Security Directory

L

Liana Technologies Oy

liana.fi

65

Liana Technologies Oy is a Finnish technology company specializing in digital marketing and communication tools under the Liana®Cloud product family. The company targets marketing and communication teams, offering SaaS solutions such as marketing automation, email marketing, webinar hosting, and analytics. The website reflects a professional and consistent brand image with a focus on digital marketing efficiency. Technically, the site employs modern web technologies including jQuery, Bootstrap, Matomo analytics, and integrates third-party services like Stripe for payments and Pipedrive for chatbot functionality. Security posture is strong with HTTPS enforced, cookie consent implemented, and privacy-respecting analytics in use. However, explicit privacy policies and terms of service pages were not found in the provided content, indicating room for improvement in compliance transparency. Overall, the website is well-designed, mobile-optimized, and trustworthy, with a moderate to high security maturity level.

P

Poutapilvi

poutapilvi.fi

71

Poutapilvi is a Finnish digital agency specializing in digital service design, WordPress and WooCommerce development, and content marketing support. The company positions itself as a reliable partner for businesses and organizations seeking professional web solutions, emphasizing accessibility, usability, and customer service excellence. Their market presence is supported by multiple references and a high credit rating, indicating strong business credibility. Technically, the website is built on WordPress with a modern tech stack including Algolia search, Matomo analytics, and Google Tag Manager. The site demonstrates excellent performance, mobile optimization, and accessibility features, reflecting a mature digital infrastructure. Privacy compliance is well addressed with clear cookie consent mechanisms and comprehensive privacy policies. Security posture is solid with HTTPS enforced and privacy-respecting analytics, though the absence of explicit security policies and incident response contacts suggests room for improvement. No critical vulnerabilities or suspicious indicators were found, supporting a high trust level. Overall, Poutapilvi presents a professional, secure, and privacy-conscious digital presence suitable for its target audience. Strategic enhancements in security transparency and incident readiness would further strengthen their position.

L

Liedon Innovaatiokampus Oy

liedoninnovaatiokampus.fi

45

Liedon Innovaatiokampus Oy is a municipally owned innovation campus located in Lieto, Finland, established in 2023. It serves as a collaborative platform bringing together various business services, employment, education, logistics, and capital solutions to support local business growth and networking. The website reflects a regional government entity focused on fostering innovation and business development within the community. Technically, the site is built on WordPress with modern plugins for SEO, analytics, and cookie consent, hosted likely by Elisa Oyj. The site is well-structured, mobile-optimized, and provides clear navigation and relevant content for its target audience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Overall, the domain registration details align well with the business identity, indicating high legitimacy and trustworthiness.

V

Visit Naantali

visitnaantali.com

55

Visit Naantali operates as the official tourism website for the Naantali region in Finland, providing comprehensive information about local attractions, events, accommodations, and activities. The site targets tourists and visitors seeking to explore Naantali, positioning itself as a trusted and authoritative source for travel planning in the area. The business model focuses on tourism promotion and visitor engagement through digital content and booking facilitation. Technically, the website is built on WordPress with modern technologies including Bootstrap 5 for responsive design, Yoast SEO for search optimization, and Cookiebot for GDPR-compliant cookie consent management. The infrastructure includes Google Tag Manager and Matomo Analytics for tracking and performance monitoring. The site demonstrates good mobile optimization and accessibility features, though some accessibility aspects could be enhanced. From a security perspective, the website enforces HTTPS and employs clientTransferProhibited status on the domain to prevent unauthorized transfers. Cookie consent is actively managed, and no critical vulnerabilities or exposed sensitive data were detected. However, DNSSEC is not enabled, and additional HTTP security headers could be implemented to strengthen security posture further. Overall, the website presents a professional, trustworthy, and user-friendly platform for tourism promotion with a solid technical foundation and good privacy compliance. The absence of explicit privacy policy and terms of service pages in the scanned content is a gap that should be addressed to improve compliance and user trust.

C

CFL multimodal

cfl-mm.lu

61

CFL multimodal is a Luxembourg-based logistics and transportation company specializing in rail freight, multimodal hubs, and comprehensive logistics services. It operates as part of the CFL Group, providing sustainable and efficient freight solutions across Europe. The website reflects a professional and well-structured digital presence with clear service offerings and a focus on environmental responsibility. Technically, the site uses modern web technologies including jQuery, Bootstrap, FontAwesome, and integrates analytics tools such as Google Tag Manager and Matomo. The security posture is adequate with HTTPS and cookie consent mechanisms, though explicit security headers and policies are not evident. The absence of WHOIS data limits domain trust assessment, but the overall business credibility is supported by consistent branding and social media presence. Privacy compliance is well addressed with GDPR-aligned policies and cookie management.

C

College Magazine, LLC

collegemagazine.com

65

College Magazine, LLC operates a professional online media platform focused on providing college-related content authored by students nationwide. The website offers comprehensive guides on colleges, majors, internships, career advice, and student life, positioning itself as a niche educational media outlet. The platform leverages a modern WordPress infrastructure with advanced SEO and analytics tools, ensuring a fast, mobile-optimized, and accessible user experience. Security posture is strong with HTTPS enforcement and privacy management tools, though explicit privacy and terms pages are missing, which should be addressed to improve compliance and trust. WHOIS data is unavailable or privacy protected, slightly impacting domain trust but not detracting from the professional presentation and content quality. Overall, the site is a credible resource for college students and prospective applicants.

