Security Directory

U

Je víra v Boha utopie?

utopie.cz

37

The website www.utopie.cz is a Czech language content platform focused on religious and philosophical topics, particularly Christianity. It offers a series of thematic articles and a newsletter subscription, targeting a general audience interested in faith and spirituality. The site appears to be small-scale and content-driven without clear commercial intent or extensive business infrastructure. Technically, the site uses legacy JavaScript libraries such as jQuery 1.10.2, integrates Google Analytics and Facebook SDK for tracking, and includes Google Ads remarketing scripts. The site is moderately optimized for mobile and SEO but lacks advanced accessibility features and modern frameworks. Security-wise, the site uses HTTPS but lacks visible security headers and employs outdated libraries that may expose vulnerabilities. No privacy or cookie policies are present, which impacts compliance with GDPR and user trust. The WHOIS data is unavailable, limiting domain legitimacy verification and reducing overall trust. Suspicious hidden links to unrelated pharmaceutical domains were detected, which could indicate potential security or SEO manipulation risks. Overall, the site is functional and content-rich but requires improvements in security, privacy compliance, and domain transparency to enhance trust and resilience.

C

Carbon Brief

carbonbrief.org

61

Carbon Brief is a specialized media organization focused on delivering clear, data-driven articles and analysis on climate science, energy, and policy. The website serves a broad audience including the general public, policymakers, researchers, and climate professionals. It maintains a strong market position as an authoritative source for climate-related information, offering a variety of content types such as interviews, explainers, factchecks, and newsletters. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates multiple analytics and marketing tools including Google Analytics, Hotjar, and MailerLite. The site is mobile-optimized and SEO-friendly, with structured data enhancing search visibility. Security posture is solid with HTTPS enforced and use of reCAPTCHA on forms, though explicit security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the site demonstrates a professional and trustworthy online presence with no indications of malicious activity or content safety concerns.

Vlastivědný spolek Rosicko-Oslavanska is a small non-profit organization dedicated to documenting and educating about the history and culture of the Rosicko-Oslavansko region in the Czech Republic. The website serves as a regional cultural portal with event announcements, historical articles, and links to partner sites. The organization appears to have a modest but focused presence, leveraging Facebook for social engagement and promoting local cultural heritage. Technically, the website uses older JavaScript libraries and lacks modern security practices such as HTTPS enforcement and security headers. The presence of PHP notices in the HTML indicates suboptimal error handling and potential information leakage risks. Privacy and cookie policies are absent, which may impact compliance with GDPR regulations. Overall, the site is functional but requires modernization and security improvements to enhance trust and compliance.

J

Jamujam

jamujam.com

63

Jamujam is an online music-focused social network platform that offers users the ability to compose, share, and record music through an integrated online creative studio. The platform targets music creators and enthusiasts, positioning itself as a niche media service. The website employs modern web technologies including Angular, AWS backend services, and integrates social login options such as Apple Sign-In and Google Identity Services. Analytics and marketing tools like Google Analytics and Facebook Pixel are used for user tracking and advertising purposes. Security posture is moderate with HTTPS enforced and use of OAuth2, but lacks visible security headers and published privacy or cookie policies. The absence of WHOIS data for the domain raises concerns about domain registration transparency, impacting overall trustworthiness. Strategic improvements in privacy compliance and security best practices are recommended to enhance credibility and user trust.

N

Nadace AGROFERT

nadace-agrofert.cz

47

Nadace AGROFERT is a well-established non-profit foundation based in the Czech Republic, focused on providing social support, grants, and scholarships primarily for children, youth, handicapped individuals, and single parents. The foundation has been operational since 2012 and is affiliated with the Agrofert group. Their website reflects a professional and consistent brand image, offering clear information about their projects, grant programs, and contact details. Technically, the site uses modern web technologies including Bootstrap, jQuery, and Google Analytics, ensuring a responsive and accessible user experience. Security measures such as HTTPS, reCAPTCHA, and cookie consent are implemented, although some security headers could be improved. Overall, the site demonstrates a good security posture and compliance with GDPR requirements. The domain registration data aligns well with the business claims, supporting the legitimacy of the foundation.

Č

Česká jezdecká federace

cjf.cz

56

Česká jezdecká federace is the national governing body for equestrian sports in the Czech Republic, overseeing multiple disciplines such as jumping, dressage, eventing, driving, vaulting, reining, endurance, and para-equestrian sports. The organization provides a comprehensive platform for sport management, education, welfare, and event coordination, serving athletes, officials, and the general public interested in equestrian activities. The website reflects a well-structured and professional digital presence with active content updates, partner collaborations, and social media engagement. Technically, the website employs a modern technology stack including jQuery, Google Tag Manager, Facebook SDK, and slick carousel for interactive content. It is mobile-optimized with responsive design and includes cookie consent mechanisms aligned with GDPR requirements. However, there is room for improvement in security headers and accessibility features to enhance overall robustness. From a security perspective, the site uses HTTPS and implements cookie consent, but lacks visible security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the content. The absence of WHOIS data due to privacy protection is typical for organizations of this nature and does not detract from the site's legitimacy. Overall, the website presents a trustworthy and professional image suitable for its role as a national sports federation. Strategic improvements in security policies, accessibility, and transparency would further strengthen its posture and user trust.

K

kouzelen.cz

kouzelen.cz

50

Kouzelen.cz is a Czech-based small business specializing in therapeutic and educational services for children and families, including various specialized therapies, community engagement, and an online shop. The website is built on WordPress and uses a modern tech stack with plugins for social media integration and analytics. The site is mobile optimized and presents a professional design with clear navigation. Security posture is adequate with HTTPS enabled but lacks important security headers and formal privacy and cookie policies. No incident response or vulnerability disclosure mechanisms are present. Overall, the website is functional and trustworthy but would benefit from enhanced privacy compliance and security hardening.

