Security Directory

I

isla

weareisla.co.uk

64

isla is a UK-based sustainable events movement focused on accelerating the transition of the events industry towards sustainability. Founded in 2020, it operates as a membership-driven community offering training, consultancy, carbon measurement tools, and best practice frameworks. The website demonstrates a strong market position as a collaborative network for agencies, brands, suppliers, venues, and in-house teams seeking to implement sustainable event practices. Technically, the site is built on WordPress with integrations such as HubSpot for forms and Google Analytics for tracking, reflecting a mature digital infrastructure. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers could be improved. Overall, the site is professional, well-branded, and compliant with GDPR, providing clear contact channels and comprehensive policies.

C

Caminovo

caminovo.at

68

Caminovo is a specialized HR consulting firm based in Austria, focusing on providing HR business partner services on demand, personnel search, organizational development, and team coaching primarily for medium-sized and owner-managed companies. The website presents a professional and well-structured digital presence built on WordPress with modern tools such as Bricks Builder and Rank Math SEO, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement and appropriate security headers, complemented by GDPR-compliant privacy and cookie policies with active consent mechanisms. No critical vulnerabilities or blocking mechanisms were detected, supporting a trustworthy and reliable online presence. Overall, Caminovo demonstrates a solid market position in the HR consulting niche with a clear value proposition and professional digital maturity.

T

Tulzer & Osterauer

to-do.at

54

Tulzer & Osterauer is a specialized interior architecture firm focusing on planning and executing renovation and new construction projects for banks, offices, commercial premises, and hotels primarily in Austria. The website presents a professional and well-structured digital presence built on WordPress with Elementor, featuring good design quality and mobile optimization. The technical infrastructure includes modern web technologies and SEO optimization tools such as Rank Math PRO. Security posture is solid with HTTPS and security headers implemented, though explicit privacy and terms of service policies are missing. No direct contact information is embedded in the HTML, which may affect user trust and compliance. Overall, the website is safe, professional, and trustworthy with room for improvement in privacy compliance and contact transparency.

Q

qqilipp

kalinkaphoto.at

65

Kalinkaphoto.at is a professional photography website specializing in documentary family and wedding photography based in Vienna, Austria. The business offers a range of services including family portraits, wedding reportage, baby bump and newborn photography, as well as online photography courses and mentoring. The website demonstrates a strong local niche market presence with a focus on authentic and natural photography capturing real-life moments. The site is well-branded and visually appealing, with consistent use of imagery and structured data to enhance SEO and user experience. Technically, the website is built on WordPress using Elementor as the page builder, supplemented by plugins such as Borlabs Cookie for cookie consent and Rank Math for SEO optimization. The site uses modern JavaScript libraries like Swiper.js for image sliders and jQuery. Performance is moderate with good mobile responsiveness and basic accessibility features. Security is well-managed with HTTPS enforced and standard security headers present, though there is room for improvement in privacy policy transparency and incident response readiness. From a security and compliance perspective, the site has implemented cookie consent mechanisms but lacks explicit privacy policy and terms of service pages, which are important for GDPR compliance. No incident response or vulnerability disclosure information is provided. The domain registration data is consistent with the business claims, showing transparency and legitimacy. No suspicious or malicious indicators were found. Overall, kalinkaphoto.at is a credible and professionally managed small business website with strong content quality and good technical implementation. Enhancing privacy compliance documentation and adding security contact information would further strengthen its trustworthiness and compliance posture.

G

Golf & Country Club Salzburg-Klessheim

golfclub-klessheim.com

52

Golf & Country Club Salzburg-Klessheim is a well-established regional golf club founded in 1955, offering a 9-hole golf course, driving range, professional golf training, tournaments, and hospitality services including the Restaurant Hubers. The website is professionally designed, mobile-optimized, and provides comprehensive information for golf enthusiasts and members. Technically, it is built on TYPO3 CMS with modern JavaScript libraries and integrates Google Maps and Google Tag Manager for enhanced user experience and analytics. Security posture is good with HTTPS enforced and secure form handling, though security headers and incident response information are lacking. Privacy and cookie policies are present and GDPR compliant, reflecting a responsible approach to user data. However, the absence of WHOIS registration data raises concerns about domain registration transparency, which slightly impacts trustworthiness.

