Security Directory

B

Bike-Arena

bike-arena.cz

44

Bike-Arena is a specialized retailer and service provider for bicycles and e-bikes located in Příbram, Czech Republic. The company offers a broad range of products including bicycles from brands like Trek, Giant, and Maxbike, alongside accessories, rentals, and maintenance services. Their business model combines e-commerce with a physical storefront, targeting cycling enthusiasts and local customers. The website is well-structured, providing clear navigation, product categories, and informative blog content to engage visitors. Technically, the website employs modern JavaScript libraries such as jQuery, jQuery UI, and Select2, and integrates Google Tag Manager and Google Analytics for marketing and analytics purposes. The site is mobile-optimized and uses HTTPS with good SSL configuration, ensuring secure data transmission. Cookie consent mechanisms are implemented, reflecting GDPR compliance. However, some security headers are missing, and no explicit security or incident response policies are published. From a security perspective, the site demonstrates good practices including secure login forms and consent management. No vulnerabilities or exposed sensitive data were detected in the HTML content. The absence of WHOIS data limits domain trust assessment, but the professional presentation and contact transparency support legitimacy. No signs of WAF or content blocking were found, allowing full content access. Overall, Bike-Arena presents a trustworthy and professional online presence with solid technical and privacy compliance foundations. Strategic improvements in security headers, incident response transparency, and vulnerability disclosure would further enhance their security posture and trustworthiness.

L

Le Mode

lemode.net

57

LeMode.net is an e-commerce retailer specializing in fashion accessories including watches, jewelry, cosmetics, and related gift items. The website targets primarily Czech and Slovak customers, offering a broad catalog of branded products with a focus on exclusivity and new market introductions. The site is professionally designed with clear navigation and multi-language support, enhancing user experience and accessibility. Technically, the platform leverages the Shoptet CMS, integrates Google Analytics and Facebook SDK for marketing and analytics, and uses modern JavaScript libraries for UI components. Security posture is adequate with HTTPS enforced and cookie consent mechanisms implemented, though some security headers are missing and no vulnerability disclosure policy is present. The absence of WHOIS registration data for the domain is a notable concern, suggesting either privacy protection or registration issues, which slightly impacts trustworthiness. Overall, the site presents a professional and trustworthy front for online retail but should address domain registration transparency and enhance security headers to improve its security posture.

P

PRO-DOMA

pro-doma.cz

62

PRO-DOMA is a traditional Czech family-owned business specializing in the retail and wholesale of building materials, roofing, and metal products. It operates the largest network of building material stores and rental services in the Czech Republic, targeting construction professionals and retail customers. The website reflects a professional and consistent brand presence with clear contact information and a broad product catalog. Technically, the site uses modern web technologies and integrates multiple analytics and marketing tools, including Google Tag Manager, Microsoft Clarity, Smartlook, and Facebook Pixel. Security posture is solid with HTTPS enforced and a Content-Security-Policy header present, though additional security headers could enhance protection. Privacy compliance is weak due to the absence of visible privacy and cookie policies, which is a notable gap given the extensive tracking scripts in use. WHOIS data is unavailable, which raises concerns about domain registration legitimacy and should be investigated further. Overall, the website is functional, professional, and secure but would benefit from improved privacy transparency and WHOIS data clarity.

D

Dolák s.r.o.

toyotadolak.cz

44

Toyota Dolák is a large, authorized Toyota dealership and service provider operating in the Czech Republic. It holds the position as the largest Toyota sales and service partner in the country, offering a comprehensive range of services including new and used vehicle sales, vehicle buyback, leasing, rental, and authorized servicing. The company operates multiple branches across key Czech cities, enhancing accessibility and customer reach. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to consumers and businesses interested in Toyota vehicles and related services. From a technical perspective, the website is built on WordPress with a modern technology stack including jQuery, Google Tag Manager, and various UI libraries. It is mobile-optimized and SEO-friendly, with good performance and accessibility standards. The presence of cookie consent mechanisms and GDPR-compliant privacy policies indicates a mature approach to privacy and regulatory compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the absence of security headers and a security.txt file suggests room for improvement in security best practices. The lack of WHOIS data reduces domain trustworthiness somewhat, but the professional presentation and detailed business information mitigate concerns. Overall, Toyota Dolák presents a trustworthy and professional online presence with strong business credibility and good technical implementation. Strategic improvements in security policies and domain transparency would further enhance trust and compliance.

R

Royal Dobříš

spadobris.cz

47

Royal Dobříš operates a luxury wellness and apartment accommodation business located in Dobříš, Czech Republic, targeting tourists and visitors seeking premium wellness experiences near Prague. The website showcases private wellness facilities, premium apartments with private whirlpools and saunas, and a bistro offering European cuisine. The business positions itself as a premium local hospitality provider with a focus on privacy, quality, and customer experience. Technically, the website is built on WordPress with WooCommerce and Elementor, integrating modern marketing and tracking tools such as Google Analytics, Facebook Pixel, and Ecomail. The site is mobile optimized and performs moderately well. Security posture is adequate with HTTPS enforced but lacks some security headers and formal privacy and terms policies, indicating room for compliance improvement. Overall, the domain registration is consistent and legitimate, supporting the business credibility. Strategic improvements in privacy compliance and security headers would enhance trust and regulatory adherence.

A

Asociace podniků topenářské techniky

aptt.cz

42

The Asociace podniků topenářské techniky (APTT) is a Czech industry association established in 1992 that represents manufacturers and sellers in the heating technology sector, including boilers, fireplaces, and heating regulation technology. The association provides legislative advocacy, professional training, and industry collaboration primarily within the Czech Republic. The website reflects a professional and consistent brand image targeting industry professionals and stakeholders. Technically, the website uses legacy JavaScript libraries such as jQuery 1.9.1 and includes Google Analytics and Tag Manager for tracking. However, it lacks modern security practices such as HTTPS enforcement and security headers, which lowers its security posture. No privacy or cookie policies are present, indicating poor privacy compliance. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website content itself appears legitimate and professional.