P

Pires s.r.o.

pires.cz

58

Pires s.r.o. is a Czech Republic-based company specializing in the supply, installation, repair, and servicing of industrial gas burner systems, industrial furnaces, and related gas technology equipment. With over 35 years of industry experience and ISO 9001:2015 certification, the company targets industrial clients requiring high-quality gas systems and maintenance services. Their business model focuses on B2B technical services and sales of spare parts from reputable brands. The website is professionally designed, multilingual, and provides comprehensive information about their services and projects. Technically, the website uses a custom CMS with a technology stack including jQuery, Google Tag Manager, Facebook SDK, and cookie consent scripts. The site is mobile-optimized and moderately performant, with good SEO practices. Security-wise, HTTPS is enforced, and cookie consent is implemented, but the absence of security headers and a security.txt file indicates room for improvement. The security posture is solid but could be enhanced by adding security headers and formalizing incident response disclosures. The lack of WHOIS data is a concern for domain legitimacy verification, although the website content and certifications support trustworthiness. Overall, the site presents a professional and credible business presence with moderate technical maturity and good privacy compliance. Strategically, the company should focus on improving domain registration transparency, enhancing security headers, and publishing security policies to strengthen trust and compliance.

E

eSports.cz, s.r.o.

sportovniaukce.cz

43

SportovniAukce.cz is an online auction platform specializing in original worn hockey jerseys and other collectible sports artifacts, primarily targeting sports fans and memorabilia collectors in the Czech Republic. The business operates under eSports.cz, s.r.o., a small-sized company founded in 2014, offering a niche marketplace with direct cooperation with sports clubs. The website provides a professional and user-friendly interface with clear auction rules, privacy policies, and cookie consent mechanisms, supporting a trustworthy user experience. Technically, the site leverages modern JavaScript libraries and frameworks such as jQuery, Nette Framework, and integrates Google Analytics and advertising services, ensuring moderate performance and good mobile optimization. However, the absence of WHOIS data and lack of visible security headers indicate areas for improvement in domain transparency and security posture. Overall, the platform demonstrates a solid business model with a focus on compliance and user engagement but would benefit from enhanced security practices and domain registration clarity.

F

Fanshop HC Olomouc

fanshopolomouc.cz

57

Fanshop HC Olomouc operates an official e-commerce platform dedicated to selling fan merchandise and souvenirs for the HC Olomouc hockey team. The website offers a variety of products including official jerseys, scarves, and accessories, targeting passionate hockey fans primarily in the Czech Republic. The business model is retail-focused, leveraging the Shoptet platform for online sales and customer engagement. The site demonstrates consistent branding and provides clear contact information, enhancing trust and customer confidence. Technically, the website uses a mature but somewhat dated technology stack including jQuery and the Shoptet e-commerce platform. It is mobile-optimized and includes standard SEO and accessibility features. Performance is moderate, with room for improvement in modernizing libraries and enhancing security headers. Privacy compliance is addressed with cookie consent and privacy policies, though GDPR compliance could be further strengthened with more detailed disclosures. From a security perspective, the site enforces HTTPS and uses CSRF tokens in forms, indicating a good baseline security posture. However, the absence of advanced security headers and a public security policy or incident response contact reduces the overall security maturity. No vulnerabilities or exposed sensitive data were detected. The lack of WHOIS data limits domain trust assessment but the official club affiliation and professional presentation support legitimacy. Overall, Fanshop HC Olomouc presents a trustworthy and functional online retail presence for hockey fans, with recommendations to enhance security practices and transparency to further improve trust and compliance.

W

WNYC

thegreenespace.org

69

WNYC operates as a leading public radio station in the United States, offering a broad range of media services including live radio broadcasting, podcast production, and hosting live events at The Greene Space. The organization maintains a strong market position with multiple subsidiary media outlets and a well-recognized brand. The website reflects a mature digital presence with modern technologies and extensive multimedia content, targeting a general audience interested in news, culture, and public radio programming. Technically, the site uses Ember.js framework, integrates with major analytics and advertising platforms, and demonstrates good performance and accessibility standards. Security posture is solid with HTTPS enforced and no visible sensitive data exposure, though improvements could be made by implementing security headers and publishing clear privacy and security policies. The absence of WHOIS data limits domain trust assessment, but the overall digital footprint and branding indicate a legitimate and professional entity. Strategic recommendations include enhancing privacy compliance, adding explicit security and incident response information, and maintaining vigilance on third-party scripts to mitigate vulnerabilities.

N

New York Public Radio

newsounds.org

67

New York Public Radio operates the WNYC website and its associated shows such as New Sounds, providing public radio content, podcasts, and music discovery services. The organization is a large, established media entity with a strong presence in New York City and a broad audience interested in independent journalism and music. The website demonstrates a mature technical infrastructure using modern JavaScript frameworks and integrates multiple analytics and marketing tools to optimize user engagement and content delivery. Security posture is strong with HTTPS enforced and some security headers implied, though explicit headers could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional, trustworthy, and well aligned with the organization's mission.

W

WQXR

wqxr.org

66

WQXR is a prominent classical music radio station based in New York, operated under the umbrella of New York Public Radio. It offers a rich array of classical music programming, live streaming, podcasts, and cultural content targeting classical music enthusiasts and the New York metropolitan audience. The station is well integrated within a network of related media entities, enhancing its market presence and content diversity. Technically, the website leverages modern web technologies including Ember.js, Google Analytics, and various marketing and tracking tools, providing a responsive and user-friendly experience. Security-wise, the site employs HTTPS and Content Security Policy, indicating a good security posture, though explicit privacy and cookie policies are not evident in the provided content. The absence of WHOIS data limits domain trust verification but the overall branding and content quality suggest legitimacy. Strategic recommendations include enhancing privacy compliance transparency, publishing security policies, and improving contact information visibility to strengthen trust and compliance.

