthy, safe, and professionally maintained.

C

Commune de Russin

russin.ch

50

Commune de Russin is a small local government entity in the Canton of Geneva, Switzerland, serving approximately 540 residents. The website provides comprehensive community information, local news, administrative services, and tourism details. It is built on WordPress with common plugins and libraries, offering a functional and user-friendly experience. The site is well-branded and consistent with its government role, targeting residents and visitors. Technically, the site uses modern web technologies but lacks advanced security headers and privacy compliance features. Security posture is moderate with HTTPS enabled but missing some best practices. Overall, the website is trustworthy and professional but could improve privacy and security policies to enhance compliance and user trust.

H

Häussler Leihservice

haeussler-leihservice.de

46

Häussler Leihservice is a German-based company specializing in rental services for table culture and event equipment, catering to both private and commercial customers. The company operates multiple physical locations and offers a wide range of products including crockery, cutlery, glasses, furniture, and gastronomy equipment. Their website reflects a professional and consistent brand image with detailed product information and customer service options. Technically, the website is built on the Contao Open Source CMS platform and utilizes modern JavaScript libraries such as jQuery and Google Tag Manager for analytics. The site is moderately optimized for performance and mobile devices, with good SEO and basic accessibility features. Hosting is provided via rzone.de, as indicated by the nameservers. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and published security or incident response policies, which are areas for improvement. Privacy compliance is partially met with a privacy policy present, but no cookie consent mechanism is detected, which may pose GDPR compliance risks. Overall, the website is trustworthy and professionally maintained, with a solid business presence. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance their security posture and compliance standing.

S

Sednove Inc.

sednove.com

61

Sednove Inc. is a Canadian technology company specializing in custom digital solutions for businesses, including software, dashboards, system interconnection, mobile applications, and secure hosting. The company targets businesses needing rapid adaptation and digital transformation, positioning itself as a niche provider with a strong focus on tailored solutions. The website reflects a mature and professional business with a consistent brand and reputable client base. Technically, the site uses modern JavaScript libraries and frameworks, a CMS named Extenso, and is hosted with a registrar Tucows Domains Inc. The site is mobile optimized and SEO friendly but lacks some advanced security headers and privacy compliance features. Security posture is good with HTTPS and domain transfer protections but could be improved by enabling DNSSEC and adding explicit security policies. Overall, the website is trustworthy and professional, though it lacks explicit privacy and cookie policies, which impacts compliance scores.

C

Commune de Cologny

cologny.ch

54

The website www.cologny.ch is the official online presence of the Commune de Cologny, a local government entity in Switzerland. It provides municipal information, news, events, and contact details for residents and visitors. The site is built on Drupal 9 and incorporates modern web technologies such as Bootstrap, jQuery UI, and lazy loading for images. It includes a cookie consent mechanism and uses Google Tag Manager for analytics. Contact information for municipal offices including phone numbers, emails, and physical addresses is clearly presented. However, explicit privacy policy and terms of service pages are not found, which is a compliance gap. The WHOIS data aligns well with the website's claims, indicating high legitimacy.

The website ticket-cloud.ch currently presents an offline or error page indicating that the searched cinema cannot be found. There is no active business content or service information available on the site. The technical infrastructure uses common frontend libraries such as Bootstrap, FontAwesome, jQuery UI, and Video.js, but lacks advanced frameworks or CMS integration. No forms or data collection mechanisms are present. Security posture is minimal with no visible security headers or HTTPS confirmation in the provided data. Privacy and cookie policies are absent, and no contact information is provided, limiting trust and compliance. Overall, the site appears to be either under maintenance or discontinued, resulting in poor user experience and low business credibility.

T

tirol kliniken gmbh

tirol-kliniken.at

62

Tirol Kliniken GmbH is the largest healthcare provider in Western Austria, offering a wide range of hospital and patient services including neurology, healthcare education, and media communication. The website reflects a professional and comprehensive digital presence targeting patients, healthcare professionals, and the general public in the Tirol region. The business model is focused on public healthcare service provision with a strong market position in the region. Technically, the website uses a custom ColdFusion-based CMS with common JavaScript libraries such as jQuery and Modernizr. The site is moderately performant with good mobile optimization and accessibility features. SEO and navigation are well implemented, supporting a positive user experience. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and published security policies. The use of an older jQuery version may pose minor risks. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear privacy and cookie policies aligned with GDPR. Overall, the website is trustworthy and professionally maintained, with recommendations to enhance security headers, update libraries, and publish incident response information to further strengthen security posture and compliance.

L

Landesbund für Vogelschutz in Bayern e.V. (LBV)

botschafter-spatz.de

49

The website botschafter-spatz.de represents a non-profit environmental conservation project managed by the Landesbund für Vogelschutz in Bayern e.V. (LBV). It focuses on the protection and monitoring of building-nesting birds in Bavaria, such as sparrows, swallows, and swifts. The site provides educational resources, a reporting platform for bird nesting sites, and promotes citizen participation in urban nature conservation. The project is regionally significant and well-integrated with the LBV's broader conservation efforts. Technically, the website is built on the Contao Open Source CMS platform and leverages modern JavaScript libraries including jQuery and mmenu for responsive navigation. It is hosted on servers associated with kasserver.com and uses HTTPS with a good SSL configuration. The site includes cookie consent mechanisms and detailed privacy policies, reflecting compliance with GDPR requirements. Social media integration is present via Facebook and Instagram links. From a security perspective, the site employs HTTPS and cookie consent but lacks explicit security headers and incident response contact information. No vulnerabilities or suspicious content were detected in the provided HTML. The absence of a security.txt or vulnerability disclosure page suggests room for improvement in transparency and security posture. Overall, botschafter-spatz.de is a professionally maintained, trustworthy website serving a clear non-profit mission. Strategic recommendations include enhancing security headers, publishing incident response contacts, and maintaining up-to-date libraries to further strengthen security and compliance.

