Security Directory

I

i+m NATURKOSMETIK BERLIN

iplusm.berlin

54

i+m NATURKOSMETIK BERLIN is a small German company specializing in natural, fair, organic, and vegan cosmetics. The website serves as an e-commerce platform targeting consumers interested in ethical and natural skincare products. The business appears to be well-established with a domain age since 2014, consistent with its market presence. Technically, the website is built on WordPress, utilizing Yoast SEO for optimization and Google Tag Manager for analytics, indicating a moderate level of digital maturity. Performance and mobile optimization are adequate, though accessibility features could be improved. Security posture is basic with HTTPS enabled but lacking DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Overall, the site is professional and trustworthy but would benefit from improved security and privacy practices.

F

FORSTORY

forstory.de

44

FORSTORY is a small Munich-based film agency specializing in storytelling with a focus on sustainability. The company positions itself as a niche player in the media industry, offering film production, impact films, workshops, and social business consulting. The website is professionally designed with clear navigation and good mobile optimization, reflecting a moderate level of digital maturity. The technical infrastructure includes modern web technologies such as HTML5, CSS3, JavaScript, and integration of Vimeo for video content. Matomo analytics is used for user tracking, indicating some privacy-conscious choices. Security posture is generally good with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and a privacy policy page, which are recommended for compliance and trust. No contact emails or phone numbers are explicitly provided on the site, which may affect user trust and business credibility. WHOIS data is minimal but consistent with the hosting provider, with no suspicious indicators. Overall, the website is safe, professional, and targeted at a general audience interested in sustainability storytelling.

C

crossworks projects GmbH

cw-p.com

9

crossworks projects GmbH is a small German-based event management company specializing in live, digital, and hybrid events. Their website presents a professional image with a clear focus on providing reliable event services from concept to execution. The company targets businesses seeking comprehensive event solutions. Technically, the website is built on WordPress with Yoast SEO and employs Usercentrics for cookie consent management, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly but lacks some accessibility features and explicit privacy and terms of service documentation. Security posture is adequate with HTTPS enabled, but the absence of security headers and incident response information suggests room for improvement. The domain WHOIS data is missing, which raises concerns about domain legitimacy and transparency. Overall, the website is functional and professional but would benefit from enhanced compliance and security disclosures.

CoCreatingFuture UG (haftungsbeschränkt) is a small German company specializing in holistic organizational transformation processes, leveraging the Theory U methodology. The company offers process facilitation, workshops, coaching, and transformation courses aimed at organizations, teams, and individuals seeking sustainable change. Their market position is that of an innovative service provider focused on deep transformation and co-creative future design. The website is professionally designed using WordPress with the Astra theme and includes clear navigation and contact information, reflecting a good level of digital maturity. Technically, the site uses modern web technologies and plugins but lacks some advanced security headers and cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements in security policy transparency and incident response readiness are recommended. Overall, the website is trustworthy and safe, with no adult or questionable content detected. Strategic recommendations include implementing cookie consent for GDPR compliance, adding security headers, publishing security policies, and enhancing incident response information to improve trust and compliance.

B

ba tax

ba-tax.de

10

ba tax is a digital and agile tax consultancy firm specializing in serving fast-growing technology companies and innovative digital businesses in Germany. The company emphasizes societal value and ecological sustainability, positioning itself as a modern partner for startups and companies in growth or transformation phases. The website reflects a professional and consistent brand image with strong client references and testimonials, indicating a solid market position. Technically, the site is built on WordPress with Elementor and uses modern plugins for SEO and cookie management, showing a good level of digital maturity. Security posture is adequate with HTTPS and cookie consent implemented, but lacks published security policies and incident response information. Overall, the site is trustworthy and professional, though improvements in privacy compliance documentation and security transparency are recommended.

B

Bauck Mühle

bauck.de

48

Bauck Mühle is a German-based company specializing in organic and health food products, including gluten-free and vegan options. Their website is built on TYPO3 CMS and features a professional design with good mobile optimization and clear navigation. The business targets consumers interested in wholesome, organic food products and operates primarily in the retail and e-commerce sectors. The company maintains a moderate market position within the niche organic food market. Technically, the website employs modern technologies such as Google Analytics 4, Google Tag Manager, and Cookiebot for consent management, indicating a mature digital infrastructure. Security-wise, the site uses HTTPS and implements cookie consent mechanisms but lacks explicit security headers and published security policies, which could be improved. Overall, the website is trustworthy, with no signs of blocking or WAF interference, and maintains good privacy compliance through detailed cookie consent dialogs. However, the absence of visible privacy policy and terms of service pages is a notable gap.

acb.studio is a small digital design studio specializing in sustainable digital products, focusing on analysis, creation, and building of digital solutions with an emphasis on sustainability. The website presents a professional and modern design with clear messaging targeting businesses interested in sustainable digital product design. The technical infrastructure includes modern web fonts, SVG animations, and cloud-hosted images, indicating a contemporary digital maturity level. Security posture is moderate with HTTPS likely enabled but lacking visible security headers and explicit privacy or cookie policies. No contact information or incident response details are provided, which could impact trust and compliance. Overall, the website is functional and professional but would benefit from enhanced security and privacy disclosures.

B

Bertelsmann Stiftung

bertelsmann-stiftung.de

50

Bertelsmann Stiftung is a well-established non-profit foundation based in Germany, focusing on societal change through projects, studies, and events. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content aimed at a broad audience including policymakers, researchers, and the general public. Technically, the site is built on TYPO3 CMS with modern web technologies and demonstrates good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and basic security headers, though explicit security policies and incident response information are not publicly disclosed. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professionally managed, with no signs of malicious activity or vulnerabilities.