W

WNYC | New York Public Radio

njpublicradio.org

68

New Jersey Public Radio, under the umbrella of WNYC | New York Public Radio, is a well-established media organization providing award-winning journalism and public affairs coverage focused on New Jersey. The website offers a rich array of news stories, podcasts, and live streaming radio services targeting a general audience interested in regional news and culture. The brand is consistent and trusted, with multiple affiliated stations and partner sites enhancing its reach. Technically, the site leverages modern web technologies including Ember.js, Google Analytics, Facebook SDK, Hotjar, and Google Tag Manager, indicating a mature digital infrastructure. The site is mobile-optimized and provides good SEO and accessibility features, though some accessibility aspects could be improved. From a security perspective, the site enforces HTTPS and uses asynchronous loading of analytics and tracking scripts, but lacks explicit security headers and visible privacy or cookie policies, which are areas for improvement. No critical vulnerabilities or WAF blocking were detected, and the domain WHOIS data is privacy protected, which is typical for media entities. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation. Strategic enhancements in privacy compliance, security headers, and contact transparency would further strengthen its security posture and user trust.

W

WNYC

wnyc.org

68

WNYC is a leading public radio station in the United States, operating under New York Public Radio. It offers a wide range of award-winning programs, podcasts, and live streaming radio services targeting a general audience interested in news, culture, and public affairs. The website reflects a mature digital presence with a modern tech stack including Ember.js and integration with major analytics and advertising platforms. Security posture is strong with HTTPS and content security policies, though some security headers and explicit privacy compliance mechanisms could be improved. The absence of WHOIS data is due to privacy protection, which is justified for this type of organization. Overall, WNYC demonstrates a professional, trustworthy, and content-rich platform with a strong brand and market position.

K

Kickstarter

kickstarter.com

11

Kickstarter is a leading global crowdfunding platform dedicated to helping creators bring their creative projects to life across various categories such as film, music, art, theater, games, comics, design, and photography. The platform connects creators with backers worldwide, enabling project funding and community engagement. Kickstarter maintains a strong market position as a trusted and well-established service in the crowdfunding industry. Technically, the website employs a modern technology stack including JavaScript frameworks, analytics tools like Segment and Braze, and integrates third-party services such as Facebook SDK and Honeybadger for error monitoring. The site is well-optimized for performance, mobile responsiveness, and accessibility, providing an excellent user experience. Security-wise, Kickstarter enforces HTTPS, uses multiple security headers, and implements consent management for privacy compliance. While no critical vulnerabilities were detected, the site could improve by publishing a dedicated security policy and establishing a vulnerability disclosure program. Overall, Kickstarter demonstrates a mature digital presence with high trustworthiness and robust privacy practices.

T

The Salt And Pepper Shaker Museum

thesaltandpeppershakermuseum.com

51

The Salt and Pepper Shaker Museum is a niche hospitality business located in Gatlinburg, Tennessee, offering a unique museum experience focused on salt and pepper shakers and pepper mills. It targets tourists and collectors, leveraging its unique collection and location near the Great Smoky Mountain National Park. The business operates a physical museum with admission fees and a gift shop, complemented by an online presence including a virtual museum and online store. The website reflects a small but established business with consistent branding and trust indicators such as TripAdvisor recognition and active social media channels. Technically, the website is built on an older ASP.NET WebForms platform with DNN CMS, using common libraries like jQuery and Bootstrap. While the site is functional and moderately optimized for mobile, it lacks advanced modern features and some security best practices. Security posture is adequate with HTTPS and domain protections but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is basic with a privacy policy and cookie consent banner but no explicit GDPR compliance statements. Overall, the website is trustworthy and professional but would benefit from technical and security enhancements to improve resilience and compliance.

P

ProTexas Industry

protexasindustry.com

53

ProTexas Industry operates as a specialized information platform targeting investors interested in industrial real estate and manufacturing opportunities in Texas. The platform offers detailed data on industrial parks, properties, and investment news, positioning itself as a key resource for foreign direct investment in Texas. The website is professionally designed with modern technologies such as Bootstrap, jQuery, and Google Maps API, providing a good user experience and mobile optimization. Security posture is adequate with HTTPS and CSRF protections, but lacks comprehensive security headers and explicit privacy and cookie policies. The absence of WHOIS data reduces transparency but does not negate the site's legitimacy given its professional presentation and active content. Overall, the site is a credible resource for its niche audience but would benefit from enhanced privacy compliance and security disclosures.

R

Radim Marada

okolo-grafiky.cz

40

Radim Marada operates a small freelance graphic and advertising studio primarily serving clients in the Czech Republic. The business offers a broad range of services including web design, logo creation, advertising solutions such as vehicle wraps and signage, print materials, and photography. The website reflects a professional and consistent brand image targeting local businesses, municipalities, and organizations seeking personalized graphic services. The market position is that of a small, local studio emphasizing direct client relationships and local delivery. Technically, the website employs a modern JavaScript stack including jQuery, UIkit framework, and popular libraries for UI components and analytics such as Google Analytics and Facebook SDK. The site is mobile responsive with good navigation and content quality, though accessibility and SEO optimizations are basic. There is no detected CMS or hosting provider information. Performance is moderate with no critical technical issues observed. From a security perspective, the site lacks visible security headers and does not provide privacy or cookie policies, which are compliance gaps especially under GDPR. The WHOIS data is unavailable, which reduces domain transparency and trustworthiness. No incident response or security contact information is provided. The site uses HTTPS (implied by analytics scripts) but SSL configuration details are unknown. Overall security posture is moderate but could be improved with better headers, policies, and transparency. The overall risk is moderate with no signs of malicious content or vulnerabilities in the visible code. Strategic recommendations include adding privacy and cookie policies, improving security headers, verifying SSL configuration, and enhancing domain registration transparency. These steps will improve compliance, trust, and security posture.

