Security Directory

T

Test & Code

testandcode.com

61

Test & Code is a specialized podcast website focused on Python testing and software engineering topics, hosted by Brian Okken. The site offers podcast episodes and educational pytest courses, targeting Python developers and software engineers interested in automated testing. The business operates in the technology sector with a niche market position and a small-scale operation founded in 2016. The website demonstrates excellent content quality, consistent branding, and strong trust indicators such as a long domain age and professional podcast hosting via Transistor.fm. Technically, the site uses modern web technologies including Alpine.js and is hosted on Transistor.fm's platform. It is well-optimized for mobile devices, has good accessibility and SEO practices, and loads quickly. The site includes CSRF tokens indicating some security awareness but lacks several security headers and DNSSEC is not enabled, representing areas for improvement. From a security perspective, the site uses HTTPS and shows no signs of vulnerabilities or malicious content. However, it lacks privacy and cookie policies, terms of service, and incident response information, which are important for compliance and user trust. No contact emails or phone numbers are explicitly provided, limiting direct communication channels. Overall, the website is professional, trustworthy, and focused on delivering quality podcast content. Strategic recommendations include publishing privacy and cookie policies, adding security headers, enabling DNSSEC, and providing clear contact and security incident response information to enhance compliance and security posture.

B

Barker Technologies AB

barkertech.io

53

Barker Technologies AB operates a professional website focused on building software applications and content for video producers, live streamers, and broadcast professionals. The company offers a suite of specialized apps such as H2R Graphics, Rundown Studio, and Dashmaster 2k, targeting a niche market within the technology sector. The website presents a consistent brand image and clear navigation, supported by social media channels on Instagram, GitHub, and YouTube, enhancing its market presence. Technically, the website is modern and performant, leveraging technologies such as Astro framework, Google Fonts, and Pirsch Analytics for minimal user tracking. Hosting is provided by Netlify Inc, a reputable cloud platform. The site is mobile optimized and uses HTTPS with a valid SSL certificate, ensuring secure communications. However, DNSSEC is not enabled, and security headers are missing, representing areas for improvement. From a security perspective, the site demonstrates basic good practices such as HTTPS enforcement and domain transfer protection. However, it lacks published privacy and cookie policies, cookie consent mechanisms, and vulnerability disclosure information, which are important for compliance and user trust. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website is safe, professional, and well-targeted but would benefit from enhanced privacy compliance and security hardening. Strategic recommendations include publishing comprehensive privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact information to improve trust and compliance.

I

isabelle garcia

isabellegarcia.com

58

The website is a personal blog titled 'isabelle garcia – Simply Simple' hosted on WordPress.com and registered under Automattic Inc. It focuses on lifestyle topics such as vanlife, travel, meditation, and personal adventures. The blog targets a general audience interested in these themes and operates as a small-scale content blogging platform without explicit commercial services. Technically, the site uses WordPress with Jetpack and Gutenberg plugins, hosted by Automattic, providing a stable and moderately performant infrastructure with good mobile optimization. Security posture is adequate with HTTPS enforced and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. No direct business contact information or security policies are disclosed, limiting trust and compliance indicators. Overall, the site is safe, professional, and consistent with a personal blog but would benefit from enhanced privacy and security disclosures.

S

Sylvain Hellegouarch

defuze.org

53

defuze.org is a personal/professional website representing Sylvain Hellegouarch, primarily serving as a landing page linking to social media profiles such as Mastodon, GitHub, and LinkedIn. The site is minimalistic, built using the Astro framework, and hosted with DNS services from Google Cloud. The domain is well-established since 2004, registered in France, and shows no suspicious registration patterns. The website lacks privacy, cookie, and terms of service policies, and does not provide direct contact information or forms, indicating a low level of data collection and user interaction. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Overall, the site is safe, professional, and targeted at a general audience with no adult or questionable content.

S

SonarSource

tidelift.com

78

SonarSource is a technology company specializing in software security and code quality solutions, primarily through its flagship product SonarQube. The company targets developers, DevOps, and security teams by integrating advanced static application security testing (SAST), software composition analysis (SCA), infrastructure as code (IaC) scanning, and secrets detection into the developer workflow. SonarSource holds a strong market position as a leading provider of developer security tools with a professional and comprehensive online presence. Technically, the website is built using modern frameworks such as Gatsby and React, ensuring fast performance, mobile optimization, and good SEO practices. Security posture is robust with HTTPS enforcement, security headers, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. However, WHOIS data is missing, which slightly impacts transparency but does not detract from the overall legitimacy given the company's established reputation and certifications like ISO 27001. Overall, the website and business demonstrate a mature digital infrastructure and strong security culture.

B

Beeld & Geluid

beeldengeluid.nl

52

Beeld & Geluid is a prominent Dutch media archive and cultural institution serving a broad audience including individual visitors, media professionals, educators, and researchers. The website reflects a well-established organization with a clear focus on media heritage and education. The digital presence is professionally designed, mobile-optimized, and uses modern web technologies such as Google Analytics and Tag Manager for user insights. However, explicit privacy and cookie policies are not detected in the provided content, which may impact compliance with GDPR requirements. Security posture is adequate with HTTPS enabled and some security best practices observed, but additional security headers and published policies would enhance trust and resilience. Overall, the domain registration aligns well with the organization's identity, supporting legitimacy and trustworthiness.

M

MUSEUM.CZ - rozcestník mezi českými muzei, muzea v ČR

museum.cz

48

Museum.cz is a Czech informational portal dedicated to providing comprehensive details about museums across the Czech Republic. It serves as a cultural directory offering museum descriptions, exhibition updates, user reviews, and event information. The website targets general audiences interested in cultural tourism and museum visits within the Czech Republic. The business model appears to be primarily advertising-based, leveraging Google Adsense and related services for revenue. Technically, the site uses standard web technologies including Google Fonts, Google Analytics, and Adsense scripts, with basic mobile optimization and accessibility features. Security posture is moderate with cookie consent implemented but lacking visible security headers and unclear SSL status. WHOIS data is unavailable, likely due to privacy protection, which is common for small informational sites. Overall, the site is functional, content-rich, and safe for general audiences but could improve in privacy transparency and security hardening.