L

Leibniz-Gemeinschaft

leibniz-gemeinschaft.de

50

The Leibniz-Gemeinschaft website represents a major German non-university research organization uniting 96 independent research institutes across multiple scientific disciplines. The organization focuses on research, knowledge transfer, and advising policy and public stakeholders. The website is professionally designed using TYPO3 CMS and modern web technologies, providing comprehensive content and clear navigation targeted at researchers, policymakers, and the public. The technical infrastructure is solid, hosted via INWX with HTTPS and cookie consent mechanisms implemented. Security posture is good, though lacking explicit published security policies or incident response contacts. Overall, the site is trustworthy, compliant with GDPR, and well-positioned in its sector.

E

Eventbanditz

eventcloud9.com

40

Eventbanditz appears to be a technology platform focused on event-related services, accessible via a login portal. The website content is minimal, primarily serving as an authentication gateway for users. The technical infrastructure leverages modern frontend technologies such as Bootstrap, jQuery, and OneUI framework, hosted on Microsoft Online infrastructure, indicating a professional setup. However, the site lacks public-facing business information, privacy policies, and security headers, which limits transparency and compliance visibility. Security posture shows basic best practices like POST method for login but lacks advanced protections such as DNSSEC and security headers. Overall, the site is functional but requires enhancements in privacy compliance, security hardening, and business transparency to improve trust and user confidence.

S

Sächsische Landesbibliothek – Staats- und Universitätsbibliothek Dresden

slub-dresden.de

62

The Sächsische Landesbibliothek – Staats- und Universitätsbibliothek Dresden (SLUB Dresden) operates as a major academic and public library institution in Germany, providing extensive library services, digital collections, research support, and cultural programming. The website reflects a mature digital presence with a comprehensive content offering targeting academic researchers, students, and the general public interested in cultural heritage. The institution's market position is strong within the regional and academic library sector, supported by government funding and a focus on open access and digital innovation. Technically, the website is built on TYPO3 CMS, leveraging modern JavaScript libraries such as jQuery, Chartist, and Fancybox. The hosting infrastructure appears to be aligned with German research networks, ensuring reliability and performance. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the website enforces HTTPS and uses secure login mechanisms like Shibboleth SSO. While some security headers are implied, explicit implementation of Content-Security-Policy and other headers could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear GDPR-aligned privacy and cookie policies. However, the absence of a public security policy or vulnerability disclosure program suggests room for maturity in security governance. Overall, the website is trustworthy, professionally maintained, and aligned with the institution's public service mission. Strategic enhancements in security policy transparency and header implementation would further strengthen its security posture.

D

domicil gGmbH

domicil-dortmund.de

47

domicil gGmbH operates a well-established live music and cultural venue in Dortmund, Germany, specializing in jazz and creative music since 1969. The organization hosts a variety of events including the notable Jazztage Dortmund festival, offers event space rentals, gastronomy services, and a fan merchandise shop. The website reflects a medium-sized non-profit cultural institution with a strong community focus and recognized awards, positioning it as a trusted local cultural hub. Technically, the website is built on the Contao Open Source CMS platform and utilizes common JavaScript libraries such as jQuery, Swiper.js, and Colorbox. The site is moderately performant, mobile-optimized, and has basic accessibility and SEO features. Hosting is provided by a regional hosting provider indicated by the nameservers. While HTTPS is enabled, the site lacks advanced security headers and cookie consent mechanisms, which are recommended for improved security and compliance. From a security perspective, the site shows no signs of vulnerabilities or exposed sensitive data. However, it lacks published security policies, incident response contacts, and a cookie consent banner, which are important for GDPR compliance and user trust. The domain WHOIS data is consistent with the business claims, showing no privacy protection and a legitimate registration history. Overall, domicil-dortmund.de is a credible and professionally maintained cultural website with good content quality and business credibility. Strategic improvements in privacy compliance and security posture would enhance trust and regulatory adherence.

F

fit4internet

fit4internet.at

10

fit4internet is an Austrian non-profit association dedicated to raising digital competences across Austria. The organization provides a comprehensive digital competence framework (DigComp AT), self-assessment tools, certification and accreditation services, and a course catalog to support lifelong learning in digital skills. The website reflects a professional and consistent brand with a clear focus on education and digital literacy. It targets a broad audience including the general public, education providers, and portal users interested in digital competence development. The business model revolves around standardization, evaluation, and certification of digital skills, positioning fit4internet as a key player in Austria's digital education landscape. Technically, the website employs a modern JavaScript stack including jQuery, Bootstrap, and various UI and analytics libraries such as Matomo and Pinpoll. The site uses a custom CMS and shows good mobile optimization and SEO practices. Performance is moderate with room for improvement in accessibility compliance. Security posture is strong with HTTPS enforced, security headers present, and no visible vulnerabilities. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. However, no explicit security policy or incident response information is publicly available. Overall, the website is trustworthy, professionally maintained, and aligned with its educational mission. The WHOIS data confirms legitimacy and consistency with the website's Austrian association identity. There are no signs of malicious activity or content safety concerns. Strategic recommendations include publishing a dedicated security policy, adding incident response contacts, and enhancing accessibility standards to improve inclusivity and compliance.