K

Sportovní vybavení a potřeby, krejčovství na míru - konig.cz

konig.cz

42

Konig.cz is a Czech Republic-based retailer specializing in sports equipment and related services, including rental and technical tailoring. The website presents a comprehensive catalog of products for winter and summer sports such as skiing, snowboarding, windsurfing, and kiting. The business model combines e-commerce with physical rental and service offerings, targeting sports enthusiasts in the Czech market. Technically, the site uses a mix of common web technologies including jQuery, Bootstrap, and Google Analytics, with a custom or niche CMS platform. The site is mobile-optimized and offers good navigation and content relevance. Security posture is moderate with HTTPS enabled but missing some recommended security headers and lacking a vulnerability disclosure policy. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. WHOIS data is unavailable, which reduces trustworthiness from a domain registration perspective but the site content and structure indicate a legitimate small business. Overall, the site scores well in content quality and business credibility but could improve in security and privacy compliance.

C

cyklotury.cz

cyklotury.cz

46

Cyklotury.cz is a Czech Republic based small-scale content portal focused on cycling tours, equipment reviews, and travel tips for cycling enthusiasts of all ages. The website offers a variety of articles and blog posts related to cycling tourism primarily in the Czech Republic and neighboring countries. It operates a content-driven business model monetized through advertising and affiliate partnerships, with a consistent brand presence and active social media engagement on Facebook, YouTube, and Instagram. Technically, the site is built on Drupal 7 CMS with a technology stack including jQuery, Google Fonts, Google Analytics, and Facebook SDK. The site is mobile optimized with moderate performance and basic accessibility features. SEO practices are reasonably implemented with proper meta tags and structured content. However, the use of an outdated CMS version poses potential security risks. From a security perspective, the site uses HTTPS with anonymized IP tracking in Google Analytics but lacks important security headers such as Content-Security-Policy and X-Frame-Options. No privacy or cookie policies were found, indicating compliance gaps with GDPR and other privacy regulations. The WHOIS data for the domain is unavailable, which reduces trustworthiness and raises questions about domain registration legitimacy. Overall, Cyklotury.cz presents a good quality content experience for its niche audience but requires improvements in privacy compliance, security hardening, and domain legitimacy verification to enhance trust and reduce risk.

B

Brandlift, Inc.

leadberry.com

63

Leadberry is a technology company offering a web-based B2B lead generation software that converts website visitors into sales leads by leveraging Google Analytics data. The company targets sales, marketing teams, management, and agencies globally, positioning itself as a reliable SaaS provider with a strong market presence evidenced by testimonials and media features. The website demonstrates a mature digital infrastructure using modern JavaScript frameworks and integrates multiple marketing and analytics tools to optimize lead generation and user engagement. Security posture is solid with HTTPS enforcement and CAPTCHA protections, though some security headers and explicit incident response policies are absent. Privacy compliance is well addressed with clear policies and consent mechanisms. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall trustworthiness given the professional presentation and parent company association. Strategic recommendations include enhancing security headers, publishing incident response information, and improving accessibility compliance.

C

Central European Institute of Technology

ceitec.cz

10

The Central European Institute of Technology (CEITEC) is a multidisciplinary research and education consortium based in Brno, Czech Republic, comprising six partner universities and research institutions. It focuses on advancing scientific knowledge in life and material sciences, providing access to cutting-edge core facilities, and fostering industry cooperation. The website reflects a professional and well-structured digital presence targeting scientists, students, and industrial partners. Technically, the site employs modern JavaScript libraries, Google Tag Manager, Microsoft Clarity, and Facebook SDK, hosted likely on DigitalOcean infrastructure. Security posture is solid with HTTPS and form protection via reCAPTCHA, though it lacks explicit security headers and published privacy or cookie policies. The WHOIS data is unavailable due to EURid privacy restrictions, but the domain and website content indicate legitimacy and alignment with the claimed academic mission. Overall, the site is trustworthy, well-maintained, and suitable for its audience.

D

Dojomania

dojomania.com

58

Dojomania is a French-based e-commerce retailer specializing in combat sports equipment such as judo, karate, taekwondo, boxing, and MMA gear. The website offers a wide range of products including kimonos, belts, gloves, bags, and personalized embroidery services. It targets martial arts practitioners and clubs, positioning itself as a specialist retailer with a professional online presence. The site is built on the PrestaShop platform, leveraging modern web technologies and providing multilingual support. Security posture is good with HTTPS and security headers implemented, though there is no visible security policy or incident response information. Privacy and cookie policies are present and GDPR compliant. The absence of WHOIS data is a concern for domain legitimacy but the website content and contact information suggest a legitimate business. Overall, the site is well designed, functional, and trustworthy for its target audience.

