Security Directory

M

MTM ASSOCIATION e.V.

mtm.org

69

MTM ASSOCIATION e.V. is an established organization founded in 1997, specializing in training, consulting, software, and research focused on human work design. The website presents a professional image with consistent branding and targets businesses and professionals interested in productivity and work design standards. Technically, the site is built on TYPO3 CMS, employs modern web technologies, and integrates comprehensive cookie consent management via Cookiebot, alongside analytics and marketing tools from Google, Facebook, LinkedIn, and YouTube. Security posture is solid with HTTPS enforced and domain registration consistent with a legitimate business, though improvements such as DNSSEC and enhanced security headers are recommended. Privacy compliance is well addressed through detailed cookie declarations and GDPR-aligned consent mechanisms. Overall, the website is trustworthy, professional, and safe for general audiences.

B

Budapest Music Center

bmc.hu

59

Budapest Music Center (BMC) is a well-established Hungarian cultural institution focused on contemporary Hungarian music, operating since 1996. The website serves as a portal for music information, concert venue details, and music library services, targeting Hungarian music enthusiasts and the cultural community. The business model centers on cultural promotion and event hosting, with a strong local market presence. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management. It is hosted behind Cloudflare infrastructure, ensuring good performance and security. The site is mobile optimized and includes basic accessibility features, with good SEO practices evident from meta tags and Open Graph data. Security posture is strong with HTTPS enforcement, appropriate security headers, and anti-bot cookies. The site uses a comprehensive cookie consent mechanism compliant with GDPR, though lacks explicit security policy or incident response contact pages. No vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional and trustworthy digital presence with moderate to good scores in content quality, technical implementation, security, privacy compliance, and business credibility. Strategic recommendations include adding terms of service, security policy, and incident response information to enhance transparency and trust.

L

Landesregierung Brandenburg

brandenburg.de

10

The website is the official online portal of the Landesregierung Brandenburg, the state government of Brandenburg, Germany. It serves as a comprehensive information hub for citizens and stakeholders, providing access to government news, services, and thematic content related to the state's administration and public affairs. The site is well-branded, consistent, and targets a broad audience including residents, businesses, and government officials. The business model is that of a government information and service portal, with no commercial intent. Technically, the site uses a custom CMS with a modern tech stack including HTML5, CSS3, JavaScript, jQuery, and Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized and accessible, with good SEO practices. Hosting details are not explicit but the domain uses a nameserver consistent with the Brandenburg region. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR. However, no explicit security headers were detected in the HTML content, and no published security policies or incident response contacts were found. The site does not expose sensitive data or use vulnerable libraries visibly. Overall, the security posture is good but could be improved by adding security headers and formal vulnerability disclosure information. Overall, the website is trustworthy, professional, and compliant with privacy regulations. It poses low risk and serves its purpose effectively as a government portal. Strategic recommendations include enhancing security headers, publishing security policies, and improving contact transparency for incident response.

S

Südwest Presse

swp.de

9

Südwest Presse operates a professional regional news website (swp.de) serving the German market, primarily Baden-Württemberg. The platform offers news and current affairs content with a focus on regional relevance. The website demonstrates a good level of digital maturity, employing modern JavaScript libraries, asynchronous script loading, and responsive design principles. However, explicit privacy and cookie policies are not detected in the provided content, which may impact compliance with GDPR requirements. Security posture is adequate with HTTPS enforced but lacks visible security headers and formal security policies. Overall, the site is trustworthy and professionally maintained but could improve privacy transparency and security hardening.

R

Reservix GmbH

reservix.de

68

Reservix GmbH operates a well-established online ticketing platform primarily serving the German market. The website offers a broad range of event tickets including concerts, sports, musicals, and family events. The platform targets general consumers seeking convenient online ticket purchases and event information. The business model is e-commerce focused, with additional services such as voucher sales and event promotion. The company demonstrates consistent branding and maintains a professional online presence with good content quality and user experience. Technically, the website leverages modern JavaScript frameworks including React and Swiper.js for UI components, and integrates Google Tag Manager and Usercentrics for marketing and consent management. Hosting is provided via Amazon AWS, indicated by the DNS infrastructure. The site is mobile optimized and accessible, with good SEO practices and structured data for enhanced search engine visibility. From a security perspective, the site enforces HTTPS and uses a consent management platform to comply with GDPR. However, explicit security headers are not evident in the HTML content, and no published security or incident response policies were found. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with a legitimate business, showing no privacy protection and consistent domain registration. Overall, Reservix.de presents a secure, professional, and user-friendly ticketing portal with strong compliance and marketing practices. Strategic improvements could include publishing explicit security policies and enhancing HTTP security headers to further strengthen the security posture.

S

Slobodna domena Zadruga za otvoreni kod i dizajn

slobodnadomena.hr

10

Slobodna domena Zadruga za otvoreni kod i dizajn is a Croatian cooperative founded in 2017, specializing in open source software and design services. The cooperative brings together designers, programmers, creatives, and engineers to provide comprehensive expert services, targeting non-profit organizations, socially responsible entities, institutions, and commercial companies. Their business model emphasizes collaboration and social responsibility, positioning them as a niche player in the Croatian technology sector. Technically, the website employs modern web technologies including Matomo analytics with cookies disabled, Google Fonts, SVG graphics, and Turbolinks for navigation. The site is mobile-optimized and includes accessibility features such as dyslexia-friendly typography and contrast adjustments. Performance is moderate with good SEO and accessibility practices, although some improvements in security headers and privacy policies are needed. From a security perspective, the site uses HTTPS with a good SSL configuration and disables cookies in analytics to enhance privacy. However, it lacks explicit privacy and cookie policies, security headers, and vulnerability disclosure mechanisms, which are important for compliance and trust. No forms or sensitive data exposure were detected, and no suspicious or malicious content was found. Overall, the website is professional, trustworthy, and well-aligned with the cooperative's mission. The main risks relate to compliance gaps in privacy and cookie policies and the absence of security headers. Addressing these would improve the security posture and regulatory compliance, enhancing user trust and legal standing.

