Security Directory

Hrvatska akreditacijska agencija (HAA) is a Croatian national accreditation agency operating as an independent, non-profit public institution. It provides accreditation services and manages the e-Akreditacija portal, which offers electronic services and maintains registers of accreditations. The agency is positioned as the authoritative accreditation body in Croatia with international cooperation ties to organizations such as ILAC and EA. The website is professionally designed, uses WordPress CMS, and integrates standard web technologies including Google Analytics and reCAPTCHA for security and analytics purposes. The site is accessible, mobile-optimized, and provides clear navigation and relevant content for its target audience of accredited entities and government bodies. Security posture is adequate with HTTPS enforced and cookie consent implemented, though improvements could be made by adding security headers and explicit privacy policies. WHOIS data is redacted due to GDPR, but the domain and website content align with a legitimate government agency. Overall, the website demonstrates a good balance of professionalism, technical implementation, and business credibility.

A

Agencija za ugljikovodike

azu.hr

55

The website azu.hr represents the Agencija za ugljikovodike, a Croatian government agency specializing in the management and development of hydrocarbon and geothermal energy resources. The agency positions itself as a key player in Croatia's sustainable energy transition, providing data resources, coordinating projects, and supporting the development of new energy technologies. The website content is rich with news updates, project information, and sector-specific resources, targeting energy professionals, government stakeholders, and researchers. Technically, the website employs modern web technologies including Bootstrap, Google Fonts, Material Icons, and accessibility tools like the UserWay widget. The site is mobile-optimized and demonstrates good SEO practices with proper meta tags and structured navigation. Hosting appears to be managed under Croatian academic or government infrastructure, consistent with the agency's profile. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a cookie consent mechanism, which are recommended for enhanced security and GDPR compliance. No forms or direct contact information were found in the analyzed content, which may limit user engagement or support channels. Overall, the website is professional, trustworthy, and aligned with its governmental role. The domain registration data supports legitimacy and consistency with the agency's history. Strategic improvements in privacy compliance and security headers would further strengthen the site's posture.

S

SAFU

safu.hr

56

SAFU is the Central Agency for Financing and Contracting in Croatia, primarily responsible for managing EU and national funds related to various operational programs and projects. The website reflects its role as a government entity, providing information on funding programs, project implementation, and technical assistance. The site targets government bodies, project beneficiaries, and the general public interested in funding opportunities and project updates. Technically, the website is built on WordPress with Elementor, enhanced by SEO and accessibility plugins, and integrates Google Analytics and Tag Manager for performance and user tracking. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response information are not visible. Overall, the site is professional, well-structured, and trustworthy, with no signs of malicious activity or content safety concerns.

H

Hrvatska banka za obnovu i razvitak

hbor.hr

68

Hrvatska banka za obnovu i razvitak (HBOR) is a Croatian government development and export bank established in 1997. It provides financial products such as loans, guarantees, export credit insurance, leasing, and venture capital funds to support business growth, export activities, and sustainable development in Croatia. The website positions HBOR as a leading financial institution with a strong market presence and comprehensive service offerings targeting entrepreneurs, SMEs, and public sector entities. The digital infrastructure uses modern web technologies including jQuery and Bootstrap, with good mobile optimization and accessibility features. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The WHOIS data confirms the domain's legitimacy and long-term registration consistent with a government-affiliated entity. Overall, the website is professional, trustworthy, and compliant with privacy regulations.

The Europski Potrošački Centar Hrvatska (ECC Croatia) operates as a national consumer protection center affiliated with the European Consumer Centres Network (ECC-Net). It provides advisory services and assistance for cross-border consumer complaints within the EU, Norway, Iceland, and the UK. The website targets Croatian consumers and EU cross-border shoppers, offering information on consumer rights, complaint resolution, and referrals to competent authorities. The organization functions as a government or non-profit entity, emphasizing consumer protection and education. Technically, the website employs a moderately modern technology stack including Bootstrap 3.3.6, jQuery 1.11.3, Font Awesome, and Owl Carousel. It is mobile responsive with good SEO practices and clear navigation. However, some JavaScript libraries are outdated, and no CMS or hosting provider details are evident. Performance is moderate, and accessibility is basic. From a security perspective, the site uses HTTPS but lacks visible security headers such as Content Security Policy or HSTS. Forms use POST methods securely, and no sensitive data is exposed in the HTML. The absence of a cookie consent mechanism and security policy pages indicates partial GDPR compliance. WHOIS data is unavailable due to GDPR privacy restrictions, but the site’s affiliation with official EU and Croatian government entities supports its legitimacy. Overall, the website is professional, trustworthy, and serves an essential public service role. Security and privacy practices could be improved by implementing security headers, cookie consent, and publishing incident response information. The domain’s privacy protection is justified given GDPR regulations. The site poses low risk and is a reliable resource for consumer protection in Croatia.

C

Centar unutarnjeg tržišta EU

cut.hr

57

The website www.cut.hr represents the Centar unutarnjeg tržišta EU, a Croatian government-related portal focused on providing centralized information and coordination for the EU internal market within Croatia. It serves citizens, entrepreneurs, and competent authorities by offering contact points, guidance on EU rights and regulations, and access to EU-related programs and funds. The site is well-structured, professionally designed, and includes relevant content such as news, publications, and contact forms. It leverages modern web technologies including jQuery, WOW.js, and Google Analytics, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although some security headers and explicit policies are missing. Privacy compliance is partial, with a cookie policy present but no explicit privacy policy or consent mechanism. Overall, the site is trustworthy and authoritative, consistent with its government affiliation.

