Security Directory

A

Avoy Technologies Ltd.

snapsea.io

65

SnapSea, operated by Avoy Technologies Ltd., is a specialized visual marketing platform tailored for the travel and tourism industry. It offers comprehensive solutions including user-generated content acquisition, digital asset management, embeddable galleries, and media centers. The platform is trusted by numerous top European destinations and tourism boards, positioning it as a leading SaaS provider in this niche market. The business model revolves around subscription and contract-based licensing, targeting tourism boards, local authorities, and hospitality groups. Technically, SnapSea employs a modern technology stack centered on Next.js and React, hosted on DigitalOcean with integrated third-party analytics and marketing tools such as Google Analytics, Hotjar, FullStory, and Bing UET. The website demonstrates excellent design quality, mobile optimization, and SEO practices, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, implements standard security headers, and uses a robust cookie consent mechanism compliant with GDPR. However, there is a lack of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. Overall, SnapSea presents a professional, secure, and privacy-conscious platform with strong market credibility. The absence of WHOIS data limits domain registration trust analysis, but the website's quality and client base support its legitimacy. Strategic improvements in security transparency and contactability would further strengthen its posture.

H

Hochschule für Musik und Theater Rostock

hmt-rostock.de

56

The Hochschule für Musik und Theater Rostock is a regional higher education institution specializing in music, theater, teacher training, and musicology. It plays a significant cultural role in Rostock and the surrounding region by offering diverse educational programs and hosting cultural events. The website reflects a professional and well-structured digital presence, leveraging TYPO3 CMS and modern JavaScript libraries to deliver a responsive and accessible user experience. The institution maintains active engagement through social media channels and provides comprehensive contact information and privacy policies, supporting trust and transparency. Security posture is solid with HTTPS enforced and obfuscated emails, though improvements can be made by implementing cookie consent mechanisms and security headers. Overall, the website and domain registration data align well, indicating a legitimate and credible educational entity.

U

Universität Greifswald

uni-greifswald.de

59

Universität Greifswald is a historic and research-intensive public university in Germany, founded in 1456. It offers a wide range of academic programs and research initiatives, targeting students, researchers, and international partners. The website is professionally designed, content-rich, and well-structured, reflecting the institution's academic stature and community engagement. Technically, the site uses TYPO3 CMS with modern JavaScript libraries, ensuring good performance and mobile optimization. Security posture is strong with HTTPS and DNSSEC, though some security headers could be improved. Privacy compliance is robust with clear policies and consent mechanisms. Overall, the domain and website present a trustworthy and credible digital presence for the university.

The website fh-guestrow.de currently serves only a 404 Not Found error page with minimal HTML content and no business or security-related information. The domain is registered and active with netcup name servers, but the website itself is inaccessible and lacks any meaningful content or metadata. There are no privacy, cookie, or terms of service policies, no contact information, and no visible security measures such as HTTPS or security headers. This indicates either a misconfigured or inactive website. From a technical perspective, the site does not utilize any detectable frameworks, CMS, or analytics tools. The hosting provider is netcup, but no further infrastructure details are available. The lack of content and metadata results in poor SEO, accessibility, and user experience. Security posture is minimal with no evidence of HTTPS or security best practices. The WHOIS data shows a consistent domain registration with no privacy protection, but the lack of website content reduces the domain's trustworthiness. No suspicious patterns were detected in the WHOIS data. Overall, the site presents a high risk due to its inaccessibility and lack of transparency. Strategic recommendations include fixing the 404 error to restore website accessibility, implementing HTTPS with proper SSL certificates, adding privacy and cookie policies to comply with GDPR, providing clear contact and business information, and adopting security best practices such as security headers and incident response contacts.

S

State Portal Mecklenburg-Vorpommern

sea-your-future.de

49

The website www.sea-your-future.de serves as an official educational portal promoting university studies in Mecklenburg-Vorpommern, Germany. It is operated by the State Portal Mecklenburg-Vorpommern and targets prospective students, especially international ones, offering comprehensive information about study programs, universities, and regional advantages. The portal integrates official university partners and provides resources such as study course search and news about academic prizes. Technically, the site is built on TYPO3 CMS with modern web technologies including jQuery, Typekit fonts, and embedded video content. It features a cookie consent mechanism compliant with GDPR and uses email obfuscation techniques to protect contact information. Security posture is moderate with HTTPS usage and cookie consent but lacks visible security headers and explicit security policies. Overall, the site is professional, trustworthy, and well-structured, with good content quality and user experience.

The website drohnenführerschein.eu represents seabirds.de GmbH, a German company specializing in drone pilot training and certification recognized by the Luftfahrt-Bundesamt. The company offers a range of educational services including theoretical and practical courses, official EU drone pilot license preparation, and consulting for drone operations. The site is professionally designed with clear navigation and relevant content targeting both private individuals and businesses interested in drone operation compliance and training. Technically, the site uses established libraries such as jQuery, Bootstrap, and integrates Google Analytics and Facebook SDK for tracking. Security posture is moderate with HTTPS implied but lacks explicit security headers and advanced form protections. Privacy compliance is basic with cookie consent and privacy policy present but no detailed security or incident response policies are found. Overall, the site is trustworthy and legitimate with clear business contact information and official certifications.