E

European Vegetarian Union

euroveg.eu

48

The European Vegetarian Union (EVU) is a well-established non-profit organization representing vegetarian and vegan associations across Europe. It focuses on advocacy, policy influence, and promoting plant-based diets with a clear emphasis on sustainability, health, and consumer protection. The website serves as a central hub for information, membership coordination, and news related to plant-based food systems in the EU. Technically, the site is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable infrastructure. The presence of Matomo and Google Analytics shows moderate user tracking for analytics purposes. Security-wise, the site employs HTTPS and several security headers, but lacks publicly available security policies or incident response information. Privacy compliance is incomplete due to missing privacy and cookie policies. Overall, the site is professional, trustworthy, and serves its niche audience effectively, though it would benefit from enhanced privacy disclosures and direct contact information.

T

The Vegan Catalog

thevegcat.com

69

The Vegan Catalog is an online niche retail platform focused on providing a comprehensive catalog of vegan products across multiple categories including food, cosmetics, pets, and household items. Founded in 2019, it serves a specialized audience interested in vegan lifestyle products, offering multilingual support and a mobile app to enhance accessibility. The website positions itself as a leading resource in the vegan product catalog space, emphasizing breadth and ease of product discovery. Technically, the website employs a modern JavaScript-based frontend with Matomo analytics for privacy-conscious user tracking. It uses cookie consent mechanisms and standard SEO practices, with a responsive design optimized for mobile devices. The hosting and domain registration are consistent and reputable, though the CMS appears custom or proprietary without common CMS footprints. From a security perspective, the site enforces HTTPS and uses clientTransferProhibited domain status to prevent unauthorized transfers. However, it lacks DNSSEC and advanced security headers, and does not publish a formal security policy or incident response contacts. Privacy compliance is well addressed with clear privacy and cookie policies, but contact information is minimal, limiting direct user support channels. Overall, the website is professionally designed and functional with moderate security posture and good privacy practices. Strategic improvements in security headers, DNSSEC, and incident response transparency would enhance trust and resilience. The absence of direct contact details and security disclosures suggests room for maturity in business credibility and security culture.

L

Luxembourg - Let's Make It Happen (LMIH)

lmih.lu

47

Luxembourg - Let's Make It Happen (LMIH) is an official government-backed platform designed to inspire and connect actors involved in promoting Luxembourg internationally. The website offers a rich selection of multimedia tools, branding guidelines, and partnership opportunities to support the promotion of Luxembourg's values and talents. It targets both national and international audiences including ministries, public administrations, businesses, and associations. The platform is positioned as a central resource for Luxembourg's national branding efforts, leveraging modern web technologies and a multilingual approach to maximize reach and engagement. Technically, the website is built on WordPress 6.8.1 with a modern tech stack including Yoast SEO, jQuery, Select2, Swiper.js, and Matomo analytics for privacy-conscious tracking. It employs HTTPS with good SSL configuration and integrates Google reCAPTCHA v2 for form security. Accessibility features and SEO optimizations are well implemented, contributing to a positive user experience across devices. However, explicit privacy and cookie policy pages are not detected in the provided content, which is a compliance gap. From a security perspective, the site follows best practices such as HTTPS enforcement and CAPTCHA protection on forms. The use of Matomo analytics and Axeptio cookie consent indicates a privacy-aware approach. Nonetheless, the absence of security headers and vulnerability disclosure policies suggests room for improvement in security posture. No vulnerabilities or suspicious activities were detected in the analysis. Overall, the website presents a professional, trustworthy, and well-structured platform aligned with its government branding mission. Strategic recommendations include publishing comprehensive privacy and cookie policies, implementing security headers, and establishing a vulnerability disclosure mechanism to enhance compliance and security maturity.

T

Tampereen kaupunki

tampere.fi

74

Tampereen kaupunki operates as the official municipal government website for the city of Tampere, Finland, providing residents and visitors with comprehensive access to city services, news, and online transactions. The website is positioned as a key digital gateway for public sector services, reflecting a large-scale government entity with a focus on accessibility and user engagement. The business model centers on public service delivery with no commercial intent, targeting local citizens and stakeholders. Technically, the site leverages Drupal 10 as its CMS, integrates Matomo for analytics, and employs CookieInformation for consent management, indicating a mature digital infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, supported by modern web technologies and performance optimizations such as lazy loading and asynchronous script loading. From a security perspective, the website enforces HTTPS with strong SSL configurations and implements essential security headers. The presence of a cookie consent mechanism and a comprehensive privacy policy aligns with GDPR compliance requirements. However, explicit security policies and incident response information are not publicly available, representing an area for improvement. Overall, the site exhibits a strong security posture and trustworthy business credibility, with no detected vulnerabilities or suspicious activities. Strategic recommendations include publishing detailed security and incident response policies, implementing a security.txt file for vulnerability disclosures, and enhancing transparency around data protection officer contacts to further strengthen compliance and user trust.

L

Liedon kaupunki

lieto.fi

63

Lieto.fi is the official website of the city of Lieto, Finland, providing comprehensive municipal services information, tourism, cultural events, and administrative resources. The site targets residents and visitors, offering clear navigation to services such as social care, education, urban planning, and leisure activities. The business model is that of a local government entity focused on public service delivery and community engagement. The website reflects a stable market position as a trusted municipal authority with a longstanding domain registration dating back to 1991. Technically, the site is built on WordPress with modern web technologies including Matomo analytics and Google Tag Manager, ensuring good performance, mobile responsiveness, and accessibility. Hosting appears to be managed by Elisa Oyj, a Finnish telecom provider, with reliable DNS infrastructure. The site employs HTTPS with strong SSL configuration and includes a cookie consent mechanism aligned with GDPR requirements. From a security perspective, the website demonstrates good practices such as encrypted connections and privacy-aware analytics. However, it lacks explicit security policy documentation and incident response information, which could be improved to enhance transparency and preparedness. No critical vulnerabilities or suspicious content were detected. The WHOIS data is fully consistent with the website's municipal identity, showing no privacy protection or obfuscation, which supports trustworthiness. Overall, lieto.fi is a professionally maintained government website with solid technical and privacy compliance foundations. Strategic improvements could focus on enhancing security documentation and publishing vulnerability disclosure policies to further strengthen its security posture and public trust.