B

Bau-Fritz GmbH & Co. KG

baufritz.com

51

Baufritz is a well-established German company specializing in ecological prefabricated wooden houses, combining sustainable architecture with innovative environmental technology. The company targets private and business customers seeking healthy and environmentally friendly housing solutions. Their market position is strong, with a history dating back to 1896 and certifications supporting their ecological claims. Technically, the website employs modern frameworks like Bootstrap and integrates Google Tag Manager and Usercentrics for analytics and consent management, reflecting a mature digital infrastructure. Security posture is good with HTTPS and consent mechanisms, though some security headers and explicit policies could be improved. The WHOIS data is missing or unavailable, which slightly impacts domain trustworthiness but does not detract from the professional presentation and comprehensive content. Overall, the website is high quality, accessible, and trustworthy for its audience.

R

reown inc.

reown.com

71

Reown Inc. is a technology company specializing in providing infrastructure and developer tools for onchain finance applications, including DeFi, payments, and enterprise solutions. Positioned as a connectivity layer for the financial internet, Reown offers SDKs and analytics to enable secure, user-friendly, and scalable digital ownership experiences. The company targets developers and teams building blockchain-based financial products, emphasizing growth and security. Technically, the website is built on modern frameworks such as Next.js and React, hosted via Cloudflare, and integrates HubSpot for forms and PostHog for analytics, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement, security headers, and domain registration protections, though DNSSEC is not enabled and no security.txt file is published. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website demonstrates high professionalism, technical maturity, and business credibility, with minor recommendations for enhanced DNS security and incident response transparency.

W

Web3 Privacy LLC

snapshot.box

59

Snapshot (snapshot.box) is a decentralized governance platform designed to facilitate voting and proposal management for DAOs and blockchain projects. Operated by Web3 Privacy LLC, the platform targets Web3 communities seeking transparent and decentralized decision-making tools. The website is modern, built with Vue.js and Headless UI, and hosted with Cloudflare DNS services, indicating a contemporary technical infrastructure. The domain is newly registered in May 2024, consistent with a recently launched platform in the evolving Web3 space. Security posture is moderate; while HTTPS is implied, no explicit security headers or DNSSEC are enabled, and no privacy or cookie policies are present on the explored page. The site lacks visible contact or incident response information, which could be improved to enhance trust and compliance. Overall, Snapshot presents a professional and functional platform with room for enhanced security and privacy compliance measures.

PEENE TRANS GmbH is a German logistics company specializing in bulk material transport for construction sites, including mixing plants, concrete industry, and large-scale projects. The company positions itself as a reliable partner offering just-in-time delivery with a modern fleet of tractor-trailers. Their website is built on TYPO3 CMS and uses a variety of modern front-end libraries to provide a responsive and user-friendly experience. The content is professionally presented in German, targeting construction industry clients and logistics partners. Contact information is comprehensive, including multiple emails and phone numbers for key personnel. The website includes a cookie consent mechanism and a privacy policy, indicating awareness of GDPR compliance. However, no explicit terms of service or security policies are published.

G

Gut Klostermühle

gut-klostermuehle.com

49

Gut Klostermuehle is a boutique hospitality and wellness provider located in Brandenburg, Germany, offering unique accommodation, spa, culinary, and event services in a natural lakeside setting. The website is professionally designed using TYPO3 CMS and integrates modern tracking and marketing tools such as Google Tag Manager and Facebook Pixel. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Security posture is generally good with HTTPS enforced, but lacks some recommended security headers and incident response information. The domain WHOIS data is unavailable, which slightly impacts trust but the website content and business information appear consistent and professional. Overall, the site presents a trustworthy and user-friendly digital presence for its hospitality business.

N

NEUWOBA - Neubrandenburger Wohnungsbaugenossenschaft eG

neuwoba.de

48

NEUWOBA - Neubrandenburger Wohnungsbaugenossenschaft eG is a large housing cooperative based in Neubrandenburg, Germany, providing modern, affordable, and community-oriented housing solutions. The organization operates multiple subsidiaries offering social care services, property management, and new construction projects. Their market position is strong within Mecklenburg-Vorpommern, supported by over 9,000 apartments and active community engagement. The website reflects a professional and comprehensive digital presence with clear navigation and relevant content targeting local residents and cooperative members. Technically, the website is built on TYPO3 CMS with modern front-end frameworks like Bootstrap and jQuery. It incorporates various UI libraries and ensures mobile responsiveness and good SEO practices. Cookie consent and privacy policies are implemented in compliance with GDPR. Analytics usage is moderate, primarily via Google Analytics, with user tracking controlled by consent mechanisms. From a security perspective, the site enforces HTTPS and uses secure forms but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious content were detected. The domain registration data aligns well with the business claims, indicating a trustworthy and legitimate online presence. Overall, NEUWOBA's website demonstrates a mature digital infrastructure suitable for its business needs, with room for improvement in security policy transparency and accessibility features. The risk profile is low, and the site is safe for general audiences.