Bestattungen Hackmann is a small, family-owned funeral service provider based in Ibbenbüren, Germany, with a long tradition dating back to 1924. The company offers a comprehensive range of funeral-related services including hygienic care of the deceased, traditional and modern burial options, a dedicated farewell house, and funeral pre-planning. The website reflects a professional local business with clear service offerings targeted at residents of the Tecklenburger Land region. Technically, the site is built on the Contao CMS platform, utilizing common JavaScript libraries such as jQuery and Colorbox, hosted by Schlund Technologies. The website is mobile-optimized and provides a good user experience with clear navigation and contact options. Security posture is adequate with HTTPS enforced and a cookie consent mechanism in place, though security headers are missing and no explicit security or incident response policies are published. Overall, the site is trustworthy and compliant with GDPR requirements, but could improve in security best practices and transparency.

S

Stadt Ulm

ulm.de

71

Stadt Ulm operates an official municipal website providing comprehensive information and services to residents, businesses, and visitors. The site covers city politics, culture, economy, tourism, and offers online citizen services. It holds a strong market position as the authoritative digital portal for the city of Ulm in Germany. The website is well-branded, consistent, and targets a broad audience including citizens and tourists. Technically, the website leverages modern frameworks such as Bootstrap and is built on the Sitecore CMS platform. It integrates privacy-respecting analytics via Matomo and offers multilingual support through Conword. Accessibility features and cookie consent management demonstrate a mature digital infrastructure focused on user experience and compliance. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks a publicly visible dedicated security policy or incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the official city domain and name servers, confirming legitimacy. Overall, the website presents a low-risk profile with good privacy compliance and a professional digital presence. Strategic improvements could include publishing explicit security policies and incident response information to enhance transparency and trust.

V

Ville de Bruxelles

bruxelles.be

69

The website www.bruxelles.be is the official online presence of the City of Brussels, serving as a comprehensive portal for residents and visitors to access municipal services, news, and cultural information. The site is well-branded and professionally designed, targeting a broad audience interested in government services and local information. Technically, the site is built on Drupal CMS with modern frameworks such as Bootstrap and integrates multiple third-party services including Google Analytics and Cookiebot for analytics and cookie consent management. Security posture is strong with HTTPS enforced and appropriate security headers present, though there is room for improvement in publishing explicit privacy and terms of service policies and providing clear contact information for security or privacy concerns. The domain WHOIS data is not publicly available due to registry restrictions, but the domain is consistent with official government use and shows no suspicious indicators. Overall, the site demonstrates a mature digital infrastructure suitable for a large government entity with good compliance and security practices.

BVFI Akademie is a specialized educational platform focused on real estate and professional development training in Germany. It offers a variety of courses including live webinars, video on demand, and in-person seminars, targeting real estate professionals and individuals seeking management and personal growth skills. The website is affiliated with the BVFI Verband, a recognized professional association, enhancing its credibility and market position. Technically, the website is built on the Contao CMS platform and utilizes a modern JavaScript stack including jQuery and related libraries. The site is mobile-optimized with good navigation and user experience, though accessibility features could be improved. Performance is moderate with no major technical issues detected. From a security perspective, the site enforces HTTPS and uses cookies for session management and CSRF protection. A cookie consent mechanism is implemented, supporting GDPR compliance. However, explicit security headers are missing, and no incident response or vulnerability disclosure information is provided, indicating room for improvement in security posture. Overall, the website presents a professional and trustworthy front for its educational services with a solid technical foundation and good privacy compliance. Strategic enhancements in security policies and accessibility would further strengthen its position and user trust.

T

TRENDnet, Inc.

trendnet.com

75

TRENDnet, Inc. is a medium-sized technology company specializing in networking and surveillance hardware solutions for home and office environments. Their product portfolio includes wireless routers, network switches, IP cameras, and cloud-managed network services under the TRENDnet Hive brand. The company maintains a professional and comprehensive website with clear navigation, detailed product categories, and support resources. Their market position is that of a reliable and affordable networking solutions provider with a strong focus on quality and customer support. Technically, the website employs modern web technologies including jQuery, Bootstrap, and advanced UI components like Revolution Slider and Slick Carousel. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism aligned with GDPR requirements. Analytics usage is minimal and privacy-conscious. From a security perspective, the site uses HTTPS and enforces cookie consent but lacks explicit security headers and a published security policy or incident response contact. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data is unavailable or privacy protected, which slightly reduces domain trustworthiness but does not outweigh the professional presentation and business legitimacy evident on the site. Overall, TRENDnet's website demonstrates a strong digital maturity level with good content quality, technical implementation, and privacy compliance. Security posture is solid but could be improved with additional headers and transparency. The domain's WHOIS opacity is a minor concern. Strategic recommendations include enhancing security headers, publishing a security policy, and providing clearer security contact information to further strengthen trust and compliance.