O

openPetition gGmbH

openpetition.eu

10

openPetition gGmbH operates a politically neutral, non-profit online platform that enables citizens to start, sign, and promote petitions across the European Union and other countries. With a user base of approximately 15 million people, the platform facilitates grassroots democracy and political participation by providing tools and guidelines for effective petitioning. The website is professionally designed, multilingual, and offers a clear user experience focused on civic engagement and transparency.

O

openPetition

openpetition.de

62

openPetition is a reputable German-based online platform that empowers citizens to create, support, and promote petitions and initiatives. It serves as a bridge between the public and political institutions by forwarding petitions that reach quorum to relevant parliaments. The platform targets a broad audience of citizens interested in civic engagement and political participation, offering multilingual support and a user-friendly interface. Technically, the website employs modern web standards, uses self-hosted analytics for privacy, and maintains good performance and accessibility standards. Security-wise, the site enforces HTTPS and follows several best practices but could enhance its posture by implementing additional security headers and providing explicit incident response contacts. Overall, the domain registration data aligns well with the website's claims, supporting its legitimacy and trustworthiness.

D

Domain-Bestellsystem

domain-bestellsystem.de

58

The website domain-bestellsystem.de serves as a login portal for a domain order system targeted primarily at resellers and partners. The site provides a basic interface for reseller users to enter their credentials and access the ordering system. The business model appears to be a B2B reseller platform within the technology sector, focusing on domain management services. The site content is minimal and functional, lacking detailed business or contact information, privacy policies, or terms of service. The target audience is clearly resellers or partners rather than general consumers. From a technical perspective, the website uses legacy JavaScript libraries such as jQuery 1.4.4 and related plugins, which are outdated and pose potential security risks. The HTML and CSS are basic but functional, with moderate performance and basic mobile optimization. There is no evidence of a modern CMS or advanced frameworks. The site lacks visible security headers and there is no explicit confirmation of HTTPS usage in the provided data, which raises concerns about secure data transmission. The login form uses POST and masks passwords, but overall security posture is moderate due to outdated libraries and missing headers. Security evaluation reveals several areas for improvement. The use of outdated JavaScript libraries is a significant vulnerability. The absence of security headers and unclear SSL/TLS configuration further reduce security confidence. No privacy or cookie policies are present, indicating poor privacy compliance. No contact or incident response information is provided, limiting transparency and trust. No WAF or blocking mechanisms were detected, and the site content is fully accessible. WHOIS data is limited but shows professional DNS hosting with no privacy protection, suggesting moderate legitimacy. Overall, the website scores in the average range with notable deficiencies in privacy compliance, security best practices, and business transparency. Strategic recommendations include upgrading all JavaScript libraries, implementing HTTPS with strong SSL/TLS, adding security headers, publishing privacy and cookie policies, and providing clear contact and incident response information to enhance trust and compliance.

C

CKEditor.com

ckeditor.com

73

CKEditor.com is a well-established technology company specializing in WYSIWYG HTML editors with collaborative rich text editing capabilities. Founded in 2007, it serves a broad audience including developers and enterprises, offering a robust software solution trusted by over 20,000 companies worldwide. The company operates primarily on a SaaS and open-source business model, providing extensive documentation and support to its users. The website reflects a mature market position with professional branding and consistent messaging.

H

Hochschule für Technik und Wirtschaft des Saarlandes

htwsaar.de

67

The Hochschule für Technik und Wirtschaft des Saarlandes (htw saar) is a public university in Germany specializing in technology and economics education. It offers a broad range of bachelor and master degree programs, including dual and international studies, supported by strong research activities and partnerships. The website reflects a mature digital presence with a professional design, clear navigation, and multilingual support, targeting students, researchers, and academic partners. Technically, the site is built on TYPO3 CMS with Matomo analytics, delivering moderate performance and good mobile optimization. Security posture is solid with HTTPS enabled, but lacks explicit security headers and formal privacy/cookie policies, indicating room for compliance improvement. WHOIS data confirms domain legitimacy and alignment with the institution's identity. Overall, the site is trustworthy and professional but should enhance privacy and security disclosures to meet modern compliance standards.

R

RegioHelden GmbH

herofil.es

64

RegioHelden GmbH is a German online marketing agency established in 2010, specializing in digital marketing services such as SEO, content management, and web design. The company positions itself as a creative and authentic partner for businesses seeking digital visibility and success, while also emphasizing a strong internal culture and career opportunities. Their website is built on WordPress, hosted on bunny.net infrastructure, and employs modern web technologies including Matomo analytics and Google Maps embeds. The site is well-optimized for mobile and accessibility, with a professional design and clear navigation. Security posture is solid with HTTPS enforced and a comprehensive cookie consent mechanism, though some security headers could be improved. Privacy compliance is strong, with a detailed privacy policy and GDPR-aligned consent management. No critical vulnerabilities or suspicious patterns were detected. Overall, the website reflects a credible, professional digital marketing agency with a good balance of business and technical maturity.