R

Raision Kaupunki

raisio.fi

63

Raisio.fi is the official website of Raision Kaupunki, the municipal government of Raisio city in Finland. The site provides comprehensive information and services related to housing, environment, city planning, and public events targeted primarily at residents, immigrants, and tourists. The website is built on Drupal 10 and incorporates modern web technologies including Matomo analytics and CookieHub for cookie consent management. The site demonstrates good design quality, clear navigation, and mobile optimization, reflecting a mature digital presence for a local government entity. From a security perspective, the website enforces HTTPS and uses a consent management platform, but lacks DNSSEC and explicit security headers, which are recommended for enhanced security. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with cookie consent mechanisms present but no explicit privacy policy or terms of service pages found in the analyzed content. WHOIS data confirms the domain is legitimately registered to the city of Raisio with consistent registration details and a long domain age, supporting trustworthiness. Overall, Raisio.fi presents a secure and professional municipal website with room for improvement in privacy transparency and DNS security. The site is safe for general audiences and does not contain any adult or questionable content.

S

Service national de la jeunesse

animateur.lu

57

Animateur.lu is an official government portal operated by the Service national de la jeunesse in Luxembourg, targeting current and prospective youth animators. The site provides comprehensive resources including training, certifications, event listings, and material lending to support youth animation activities. It holds a strong market position as a trusted government resource with consistent branding and clear navigation. Technically, the website is built on WordPress with a modern stack including WooCommerce for e-commerce capabilities, Contact Form 7 for forms, and Complianz for GDPR compliance. The site uses Matomo analytics hosted on its own server, enhancing privacy compliance. Security posture is good with HTTPS enforced and cookie consent implemented, though security headers could be improved. Overall, the website is professional, accessible, and trustworthy, serving its audience effectively.

B

Base1

base1.lu

52

Base1 is a youth-focused makerspace and creativity hub based in Luxembourg, offering open access to a makerspace, workshops, and events for young people aged 8 to 30. The organization supports a wide range of creative projects including drone building, coding, video production, and more, fostering innovation and learning in a community environment. The website is multilingual, primarily in French, and integrates modern web technologies with WordPress CMS and various plugins for multilingual support, forms, and cookie management. Security posture is adequate with HTTPS and cookie consent mechanisms, but lacks published privacy and security policies. The domain registration aligns well with the organization's Luxembourg location and youth focus, indicating legitimacy. Overall, the site is professional, user-friendly, and trustworthy, though improvements in privacy compliance and security transparency are recommended.

B

BEE SECURE

bee-secure.lu

57

BEE SECURE is a government-backed digital safety awareness platform based in Luxembourg, focused on educating children, youth, parents, and educators about responsible and safe use of digital technologies. The platform offers a variety of services including awareness campaigns, a helpline, a stopline for reporting illegal content, educational resources, and youth consultations. It is co-financed by the European Union and operated in partnership with national agencies such as the police and justice departments. The website is professionally designed, content-rich, and well-structured primarily in French, targeting a broad audience concerned with digital safety. Technically, the website is built on WordPress, utilizing modern web technologies such as jQuery and FontAwesome, and employs Matomo analytics hosted locally in Luxembourg to ensure privacy compliance. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although there is room for improvement in publishing explicit security policies and incident response information. From a security perspective, no critical vulnerabilities or exposed sensitive data were detected. The use of Matomo analytics with local hosting aligns with GDPR compliance. However, the absence of WHOIS data due to a malformed query reduces domain transparency and trust from a registration standpoint. Overall, the platform appears legitimate and trustworthy based on content and government affiliations. Strategically, BEE SECURE should focus on enhancing domain registration transparency, publishing security and incident response policies, and maintaining rigorous audits of third-party scripts to sustain and improve its security posture and user trust.

Maison Eisenborn is a government-affiliated non-profit organization providing accommodation and support services to young adults involved in international mobility programs in Luxembourg. The website is professionally designed using WordPress and integrates standard technologies such as jQuery, Ninja Forms, and Google Maps API. The site includes a comprehensive application form collecting detailed personal and financial information, indicating a structured approach to service delivery. Security posture is adequate with HTTPS and cookie consent mechanisms, though improvements in security headers and explicit privacy policies are recommended. Overall, the domain registration and website content are consistent and trustworthy, reflecting a legitimate government service.

S

S-Team

s-team.lu

55

S-Team is a government-backed non-profit initiative based in Luxembourg focused on preventing violence among youth in schools and educational institutions. The project engages young people to lead prevention activities and peer mediation, supported by national youth services and partner organizations. The website is well-structured, professionally designed, and provides clear information about the project, partners, and contact details. Technically, it is built on WordPress with modern libraries and frameworks, including Bootstrap and jQuery, and integrates Google reCAPTCHA and Matomo analytics with GDPR-compliant cookie consent mechanisms. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. WHOIS data is unavailable, limiting domain legitimacy assessment, but the presence of government logos and partner sites supports trustworthiness. Overall, the site is a credible, safe, and well-maintained platform for its intended audience.

S

Service national de la jeunesse

echwellechkann.lu

61

The website echwellechkann.lu is an official Luxembourg government youth engagement platform managed by the Service national de la jeunesse. It provides a portal for young people to discover activities, engagement offers, and projects to organize their free time. The platform is positioned as a trusted government resource with clear contact information and official branding. Technically, the site is built on WordPress with modern plugins and uses Matomo analytics for privacy-conscious tracking. The site is well-structured, mobile-optimized, and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced and no exposed sensitive data, but lacks advanced security headers and published security policies. Privacy compliance is partial due to the absence of a dedicated privacy policy page, though cookie consent is implemented. Overall, the site is trustworthy, safe, and professionally maintained, serving its government and youth audience effectively.