P

Pilot Institute

pilotinstitute.com

62

Pilot Institute is a reputable online education provider specializing in aviation training, including drone and airplane pilot certification courses. Established in 2019, it has grown to serve over 250,000 students with a strong market presence supported by positive reviews and a 4.9-star rating. The company offers expert-designed curriculums aimed at helping students pass FAA exams and achieve pilot licenses. Their business model centers on online course enrollment and learning management systems, targeting individuals seeking pilot certification and drone business skills. Technically, the website is built on WordPress with modern SEO and tracking tools such as Yoast SEO, Google Tag Manager, and Facebook SDK. The site is mobile-optimized, accessible, and performs moderately well. Security is solid with HTTPS enabled and no exposed sensitive data, though it lacks some advanced security headers and published security policies. Privacy compliance is partial, with a clear privacy policy but no cookie consent mechanism. Overall, the security posture is good but could be improved by implementing security headers, incident response disclosures, and cookie consent. The domain WHOIS data is consistent with the business claims, showing transparency and legitimacy. The website is safe for general audiences, with no adult or questionable content detected. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and improving privacy compliance mechanisms.

B

Barker Technologies AB

heretorecord.com

54

Here to Record is a niche media and technology business focused on providing educational content, apps, and tools for live-video production professionals and enthusiasts. The website offers video content, downloadable apps, and a community Discord server to engage its audience. The business is operated by Barker Technologies AB, a Swedish company founded in 2016, with a clear market position in the live production space. The site demonstrates consistent branding and good content relevance tailored to its target audience. Technically, the website uses modern web technologies including Astro framework, Google Fonts, and Pirsch Analytics for tracking. DNS is managed via Nsone and Squarespace DNS services. The site is mobile-optimized with good navigation and SEO practices, though no CMS is detected. Performance is moderate with room for improvement in accessibility and security headers. Security posture is moderate; HTTPS is enforced and domain registration is transparent and consistent with the business history. However, DNSSEC is not enabled and security headers are missing, which are recommended for enhanced protection. No privacy or cookie policies are published, indicating compliance gaps. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website is professional and trustworthy with moderate risk. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and security posture significantly.

D

DuckDuckGo

duck.ai

65

DuckDuckGo is a well-established privacy-focused technology company founded in 2007, offering a search engine and AI chat services under the Duck.ai brand. The company emphasizes user privacy by not tracking searches or storing user prompts and outputs on their servers, instead opting for local device storage and anonymization before interacting with AI model providers. Their AI chat service integrates multiple leading AI models, including GPT and Claude, with strict privacy agreements in place. Technically, the website uses modern web technologies such as React and delivers a fast, mobile-optimized experience with excellent design and user experience. Security practices include HTTPS enforcement and data anonymization, though some security headers and cookie consent mechanisms could be improved. Overall, the domain registration and WHOIS data align with the company's history and branding, indicating a legitimate and trustworthy online presence.

I

Instruqt

instruqt.com

72

Instruqt operates a specialized SaaS platform providing hands-on lab experiences designed to facilitate training, workshops, and go-to-market strategies. The company targets technology professionals and product teams seeking interactive and practical learning environments. The website reflects a focused business model with a niche market position emphasizing product adoption and demand generation through experiential learning. Technically, the site is built on modern web technologies including Webflow CMS, HubSpot marketing tools, Google Tag Manager, and Visual Website Optimizer, indicating a mature digital infrastructure with integrated analytics and marketing automation. Security posture is adequate with HTTPS enforced and domain status protections, though improvements such as DNSSEC and explicit security headers are recommended. Privacy compliance is partial, with cookie consent mechanisms present but lacking explicit privacy and cookie policies. Overall, the website is professional and trustworthy, with room for enhanced transparency and security documentation.

Ned Batchelder's website is a personal and professional platform showcasing his software development work, blog writings, and community involvement primarily in the Python programming ecosystem. The site serves a niche audience of developers, educators, and parents interested in software, math, and autism-related topics. The business model is centered on content sharing and open source software contributions, positioning Ned as a respected individual contributor rather than a commercial enterprise. Technically, the website is hosted on DreamHost and uses standard web technologies including JavaScript and CSS, with Google Analytics for visitor tracking. The site is mobile optimized and has good SEO practices, though accessibility features are basic. The domain is well aged, created in 2001, indicating a stable online presence. However, there is room for improvement in security headers and privacy compliance. From a security perspective, the site uses HTTPS and has domain transfer protections, but lacks DNSSEC and security headers such as Content-Security-Policy. There is no published privacy or cookie policy, nor any vulnerability disclosure or incident response information. Google Analytics is used without visible cookie consent mechanisms, which may raise privacy compliance concerns. Overall, the website is trustworthy and professional with a strong personal brand but could enhance its security posture and privacy compliance to better protect visitors and align with modern standards.

Wingware is a specialized software company focused on developing Wing Python IDE, a comprehensive integrated development environment tailored exclusively for Python developers. With over 25 years of experience, Wingware offers advanced features such as AI-assisted coding, powerful debugging, remote development support, and integrated unit testing, targeting a broad audience including scientific researchers, web developers, and game developers. The company operates primarily through software licensing and support services, maintaining a strong niche position in the Python development tools market. Technically, the website employs a traditional web stack with jQuery and JavaScript, delivering a professional and accessible user experience. The site is hosted under a reputable registrar with HTTPS enforced and basic security headers implemented. While the site lacks advanced security headers and cookie consent mechanisms, it demonstrates good foundational security practices and a clean, well-structured design optimized for desktop and basic mobile use. From a security perspective, Wingware shows a mature posture with no evident vulnerabilities or exposed sensitive data. The domain registration is consistent with the business claims, and the website content is fully accessible without WAF or blocking mechanisms. However, the absence of explicit security policies, incident response contacts, and cookie consent indicates areas for improvement in compliance and transparency. Overall, Wingware presents a trustworthy and professional online presence with strong business credibility and technical quality. Strategic enhancements in privacy compliance and security policy publication would further strengthen their security posture and user trust.