Rheinische Post Events operates as a regional event ticketing platform affiliated with the Rheinische Post media group, focusing on event promotion and ticket sales primarily in Germany. The website offers a professional and user-friendly interface for purchasing tickets to events such as the Halloween Party 2025 in Düsseldorf. The platform leverages modern web technologies including Vue.js and Vuetify, integrating third-party services like Google Maps and Mapbox for enhanced user experience. Consent management and GDPR compliance are well implemented, reflecting a mature approach to privacy and user data protection. However, the absence of publicly available WHOIS data for the domain raises concerns about registration transparency, although the website's branding and technical setup suggest legitimate business operations. Security posture is strong with HTTPS enforced and no visible vulnerabilities, but security headers could be improved. Overall, the site presents a trustworthy and professional front for event ticketing with room for enhanced security practices and WHOIS transparency.

F

Fachhochschule Dortmund

fh-dortmund.de

61

Fachhochschule Dortmund is a well-established public university of applied sciences in Germany offering approximately 70 Bachelor and Master degree programs across eight faculties. The institution targets prospective students, current students, academic staff, alumni, and industry partners, positioning itself as a key regional educational and research hub. The website reflects a professional and comprehensive digital presence with clear navigation, multilingual support, and extensive information on academic offerings, research, and career services. Technically, the site is built on the Sitepark CMS platform, employs modern JavaScript and SVG assets, and integrates Matomo analytics with privacy-conscious configurations. Security posture is strong with HTTPS enforcement, privacy-respecting analytics, and cookie consent mechanisms. No critical vulnerabilities or blocking mechanisms were detected. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

M

Martin-Luther-Universität Halle-Wittenberg

uni-halle.de

53

Martin-Luther-Universität Halle-Wittenberg is a well-established public university in Germany, founded in 1502, offering a broad range of academic programs and research activities. The website serves as an information portal for students, researchers, applicants, and other stakeholders, providing news, study information, and institutional resources. The university maintains a strong academic reputation with international collaborations and prestigious research grants. Technically, the website uses a custom CMS with JavaScript libraries and Piwik/Matomo analytics, hosted on a German academic network. The site is moderately optimized for performance and accessibility but lacks advanced mobile responsiveness and some modern security headers. Security posture is adequate with HTTPS usage but could be improved by adding explicit security policies and cookie consent mechanisms. Overall, the site is professional, trustworthy, and content-rich, though some compliance and security best practices could be enhanced.

H

Hochschule Osnabrück

hs-osnabrueck.de

66

Hochschule Osnabrück is a well-established University of Applied Sciences in Germany providing a broad range of academic programs including Bachelor, Master, dual studies, and continuing education. The institution emphasizes practical learning, internationalization, and research, serving students, academic staff, and partners. The website reflects a professional and comprehensive digital presence with clear navigation, multilingual support, and active social media engagement. Technically, the site is built on TYPO3 CMS, uses modern JavaScript libraries, and integrates privacy-conscious analytics (Matomo). Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response information are not published. Overall, the domain registration and hosting align with the university's official infrastructure, indicating high legitimacy and trustworthiness.

I

in2code GmbH

in2code.de

62

in2code GmbH is a specialized TYPO3 Platinum Member company based in Germany, offering comprehensive web solutions including TYPO3 CMS development, hosting, marketing automation, and support services primarily targeting universities, higher education institutions, and enterprise businesses. The company holds a strong market position with multiple TYPO3 certifications and awards, reflecting its expertise and community engagement. Technically, the website is built on TYPO3 CMS with modern web technologies, optimized for performance, mobile, and accessibility. The security posture is solid with HTTPS usage and cookie consent mechanisms, though explicit security policies and incident response details are not publicly available. Overall, the website demonstrates high professionalism, trustworthiness, and compliance with GDPR regulations.

H

Hochschule Hannover

hs-hannover.de

67

Hochschule Hannover is a public university of applied sciences and arts located in Germany, offering a variety of Bachelor and Master degree programs focused on practical education and research. The institution targets students and academic professionals seeking career-oriented education and research opportunities. The website is built on TYPO3 CMS with modern frontend technologies and includes a comprehensive cookie consent mechanism via Cookiebot, ensuring GDPR compliance. Social media integration and structured navigation enhance user engagement and accessibility. Security posture is strong with HTTPS enforcement and standard security headers, though explicit security and incident response policies are not publicly available. Overall, the website reflects a mature digital presence suitable for an educational institution with good content quality and technical implementation.

U

Universität Paderborn

uni-paderborn.de

58

Universität Paderborn is a well-established German university serving approximately 20,000 students, positioned as a strong medium-sized academic institution. The website is built on TYPO3 CMS, reflecting a modern and maintainable technical infrastructure. The site is well-structured, mobile-optimized, and provides content primarily in German with English alternatives, targeting students, researchers, and the academic community. Security posture is adequate with HTTPS enabled but lacks advanced security headers and explicit privacy and cookie policies. No incident response or vulnerability disclosure information is publicly available, which could be improved to enhance trust and compliance. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

L

linuxmuster.net

linuxmuster.net

47

linuxmuster.net is a well-established open-source school network solution supported by a non-profit association and an active community. The website presents a professional and consistent brand image focused on providing reliable and customizable IT infrastructure for educational institutions. The technical infrastructure is based on WordPress CMS with modern plugins and technologies, offering a good user experience and mobile optimization. Security posture is adequate with HTTPS and reCAPTCHA integration, but lacks some security headers and explicit privacy policies. The absence of WHOIS data raises concerns about domain registration transparency, though the website content and community presence support legitimacy. Overall, the site is trustworthy and functional but would benefit from enhanced privacy compliance and security hardening.