The website www.javnanabava.hr serves as the official Croatian government portal dedicated to public procurement. It provides authoritative information, legal frameworks, news updates, statistical data, and educational resources aimed at public sector entities, suppliers, and other stakeholders involved in public procurement processes. The portal is managed by the Ministry of Economy's Directorate for Public Procurement Policy, reflecting a strong government presence and trustworthiness. Technically, the site leverages modern web technologies including Blazor, Bootstrap, and Oqtane CMS, ensuring a responsive and accessible user experience. Accessibility tools and cookie consent mechanisms are implemented, demonstrating compliance with privacy regulations such as GDPR. Security posture is solid with HTTPS enforced and CSRF protections in place, though some security headers could be improved. No critical vulnerabilities or suspicious activities were detected. Overall, the site is professional, well-maintained, and serves its governmental informational purpose effectively.

H

Hrvatski sabor

sabor.hr

60

Hrvatski sabor is the official legislative body of the Republic of Croatia, providing comprehensive information about parliamentary activities, legislative processes, and public services. The website serves citizens, government officials, media, and researchers by offering access to session schedules, legislative documents, press releases, and educational resources. It holds a strong market position as the authoritative source for Croatian parliamentary information. Technically, the website is built on Drupal 10, leveraging modern web technologies and ensuring good mobile optimization and accessibility, including an integrated accessibility widget. The hosting is managed by CARNET, a reputable Croatian academic and research network, ensuring reliable infrastructure. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR. While explicit security headers are not fully visible in the HTML, the overall posture is strong with no exposed sensitive data or vulnerable libraries detected. However, the site lacks a published security policy, incident response information, and vulnerability disclosure mechanisms, which are recommended for enhanced security maturity. Overall, Hrvatski sabor's website is professional, trustworthy, and compliant with privacy regulations, making it a reliable platform for public legislative information. Strategic improvements in security transparency and incident response readiness would further strengthen its security posture.

H

HŽ Putnički prijevoz

hzpp.hr

50

HŽ Putnički prijevoz is the Croatian national passenger rail transport company providing domestic and international train services. The website serves as an information and ticketing portal for passengers, offering travel schedules, ticket purchase options, and travel advisories. The company targets general public users traveling within Croatia and to European destinations by rail. The business model is that of a public transportation service provider with a large market presence as the national rail operator. Technically, the website employs modern web standards including HTTPS, Google Tag Manager, and reCAPTCHA for security and analytics. Accessibility features such as font size adjustment and dyslexia mode enhance user experience. However, the site lacks visible privacy and terms of service pages, and no direct contact information is found in the provided content. Security posture is good with HTTPS and bot protection but could be improved by adding security headers and explicit security policies. Overall, the domain and website appear legitimate and professionally maintained, consistent with a national transportation entity.

N

N/A

strukturnifondovi.hr

55

The website 'EU fondovi Hrvatska' serves as the central internet portal for EU funds and programs in the Republic of Croatia. It provides comprehensive information and resources related to EU funding opportunities, targeting Croatian citizens, government entities, businesses, and organizations interested in accessing EU funds. The site is positioned as an official government portal, offering authoritative content and guidance on EU programs. Technically, the website is built on WordPress using the Astra theme and several plugins including accessibility and GDPR compliance tools. It integrates Google Analytics for visitor tracking and maintains a moderate performance level with good mobile optimization and accessibility features. Security-wise, the site enforces HTTPS and employs basic security best practices, though it lacks explicit security headers and detailed security policies. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website demonstrates a solid security posture and trustworthy business credibility, but it would benefit from publishing explicit privacy and terms of service policies to enhance compliance and user trust.

Z

Zagrebački holding d.o.o.

zgh.hr

54

Zagrebački holding d.o.o. is a large municipal holding company based in Zagreb, Croatia, managing a broad portfolio of public services including transportation, energy, waste management, and public markets. The company operates multiple subsidiaries that provide essential city infrastructure and services, positioning it as a key player in the local government sector. The website reflects this role with comprehensive information, clear navigation, and a professional design tailored to citizens, investors, and partners. Technically, the site uses modern JavaScript libraries, integrates Google Analytics and AddThis for tracking and sharing, and employs Mapbox for mapping services. The site is mobile-optimized and shows good SEO practices, though accessibility could be improved. Security-wise, the site enforces HTTPS and includes cookie consent mechanisms, but lacks some advanced security headers and a published security.txt file. No critical vulnerabilities or exposed sensitive data were detected. WHOIS data confirms the domain's legitimacy and long-standing presence since 2007, consistent with the organization's profile. Overall, the website is trustworthy, well-maintained, and compliant with GDPR, serving its public service mission effectively.

O

Omoguru

omoguru.com

57

Omoguru is a small education-focused company providing accessible reading and learning applications such as Lexie, w3Lexie plugin, and ReadAble widget. Their market position targets pupils, students, and individuals with reading difficulties, including dyslexia. The website is built on WordPress with modern technologies and includes standard marketing and tracking tools like Google Analytics and Facebook Pixel. Security posture is generally good with HTTPS and cookie consent mechanisms, but lacks some security headers and explicit privacy and terms pages. WHOIS data is missing, which raises some concerns about domain registration legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced transparency and security practices.