R

Realman s.r.o.

realman.cz

58

Realman s.r.o. is a Czech Republic-based company specializing in real estate software solutions, offering a comprehensive system for real estate agencies since 2004. Their platform provides CRM, online property listings, client communication tools, and GDPR compliance features, targeting primarily established real estate companies within the Czech market. The company positions itself as a reliable and innovative provider with a significant user base and multiple active licenses. Technically, the website employs a modern yet somewhat dated technology stack including Bootstrap and jQuery 1.11.0, with integrations for Google Analytics and Tag Manager. The site is mobile-optimized and features a custom CMS tailored to their software solution. Performance is moderate, with good SEO and basic accessibility features. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR. However, it lacks explicit security headers and uses an outdated jQuery version, which could pose vulnerabilities. No explicit security or incident response policies are published, which could be improved to enhance trust. Overall, the website is professional, content-rich, and trustworthy from a business perspective, but the absence of WHOIS data and some security best practices slightly reduce the overall trust score. Strategic improvements in security headers, technology updates, and transparency in security policies are recommended to strengthen their security posture and compliance.

A

AccuWeather

accuweather.com

62

AccuWeather is a leading global provider of weather forecasting services, offering local, national, and international weather information through its website and digital platforms. The company leverages advanced weather forecasting technology to deliver accurate and timely weather reports and alerts to a broad audience. Their business model is primarily advertising-supported, integrating multiple ad networks and analytics tools to monetize their content effectively. The website demonstrates a mature digital infrastructure with extensive use of modern technologies such as Prebid.js for header bidding, Google Publisher Tags for ad serving, and advanced analytics platforms like Parsely and Gamera. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a strong commitment to user privacy. Security posture is robust with HTTPS enforcement and multiple security headers, although explicit incident response and vulnerability disclosure mechanisms are not publicly visible. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the brand recognition and content quality. Strategic recommendations include enhancing contact information visibility, publishing a security.txt file, and continuous auditing of third-party scripts to maintain security integrity.

B

BK Instal

bkinstal.cz

38

BK Instal is a small Czech Republic-based company specializing in photovoltaic power plant servicing, installation, and comprehensive energy-saving solutions. The website presents a professional and modern approach to its business, targeting owners and operators of photovoltaic systems seeking efficient energy solutions. The company positions itself as a niche player in the energy sector with a focus on modern technology and cost savings. Technically, the website is built on WordPress with Elementor and WooCommerce, integrating modern tracking and security tools such as Google Tag Manager, Facebook Pixel, and Google reCAPTCHA v3. The site is mobile-optimized and performs moderately well, with good SEO practices in place. Security posture is solid with HTTPS enabled and use of security best practices, though some security headers are missing and no explicit incident response or vulnerability disclosure information is provided. The absence of WHOIS data and privacy/cookie policies reduces transparency and compliance confidence. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and domain registration transparency.

C

Columbus

columbusenergy.sk

43

Columbus Energy Slovensko s.r.o. operates as a major supplier and installer of photovoltaic systems, heat pumps, and electric vehicle chargers primarily targeting households and businesses in Slovakia. The company is part of the larger Columbus Group and positions itself as a leading European provider of renewable energy solutions with a strong emphasis on customer service, financing options, and subsidy processing. The website is professionally designed, multilingual, and provides comprehensive information about products and services, supported by a robust contact form and clear legal notices. Technically, the site is built on WordPress, leveraging modern analytics and marketing tools such as Google Analytics, Google Tag Manager, and Salesmanago, with GDPR-compliant cookie consent mechanisms in place. Security posture is strong with HTTPS and DNSSEC enabled, though formal security policies and incident response contacts are not publicly disclosed. Overall, the site reflects a mature digital presence aligned with the company's business objectives and market position.

C

Columbus Energy S.A.

columbusenergy.com

57

Columbus Energy S.A. is a well-established European leader in modern renewable energy solutions, specializing in integrated products such as photovoltaic panels, heat pumps, energy storage, and electric vehicle charging stations. The company serves a broad audience including homeowners, businesses, farmers, and institutions, with a strong presence in Poland and expanding across Europe. Their business model focuses on providing comprehensive energy ecosystems that promote cost savings, energy independence, and environmental sustainability. The website reflects a mature digital presence with consistent branding and professional content, supporting their market position as a trusted energy provider. Technically, the website is built on WordPress and leverages modern JavaScript libraries and tools such as jQuery, Tiny Slider, and Google Tag Manager. Hosting and DNS services are managed via Cloudflare, ensuring reliable performance and security. The site is mobile-optimized and includes cookie consent mechanisms compliant with GDPR, indicating a good level of digital maturity and privacy awareness. From a security perspective, the site enforces HTTPS and uses domain transfer protection. However, it lacks DNSSEC and explicit security headers, which are recommended to enhance protection. No security policy or incident response information is publicly available, which could be improved to increase transparency and trust. Overall, the security posture is solid but could benefit from additional hardening and disclosure. The overall risk assessment is low, with no signs of malicious activity or content safety concerns. Strategic recommendations include enabling DNSSEC, implementing security headers, publishing security policies, and continuous monitoring of third-party scripts. These steps will strengthen the security posture and compliance, supporting the company’s reputation and customer trust.