G

Gymnasium Lüchow

gymnasium-luechow.de

46

Gymnasium Lüchow is a medium-sized educational institution in Germany, recognized as an open all-day school and a UNESCO project school. The website provides comprehensive information about the school’s educational offerings, projects, international partnerships (notably Erasmus+), and community engagement. The school targets students, parents, and educators, emphasizing sustainability, cultural education, and social responsibility. Technically, the site is built on TYPO3 CMS, hosted by SchlundTech, and employs modern web technologies with good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. No critical vulnerabilities or suspicious content were detected. Overall, the website reflects a professional and trustworthy educational institution with strong community ties.

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a variety of academic programs focused on practical and applied education, targeting students and academic professionals in the region. The website reflects a medium-sized educational institution with a clear focus on regional engagement and academic excellence. Technically, the website employs modern JavaScript technologies, including Cookiebot for cookie consent management and Google Tag Manager for analytics, indicating a mature digital infrastructure. The site is mobile-optimized and accessible, with good SEO practices and a professional design. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms compliant with GDPR. However, there is room for improvement in implementing additional security headers and publishing explicit security policies. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations, supporting the institution's credibility and user trust.

S

Stud.IP e. V.

studip.de

41

Stud.IP e. V. operates a modern open-source learning management system primarily targeting educational institutions such as universities, authorities, associations, and companies. The platform serves as a central component of digital education concepts, offering services in teaching, learning, administration, and integration via interfaces. The website is professionally designed, content-rich, and clearly structured, supporting a German-speaking audience with a focus on education and technology sectors. The business model revolves around providing an open-source LMS solution with community and event engagement to foster adoption and development. Technically, the website is built on WordPress with modern front-end technologies including JavaScript and CSS, enhanced by SEO tools like Yoast and analytics via Koko Analytics. Hosting is provided by Cloudpit, a reputable provider, ensuring reliable infrastructure. The site demonstrates good mobile optimization and accessibility features, although SEO optimization is basic. Performance is moderate, with no critical technical issues detected. From a security perspective, the site enforces HTTPS with excellent SSL configuration but lacks explicit security headers and published security policies. Forms are secured with required fields, and no sensitive data exposure or vulnerable libraries were found. Privacy compliance is partial; while a privacy policy is present and GDPR compliance is implied, no cookie consent mechanism or detailed data retention policies are visible. Contact information is limited to a postal address without direct emails or phone numbers, and no incident response or vulnerability disclosure information is provided. Overall, the website presents a trustworthy and professional front for an established educational technology entity. Strategic improvements in privacy compliance, security policy transparency, and user data consent mechanisms would enhance trust and regulatory adherence.

C

O Tempo

climadobrasil.com.br

67

Climadobrasil.com.br is a Portuguese-language weather forecasting website primarily serving Brazil and offering meteorological information for over 200,000 cities worldwide. The site provides daily and extended weather forecasts, targeting a general audience interested in climate and weather updates. The business model appears to be advertising-supported, leveraging multiple ad networks and tracking technologies to monetize traffic. The website is hosted on Amazon AWS infrastructure, indicating a reliable hosting environment. Technically, the site uses modern web technologies including JavaScript frameworks, CSS3, and integrates consent management via Didomi SDK, alongside Google Analytics and Google Tag Manager for analytics and marketing purposes. Security posture is adequate with HTTPS enforced, but lacks explicit security headers and published security policies. Privacy compliance is basic, with cookie consent mechanisms present but no visible privacy policy or terms of service pages. No contact or business registration information is publicly available on the site, limiting business credibility verification. Overall, the site is professional and functional but could improve transparency and security documentation.

O

O Tempo

otempo.pt

65

O Tempo is a Portuguese weather forecast website providing meteorological information for Portugal and worldwide, covering over 200,000 cities. The site targets a general audience interested in weather updates and forecasts. It operates primarily as an advertising-supported media platform, integrating multiple ad networks and tracking services to monetize its content. The website demonstrates a moderate level of digital maturity with a modern tech stack including JavaScript frameworks, consent management via Didomi, and analytics through Google services. Performance and mobile optimization are adequate, though accessibility features are basic. From a security perspective, the site enforces HTTPS and uses consent management tools, but lacks visible security headers and published security policies such as privacy or cookie policies. No contact information or incident response channels are provided, which limits transparency and user trust. The domain registration is privacy-protected, which is common for media sites but reduces registrant transparency. No WAF or blocking mechanisms were detected, and the site content is safe for general audiences. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, clearer contact and security policies, and improved security header implementation to strengthen its security posture and user trust.