T

The Dutch Selection B.V.

thedutchselection.com

56

The Dutch Selection B.V. is a technology-focused company specializing in helping businesses transform into data-driven organizations. Their website presents a professional image with clear messaging about their services and a focus on data consultancy and business transformation. The company targets businesses seeking to leverage data for growth and operational improvement. The website is built on a modern technology stack including Ruby on Rails, Bootstrap, and Hotwired Turbo, indicating a mature digital infrastructure. Analytics and marketing tools such as Google Analytics, Hotjar, and Mixpanel are integrated to monitor user engagement and improve service delivery. Security posture is moderate with HTTPS enabled and a cookie consent mechanism in place, but lacks explicit security headers and publicly available security policies. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, which impacts overall trustworthiness. Contact information is limited to a contact form without direct emails or phone numbers, which may affect business credibility. Overall, the website is functional, professional, and privacy-conscious but would benefit from enhanced transparency and security disclosures.

W

WhistleOut

whistleout.com

70

WhistleOut is a well-established online platform specializing in the comparison of phone and internet plans, providing consumers in the United States with expert guides, reviews, and news to help them make informed decisions. The website is professionally designed, mobile-optimized, and rich in relevant content, positioning it as a trusted resource in the telecommunications comparison market. Technically, the site employs a modern technology stack including Google Analytics, Google Tag Manager, Crazy Egg, Mouseflow, and Microsoft Application Insights, indicating a mature digital infrastructure focused on user analytics and experience optimization. Security-wise, the site enforces HTTPS, implements multiple security headers, and uses a consent management platform for privacy compliance, though it lacks explicit public security policies or incident response information. The absence of WHOIS registration data reduces transparency but does not detract significantly from the site's legitimacy given its professional presentation and clear affiliate disclosures. Overall, WhistleOut demonstrates a strong digital presence with good security posture and privacy compliance, suitable for its consumer audience.

D

Digital Privacy Corporation

gleam.io

67

Gleam.io is a technology company operating a SaaS platform that enables businesses and marketers to run contests and giveaways to grow their customer base and capture emails. The company, Digital Privacy Corporation, has maintained the domain since 2013, indicating a stable market presence. The website is built using modern web technologies including Framer for site generation and Cloudflare for DNS and hosting, supplemented by multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, and TikTok Pixel. The site is accessible without any WAF or security challenges, and the content is professionally presented with good design and user experience. However, the absence of explicit privacy, cookie, and terms of service policies in the provided content is a notable gap in compliance and transparency.

M

Macworld

macworld.com

63

Macworld is a well-established media brand specializing in news, reviews, and tips related to Apple's product ecosystem. It serves a broad audience of Apple users and technology enthusiasts, providing comprehensive content including articles, podcasts, and deals. The website is owned by Foundry, a parent organization, and maintains consistent branding and high content quality. Technically, the site is built on WordPress with a modern tech stack including advanced advertising and consent management tools. It is optimized for SEO, mobile-friendly, and uses HTTPS with strong security headers. Privacy compliance is robust with clear privacy and cookie policies and active consent mechanisms. However, explicit Terms of Service and security policy pages are not found, and no direct contact information is publicly listed. The WHOIS data is privacy protected, which is justified for a media brand. Overall, the site demonstrates a mature digital presence with good security posture and compliance, suitable for its business model and audience.

D

DCF Verlag GmbH

unternehmerjournal.de

44

UnternehmerJournal is a German online media platform dedicated to the Mittelstand business sector, providing news, interviews, and expert advice tailored for business executives and entrepreneurs. The platform is operated by DCF Verlag GmbH and positions itself as a niche media outlet for the digital German Mittelstand, emphasizing quality content and business insights. Technically, the website is built on WordPress with a modern tech stack including jQuery, Google Tag Manager, and Iubenda for cookie compliance, ensuring a good level of digital maturity and user experience. Security-wise, the site enforces HTTPS and implements cookie consent mechanisms, but lacks explicit security policies and incident response contacts, which could be improved. Overall, the website is professional, trustworthy, and compliant with GDPR, serving its target audience effectively.

D

docleads

docleads.de

51

docleads.de is a German marketing agency specializing in healthcare practice marketing, focusing on acquiring more desired patients for medical practices. The website is built on WordPress, utilizing popular plugins such as Yoast SEO and WP Rocket, indicating a moderate level of technical maturity. The site is HTTPS secured and presents professional design and content tailored to its niche audience. However, the absence of explicit privacy and cookie policies, as well as security headers, suggests room for improvement in compliance and security posture. Overall, the website is functional and trustworthy but would benefit from enhanced privacy and security measures.

K

Kieler Nachrichten

kn-online.de

59

Kieler Nachrichten is a well-established regional news media organization based in Germany, focusing on delivering comprehensive news coverage for Kiel and the surrounding Schleswig-Holstein region. The website offers a broad range of content including politics, sports, culture, and lifestyle, supported by digital services such as e-paper, podcasts, and newsletters. It operates under the umbrella of the RedaktionsNetzwerk Deutschland, indicating a strong partnership network and market presence. Technically, the site leverages modern web technologies including React and implements consent management mechanisms to comply with GDPR requirements. The security posture is solid with HTTPS enforced and standard security practices observed, although explicit security policies and incident response contacts are not publicly available. Overall, the site demonstrates a high level of professionalism and trustworthiness suitable for its audience and business model.