Z

Zentrum Fünfbrunnen / Centre Cinqfontaines

cinqfontaines.lu

58

The website cinqfontaines.lu represents a Luxembourg government-operated educational and memorial center focused on Holocaust remembrance, antisemitism, racism, democracy, and human rights education. The site serves children, youth, educators, and the general public interested in historical and human rights topics. It is managed by the Luxembourg government and related youth and political education services, positioning itself as a niche cultural and educational institution. The content is well-structured, multilingual, and professionally presented with clear navigation and consistent branding. Technically, the website is built on WordPress 6.8.1 with jQuery, Google Maps API, and Font Awesome. It uses Matomo for analytics and implements a cookie consent mechanism compliant with GDPR principles. The site is hosted likely on Luxembourg infrastructure, uses HTTPS with excellent SSL configuration, and shows moderate performance and good mobile optimization. However, some security best practices such as security headers are missing. From a security perspective, the site enforces HTTPS, uses cookie consent, and does not expose sensitive data. No vulnerabilities or WAF blocking were detected. Privacy compliance is partial due to the absence of an explicit privacy policy page and terms of service. Contact information is available but lacks email addresses and security incident contacts. Overall, the website is trustworthy, professional, and serves its educational and memorial purpose effectively. Strategic improvements include publishing a privacy policy and terms of service, adding security headers, and providing incident response contact information to enhance security posture and compliance.

B

BookAthon

bookathon.lu

62

BookAthon is a youth-focused creative initiative based in Luxembourg, organizing 24-hour hackathons where young participants aged 14 to 27 collaboratively create children's books for ages 0 to 4. Supported by professional authors, illustrators, and graphic designers, the event fosters creativity and cultural engagement among youth. The website is professionally designed using WordPress and integrates modern technologies such as Gravity Forms for data collection, Yoast SEO for optimization, and Complianz for GDPR-compliant cookie management. Analytics are handled via Matomo, ensuring privacy-conscious tracking. Security posture is strong with HTTPS enforced and anti-spam measures in place, though explicit security headers could be improved. The site complies with GDPR and provides clear privacy and cookie policies. Contact information is transparent, including a contact email and physical address linked to the Service national de la jeunesse (SNJ). Overall, BookAthon presents a trustworthy, well-managed digital presence aligned with its educational and cultural mission.

S

Syndicat Intercommunal de Gestion Informatique

sigi.lu

59

The Syndicat Intercommunal de Gestion Informatique (SIGI) is a government IT syndicate based in Luxembourg that provides IT solutions and support services to local municipalities. The website presents a professional image with clear navigation, comprehensive privacy and cookie policies, and a focus on supporting Luxembourg communes in their missions. Technically, the site is built on WordPress using the Divi theme and incorporates modern plugins such as the Modern Events Calendar and Matomo for analytics, indicating a moderate level of digital maturity. Security posture is generally good with HTTPS enforced and cookie consent mechanisms in place, though the absence of explicit security policies and incident response contacts suggests room for improvement. The lack of WHOIS data transparency limits the ability to fully verify domain legitimacy, but the website content and structure align with a credible public sector entity. Overall, the site is well-maintained, GDPR compliant, and serves its target audience effectively.

T

Turun seudun joukkoliikenne

foli.fi

52

Turun seudun joukkoliikenne (Föli) operates as the primary public transportation provider in the Turku region, Finland. The website serves as a comprehensive portal for bus schedules, route planning, ticketing, and real-time transit updates, targeting residents and visitors of the region. Föli maintains a strong market position as a regional transit authority, supported by partnerships with seven municipalities. The business model is public service oriented, focusing on accessibility and user convenience.

H

Hämeenlinna

hameenlinna.fi

68

Hämeenlinna's official website serves as a comprehensive digital portal for the city, providing extensive information and services related to housing, education, wellbeing, culture, tourism, and economic development. The site targets residents, visitors, and businesses, positioning itself as a trusted municipal resource. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and Cookiebot, ensuring good SEO and privacy compliance mechanisms. The use of Matomo and Google Analytics indicates a mature approach to user analytics, although privacy policy documentation is lacking. Security posture is strong with HTTPS and cookie consent, but could be improved with additional security headers and published policies. Overall, the site is professional, well-branded, and trustworthy, reflecting the city's stature and commitment to digital service delivery.

K

Kuopio

kuopio.fi

68

Kuopio.fi is the official website of the city of Kuopio, Finland, serving as a comprehensive portal for municipal information, public services, and community engagement. The site targets residents, visitors, and local businesses, providing access to city news, events, and administrative resources. The website positions itself as a trusted government authority with a focus on transparency and accessibility. Technically, the site is built on WordPress CMS, utilizing modern web technologies including jQuery, Matomo analytics for privacy-conscious user tracking, and Cookiebot for GDPR-compliant cookie consent management. The infrastructure supports good mobile optimization and accessibility standards, ensuring a positive user experience across devices. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms that respect user privacy. While explicit security headers are not fully evident, no critical vulnerabilities or exposed sensitive data were detected. The domain registration aligns well with the municipal identity, reinforcing trustworthiness. Overall, Kuopio.fi demonstrates a solid digital maturity with good content quality, privacy compliance, and security posture. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and improving visible contact information to further strengthen user trust and compliance.

U

Udruga Prijatelji životinja

prijatelji-zivotinja.hr

46

Udruga Prijatelji životinja is a well-established Croatian non-profit organization founded in 2001, dedicated to promoting animal rights, vegetarianism, and veganism. The website serves as a comprehensive platform for advocacy, education, event promotion, and community engagement, targeting environmentally and ethically conscious individuals. Their market position is strong within the Croatian and regional animal rights community, supported by memberships in European and international organizations. Technically, the website uses a custom or unknown CMS with a traditional tech stack including HTML, CSS, JavaScript, and jQuery, supplemented by Matomo analytics for privacy-conscious tracking. While the site is functional and moderately optimized, some outdated libraries present potential security risks. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professional, with clear contact information and active social media presence.