A

Amnesty International Schweiz

amnesty.ch

66

Amnesty International Swiss Section operates as a non-profit organization dedicated to human rights advocacy within Switzerland. The website serves as a multilingual platform (English, German, French, Italian) providing information about campaigns, local groups, donation opportunities, and contact channels. It is positioned as a reputable national section of the global Amnesty International network, targeting the general public and supporters interested in human rights issues. Technically, the website is built on the Plone CMS platform, utilizing jQuery and Cookiebot for cookie consent management, and Piwik PRO for analytics. The site demonstrates moderate performance and good mobile optimization, with a clean and professional design. SEO and accessibility are adequately addressed, though accessibility could be improved further. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks publicly available security policies, incident response contacts, or vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's claims, supporting legitimacy and trustworthiness. Overall, the website presents a secure, professional, and trustworthy digital presence for Amnesty International's Swiss section, with room for improvement in formal security documentation and accessibility enhancements.

C

CAF ACLI SRL - CENTRO ASSISTENZA FISCALE ACLI

mycaf.it

57

CAF ACLI SRL operates as a fiscal assistance center in Italy, providing a broad range of tax-related services including tax declarations, document management, appointment scheduling, and online assistance through its myCAF platform. The website targets individuals seeking convenient and comprehensive fiscal support, leveraging digital tools to enhance user experience. The company maintains a solid market position with a medium-sized operation and a consistent brand presence. Technically, the website employs a mature technology stack based on ASP.NET WebForms and popular JavaScript libraries, integrating Google Analytics and Cookiebot for analytics and compliance. The site is mobile-optimized with good navigation and content relevance. Security posture is adequate with HTTPS enforced and privacy-conscious analytics configurations, though it lacks explicit security policies and advanced security headers. Overall, the site is trustworthy, professional, and compliant with GDPR, with room for improvement in security transparency and incident response readiness.

C

Caf Acli

cafacli.it

10

CAF ACLI is an Italian fiscal assistance center providing consultancy and support services related to tax declarations, IMU, TARI, and other fiscal obligations. The website targets Italian taxpayers and individuals seeking professional fiscal assistance. It offers detailed information on tax deadlines and services, positioning itself as a trusted intermediary in the Italian fiscal services market. Technically, the website is built on ASP.NET with a modern JavaScript stack including jQuery and UI libraries, integrated with Google Analytics, Facebook Pixel, and Cookiebot for tracking and consent management. The site demonstrates good mobile optimization and SEO practices but lacks explicit privacy and terms of service pages. Security posture is adequate with HTTPS and cookie consent mechanisms, though additional security headers and policies could improve the overall security maturity. Overall, the website is professional, trustworthy, and compliant with basic privacy regulations, but could enhance transparency and security documentation.

F

Faiat Service srl

italyhotels.it

55

Italy Hotels operates as an established online hotel booking platform specializing in accommodations throughout Italy. The website offers a broad inventory of over 20,000 hotels, targeting travelers seeking convenient and comprehensive booking options. The platform integrates interactive features such as maps and sliders to enhance user experience. Technically, the site employs a traditional web stack with jQuery, jQuery UI, and other JavaScript libraries, some of which are outdated and may pose security risks. The site is mobile-optimized and includes basic SEO and accessibility features. Security posture is moderate, with HTTPS implied but lacking explicit security headers and updated libraries. Privacy and cookie policies are present, indicating GDPR awareness, though contact information and incident response details are not publicly available. Overall, the site is professional and trustworthy but would benefit from technical and security improvements.

D

Deutscher Gutachter und Sachverständigen Verband e. V.

deutsche-gutachterauskunft.de

49

Deutsche Gutachterauskunft is a professional German-language platform that connects consumers and businesses with qualified experts and appraisers across Germany, Austria, and Switzerland. Backed by the Deutscher Gutachter und Sachverständigen Verband e. V., it offers a comprehensive directory, membership packages, and a marketplace for assignments. The website is well-structured, content-rich, and designed to facilitate easy expert search and engagement. Technically, it employs modern JavaScript libraries and integrates cookie consent and analytics tools with privacy considerations. Security posture is solid with HTTPS and cookie consent, though some security headers could be improved. Overall, the platform demonstrates a trustworthy and professional presence in the real estate and expert services sector.

N

njumii - Das Bildungszentrum des Handwerks

njumii.de

53

njumii.de is the official website of njumii - Das Bildungszentrum des Handwerks, an educational center affiliated with the Handwerkskammer Dresden, Germany. The organization offers a broad range of vocational training, master craftsman courses, continuing education, and company training primarily targeting skilled trades professionals. The website is well-structured, professionally designed, and uses TYPO3 CMS with modern frontend technologies to deliver a responsive and accessible user experience. While the site demonstrates strong business credibility and good technical implementation, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. Security posture is moderate with HTTPS usage but no visible security headers or incident response information. Overall, the site is trustworthy and serves its educational purpose effectively but could improve privacy compliance and security transparency.