W

wallstreetONLINE

wallstreet-online.de

69

wallstreetONLINE operates a leading German financial and stock market portal offering real-time market data, news, analysis, and a large community platform for investors and finance enthusiasts. The website targets retail investors and market participants in Germany, providing comprehensive tools and content to support informed investment decisions. The platform is well-positioned as Germany's largest financial community with a broad range of services including stock quotes, news, forums, and mobile applications. Technically, the website employs modern web technologies such as Bootstrap, Highstock charts, and integrates privacy management and consent frameworks, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS, integrates consent management, and uses Google Tag Manager with opt-out capabilities, though it lacks explicit security headers and published security policies. Overall, the site demonstrates a strong security posture with room for improvement in transparency and formal security documentation. The domain WHOIS data aligns with the website's business claims, indicating legitimacy and consistency. No blocking or WAF mechanisms were detected, allowing full content access and analysis.

D

Deutscher Ärzteverlag GmbH

aerzteblatt.de

70

Deutscher Ärzteverlag GmbH operates the website Deutsches Ärzteblatt, a leading German medical news and professional journal platform. The site provides current health policy news, medical research updates, and professional information targeting medical professionals and healthcare stakeholders. The business model is primarily media publishing with revenue from subscriptions and advertising. The website is well-positioned in the German healthcare media market with a strong reputation and comprehensive content offerings including ePaper and CME materials. Technically, the website uses modern web technologies including Next.js and React, hosted likely via GoDaddy's domain control services. It integrates advanced consent management tools such as Contentpass and Sourcepoint to ensure GDPR compliance. The site is optimized for performance, mobile responsiveness, and accessibility, providing a high-quality user experience. From a security perspective, the site enforces HTTPS with strong SSL configuration and implements multiple security headers. It uses consent-based tracking and advertising scripts, minimizing privacy risks. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policy and incident response information are not publicly available, representing an area for improvement. Overall, the website demonstrates a mature digital presence with strong compliance and security posture, serving a professional audience with trustworthy content. Strategic recommendations include publishing detailed security policies, establishing incident response contacts, and enhancing transparency around vulnerability disclosures to further strengthen trust and security culture.

I

ID Interactive

id-interactive.fr

56

ID Interactive is a well-established digital agency based in Arradon near Vannes, France, specializing in web design, development, SEO, paid media, and graphic design services. Founded in 2006, the agency serves a diverse clientele including SMEs, startups, institutions, and brands primarily in Brittany and across France. Their business model focuses on delivering tailored digital solutions that enhance client acquisition and brand visibility through innovative web experiences and AI-enhanced SEO strategies. Technically, the website leverages modern frameworks such as React and Next.js, integrates professional CMS (Payload CMS), and employs advanced analytics and marketing tools including Google Tag Manager, Facebook Pixel, and Matomo. The site is well-optimized for performance, mobile responsiveness, and accessibility, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforced and secure cookie consent mechanisms, though explicit security headers and policies could be improved. The absence of WHOIS data is a minor concern but does not detract significantly from the overall trustworthiness given the professional presentation and comprehensive contact information. Strategic recommendations include enhancing security header implementation, publishing a formal security policy, and establishing a vulnerability disclosure process to further strengthen trust and compliance.

The website www.wsb-agency.com represents a communication agency formerly known as WSB, now rebranded as mêtis to celebrate its 20th anniversary. The agency focuses on providing communication and marketing services to businesses that view communication as a catalyst for change. The site serves primarily as an announcement landing page directing visitors to the new brand website and LinkedIn profile. Technically, the site is built on WordPress using common libraries such as jQuery, Tailwind CSS, and FontAwesome. However, it suffers from visible WordPress debug notices indicating suboptimal configuration and early loading of translation files. Security posture is basic with no visible security headers or advanced protections, and no privacy or cookie policies are present, which impacts compliance. The WHOIS data for the domain is missing or unavailable, which raises concerns about domain legitimacy and registration consistency. Overall, the site is functional but minimal, with moderate technical maturity and basic content quality.

W

Wagner-Bazin WB

wagner-bazin-wb.com

42

Wagner-Bazin WB is a professional cycling team based in France, providing news, team information, race calendars, and merchandise through their official website. The site targets cycling enthusiasts and supporters, offering a well-structured and visually consistent platform. Technically, the website is built on WordPress with WooCommerce and Elementor, integrating modern marketing and analytics tools such as Google Tag Manager and Brevo. The site is mobile-optimized and SEO-friendly, with a moderate performance profile. Security-wise, HTTPS is enforced and cookie consent is managed via Axeptio, but there is a lack of visible security headers and no explicit privacy policy or terms of service pages, which are areas for improvement. The absence of WHOIS data raises concerns about domain registration legitimacy, although the website content and social media presence suggest a legitimate operation. Overall, the site is professional and trustworthy but would benefit from enhanced transparency and security documentation.

A

André Bazin - Charcuterie et Salaison

andre-bazin.fr

51

André Bazin is a medium-sized French company specializing in charcuterie and salting products, with a history dating back to 1954. The company operates multiple brands and serves mass retailers, food service professionals, and ready-meal manufacturers. Their website is professionally designed using WordPress and Elementor, featuring multilingual support and comprehensive business information. Technically, the site uses modern plugins and SEO tools, hosted by OVH, with good performance and mobile optimization. Security posture is strong with HTTPS, security headers, and secure forms, though there is room for improvement in explicit security policies and incident response information. Overall, the website is trustworthy, compliant with GDPR, and provides clear contact channels.