MakoTemplates.org is the official website for the Mako templating library, a high-performance Python template engine widely used in web development frameworks such as Pylons and Pyramid. The project is open source and licensed under the MIT License, with notable usage by reddit.com, indicating strong market presence and reliability. The website provides comprehensive technical documentation, download links, and examples targeting Python developers seeking efficient templating solutions. Technically, the website is straightforward, built with standard HTML and CSS, and references Python-based frameworks. It lacks advanced CMS or analytics integrations, reflecting a focus on content delivery rather than marketing. The site is accessible without WAF or security challenges, but lacks visible security headers and privacy compliance documentation, which are areas for improvement. From a security perspective, the site shows no immediate vulnerabilities or exposed sensitive data but does not demonstrate advanced security best practices such as security headers or incident response contacts. The WHOIS data is unavailable due to privacy protection, which is typical for open source projects and does not detract from legitimacy. Overall, the site is trustworthy, safe, and professionally maintained but would benefit from enhanced privacy and security disclosures. The overall risk is low given the nature of the site and its audience, but strategic recommendations include implementing HTTPS with strong SSL, publishing privacy and cookie policies, adding security headers, and providing clear security incident contacts to improve compliance and trust.

T

The CherryPy team

cherrypy.dev

58

CherryPy is an established open-source Python web framework project with a long history dating back to 2001. The website serves as an informational and resource hub for developers interested in using CherryPy, offering documentation, downloads, community links, and development resources. The project targets Python developers seeking a minimalist and pythonic web framework. The business model is primarily open-source with an enterprise subscription offering via Tidelift, indicating a hybrid approach to monetization. Technically, the website is simple, fast, and hosted on GitHub Pages. It uses standard web technologies including HTML5, CSS, and Google Fonts. The framework itself supports multiple Python platforms and versions, emphasizing flexibility and stability. The site is mobile optimized and provides clear navigation and relevant content for its audience. From a security perspective, the site does not expose forms or sensitive data, which reduces attack surface. However, no privacy or cookie policies are present, and no security headers were detected in the provided data, indicating room for improvement in security best practices. The domain registration data is consistent with the website content and supports legitimacy. No WAF or blocking mechanisms were detected. Overall, the website is professional, trustworthy, and serves its target audience well but would benefit from enhanced privacy compliance and security hardening to improve trust and regulatory adherence.

Nikola is an established open-source static site generator project founded in 2013, providing a Python-based tool for developers and content creators to build static websites efficiently. The website serves as a comprehensive resource with documentation, add-ons, and community support channels, positioning itself as a niche but mature player in the static site generation space. The business model revolves around free software distribution with community-driven development and support. Technically, the site is built with modern web standards including Bootstrap and FontAwesome, and leverages Cloudflare DNS for hosting infrastructure. The site is performant, mobile-optimized, and accessible, with a clean and professional design. Analytics are minimal, using StatCounter, and no intrusive advertising or tracking is present. From a security perspective, the site uses HTTPS and domain status locks but lacks DNSSEC and security headers. No forms collect sensitive data on the main page, and no explicit security or incident response policies are published. Privacy compliance is limited, with no cookie consent mechanism and only a basic license page serving as a privacy reference. Overall, the website is trustworthy and professional, suitable for its technical audience. However, improvements in privacy compliance, security headers, and vulnerability disclosure policies would enhance its security posture and user trust.

H

Harness

harness.io

76

Harness is a leading AI-native software delivery platform provider focused on modernizing DevOps processes through integrated CI/CD, feature management, chaos engineering, and cloud cost optimization. The company targets enterprise engineering teams seeking to accelerate innovation velocity and improve developer experience. Their platform offers a comprehensive suite of tools designed to automate and secure the software delivery lifecycle. Technically, the website is built on modern web technologies including Webflow CMS, Google Tag Manager, and Coveo search, delivering excellent performance and mobile optimization. Security posture is strong with HTTPS enforcement, security headers, and secure form handling, though explicit incident response and vulnerability disclosure policies are not publicly detailed. Overall, Harness demonstrates a mature digital presence with high-quality content, strong branding, and trust signals such as customer logos and case studies. The WHOIS data is privacy protected but consistent with a legitimate enterprise SaaS business. Strategic recommendations include enhancing transparency around security certifications and incident response, and formalizing vulnerability disclosure mechanisms.

E

Edgewall Software

edgewall.org

45

Edgewall Software is a small, specialized technology company founded in 2003 in Sweden, focused on developing open source software tools primarily based on the Python programming language. Their flagship product is Trac, a web-based project management system, complemented by other Python tools such as Genshi, Babel, and Bitten. The company targets software developers and open source communities, positioning itself as a niche leader in web-based project management and Python development tools. The website reflects a professional and consistent brand image with clear product offerings but lacks comprehensive privacy and security disclosures. Technically, the website uses a simple tech stack including Python-based tools and Google Analytics for visitor tracking. Hosting DNS is managed by Hurricane Electric. The site shows moderate performance and basic mobile optimization but lacks modern security features such as HTTPS enforcement and security headers. No CMS or advanced frameworks are detected, indicating a lightweight, possibly static or custom-built site. From a security perspective, the site does not present critical vulnerabilities but lacks important best practices such as HTTPS, DNSSEC, security headers, and published privacy or cookie policies. No contact or incident response information is provided, which limits transparency and user trust. The domain registration data is consistent and trustworthy, supporting the legitimacy of the business. Overall, the website is safe and professional but would benefit from enhanced security measures, privacy compliance, and clearer contact information to improve trust and compliance posture.