L

LIEPS GmbH

neueins.tv

9

Neueins.tv is a regional television broadcaster and video production company serving Mecklenburg-Vorpommern, Germany. The website is professionally designed using TYPO3 CMS and offers a range of video content including news, interviews, and local events. The company, LIEPS GmbH, has been established since 2003 and maintains consistent branding and contact information across the site. The technical infrastructure includes modern web technologies and privacy-conscious embedding of YouTube videos. Security posture is moderate with HTTPS usage and cookie consent mechanisms, but lacks advanced security headers and has a recently expired domain registration which poses a risk to trust and availability. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent management. Overall, the site is functional, trustworthy, and serves its regional audience effectively.

SEENcard.de is a regional print media business focused on distributing compact flyers for the Mecklenburgische Seenplatte tourism region. Their business model centers on placing SEENcardBOX units at well-frequented tourist and commercial locations to provide targeted advertising and information to tourists and residents. The website is primarily in German and targets local businesses and visitors. Technically, the site uses legacy JavaScript libraries such as jQuery 1.3.2 and Cufon for font replacement, indicating some technical debt. Google Analytics is implemented with IP anonymization, and a cookie consent banner is present, showing basic privacy compliance. However, no advanced security headers or modern frameworks are detected, and the site lacks visible contact emails or phone numbers, relying on a contact form instead. The WHOIS data is limited but consistent with a small business using commercial hosting. Overall, the site is functional and professionally presented but would benefit from modernization and enhanced security measures.

Volvic Switzerland, operated by Danone Schweiz AG, is a well-established brand specializing in natural mineral water sourced from the volcanic Auvergne region in France. The website showcases a comprehensive product range including mineral water, flavored waters, and teas, with a strong emphasis on sustainability and environmental responsibility, supported by certifications such as B Corp and Carbon Trust climate neutrality. The target audience is general consumers in Switzerland seeking natural and sustainable beverage options. Technically, the site is built on Adobe Experience Manager, leveraging modern web technologies and privacy management tools, ensuring good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS and privacy consent mechanisms, though some security headers could be improved. Overall, the website is professional, trustworthy, and compliant with GDPR and cookie regulations.

N

Nutricia Limited

volvic.co.uk

70

Volvic UK is a consumer retail brand specializing in natural mineral water and flavored water products sourced from volcanic filtration in France. The company operates under Nutricia Limited and targets UK consumers with a focus on sustainability and sports sponsorship, notably the Women’s Rugby World Cup 2025. The website is built on TYPO3 CMS and integrates modern web technologies including Google Tag Manager and TrustCommander for privacy management. The site is well-structured, mobile-optimized, and provides comprehensive privacy and cookie policies with user consent mechanisms. Security posture is strong with HTTPS enforced, though security headers could be improved and incident response contacts are not publicly listed. WHOIS data for the exact domain is unavailable due to domain naming rules, indicating the domain is a subdomain rather than a registered domain, but the website content and branding strongly support legitimacy. Overall, the site demonstrates good digital maturity and business credibility with minor areas for security enhancement.

V

Volvic

volvic.com

10

Volvic operates as a prominent international beverage brand specializing in volcanic natural mineral water and a range of healthy beverages. The company emphasizes sustainability, source protection, and transparency in its product offerings, positioning itself as a responsible and environmentally conscious player in the retail beverage market. The website content reflects a mature brand with a consistent message and a broad target audience of health-conscious consumers. Technically, the site is built on TYPO3 CMS and leverages modern JavaScript libraries, providing a good user experience with mobile optimization and clear navigation. Security posture is adequate with HTTPS enabled and cookie consent mechanisms in place, but lacks visible security headers and explicit security policies, which could be improved. The absence of WHOIS registration data is a notable anomaly that slightly reduces trustworthiness, though the overall professionalism and trust signals on the site mitigate this concern. Strategic recommendations include enhancing security headers, publishing incident response information, and verifying domain registration details to strengthen credibility and compliance.

C

Carrefour

carrefour.be

64

Carrefour Belgium operates a comprehensive online and physical retail platform offering groceries and general merchandise to Belgian consumers. The website is built on Salesforce Commerce Cloud, leveraging modern e-commerce technologies and personalization tools such as CQuotient. The site provides a rich catalog of products, promotions, and services including home delivery and in-store pickup, targeting a broad consumer base in Belgium. The branding is consistent and professional, reflecting Carrefour's position as a leading supermarket chain in the region. Technically, the site uses deferred script loading, CDN resources, and Google Tag Manager with authentication tokens, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and no visible sensitive data exposure; however, the absence of explicit security headers and privacy/cookie policies suggests room for improvement in compliance and security best practices. WHOIS data is not available due to registry restrictions, but the domain appears legitimate and consistent with the brand. Overall, the website is well-designed, user-friendly, and trustworthy, though enhancements in privacy transparency and security disclosures are recommended.

Delhaize is a leading Belgian supermarket chain offering comprehensive online grocery shopping services including home delivery and in-store pickup. The website demonstrates a mature digital infrastructure leveraging modern web technologies such as React and Next.js, integrated with advanced marketing and analytics tools like Adobe DTM, Google Tag Manager, and Facebook Pixel. Security posture is strong with HTTPS enforcement and appropriate security headers, although WHOIS data is unavailable due to registry restrictions, which is common for .be domains. The site maintains good privacy and cookie policies aligned with GDPR requirements. Overall, the platform is professional, user-friendly, and trustworthy, serving a broad consumer base in Belgium.