C

CORA computer s.r.o.

cesketabory.cz

59

Cesketabory.cz is a well-established Czech online platform specializing in the cataloging and promotion of children's summer camps and related recreational activities across the Czech Republic. Operated by CORA computer s.r.o., the website serves primarily parents and families seeking detailed information and booking options for various camps. The platform offers a comprehensive catalog, interactive maps, and additional resources such as advice for parents and listings for camp organizers and equipment. The business has a strong market presence since 2008 and collaborates with recognized partners in the youth and education sectors. Technically, the website employs a modern technology stack including Google Maps API, Google Analytics, Facebook SDK, and various JavaScript libraries to provide interactive features and user engagement. The site is mobile-optimized with good SEO practices and a custom CMS backend. Performance is moderate with room for improvement in accessibility features. Security is robust with HTTPS enforcement, reCAPTCHA integration, and cookie consent mechanisms, although some advanced security headers and incident response disclosures are absent. From a security and compliance perspective, the site demonstrates GDPR awareness with a comprehensive privacy policy and cookie consent banner. Contact information is clearly provided, enhancing trust and transparency. No critical vulnerabilities or suspicious patterns were detected. The domain registration details align well with the business claims, indicating legitimacy and consistency. Overall, cesketabory.cz presents a professional, trustworthy, and user-friendly platform for children's camp information in the Czech Republic. Strategic improvements in security headers, incident response transparency, and accessibility could further enhance its digital maturity and compliance posture.

The website represents the Rada dětí a mládeže Středočeského kraje, a regional non-profit organization focused on youth activities and education within the Central Bohemian Region of the Czech Republic. It serves as an information hub for youth-related events, competitions, and educational programs, supported by regional government and the Ministry of Education. The site targets children, youth organizations, and stakeholders interested in youth development in the region. Technically, the website is built on Joomla CMS and leverages common web technologies such as jQuery, Bootstrap, Google Fonts, Facebook SDK, and Google reCAPTCHA. The site is mobile-optimized with a moderate performance profile and good SEO practices. However, it lacks some modern security headers and formal privacy and cookie policies, which are important for GDPR compliance. From a security perspective, the site uses HTTPS with a good SSL configuration and includes CSRF tokens and reCAPTCHA for form security. No critical vulnerabilities or exposed sensitive data were detected. The absence of explicit privacy and cookie policies and security headers are notable gaps. The site is not blocked by any WAF or security challenge, allowing full content access. Overall, the website is trustworthy and professional for its non-profit purpose but would benefit from enhanced privacy compliance and security hardening to align with best practices and regulatory requirements.

M

Město Slavkov u Brna

slavkovak.cz

46

Slavkovak.cz is a local leisure and tourism portal operated by the city of Slavkov u Brna, Czech Republic. It provides residents and visitors with news, event listings, information on local associations, gastronomy, accommodation, and tourist destinations. The site serves as an official community resource with a focus on promoting local culture and tourism. The business model is informational and community-driven, supported by the city administration. The website is well-branded and consistent, targeting a general audience interested in local events and tourism. Technically, the site uses a modern tech stack including UIkit for UI components, jQuery, Google Tag Manager, Google Analytics, Facebook SDK, and mapping APIs from Mapy.cz and Leaflet. The site is mobile optimized and performs moderately well, though accessibility and SEO could be improved. The presence of cookie consent and GDPR documentation indicates awareness of privacy compliance, though privacy policy details are basic. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and explicit vulnerability disclosure or incident response policies. No WHOIS data was found, which raises concerns about domain registration legitimacy, though the site content and footer indicate official city operation. Overall, the site is trustworthy but would benefit from improved transparency and security hardening. The risk assessment is moderate with recommendations to improve security headers, add terms of service and security policies, and verify domain registration status to enhance trust and compliance.

Brána do Čech is a regional tourism portal focused on promoting the Ústecký region of Czechia. It provides visitors with comprehensive information about local attractions, events, accommodations, and leisure activities. The website targets tourists and regional visitors seeking travel guidance and cultural experiences. The business model is informational and promotional, aiming to enhance regional tourism visibility. Technically, the website employs a range of JavaScript libraries including jQuery, bxSlider, and Magnific Popup, alongside Google Analytics and Facebook SDK for tracking. The site shows moderate performance and basic mobile optimization. However, the use of an outdated jQuery version and lack of modern security headers indicate areas for improvement in technical maturity. From a security perspective, the site uses HTTPS but lacks visible security headers and explicit privacy or cookie policies, which are critical for GDPR compliance and user trust. No forms or direct data collection mechanisms were detected, reducing immediate data exposure risks. The absence of WHOIS data limits domain trust verification, though the content and external links suggest legitimacy. Overall, the site is functional and content-rich but would benefit from enhanced security practices, privacy compliance, and domain transparency to improve trustworthiness and user confidence.

T

TJ LOKOMOTIVA TRUTNOV, z.s.

lokotrutnov.cz

9

TJ Lokomotiva Trutnov is a well-established Czech non-profit sports association founded in 2001, offering a wide range of sports sections and community events primarily in Trutnov. The website serves as an information hub for sports activities, events, and organizational details targeting local sports enthusiasts, children, and seniors. The organization maintains a consistent brand presence and provides clear contact information, supporting its credibility and community engagement. Technically, the site is built on Joomla CMS with Bootstrap and T3 framework, ensuring responsive design and moderate performance. Integration with Google Analytics and Facebook SDK indicates moderate user tracking and marketing efforts. Security posture is moderate with some best practices like CSRF tokens but lacks visible security headers and cookie consent mechanisms. Privacy policy is present but basic and lacks explicit GDPR compliance indicators. WHOIS data confirms domain legitimacy and long-term operation consistent with the organization's history.

C

Corner

wineplanet.sk

48

WinePlanet.sk is a well-established Slovak e-commerce platform specializing in premium wines and spirits from around the world. Founded in 2006, it offers an extensive catalog of over 2,500 wine varieties and 260,000 bottles in stock, targeting wine enthusiasts and consumers primarily in Slovakia. The website supports Slovak and English languages and provides fast delivery services, wine tastings, and masterclasses, positioning itself as the largest wine e-shop in the Slovak market. The business model focuses on direct online retail complemented by physical stores and events.