C

Columbus Energy S.A.

columbusenergy.pl

53

Columbus Energy S.A. is a well-established Polish company specializing in renewable energy solutions for residential and business customers. Their offerings include photovoltaic installations, energy storage systems, heat pumps, intelligent energy management (Columbus Intelligence), and related services such as thermal modernization and electric vehicle charging stations. The company positions itself as a leading provider in Poland with a strong focus on eco-friendly and cost-saving technologies. The website is professionally designed, multilingual, and provides comprehensive information tailored to various customer segments including homeowners, businesses, farmers, and public institutions. Technically, the website is built on WordPress with modern frameworks and integrates multiple analytics and marketing tools such as Google Tag Manager, Facebook Pixel, LinkedIn Insight, TikTok Pixel, Microsoft Clarity, and SalesManago. It employs a cookie consent mechanism compliant with GDPR and provides detailed privacy policies. The site is mobile-optimized, SEO-friendly, and performs moderately well. From a security perspective, the site uses HTTPS and implements best practices such as asynchronous loading of scripts and cookie consent. However, DNSSEC is not enabled, and there is no visible security policy or vulnerability disclosure page. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the business claims, showing a domain registered since 2014, supporting the company's legitimacy. Overall, Columbus Energy's website demonstrates a mature digital presence with strong business credibility and good security posture. Recommendations include enabling DNSSEC, publishing a security policy, and adding a vulnerability disclosure mechanism to further enhance trust and security.

I

Ingram Content Group

ingramcontent.com

71

Ingram Content Group is a leading enterprise in the book industry, providing comprehensive solutions and services to publishers, authors, retailers, and libraries worldwide. Their business model focuses on B2B content distribution and publishing tools, supported by a network of subsidiary platforms such as CoreSource, Ingram iD, and Lightning Source. The website reflects a mature digital presence with professional design, clear navigation, and extensive content relevant to their target audience. Technically, the website is built on the Webflow CMS platform, leveraging modern web technologies including Google Fonts, jQuery, Google Tag Manager, and Facebook Pixel for analytics and marketing. Hosting is via a CDN (Amazon CloudFront), ensuring moderate performance and good mobile optimization. SEO and accessibility are adequately addressed, though accessibility could be improved. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, indicating compliance with privacy regulations such as GDPR. However, no explicit security policy or incident response information is published, and security headers are not explicitly detected. The absence of WHOIS registration data is a concern but does not currently undermine the site's legitimacy given the professional presentation and ecosystem. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include publishing a dedicated security policy, adding a security.txt file, enhancing accessibility, and implementing additional HTTP security headers to further strengthen security posture.

4

4networks SK&CZ (C) 2015-2023

beremese.cz

64

Beremese.cz is a leading Czech wedding portal operated by 4networks SK&CZ, s.r.o., offering a comprehensive platform for future brides, married women, and grooms. The site provides a rich mix of content including wedding magazines, forums, photo blogs, bazaars, and professional listings, positioning itself as the largest wedding portal in the Czech Republic. The business model revolves around advertising, professional service listings, and community engagement. Technically, the site leverages modern web technologies such as Django, StimulusJS, Turbo (Hotwire), and integrates analytics and advertising platforms like Google Tag Manager, Gemius, and InMobi. The website is mobile-optimized with good SEO and basic accessibility features. Security posture is moderate with HTTPS usage and GDPR-compliant consent management, though security headers are not visibly present. The absence of WHOIS data limits domain trust verification but the site branding and content suggest legitimacy. Overall, the site scores well on content quality, technical implementation, privacy compliance, and business credibility, making it a professional and trustworthy media portal.

W

Wall&decò

wallanddeco.com

66

Wall&decò operates as a contemporary wallpaper and wall decoration retailer, targeting interior designers, homeowners, and businesses seeking stylish wall coverings. The website demonstrates a professional design with good content quality and clear navigation, supported by modern web technologies and multiple marketing and analytics tools. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though additional security headers could enhance protection. The absence of WHOIS data limits domain trust assessment, but the presence of comprehensive privacy and cookie policies indicates compliance with GDPR standards. Overall, the website presents a moderate risk profile with room for improvement in transparency and security documentation.

É

Élitis

elitis.fr

57

Élitis is a French company specializing in the design and publishing of high-end fabrics, wallpapers, and wallcoverings for interior decoration. Established in 1998, the company targets interior designers, decorators, architects, and consumers seeking premium decorative materials. The website reflects a professional and consistent brand image with good design quality and user experience. Technically, the site uses modern JavaScript frameworks such as Vue.js and integrates Google Tag Manager for analytics, indicating a moderate level of digital maturity. Security-wise, the site benefits from HTTPS but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. Overall, the domain's WHOIS data confirms a legitimate and longstanding business presence in France, supporting business credibility. Strategic enhancements in privacy compliance and security best practices would strengthen the company's digital trustworthiness and regulatory adherence.

W

WPInterface

wpinterface.com

60

WPInterface is a specialized e-commerce website offering pixel-perfect, minimalist WordPress themes tailored for creative professionals and bloggers. Established in 2018 and hosted by HOSTINGER operations, UAB, the site positions itself as a niche provider of high-quality WordPress themes with a focus on simplicity, speed, and flexibility. The business model revolves around direct sales of themes, membership plans, and support services, targeting creative professionals seeking professional online presence solutions. Technically, the website is built on WordPress 6.8.3 with a modern tech stack including Yoast SEO, Easy Digital Downloads, Google Tag Manager, and Ahrefs Analytics. The site demonstrates good performance, mobile optimization, and SEO practices. Cookie consent mechanisms and privacy policies indicate GDPR compliance, enhancing user trust and legal adherence. From a security perspective, the site benefits from HTTPS encryption and domain transfer protection but lacks advanced security headers and published security policies or incident response contacts. No vulnerabilities or suspicious patterns were detected. The domain registration is consistent with the business profile, enhancing legitimacy. Overall, WPInterface presents a professional, secure, and privacy-conscious platform with excellent content quality and user experience. Strategic improvements in security headers and incident response transparency could further strengthen its security posture and trustworthiness.