C

Comply

comply-app.com

58

Comply is a technology company founded in 2019 that provides a SaaS platform focused on automating website compliance, particularly GDPR and privacy regulations. Their service replaces manual compliance checklists with automated website scanning and consent management tools, targeting businesses and compliance professionals. The company positions itself as a niche provider in the compliance automation market, leveraging modern web technologies and integrations such as LinkedIn analytics to enhance marketing and user insights. Technically, the website is built on Vue.js, hosted with Azure DNS, and employs HTTPS with good security headers, although DNSSEC is not enabled. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is solid with no critical vulnerabilities detected, but lacks a published security policy or incident response contacts. Privacy compliance is well addressed with comprehensive privacy and cookie policies and active consent mechanisms. Overall, the website and domain registration indicate a trustworthy and legitimate business with moderate user tracking and good technical implementation.

T

Turismo Asturias

turismoasturias.es

64

Turismo Asturias operates the official regional tourism portal for Asturias, Spain, providing comprehensive information on natural landscapes, cultural heritage, gastronomy, and travel planning. The website targets tourists and visitors interested in exploring Asturias, offering multi-language support and detailed content to facilitate trip organization. Technically, the site is built on the Liferay CMS platform, leveraging modern JavaScript libraries such as jQuery, AUI, and Senna.js for SPA capabilities, with integrations for Google Analytics and Facebook social features. The site demonstrates good mobile optimization and SEO practices, although accessibility could be improved. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, but lacks explicit security headers and incident response disclosures. WHOIS data confirms domain legitimacy consistent with an official government tourism entity. Overall, the site is professional, trustworthy, and well-positioned to serve its audience effectively.

R

ResponsiveVoice.JS AI Text to Speech

responsivevoice.org

64

ResponsiveVoice.JS AI Text to Speech is a technology-focused company providing smart text-to-speech plugins and AI voice synthesis services primarily targeting web developers and businesses seeking to enhance user engagement through voice. The company operates a SaaS business model offering over 51 voices and languages, positioning itself as a popular AI Text-To-Speech API provider. The website is built on WordPress with modern technologies including Google Tag Manager, Facebook Pixel, and Hotjar for analytics and marketing. DNS is managed via Cloudflare, and the domain is registered with GoDaddy.com, LLC since 2014, indicating a mature and stable presence. Security posture is generally good with HTTPS enabled and domain locks in place, but lacks DNSSEC and security headers, and no explicit privacy or security policies are published. The site is accessible without WAF blocking or security challenges, but privacy compliance and incident response readiness need improvement. Overall, the website is professional and trustworthy with moderate user tracking and basic advertising transparency.

D

Das offizielles Stadtportal der Stadt Dortmund

dortmund.de

62

The website www.dortmund.de serves as the official city portal for Dortmund, Germany, providing comprehensive information about city administration, services, local politics, economy, leisure, tourism, and public events. It targets residents, visitors, and businesses in Dortmund, offering key services such as online appointments, event calendars, news updates, and career opportunities. The site is well-established, with a founding date of 1995, and presents itself as a large government entity with a professional and consistent brand image. Technically, the website employs modern web technologies including JavaScript, custom web components, and the Splide.js carousel library. It uses HTTPS with good SSL configuration and integrates Piwik (Matomo) for analytics, indicating a moderate level of digital maturity. The site is mobile-optimized and accessible, with good SEO practices observed. From a security perspective, the site enforces HTTPS and shows signs of good security practices, although explicit security headers and policies are not visible in the provided content. There is no evidence of a published security policy or incident response contact, which could be improved. No vulnerabilities or suspicious domains were detected, and no WAF or blocking mechanisms interfere with access. Overall, the website is trustworthy and professional, but it lacks explicit privacy and cookie policies, which impacts its privacy compliance score. Strategic recommendations include publishing comprehensive privacy and cookie policies, implementing security headers, and providing clear incident response contacts to enhance trust and compliance.

I

IRIS - the International Resource for Impact and Storytelling

storyforimpact.io

59

IRIS - the International Resource for Impact and Storytelling is a small, mission-driven organization focused on leveraging storytelling and narrative strategies to support social impact and community justice initiatives internationally. The organization builds networks, exchanges knowledge, and seeds collaborations to amplify creative solutions. The website is professionally designed on the Squarespace platform, featuring clear mission and vision statements and active social media presence. However, it lacks formal privacy, cookie, and terms of service policies, and does not provide direct contact information, which limits transparency and compliance. Technically, the site is well-configured with HTTPS and HSTS, but DNSSEC is not enabled. The security posture is good, though improvements can be made by adding security headers and vulnerability disclosure information. Overall, the website is safe, trustworthy, and serves a general audience interested in storytelling for social change.

InMaat Foundation is a small non-profit organization founded in 2014, dedicated to supporting organizations that challenge systemic gender oppression and promote justice and human rights. The website reflects a focused mission with relevant content aimed at social justice advocates and organizations. The foundation maintains a consistent brand presence and offers storytelling and inspirational content to engage its audience. Technically, the website is built on a modern stack likely using Craft CMS, hosted behind Cloudflare DNS, and employs Google Tag Manager for analytics. The site is mobile optimized with good SEO practices but lacks some accessibility features and cookie consent mechanisms. Security posture is adequate with HTTPS enforced and domain transfer protections, but lacks DNSSEC and security headers. No explicit security or incident response policies are published, which could be improved. Overall, the domain registration is consistent with the organization's history and mission, indicating legitimacy. The site is safe for general audiences with no adult or questionable content.