EFEN GmbH operates a professional website focused on providing optimized safety systems for electrical energy distribution. The company targets industrial and infrastructure sectors requiring reliable and safe energy supply solutions. The website reflects a medium-sized business with a long-standing market presence since 2007, supported by a consistent brand and clear service offerings. Technically, the site uses legacy JavaScript libraries such as jQuery and jQuery UI, hosted on Forpsi nameservers, with moderate performance and basic mobile optimization. Security posture is moderate, with cookie consent mechanisms implemented but lacking explicit security headers and visible HTTPS enforcement in the provided data. Privacy compliance is good, with GDPR-aligned cookie and privacy policies. Contact information is primarily via a contact page, with no direct emails or phone numbers on the main page. Overall, the site is trustworthy and professional but could improve security and technical modernization.

F

Federalberghi

federalberghi.it

58

Federalberghi is the leading Italian federation representing the hospitality and tourism sector, advocating for over 20,000 member enterprises. The organization provides services including advocacy, training, publishing industry reports, and organizing events. The website is built on Microsoft SharePoint and uses a variety of JavaScript libraries and frameworks to deliver a professional user experience. While the site is secure with HTTPS and basic security practices, it lacks advanced security headers and explicit GDPR compliance mechanisms such as cookie consent banners. Contact information and organizational transparency are strong, supporting trustworthiness. The site links to numerous partner and affiliated domains, reinforcing its position in the industry.

S

Slovenský ochranný zväz autorský

soza.sk

55

Slovenský ochranný zväz autorský (SOZA) is a Slovak collective rights management organization dedicated to protecting and managing the rights of music authors. Established in 2003, SOZA serves a broad audience including authors, publishers, and users of music, providing licensing, rights management, and support services. The organization maintains a strong national presence with international partnerships and agreements, positioning itself as a key player in the Slovak music rights ecosystem. Technically, the website employs a moderate technology stack including jQuery, Google Analytics, and Hotjar for user analytics and behavior tracking. The site is hosted on exohosting servers and demonstrates good mobile optimization and SEO practices. The website is fully accessible without any blocking or WAF challenges, and it uses HTTPS with no visible SSL issues, indicating a secure connection. From a security perspective, the site implements cookie consent mechanisms and uses HTTPS, but lacks explicit security policies, incident response contacts, and advanced security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is evident through cookie policies and GDPR-aligned consent banners, though a dedicated privacy policy page is not clearly identified. Business credibility is strong with clear contact information, social media presence, and long domain age. Overall, SOZA's website is professional, secure, and compliant with privacy regulations, serving its target audience effectively. Strategic improvements in security policy transparency and incident response readiness would enhance trust and security posture further.

C

Campus X S.r.l.

cx-place.com

68

Campus X S.r.l. operates a professional website offering student campus accommodations, hotel stays, and meeting/coworking spaces across multiple cities in Italy. The company targets students and travelers seeking convenient and community-oriented housing solutions. The website is well-structured with clear navigation, multiple booking forms, and comprehensive privacy and cookie policies, indicating a mature digital presence. Technically, the site uses modern JavaScript libraries, Google reCAPTCHA for bot protection, and Iubenda for privacy compliance, reflecting a solid technical infrastructure. Security posture is good with HTTPS enforced and privacy consent mechanisms in place, though some security headers could be improved. The absence of WHOIS data raises concerns about domain registration legitimacy, but the professional site and business information suggest a legitimate operation. Overall, the site is trustworthy and functional with room for improvement in legal disclosures and security headers.

V

VCÖ

vcoe.at

56

VCÖ is a well-established Austrian non-profit organization dedicated to promoting ecologically sustainable, socially just, and economically efficient mobility. Their website serves as a comprehensive platform offering research, publications, events, and advocacy aimed at improving transportation policies and practices in Austria. The organization targets a broad audience including citizens, municipalities, and policymakers, emphasizing fair mobility opportunities for all demographics. Technically, the site is built on the Contao CMS and employs modern web technologies such as jQuery, Matomo Analytics, and Google Tag Manager, ensuring a good user experience with mobile optimization and accessibility features. Security posture is solid with HTTPS and CAPTCHA protections, though some security headers and explicit policies could be improved. Overall, the website is professional, trustworthy, and content-rich, reflecting the organization's credibility and commitment to sustainable mobility.

N

numera snc

numera.swiss

50

Numera snc is a Swiss-based small technology company specializing in digital transformation services for organizations including small businesses, public sector entities, associations, and NGOs. Their key offerings include consulting (accompagnement), web design (conception web), and professional photography services. The company positions itself as a trusted digital partner helping clients innovate and reach new horizons. The website is professionally designed using WordPress and Elementor, with clear navigation and good mobile optimization. Hosting is provided by Infomaniak Network SA, a reputable Swiss hosting provider. The website uses Google Analytics and Tag Manager for user tracking but lacks visible privacy and cookie policies, which is a compliance gap. Security posture is generally good with HTTPS enabled and no obvious vulnerabilities, though security headers are not detected and DNSSEC is not enabled. WHOIS data confirms the legitimacy of the domain registration consistent with the business identity and location.