C

ClickUp

clickup.com

77

ClickUp is a well-established SaaS company founded in 2001, offering an integrated productivity platform that consolidates tasks, documents, goals, and chat into a single application. Positioned as a leading solution in the productivity and project management market, ClickUp targets businesses and teams seeking to streamline workflows and maximize productivity. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content tailored to its audience. Technically, the site leverages modern frameworks such as Next.js and React, hosted on AWS infrastructure, and integrates advanced analytics and marketing tools with robust consent management via OneTrust. Security posture is strong with HTTPS enforcement, domain protection statuses, and cookie consent mechanisms, though DNSSEC is not enabled and no explicit security policy or vulnerability disclosure program is publicly available. Overall, ClickUp demonstrates a high level of digital maturity and business credibility, with room for improvement in transparency around security policies and incident response.

A

A–Gain Guide

a-gain.guide

53

A–Gain Guide is a digital platform focused on promoting sustainable fashion practices in Berlin and Hamburg by providing users with resources such as maps of repair shops, secondhand stores, and upcycling designers, as well as guides on clothing reuse and CO2 savings. The platform targets environmentally conscious consumers seeking to extend the life of their clothing. Technically, the website is built on Kirby CMS, uses modern JavaScript libraries like Glide.js for UI components, and integrates Matomo for privacy-respecting analytics. The site is well-structured, mobile-optimized, and includes cookie consent mechanisms aligned with GDPR requirements. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. WHOIS data is limited due to TLD restrictions but the domain appears legitimate and consistent with the business profile. Overall, the platform demonstrates a professional and trustworthy presence in the niche sustainable fashion market.

K

KAARISMA Recruitment GmbH

kaarisma-blue.de

61

KAARISMA BLUE Recruitment is a specialized recruitment agency based in Germany focusing on placing Servicetechniker and industrial technical professionals. The company positions itself as a modern headhunting service with a strong emphasis on matching candidates and employers harmoniously, particularly in sales and technical roles. Their business model revolves around active process support until successful hiring, targeting companies seeking qualified service technicians. The website content is professional, well-branded, and clearly communicates their value proposition. Technically, the site uses Kirby CMS and Matomo analytics, indicating a moderate level of digital maturity with some privacy-conscious tracking. Security posture is adequate with HTTPS enabled but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. Overall, the site is accessible, trustworthy, and serves its business purpose effectively.

K

Karlsruher Messe- und Kongress GmbH

offerta.de

63

offerta.de is the official website for the offerta trade fair, a major regional event held in Karlsruhe, Germany, organized by Karlsruher Messe- und Kongress GmbH. The platform provides comprehensive information about the event, including schedules, exhibitors, ticket sales, and thematic areas, targeting families and general visitors interested in shopping, enjoyment, and live events. The website demonstrates a strong market position as a leading regional event organizer with a focus on sustainability and regional products. Technically, the website is built on modern frameworks such as Vue.js, Nuxt.js, and Vuetify, ensuring a responsive and user-friendly experience. It integrates advanced privacy management tools like Usercentrics CMP and analytics services including Google Tag Manager and Hotjar, reflecting a mature digital infrastructure. The site is well-optimized for SEO and mobile devices, with good performance and accessibility standards. From a security perspective, the site enforces HTTPS and employs consent mechanisms for cookies, but lacks explicit security headers and a public security policy or incident response contact. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the website's claims, indicating legitimacy and trustworthiness. Overall, offerta.de presents a professional, secure, and privacy-compliant platform suitable for its business model. Strategic improvements could include enhancing security headers, publishing a security policy, and adding a security.txt file to further strengthen its security posture and trustworthiness.

R

ROMANZA Circusproduction

karlsruher-weihnachtscircus.de

52

Karlsruher Weihnachtscircus is a well-established regional Christmas circus event organized by ROMANZA Circusproduction in Germany. The website serves as an information and ticketing portal for the 16th edition of the show, targeting families and general audiences interested in festive live entertainment. The business model revolves around live event ticket sales and benefit concerts, positioning itself as a popular seasonal attraction in Baden. The website is professionally designed using WordPress and Elementor, with good mobile optimization and clear navigation. Social media integration and a dedicated ticket shop partnership enhance its digital presence. Technically, the site uses modern web technologies but lacks some advanced security headers and formal privacy or terms of service documentation. The SSL configuration is strong, and cookie consent is implemented, reflecting basic GDPR compliance. Overall, the site is trustworthy and safe for general audiences, with no adult or questionable content detected.

S

Stadt Karlsruhe

karlsruhe.de

69

The website www.karlsruhe.de serves as the official digital portal for the city of Karlsruhe, Germany, providing residents and visitors with access to a wide range of municipal services, information on city administration, social programs, environmental initiatives, cultural events, and mobility options. The site is well-positioned as a comprehensive government resource, targeting local citizens, businesses, and stakeholders. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including SVG graphics and Matomo analytics configured with privacy in mind. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security-wise, the website enforces HTTPS and employs a cookie consent mechanism aligned with GDPR requirements, though it lacks explicit security policy and incident response disclosures. Overall, the site is trustworthy, professionally maintained, and compliant with relevant privacy regulations, with no detected blocking or WAF interference.