L

Liikenne- ja viestintävirasto Traficom

kyberturvallisuuskeskus.fi

72

Kyberturvallisuuskeskus, operated by the Finnish Transport and Communications Agency Traficom, is a government cybersecurity center focused on developing and overseeing the operational reliability and security of communication networks and services in Finland. It provides cybersecurity situational awareness, vulnerability disclosures, and guidance to both individuals and organizations. The website is well-maintained, professionally designed, and regularly updated with relevant cybersecurity news and alerts. The organization holds a strong market position as the national authority for cybersecurity under the Finnish government. Technically, the website leverages modern web technologies including React and Apollo GraphQL, with performance optimizations and mobile responsiveness. It uses Matomo for analytics, ensuring privacy compliance with GDPR. The domain is secured with HTTPS and DNSSEC, and the WHOIS data confirms the domain is registered to the official government agency, reinforcing trust and legitimacy. Security posture is robust with no detected vulnerabilities or exposed sensitive data. The site provides comprehensive privacy and cookie policies with user consent mechanisms. However, explicit security headers could be more visible, and a security.txt file for vulnerability reporting is recommended. Overall, the site demonstrates a mature security culture and strong compliance with regulatory requirements. The risk assessment indicates a low risk profile with strong trust indicators. Strategic recommendations include enhancing security header implementation, publishing a security.txt file, and continuous monitoring of third-party scripts. These measures will further strengthen the site's security and trustworthiness.

T

Trapeze Finland Oy

junalahdot.fi

54

The website junalahdot.fi is an official Finnish transportation information service operated by Trapeze Finland Oy under the Fintraffic brand. It provides real-time train departure and arrival schedules for all passenger train stations in Finland, leveraging live train movement data. The site targets the general public and train passengers, offering a user-friendly interface with search and favorites functionality. The domain registration and WHOIS data are consistent with the business identity and location, indicating legitimacy and stability. Technically, the website uses a modern tech stack including Bootstrap, FontAwesome, OpenLayers, and jQuery, with Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized and designed with good usability and navigation clarity. However, some security best practices such as security headers are not visibly implemented, representing an area for improvement. The site enforces HTTPS and does not expose sensitive data, contributing to a solid security posture. From a security and compliance perspective, the site includes a comprehensive privacy policy consistent with GDPR requirements and a cookie consent mechanism. No explicit incident response or vulnerability disclosure policies are found on the site, which could be enhanced to improve transparency and security readiness. No critical vulnerabilities or suspicious patterns were detected. Overall, junalahdot.fi is a trustworthy, well-maintained public service website with good technical and business credibility. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and maintaining transparency in data protection practices to further strengthen trust and compliance.

J

Jarrett & Lam

jandl.digital

69

J&L Digital is a UK-based IT services and software development company founded in 2023, offering a broad range of digital solutions including website development, software systems, IT services, app development, and VoIP telephone systems. The company targets businesses seeking tailored IT and digital solutions and operates with a professional and consistent brand presence. Their market position is that of a small but globally oriented technology service provider with regional offices in Europe, Asia, and Australia. Technically, the website employs modern web standards with HTML5, CSS3, and JavaScript, integrating Matomo and Google Tag Manager for analytics. Hosting and DNS services leverage Cloudflare and IONOS SE, ensuring good performance and security. The site is mobile optimized and SEO friendly, with a cookie consent mechanism that supports GDPR compliance. From a security perspective, the website uses HTTPS with a strong SSL configuration and displays a Cyber Essentials certification badge, indicating adherence to recognized UK security standards. However, DNSSEC is not enabled, and no explicit security policy or incident response contact information is published. The domain registration is privacy protected but consistent with the business's UK location and recent founding date, supporting legitimacy. Overall, the website is professional, secure, and compliant with privacy regulations, with minor recommendations to enhance DNS security and publish security policies. The risk level is low, and the company demonstrates a solid foundation for trust and digital maturity.

The website liesen.lu is an official educational platform managed by SCRIPT, a Luxembourg government entity focused on reading initiatives in primary schools. It serves as an information hub providing catalogs, reading projects, pedagogical materials, and related educational content targeted at educators and schools in Luxembourg. The site is well-branded with government logos and maintains a consistent educational focus. Technically, the site is built on Drupal 9 CMS, leveraging modern frontend libraries such as Font Awesome and jQuery. It employs tarteaucitron.js for cookie consent management and uses Matomo for privacy-conscious analytics. The hosting appears to be managed by Restena Foundation, a known Luxembourg educational network provider. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks visible security headers and explicit public security policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's government and educational nature, indicating legitimacy and trustworthiness. Overall, the site presents a low-risk profile with good privacy compliance and business credibility. Strategic improvements could include adding explicit security headers, publishing security policies, and enhancing incident response transparency.

S

Service national de la jeunesse

snj.lu

51

The Service national de la jeunesse (SNJ) is a Luxembourg government entity dedicated to youth development and support. It operates multiple youth centers and programs aimed at fostering responsible citizenship and active participation among young people. The website reflects a well-established governmental service with a clear mission and target audience of youth and youth sector actors. The digital infrastructure is based on WordPress with modern compliance features such as GDPR cookie consent and Matomo analytics hosted locally, indicating a mature digital presence. Security posture is good with HTTPS and privacy mechanisms, though some security headers and formal policies could be improved. The absence of WHOIS data limits domain trust assessment, but the official branding and contact information support legitimacy. Overall, the site is professional, trustworthy, and well-aligned with its public service role.