P

Python Software Foundation

pypi.org

75

The Python Package Index (PyPI) is a critical infrastructure platform operated by the Python Software Foundation, serving as the official repository for Python software packages. It enables developers to find, install, and publish Python packages, supporting the global Python community. The platform is well-established with a domain age since 2015 and strong backing by reputable sponsors such as AWS, Google, and Fastly, reflecting its market leadership and trustworthiness. Technically, PyPI employs a modern technology stack including JavaScript, CSS, and custom Python-based Warehouse software, hosted on AWS with Fastly CDN for performance optimization. The website is well-optimized for mobile and accessibility, with good SEO practices and fast performance. The use of HTTPS and reputable DNS providers enhances its security posture, although DNSSEC is not enabled. From a security perspective, PyPI demonstrates strong practices such as HTTPS enforcement and domain transfer protection. However, there is room for improvement by enabling DNSSEC, adding security headers, and publishing a security.txt file to facilitate vulnerability disclosures. No critical vulnerabilities or exposed sensitive data were detected. Overall, PyPI presents a high level of professionalism, security, and compliance with privacy policies. It is a trusted platform for Python developers worldwide. Strategic recommendations include enhancing DNS security, formalizing incident response information, and improving transparency around security policies to further strengthen trust and resilience.

Planet Python is a content aggregation website operated by the Python Software Foundation, providing curated Python-related blog posts, tutorials, and podcasts to the Python developer community. The site serves as a centralized hub for Python educational content, targeting developers and enthusiasts worldwide. Technically, the site uses the Planet/2.0 aggregation software, hosted on AWS infrastructure, with a basic but functional design and moderate mobile optimization. Security posture is moderate, with HTTPS implied but no DNSSEC or advanced security headers detected. Privacy and cookie policies are absent, indicating room for compliance improvements. Overall, the domain registration data aligns well with the organization's identity, confirming legitimacy. Strategic recommendations include enhancing privacy compliance, implementing security best practices, and improving accessibility and mobile responsiveness to better serve the community and maintain trust.

The domain rockstarwriter.com currently serves as a 404 Not Found error page with no active business content. The domain is used by Admiral, a service provider specializing in copyright access control and privacy compliance for digital publishers. The site content focuses on explaining the domain's role in providing copyright and privacy services, including GDPR compliance and subscription support, but does not present any direct business or contact information. Technically, the site is hosted on Google Cloud Platform with HTTPS enabled and follows good security practices such as frequent certificate rotation and no hosting of executable files. However, the lack of active content, absence of contact details, and missing cookie consent mechanism limit the site's usability and trustworthiness. The domain registration is consistent and legitimate, with a long history since 2007 and no privacy protection enabled, indicating transparency. Overall, the site is informational only and not a fully functional business website.

H2VX is a small technology-focused service provider specializing in data conversion services, specifically for contacts and events. The website is minimalistic, offering two main services accessible via subdirectories. The business appears to have been established in 2009, supported by a domain registration of the same age, indicating a stable presence in its niche market. However, the website lacks detailed business information, contact details, and compliance documentation, which limits its professional presentation and trustworthiness. Technically, the website is simple, built with basic HTML and CSS, hosted on DreamHost. There is no evidence of modern frameworks, CMS, or advanced technical features. Performance and mobile optimization are basic, and SEO is minimal due to lack of meta tags and structured data. No analytics or advertising technologies are detected, suggesting a low digital maturity level. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which reduces its security posture. No privacy or cookie policies are published, and no incident response or vulnerability disclosure information is available. The WHOIS data is consistent and trustworthy, with no privacy protection, indicating transparency in domain ownership. Overall, the website is functional but basic, with significant room for improvement in security, compliance, and business credibility. Strategic enhancements in privacy policies, security headers, and contact information would improve trust and compliance.

ASIN.cc is a small technology-focused website offering a specialized utility service for shortening Amazon product links using ASIN or ISBN-10 codes. The service emphasizes computed shortlinks that are programmatically determinable, providing robustness over traditional database-stored shortlinks. The site targets Amazon shoppers, affiliate marketers, and developers who require concise Amazon URLs. The business model appears to be a free tool, potentially monetized through affiliate marketing or traffic generation. Technically, the website is built with basic HTML, CSS, and JavaScript, hosted on DreamHost. It uses no detected CMS or advanced frameworks. The site performs well with fast loading times but has only basic mobile optimization and accessibility features. SEO is minimal but sufficient for its niche purpose. No analytics or advertising scripts were detected, indicating minimal user tracking. From a security perspective, the site uses HTTPS but lacks DNSSEC and important security headers such as Content-Security-Policy and Strict-Transport-Security. There are no published privacy, cookie, or security policies, nor incident response or vulnerability disclosure information. The absence of contact information limits user trust and compliance with privacy regulations. The WHOIS data is consistent and indicates a legitimate domain with a long registration period. Overall, ASIN.cc is a functional niche utility with a moderate security posture and limited compliance maturity. Strategic improvements in security headers, privacy policies, and contact transparency would enhance trust and compliance.

IndieAuth.net serves as an informational and specification website for the IndieAuth protocol, a decentralized identity solution built on OAuth 2.0. The site targets developers and website owners interested in decentralized authentication, providing detailed documentation, tutorials, and links to self-hosted and public IndieAuth providers. The business model is community and open-source driven, focusing on protocol adoption rather than commercial services. Technically, the site is a simple static HTML/CSS implementation hosted on Linode, with no detected CMS or complex frameworks. The site performs moderately with basic mobile optimization and accessibility features. Security posture is moderate; while HTTPS is implied (not explicitly stated in data), DNSSEC is not enabled and no security headers are detected, indicating room for improvement. No privacy or cookie policies are present, and no contact or incident response information is provided, which impacts compliance and trust. Overall, the site is trustworthy within its niche but would benefit from enhanced security and privacy disclosures.