C

Colruyt

collectandgo.be

69

Colruyt's Collect&Go website is a well-established online grocery shopping platform serving Belgian consumers. It offers convenient services such as product reservation, collection at over 220 points, and home delivery. The site reflects a strong market position as part of the Colruyt Group, a major retail player in Belgium. The business model focuses on e-commerce retail with a clear target audience of Belgian shoppers seeking efficient grocery solutions. Technically, the website employs modern JavaScript frameworks like Vue.js and jQuery, integrates Font Awesome for icons, and uses Tealium for analytics and marketing. The site is mobile-optimized and includes accessibility features, though these could be enhanced further. Security posture is solid with HTTPS enforced, security headers present, and no visible vulnerabilities. Privacy compliance is evident with comprehensive privacy and cookie policies and consent mechanisms. WHOIS data is privacy protected, which is typical for commercial retail sites, and no suspicious patterns were detected. Overall, the website is professional, trustworthy, and aligns well with business credibility standards.

W

WalletConnect Foundation

walletconnect.com

11

WalletConnect Foundation operates a leading decentralized connectivity layer for the financial internet, enabling seamless interaction between wallets and onchain applications. The platform supports a vast ecosystem including over 700 wallets, 70,000 apps, and millions of users, positioning itself as a critical infrastructure provider in the blockchain and decentralized finance space. Their business model leverages a native token (WCT) for network security, staking, and governance, reflecting a mature decentralized governance approach. Technically, the website is built on modern frameworks such as React and Next.js, hosted on Cloudflare, and integrates analytics and cookie consent tools to ensure compliance and performance. Security posture is strong with HTTPS, security headers, and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Overall, WalletConnect presents a professional, trustworthy, and technically sound digital presence with a clear focus on developer and institutional audiences.

Y

Yuga Labs

yuga.com

60

Yuga Labs is a prominent technology company specializing in the creation and development of NFT projects and web3 community experiences, notably known for the Bored Ape Yacht Club and related initiatives. The company positions itself as a leader in the web3 space, focusing on storytelling, community engagement, and digital art innovation. The website reflects a modern and professional digital presence with consistent branding and targeted messaging towards NFT enthusiasts and the broader web3 community. Technically, the website employs modern JavaScript frameworks such as Nuxt.js, utilizes Prismic CMS for content management, and leverages Cloudflare for DNS and likely CDN services. Analytics are implemented via Plausible and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features are basic. From a security perspective, the site enforces HTTPS and uses domain status flags to protect against unauthorized domain changes. However, DNSSEC is not enabled, and no security headers were detected in the provided data, which could be improved. The absence of privacy and cookie policies, as well as contact information, represents compliance and transparency gaps. No forms or direct data collection mechanisms were found, reducing immediate risk exposure. Overall, the website is trustworthy and professionally maintained but would benefit from enhanced privacy compliance, security header implementation, and clearer contact channels to improve user trust and regulatory adherence.

ApeCoin is a cryptocurrency token project officially associated with the Bored Ape Yacht Club NFT community. It supports decentralized governance, digital asset marketplaces, and community proposals, targeting Web3 enthusiasts, gamers, and digital artists. The website is well designed, mobile optimized, and uses modern technologies such as React and Next.js hosted on Cloudflare infrastructure. Security posture is strong with HTTPS enforcement, security headers, and a bug bounty program, though DNSSEC is not enabled and no explicit security or incident response policies are published. Privacy compliance is partially met with a clear privacy policy and terms of service but lacks a cookie consent mechanism. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the project.

S

Sustainable Economy gGmbH

sustainable-economy-summit.org

45

The Sustainable Economy Summit is a non-profit organization established in 2022 that organizes biennial conferences in Berlin focused on sustainable economic transformation. It brings together leaders from business, politics, science, and civil society to discuss innovative strategies and solutions aligned with planetary boundaries. The summit serves as a platform for networking, knowledge exchange, and promoting sustainable business practices. The website is professionally designed, mobile-optimized, and uses modern web technologies including WordPress, Yoast SEO, and Google Analytics. Privacy and cookie compliance are well implemented with clear policies and consent mechanisms. Security posture is good with HTTPS enabled, though some security headers could be improved. The domain registration is consistent with the organization's founding date and business claims, enhancing trustworthiness. Overall, the site presents a credible and professional image suitable for its target audience.

M

MANDARIN

mandarin-medien.de

58

MANDARIN is a German-based one-stop agency specializing in marketing, digital transformation, IT services, and employer branding. The company positions itself as a holistic partner for change and transformation, targeting businesses seeking to improve their digital presence and internal processes. The website showcases a professional design with rich multimedia content, including videos and client references, indicating a mature digital infrastructure. Technically, the site is built on modern frameworks such as Next.js and React, optimized for performance and mobile responsiveness. Security posture is strong with HTTPS, security headers, and GDPR-compliant cookie consent mechanisms integrated with Google Consent Mode. However, no explicit security policy or incident response information is published, which could be improved. The WHOIS data is privacy protected, common for agencies, and does not raise immediate concerns. Overall, the site reflects a credible and professional digital agency with a solid market presence.

D

DashBO your User-Generated Content (UGC) platform

dashbo.xyz

57

DashBO is a small technology platform launched in 2023 that offers a dashboard for user-generated content focused on NFT services, 3D modeling, animation, and AI-generated chatbots. The website presents a niche offering targeting creators and users interested in digital and NFT-related creative services. The platform uses modern frontend technologies such as React and hosts static assets on Google Cloud Storage, indicating a contemporary technical infrastructure with moderate performance and mobile optimization. However, the site lacks comprehensive SEO and accessibility features. From a security perspective, the website uses HTTPS (implied by the URL) but lacks visible security headers and does not provide privacy, cookie, or terms of service policies, which are critical for compliance and user trust. No contact or incident response information is available, limiting transparency and user support. The domain registration is consistent with the business claims, being recently created in 2023 and registered with Go Daddy, LLC, with standard domain status protections in place. Overall, the website is functional but basic in content quality and security posture. It does not exhibit any adult or questionable content and targets a general audience interested in digital creative services. The lack of privacy and contact information, as well as missing security best practices, reduces the overall trustworthiness and compliance level. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, adding contact and incident response information, enabling DNSSEC, and improving security headers and SEO features to enhance trust, compliance, and security posture.