S

Service de médiation scolaire

mediationscolaire.lu

63

The website mediationscolaire.lu represents the official Service de médiation scolaire, a government entity in Luxembourg dedicated to supporting parents, students, and school personnel in resolving conflicts within the educational system. The service operates independently within the Ministry of National Education and targets the Luxembourg community with mediation services related to primary and secondary education. The site is professionally designed with clear navigation, multilingual support, and accessibility features, reflecting a strong commitment to user experience and inclusivity. Technically, the website is built on WordPress 6.7.1, utilizing Bootstrap for responsive design, jQuery, and Matomo for analytics. It employs GDPR-compliant cookie consent mechanisms and demonstrates good mobile optimization and SEO practices. The hosting provider is not explicitly identified, but the site uses HTTPS with excellent SSL configuration, ensuring secure data transmission. From a security perspective, the site enforces HTTPS and cookie consent but lacks explicit security headers and a published security or incident response policy. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the website's government affiliation and Luxembourg location, supporting the site's legitimacy. Overall, mediationscolaire.lu is a trustworthy, well-maintained government service website with strong privacy compliance and good technical implementation. Strategic improvements include adding security headers, publishing a security policy, and providing incident response contact information to enhance security posture and user trust.

L

Liikenne- ja viestintävirasto Traficom

traficom.fi

76

Liikenne- ja viestintävirasto Traficom is the Finnish government agency responsible for ensuring smooth, safe, and sustainable transport and communication services. The agency also promotes national cybersecurity and acts as a licensing, registry, and supervisory authority. The website reflects a mature digital presence with comprehensive content tailored to Finnish residents and businesses involved in transportation and communications. It offers regulatory information, news, and access to various services. Technically, the website employs modern web technologies including React and Apollo GraphQL, with a focus on performance, accessibility, and SEO. The presence of HTTPS, DNSSEC, and Matomo analytics indicates a strong commitment to security and privacy. The site is mobile-optimized and well-structured, providing a professional user experience. Security posture is robust with no evident vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear cookie and privacy policies, including consent mechanisms aligned with GDPR. Incident response and vulnerability disclosure channels are available, though explicit security policies could be enhanced. Overall, the website is trustworthy, professionally maintained, and aligns well with the official government identity. Strategic recommendations include publishing detailed security policies, implementing security.txt, and enhancing visible security headers to further strengthen trust and compliance.

S

Suomen Tietotoimisto Oy

stt.fi

51

Suomen Tietotoimisto Oy (STT) is a historically significant Finnish news agency, established in 1887, providing comprehensive news, image, and communication services. The company holds a strong market position as one of Finland's leading and most trusted media organizations, serving a broad audience including media houses, organizations, and the general public. Their digital presence is professional, with a well-structured website offering multilingual support and extensive content. Technically, the site leverages modern technologies such as WordPress, Google Tag Manager, and Matomo Analytics, ensuring good performance and SEO optimization. Security measures include HTTPS, reCAPTCHA, and cookie consent management, though there is room for improvement in DNSSEC and explicit security policies. Overall, STT demonstrates a mature digital infrastructure and a strong commitment to privacy compliance, making it a credible and trustworthy media entity.

Å

Ålandstrafiken

alandstrafiken.ax

70

Ålandstrafiken is a regional transportation company operating ferry and bus services in the Åland Islands, Finland. The website serves as an informational portal for residents and visitors seeking public transport options. The company appears to be a medium-sized essential entity within the transportation sector, with a clear focus on regional mobility services. The website is built on Drupal 10 and integrates modern technologies such as Matomo for analytics and CookieYes for cookie consent management, reflecting a moderate level of digital maturity. Accessibility is enhanced through the BrowseAloud tool, indicating attention to inclusive design. Security posture is solid with HTTPS enforced and standard security headers present, although explicit privacy and security policies are missing. Overall, the site is professional and trustworthy but could improve transparency and compliance documentation.

B

BCE

bce.lu

54

BCE is a professional media and digital solutions provider targeting businesses and institutions worldwide. The company offers innovative services across media, sports, fashion, and business sectors, positioning itself as a key player in digital expertise and seamless service integration. The website reflects a medium-sized enterprise with a consistent brand presence and good content quality. Technically, the site is built on WordPress with modern JavaScript libraries and integrates privacy-conscious analytics and marketing tools such as Matomo and HubSpot. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and published security policies are absent. The lack of WHOIS data limits domain trust assessment, but the website's professional presentation and privacy compliance indicate legitimacy. Overall, BCE demonstrates a mature digital presence with room for improvement in security transparency and contact availability.

L

Luxembourg House of Cybersecurity

lhc.lu

71

Luxembourg House of Cybersecurity (LHC) serves as the central hub for cybersecurity resilience in Luxembourg, hosting key national centers such as CIRCL and NC3. The organization focuses on fostering innovation, collaboration, and capacity building in cybersecurity through various services including acceleration programs, community meet-ups, and standards development. The website reflects a professional and government-aligned entity with a clear mission to enhance Luxembourg's cybersecurity posture. Technically, the website employs modern web technologies including React, Bootstrap, and Leaflet, with privacy-conscious analytics via Matomo. The site is hosted on Luxembourg-based infrastructure (Restena) and demonstrates good mobile optimization and user experience. However, some technical improvements are recommended, such as implementing security headers and cookie consent mechanisms. From a security perspective, the site uses HTTPS and avoids exposing sensitive data, but lacks explicit security headers and a published security policy. Incident response is facilitated through links to CIRCL's reporting portal. Privacy compliance is partial, with a privacy policy available but no cookie consent banner. Overall, the site presents a strong security posture appropriate for a government-related cybersecurity entity. The overall risk is low, with recommendations focusing on enhancing privacy compliance, security headers, and accessibility to further strengthen trust and regulatory adherence.