H

HANÁK Centrum

hanak-centrum.cz

59

HANÁK Centrum is a leading Czech manufacturer and retailer specializing in luxury and custom interior furniture, including kitchens, interior doors, wardrobes, living room walls, bedroom furniture, and tables. The company targets consumers in the Czech Republic seeking high-quality, bespoke interior solutions. The website is professionally designed using TYPO3 CMS and integrates modern web technologies such as Bootstrap and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile-optimized and provides clear navigation and rich content showcasing products and realizations. However, the absence of WHOIS data and registrant information raises concerns about domain registration transparency. Security posture is moderate with no visible security headers or explicit security policies, and privacy compliance is minimal due to missing privacy and cookie policies. Overall, the website presents a credible business front but would benefit from enhanced transparency and security practices.

M

MARTHI STORE

marthistore.com

43

MARTHI STORE is a specialized retail business focused on interior design products such as branded wallpapers, curtains, blinds, carpets, and furniture, primarily serving customers in the Czech Republic. The company offers custom-made textile decorations and installation services, supported by a physical showroom in Prague. The website reflects a professional and consistent brand presence with comprehensive product information and active social media engagement. Technically, the website employs a modern tech stack including jQuery, Bootstrap, Owl Carousel, and integrates Google Analytics and Tag Manager for tracking and marketing. The site is mobile-optimized and provides a cookie consent mechanism compliant with GDPR. However, there is room for improvement in security headers and explicit security policies. Security posture is generally good with HTTPS enforced and no visible vulnerabilities in the content. The absence of WHOIS registration data is a notable concern, potentially impacting trust and legitimacy perception. Privacy policies and cookie management are well implemented, supporting compliance with data protection regulations. Overall, the website presents a solid digital presence for a small retail business in interior design, but should address WHOIS transparency and enhance security best practices to improve trust and compliance.

S

SPA Studio

spa-studio.cz

57

SPA Studio is a specialized retailer and service provider of family whirlpools and hybrid swim spa pools under the Canadian Spa International® brand, operating primarily in the Czech and Slovak markets. The company emphasizes quality, innovation, and customer service, supported by multiple showrooms and a comprehensive online presence. Their product offerings include over 47 unique whirlpool models and 9 swim spa models, targeting families and wellness enthusiasts seeking year-round relaxation solutions. Technically, the website is built on WordPress with a modern tech stack including jQuery, Slick Carousel, and various analytics and marketing tools such as Google Tag Manager, Facebook Pixel, and Smartlook. The site is well optimized for performance, mobile responsiveness, and accessibility, with strong SEO practices and GDPR compliance through the Complianz plugin. From a security perspective, the site enforces HTTPS, uses reCAPTCHA for forms, and manages cookie consent effectively. However, there is room for improvement in HTTP security headers and incident response visibility. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional and trustworthy digital front for SPA Studio, though the lack of WHOIS data reduces transparency regarding domain registration. Strategic recommendations include enhancing security headers, publishing a security.txt file, and improving incident response contact information to further strengthen trust and compliance.

N

Nábytek Hülsta

nabytekhulsta.cz

47

Nábytek Hülsta operates as a specialized retailer of German design furniture, offering a combination of modern design and high-quality craftsmanship. The website targets Czech consumers interested in premium furniture, supported by multiple showroom locations. The business is positioned as a medium-sized retail entity under the parent company W a Weinzettl, s.r.o., with a focus on delivering quality and innovative furniture solutions. Technically, the website is built on WordPress with Elementor and Yoast SEO, integrating modern analytics and marketing tools such as Google Analytics, Facebook Pixel, and Pinterest Tag. The site demonstrates good digital maturity with responsive design and SEO optimization. Security posture is solid with HTTPS and standard tracking protections, though explicit privacy and cookie policies are not visible, indicating room for improvement in compliance. WHOIS data is unavailable, likely due to privacy protection, which slightly reduces domain trust but is common for retail businesses. Overall, the site is professional, trustworthy, and well-structured for its market segment.

U

UCLA Health

uclahealth.org

74

UCLA Health is a leading healthcare provider and academic medical center based in Southern California, affiliated with the University of California. The website serves patients, healthcare professionals, and the community by providing information about its hospitals, clinics, cancer center, and academic departments. It holds a strong market position as a top-ranked hospital system with a comprehensive range of healthcare services. Technically, the site is built on Drupal 11, leveraging modern web technologies including Font Awesome, Google Tag Manager, and Vimeo API, with good mobile optimization and accessibility features. Security posture is strong with HTTPS, multiple security headers, and no visible vulnerabilities, though explicit security policies and vulnerability disclosures are absent. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, making it a reliable digital presence for UCLA Health.

C

Cardiotext Publishing

cardiotextpublishing.com

64

Cardiotext Publishing is a specialized small business focused on publishing and selling cardiology medical textbooks and eBooks. The company has an established market presence since 2007, targeting clinicians and allied health professionals in cardiology. Their business model centers on e-commerce sales of niche medical content with worldwide delivery and partnerships with major distributors and retailers. Technically, the website is built on the Squarespace platform, leveraging modern web technologies and third-party integrations such as Google Analytics and Stripe for payments. The site is mobile optimized and provides a professional user experience. Security posture is strong with HTTPS, HSTS, and PCI-compliant payment processing, though DNSSEC is not enabled and some advanced security headers are missing. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the website is trustworthy, professionally maintained, and aligned with its business objectives.