D

Deutsche Stiftung Denkmalschutz

denkmalschutz.de

48

The Deutsche Stiftung Denkmalschutz website represents a well-established non-profit organization dedicated to the preservation of cultural heritage and monuments in Germany. The site provides comprehensive information about their mission, projects, events, and donation opportunities, positioning them as the largest private initiative in their sector. The website is built on TYPO3 CMS, featuring modern design elements and good mobile optimization, reflecting a mature digital presence. Security posture is solid with HTTPS and secure forms, though there is room for improvement in security headers and cookie consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness, supported by recognized donation seals and transparent reporting.

S

Steuerkontor Weinert

steuerkontor-weinert.de

58

Steuerkontor Weinert is a well-established tax consultancy firm based in Rostock, Germany, with over 25 years of experience. The company specializes in digital financial and payroll accounting, personalized tax planning, and business consulting services tailored for commercial, freelance, and non-profit organizations primarily in the Mecklenburg-Vorpommern region. Their business model focuses on professional services with a strong emphasis on digital transformation and cooperative client relationships. The website reflects a consistent and professional brand image, supported by recognized certifications such as go-digital and Offensive Mittelstand. Technically, the site is built on the Contao CMS platform, uses modern web technologies including lazy loading for images, and integrates Google Tag Manager for analytics. Hosting is provided by Timme Hosting, consistent with the domain's WHOIS data.

M

Merkle Manufactory

warpcast.com

58

Farcaster.xyz operates as a decentralized social network and crypto wallet platform, targeting crypto enthusiasts and digital asset traders. The business is positioned as a niche social network that facilitates discovery, trading, and creation within the crypto ecosystem. The company behind the site is Merkle Manufactory, founded in 2021, with a small-sized operation focused on technology innovation in blockchain social networking. The website promotes app downloads for iOS and Android, indicating a multi-platform presence. Technically, the website employs modern web technologies including React, Google Fonts, and Fathom Analytics for lightweight user tracking. Hosting and DNS services are provided via Cloudflare, ensuring good performance and security at the infrastructure level. The site is mobile-optimized with good design quality and user experience, although accessibility features are basic. SEO optimization is present but minimal. From a security perspective, the site uses HTTPS and has domain transfer protections enabled. However, it lacks DNSSEC, explicit security headers, and a cookie consent mechanism, which are areas for improvement. No contact or incident response information is provided, limiting transparency in security governance. The privacy policy exists but is basic and does not explicitly confirm GDPR compliance. No vulnerability disclosure or security.txt files were found. Overall, the website is professional, trustworthy, and safe for general audiences with no adult or questionable content. The domain registration is consistent with the business timeline and shows no suspicious patterns. Strategic recommendations include enhancing security headers, enabling DNSSEC, implementing cookie consent, and providing clearer security and contact information to improve compliance and trust.

D

Dynamic

dynamic.xyz

74

Dynamic is a fintech and crypto technology company specializing in wallet infrastructure, authentication, and secure key management through a flexible SDK. Positioned as a leading provider in the multi-chain wallet ecosystem, Dynamic serves fintech firms, crypto businesses, and stablecoin platforms with enterprise-grade solutions. The company recently became part of Fireblocks, enhancing its market position and resource base. The website reflects a mature digital presence with comprehensive product offerings, customer case studies, and a demo environment to engage developers and clients. Technically, the site is built on Webflow with modern JavaScript libraries and integrates analytics and marketing tools such as HubSpot and Google Tag Manager. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place. No critical vulnerabilities or compliance gaps were detected, though incident response and vulnerability disclosure policies could be more explicit. Overall, Dynamic presents a professional, trustworthy, and technically sound platform with a clear focus on fintech wallet infrastructure.

G

Großmarkt Rostock GmbH

rostocker-weihnachtsmarkt.de

45

The Rostocker Weihnachtsmarkt website represents the largest Christmas market in Northern Germany, organized by Großmarkt Rostock GmbH. It serves a broad audience including visitors, families, vendors, and travel organizers by providing detailed event information, attractions, special actions, and an online shop for exclusive products. The business holds a strong market position as a leading regional event in the hospitality and retail sectors. Technically, the website employs modern frontend technologies such as Bootstrap and jQuery, hosted by Alfahosting, and includes a cookie consent mechanism and Google Analytics with privacy features enabled. Security posture is moderate with HTTPS enabled and privacy compliance evident, though improvements in security headers and incident response documentation are recommended. Overall, the site is professional, trustworthy, and well-structured, supporting a positive user experience.

P

pxmedia.PRO

pxmedia.pro

59

pxmedia.PRO is a German B2B service provider specializing in done-for-you marketing and recruitment solutions aimed at medium-sized companies in the DACH region. With over 15 years of experience, the company focuses on helping clients systematically acquire profitable new customers and qualified employees to enable sustainable growth. The website demonstrates a professional and consistent brand presence with strong customer testimonials and a clear value proposition. Technically, the site is built on WordPress with the Divi theme and uses modern tools such as Google Analytics and Borlabs Cookie for tracking and consent management. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers could be improved. Privacy compliance is basic, with no explicit privacy policy page found, which is a notable gap. Overall, the domain registration is privacy protected but consistent with the business claims, and no suspicious patterns were detected.