R

Response trening akademija d.o.o.

krav-maga.hr

61

Krav-maga.hr is the official website of Response trening akademija d.o.o., a Croatian company specializing in Krav Maga self-defense training and related educational services. The company operates a network of over 30 training locations across Croatia, targeting a broad audience including adults, women, children, and teenagers. Their business model combines in-person training, online courses, and an e-commerce platform selling related apparel, equipment, and educational materials. The website reflects a well-established market position with a professional online presence and active social media engagement. Technically, the website employs modern web standards including HTTPS, Google reCAPTCHA for form security, and integrates with marketing and analytics tools such as Google Analytics, Facebook Pixel, and Mailchimp. Hosting is supported by Cloudflare DNS services, and the site uses custom CMS technology. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. From a security perspective, the site demonstrates good practices including encrypted connections, GDPR-compliant consent mechanisms, and secure form handling. However, some security headers are not explicitly detected and could be improved. No critical vulnerabilities or exposed sensitive data were found. The WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, krav-maga.hr is a trustworthy, professionally managed website with a solid security posture and compliance with privacy regulations. Strategic improvements in security headers and incident response transparency could further enhance its security maturity.

K

Konfa media d.o.o.

zastita.info

58

Zastita.info is a Croatian media platform specializing in security industry news, events, and company catalogs. Operated by Konfa media d.o.o., it serves security professionals and companies in Croatia and the surrounding region. The website offers news updates, conference information, and advertising opportunities, positioning itself as a key regional security media outlet. Technically, the site uses a combination of legacy and modern web technologies including jQuery 1.8.1, UIkit, and Google Analytics, with moderate performance and good mobile optimization. Security posture is moderate but could be improved by updating outdated libraries and implementing security headers. Privacy compliance is basic with a cookie consent banner but no explicit privacy or terms of service pages. Overall, the domain is legitimate though WHOIS data is privacy protected, which is common for media businesses. The site is safe for general audiences and maintains a professional appearance.

G

GoDaddy Operating Company, LLC

klemmsecurity.com

71

The website is a domain sales landing page operated by GoDaddy Operating Company, LLC, offering the domain klemmsecurity.com for sale. It targets individuals and businesses interested in acquiring premium domains, providing options to buy outright or lease to own. The platform leverages GoDaddy's established domain aftermarket infrastructure and integrates partner services such as Afternic and Trustpilot for trust and transaction facilitation. The site is professionally designed with a focus on secure and straightforward domain transactions. Technically, it uses modern web frameworks including Next.js and JavaScript, hosted on GoDaddy's infrastructure, with basic SEO and accessibility features. Security posture is moderate with HTTPS implied and reCAPTCHA implemented, but lacks explicit security headers and detailed policies. Overall, the domain sales platform is credible and trustworthy, though WHOIS data for the parking subdomain is unavailable, which is typical for such sales platforms.

M

Microformats – building blocks for data-rich web pages

microformats.org

43

Microformats.org is a niche community-driven website focused on the promotion and education of microformats, a set of open data formats for marking up structured data on web pages. The site serves web developers and the IndieWeb community by providing specifications, blog posts, and resources related to microformats. It operates on a WordPress CMS hosted by Linode and has been active since 2005, indicating a mature presence in its domain. The content is technical and educational, targeting a specialized audience interested in semantic web technologies. From a technical perspective, the website uses a standard WordPress setup with JavaScript and CSS for frontend functionality. While the site is accessible and functional, it shows signs of moderate performance and basic mobile optimization. SEO and accessibility features are present but could be improved. The site uses Google Analytics for tracking but lacks visible privacy and cookie policies, which may impact compliance with data protection regulations. Security-wise, the site enforces HTTPS but lacks important security headers such as Content-Security-Policy and HSTS. DNSSEC is not enabled for the domain. No contact or incident response information is provided, which limits transparency and readiness for security issues. The absence of privacy and cookie policies also indicates compliance gaps. Overall, the security posture is moderate but could benefit from enhancements. The overall risk assessment suggests the site is legitimate and trustworthy within its niche but should improve privacy compliance and security best practices to enhance user trust and regulatory adherence. Strategic recommendations include implementing security headers, enabling DNSSEC, publishing privacy and cookie policies, and providing clear contact and incident response information.

L

Land Mecklenburg-Vorpommern

ecohesionportal-mv.de

57

The eCohesion-Portal Mecklenburg-Vorpommern is a government-operated web platform designed to facilitate electronic communication and data exchange between funding recipients and regional authorities or intermediaries. It primarily supports the management of approved funding projects within the region, co-financed by the European Union through the European Regional Development Fund. The portal itself does not process data but serves as a communication interface, targeting regional stakeholders involved in funding processes. Technically, the website employs a modern front-end stack including Bootstrap 5.1.3, jQuery, and Popper.js, ensuring responsive design and usability. The site implements a Content-Security-Policy header with restrictive directives, although the use of 'unsafe-inline' and 'unsafe-eval' weakens its security posture. No analytics or tracking technologies are detected, aligning with privacy-conscious government standards. The site lacks a cookie consent mechanism, which is a minor compliance gap given GDPR requirements. From a security perspective, the portal benefits from HTTPS and partial security header implementation but could improve by tightening CSP rules and adding additional headers such as HSTS and X-Frame-Options. No vulnerabilities or exposed sensitive data were identified in the analyzed content. WHOIS data confirms domain legitimacy and consistency with the regional government entity. Overall, the portal presents a trustworthy, professional, and functional government service with moderate technical sophistication and a good security baseline. Strategic improvements in security headers and privacy compliance would enhance its posture and user trust.