G

Global Impact Producers Alliance

globalimpactproducers.org

48

Global Impact Producers Alliance (GIPA) is a non-profit community-led network dedicated to nurturing and amplifying the work of impact producers. The organization provides resources, a directory, and a platform for community engagement, supported by reputable partners such as Doc Society and Perspective Fund. The website is professionally designed using WordPress and hosted on Linode, reflecting a moderate level of technical maturity with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks DNSSEC and security headers, which are recommended for improvement. Privacy compliance is weak due to the absence of privacy and cookie policies, and no contact information is provided on the homepage, which may affect user trust and regulatory compliance. Overall, the site is safe, trustworthy, and serves a niche non-profit audience effectively.

A

ABC Cinemas

aflamuna.online

60

AFLAMUNA.online is a specialized media streaming platform dedicated to Arab cinema and cultural films, targeting Arabic-speaking audiences interested in regional film content. The platform offers a curated selection of films including fiction, documentary, experimental, and essay genres, delivered via a modern streaming infrastructure powered by Shift72. The business model combines free and transactional video on demand services, supported by Stripe payment integration. The website demonstrates a good level of digital maturity with responsive design, multilingual support, and integrated analytics for user tracking and marketing. From a security perspective, the site enforces HTTPS and uses secure payment processing but lacks explicit security headers and published incident response policies. Privacy compliance is basic with a privacy policy and cookie consent mechanism present, though GDPR compliance is not clearly indicated. Contact information is minimal, with no direct emails or phone numbers found, which may impact user trust and support accessibility. Overall, the platform is well-positioned as a niche cultural streaming service with good technical implementation and content quality. However, improvements in security transparency, contact availability, and privacy compliance would enhance trust and regulatory adherence.

C

Consisto GmbH

consisto.it

53

Consisto GmbH is a well-established full-service web agency based in Brixen, South Tyrol, Italy, with approximately 20 years of experience. The company specializes in web design, online marketing, custom programming, and consulting services tailored to businesses seeking professional online presence solutions. Their market position is strong locally, supported by a medium-sized team and a portfolio of client projects. Technically, the website is built on a proprietary CMS (Consisto.CMS) with modern JavaScript libraries and integrates Google Analytics and Tag Manager for analytics and marketing. The site is GDPR compliant with a comprehensive cookie consent mechanism and multi-language support. Security posture is good with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are not published. Overall, the website reflects a professional, trustworthy business with good digital maturity.

T

teamblau GmbH

teamblau.com

58

teamblau GmbH is a professional digital agency based in Bolzano, Italy, specializing in e-commerce, web design, and online marketing services. They hold a strong regional presence in South Tyrol and are recognized as a certified Shopware Gold Partner in Italy. Their website showcases a comprehensive portfolio of projects and references, targeting businesses seeking digital transformation and e-commerce solutions. The company emphasizes quality, innovation, and customer-centric design in their offerings. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, integrated with multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and Matomo, all managed via Google Tag Manager. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms. Security posture is generally good with HTTPS enforced and no exposed sensitive data, though some security headers are missing and no explicit security or incident response policies are published. The WHOIS data for the domain is unavailable, which raises concerns about domain registration legitimacy, but the website content and business information support credibility. Overall, the site is professional, secure, and compliant, with room for improvement in security headers and domain registration transparency.

H

hemmer.ch sa

hemmer.ch

56

hemmer.ch sa is a Swiss-based digital agency specializing in web development and digital marketing services, with a strong focus on TYPO3 CMS. Established in 2001, the company serves a diverse clientele including enterprises, public organizations, communes, and industries across Switzerland. Their key offerings include marketing analysis, consulting, project management, SEO, web development, and coaching. The website reflects a professional and consistent brand image, supported by structured data and multiple physical office locations. Technically, the site leverages TYPO3 CMS, modern JavaScript and CSS, and integrates Google Analytics with a privacy-conscious consent mechanism. Security posture is strong with HTTPS and a strict Content-Security-Policy header, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site is well-optimized for SEO, mobile-friendly, and provides clear contact information and user engagement features such as a chatbot. The domain registration data aligns well with the business claims, indicating high legitimacy and trustworthiness.

The website pod.link is currently inaccessible due to a Vercel Security Checkpoint, which acts as a Web Application Firewall (WAF) or security challenge page. This prevents access to any actual business content, metadata, or user-facing information. The domain is registered since 2017 with Tucows Domains Inc., showing stable and consistent registration data. However, no privacy policies, cookie policies, terms of service, contact information, or business descriptions are available on the accessible page. The site appears to be hosted on Vercel, leveraging their security infrastructure. Due to the blocking mechanism, a full security and compliance analysis cannot be performed, and the overall AI score is low, reflecting the lack of accessible content and compliance information.

D

Duke University

duke.edu

66

Duke University is a prestigious private research university based in the United States, offering a wide range of undergraduate, graduate, and professional education programs. The website reflects its comprehensive academic offerings, research initiatives, global partnerships, and community engagement. The target audience includes students, faculty, staff, alumni, and researchers. The university maintains a strong market position as a leading educational institution with extensive resources and services. Technically, the website employs modern web technologies, including JavaScript libraries, Google Tag Manager, and Microsoft Clarity for analytics, and implements a cookie consent mechanism to comply with privacy regulations. The site is well-structured, mobile-optimized, and accessible, providing a professional user experience.