The Centre Communal d'Action Sociale (CCAS) of Nice is a municipal public social service organization established since 2001, providing a broad range of social support services to the residents of Nice, France. Its offerings include senior care programs, social insertion initiatives, and community development actions. The website serves as an informational portal with links to official reports, social programs, and contact resources, targeting local citizens in need of social assistance. Technically, the website employs a basic but functional technology stack centered around jQuery and a CMS likely to be CMS Made Simple. The site is hosted by DIGITAL RURAL INFORMATIQUE and uses HTTPS to secure communications. While the site is accessible and contains relevant content, it lacks advanced mobile optimization, accessibility features, and modern security headers, which limits its technical maturity. From a security perspective, the website benefits from HTTPS but does not implement key security headers or provide explicit privacy, cookie, or security policies. There is no visible incident response or vulnerability disclosure information. The absence of these elements suggests room for improvement in compliance and security posture. However, no critical vulnerabilities or suspicious indicators were detected. Overall, the website is a trustworthy and legitimate municipal service portal with good business credibility but requires enhancements in privacy compliance, security best practices, and technical modernization to improve user experience and regulatory adherence.

U

U.S. Department of Commerce - International Trade Administration

dataprivacyframework.gov

63

The Data Privacy Framework website is an official U.S. government platform managed by the Department of Commerce's International Trade Administration. It serves as a resource and certification portal for U.S. organizations to comply with data transfer regulations from the European Union, United Kingdom, and Switzerland. The site targets multiple audiences including U.S. businesses, European businesses, individuals, and data protection authorities, providing program overviews, self-certification processes, and lists of participants. The business model is government-driven, focusing on regulatory compliance facilitation rather than commercial services. Technically, the website employs a modern frontend stack including React, Bootstrap, jQuery UI, and Font Awesome, hosted on Microsoft Azure Blob Storage. The site demonstrates good mobile responsiveness, accessibility, and SEO optimization. Performance is moderate, with no major technical issues detected. However, explicit security headers are not visible in the HTML, and no cookie consent mechanism is present, which are areas for improvement. From a security perspective, the site uses HTTPS and does not expose sensitive data or vulnerable libraries. The lack of visible security headers and absence of published security or incident response policies suggest room for enhancement in security posture. No vulnerabilities or malicious content were detected. WHOIS data is incomplete, likely due to .gov domain privacy restrictions, but the domain's official status and content confirm legitimacy. Overall, the website is a trustworthy, professional government resource with good content quality and technical implementation. Strategic recommendations include adding security headers, implementing cookie consent, publishing security policies, and enhancing transparency around incident response to strengthen compliance and trust.

M

Ministerium fuer Inneres und Kommunales NRW

open.nrw

64

Open.NRW is the official Open Government and Open Data portal of the North Rhine-Westphalia state government in Germany. It provides a comprehensive platform for transparency, citizen participation, and access to open datasets from the public sector. The portal targets citizens, municipalities, government agencies, and service providers, offering data, project information, and participation opportunities. Technically, the site is built on Drupal CMS, uses Matomo for privacy-conscious analytics, and implements cookie consent mechanisms compliant with GDPR. Security posture is strong with HTTPS and privacy features, though DNSSEC is not enabled. The domain registration aligns with the official government entity, reinforcing trust and legitimacy. Overall, the site demonstrates high professionalism, good technical implementation, and strong privacy compliance.

N

NRW.BANK

nrwbank.de

70

NRW.BANK is a regional development bank serving North Rhine-Westphalia, Germany, providing financial products such as loans, equity financing, grants, consulting, seminars, and networking opportunities. The website clearly targets founders, companies, private individuals, and public clients, positioning itself as a key financial partner for economic development in the region. The site is professionally designed with comprehensive content and clear navigation, reflecting a mature digital presence. Technically, the website employs modern frontend technologies including Bootstrap, FontAwesome, and jQuery, ensuring responsive design and good accessibility. The presence of a cookie consent mechanism and privacy policy indicates attention to privacy compliance. Performance is moderate, with room for optimization. Security posture is solid with HTTPS enforced and cookie consent implemented; however, explicit security policies and incident response contacts are not published, representing an area for improvement. No vulnerabilities or suspicious content were detected. WHOIS data aligns with the website's claims, supporting legitimacy. Overall, NRW.BANK's website demonstrates a high level of professionalism, security, and compliance suitable for a government-affiliated financial institution. Strategic enhancements in security transparency and contact information publication would further strengthen trust and compliance.

cronos Unternehmensberatung GmbH is a leading independent IT consulting firm specializing in the energy and utilities sector across Germany, Austria, and Switzerland. With over 30 years of experience, the company offers a comprehensive portfolio including strategic IT consulting, SAP and ERP solutions, billing, customer experience integration, and AI-driven process automation. Their market position as a top-tier partner is reinforced by multiple certifications such as SAP Gold and Diamond Partner Energy, UiPath Platinum Partner, and Twilio Gold Partner. The company emphasizes long-term partnerships and sustainable digital transformation for over 500 clients. Technically, the website is built on the Contao CMS platform, utilizing modern JavaScript libraries like jQuery, Swiper, and Font Awesome for UI enhancements. Hosting and DNS are managed via Cloudflare, ensuring good performance and security. The site is mobile-optimized, accessible, and SEO-friendly, with integrated analytics and marketing tools such as Google Tag Manager and Zoho SalesIQ. From a security perspective, the site enforces HTTPS and includes CSRF protection in login forms. Privacy and cookie policies are comprehensive and GDPR compliant, with a clear consent mechanism. However, explicit security headers like CSP and X-Frame-Options are not evident and could be improved. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, cronos.de presents a professional, trustworthy, and technically sound digital presence aligned with its business stature. The risk profile is low, with recommendations focusing on enhancing security headers and publishing a formal security policy and vulnerability disclosure channel.