L

LU-CIX

lu-cix.lu

60

LU-CIX is a Luxembourg-based Internet Exchange Point founded in 2009, providing open and neutral peering and connectivity services to networks and content providers in Luxembourg and Europe. The organization operates as a non-profit entity, focusing on interconnecting critical networks in a secure and trusted environment. Their key services include public peering, route servers, blackholing, partner IX peering, and VoIP-X services, positioning them as a central telecommunications infrastructure player in Luxembourg. Technically, the website is built on WordPress CMS with modern JavaScript libraries such as jQuery and Owl Carousel, and uses Matomo for privacy-conscious analytics. The site is mobile-optimized with good SEO practices and moderate performance. Security-wise, the site enforces HTTPS and uses secure form submission techniques but lacks some security headers and a cookie consent mechanism, which are recommended for enhanced security and compliance. The security posture is solid but could be improved by adding explicit security policies, incident response contacts, and cookie consent to align better with GDPR requirements. The absence of WHOIS data limits domain trust verification, but the website content and business presence indicate a legitimate and professional operation. Overall, LU-CIX presents a trustworthy and professional digital presence with room for security and privacy enhancements to strengthen compliance and user trust.

E

European Prison Litigation Network

prisonlitigation.org

63

The European Prison Litigation Network (EPLN) is a specialized non-profit organization dedicated to defending and advancing prisoners’ fundamental rights across Europe. It operates as a network of around 30 civil society organizations and bar associations, focusing on legal advocacy, research, and policy engagement to improve prison conditions and reduce incarceration. The website reflects a professional and well-structured digital presence, supporting multiple languages and providing comprehensive legal resources and publications. Technically, the site is built on WordPress with modern JavaScript libraries and includes GDPR-compliant cookie consent mechanisms. Security posture is generally strong with HTTPS enforced and no visible vulnerabilities, though the absence of explicit security headers and WHOIS transparency are minor concerns. Overall, EPLN presents a credible and trustworthy online presence aligned with its advocacy mission.

E

EPICUR Alliance

epicur.education

56

EPICUR Alliance is a consortium of nine European higher education institutions collaborating to provide innovative educational programs, research initiatives, and regional ecosystem engagement. The website serves as a multilingual portal offering information on educational offers, research projects, events, and partner universities. The technical infrastructure is based on WordPress with modern web technologies including Bootstrap, jQuery, and Matomo analytics, ensuring a responsive and user-friendly experience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although additional security headers could enhance protection. Privacy compliance is well addressed with GDPR-aligned policies and consent banners. Overall, the website reflects a professional and trustworthy educational alliance with a strong digital presence.

L

Luxchat

luxchat.lu

57

Luxchat is a Luxembourg-based secure instant messaging platform designed for the general public, businesses, and public sector agents via its Luxchat4Gov variant. It offers end-to-end encrypted communication, including text, voice, video, file sharing, and location sharing. The service is free, ad-free, and respects user privacy, supported by a consortium of private companies and government entities. The website is professionally designed, mobile-optimized, and uses WordPress with Elementor and Matomo analytics configured for privacy. However, the absence of WHOIS data reduces transparency and trust somewhat. No cookie consent mechanism or explicit security policy pages were found, which are areas for improvement.

F

Fintraffic

digitraffic.fi

56

Digitraffic is a Finnish public service platform operated by Fintraffic that provides real-time open data and APIs for road, railway, and marine traffic in Finland. It serves developers, transport operators, and public sector entities by offering comprehensive traffic data sourced from Fintraffic's own data collection systems. The website is professionally designed with consistent branding and clear navigation, supporting both Finnish and English languages. Technically, the site uses modern JavaScript frameworks and includes privacy-compliant cookie consent mechanisms. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Overall, Digitraffic presents a trustworthy and reliable service for open traffic data in Finland.

The website www.emsw.fi serves as the Finnish Maritime Single Window platform, a government-operated national information system for maritime traffic notifications, launching in 2026. It replaces the previous Portnet service and targets maritime industry stakeholders and government agencies. The site demonstrates a solid market position as the authoritative national platform for maritime data management in Finland. Technically, the site uses modern frameworks such as Next.js and React, hosted on AWS and Azure, with integrated analytics tools like Matomo and Piwik Pro, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and detailed cookie consent mechanisms, though explicit security headers and incident response policies are not publicly documented. Overall, the site is professional, compliant with GDPR, and trustworthy, with recommendations to enhance security transparency and incident response readiness.

L

Lounaistieto

lounaistieto.fi

63

Lounaistieto.fi is a regional government information service portal for Southwest Finland, providing localized data and resources to residents and stakeholders. The website is positioned as a trusted public sector resource, offering regional information in Finnish with multilingual support. The business model is focused on public service and information dissemination, targeting local citizens and organizations. Technically, the site is built on WordPress CMS, utilizing various plugins such as Matomo for analytics and CookieHub for cookie consent management. The infrastructure supports modern web technologies including React and Google Maps API, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and cookie consent implemented; however, there is room for improvement in security headers and explicit policy disclosures. Overall, the site is accessible, professionally designed, and trustworthy, though it lacks visible privacy and terms of service policies. Strategic recommendations include publishing comprehensive privacy and security policies, enhancing security headers, and improving accessibility features to strengthen compliance and user trust.