L

Local Governments and Municipal Authorities Constituency (LGMA)

cities-and-regions.org

58

The website www.cities-and-regions.org serves as the official online presence for the Local Governments and Municipal Authorities Constituency (LGMA), a recognized group within the UNFCCC climate process advocating for local and regional governments. The site provides comprehensive information on their advocacy efforts, initiatives, and participation in global climate negotiations such as COP events. The content is professionally presented with a clear focus on climate governance and multilevel action, targeting local governments, climate negotiators, and sustainability stakeholders. Technically, the site is built on WordPress with modern plugins and frameworks, delivering moderate performance and good mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though security headers and explicit policies could be improved. Privacy compliance is limited due to the absence of visible privacy and cookie policies. WHOIS data is unavailable, which slightly reduces trust but is mitigated by the site's official nature and partnerships. Overall, the site is a credible, well-maintained platform for climate advocacy with room for enhanced transparency and security documentation.

V

Vereniging Afvalbedrijven

verenigingafvalbedrijven.nl

60

Vereniging Afvalbedrijven is a well-established Dutch industry association focused on the waste management and circular economy sectors. Founded in 2002, it serves as a key partner in the transition towards sustainable resource use and environmental responsibility. The website provides information on their activities, news, thematic areas, and campaigns, targeting professionals and organizations involved in waste processing and recycling. The association maintains an active presence on major social media platforms and publishes annual reports to communicate its impact and initiatives. Technically, the website employs a moderate technology stack including jQuery and Google Analytics with IP anonymization, hosted by team.blue nl B.V. The site is mobile-optimized with a clear navigation structure and professional design. However, it lacks some advanced security headers and cookie consent mechanisms, which are important for GDPR compliance and enhanced security posture. From a security perspective, the site uses HTTPS and DNSSEC, indicating good baseline security. No critical vulnerabilities or blocking mechanisms were detected. The WHOIS data confirms a long domain history consistent with the organization's legitimacy. Nonetheless, improvements in security headers, privacy compliance, and incident response disclosures are recommended to strengthen trust and regulatory adherence. Overall, Vereniging Afvalbedrijven presents a credible and professional online presence with room for enhancement in privacy and security practices to align with best practices and legal requirements.

V

VDI Wissensforum GmbH

vdi-wissensforum.de

72

VDI Wissensforum GmbH operates a professional educational platform focused on seminars, conferences, and training for engineers and technical professionals in Germany. The company is well-established in the technical education sector, offering a range of events and courses to support continuing professional development. Their market position is solid, supported by a consistent brand presence and a comprehensive digital platform. Technically, the website is built on TYPO3 CMS, integrates modern tools such as Google Tag Manager and Cookiebot for analytics and privacy compliance, and employs reCAPTCHA for bot protection. The site is well-optimized for mobile and accessibility, with good SEO practices and structured data enhancing discoverability. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response contacts are not published. Overall, the website demonstrates a mature digital presence with good privacy compliance and trustworthy business information.

K

KWS Energy Knowledge eG

kws-eg.com

60

KWS Energy Knowledge eG is a specialized educational cooperative based in Germany, focused on training and certifying professionals in the energy sector, including power plant operation, renewable energy, and related technical fields. The organization offers a range of services including certificate courses, official recognized training, simulator and safety training, and operates a unique wind energy training tower on its campus. The website reflects a mature digital presence with clear branding, comprehensive content, and user-friendly navigation tailored to its professional audience. Technically, the site is built on Joomla CMS with modern frameworks like Bootstrap and includes essential privacy and cookie consent mechanisms, indicating compliance with GDPR. Security posture is good with HTTPS enforced and no evident vulnerabilities, though some security headers could be improved. The domain registration is transparent and consistent with the business profile, enhancing trustworthiness. Overall, the site presents a professional, secure, and compliant digital front for the organization.

InwesD – Interessengemeinschaft Deutsche Deponiebetreiber e.V. is a German non-profit association representing landfill operators across Germany, covering landfill classes 0 to III in various operational phases. The organization provides services such as representation, networking, information dissemination through their Deponiebuch, and regional contact points. Their website is professionally designed, consistent in branding, and targets landfill operators and related stakeholders in Germany. Technically, the site is built on the Contao CMS platform, uses modern JavaScript libraries like Swiper.js and GLightbox, and integrates Google Maps with user consent mechanisms. Hosting is provided by webgo.de, a German hosting provider. Security posture is good with HTTPS enforced and cookie consent implemented, though formal security policies and incident response contacts are not published. No analytics or advertising scripts are detected, indicating a privacy-conscious approach. Overall, the site is trustworthy, well-maintained, and serves its niche audience effectively.