Webmention.net serves as an informational hub for the Webmention protocol, a W3C Social Web Working Group specification contributed by the IndieWeb community. The site provides links to the latest published versions, drafts, and implementations of the protocol, targeting developers and web technologists interested in decentralized social web standards. The website is minimalistic, focusing on content delivery rather than commercial services or user engagement features. Technically, the site is hosted on Linode with domain registration through NameCheap, indicating a stable and reputable infrastructure. The technology stack is basic, consisting primarily of HTML and CSS, with no detected CMS or advanced frameworks. Performance and mobile optimization are moderate to basic, reflecting the simple nature of the site. From a security perspective, the site lacks advanced security headers, privacy policies, cookie consent mechanisms, and contact information for incident response. DNSSEC is not enabled, which is a recommended improvement for domain security. No analytics or tracking technologies are present, which reduces privacy concerns but also limits business intelligence capabilities. Overall, the website is safe and trustworthy for its intended audience but would benefit from enhanced security practices, privacy compliance documentation, and improved technical sophistication to better serve its community and maintain trust.

OAuth2Simplified.com is a specialized educational website dedicated to providing comprehensive guidance on building OAuth 2.0 servers. The site offers a variety of resources including a well-regarded book authored by Aaron Parecki, online courses on OAuth and advanced security topics, and related merchandise. The business is positioned as a niche authority in the OAuth and API security space, targeting developers, architects, and technical professionals interested in secure API authorization frameworks. The site is published by Okta, Inc., a recognized leader in identity and access management, lending strong credibility to the content and offerings. Technically, the website is well-constructed with modern HTML5 and CSS, uses reputable third-party services such as MailChimp for email marketing and Fathom Analytics for privacy-focused analytics, and is hosted on Linode, a reliable cloud provider. The site is mobile optimized and demonstrates good SEO and accessibility practices. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though it lacks some security headers and formal privacy and cookie policies, which are areas for improvement. No contact emails or phone numbers are explicitly provided, which may impact user trust and compliance. Overall, the website is professional, trustworthy, and serves as a valuable resource in its domain, but would benefit from enhanced privacy compliance and security policy disclosures.

The website w7apk.com is a personal amateur radio enthusiast site maintained by Aaron Parecki. It provides a variety of radio-related content including cheat sheets, hardware and software reviews, protocol explanations, and community links. The site targets amateur radio hobbyists and serves as an informational resource rather than a commercial business. The domain age and content timeline are consistent, supporting the legitimacy of the site. Technically, the site is built with basic HTML, CSS, and JavaScript, with minimal use of external libraries and a lightweight analytics tool (Fathom Analytics). The site is moderately optimized for mobile and SEO but lacks advanced technical frameworks or CMS platforms. Security posture is basic; HTTPS is implied but no advanced security headers or DNSSEC are implemented. Privacy compliance is minimal with no visible privacy or cookie policies. Contact information is limited to a contact page without explicit emails or phone numbers. Overall, the site is safe, trustworthy, and suitable for general audiences with no adult or questionable content.

M

Mikrobiologický ústav AV ČR, v.v.i.

alga.cz

51

Centrum Algatech is a reputable research center under the Microbiological Institute of the Czech Academy of Sciences, specializing in microscopic algae research and biotechnology. The center is internationally recognized and operates unique cultivation facilities. The website reflects a medium-sized scientific institution with a focus on research and public outreach. Technically, the site uses older but functional technologies like the Dojo Toolkit, with moderate performance and basic mobile optimization. Security posture is moderate with room for improvement, especially in HTTPS enforcement and security headers. Privacy compliance is partial, with a cookie consent mechanism but no explicit privacy policy page. WHOIS data is unavailable, which reduces domain transparency but does not negate the site's legitimacy given its institutional affiliation. Overall, the website is professional, content-rich, and safe for general audiences.

pin13.net is a personal and technical utility website primarily focused on providing developer tools such as a Microformats parser, character counter, JSON prettifier, Instagram caption formatter, and number base converter. The site is closely associated with Aaron Parecki, a known figure in the IndieWeb and OAuth communities, as evidenced by multiple links to his personal projects and related technical standards. The website targets developers and technical users interested in microformats and web standards. The business model is personal and utility-focused without commercial complexity, relying on affiliate links such as Amazon referrals. Technically, the site uses a simple stack with HTML, CSS, JavaScript, and jQuery 1.3.2, hosted on Linode servers. While functional, the technology is somewhat outdated, particularly the jQuery version, which may expose the site to security vulnerabilities. The site lacks modern security headers and DNSSEC, and there is no visible privacy or cookie policy, which limits compliance with privacy regulations. Google Analytics is used for tracking, and an Amazon affiliate program is integrated. From a security perspective, the site is accessible without WAF or blocking mechanisms, but it lacks advanced security features such as CSP, HSTS, and CSRF protections. The absence of DNSSEC and use of an outdated JavaScript library are notable weaknesses. No sensitive data exposure or critical vulnerabilities were detected, but improvements are recommended to enhance security posture and privacy compliance. Overall, pin13.net is a small, niche technical site with moderate trustworthiness and basic security. Strategic improvements in security practices, privacy policies, and technology modernization would enhance its reliability and compliance.

B

Barnaby Walters

waterpigs.co.uk

46

The website waterpigs.co.uk is a personal blog and portfolio site for Barnaby Walters, focusing on his interests in musical instrument building, music performance, programming, electronics, wildlife, and IndieWeb technologies. The site serves a niche audience interested in these topics and provides detailed notes, articles, and technical insights. The business model is personal content sharing without commercial sales or services. Technically, the site uses a modern but simple tech stack including HTML5, CSS, JavaScript, Leaflet.js, and RequireJS, hosted by Hostinger in Lithuania. The site is built on the Taproot framework and follows IndieWeb standards, indicating a mature digital presence. Security posture is moderate with HTTPS implied but lacking explicit security headers and published policies. Privacy compliance is weak due to absence of privacy and cookie policies. Contact information is provided via email and social media links, enhancing credibility. Overall, the site is trustworthy and professionally maintained but could improve in privacy and security transparency.