E

ELY-keskusten sekä TE-toimistojen kehittämis- ja hallintokeskus (KEHA-keskus)

tyomarkkinatori.fi

73

Työmarkkinatori is a Finnish government-operated platform established in 2016, serving as a meeting place for jobs and job seekers. It is managed by the ELY Centres and TE Offices development and administration center (KEHA-keskus), reflecting its official government status. The platform targets individual customers in Finland, providing employment services and labor market information. The website is professionally designed with good content quality and consistent branding, supporting its role as a trusted government service. Technically, the website uses modern JavaScript technologies, including React components and Cookiebot for cookie consent management. Matomo analytics is employed for user tracking with consent mechanisms in place, indicating a moderate level of digital maturity. Hosting and domain registration are managed by Finnish government ICT services, ensuring reliable infrastructure. Mobile optimization and accessibility are rated good, though SEO optimization is basic. From a security perspective, the site uses HTTPS and cookie consent with blocking mode, but lacks visible security headers and published security policies or incident response contacts. No vulnerabilities or suspicious patterns were detected in the provided data. Privacy compliance is partial due to the absence of a clear privacy policy and terms of service pages. Overall, Työmarkkinatori presents a high legitimacy and trustworthiness profile as a government service platform. Strategic recommendations include publishing comprehensive privacy and terms of service policies, enhancing security headers, and improving privacy compliance documentation to strengthen user trust and regulatory adherence.

C

CYBERSECURITY Luxembourg

cybersecurity.lu

68

CYBERSECURITY Luxembourg operates as the national cybersecurity portal for Luxembourg, providing a centralized platform for cybersecurity news, ecosystem engagement, events, educational resources, and community support. The portal targets a broad audience including cybersecurity professionals, public institutions, private companies, startups, and the general public interested in cybersecurity within Luxembourg. It is positioned as a government-affiliated authoritative source, promoting collaboration and awareness in the national cybersecurity ecosystem. Technically, the website is built using modern web technologies such as React, Bootstrap, and Leaflet.js, with Font Awesome icons and Matomo analytics integrated for tracking. The site demonstrates good mobile optimization and user experience, with clear navigation and professional design. Performance is moderate, and accessibility features are basic but present. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and does not provide visible privacy or cookie policies, nor incident response or vulnerability disclosure information. Matomo analytics is used without a visible cookie consent mechanism, indicating partial privacy compliance. The WHOIS data shows consistent domain registration aligned with the website's government and cybersecurity focus, supporting legitimacy. Overall, the website is a credible and professional government portal with good content and technical implementation but requires improvements in privacy compliance, security headers, and transparency regarding incident response and vulnerability disclosure to enhance trust and security posture.

C

Cour grand-ducale de Luxembourg

monarchie.lu

52

The website monarchie.lu is the official online presence of the Grand-Ducal Court of Luxembourg, providing authoritative information about the Grand-Ducal family, the constitutional monarchy, and related governmental activities. It serves as a key communication channel for citizens and interested parties, offering news, official reports, and educational content including a dedicated kids subdomain. The site is well-positioned as a trusted government resource with consistent branding and multilingual support. Technically, the site is built on Drupal 10, leveraging modern web technologies and includes accessibility features and mobile optimization. It uses Matomo analytics with privacy-conscious configurations. Hosting is managed via Luxembourg government infrastructure, ensuring alignment with the official nature of the content. Performance is moderate with good SEO and metadata implementation. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms. However, it lacks explicit security headers, a published security policy, or vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is good with GDPR considerations evident in cookie management and privacy policy presence. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance suitable for a government entity. Strategic improvements in security transparency and incident response communication would further enhance its posture.

I

Ilmatieteen laitos

weatherproof.fi

64

Ilmatieteen laitos is the Finnish Meteorological Institute, a government agency providing authoritative weather forecasts, meteorological data, and related services primarily for Finland. The website serves a broad audience including the general public, meteorological professionals, and government agencies. It offers comprehensive weather information, mobile applications, warnings, and meteorological news, positioning itself as the national leader in meteorological services. The digital infrastructure is modern, leveraging Nuxt.js and Vue.js frameworks, with mobile-optimized responsive design and integration with official app stores. Security posture is strong with HTTPS, security headers, and privacy-compliant cookie consent mechanisms, although explicit security and incident response policies are not publicly detailed. Overall, the website is professional, trustworthy, and well-maintained, reflecting the organization's authoritative status.

L

Luonnonvarakeskus (Luke)

luke.fi

63

Luonnonvarakeskus (Luke) is a Finnish government research and expert organization focused on building wellbeing and a sustainable future through renewable natural resources. The website serves as a comprehensive portal offering research, expert services, statistics, policy recommendations, and publications targeted at researchers, policymakers, and stakeholders in the bioeconomy and environmental sectors. The site is built on Drupal 10, employs modern web technologies, and integrates privacy-compliant analytics and cookie consent mechanisms. Security posture is strong with HTTPS and security headers in place, though explicit security policies and incident response information are not prominently published. Overall, the website reflects a mature digital presence consistent with a large government entity, providing trustworthy and professional content.

F

Fintraffic

tmfg.fi

76

Fintraffic is a Finnish public service organization specializing in traffic management and safety across all transportation modes. The website reflects a mature digital presence with a modern Drupal 10 CMS infrastructure, integrated with advanced cookie consent management and analytics tools such as Matomo and Piwik Pro. The site demonstrates strong compliance with GDPR and privacy regulations, providing detailed cookie policies and user consent mechanisms. Security posture is robust with HTTPS enforcement and multiple security headers, though explicit security and incident response policies are not publicly detailed. Overall, the website is professional, trustworthy, and well-optimized for user experience and accessibility.

ELY-keskus is a Finnish government agency focused on regional development, business support, transport, and environmental services. The website serves as an official portal providing information and services to Finnish residents and businesses. The site is built on a modern technical infrastructure using Liferay CMS and React, with integrated analytics via Matomo and cookie consent managed by Cookiebot. The digital maturity is moderate to high, with good mobile optimization and SEO practices. Security posture is strong, with HTTPS enforced and security headers implied by the CMS configuration. Privacy compliance is robust, featuring comprehensive GDPR-aligned privacy and cookie policies. Overall, the website reflects a professional and trustworthy government entity with no critical security or content issues detected.