Demcon is a technology company focused on attracting and recruiting technology professionals through its careers website. The site is designed to showcase career opportunities and engage talent interested in technology sectors. The company appears to be medium-sized and founded in 2018, with a consistent domain registration and hosting setup. The technical infrastructure leverages modern JavaScript frameworks such as Nuxt.js, integrates Google Tag Manager and YouTube APIs, and uses Cookiebot for cookie consent management, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and explicit security policies. Privacy compliance is partial, with cookie consent present but no visible privacy policy or terms of service in the provided content. Overall, the website is professional and functional, but could improve transparency and security practices to enhance trust and compliance.

C

Columbus

columbusenergy.cz

58

Columbus Energy a.s. is a Czech-based company specializing in the installation and supply of photovoltaic systems, heat pumps, and electric vehicle charging solutions primarily targeting households, businesses, and institutions. The company positions itself as a reliable general contractor offering turnkey renewable energy solutions with strong support for subsidy and financing programs. Their market presence is supported by a stable parent group, Columbus Group, and they maintain a significant footprint in the European renewable energy sector. Technically, the website is built on WordPress with a modern tech stack including jQuery, Google Analytics, Microsoft Clarity, and Facebook Pixel, ensuring good performance and user experience across devices. Security posture is solid with HTTPS, cookie consent mechanisms, and secure form handling, although explicit security policies and incident response contacts are not published. Overall, the website reflects a professional, trustworthy business with comprehensive content and good privacy compliance.

B

BK Instal

bk-instal.cz

38

BK Instal is a small Czech Republic-based company specializing in photovoltaic power plant projects, installations, servicing, and energy savings solutions. The website presents a professional and modern approach to energy solutions, targeting owners and operators of photovoltaic systems and energy-conscious consumers. The company positions itself as a regional energy service provider with a focus on sustainable energy savings. Technically, the website is built on WordPress with Elementor, utilizing modern web technologies including Google Tag Manager and Facebook Pixel for marketing and analytics. Security posture is moderate with HTTPS enabled and use of reCAPTCHA, but lacks explicit security headers and privacy compliance mechanisms. The absence of WHOIS data for the domain raises concerns about domain legitimacy and registration transparency. Overall, the website is functional and professional but would benefit from improved privacy compliance and verified domain registration information.

P

Profigrass s.r.o.

profigrass.cz

56

Profigrass s.r.o. is a Czech-based company specializing in the retail and service of irrigation and garden equipment, established in 1996. The company represents the American brand Toro in the Czech and Slovak markets, leveraging extensive experience in sales, service, and marketing. Their website serves both B2B and B2C customers, offering a broad range of products including control units, valves, pumps, and accessories for irrigation systems. The company targets private gardens, commercial parks, sports fields, and agricultural sectors. Technically, the website is built on the Shoptet e-commerce platform, utilizing standard web technologies and tracking tools such as Google Analytics and Microsoft Clarity. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is adequate with HTTPS enabled and cookie consent implemented, though some security headers and updated libraries are recommended. The absence of WHOIS data reduces domain trustworthiness, but the website content and business information appear legitimate and professional. Overall, the site demonstrates a solid digital presence with room for security and compliance enhancements.

I

Infigy

infigy.cz

52

Infigy is a Czech-based company specializing in smart energy management solutions that integrate photovoltaic systems, batteries, heat pumps, boilers, and electric vehicle chargers. Their platform optimizes energy consumption and production to maximize self-consumption and cost savings, targeting residential and commercial customers as well as energy communities. The company is relatively young, founded in 2022, but presents a professional and mature digital presence with strong local partnerships and certifications. Technically, the website is built on modern frameworks like Next.js and React, with good performance and mobile optimization. Security posture is solid with HTTPS and secure form handling, though explicit security policies and incident response contacts are not published. Overall, the website is trustworthy, professional, and well-positioned in the Czech energy market.

Č

Čarovné-Slovensko.sk

carovne-slovensko.sk

58

Čarovné-Slovensko.sk operates a well-established e-commerce platform specializing in unique Slovak regional products including books, maps, and functional clothing. With over 23 years of experience, the company positions itself as a leading publisher and retailer in Slovakia, emphasizing Slovak production and fast delivery. The website is professionally designed with clear navigation and strong trust signals such as customer reviews, free shipping, and a 100-day return policy. Technically, the site leverages modern analytics and marketing tools including Google Analytics 4, Microsoft Clarity, Smartlook, and Tawk.to live chat, built on the Shoptet e-commerce platform. Security posture is solid with HTTPS enforced and CSRF protections on forms, though some security headers could be improved and a formal security policy is absent. Privacy compliance is robust with comprehensive cookie consent and privacy policies aligned with GDPR. Overall, the site is trustworthy and well-maintained, serving a general audience interested in Slovak cultural and regional products.

Coworking Příbram z.s. is a small local business providing coworking spaces, meeting rooms, and office rentals in the center of Příbram, Czech Republic. The company targets freelancers, remote workers, and small businesses seeking flexible office solutions with amenities such as fast WiFi, coffee, and 3D printing. Their business model is membership and rental-based with tiered pricing plans and daily access options. The website is professionally designed with clear navigation and relevant content, supporting their market position as a community-focused coworking provider. Technically, the website uses modern frontend technologies including Bootstrap, jQuery, and Owl Carousel, with Google Tag Manager for analytics. The site is mobile-optimized and performs moderately well, though accessibility and SEO optimizations are basic. No CMS or hosting provider details are evident. Security practices are minimal with no detected security headers or privacy policies, indicating room for improvement in compliance and protection. Security posture is moderate; HTTPS is assumed but no explicit security headers or privacy policies are present. No vulnerabilities or exposed sensitive data were found in the HTML content. The WHOIS data is consistent with the business claims, showing domain registration in 2021, appropriate for a small startup. Contact information is clear and trustworthy, with no suspicious external links or content detected. Overall, the website is functional and professional but lacks critical privacy and security policies. Strategic improvements in security headers, privacy compliance, and incident response readiness are recommended to enhance trust and regulatory adherence.