U

Union Sport & Cycle (USC)

filieresport.com

44

Filière Sport is a French media platform dedicated to the sports industry, providing news, data, and insights on topics such as economy, corporate social responsibility, health, territories, and market data. It serves professionals and stakeholders in the sports sector, offering a mix of free and premium content. The website is linked to Union Sport & Cycle, a recognized entity in the sports industry, which acts as the parent organization. Technically, the site uses modern web technologies including jQuery, Google Tag Manager, Facebook SDK, and reCAPTCHA, ensuring a functional and moderately performant user experience with good mobile optimization. Security practices include HTTPS enforcement and use of CAPTCHA for forms, though some security headers could be improved. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy policy or terms of service found on the homepage. The WHOIS data for the domain is unavailable, which slightly reduces trust but the professional presentation and consistent branding mitigate concerns. Overall, the site is a credible and useful resource for its target audience, with room for improvement in privacy transparency and security headers.

P

PHYSICS TODAY

physicstoday.org

65

Physics Today is a reputable publication operated by the American Institute of Physics, serving the physics community with news, analysis, and career resources. The website demonstrates a mature digital infrastructure with modern web technologies, including MathJax for scientific notation, and integrates comprehensive privacy and cookie consent mechanisms. Security posture is strong with HTTPS enforcement and standard security headers, though explicit security policies and incident response information are not publicly detailed. Overall, the site is professional, trustworthy, and well-optimized for its target audience.

F

FTV Prima

cnnprima.cz

58

FTV Prima operates the CNN Prima NEWS website, a leading Czech news media outlet providing trustworthy, fast, and clear news coverage for a broad audience. The site offers live TV streaming, news articles, video content, and a mobile app, targeting general audiences in the Czech Republic. The business is positioned as a major player in the Czech media industry with consistent branding and a comprehensive content offering. Technically, the website uses modern web technologies including JavaScript frameworks, Google Tag Manager, and a consent management platform (Didomi) to ensure GDPR compliance. The site is mobile-optimized, accessible, and integrates multiple trusted third-party services for analytics and advertising. Performance is moderate with good SEO and accessibility practices. Security posture is strong with HTTPS enforced, consent management, and no visible vulnerabilities or exposed sensitive data. However, explicit security headers should be verified and a security.txt file or incident response contact could enhance transparency. Privacy compliance is well addressed with clear cookie and privacy policies. Overall, the website presents a low risk profile with high professionalism and trustworthiness. The lack of WHOIS data is likely due to privacy protection and does not detract from the legitimacy of the site. Strategic recommendations include enhancing security header implementation, publishing vulnerability disclosure information, and maintaining regular audits of third-party scripts.

B

Balkan Pensiony

balkanpensiony.cz

58

Balkan Pensiony is a small hospitality business offering accommodation services in Bulgaria, specifically in the Bansko and Primorsko regions. The website presents two main pensions, Atika and Nadia, targeting tourists seeking winter and summer vacation stays. The business model focuses on direct accommodation bookings with a clear regional niche. The website is built on Joomla CMS with a moderate technical infrastructure including Bootstrap, jQuery, and social media integration via Facebook SDK. Google Analytics is used for visitor tracking. Security posture is basic with HTTPS enabled but lacking security headers and privacy policies, which are critical for GDPR compliance. The absence of WHOIS data reduces domain trustworthiness, though the website content and contact phone number appear legitimate. Overall, the site is functional and professionally designed but requires improvements in privacy compliance and security best practices to enhance trust and regulatory adherence.

C

Církev adventistů s.d.

hopetv.cz

42

HopeTV is a Czech Christian internet television channel affiliated with the international Hope Channel network and operated by the Církev adventistů s.d. It provides religious video content including sermons, live church services, and thematic programs targeting the Christian community and general public interested in faith-based media. The website features a professional design with good navigation and mobile optimization, supporting a positive user experience. Technically, it employs a mix of legacy and modern web technologies including jQuery, Nette AJAX, Video.js, and Google Analytics, but some components like jQuery are outdated and may pose security risks. Security posture is moderate with HTTPS enforced but lacking security headers and updated libraries. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. The WHOIS data is unavailable, limiting domain registration trust assessment, but the website's affiliation with known organizations supports legitimacy. Overall, the site is functional and trustworthy but requires improvements in security and privacy compliance.

I

International Judo Federation

judobase.org

60

The International Judo Federation (IJF) operates Judobase.org, a comprehensive and authoritative platform dedicated to judo sports enthusiasts worldwide. The website serves as the official source for competition results, athlete rankings, event calendars, and multimedia content related to IJF-sanctioned events. It targets a global audience including athletes, coaches, officials, and fans, positioning itself as a key resource in the judo sports ecosystem. The business model is primarily federation-driven, supported by sponsorships and partnerships, with a medium-sized operational scale and a history dating back to at least 2007. Technically, the website employs modern web technologies including JavaScript frameworks, Bootstrap for responsive design, and integrates third-party services such as Google Analytics and Facebook SDK for analytics and marketing. The site is well-optimized for performance and mobile devices, with a clean and professional design that facilitates excellent user experience and navigation. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a dedicated security policy page, which are areas for improvement. Privacy and cookie policies are present and appear comprehensive, indicating a reasonable level of GDPR compliance. Contact information is clearly provided with official domain emails, enhancing trustworthiness. Overall, Judobase.org demonstrates a strong security posture and high business credibility, with no signs of suspicious activity or content safety concerns. The lack of WHOIS data due to privacy protection is typical for such organizations and does not detract from the site's legitimacy. Strategic recommendations include enhancing security headers, implementing explicit cookie consent mechanisms, and publishing a formal security incident response policy to further strengthen compliance and user trust.