U

Unfold Event 2026

unfold-event.ch

57

The website unfold-event.ch serves as the official landing page for the Unfold event series, focusing on the upcoming 2026 edition. It provides information about past events, expresses gratitude to attendees, and encourages visitors to subscribe for updates. The site targets event attendees and interested parties primarily in Switzerland. The business model revolves around event organization and promotion with a small-scale, niche market presence. Technically, the website is built using the Astro framework (version 4.5.10) with custom JavaScript for interactive elements like countdown timers and form validation. The site demonstrates moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. No major CMS or hosting details are evident from the content. From a security perspective, the site uses HTTPS but lacks visible security headers such as Content-Security-Policy or HSTS. There is no cookie consent mechanism or comprehensive privacy policy hosted on the site itself, though a privacy policy link to an external provider is present. No incident response or vulnerability disclosure information is available, indicating a basic security posture suitable for a small event site but with room for improvement. Overall, the website is professional and trustworthy for its purpose but would benefit from enhanced security practices, privacy compliance improvements, and richer business information to increase credibility and user trust.

G

Gas Inside Information Platform (GIIP)

gasinsideinformationplatform.pl

71

Gas Inside Information Platform (GIIP) operates as a specialized platform dedicated to wholesale energy market participants, facilitating compliance with the REMIT regulation (EU) No 1227/2011 by providing a channel for disclosure of inside information. The platform is recognized and listed by the Agency for the Cooperation of Energy Regulators (ACER), positioning it as a trusted service provider within the European energy regulatory ecosystem. The website content clearly targets energy market participants requiring regulatory compliance services, offering key services such as publishing Urgent Market Messages and client onboarding. Technically, the website employs a standard modern web stack including HTML5, CSS, JavaScript, jQuery, and Bootstrap 3.3.7. It integrates Google Analytics for visitor tracking and implements a cookie consent mechanism compliant with EU regulations. Hosting is provided by OVH SAS, a reputable registrar and hosting provider. The site demonstrates moderate performance and good mobile optimization, though accessibility features are basic. SEO practices are present but could be enhanced. From a security perspective, the site enforces HTTPS and uses CSRF tokens in meta tags, indicating attention to secure form handling. However, DNSSEC is not enabled, and security headers are not explicitly detected, suggesting room for improvement in hardening the site against common web threats. No explicit security or incident response policies are published, and no vulnerability disclosure mechanisms are evident. Privacy compliance is basic but present, with clear privacy and cookie policies and a consent banner. Overall, the website is legitimate, professional, and trustworthy with no signs of malicious or adult content. The domain registration data aligns well with the business timeline and sector. Recommendations include enabling DNSSEC, adding security headers, publishing security policies, and enhancing accessibility and SEO for improved user experience and security posture.

W

Westmetall GmbH & Co. KG

westmetall.com

47

Westmetall GmbH & Co. KG operates as a specialized supplier and trader of non-ferrous metals, including primary metals, wires, cables, semi-finished products, and scrap metals. The company targets businesses in the metal trading and recycling sectors, offering direct access to international metal markets with a focus on price advantages and risk reduction. The website presents a professional and consistent brand image with clear navigation and relevant business content. Technically, the website is built using depage-cms v2.6.1 with standard HTML, CSS, and JavaScript. The site shows moderate performance and basic mobile optimization. SEO practices are adequately implemented with proper meta tags and keywords. However, no advanced analytics or tracking technologies are detected, indicating a minimal user tracking approach. From a security perspective, the site lacks visible security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. The WHOIS data is missing, which raises concerns about domain legitimacy and trustworthiness. No contact emails or phone numbers are explicitly provided on the homepage, limiting direct communication channels. Overall, the website is functional and business-appropriate but would benefit from enhanced security measures, improved privacy compliance, and clearer contact information to strengthen trust and credibility.

J

Jihočeský vědeckotechnický park, a.s.

jihoczech.cz

44

Jihočzech is a regional entrepreneurial competition organized by Jihočeský vědeckotechnický park, a.s., aimed at supporting innovative business ideas and startups in the South Bohemian region of the Czech Republic. The website provides detailed information about the competition phases, prizes, and useful resources for new entrepreneurs. It targets aspiring entrepreneurs seeking professional coaching, networking, and potential investment opportunities. Technically, the website employs modern web technologies including Google Analytics, Google Tag Manager, and Facebook Pixel for analytics and marketing, with a responsive design optimized for mobile devices. Security posture is adequate with HTTPS enforced and cookie consent mechanisms implemented, though explicit security headers are not detected and no formal security policy or incident response information is published. The absence of WHOIS data for the domain reduces transparency and trustworthiness from a domain registration perspective. Overall, the site is professional, content-rich, and user-friendly, serving its business purpose effectively.

G

GAZ-SYSTEM S.A.

gaz-system.pl

56

GAZ-SYSTEM S.A. is a strategic Polish company operating in the energy sector, specifically as a gas transmission system operator. The company manages the transmission of natural gas, maintenance and development of gas pipeline infrastructure, and operates LNG and FSRU terminals. It serves a broad audience including business clients, suppliers, media, and stakeholders in the energy market. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional branding. Technically, the site uses modern JavaScript libraries, Google Analytics, and Google Tag Manager for tracking, and is built on a custom CMS platform. Mobile optimization and accessibility features are well implemented. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers and explicit incident response information are missing. WHOIS data is not publicly available, indicating privacy protection which is justified given the company's strategic role. Overall, the site is trustworthy, professional, and compliant with GDPR and cookie regulations.

I

Infodrog - Schweizerische Koordinations- und Fachstelle Sucht

quatheda.ch

59

QuaTheDA is a Swiss quality norm initiative focused on addiction therapy, drug and alcohol prevention, and health promotion, operated by Infodrog and endorsed by the Swiss Federal Office of Public Health (BAG). The website serves as an authoritative resource for quality standards, certification, training programs, and satisfaction surveys within the addiction support sector in Switzerland. It targets professionals and institutions involved in addiction help and prevention. Technically, the site is built on the Contao CMS, uses Matomo analytics configured for privacy, and is well-structured with multilingual support. Security posture is good with HTTPS and privacy-conscious analytics, though it lacks some security headers and explicit cookie consent mechanisms. WHOIS data confirms legitimacy and consistency with the business claims. Overall, the site is professional, trustworthy, and well-aligned with its governmental and non-profit mission.