P

Pejšův mlýn spol. s r.o.

pejsuvmlyn.cz

43

Pejšův mlýn spol. s r.o. is a Czech milling company with a rich historical background dating back to the 16th century. The company operates multiple mills including Pejšův mlýn Sedlčany, Mlýn Křesín, and Mlýn Mirotice, producing high-quality flour using traditional methods. The website presents the business as a regional leader in milling with a focus on quality and certification. Technically, the website is built on Angular 14, uses Google Fonts and Google Tag Manager, and is moderately optimized for mobile devices. However, it lacks explicit privacy and cookie policies, and no security headers were detected, indicating room for improvement in security and compliance. The domain registration data is consistent with the business claims, showing a long-standing presence since 2001. Overall, the website is professional and trustworthy but should enhance its privacy compliance and security posture.

ASK Dipoli is an athletic sports club based in the Czech Republic, founded in 2018, serving approximately 900 members ranging from young children to adults. The club offers professional and hobby training in athletics, running, beach volleyball, weightlifting, and organizes workshops, camps, and competitions. It holds a strong regional position as the second largest club in the Central Bohemian Region. Technically, the website is built on the Weebly platform, utilizing common web technologies such as jQuery and Google Analytics, with embedded widgets for event calendars and social media feeds. The site is moderately optimized for mobile and SEO, with a clear navigation structure and good content relevance. Security posture is basic, lacking visible security headers and privacy compliance mechanisms. WHOIS data is unavailable, limiting domain trust assessment, but the website's active social media presence and detailed content support legitimacy. Overall, the site is functional and professional but would benefit from enhanced security and privacy features.

O

OCRRUNNING.CZ

ocrrunning.eu

61

OCRRUNNING.CZ operates an e-commerce platform specializing in running, outdoor, and cycling sports products. The website offers a broad catalog of footwear, clothing, and accessories targeting sports enthusiasts, with a focus on providing competitive pricing and customer service. The business appears to be a small retail entity based in the Czech Republic, catering to a general audience interested in sports apparel and equipment. Technically, the website is built on the Binargon e-shop CMS platform, utilizing modern web technologies including Google Analytics 4, Google Ads, and reCAPTCHA v3 for bot protection. The site is mobile optimized and provides a good user experience with clear navigation and product categorization. Security posture is adequate with HTTPS enforced and basic security best practices observed, though additional security headers and published security policies would enhance protection. Privacy compliance is limited, with no visible privacy or cookie policies, which poses a compliance risk under GDPR. WHOIS data is privacy protected by EURid, which is typical for EU domains and justified for this business type. Overall, the website is functional and professional but would benefit from improved privacy and security disclosures to increase trust and compliance.

E-solutions, s.r.o. is a Czech-based technology company specializing in custom internet projects including web development, internet applications, mobile apps, and price monitoring services. With over 21 years of market presence and a solid client base, the company positions itself as a professional and experienced service provider in the Czech Republic. The website reflects a modern and professional digital presence with good design and user experience, supporting both Czech and English languages. Technically, the site uses modern JavaScript libraries, Google Analytics, Tag Manager, and Google Maps API, indicating a mature digital infrastructure. Security posture is generally good with HTTPS enforced and cookie consent implemented, though some security headers and formal privacy policies are missing. The absence of WHOIS data limits domain trust verification, but the detailed contact information and business presentation support legitimacy. Overall, the website is a reliable representation of a small technology service company with room for improvement in privacy and security transparency.

C

Cestovní kancelář CAPRO

capro.cz

55

Cestovní kancelář CAPRO is a Czech travel agency specializing in active holidays and various travel packages including last minute and first minute offers. The company targets Czech-speaking travelers seeking both domestic and international active vacations. The website is professionally designed, mobile-optimized, and provides clear contact information, supporting a medium-sized business profile in the hospitality sector. Technically, the site employs modern JavaScript libraries, tracking tools like Google Analytics and Facebook Pixel, and enforces HTTPS with appropriate security headers, indicating a mature digital infrastructure. However, the absence of WHOIS data and explicit privacy and cookie policies suggests areas for improvement in transparency and compliance. Overall, the security posture is strong with no evident vulnerabilities, but the lack of formal security and incident response disclosures limits full security maturity assessment. Strategic recommendations include publishing comprehensive privacy and cookie policies, establishing a vulnerability disclosure process, and enhancing accessibility features to improve compliance and user trust.

W

WAREMA Renkhoff SE

warema.com

66

WAREMA Renkhoff SE is a well-established manufacturer specializing in high-quality sun protection solutions such as awnings, blinds, roller shutters, and patio roofs. The company targets both private and business customers across multiple European countries, supported by dedicated portals and multilingual websites. Their market position is strong, supported by consistent branding and a comprehensive product offering. Technically, the website employs modern web technologies including StencilJS and a consent management platform, ensuring good performance, mobile optimization, and GDPR compliance. Security posture is solid with HTTPS enforcement and security headers, though explicit security policies and incident response information are not publicly available. The absence of WHOIS data is notable but does not detract significantly from the site's legitimacy given the professional presentation and extensive online presence. Overall, the website is trustworthy, well-maintained, and compliant with privacy regulations.

C

Corradi

corradi.eu

67

Corradi is an established Italian company specializing in the design and manufacture of outdoor living solutions such as pergolas, sun sails, and closures. Founded in 1978 and now part of the Belgian Renson Group, Corradi holds a strong market position with internationally recognized products and a focus on design and innovation. The website reflects a professional and consistent brand image targeting both consumers and businesses interested in high-quality outdoor furniture and shading systems. Technically, the website uses modern web technologies including Google Tag Manager, Google Analytics, and CookiePro for consent management, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enabled and cookie consent implemented, though some security headers and explicit privacy policies are missing. Overall, the site is safe, trustworthy, and compliant with basic privacy standards but could improve transparency and security documentation.