B

Bundesverband Energiespeicher Systeme e.V.

bves.de

56

The Bundesverband Energiespeicher Systeme e.V. (BVES) is a German industry association representing companies and institutions focused on the development, marketing, and deployment of energy storage systems across electricity, heat, and mobility sectors. The organization acts as a technology-neutral dialogue partner for politics, administration, science, and the public. The website reflects a professional digital presence built on WordPress with the Avada theme, incorporating SEO best practices via Yoast. Social media integration includes official Twitter and LinkedIn accounts, enhancing outreach and engagement. Security posture is adequate with HTTPS enabled, but lacks explicit security headers and formal security policies on the site. Privacy and cookie policies are not clearly presented, indicating room for compliance improvements. Overall, the site is trustworthy and well-positioned within its niche, serving a medium-sized organization in the energy sector.

B

BEW - Das Bildungszentrum für die Ver- und Entsorgungswirtschaft gGmbH

bew.de

56

BEW - Das Bildungszentrum für die Ver- und Entsorgungswirtschaft gGmbH is a well-established non-profit educational institution based in Germany, specializing in training and continuing education in environmental protection, waste management, energy, and related sectors. The organization offers a broad range of services including seminars, workshops, online live trainings, e-learning, and inhouse training, targeting professionals and organizations within the environmental and utility industries. Their market position is strong regionally, supported by certifications such as ISO 9001 and Ökoprofit, and a consistent brand presence across multiple digital channels. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including Bootstrap and jQuery, with integrated analytics via Matomo and Google Analytics. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. Security measures include HTTPS enforcement and Google reCAPTCHA on forms, alongside a comprehensive cookie consent mechanism. However, the site lacks explicit security policies and incident response contact information. The security posture is solid with no visible vulnerabilities or exposed sensitive data, but could be enhanced by implementing additional HTTP security headers and publishing a formal security policy. Privacy compliance is strong, with clear privacy and cookie policies in German, and GDPR compliance indicators. The business credibility is high, supported by detailed contact information, certifications, and a professional content presentation. Overall, BEW demonstrates a mature digital presence with a focus on education and sustainability, though improvements in security transparency and incident response readiness are recommended to further strengthen trust and compliance.

A

AGFW e. V.

agfw.de

53

AGFW e. V. is a well-established German industry association focused on promoting energy efficiency, combined heat and power, and district heating and cooling. With over 700 member companies and more than 50 years of experience, it serves as a technical and policy advocate, providing certifications, standards, and industry services. The website reflects a professional and consistent brand presence targeting energy sector stakeholders and professionals. Technically, the website is built on TYPO3 CMS with modern frontend technologies including Bootstrap and jQuery. It integrates Google Tag Manager and Google Maps APIs for analytics and location services. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. Performance is moderate with room for improvement. From a security perspective, the site uses HTTPS (assumed from canonical URL), includes CSRF protection in forms, and implements a cookie consent mechanism compliant with GDPR. However, explicit security headers and incident response policies are not evident. No vulnerabilities or exposed sensitive data were detected in the provided content. Overall, the website is trustworthy, professional, and compliant with privacy regulations. It effectively serves its business purpose but could enhance security posture by adding security headers and publishing incident response information.

L

LIFEe.V.

elearning-erkunden.de

44

eXplorarium is a well-established non-profit educational project based in Berlin, focused on integrating digital media and discovery learning into school curricula. The project collaborates with multiple schools and partners, including universities and embassies, and offers digital learning workshops and platforms such as Moodle. The website reflects a professional and consistent brand presence with good content quality and clear navigation tailored to educators and students. Technically, the site is built on WordPress with the Divi theme and uses Matomo analytics configured for privacy. Security posture is solid with HTTPS and privacy-conscious analytics, though it lacks some security headers and formal security policies. Overall, the site is trustworthy and compliant with GDPR, though cookie consent mechanisms and incident response information could be improved.

F

Finanzamt Neubrandenburg (RiA)

finanzamt-rente-im-ausland.de

51

The website www.finanzamt-rente-im-ausland.de is the official online presence of the Finanzamt Neubrandenburg (RiA), the central German tax office responsible for pensioners living abroad. It provides comprehensive information on the taxation of German pensions for residents outside Germany, including legal frameworks, payment options, and contact details. The site targets retirees receiving German pensions abroad and offers multilingual support to accommodate diverse users. The business model is public sector service provision under the Finanzministerium des Landes Mecklenburg-Vorpommern, positioning it as a unique and essential government entity in this niche. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with a moderate performance profile and basic mobile optimization. SEO practices are good with proper meta tags and structured navigation. However, no advanced frameworks or CMS are detected, and hosting details remain unknown. Security posture is adequate with HTTPS usage implied, but lacks explicit security headers and formal security or incident response policies. Privacy compliance is strong with a clear and comprehensive privacy policy, though no cookie consent mechanism is present. Security-wise, the site shows no signs of vulnerabilities or exposed sensitive data. The absence of a security.txt or vulnerability disclosure policy is a minor gap. Contact information is transparent and professional, enhancing trust. No advertising or tracking technologies are detected, supporting user privacy. Overall, the site is trustworthy, professional, and well-suited for its government service role. The overall risk is low given the official nature and content safety. Strategic recommendations include enhancing security headers, adding vulnerability disclosure information, improving mobile and accessibility features, and implementing cookie consent mechanisms to align with best privacy practices.