F

Mit profil anmelden

foerderportal-efre-mv.de

60

The website is a government-operated login portal for managing funding applications and grants in the Mecklenburg-Vorpommern region of Germany. It provides a secure authentication mechanism via the 'profil' system, allowing users to access and manage their funding online. The portal is targeted at applicants and stakeholders involved in regional funding programs, serving as a digital gateway for government services. Technically, the site uses standard HTML5 and JavaScript with a simple, functional design focused on login functionality. The site is mobile responsive at a basic level and includes accessibility features such as keyboard navigation and password visibility toggling. However, SEO optimization is minimal, and no advanced frameworks or CMS platforms are detected. From a security perspective, the site uses HTTPS and a POST method for login forms, but lacks visible security headers and CSRF protections. No privacy or cookie policies are present, which is a compliance gap. The WHOIS data aligns with regional network infrastructure, supporting legitimacy. No WAF or blocking mechanisms are detected, indicating full accessibility. Overall, the site is functional and moderately secure but would benefit from enhanced security headers, privacy compliance improvements, and richer metadata. The risk level is moderate with no critical vulnerabilities detected.

T

TBI Technologie-Beratungs-Institut GmbH

tbi-mv.de

52

The TBI Technologie-Beratungs-Institut GmbH is a regional government-affiliated institution focused on supporting research, development, and innovation in Mecklenburg-Vorpommern, Germany. It provides funding program management, digitalization support for SMEs, and knowledge transfer platforms. The website is built on TYPO3 CMS with modern frontend technologies and includes a cookie consent mechanism respecting user privacy. Contact information is clearly provided, and the site displays trust signals such as EU funding logos and government ministry affiliations. Security posture is solid with HTTPS and privacy-conscious analytics, though some security headers and policies could be improved. Overall, the site is professional, trustworthy, and well-suited for its target audience of regional businesses and research entities.

I

Invest in Mecklenburg-Vorpommern GmbH

invest-in-mv.de

55

Invest in Mecklenburg-Vorpommern GmbH operates as a regional investment promotion agency focused on attracting and supporting investments in the German state of Mecklenburg-Vorpommern. The website provides comprehensive information and services including location analysis, funding advice, and business establishment support, targeting investors and companies interested in the region. The site is professionally designed, well-structured, and uses modern technologies such as TYPO3 CMS, Bootstrap, and UIkit, ensuring good user experience and mobile optimization. Security posture is strong with HTTPS, security headers, and secure forms, though explicit security policies and incident response contacts are not published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a trustworthy and professional front for the investment promotion entity.

S

Staatliche Ämter für Landwirtschaft und Umwelt Mecklenburg-Vorpommern

stalu-mv.de

61

The website www.stalu-mv.de serves as the official portal for the Staatliche Ämter für Landwirtschaft und Umwelt (State Offices for Agriculture and Environment) in Mecklenburg-Vorpommern, Germany. It provides information on regulatory enforcement, agricultural support, environmental protection, and related public services. The site targets citizens, agricultural businesses, and governmental stakeholders within the region. The business model is that of a public governmental agency delivering regulatory and support services. The website is well-structured, professionally designed, and consistent with government branding, offering good content relevance and navigation clarity. Technically, the site uses standard web technologies including HTML5, CSS, and JavaScript, hosted on official regional servers (mvnet.de). It appears to be built on a custom or proprietary CMS platform. The site is mobile-optimized and accessible, with moderate performance. SEO practices are adequately implemented, though no advanced frameworks or analytics services are detected. From a security perspective, the site uses HTTPS and does not expose sensitive data. However, no explicit security headers or incident response policies are published, and no cookie consent mechanism is present, which are areas for improvement. The WHOIS data aligns well with the website's governmental purpose, indicating a legitimate and consistent domain registration. Overall, the website presents a low-risk profile with a solid business credibility and good content quality. Strategic recommendations include enhancing privacy compliance with cookie consent, publishing security policies, and implementing security headers to strengthen the security posture.

GSA Gesellschaft für Struktur- und Arbeitsmarktentwicklung is a government-affiliated organization based in Mecklenburg-Vorpommern, Germany, focused on labor market development, vocational training, and business consulting. The website provides news updates, service information, and resources primarily for regional businesses, job seekers, and policymakers. The organization offers services such as funding for training, business consulting, and support for startups and workforce transformation. The site is built on TYPO3 CMS with a moderate technical infrastructure and uses standard web technologies including Bootstrap and jQuery. It employs a cookie consent mechanism and disables analytics tracking by default, reflecting a privacy-conscious approach. Security posture is adequate but could be improved by adding security headers and updating legacy libraries. No critical vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, serving a medium-sized public sector entity.

W

WERK3 Werbeagentur GmbH & Co. KG

werk3.de

54

WERK3 Werbeagentur GmbH & Co. KG is a small, full-service advertising agency based in Rostock, Germany. The company specializes in marketing strategies, corporate design, campaign conception, and website development, positioning itself as a creative and award-winning agency within the regional media sector. The website reflects a professional and consistent brand image, targeting businesses and organizations seeking comprehensive marketing solutions. Technically, the website is built on TYPO3 CMS and leverages a modern technology stack including jQuery, Bootstrap, and various JavaScript libraries for enhanced user experience and interactivity. Analytics and marketing tools such as Matomo, Google Tag Manager, and Facebook Pixel are integrated, with a clear cookie consent mechanism ensuring GDPR compliance. The site demonstrates good mobile optimization and SEO practices, though accessibility could be improved. From a security perspective, the website enforces HTTPS and employs cookie consent but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The domain registration data is consistent with the website's claims, indicating a legitimate and trustworthy online presence. Overall, the website scores well in content quality, technical implementation, privacy compliance, and business credibility, with recommendations to enhance security headers, publish formal security policies, and improve accessibility to further strengthen its security posture and user trust.