B

Blueprint - KOSMAS

cap-ausbildung.eu

59

Blueprint - KOSMAS operates the CAP. educational initiative, providing supplementary vocational training alongside the AHS-Oberstufe in Austria. Their key offerings include four-year programs in Mechatronik and Cybersecurity, developed in partnership with reputable institutions such as WIFI Linz and FH OÖ. The website presents a professional, well-structured platform targeting youth seeking to enhance their technical and social skills parallel to academic schooling. Technically, the site is built on WordPress with modern plugins and frameworks, featuring good mobile optimization and SEO practices. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent mechanisms, though explicit security headers could be improved. The domain WHOIS is privacy protected, typical for .eu domains, and does not raise trust concerns given the transparent business presence and partner affiliations. Overall, the site is trustworthy, compliant, and well-positioned in its niche educational market.

H

healthPi GmbH

hochleistungsmedizin.at

51

healthPi GmbH operates a specialized healthcare website offering advanced laser and hyperbaric oxygen therapies primarily targeting patients with conditions such as Long Covid, Fingerpolyarthrose, Knochenmarködem, and Osteoporose. The company positions itself as a niche provider in Austria with a focus on personalized, interdisciplinary medical care. The website is professionally designed using WordPress and Elementor, integrating modern technologies such as Google Tag Manager, Matomo Analytics, and Google reCAPTCHA for security and analytics. Security posture is solid with HTTPS and form protections, though explicit security headers and incident response policies are absent. Privacy compliance is good with a comprehensive GDPR privacy policy, but lacks a cookie consent mechanism. Overall, the site is trustworthy, well-maintained, and suitable for its target audience.

M

Mag. Johannes Kerschbaumer - Rechtsanwalt

ortho1150.at

60

Ortho1150.at is a professional orthopedic medical practice website based in Vienna, Austria, representing Dr. Florian Sevelda and his team. The site offers comprehensive orthopedic services including pain therapy, joint replacement surgeries, and conservative treatments. It targets patients seeking orthopedic care in the 1150 district of Vienna, serving both public and private insurance holders. The business is positioned as a reliable local specialist with a focus on patient care and modern medical techniques. Technically, the website is built on WordPress using Elementor, with SEO and cookie consent plugins implemented. Analytics tools such as Google Analytics and Matomo are used for user tracking. Security posture is good with HTTPS and security headers in place, though some compliance gaps exist such as missing explicit privacy and terms of service pages. Overall, the website is professional, trustworthy, and well-structured for its healthcare audience.

S

Spreewind GmbH

windenergietage.de

61

The Windenergietage website represents a well-established and professional event platform focused on the wind energy sector in Germany. It organizes the 33rd edition of its conference in 2025, attracting over 4200 participants, indicating a strong market position and relevance in the renewable energy industry. The site offers detailed program information, multiple forums, and networking opportunities, targeting industry professionals, project developers, legal experts, and investors. The business model centers on event organization and industry networking, supported by advertising and sponsorship opportunities. Technically, the website is built on WordPress with common plugins such as Contact Form 7 and Ajax Search Lite, using jQuery and other standard libraries. The site is mobile-optimized with good SEO practices and moderate performance. Security posture is solid with HTTPS enabled and no exposed sensitive data, though security headers are not detected and cookie consent mechanisms are missing, which are areas for improvement. From a security and compliance perspective, the site maintains GDPR compliance with a comprehensive privacy policy but lacks visible cookie consent and explicit security or incident response policies. No vulnerabilities or suspicious patterns were detected. The WHOIS data aligns with the website's legitimacy, showing consistent domain registration and DNS setup without privacy protection, appropriate for the business type. Overall, the website is professional, trustworthy, and content-rich, serving its target audience effectively. Strategic recommendations include implementing cookie consent, adding security headers, and publishing security policies to enhance compliance and trust.

E

EDF power solutions Deutschland

mit-energie-arbeiten.de

54

EDF power solutions Deutschland is a medium-sized company specializing in the development, construction, and operation of renewable energy projects including onshore and offshore wind, photovoltaic systems, and battery storage solutions. As part of the international EDF power solutions group, it holds a strong market position in the German renewable energy sector. The website is professionally designed, mobile-optimized, and provides comprehensive information about the company’s services, values, and career opportunities. Technically, the site uses modern web technologies including Craft CMS, JavaScript modules, and Splide.js for interactive elements, hosted on performant infrastructure. Security posture is solid with HTTPS, CSRF protections, and cookie consent mechanisms, though it lacks explicit security policies or incident response contacts. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

E

Envusa Energy

envusa.com

45

Envusa Energy is a renewable energy company focused on delivering sustainable energy solutions across Southern Africa. It is a joint venture between Anglo American and EDF Renewables, leveraging global expertise to develop wind, solar, and storage projects. The company aims to power a low-carbon future with reliable clean energy. The website reflects a professional corporate presence with clear business messaging and partnership emphasis. Technically, the site is built on WordPress with modern themes and SEO optimization, though some improvements in security headers and privacy compliance are needed. The security posture is moderate with HTTPS enabled but lacks DNSSEC and explicit security policies. Overall, the site is trustworthy and well-positioned but would benefit from enhanced privacy and security disclosures.