D

Dôvera zdravotná poisťovňa, a.s.

dovera.sk

63

Dôvera zdravotná poisťovňa, a.s. is a leading public health insurance provider in Slovakia, offering comprehensive health insurance services to insured persons, payers, and healthcare providers. The company has a strong market position with a large customer base and provides various benefits, claims processing, and customer support services. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content tailored to its target audience. Technically, the site uses a custom open-source framework (Cyclone3) and integrates modern marketing and analytics tools such as Google Tag Manager, Facebook SDK, Exponea, and OneTrust for consent management. Security posture is strong with HTTPS enforcement, security headers, and privacy compliance, although explicit security policy and incident response pages are not publicly available. Overall, the domain registration data aligns well with the business claims, supporting high legitimacy and trustworthiness.

Z

zariadim.sk

zariadim.sk

46

zariadim.sk is a Slovak online platform that connects customers with verified service providers across various sectors including home, garden, family, automotive, health, and business services. The platform features extensive user-generated content such as references and job postings, indicating a mature and active user base. The website integrates multiple subdomains targeting specific service categories, enhancing user experience and market segmentation. Technically, the site leverages modern web technologies including jQuery, Bootstrap, and the Nette PHP framework, supported by analytics and marketing tools like Google Analytics, Facebook Pixel, Hotjar, and Zopim chat. Security posture is adequate with HTTPS enforced, but could benefit from enhanced security headers and a formal vulnerability disclosure policy. Privacy compliance is partial, with a privacy policy and terms of service present but lacking cookie consent mechanisms. Overall, the site demonstrates a solid business presence with moderate risk and room for security and privacy improvements.

The American Institute of Physics (AIP) operates as a federation of physical science societies, providing a broad range of services including scientific publications, advocacy, research resources, and educational support. The organization targets physical scientists, researchers, students, and STEM professionals, positioning itself as a leading non-profit entity in the physical sciences domain. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content relevant to its audience. Technically, the site leverages modern web technologies such as WebComponents, MathJax for scientific rendering, and integrates third-party services like Google Tag Manager and Facebook SDK for analytics and marketing. The content management system identified is Brightspot CMS, supporting a structured and scalable content delivery. Performance and mobile optimization are good, with accessibility features implemented to a reasonable standard. From a security perspective, the site enforces HTTPS and employs a cookie consent mechanism compliant with GDPR. However, explicit security headers and a published security policy or incident response information are not evident, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy standards, supporting the legitimacy of the organization. The absence of WHOIS data due to privacy protection is typical for organizations of this nature and does not detract from the trust assessment. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and providing clear security contact channels.

Acaballado® z.s. is a small Czech non-profit organization dedicated to organizing cultural and historical events, primarily focusing on historical reenactments and promoting historical awareness. The website serves as a platform to inform visitors about upcoming events, archives, and organizational information. The organization targets a general audience interested in cultural heritage and history, particularly within the Czech Republic. The business model is centered on event organization and community engagement without commercial sales evident on the site. Technically, the website is built on WordPress 6.5.7, utilizing popular plugins such as Yoast SEO and libraries including jQuery, Bootstrap, and Slick Carousel. It integrates Google Tag Manager, Google Analytics, and Facebook SDK for analytics and marketing purposes. The site is mobile-optimized with good navigation and SEO practices, although accessibility features are basic. Performance is moderate, with no major technical issues detected. From a security perspective, the site uses HTTPS with an excellent SSL configuration but lacks visible security headers and formal security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the website is legitimate and professionally maintained for a small non-profit. The lack of WHOIS data is consistent with privacy protection common in such organizations. Strategic improvements in privacy compliance and security headers would enhance trust and regulatory adherence.

S

Slovenský olympijský a športový výbor

olympic.sk

60

The Slovenský olympijský a športový výbor (Slovak Olympic and Sports Committee) operates a comprehensive and professionally designed website serving as the official portal for Slovak Olympic sports news, events, athlete information, and partner relations. The site targets Slovak sports enthusiasts, athletes, and partners, providing timely updates and resources related to Olympic activities. Technically, the website is built on Drupal 10, leveraging modern web technologies and integrating analytics and advertising tools responsibly. Security posture is strong with HTTPS, security headers, and secure form handling, though there is room for improvement in publishing explicit security policies and incident response information. Privacy compliance is well addressed with clear privacy and cookie policies aligned with GDPR requirements. Overall, the website demonstrates a high level of professionalism, trustworthiness, and digital maturity appropriate for a national sports governing body.

F

FC Zlín

fctrinityzlin.cz

44

FC Zlín is a Czech football club with an official website providing comprehensive information about the club, including news, match schedules, team rosters, ticket sales, fan merchandise, and partner details. The website targets football fans and the local community, offering engagement through social media and online services. The business model revolves around sports club promotion, fan engagement, and merchandising. Technically, the website employs a modern frontend stack including Bootstrap, jQuery, OwlCarousel, Font Awesome, and Google Fonts. It integrates Google Analytics and Facebook SDK for tracking and marketing purposes. Hosting appears to be regional with Czech-based registrar and name servers. The site is mobile-optimized with good navigation and content structure, though SEO and accessibility could be improved. From a security perspective, the site uses HTTPS but lacks visible security headers and explicit security policies or vulnerability disclosures. No cookie consent mechanism was detected, indicating partial GDPR compliance. No contact phone numbers or detailed business registration data were found, limiting direct contact options. The WHOIS data is consistent and transparent, supporting legitimacy. Overall, the website is functional and professional with moderate security and privacy compliance. Strategic improvements in security headers, privacy notices, and contact transparency would enhance trust and compliance.