Filmmuseum Potsdam is a cultural and educational institution dedicated to film history, exhibitions, and cinema programming. The website serves as a portal for visitors to explore exhibitions, digital content, and research projects related to film culture. The institution targets a general audience interested in film and cultural heritage, operating primarily as a non-profit entity within the media and education sectors in Germany. The website is built on idbase CMS 5.5 and uses a combination of jQuery, Bootstrap, and other JavaScript libraries to deliver a responsive and interactive user experience. Cookiebot is integrated for GDPR-compliant cookie consent management. Security posture is adequate with HTTPS enabled and cookie consent mechanisms in place, but the use of outdated JavaScript libraries and lack of visible security headers suggest room for improvement. No explicit privacy policy or terms of service pages were found in the provided content, which is a compliance gap. Overall, the website is professional and trustworthy but would benefit from enhanced privacy disclosures and updated technical components.

The website www.filmbildung-brandenburg.de represents a small educational service provider, Stefan Röske, specializing in film and media education workshops and digital literacy. The business targets educators and learners interested in practical media applications such as podcasts, explainer videos, and digital tools. The website is built on WordPress and hosted likely on a German hosting provider, with a moderate performance and good mobile optimization. However, the site lacks critical privacy and cookie policies, and no direct contact emails or phone numbers are provided, only a contact form. Security posture is basic with HTTPS enabled but missing security headers and incident response information. WHOIS data is minimal and lacks registrant transparency, which slightly reduces trustworthiness. Overall, the site is professional and content-rich but would benefit from enhanced privacy compliance and security best practices.

B

Bike Kitchen Brno

bikekitchenbrno.cz

40

Bike Kitchen Brno is a small community-driven non-profit organization based in the Czech Republic focused on providing an open bicycle repair workshop and fostering social engagement around cycling culture. The website serves as a hub for community events, educational programs, and environmental initiatives. The organization benefits from EU grant support, indicating some level of external validation and funding. Technically, the website is built on WordPress with common plugins and uses HTTPS with a good SSL configuration, though some libraries like jQuery are outdated, posing potential security risks. The site lacks formal privacy and cookie policies, which is a compliance gap especially under GDPR. Security posture is moderate with some best practices implemented but missing key headers and vulnerability disclosures. Overall, the site is functional, well-branded, and serves its community purpose effectively but would benefit from improved compliance and security hardening.

N

NielsenIQ

etilize.com

76

NielsenIQ is a global enterprise specializing in technology product content solutions, leveraging Brandbank's extensive product data to enhance product discoverability and sales for business clients. The website demonstrates a mature digital presence built on WordPress with modern SEO and analytics integrations, reflecting a strong technical infrastructure. Security posture is robust with HTTPS and CSP headers, though DNSSEC is not enabled and explicit security policies are absent. Privacy compliance is partially addressed via cookie consent but lacks visible privacy and terms policies on the landing page. Overall, the site is professional, trustworthy, and well-positioned in the technology sector.

C

Carrefour

carrefour.eu

65

Carrefour Belgium operates a comprehensive online grocery and general merchandise retail platform targeting Belgian consumers. The website offers over 20,000 products with options for home delivery and in-store pickup, reflecting a mature e-commerce business model supported by the global Carrefour brand. The technical infrastructure leverages Salesforce Commerce Cloud, integrating modern marketing and analytics tools such as Google Tag Manager and CQuotient, indicating a digitally mature platform. Security posture is generally strong with HTTPS enforced and no visible sensitive data exposure, though explicit security headers and privacy policies are not evident in the provided content. The absence of WHOIS data is due to registry restrictions common for .be domains and does not detract from the site's legitimacy. Overall, the site presents a professional, trustworthy, and well-branded retail experience.

V

VDI Wissensforum GmbH

vdiconference.com

70

VDI Wissensforum GmbH operates a professional website offering international conferences, congresses, and courses targeted at engineers and technical specialists. The company positions itself as a leading provider in continuing education within the engineering sector, primarily serving the German market. The website content is well-structured, professionally designed, and optimized for both desktop and mobile users, reflecting a mature digital presence. Technically, the site is built on TYPO3 CMS and integrates modern marketing and analytics tools such as Google Tag Manager, Cookiebot for consent management, and reCAPTCHA for form security. The security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers could be improved. The absence of publicly available WHOIS data for the domain raises concerns about domain registration legitimacy, which should be further investigated. Overall, the website demonstrates strong privacy compliance and business credibility, with clear contact information and social media engagement.

Voucherbooking.de is an e-commerce platform focused on selling vouchers or gift certificates, primarily targeting a general German-speaking audience. The website is built using Angular 11 and hosted on Hetzner servers, indicating a modern but basic technical infrastructure. The site content is minimal with placeholder legal links and lacks explicit contact or security policy information. Security posture is weak due to missing security headers and absence of cookie consent mechanisms, which also impacts GDPR compliance. No WAF or blocking mechanisms were detected, allowing full content access for analysis.