The website www.locator-tzzz.com serves as an interactive tourism portal for Zagrebačka županija (Zagreb County) in Croatia. It is operated by the Turistička zajednica Zagrebačke županije, a public non-profit organization focused on promoting tourism within the region. The site offers an interactive map, listings of points of interest, accommodations, events, and cycling routes, targeting tourists and visitors interested in exploring the area. The business model is non-commercial, aiming to support regional tourism development. Technically, the website employs a range of established web technologies including Google Maps API, jQuery, Bootstrap, and various UI libraries to provide a responsive and interactive user experience. The site is moderately optimized for mobile devices and has a clear navigation structure. However, there is no evidence of a CMS or advanced hosting details. Performance is moderate, with room for improvement in SEO and accessibility. From a security perspective, the site lacks visible HTTPS enforcement and security headers, which are critical for protecting user data and ensuring trust. The presence of CSRF tokens in forms is a positive sign, but the absence of privacy and cookie policies indicates poor compliance with GDPR and related regulations. The WHOIS data is missing or inaccessible, which raises concerns about domain legitimacy and trustworthiness despite the professional appearance of the site. Overall, the website provides valuable regional tourism information but suffers from significant security and compliance gaps. The unclear domain registration status is a critical risk factor. Strategic improvements in security posture, privacy compliance, and domain registration transparency are recommended to enhance trust and protect users.

D

DMK Vall 042 d.o.o.

okusi.hr

41

Okusi hrvatske tradicije is a Croatian tourism and gastronomy promotion platform operated by DMK Vall 042 d.o.o., focusing on showcasing traditional Croatian cuisine, wines, and local agricultural products. The website targets tourists and gastronomy enthusiasts interested in authentic Croatian culinary experiences. It collaborates with local and county tourist boards to enrich the tourism offer with gastronomic content. Technically, the website is built on Joomla CMS using Bootstrap 3 and FontAwesome, with moderate performance and good mobile optimization. Security posture is moderate with no detected security headers or privacy policies, and SSL status is unknown from the provided data. Contact information is clearly provided, and social media presence includes Facebook and YouTube. Overall, the site is professional and trustworthy but lacks formal privacy and security disclosures.

T

Turistička zajednica Zagrebačke županije

tzzz.hr

44

Visit Zagreb County is the official tourism portal for the Zagreb County region in Croatia, managed by the Turistička zajednica Zagrebačke županije. The website serves as a comprehensive guide for tourists, offering information on cultural events, gastronomy, active holidays, health tourism, and sustainable tourism initiatives. It targets visitors interested in exploring the natural beauty and cultural heritage of the Zagreb County area. The business operates as a regional tourism authority, promoting local attractions and events to enhance tourism in the region. Technically, the website is built on WordPress using the Elementor page builder, with jQuery and several plugins for spam protection and accessibility. The hosting provider is Plus Hosting Grupa d.o.o., a Croatian hosting company. The site is moderately performant, mobile-optimized, and includes basic accessibility features. SEO practices are adequately implemented with proper meta tags and structured content. From a security perspective, the site uses HTTPS and includes spam protection and an accessibility widget. However, it lacks important security headers and a cookie consent mechanism, which are recommended for compliance with EU regulations. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a privacy policy present but no cookie banner or detailed security policies. Overall, the website is trustworthy and professionally maintained, with a clear focus on tourism promotion. Strategic improvements in security headers, privacy compliance, and contact information visibility would enhance its security posture and user trust.

The website croatia.hr serves as the official Croatian tourism portal, managed by CARNET, a reputable Croatian academic and research network. It provides extensive information about Croatia's travel destinations, cultural attractions, and events, targeting tourists and travelers globally. The site is well-branded and professionally designed, reflecting its government affiliation and authoritative market position in tourism promotion. Technically, the site employs modern web technologies including Vue.js, integrates third-party services such as Mailchimp for marketing and Dynatrace for performance monitoring, and is hosted with Microsoft Azure DNS infrastructure. The website demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS with strong security headers and uses monitoring tools to maintain performance and security. However, it lacks visible privacy and cookie policies, as well as explicit contact information and incident response details, which are important for compliance and user trust. No vulnerabilities or suspicious indicators were detected in the analyzed content. Overall, croatia.hr is a trustworthy and professionally maintained government tourism website with strong technical and security foundations. To enhance compliance and user trust, it is recommended to publish clear privacy and cookie policies, provide contact details, and include vulnerability disclosure and incident response information.

S

seabirds.de GmbH

seabirds.de

46

seabirds.de GmbH operates a specialized flight school and charter service based at Flugplatz Oldenburg-Hatten, Germany. The company offers pilot training including PPL and LAPL licenses, sightseeing flights, and aircraft chartering. The website is professionally designed with clear navigation and relevant content targeting aviation students and enthusiasts. Technically, the site uses Bootstrap and jQuery with integrations for Google Analytics and Facebook SDK, though it employs an outdated jQuery version which poses some security risks. Security posture is moderate with HTTPS implied but lacking explicit security headers and incident response information. Privacy compliance is addressed with a cookie consent banner and a privacy policy linked in the imprint. Overall, the site is trustworthy and well-positioned locally but could improve technical security and transparency.