K

Kytary.cz

kytary.cz

74

Kytary.cz is a well-established Czech e-commerce retailer specializing in musical instruments and related accessories. Founded in 2000, it holds a strong market position in the Czech Republic with the largest stock availability and competitive pricing. The website offers a broad range of products including guitars, keyboards, drums, sound equipment, and lighting, targeting musicians and music enthusiasts primarily in the Czech market. Their business model focuses on online sales with value-added services such as extended warranties, free delivery over a threshold, and installment payment options. Technically, the website employs a modern tech stack including jQuery, Bootstrap, Google Analytics, and Facebook SDK, hosted on Czech hosting providers. The site is mobile-optimized with good SEO and accessibility basics. Security posture is solid with HTTPS, security headers, and use of reCAPTCHA, though explicit security policies and incident response information are not published. Overall, the site is professional, trustworthy, and compliant with GDPR, though improvements in security transparency and accessibility could be made.

V

Václav Nocar, AZnet

aznet.cz

45

Václav Nocar, operating under AZnet, is a small Czech Republic-based technology service provider specializing in web design, web hosting, SEO, IT consulting, and advertising services. The company targets local businesses and individuals primarily in Teplice and surrounding regions, offering a broad portfolio of digital and IT solutions including domain registration, programming, and promotional materials. The website reflects a modest but functional online presence with basic content and navigation, supported by integration with Facebook and Google Analytics for marketing and tracking purposes. Technically, the site uses legacy JavaScript libraries and standard web technologies but lacks modern security headers and explicit HTTPS enforcement details, indicating room for improvement in security posture. Privacy compliance is partially addressed through a cookie consent banner and a linked privacy PDF, though no comprehensive privacy or security policies are present. Contact information is clearly provided, enhancing business credibility. Overall, the site is accessible and safe, with no adult or questionable content detected.

K

Klub Pathfinder

pathfinder.sk

48

Klub Pathfinder is a Slovak non-profit organization dedicated to youth development through outdoor activities, Christian education, and community events. The website serves as a hub for event announcements, training programs, and resources for youth and their leaders. It maintains an active presence with regular content updates and social media engagement, primarily on Facebook. Technically, the site is built on WordPress with common plugins for galleries, forms, and cookie management, providing a moderate performance and good mobile experience. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and formal security policies. Privacy compliance is partial due to the absence of a privacy policy and terms of service pages. Overall, the site is trustworthy and professional, serving its target audience effectively.

Mikroregion Rožnovsko, s.o. is a small non-profit regional association based in the Czech Republic, focused on promoting local culture, tourism, and community development within the Rožnovsko microregion. The website serves as an information hub for residents and visitors, providing updates on cultural events, local governance, and regional projects. The organization leverages modern web technologies including Bootstrap, jQuery, and integrates Google Analytics and Facebook SDK for tracking and marketing purposes. The site is well-designed, mobile-optimized, and provides clear navigation and relevant content in Czech language. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and vulnerability disclosure mechanisms. Privacy compliance is basic, with no explicit privacy policy or terms of service found on the main page. Overall, the website is trustworthy and professionally maintained, reflecting the organization's legitimacy and community focus.

S

StaMat CZ, s.r.o.

stamatcz.cz

45

StaMat CZ, s.r.o. is a small Czech Republic based company specializing in earthworks, demolition, construction waste recycling, and heavy transport services primarily serving the Pardubice region and surrounding areas. The company operates a waste collection and recycling center and offers a range of construction-related services. The website is professionally designed with clear navigation and relevant content, supporting the company's local market positioning. Technically, the site uses standard web technologies including jQuery and Facebook SDK, with a cookie consent mechanism in place, indicating awareness of privacy compliance. Security posture is adequate with HTTPS enabled but lacks advanced security headers and incident response information. WHOIS data is unavailable, which slightly reduces domain trust but the website content and contact details support legitimacy. Overall, the site presents a trustworthy and functional online presence for a regional construction services provider.

T

Tesařské práce a pokrývačské práce Rác

tesarske-prace-prelouc.cz

44

Tesařské práce a pokrývačské práce Rác is a small Czech Republic-based company specializing in carpentry and roofing services, operating since 1994. The website presents a professional image with detailed service offerings including roof repairs, wooden constructions, pergolas, and chemical protection of roof structures. The business targets local and regional customers primarily in Pardubice and surrounding areas. The company emphasizes reliability, experience, and customer satisfaction. Technically, the website uses standard web technologies such as jQuery and Facebook SDK for social integration, along with Lightbox for image galleries. The site is accessible and moderately optimized for mobile devices, with good SEO practices evident in meta tags and structured data. However, there is room for improvement in accessibility and performance optimization. From a security perspective, the site uses HTTPS but lacks explicit security headers and does not provide visible incident response or vulnerability disclosure information. The absence of WHOIS data for the domain raises concerns about domain legitimacy and registration status, which impacts overall trustworthiness. Privacy compliance is partially addressed through a GDPR cookie policy page with consent mechanisms. Overall, the website is functional and professional but would benefit from enhanced security measures, clearer domain registration transparency, and expanded privacy and incident response disclosures to improve trust and compliance.

V

V+M Nádražní restaurant s.r.o.

hotelvmprelouc.cz

46

Hotel VM Přelouč is a small hospitality business offering accommodation and traditional Czech cuisine in Přelouč, Czech Republic. The website provides detailed information about room types, restaurant menus, and booking options, targeting tourists and local visitors. The business is positioned as a local hotel with a long history dating back to 1991, emphasizing comfort, affordability, and authentic dining experiences. Technically, the website uses modern web technologies including jQuery, Google Fonts, and CookieHub for cookie consent management, with HTTPS enabled ensuring secure communication. However, the absence of WHOIS data limits domain trust verification. Security posture is moderate with HTTPS and cookie consent implemented but lacking advanced security headers and explicit security policies. Privacy compliance is good with GDPR-aligned cookie consent and privacy information available. Overall, the website is professional, user-friendly, and trustworthy, but could improve in security and transparency aspects.