S

Salesforce

salesforce-scrt.com

71

Salesforce is a leading global provider of CRM software and AI-powered customer engagement solutions, operating at enterprise scale. The company offers a unified platform integrating CRM, AI, data, and trust capabilities via its Einstein 1 Platform, targeting businesses seeking advanced customer relationship management and analytics. The website is professionally designed, localized for German users, and reflects Salesforce's market leadership and technological maturity. The technical infrastructure leverages modern JavaScript frameworks, cloud hosting, and advanced analytics tools, ensuring fast performance and excellent mobile optimization. Security posture is strong, with HTTPS enforced, comprehensive security headers, and published certifications including ISO 27001 and FedRAMP. Privacy compliance is robust, featuring GDPR-aligned policies and consent management via OneTrust. WHOIS data is unavailable due to privacy protection but the domain and website content strongly align with Salesforce's brand and legitimacy. Overall, the site demonstrates high professionalism, security, and compliance suitable for an enterprise SaaS leader.

D

Datenwerkbank

datenwerkbank.de

54

Datenwerkbank is a small, specialized web service provider based in Stuttgart, Germany, founded in 2024 by Manuel Deutsch, a freelance web developer with over 10 years of experience. The company focuses on website maintenance, support, and optimization services primarily for WordPress and Kirby CMS platforms, targeting agencies and medium-sized businesses. Their offerings include regular updates, backups, SEO optimization, hosting with green energy, and personalized support, delivered through clear service packages with transparent pricing. The website reflects a professional and trustworthy brand with strong customer references and a clean, responsive design. Technically, the website employs modern web standards including responsive images, SVG graphics, and privacy-conscious analytics via Matomo with cookies disabled. Hosting is provided by netcup, a reputable German provider, and the site uses HTTPS with canonical URLs for SEO. While the site lacks explicit security headers and a cookie consent mechanism, it demonstrates good privacy practices and GDPR compliance through its privacy policy and minimal tracking. From a security perspective, the site shows good practices such as regular backups and CMS updates included in service packages, but could improve by implementing security headers and publishing a security policy or incident response contact. No vulnerabilities or suspicious WHOIS patterns were detected, and the domain registration aligns with the business founding date, supporting legitimacy. Overall, Datenwerkbank presents a secure, professional, and privacy-aware web presence suitable for its target market. Strategic improvements in security headers and cookie consent would enhance compliance and trust further.

D

Deutsches Rotes Kreuz

drk-guestrow.de

48

The website www.drk-guestrow.de represents the Kreisverband Güstrow e.V. branch of the Deutsches Rotes Kreuz (German Red Cross), a well-established non-profit humanitarian organization. The site provides comprehensive information about their social services, community engagement, courses, and donation opportunities, targeting the general public, volunteers, and donors. The content is professionally presented with consistent branding and clear navigation, supporting a positive user experience. Technically, the site is built on TYPO3 CMS, employs modern web standards, and shows good mobile optimization and accessibility. Security posture is adequate with HTTPS assumed and cookie consent mechanisms in place, though explicit security headers and incident response policies are not published. WHOIS data confirms domain legitimacy and consistency with the organization's identity. Overall, the site is trustworthy, compliant with GDPR, and serves as an effective digital presence for the local DRK branch.

D

DRK Kreisverband Rostock e.V.

drk-rostock.de

56

DRK Kreisverband Rostock e.V. is a regional branch of the German Red Cross, providing humanitarian aid, social services, and community support in Rostock and surrounding areas. The organization focuses on emergency rescue, care for seniors, support for people with disabilities, and volunteer engagement. The website reflects a mature digital presence with a professional design, clear navigation, and compliance with GDPR and cookie consent regulations. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and integrates Google Analytics via Google Tag Manager. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response information are absent. WHOIS data confirms domain legitimacy and consistency with the organization's identity. Overall, the site is trustworthy, well-maintained, and serves its target audience effectively.

A

Arbeiterwohlfahrt Rostock

awo-rostock.de

49

Arbeiterwohlfahrt Rostock is a well-established non-profit social welfare organization based in Germany, providing a wide range of social services including care for the elderly, child and youth support, social psychiatry, migration assistance, and volunteer opportunities. The organization operates with a clear mission to promote social justice and community support in the Rostock region. Their website reflects a professional and consistent brand presence, with comprehensive information about their services and career opportunities. Technically, the site is built on WordPress with modern plugins for SEO, cookie consent, and interactive content, demonstrating a mature digital infrastructure. Security-wise, the site uses HTTPS and cookie consent management, but lacks a formal published security policy or vulnerability disclosure, which could be improved. Overall, the website is trustworthy, well-maintained, and compliant with GDPR requirements, making it a reliable source for users seeking social services or employment with AWO Rostock.

L

Landkreis Mecklenburgische Seenplatte

lk-mecklenburgische-seenplatte.de

57

The website for Landkreis Mecklenburgische Seenplatte serves as the official digital portal for the regional government of the Mecklenburgische Seenplatte district in Germany. It provides comprehensive information on local government services, news, events, and citizen resources. The site targets residents and stakeholders within the district, offering access to administrative offices, public announcements, and online forms. The business model is that of a government service provider with a medium-sized organizational footprint. The website maintains consistent branding and trust indicators such as official contact details and privacy compliance mechanisms. Technically, the site uses a legacy technology stack centered around jQuery 1.12.3 and related JavaScript libraries, integrated with IKISS CMS components. While the site is functional and moderately optimized for mobile and accessibility, there is room for modernization and performance improvements. The presence of a cookie consent banner and privacy policy indicates good privacy compliance, with Matomo analytics used for user tracking at a moderate level. From a security perspective, the site lacks visible security headers and uses outdated JavaScript libraries that may expose it to vulnerabilities. No incident response or security policies are published, and no advanced security frameworks are evident. However, no critical security issues or WAF blocks were detected, and the domain registration data aligns well with the official government entity, supporting legitimacy. Overall, the website is a trustworthy and professional government portal with good content quality and business credibility. Strategic improvements in security posture, technical modernization, and enhanced privacy transparency would further strengthen its digital maturity and risk profile.