E

EFEN GmbH

efen.com

52

EFEN GmbH is a German company specializing in the development and manufacturing of electrical safety components and systems for the energy, infrastructure, and industrial sectors. Established since 1993 and ISO certified, EFEN positions itself as a reliable and quality-focused manufacturer with a strong presence in the German and European markets. The company offers an online shop for easy ordering of components and provides technical support to its customers. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to its target audience. Technically, the website is built on WordPress with modern libraries such as jQuery and Slick Slider, ensuring a responsive and accessible user experience. SEO and accessibility features are well implemented, and the site includes a comprehensive cookie consent mechanism aligned with GDPR requirements. However, some improvements could be made in security headers and incident response transparency. From a security perspective, the site uses HTTPS and has implemented cookie consent, but lacks explicit security headers and incident response contact information. No vulnerabilities or exposed sensitive data were detected in the content. The absence of WHOIS registration data is a concern, reducing trustworthiness from a domain registration perspective, although the website content and business presence suggest legitimacy. Overall, EFEN GmbH's website is professional, secure, and compliant with privacy regulations, but the missing WHOIS data and lack of some security best practices suggest areas for improvement. Strategic recommendations include enhancing security headers, publishing a security policy, and verifying domain registration details to improve trust and compliance.

M

Mutual Help

mutualhelp.eu

52

Mutual Help is a non-profit mutual aid organization based in Bolzano, Italy, providing supplementary health funds to its members. The organization focuses on supporting healthcare costs through local partnerships and a network of contracted healthcare providers. The website is professionally designed, multilingual (German and Italian), and offers clear information about services, membership, and contact options. The presence of a secure contact form with CAPTCHA and GDPR-compliant cookie consent indicates a mature approach to privacy and security. The WHOIS data is not publicly available due to EURid privacy policies, but the website's professionalism and transparency support its legitimacy. Overall, the digital infrastructure is based on WordPress with modern plugins and SEO optimizations, providing a good user experience and compliance with relevant regulations.

P

Pro Hockey GmbH

hockeyshop.it

40

Pro Hockey GmbH operates a specialized e-commerce platform focused on professional hockey sports equipment, including ice hockey, inline hockey, and floorball products. The company targets athletes and enthusiasts in the hockey sports niche primarily in Italy, offering a wide range of products such as sticks, protective gear, apparel, and accessories. The website is well-structured with clear navigation and product categorization, supporting a positive user experience. The business maintains a credible market position with physical locations and verified contact information.

S

Südtiroler Jugendring (SJR)

jugendring.it

38

The Südtiroler Jugendring (SJR) is a well-established non-profit umbrella organization representing children's and youth associations in South Tyrol, Italy. Founded in 1977, it provides advocacy, participation opportunities, youth counseling, and various services to support youth engagement. The website reflects a professional and consistent brand image with clear communication channels and relevant content tailored to its target audience of youth and youth organizations in the region. Technically, the site is built on TYPO3 CMS with modern frontend technologies, offering good mobile optimization and user experience. Security posture is adequate with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. Overall, the site is trustworthy, compliant with GDPR, and free from suspicious or malicious content.

V

Ville de Fourmies

fourmies.fr

54

Ville de Fourmies operates an official municipal website providing comprehensive information and services to residents and visitors of Fourmies, France. The site offers local news, event agendas, administrative procedures, and contact information for elected officials, positioning itself as a trusted source of community information. The business model is that of a government entity focused on public service and community engagement. The website is well-branded, consistent, and targets a general audience including local citizens and stakeholders. Technically, the website employs a moderate technology stack including jQuery, Google Analytics, and Google reCAPTCHA v3 for security and analytics. It is hosted by OVH, a reputable provider, and uses HTTPS with a good SSL configuration. The site is mobile optimized and includes basic accessibility features. SEO is supported by proper metadata and structured data (JSON-LD) enhancing search engine visibility. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to mitigate bot activity. However, it lacks visible security headers and does not publish a dedicated security policy or incident response contacts. Cookie consent is implemented, supporting GDPR compliance. No vulnerabilities or suspicious content were detected. The WHOIS data is consistent with the website’s municipal nature, showing a long-established domain registered with OVH. Overall, the website presents a low-risk profile with good business credibility and moderate security posture. Strategic improvements include adding security headers, publishing a security policy, and enhancing accessibility. These steps would strengthen trust and compliance further.

W

WHY Portugal

whyportugal.org

43

WHY Portugal is a specialized non-profit organization serving as the official music export office for Portugal, founded in 2016. It supports Portuguese music professionals and artists by facilitating international exposure, export opportunities, and collaboration within the global music industry. The website reflects a focused business model targeting music industry stakeholders and international markets, with strong ties to national cultural organizations and European music export networks. Technically, the website is built on WordPress with a moderate tech stack including Google Analytics and Elementor, offering a good user experience and mobile optimization. Security posture is adequate with HTTPS enforced but lacks advanced security headers and DNSSEC, and no explicit security or incident response policies are publicly available. Privacy compliance is partial, with a terms and conditions page referencing GDPR but no cookie consent mechanism. Overall, the website is professional, trustworthy, and content-rich, serving its niche audience effectively.