M

Maslaton Rechtsanwaltsgesellschaft mbH

quartermike4.de

55

Quarter Mike 4 is a specialized aviation consultancy led by Prof. Dr. Martin Maslaton, offering expert services in pilot training, language proficiency, UAV operations, flight simulation, aviation transactions, and regulatory approvals. The business targets aviation professionals and companies primarily in Germany, leveraging deep expertise and legal partnerships to provide comprehensive aviation-related consulting. The website is built on a modern WordPress and Elementor platform, featuring professional design and rich multimedia content. Security posture is adequate with HTTPS enabled, but lacks some security headers and formal privacy policies. No blocking or WAF mechanisms were detected, allowing full content access.

K

KLISAB

klisab.com

45

KLISAB is a Croatian fashion brand specializing in modern clothing and accessories for men and women, founded in 2020 by designers Tomislav Kliškinić and Marko Šabarić. The company operates an e-commerce platform built on WordPress and WooCommerce, targeting fashion-conscious consumers primarily in Croatia. The website presents a professional and consistent brand image with clear navigation and good mobile optimization. Technical infrastructure leverages popular WordPress plugins and themes, including GDPR-compliant cookie consent mechanisms and analytics integrations such as Google Analytics and Facebook Pixel. Security posture is adequate with HTTPS enabled and domain registration transparency, though improvements in DNSSEC and security headers are recommended. Overall, the site is trustworthy and compliant with privacy regulations, supporting a positive user experience.

I

Ipša – Maslinova ulja

ipsa-maslinovaulja.com

45

The website appears to be a Croatian language site focused on olive oil products, likely representing a small business in the energy/agriculture sector. The domain is well established since 2009, indicating a stable presence. The technical infrastructure is based on WordPress with common plugins and libraries, showing a moderate level of digital maturity. However, the site lacks critical privacy and cookie policies, contact information, and security best practices such as security headers and DNSSEC. No advanced analytics or tracking mechanisms were detected, suggesting minimal user tracking. The security posture is basic with room for improvement in SSL enforcement and header implementation. Overall, the site is functional but lacks comprehensive compliance and security features, which could impact user trust and regulatory adherence.

K

Kerempuh – Satiričko kazalište Kerempuh

kazalistekerempuh.hr

9

Kerempuh is a well-established satirical theatre based in Croatia, operating since 2002. The website serves as a digital presence for the theatre, providing information about performances and cultural events. The site targets a general audience interested in theatre and cultural arts, positioning itself as a reputable cultural institution in the Croatian market. The business model revolves around live theatrical performances and related cultural activities. Technically, the website is built on WordPress with modern plugins and themes, including WPBakery Page Builder and Font Awesome, and uses Google Fonts for typography. The site is mobile-optimized and performs moderately well, though there is room for improvement in SEO and accessibility. Security-wise, the site uses HTTPS and has a cookie consent mechanism, but lacks explicit privacy and terms of service pages, advanced security headers, and incident response policies. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is professional and trustworthy but could enhance privacy compliance and security posture to better protect users and build trust.

Z

ZKM

zekaem.hr

10

Zagrebačko kazalište mladih (ZKM) is a well-established cultural institution in Croatia focused on theatrical performances and educational programs. The website serves as a portal for event schedules, ticket sales, and news updates, targeting the general public interested in theater and culture. The organization maintains an active digital presence with social media integration and multilingual support via Google Translate. The domain age and WHOIS data confirm legitimacy and consistency with the business profile. Technically, the website is built on WordPress using popular plugins such as WPBakery Page Builder, Ultimate VC Addons, and GDPR compliance tools like Complianz. The site demonstrates good SEO practices, mobile optimization, and moderate performance. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website reflects a professional and trustworthy cultural institution with good privacy compliance and user experience. However, it lacks explicit security policies and incident response contacts, which could enhance trust and preparedness. The site uses Google Analytics and Facebook Pixel for analytics and marketing, with appropriate consent mechanisms. Strategic recommendations include enhancing security headers, publishing a security policy, and conducting regular security audits to maintain and improve the security posture.

A

Abalone d.o.o.

abalone.hr

10

Abalone d.o.o. operates the Abalone Hotel & Apartments located on the Crikvenica Riviera in Croatia, providing hospitality services including hotel rooms and apartments. The business targets tourists and travelers seeking accommodation in this coastal region. The website is professionally designed using WordPress with modern plugins and themes, hosted on HostGator, and includes multilingual support. It demonstrates a moderate level of digital maturity with SEO and mobile optimization in place. Security posture is adequate with HTTPS and cookie consent mechanisms implemented, though security headers and incident response policies are absent. Overall, the site is trustworthy and compliant with GDPR cookie requirements but could improve in security transparency and contact information visibility.

A

Alan Hržica

alanhrzica.com

10

Alan Hržica is a recognized Croatian Christian musician with a professional online presence promoting his music albums, concerts, and videos. The website serves as a personal branding platform targeting Croatian-speaking audiences interested in spiritual and religious music. The site is built on WordPress using the Salient theme and WPBakery Page Builder, with a moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced DNS security and security headers. Privacy compliance is addressed with a cookie consent banner and a basic cookie policy page, though no privacy policy or terms of service are explicitly found. Contact information is limited to social media links without direct emails or phone numbers. Overall, the website is professional and trustworthy but could improve security and compliance documentation.