B

Borealis

borealis.agency

45

Borealis is a Croatia-based digital agency specializing in the creation of custom digital products including complex web applications, e-commerce platforms, multimedia applications, and promotional games. The company emphasizes long-term client relationships and serves a global clientele with a comprehensive service offering from concept through post-launch support. Their website reflects a professional and modern digital presence built on WordPress, with integration of Google Tag Manager and reCAPTCHA for analytics and security. While the site is well-designed and content-rich, it lacks explicit privacy and cookie policies, which is a notable compliance gap. Security posture is generally good with HTTPS and form protection, but could be improved by adding security headers and formal incident response disclosures. Overall, Borealis presents as a credible and established digital agency with a solid market position and trustworthy online presence.

The website at kzuo.hr is currently a minimal directory index page with no substantive content or business information. The domain is registered in Croatia with a national registrar (CARNET) since 2017, indicating legitimacy in registration but the website itself lacks any meaningful presence or branding. There are no privacy policies, cookie notices, terms of service, or contact information available, which severely limits its credibility and compliance posture. Technically, the site exposes directory listings and lacks security headers or HTTPS information, indicating poor security hygiene. Overall, the site appears inactive or a placeholder with very limited digital maturity and no evident business operations. Security posture is weak with multiple recommendations needed to improve compliance, security, and trust.

Klemm Učilište is a Croatian adult education institution specializing in security-related training programs, including courses, seminars, and workshops. The website presents a professional image with clear program offerings and a focus on personal and professional development in the security sector. The business operates primarily in Croatia and targets adults seeking specialized education in protection and security services. Technically, the site is built on WordPress using popular plugins such as LearnPress for LMS functionality and GDPR compliance tools, indicating a moderate level of digital maturity. The site is mobile-optimized and performs moderately well, though some accessibility and SEO improvements are possible. Security posture is adequate with HTTPS enforced and GDPR cookie compliance, but lacks advanced security headers and explicit security policies. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. However, the absence of privacy and terms of service pages represents a compliance gap that should be addressed.

The website klemmsecurity.si is currently inaccessible, presenting only a 503 Service Unavailable error page indicating server downtime or capacity issues. Due to this, no meaningful content, metadata, or business information is available for analysis. The domain is registered since 2014 with a Slovenian registrar, suggesting a legitimate and established presence, but the lack of accessible content prevents assessment of the company's services, market position, or digital maturity. Technically, the site lacks visible technologies, frameworks, or security headers, and no privacy or security policies are published. This results in a very low security posture and poor overall website quality. Strategic recommendations include restoring website availability, implementing robust error handling, publishing comprehensive privacy and security policies, and improving technical infrastructure to enhance performance and trust.

C

Captify Technologies

captifytechnologies.com

10

Captify Technologies operates a leading Search Intelligence platform that leverages real-time search data from over 2 billion devices to empower brands with actionable consumer insights. Their platform supports cookieless marketing strategies, enabling advertisers and publishers to optimize targeting and campaign measurement without relying on third-party cookies. The company positions itself as a mature and trusted player in the technology marketing sector, serving over 800 major global brands. Technically, the website is built on WordPress and integrates multiple modern marketing and analytics tools such as Google Analytics, HubSpot, Pardot, and OneTrust for cookie consent management. The site is well-optimized for SEO and mobile devices, with good content quality and clear navigation. Security-wise, HTTPS is enforced, and domain registration is consistent and legitimate, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is partially addressed with a cookie consent mechanism, but no explicit privacy policy or terms of service were found in the provided content. Overall, the website demonstrates a solid digital presence with room for improvement in formal privacy and security disclosures.

E

Exponential Interactive Inc.

exponential.com

54

Exponential Interactive Inc. is a digital advertising company with a history dating back to 2001. The current website serves primarily as a transitional landing page directing visitors to vdx.tv, indicating a rebranding or merger. The business focuses on digital advertising services, targeting advertisers and media buyers. The website is built on the Webflow platform using jQuery and is hosted on Webflow's CDN, reflecting a moderate level of technical maturity. However, the site content is minimal and lacks comprehensive business or compliance information. Security posture is limited with no visible security headers or privacy policies, and WHOIS data is unavailable, raising concerns about domain registration transparency. Overall, the site appears functional but basic, with room for significant improvements in security, compliance, and content richness.

V

Vodoopskrba i odvodnja d.o.o.

vio.hr

56

Vodoopskrba i odvodnja d.o.o. is a Croatian water utility company primarily serving the city of Zagreb and surrounding municipalities. The company provides essential services including water supply, wastewater drainage, and treatment, supported by a strong infrastructure and over 130 years of operational history. It operates under the parent company Zagrebački Holding, reflecting a stable market position in the regional energy and utilities sector. The website offers comprehensive customer service features, including emergency contact, online meter reading submission, and detailed informational resources. Technically, the site employs a modern tech stack with Bootstrap, jQuery, and integrates Google Analytics and Tag Manager for user insights. Accessibility and mobile responsiveness are well addressed, enhancing user experience. Security posture is solid with HTTPS and ISO certifications, though there is room for improvement in HTTP security headers and incident response transparency. Privacy compliance is robust, featuring a detailed cookie consent mechanism and GDPR-aligned privacy policies. Overall, the website reflects a professional and trustworthy digital presence aligned with its business objectives.