The website jungschar-gelterkinden.ch represents a small, community-focused non-profit youth organization named Cevi Gelterkinden, affiliated with the local church and regional Cevi Basel association. It offers regular youth activities for children from kindergarten through 7th grade, including games, crafts, and camps. The site content is well-structured and relevant to its target audience of children and their parents, with consistent branding and clear program information. Technically, the site uses basic HTML, CSS, and JavaScript without advanced frameworks or CMS, resulting in moderate performance and basic mobile optimization. Security posture is average, with no HTTPS or security headers explicitly detected in the provided data, and no forms or sensitive data collection present. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the domain registration aligns well with the website's community focus, indicating legitimacy and trustworthiness.

F

FAST ČR, a.s.

fastcr.cz

54

FAST ČR, a.s. is a Czech Republic-based wholesale distributor and service provider specializing in consumer electronics, household appliances, and related products since 1992. The company serves retailers and end customers primarily within the Czech market, offering a broad portfolio of well-known global and local brands. Their business model focuses on wholesale sales and after-sales service, positioning them as a trusted regional partner in their sector. Technically, the website employs standard web technologies including JavaScript, CSS, and Google Analytics for tracking. The site is accessible with moderate performance and basic mobile optimization. However, there is a lack of advanced security headers and no visible CMS or hosting provider information. Privacy and cookie policies are absent, indicating room for improvement in compliance and user transparency. From a security perspective, the site uses HTTPS but lacks explicit security headers and incident response contact information. The absence of WHOIS data for the domain raises concerns about domain registration transparency, although the website content and branding appear professional and consistent with a legitimate business. No critical vulnerabilities or adult content were detected. Overall, the website presents a professional business front with moderate technical maturity and some security and compliance gaps. Strategic improvements in privacy policies, security headers, and domain registration transparency are recommended to enhance trust and compliance.

J

Jirsa a Záruba

jzshop.cz

58

JZShop.cz is a Czech-based e-commerce service provider specializing in the rental of customizable online shops with integrated solutions for suppliers, accounting, and inventory management. The company targets small to medium-sized businesses seeking tailored e-shop solutions with additional features such as integrated cash registers and multi-currency support. The website demonstrates a professional and modern design with clear navigation and mobile responsiveness, supported by a moderate technology stack including Google Analytics and Facebook Pixel for marketing and analytics purposes. Security posture is solid with HTTPS enforced and GDPR-compliant cookie consent mechanisms, although the absence of WHOIS data and explicit security headers slightly reduce trust. Overall, the site is well-structured, content-rich, and business-focused, but would benefit from enhanced transparency in domain registration and security policies.

D

Drumextra, s.r.o.

anatolian.cz

43

Anatolian is a Czech-based company specializing in the manufacturing and wholesale distribution of high-end cymbals, targeting drummers and music professionals. The website presents a professional and consistent brand image with clear contact information and a focus on quality musical instruments. The company appears to have a history dating back to 2000, although domain registration details could not be verified due to missing WHOIS data. Technically, the website uses modern web technologies including Google Tag Manager and Typekit fonts, with a responsive design and moderate performance. However, there is a lack of advanced security headers and no visible privacy or cookie policies, which indicates room for improvement in compliance and security posture. From a security perspective, the site is accessible without WAF or blocking mechanisms, but the absence of WHOIS data and security policies reduces trustworthiness. No vulnerabilities or exposed sensitive data were detected, but the site would benefit from implementing security best practices such as security headers and GDPR-compliant policies. Overall, the website is functional and professional but has gaps in privacy compliance and domain transparency. Strategic improvements in security and compliance would enhance trust and reduce risk.

R

RADIX Schweizerische Gesundheitsstiftung

radix.ch

69

RADIX Schweizerische Gesundheitsstiftung is a Swiss non-profit health foundation dedicated to health promotion and prevention. The organization targets Swiss residents interested in improving their health and well-being through educational programs and services. The website reflects a professional and consistent brand image, with a clear focus on healthcare and public health sectors. The foundation operates with a medium-sized organizational footprint and leverages modern web technologies to engage its audience effectively. Technically, the website is built on the Umbraco CMS platform and integrates a variety of modern JavaScript libraries and APIs, including Google Tag Manager, reCAPTCHA, Cookiebot for consent management, and Google Maps API. The site demonstrates good mobile optimization and moderate performance, with a solid SEO foundation and basic accessibility features. From a security perspective, the site enforces HTTPS, employs strong security headers, and uses cookie consent mechanisms aligned with GDPR requirements. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a publicly available security policy and incident response information represents an area for improvement. Overall, RADIX.ch presents a trustworthy and professionally maintained online presence with strong privacy compliance and a clear focus on user data protection. Strategic recommendations include publishing explicit security and incident response policies, enhancing accessibility, and maintaining vigilance on third-party script security to sustain and improve its security posture.

P

Portfolio restaurant

portfolio-restaurant.cz

56

Portfolio restaurant is a small hospitality business based in Prague, Czech Republic, offering dining services with an emphasis on wine and online ordering capabilities. The website is professionally designed with good content quality and clear navigation, targeting a mature audience interested in restaurant dining and wine purchases. The business leverages social media platforms such as Facebook and Instagram to engage customers and maintain a trustworthy online presence. Technically, the website uses standard web technologies like JavaScript, CSS, and HTML5, with moderate performance and good mobile optimization. However, no CMS or hosting provider details are evident from the content provided. Security posture is basic with HTTPS enabled but lacks important security headers, which could be improved to enhance protection. Privacy and cookie policies are present and GDPR compliant, reflecting awareness of data protection regulations. The absence of WHOIS data is a notable concern, reducing domain trustworthiness and suggesting further verification is needed. Overall, the website is functional and professional but could benefit from enhanced security measures and clearer business contact information.