Portal narodnih knjižnica is a Croatian national library portal established in 2016, providing comprehensive administrative data, digital and regional collections, and library-related news and projects. It serves a broad audience including the general public, researchers, and minority communities in Croatia. The website uses modern web technologies such as Bootstrap, jQuery, and Google Analytics, and implements GDPR-compliant cookie consent mechanisms. The portal is positioned as an authoritative resource in the Croatian library sector with consistent branding and good content quality. Technically, the site is moderately performant and mobile-optimized but lacks explicit security headers and detailed security policies. Security posture is adequate with no visible vulnerabilities or exposed sensitive data, but improvements are recommended in security header implementation and incident response documentation. Overall, the site is trustworthy, safe, and professionally maintained, with a strong alignment between WHOIS registration data and website content.

V

Virtualna Tvornica

virtualna-tvornica.com

10

Virtualna Tvornica is a Croatian digital agency specializing in web development and online marketing services, established in 2012. The company offers a broad range of services including web shop creation, website and web application development, AI and ERP integration, and various digital marketing solutions such as Google, Meta, and TikTok advertising. Their market position is that of a specialized, small-sized agency with a consistent brand presence and a portfolio of successful projects. Technically, the website is built on WordPress with modern plugins and frameworks, optimized for SEO and mobile devices, and integrates standard marketing and security tools like Google Tag Manager and reCAPTCHA. Security posture is good with HTTPS and cookie consent mechanisms in place, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Overall, the website is professional, trustworthy, and compliant with GDPR, with no signs of blocking or WAF interference.

S

Stena Projects

stena-projects.eu

45

Stena Projects is a Croatian-based company specializing in the design and manufacture of handcrafted interior and exterior decorative elements, including stone and wood wall claddings, 3D decorations, decorative columns, and custom projects. The company targets customers seeking elegant and modern design solutions that blend art and nature. Their market position is that of a niche provider with a focus on quality and craftsmanship. Technically, the website is built on WordPress using modern plugins such as WPBakery and Slider Revolution, with multilingual support via WPML. The site is hosted by a Croatian hosting provider, Plus Hosting Grupa d.o.o., and employs HTTPS with good SSL configuration. Security posture is solid but could be improved by adding security headers and formal security policies. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy policy or terms of service detected. Overall, the website is professional, user-friendly, and trustworthy, with room for improvement in privacy and security documentation.

K

Kazalište Ulysses

ulysses.hr

42

Kazalište Ulysses is a well-established theatre company based in Zagreb, Croatia, with a domain registered since 2001. The company offers theatrical performances, concerts, and cultural events, targeting a general audience interested in arts and culture. Their website is built on WordPress, utilizing common plugins for event management, multilingual support, and newsletter subscriptions. The site is professionally designed with good navigation and mobile optimization, supporting a positive user experience. Security posture is adequate with HTTPS enabled and cookie consent implemented, though there is room for improvement in security headers and incident response transparency. Overall, the website reflects a credible and trustworthy cultural institution with active content and community engagement.

U

Udruga Djeca prva

djeca-prva.hr

57

Udruga Djeca prva is a Croatian non-profit organization dedicated to supporting children, youth, and families, especially those in vulnerable conditions. Established in 1994, it has a long-standing presence with a domain registered since 2002. The organization provides psychosocial counseling, social services, humanitarian aid, and runs various programs involving families and professionals from education and social care sectors. The website reflects a professional and consistent brand image, with clear communication of its mission and services. Technically, the site is built on WordPress with modern plugins and is hosted behind Cloudflare, ensuring good performance and security. The presence of GDPR-compliant cookie consent and privacy policies indicates strong privacy awareness. Security posture is solid with HTTPS and no evident vulnerabilities, though some security headers could be improved. Overall, the site is trustworthy, well-maintained, and serves its target audience effectively.

T

Teatar uz more

teataruzmore.com

49

Teatar uz more is a cultural theater festival based in Croatia, established in 2021, focusing on organizing theater events and performances primarily in Split and surrounding regions. The website serves as a platform for event scheduling, ticket sales, and festival information targeting theater enthusiasts and the general public interested in cultural events. The business operates on a small scale with a clear regional focus. Technically, the website is built on WordPress using popular plugins such as Yoast SEO, Contact Form 7, and Revolution Slider, indicating a mature but standard digital infrastructure. The site is mobile-optimized and SEO-friendly, providing a good user experience. Security-wise, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and some advanced security headers, suggesting room for improvement. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism in Croatian language, aligning with GDPR requirements. Overall, the site is trustworthy, professional, and well-positioned within its niche cultural sector.

K

Kerekesh Teatar

kerekesh.hr

46

Kerekesh Teatar is a Croatian theatre company specializing in comedic and cultural performances, with a strong regional presence and active event scheduling. The website serves as a portal for event information, ticket sales, and company background, targeting a general audience interested in theatre arts. Technically, the site is built on WordPress with modern plugins and libraries, including Google Analytics and GDPR compliance tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS and cookie consent, though improvements could be made in security headers and incident response transparency. Overall, the site is professional, trustworthy, and compliant with privacy regulations, supporting the legitimacy of the business.