B

Bundeszentralamt für Steuern

bzst.de

65

The Bundeszentralamt für Steuern (Federal Central Tax Office) operates as the official German federal government agency responsible for tax administration and related services. The website serves multiple target audiences including private individuals, businesses, and government authorities, providing comprehensive tax-related information, digital services, and regulatory guidance. It holds a strong market position as the authoritative tax authority in Germany. Technically, the website is built on the Government Site Builder CMS and hosted by ITZBund, the federal IT service provider. It employs Matomo analytics hosted internally to ensure privacy compliance. The site is well-structured, mobile-optimized, and accessible, reflecting a mature digital infrastructure suitable for a government entity. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR. While explicit security headers and vulnerability disclosure pages are not detected, no critical vulnerabilities or exposed sensitive data were found. The WHOIS data aligns consistently with the official government entity, reinforcing legitimacy. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with minor recommendations to enhance security headers and publish incident response or vulnerability disclosure information.

The website formulare-bfinv.de serves as the official online portal for the German Federal Finance Administration, providing electronic access to tax and customs forms. It is positioned as a government service platform facilitating seamless and barrier-free interaction between citizens, businesses, and federal authorities. The site prominently features links to the Bundesfinanzministerium and Bundeszollverwaltung, reinforcing its official status and trustworthiness. From a technical perspective, the website employs basic HTML and CSS technologies without advanced frameworks or CMS detected. The site is moderately optimized for performance and accessibility, with specific mention of barrier-free usage for visually impaired users. However, there is room for improvement in mobile responsiveness, SEO metadata, and modern security practices such as implementing security headers and cookie consent mechanisms. Security posture is adequate but could be enhanced by adding HTTPS verification, security headers, and explicit incident response policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially addressed with a privacy policy present, but cookie management is lacking. Overall, the site demonstrates high business credibility as an official government resource but could benefit from technical and security enhancements. Strategically, the site should focus on improving technical infrastructure, enhancing security best practices, and increasing transparency around privacy and incident response to maintain trust and compliance in the evolving regulatory landscape.

F

Financial administrations of the federal states and the federal government, represented by the IT steering group

steuerchatbot.de

63

The website steuerchatbot.de is an official German government service providing a tax chatbot to assist citizens with tax-related questions. It is designed to offer general tax information without providing personalized tax advice, aiming to improve citizen service and reduce workload on tax offices. The service supports multiple languages and is accessible 24/7. The technical infrastructure uses modern web technologies including Bootstrap and JavaScript, embedding the chatbot via an iframe with backend services hosted by IBM Deutschland GmbH and translation services by DeepL GmbH. The site is well-structured, mobile-optimized, and presents comprehensive privacy and terms of use information in modals. Security practices include encrypted data transmission and limited data retention, though explicit security headers are not evident in the provided data. No cookie policy or consent mechanism was found. Contact information is clearly provided with official government addresses, emails, and phone numbers. Overall, the site demonstrates a good balance of usability, compliance, and trustworthiness appropriate for a government digital service.

OceanBlogs.org is an educational blogging platform dedicated to ocean science and marine research, featuring multiple blogs authored by scientists and students. The platform is affiliated with reputable research institutions such as GEOMAR and Future Ocean, enhancing its credibility within the marine science community. The website is built on WordPress and uses privacy-conscious Matomo analytics, reflecting a moderate level of digital maturity. While the site is well-structured and content-rich, it lacks visible contact information, cookie consent mechanisms, and formal security or terms of service policies, which are important for compliance and trust. The absence of WHOIS data limits full domain legitimacy verification. Overall, the site is a valuable resource for ocean science enthusiasts but would benefit from enhanced privacy and security disclosures.

I

Industrial Quick Search

industrialquicksearch.com

48

Industrial Quick Search is a well-established online industrial manufacturer directory founded in 2000, serving the OEM market and manufacturing industry primarily in the United States. The platform connects buyers and suppliers in plastic and metal commercial businesses, offering patented vendor preview and request for quote tools. It also provides marketing services such as SEO, social media management, PPC, and web design to industrial manufacturers. The website demonstrates consistent branding and a clear business model focused on facilitating industrial supply chain connections. Technically, the website uses a modern tech stack including jQuery, Materialize CSS, FontAwesome, and Google Analytics, hosted by DreamHost. The site is mobile optimized with good navigation and SEO practices, though accessibility features are basic. Performance is moderate, and the site lacks a CMS indication, suggesting a custom-built platform. From a security perspective, the site uses HTTPS but lacks DNSSEC and visible security headers, which could be improved. No security or incident response policies are published, and there is no cookie consent mechanism, indicating partial privacy compliance. The domain WHOIS data is consistent with the business claims, showing a long-established presence without privacy protection, supporting legitimacy. Overall, the website is professional and trustworthy with moderate security posture and privacy compliance. Strategic improvements in security headers, privacy mechanisms, and published policies would enhance trust and compliance.

T

TechBehemoths

techbehemoths.com

63

TechBehemoths is a well-established platform founded in 2018 and based in Germany, offering a comprehensive directory and matchmaking service for IT companies worldwide. It serves both clients seeking IT services and companies seeking visibility and client leads. The platform is technically mature, built on modern frameworks like Nuxt.js and Vue.js, and hosted with Cloudflare DNS for performance and security. The website is well-structured, mobile-optimized, and SEO-friendly, with a professional design and clear navigation. Security posture is strong with HTTPS enforced and domain locking, though DNSSEC is not enabled and no explicit security policies are published. Privacy compliance is basic with a privacy policy present but lacking cookie consent mechanisms. Overall, the site is trustworthy and credible, with room for improvement in privacy and security transparency.