L

LEBEDA Tools s.r.o.

ronda.cz

60

LEBEDA Tools s.r.o. is a well-established Czech retail company specializing in garden, workshop, and pet supplies with over 30 years of experience. The company operates both a physical store and an e-commerce platform, offering a wide range of products including garden machinery, tools, and accessories from reputable brands. Their services include expert installation, authorized repairs, and customer training, positioning them as a reliable partner in their market segment. Technically, the website is built on the JZShop.cz platform, utilizing standard web technologies and integrating social media and marketing tools such as Facebook SDK and pixel tracking. The site is accessible, mobile-optimized, and includes GDPR-compliant privacy and cookie policies. Security posture is adequate with HTTPS enforced, though improvements in security headers and explicit incident response policies are recommended. Overall, the website presents a professional and trustworthy digital presence aligned with its business goals.

M

Milagro

milagro.cz

65

Milagro is an authorized e-commerce retailer specializing in Pandora jewelry, offering a wide range of products such as rings, earrings, necklaces, and bracelets. The website targets consumers primarily in the Czech Republic, providing services including product personalization and free shipping for orders above a certain threshold. The platform demonstrates a consistent brand identity and positions itself as a trusted authorized reseller within the retail jewelry market. Technically, the website is built using modern web technologies including Next.js and React, ensuring a responsive and user-friendly experience across devices. The site employs HTTPS with strong security headers, indicating a good security posture. However, the absence of WHOIS data and lack of visible cookie consent mechanisms suggest areas for improvement in domain transparency and privacy compliance. From a security perspective, the site follows best practices with HTTPS enforcement and security headers, but could enhance user trust by adding explicit privacy and cookie policies and implementing a security.txt file for vulnerability disclosures. Overall, the site is professional and secure, but the missing WHOIS information and privacy compliance gaps slightly reduce its trustworthiness. Strategic recommendations include improving GDPR compliance with visible cookie consent, enhancing domain transparency, and establishing a formal vulnerability disclosure process to strengthen security culture and user trust.

The website marykaypromotion.de is a small German-language blog focused on philosophy topics. It is built on WordPress and hosted on German nameservers provided by netclusive.de. The site contains minimal content, primarily a single blog post and a contact button without a linked form or email address. There are no privacy, cookie, or terms of service policies present, and no explicit business or company information is provided. Technically, the site uses standard WordPress technologies and modern web fonts, with basic mobile optimization and accessibility features. Security posture is weak due to the absence of security headers, incident response contacts, and published security policies. No analytics or advertising tools are detected, indicating minimal user tracking. Overall, the site is accessible without WAF or blocking mechanisms and contains safe content suitable for a general audience.

gutefrage.net is the largest German-speaking question-and-answer platform, facilitating community-driven knowledge exchange among millions of users. The platform emphasizes anonymity and quick responses, serving a broad general audience primarily in Germany. The website demonstrates a good level of content quality, with a professional design and clear navigation, optimized for mobile devices. Technically, it employs modern web technologies including JavaScript and CSS, and integrates a consent management platform to ensure GDPR compliance. However, some security headers and detailed WHOIS data are missing, which slightly impacts the overall security posture assessment. Privacy policies and cookie consent mechanisms are well implemented, reflecting a strong commitment to user data protection. Overall, gutefrage.net presents a trustworthy and professional online presence with room for technical and security enhancements.

A

APG|SGA

infosnow.ch

45

infosnow.ch is a specialized portal offering interactive maps and detailed information about ski resorts and mountain tourism destinations primarily in Switzerland. The site targets tourists and outdoor enthusiasts seeking seasonal activity information and resort details. The business operates in the transportation sector with a focus on mountain tourism. Technically, the site uses OpenStreetMap tiles and custom JavaScript for map rendering, providing a good user experience with moderate performance and basic mobile optimization. However, the site lacks visible privacy and cookie policies, contact information, and security headers, which impacts its security posture and privacy compliance. No WAF or blocking mechanisms were detected, and the domain registration data aligns well with the business claims, indicating legitimacy. Overall, the site is functional and relevant but would benefit from improved security and compliance measures.

B

Blue Cocktail Bar

bluecocktailbar.ch

53

Blue Cocktail Bar is a small hospitality business operating a cocktail bar in Switzerland, targeting a mature audience interested in nightlife and alcoholic beverages. The website is built on TYPO3 CMS and incorporates standard web technologies including JavaScript and CSS, with analytics provided by Google Analytics and Matomo. The technical infrastructure is moderately optimized for performance and mobile responsiveness but lacks advanced SEO and accessibility features. Security posture is adequate with HTTPS enabled, but the absence of security headers and explicit security policies indicates room for improvement. Privacy compliance is weak due to missing privacy and cookie policies and lack of consent mechanisms. Overall, the website is functional but requires enhancements in privacy, security, and user trust elements to improve compliance and user confidence.

I

Infodrog / RADIX

safezone.ch

57

SafeZone.ch is a Swiss government-supported online platform providing free and anonymous addiction counseling and information services. It targets individuals affected by addiction, their relatives, professionals, and interested parties. The platform offers online counseling, self-tests, public Q&A, and a digital self-help app, positioning itself as a trusted resource in the Swiss healthcare and social support ecosystem. Technically, the site is built on the Contao CMS, uses privacy-conscious Matomo analytics, and is well-optimized for mobile and accessibility. Security posture is strong with HTTPS and privacy protections, though explicit security policies and incident response contacts are not published. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations.

S

Sotovox

sotovox.cz

43

Sotovox is a small a cappella vocal group based in the Czech Republic, specializing in live vocal performances without instrumental accompaniment. Their website showcases upcoming and past concerts primarily in Prague, offers a Christmas CD, and links to their presence on Spotify and YouTube. The group engages with their audience via social media platforms including Facebook, Instagram, and YouTube. Technically, the website is built with standard HTML5, CSS, and JavaScript, using Google Fonts and embedded YouTube videos. The site is mobile optimized and provides a good user experience with clear navigation and multimedia content. However, it lacks privacy and cookie policies, security headers, and WHOIS domain registration data, which impacts trust and compliance assessments. No forms or analytics scripts are present, indicating minimal data collection and tracking.