V

VI.BE

vi.be

66

VI.BE is a well-established Belgian support platform for artists and the music sector, serving a broad audience from beginners to professionals, locally and internationally. The website reflects a mature digital presence with comprehensive content including news, events, job listings, and project promotion. The organization is positioned as a key player in the Belgian music industry, supported by reputable partners and sponsors. Technically, the site uses modern web technologies including Bolt CMS, FontAwesome, and CookieFirst for consent management, delivering a fast, mobile-optimized, and accessible user experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although explicit security policies and incident response contacts are absent. Privacy compliance is well addressed with clear cookie consent and a privacy policy in Dutch. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its target audience and business model.

T

Tarasoft

domnakinoto.com

54

Дом на киното is a Bulgarian cinema venue providing film screening schedules and online ticket sales primarily serving the Sofia region. The website offers a comprehensive program of films including premieres and upcoming shows, targeting general audiences interested in cinema. The business appears to be a small local media entity founded around 2010, with a consistent brand presence and active social media engagement. Technically, the site uses a modern JavaScript stack with libraries such as jQuery, Swiper, and Video.js, hosted on SuperHosting.BG. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and advanced security headers. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professionally maintained but could improve in privacy and security transparency.

A

Amt der Steiermärkischen Landesregierung

steiermark.at

67

The website www.verwaltung.steiermark.at serves as the official administrative portal for the Steiermark regional government in Austria. It provides comprehensive information and e-government services to citizens and businesses within the region. The portal features detailed navigation to government departments, service offerings, news updates, and contact information, positioning itself as a central hub for public administration in Steiermark. The site targets a broad audience including residents, government employees, and stakeholders seeking official information or services. Technically, the website is built on a custom CMS (ico-cms) and employs modern web technologies such as HTML5, CSS3, JavaScript, jQuery, and FontAwesome. It integrates privacy-respecting analytics via Matomo alongside Google Analytics and Facebook tracking pixels, balancing data collection with user privacy. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. From a security perspective, the site enforces HTTPS and implements a detailed cookie consent mechanism compliant with GDPR. However, it lacks publicly visible dedicated security policies or incident response contacts. Security headers are not explicitly detected in the HTML content, suggesting room for improvement. No vulnerabilities or suspicious content were identified, and the domain registration aligns with official government credentials, indicating high legitimacy. Overall, the website demonstrates a strong professional and trustworthy presence suitable for a government entity. Strategic recommendations include publishing explicit security and incident response policies, enhancing security headers, and maintaining transparency in vulnerability disclosures to further strengthen trust and compliance.

B

Bpifrance

bpifrance.com

69

Bpifrance is a prominent public investment bank in France, serving as a comprehensive support hub for entrepreneurs and institutions. The website reflects a mature digital presence with a focus on providing banking, coaching, insurance, and investment services to its target audience. The technical infrastructure is modern, leveraging Drupal 11 and various JavaScript libraries, with good mobile optimization and SEO practices. Security posture is solid with HTTPS and privacy mechanisms in place, though explicit security policies and incident response contacts are not evident. The absence of WHOIS data is a notable anomaly but does not detract from the overall legitimacy indicated by the website content and branding. Strategic recommendations include enhancing security header implementation, publishing a security policy, and improving accessibility compliance.

L

LOMAC NAUTICA S.R.L.

lomac.it

47

LOMAC NAUTICA S.R.L. is an established Italian manufacturer and seller of rigid inflatable boats, serving both recreational and professional markets. The company positions itself as a leader in Italy with a comprehensive product range from small tenders to large ocean navigation boats. Their website reflects a medium-sized business with a focus on quality, customer engagement, and international reach through multilingual support. Technically, the site uses a modern stack including jQuery, Owl Carousel, and integrates Google Tag Manager and Facebook Pixel for analytics and marketing. The presence of a consent management platform indicates good GDPR compliance. Security posture is solid with HTTPS and cookie consent, though lacks explicit security policy and incident response information. Overall, the website is professional, trustworthy, and well-optimized for user experience and SEO.

E

European Music Exporters Exchange

europeanmusic.eu

44

European Music Exporters Exchange (EMEE) is a Brussels-based non-profit association comprising 34 national and regional music export offices from 29 European countries. The organization supports European music artists, professionals, and companies in their export strategies by facilitating information exchange, expertise sharing, and collaborative projects. EMEE operates with a mix of public and private funding and positions itself as a key network in the European music export sector. The website reflects this mission with clear content, a resource center, and a newsletter to keep stakeholders informed. Technically, the website is built on WordPress with modern SEO practices implemented via the Yoast SEO plugin. It uses jQuery and jQuery UI libraries and integrates Matomo analytics with cookies disabled to respect user privacy. The site is mobile-optimized and demonstrates good performance and accessibility standards, although some security headers are not explicitly present. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks visible security policies, incident response contacts, and vulnerability disclosure mechanisms. The WHOIS data is privacy protected, which is typical for non-profit organizations, but limits direct verification of registrant details. Overall, the site presents a professional and trustworthy front with room for enhanced security transparency and policy disclosures. The overall risk is low given the nature of the organization and the absence of suspicious indicators. Strategic recommendations include implementing security headers, publishing security and incident response policies, and adding a vulnerability disclosure channel to improve trust and compliance.