S

SIPTRUNK.DE

siptrunk.de

51

SIPTRUNK.DE operates as a German-language online comparison portal specializing in SIP trunk telephone connections for businesses. The platform offers country-specific filtering and provider listings aimed at helping companies select appropriate telephony solutions. The website is small in scale with a niche market focus within the telecommunications sector in Germany. The content is basic and primarily informational, with limited interactive elements or advanced features. Technically, the site uses legacy JavaScript libraries such as jQuery 1.11.3, Backbone.js, and Underscore.js, alongside Google Tag Manager for analytics and tracking. The site lacks modern SEO optimization and accessibility features, and mobile optimization is basic. Performance is moderate but could benefit from modernization and improved responsiveness. From a security perspective, the site does not present visible security headers or cookie consent mechanisms, which are important for GDPR compliance and overall security posture. The use of outdated JavaScript libraries introduces potential vulnerabilities. No forms or email contacts are present, limiting attack surface but also reducing user engagement options. The domain WHOIS data shows a consistent registration status without privacy protection, supporting legitimacy but lacking detailed registrant information. Overall, the website is functional but basic, with moderate trustworthiness. Security and privacy compliance improvements are recommended to enhance user trust and regulatory adherence.

S

STARFACE GmbH

starface.de

58

STARFACE GmbH is a well-established German technology company specializing in software-based VoIP telephone systems for digital communication. Their offerings include cloud-hosted PBX solutions, VM editions for self-hosting, and hardware appliances, targeting small to large enterprises. The company maintains a strong market position with recognized awards and a comprehensive product portfolio that integrates with popular business software and supports mobile and remote work scenarios. Technically, the website is built on WordPress with modern plugins and frameworks, optimized for performance and mobile use. Security posture is good with HTTPS and cookie consent mechanisms, though improvements can be made in security headers and published policies. Overall, the website reflects a professional and trustworthy business with a mature digital presence.

O

OSZ I Technik des Landkreises Potsdam-Mittelmark

osz-teltow.de

53

OSZ I Technik des Landkreises Potsdam-Mittelmark is a regional vocational school in Germany specializing in technical education across multiple disciplines such as electrical engineering, IT, automotive mechatronics, media, sanitary and heating technology, and water construction. The institution serves students and apprentices primarily within the Potsdam-Mittelmark district, providing structured vocational training and apprenticeship programs. The website reflects a professional educational institution with clear contact information and program offerings but lacks comprehensive privacy and cookie policies, which are important for GDPR compliance. Technically, the website is built on WordPress 6.8.3, utilizing standard web technologies such as HTML5, CSS, and JavaScript. The site is moderately optimized for performance and mobile devices, with basic accessibility features. Security posture is adequate with HTTPS enabled but could be improved by implementing security headers and a vulnerability disclosure policy. No tracking or advertising scripts were detected, indicating a privacy-conscious approach, though the absence of privacy and cookie policies is a notable compliance gap. Overall, the security posture is moderate with room for improvement in privacy compliance and security best practices. The domain registration data aligns well with the website's identity, showing legitimacy and consistency. The site is safe for general audiences, with no adult or explicit content detected. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enhancing security headers, adding a vulnerability disclosure policy, and improving accessibility compliance to strengthen trust and regulatory adherence.

I

IHK Potsdam

ihk-potsdam.de

74

IHK Potsdam operates as a regional chamber of commerce and industry serving businesses, founders, apprentices, and trainers in Brandenburg, Germany. The website provides information about services, events, and political engagement relevant to its target audience. The organization holds a solid market position as a government-related entity supporting regional economic development. Technically, the website is built on the CoreMedia CMS platform, employs modern web technologies, and integrates third-party services such as Cookiebot for cookie consent management and eTracker for analytics. The site is well-optimized for mobile and accessibility, with good SEO practices in place. Security-wise, the website enforces HTTPS, uses CSRF tokens, and implements cookie consent with granular user controls. However, it lacks explicit security headers like Content-Security-Policy and does not provide a security.txt or incident response contacts. Overall, the site demonstrates a good security posture with room for improvement in transparency and security header implementation. The domain WHOIS data is consistent with the website's professional and governmental nature, showing no privacy protection and appropriate registration status. No WAF or blocking mechanisms were detected, allowing full content access and analysis.

G

Google LLC

googleplay.com

73

Google Play Games is a digital distribution platform operated by Google LLC, serving as the official app store for Android and Windows devices. It provides users access to a wide range of games and applications, leveraging Google's extensive cloud infrastructure and technology stack. The platform is a market leader in app distribution with a comprehensive ecosystem supporting developers and users worldwide. Technically, the website employs modern web technologies including Google Tag Manager, Google Analytics, and reCAPTCHA, ensuring robust performance, security, and user experience. Security posture is strong with HTTPS enforcement, security headers, and privacy policies aligned with GDPR standards. No critical vulnerabilities or blocking mechanisms were detected, indicating a mature and secure platform. Overall, the site demonstrates high professionalism, trustworthiness, and compliance, making it a reliable service for digital content distribution.

Apple Inc. operates a globally recognized e-commerce platform for its consumer electronics products, including iPhones, iPads, Macs, Apple Watches, and accessories. The website serves a broad consumer and business audience, offering product information, expert shopping assistance, and flexible payment and delivery options. Apple maintains a strong market position as a leader in technology and retail sectors. The website demonstrates a high level of digital maturity with modern technologies such as React, advanced analytics, and comprehensive SEO and accessibility features. Security posture is robust, with HTTPS enforcement, modern security headers, and no detected vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site reflects Apple's enterprise-grade professionalism and trustworthiness.