W

Werbekomplizen

andreassaulig.com

65

Werbekomplizen is a small, established German media agency specializing in branding, web design, print design, e-commerce, and digital marketing services. With over 16 years of experience, the company targets businesses seeking comprehensive marketing and design solutions. The website is professionally designed, mobile-optimized, and presents a clear portfolio of projects, reinforcing its market position as a trusted regional agency. Technically, the website leverages modern web technologies including Webflow CMS, GSAP for animations, jQuery, and smooth scrolling libraries. Hosting appears stable with dedicated nameservers. Performance and mobile responsiveness are excellent, though accessibility features are basic. SEO is adequately addressed through meta tags and structured content. From a security perspective, the site uses HTTPS with good SSL configuration but lacks explicit security headers and cookie consent mechanisms. No incident response or vulnerability disclosure information is provided, which could be improved to enhance trust and compliance. No suspicious or vulnerable libraries were detected, and no sensitive data exposure was found. Overall, the website is safe, professional, and trustworthy with minor gaps in privacy compliance and security best practices. Strategic improvements in cookie consent, security headers, and incident response documentation would elevate the security posture and regulatory compliance.

N

NABU

nabu-netz.de

59

NABU-Netz is a digital collaboration platform operated by NABU, a well-established German non-profit environmental organization. The website serves as a hub for information, communication, and resource sharing among NABU volunteers and staff. It offers multiple integrated services such as a Wiki, Chat, Media Library, Publishing tools, E-Learning, and an Education Calendar, all aimed at supporting the organization's mission and community engagement. The platform emphasizes ease of access through a centralized NABU-Login system, enhancing user experience and security. Technically, the website is built on modern web technologies including Laravel Livewire and Alpine.js, with a focus on responsive design and moderate performance. It employs Matomo analytics for privacy-conscious user tracking and integrates third-party services like CleverReach for newsletter management. The site uses HTTPS with proper CSRF protections and demonstrates good security hygiene, although explicit security headers and incident response policies are not publicly documented. From a security perspective, the site shows a mature posture with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, with comprehensive privacy and cookie policies in place, aligned with GDPR requirements. However, the absence of a dedicated security policy or vulnerability disclosure program suggests room for improvement in transparency and incident readiness. Overall, NABU-Netz presents a trustworthy, professional, and well-maintained digital presence for a non-profit organization. The platform effectively supports its community with relevant services and maintains a good balance between usability, privacy, and security. Strategic enhancements in security documentation and header implementation could further strengthen its security posture and user trust.

NABU Landesverband Bremen e.V. is a well-established non-profit environmental organization active since 1995, focusing on nature conservation, environmental education, and community engagement in Bremen, Germany. The website serves as a comprehensive platform for information dissemination, volunteer coordination, event promotion, and fundraising. It targets nature enthusiasts, families, children, and volunteers, positioning itself as a leading regional environmental advocate with nearly 10,000 members. Technically, the site is built on the IMPERIA CMS platform, utilizing modern JavaScript libraries and analytics tools such as Matomo and Google Tag Manager, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent management implemented, though some security headers could be enhanced. Privacy compliance is strong, with clear policies and GDPR adherence. Overall, the website reflects a professional, trustworthy, and user-friendly digital presence supporting the organization's mission.

T

THE ELI AND EDYTHE BROAD FOUNDATION

broadfoundationreport.org

60

The Eli and Edythe Broad Foundation website is a professionally designed Squarespace site focused on celebrating 50 years of philanthropic giving. The foundation operates as a non-profit entity targeting donors and the philanthropic community with storytelling content about its history and impact. The technical infrastructure is modern, leveraging Squarespace CMS and standard web technologies, providing a moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies and no visible GDPR compliance indicators. The lack of contact information and WHOIS data reduces business credibility and trust. Overall, the site is functional and professional but requires improvements in transparency, privacy, and security documentation to enhance trust and compliance.

M

medi now Apotheke

medi-now.de

63

medi now Apotheke operates as a German online pharmacy offering a broad range of pharmaceutical products, including prescription and non-prescription medicines. The website supports local pharmacy selection, prescription fulfillment including electronic prescriptions (E-Rezept), and provides delivery or pickup options. The business targets consumers in Germany seeking convenient access to medications and health products. The site is positioned as a regional/local pharmacy network with a strong online presence and app integration to enhance customer engagement. Technically, the website employs modern JavaScript frameworks such as Alpine.js, uses Swiper.js for interactive sliders, and integrates Usercentrics for cookie consent management. Google Tag Manager and Google Analytics are used for analytics and event tracking. The site is mobile optimized with good SEO practices and structured data markup, indicating a mature digital infrastructure. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks explicit security headers and published security policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data shows a professional DNS setup but lacks detailed registrant information, slightly reducing trustworthiness. No privacy policy or terms of service were found in the analyzed content, which is a compliance gap. Overall, the website is professional, trustworthy, and well-suited for its healthcare e-commerce purpose. Strategic recommendations include publishing comprehensive privacy and security policies, enhancing security headers, providing clear contact information for data protection officers, and improving accessibility compliance to strengthen trust and compliance posture.

G

gesund.de GmbH & Co. KG

gesund.de

68

gesund.de GmbH & Co. KG operates a German-language online platform specializing in health-related products and pharmacy services. The website serves as a marketplace and facilitates pharmacy-related transactions, targeting German consumers interested in healthcare products. The company maintains a consistent brand presence with social media links to Facebook and Instagram and uses modern cookie consent management to comply with privacy regulations. Technically, the site employs JavaScript-based tracking and marketing tools including Google Tag Manager, TikTok Pixel, and Taboola, indicating a mature digital marketing infrastructure. Security posture is solid with HTTPS enabled and no visible critical vulnerabilities, though security headers are not explicitly present. Privacy compliance is moderate, with a cookie consent mechanism but no explicit privacy policy or terms of service found in the analyzed content. Contact information is not directly visible, which may impact user trust and compliance. Overall, the site is professional and functional but could improve transparency and security practices.