N

Nastavni zavod za javno zdravstvo „Dr. Andrija Štampar“

stampar.hr

48

Nastavni zavod za javno zdravstvo „Dr. Andrija Štampar“ is a well-established Croatian public health institution founded in 1949, employing over 400 professionals. The website serves as an informational portal primarily targeting the citizens of Zagreb and the broader Croatian public, focusing on health education and community health services. The institution holds a significant position in the local healthcare sector as a trusted public health authority. Technically, the website is built on Drupal 9 CMS, utilizing modern frontend libraries such as AOS for animations and Swiper for sliders, and Google Fonts for typography. The site demonstrates good mobile optimization and a moderate performance profile. However, there is room for improvement in accessibility and SEO optimization. From a security perspective, the site lacks visible security headers and explicit security policies. There is no evidence of privacy or cookie policies, GDPR compliance indicators, or incident response contact information. No vulnerability disclosure or security.txt files were found. The SSL/TLS configuration and hosting provider details were not available in the provided data, limiting a full security assessment. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, security best practices, and transparency measures to improve user trust and regulatory adherence.

Podružnica Tržnice Zagreb, a subsidiary of Zagrebački holding, operates a network of 28 market locations in Zagreb, Croatia, serving approximately 2500 tenants. The organization focuses on providing fresh domestic products including fruits, vegetables, dairy, fish, and meat products, positioning itself as a key retail market operator in the city. The website reflects a professional presence with clear navigation, relevant content, and integration of essential services such as equipment rental and online market information. The target audience includes local residents, business tenants, and visitors seeking fresh produce. Technically, the website employs a mix of legacy and modern JavaScript libraries, Google Analytics, and cookie consent mechanisms, indicating moderate digital maturity. Security posture is adequate but could be improved by updating legacy libraries and implementing security headers. Privacy compliance is well addressed with GDPR-aligned cookie consent and privacy policy. Overall, the website is trustworthy and professionally maintained, supporting the organization's public service role.

Z

Zagrebački električni tramvaj

zet.hr

56

Zagrebački električni tramvaj (ZET) operates as the primary public transportation provider in Zagreb, Croatia, offering tram, bus, funicular, and cable car services. The website serves residents and visitors with comprehensive information on ticketing, routes, service updates, and EU-funded infrastructure projects. The company is positioned as a large, essential transportation entity under Zagrebački Holding, with a strong local presence and public sector backing. Technically, the website employs a modern technology stack including Google Tag Manager, Google Analytics, Facebook Pixel, and Hotjar for analytics and user behavior tracking. The site is mobile-optimized with good navigation and SEO practices, though it lacks some accessibility features and a cookie consent mechanism. The CMS appears custom-built, and performance is moderate. From a security perspective, the site uses HTTPS with good SSL configuration and no exposed sensitive data. However, it lacks important security headers and visible security or incident response policies. The absence of a cookie consent banner indicates partial GDPR compliance. No vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and well-aligned with the business's public transportation mission. Strategic improvements in privacy compliance and security policy transparency would enhance trust and regulatory adherence.

M

Ministarstvo gospodarstva

mingo.hr

55

The website represents the official online presence of the Ministry of Economy of the Republic of Croatia, serving as a central hub for disseminating information related to economic policies, energy approvals, public procurement, and consumer protection. It targets citizens, businesses, and government officials, providing access to news, documents, e-services, and public calls. The site is well-branded with consistent government identity and links to related official portals, reinforcing its authoritative position within the Croatian government ecosystem. From a technical perspective, the website employs a traditional tech stack including jQuery, Modernizr, and various UI libraries, alongside Google Analytics for visitor tracking. The site is mobile-optimized and accessible, with a cookie consent mechanism that aligns with GDPR requirements. However, some JavaScript libraries are outdated, which could pose security risks if not regularly updated. Security-wise, the site enforces HTTPS and implements cookie consent, but lacks visible security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data confirms the domain's legitimacy as a government entity with consistent registration details. Overall, the website is a trustworthy and professional government portal with good content quality and privacy compliance. Strategic improvements include enhancing security headers, updating legacy scripts, and publishing explicit security and incident response policies to strengthen the security posture and user trust.

P

Plavi ured

plaviured.hr

59

Plavi ured is a government-supported entrepreneurial center based in Zagreb, Croatia, established in 2015 as part of the Zagrebački inovacijski centar d.o.o. It provides education, support programs, and consulting services to entrepreneurs, including small and medium enterprises, micro entrepreneurs, craftsmen, and beginners. The website is professionally designed using WordPress with modern plugins such as Yoast SEO and Slider Revolution, and it integrates Google reCAPTCHA for form security and Complianz for GDPR-compliant cookie management. The site demonstrates good digital maturity with clear navigation, mobile optimization, and SEO best practices. Security posture is solid with HTTPS enforced and no exposed sensitive data, though the use of an outdated jQuery version and lack of explicit security headers are noted as areas for improvement. Privacy compliance is strong, with comprehensive privacy and cookie policies and consent mechanisms in place. Overall, the website is trustworthy and serves as a credible digital presence for the entrepreneurial center.

Ż

Żywiec Zdrój

zywiec-zdroj.pl

62

Żywiec Zdrój is a well-established Polish bottled spring water brand, founded in 2000, offering a range of natural mineral water products sourced from the Żywiecki Park Krajobrazowy. The company emphasizes environmental sustainability and responsible business practices, supported by dedicated programs and partnerships. The website reflects a mature digital presence with comprehensive product information, sustainability initiatives, and legal compliance documents. Technically, the site is built on modern frameworks such as Next.js and React, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, serving a general audience interested in healthy bottled water products.