L

LANDCRAFT

landcraft.cz

53

LANDCRAFT is a Czech-based craft distillery specializing in the production and online retail of premium spirits including gin, liqueurs, vermouths, and limited edition distilled products. The company targets mature consumers interested in high-quality alcoholic beverages and offers additional value through recipes, custom production, and tasting events. The website is built on the Shoptet e-commerce platform, leveraging modern web technologies and marketing tools such as Google Analytics and Facebook SDK. Privacy and cookie policies are well implemented, reflecting GDPR compliance. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The absence of WHOIS data reduces domain trustworthiness but does not detract from the professional presentation and clear contact information on the site. Overall, the website is functional, user-friendly, and professionally maintained, serving a niche market effectively.

S

Salut Restaurant

salutrestaurant.cz

65

Salut Restaurant is a modern hospitality business located in Prague 7, Holešovice, offering seasonal, fresh, and modern cuisine with a focus on quality dining experiences. The website showcases a professional and well-structured digital presence, including event hosting, daily and evening menus, and an e-shop. The business is part of the Absolutum Group, indicating a stable parent company relationship. Technically, the website employs modern JavaScript libraries and tracking tools, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and reCAPTCHA usage, though some security headers could be improved. Privacy compliance is well addressed with clear GDPR and cookie policies. Overall, the website is trustworthy and professionally maintained, though the lack of WHOIS data slightly reduces domain trustworthiness.

N

NEXT REALITY GROUP a.s.

nextreality.cz

61

NEXT REALITY GROUP a.s. operates a professional real estate website targeting clients and partners across the Czech Republic. The company emphasizes honesty, quality client care, and professional service, offering property sales, rentals, and franchise opportunities. The website is well-structured, with clear navigation and a professional design that supports its market position as a significant player in the Czech real estate sector. Technically, the site employs modern web technologies including Google Analytics, Microsoft Clarity, and CookieHub for analytics and cookie management, alongside a chatbot for customer interaction. The site is mobile-optimized and uses HTTPS to secure communications. Security posture is generally good with enforced HTTPS and cookie consent mechanisms; however, the absence of visible security headers and explicit security policies suggests room for improvement. The WHOIS data is missing, which impacts trust and transparency, but the website content and business information appear legitimate and professional. Overall, the site is safe, GDPR compliant, and provides a positive user experience.

O

Opravdový vztah s.r.o.

opravdovyvztah.cz

67

Opravdový vztah s.r.o. operates a professionally designed website focused on relationship coaching, therapy, and personal development services primarily targeting individuals and couples in the Czech Republic. The company offers a range of services including therapy, coaching, couples therapy, educational materials, podcasts, and an e-shop. The website positions itself as a leading and highly rated project in its niche. Technically, the site is built on WordPress with WooCommerce for e-commerce functionality, leveraging modern JavaScript libraries and third-party analytics and marketing tools such as Google Analytics, TikTok Pixel, and Facebook Pixel. The site is mobile optimized and demonstrates good SEO and accessibility practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and policies are not confirmed. The absence of WHOIS data reduces transparency and slightly impacts trustworthiness. Overall, the site is safe, compliant with GDPR, and professionally maintained.

N

Nadace NEXT

nadacenext.cz

56

Nadace NEXT is a Czech non-profit foundation established in 2022, continuing the charitable activities of NEXT REALITY GROUP. The foundation focuses on helping individuals in need and operates primarily within the Czech Republic. The website is professionally designed using WordPress with Elementor and Astra theme, providing a good user experience and clear navigation. It includes GDPR-compliant privacy and cookie policies with a consent mechanism, reflecting a mature approach to privacy. The technical infrastructure is modern and includes spam protection and Google Tag Manager for analytics. Security posture is good with HTTPS and security headers in place, though explicit security policies and incident response contacts are absent. Overall, the website is trustworthy and well-aligned with its business purpose.

V

Ville de Saint-Étienne

saint-etienne.fr

72

The website www.saint-etienne.fr is the official digital portal for the city government of Saint-Étienne, France. It serves as a comprehensive resource for residents and visitors, offering access to municipal services, news, cultural and sporting events, administrative procedures, and employment opportunities. The site is well-positioned as an authoritative source for local information and community engagement. Technically, the site is built on Drupal 10, leveraging modern web technologies including Google Tag Manager, Google Analytics (GA4), Matomo Analytics, and OneSignal for push notifications. It employs a robust cookie consent mechanism via Tarteaucitron, ensuring GDPR compliance. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes essential security headers. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a publicly available security policy or incident response contact, which could enhance transparency and trust. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include publishing a formal security policy, incident response information, and a vulnerability disclosure program to further strengthen security posture and user trust.

F

Fresh Food Ventures Group BV

crisp.jobs

62

Crisp.jobs is the career portal for Crisp, an online supermarket specializing in fresh food delivery in the Netherlands. The company leverages technology to provide fresh products directly from the source to consumers, emphasizing quality and convenience. The website presents a professional and well-structured platform showcasing job opportunities across multiple departments, reflecting an active and growing business. The company holds a B Corporation certification, reinforcing its commitment to social and environmental standards. Technically, the website employs modern web technologies, likely a React-based single-page application, with optimized performance and mobile responsiveness. It integrates Google Tag Manager for analytics and marketing purposes and implements a comprehensive cookie consent mechanism, indicating good privacy compliance. The site is served over HTTPS with no visible security flaws in the HTML content. From a security perspective, while HTTPS and cookie consent are well implemented, the site lacks publicly available security policies and incident response contacts, which could be improved to enhance trust and preparedness. No vulnerabilities or suspicious content were detected. Overall, the domain registration aligns with the business identity, supporting legitimacy. The overall risk profile is low, with recommendations focusing on publishing security and incident response policies and enhancing security headers. The website is suitable for general audiences, with no adult or questionable content detected.