B

Bodfeld Apotheke

bodfeld-apotheke.de

63

Bodfeld Apotheke operates as a professional online pharmacy based in Germany, offering a wide range of pharmaceutical products, cosmetics, and healthcare items. The website targets general consumers seeking convenient and secure online access to medicines and related products. The business model focuses on e-commerce retail with additional services such as electronic prescription fulfillment and customer account management. The company maintains a medium-sized market presence supported by trusted certifications and partnerships with recognized price comparison and review platforms.

V

Volksversand Versandapotheke

volksversand.de

63

Volksversand Versandapotheke operates as a large-scale online pharmacy based in Germany, offering a wide range of health, wellness, beauty, baby, and pet products. The website targets general consumers seeking affordable and convenient pharmaceutical products with benefits such as discounts, free shipping, and a bonus points program. The business is well-positioned in the e-commerce healthcare sector with a strong customer base and trust indicators like Trusted Shops certification. Technically, the website is built on the Shopware CMS platform, utilizing modern web technologies including JavaScript, CSS, and integration with Google Tag Manager and Trusted Shops widgets. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Performance is moderate, with room for improvement in loading speed and technical modernization. From a security perspective, the site employs HTTPS with excellent SSL configuration and secure form handling. However, it lacks visible security headers and explicit security or incident response policies. Privacy compliance is partial, with a comprehensive privacy policy but no visible cookie consent mechanism. No vulnerabilities or exposed sensitive data were detected in the provided content. Overall, Volksversand.de presents a trustworthy and professional online pharmacy platform with solid business credibility and technical implementation. Strategic improvements in privacy compliance, security headers, and incident response transparency would enhance its security posture and regulatory adherence.

B

Bad-Apotheke Versandapotheke

apotal.de

61

Bad-Apotheke Versandapotheke operates as a German online pharmacy offering a wide range of pharmaceutical and health-related products including prescription and non-prescription medicines, supplements, and cosmetics. The business targets the general German public seeking convenient and cost-effective medication delivery services. The website demonstrates a solid market position with competitive pricing, promotions, and a comprehensive product catalog. Contact channels include phone, email, and a contact form, supporting customer engagement and service. Technically, the website employs modern JavaScript frameworks such as Vue.js, integrates third-party services like eKomi for customer reviews and eTracker for analytics, and uses cookie consent mechanisms aligned with GDPR requirements. The site is mobile-optimized and accessible, with good SEO practices evident. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and uses secure form submissions. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not evident, representing an area for improvement. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies and cookie consent are comprehensive and GDPR-compliant, though no dedicated security policy or incident response information is published. Overall, the website is professional, trustworthy, and compliant with relevant privacy regulations. Strategic recommendations include enhancing security headers, publishing a security policy, and implementing a vulnerability disclosure mechanism to further strengthen security posture and customer trust.

A

Aponeo Versandapotheke

aponeo.de

60

Aponeo.de is a well-established German online pharmacy offering a wide range of pharmaceutical and health-related products. The website targets German-speaking consumers seeking convenient and cost-effective access to medications and wellness products, featuring services such as electronic prescription redemption and a customer loyalty program (APO Cash). The site demonstrates a mature e-commerce business model with strong market positioning in the German healthcare retail sector. Technically, the website employs modern web technologies including responsive design, lazy loading, and Google Tag Manager for analytics and marketing. The infrastructure is hosted via domaincontrol.com nameservers, indicating professional hosting arrangements. Security posture is solid with HTTPS enforced and secure login mechanisms, though some security headers could be enhanced for better protection. Privacy compliance is robust, with clear GDPR-aligned privacy and cookie policies and consent mechanisms. Overall, the website is professional, trustworthy, and user-friendly, with no indications of malicious content or security risks.

medikamente-per-klick.de is a German online pharmacy operated by Luitpold Apotheke Bad Steben, offering a wide range of pharmaceutical products, cosmetics, and nutritional supplements with free shipping for orders over 15 euros within Germany. The website targets end consumers seeking convenient and cost-effective access to medications and health products. The business model is e-commerce retail with a focus on pharmaceutical compliance and customer service, including individual prescription fulfillment. The site is positioned as a competitive player in the German online pharmacy market with user reviews and discount offers enhancing trust.

H

Heel GmbH

heel-academy.de

46

Heel Academy is a professional healthcare education platform operated by Heel GmbH, targeting medical professionals such as doctors, veterinarians, pharmacists, midwives, and alternative practitioners. The platform offers a variety of educational content including live webinars, CME courses, videos, and practice materials to support healthcare professionals in their daily work. The website is well-branded, consistent, and provides clear contact information, reinforcing its credibility in the healthcare sector. Technically, the site is built on the Weblication® CMS platform, uses modern JavaScript libraries, and integrates a GDPR-compliant cookie consent mechanism via Usercentrics. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, though security headers and explicit policies could be improved. Overall, the site is professional, trustworthy, and compliant with privacy regulations, making it a reliable resource for its target audience.