G

Glide Design

glidedesign.com

63

Glide Design is a Texas-based company specializing in web design, development, and SEO services, targeting businesses seeking digital marketing and website solutions. The website presents a professional design with good content quality and clear navigation, optimized for mobile devices. The technical infrastructure is based on WordPress CMS, utilizing modern analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, HubSpot, and Hotjar, indicating a mature digital presence. Security posture shows moderate maturity with the use of HTTPS and analytics scripts, but lacks visible security headers and formal privacy or cookie policies, which are areas for improvement. The absence of WHOIS registration data raises concerns about domain legitimacy and trustworthiness, suggesting the need for verification of domain registration status. Overall, the website is functional and professional but would benefit from enhanced compliance and security transparency.

G

Galaxy Digital LLC

galaxydigital.com

67

Galaxy Digital LLC operates the website galaxydigital.com, offering a comprehensive volunteer management software solution called Get Connected. The company targets non-profit organizations and mission-driven groups primarily in the United States and Canada. Their software facilitates volunteer recruitment, engagement, scheduling, tracking, and reporting, positioning them as a leading provider in the volunteer management SaaS market. The website is professionally designed, well-structured, and rich in content, reflecting a mature digital presence. Technically, the site is built on the HubSpot CMS platform, leveraging modern marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. The site employs HTTPS with strong security headers, ensuring secure communications and good security posture. Forms are integrated via HubSpot, providing secure data collection mechanisms. The website is mobile-optimized and accessible, with good SEO practices. Security-wise, the site demonstrates solid fundamentals with HTTPS enforcement and security headers. However, it lacks publicly available security policies, incident response plans, and vulnerability disclosure information, which are recommended for enhanced trust and compliance. The absence of WHOIS data for the domain raises some concerns about domain registration transparency, though the website content and business information appear legitimate and professional. Overall, the website presents a low-risk profile with strong business credibility and technical implementation. Strategic recommendations include publishing explicit security and incident response policies, clarifying domain registration details, and enhancing privacy transparency to further strengthen trust and compliance.

N

NBCF Shop

nbcfshop.com

66

NBCF Shop is an e-commerce platform dedicated to selling merchandise that supports the National Breast Cancer Foundation's mission of breast cancer awareness, education, and support. The website offers a variety of products including apparel, accessories, HOPE Kits, and educational materials. It targets a general audience interested in supporting breast cancer causes through purchases. The business operates on Shopify, leveraging a mature e-commerce infrastructure with integrations for marketing and customer reviews. The domain is well-established since 2013, consistent with the organization's history and mission. Technically, the site uses modern web technologies and is mobile-optimized, though some improvements in privacy policy transparency and DNS security could be made. Security posture is solid with HTTPS and domain locking, but lacks DNSSEC and explicit security headers. Overall, the site is professional, trustworthy, and serves a niche non-profit retail market effectively.

F

Flatiron School

flatironschool.com

69

Flatiron School is a well-established coding bootcamp founded in 2012, offering comprehensive on-campus and online courses in software engineering, data science, cybersecurity, AI, and game design. The company targets individuals seeking career advancement in technology fields and maintains a strong market position with over 20,000 alumni and partnerships with major tech companies. The website reflects a professional and modern digital presence with excellent content quality and user experience. Technically, the website is built on WordPress hosted likely on AWS infrastructure, utilizing a broad range of modern marketing and analytics tools including Google Tag Manager, Facebook Pixel, TikTok Pixel, Marketo, and Hotjar. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced and domain registration protections in place, but could be improved by enabling DNSSEC and publishing explicit security policies. The security evaluation shows no critical vulnerabilities or exposed sensitive data. Privacy compliance is strong with visible cookie consent mechanisms and a comprehensive privacy policy. Business credibility is high with clear contact information, structured data, and trust indicators such as alumni network size and corporate partnerships. No adult or questionable content is present, making the site safe for general audiences. Overall, Flatiron School’s website demonstrates a mature digital infrastructure supporting its educational mission, with room for minor security enhancements. The domain registration data aligns well with the company’s history, reinforcing legitimacy and trustworthiness.

E

EncolaJS & Contributors

encolajs.com

56

EncolaJS Enforma is a specialized technology solution offering a comprehensive form-building framework for VueJS applications. It targets frontend developers seeking flexible, schema-driven, and reactive form solutions integrated with popular validation libraries and UI frameworks. The business operates as an open-source project with community engagement via GitHub and social media, positioning itself as a niche player in the VueJS ecosystem. Technically, the website leverages modern technologies such as VueJS, VitePress, TailwindCSS, and integrates marketing and analytics tools like Mailerlite and Google Tag Manager. Hosting and DNS services are provided by Cloudflare, ensuring good performance and security at the infrastructure level. Security posture is adequate with HTTPS enforced and domain transfer protections, but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies, which should be addressed to meet GDPR and other regulations. Overall, the site is professional, well-structured, and safe for general audiences, but could improve in compliance and security best practices.

D

dealerdesk GmbH

dealerdesk.com

54

Dealerdesk GmbH operates a specialized CRM platform tailored for automotive dealerships, offering integrated services such as lead management, marketing automation, and customer communication tools including WhatsApp and video chat. The company is well-established in the German automotive sector with a significant user base and recognized market presence. Technically, the website is built on WordPress with modern web technologies and demonstrates good SEO and mobile optimization. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though some security headers could be improved. Overall, the site reflects a professional and trustworthy business with no critical vulnerabilities detected.