The website www.foo.com is a domain parking and search landing page operated by Digimedia.com, L.P. It provides a basic search interface and includes privacy and cookie policies with consent mechanisms. The site lacks detailed business information, contact details, or terms of service, indicating it is not a fully developed commercial or service website. The WHOIS data query returned no registration information, suggesting the domain may be unregistered or inactive, which raises legitimacy concerns. Technically, the site uses a modern JavaScript library (jQuery 3.7.1), Google Analytics, and Google Tag Manager for tracking, and appears to be built on Ruby on Rails. The site is moderately optimized for mobile devices and has basic SEO and accessibility features. However, no security headers were detected, and SSL configuration details are unknown, indicating room for improvement in security posture. From a security perspective, the site implements cookie consent and CSRF tokens but lacks visible security policies, incident response contacts, or vulnerability disclosure mechanisms. The absence of WHOIS registration data and contact information reduces trustworthiness. No adult or explicit content is present, making the site safe for general audiences. Overall, the site scores moderately low on business credibility and security due to missing registration data and limited content. Strategic recommendations include verifying domain registration, enhancing security headers and SSL configuration, adding clear contact and security policy information, and improving content quality and SEO.

E

E. Breuninger GmbH & Co.

breuninger.com

67

E. Breuninger GmbH & Co. is a well-established German premium department store specializing in fashion, beauty, shoes, and accessories, with a history spanning over 140 years. The company operates a comprehensive e-commerce platform targeting fashion consumers primarily in Germany and neighboring countries. Their online presence is supported by a modern, well-designed website that offers fast delivery and a 30-day return policy, positioning them strongly in the retail market. Technically, the website employs modern JavaScript modules, CSS custom properties, and integrates a robust cookie consent mechanism via OneTrust, reflecting a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, contributing to a positive user experience. Security-wise, the website enforces HTTPS, includes multiple security headers, and shows no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS registration data is a notable anomaly, although the strong branding and verified social media presence mitigate concerns about legitimacy. Overall, the website demonstrates a high level of professionalism, security, and privacy compliance, with room for improvement in publishing explicit security policies and incident response information.

K

KaDeWe

kadewe.de

53

KaDeWe is a historic and iconic luxury department store based in Berlin, Germany, with a strong market position in retail and hospitality sectors. The website reflects a mature digital presence built on WordPress with modern marketing and UX tools, including cookie consent and social media integration. Security posture is good with HTTPS and privacy-conscious analytics, though lacking explicit privacy policies and security headers. The site is professional and trustworthy, targeting affluent shoppers interested in fashion, beauty, and gourmet food. No blocking or WAF challenges were detected, allowing full content analysis.

R

ROY ROBSON

royrobson.com

51

ROY ROBSON is a well-established premium menswear brand based in Germany, with a history dating back to 1922. The company designs and produces formal and smart casual menswear, serving both direct consumers and B2B clients. The website reflects a mature digital presence with multilingual support and strong branding. Technically, the site is built on WordPress with Elementor and uses modern plugins for SEO and cookie consent. Security posture is generally good with HTTPS and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is partial, with cookie consent but no explicit privacy policy found in the provided content. Contact information is not visible on the homepage, which may affect user trust. Overall, the site is professional, secure, and credible but could improve transparency and security practices.

B

Berufsgenossenschaft für Gesundheitsdienst und Wohlfahrtspflege (BGW)

bgw-online.de

62

The Berufsgenossenschaft für Gesundheitsdienst und Wohlfahrtspflege (BGW) operates as a statutory accident insurance provider for individuals working in the health and social services sectors in Germany. The website serves as a comprehensive portal offering information on accident insurance, prevention, rehabilitation, health protection, and training services. It targets professionals and organizations within the healthcare and welfare industries, positioning itself as a trusted and established institution within the German social system. Technically, the website is built on the CoreMedia CMS platform, hosted on Colt Technology Services infrastructure, and employs modern web technologies including JavaScript and CSS. It integrates analytics tools such as Matomo and eTracker for user behavior tracking, although it lacks a visible cookie consent mechanism. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. From a security perspective, the site enforces HTTPS and mentions the use of two-factor authentication for member services, indicating a commitment to protecting user data. However, explicit security headers are not evident, and no public security or incident response policies are found. The WHOIS data shows professional hosting but limited registrant details, which is typical for large institutional domains. Overall, the website demonstrates a strong business credibility and technical maturity with minor gaps in privacy compliance and security transparency. It is safe for general audiences and free from adult or questionable content.

The website at easy-booking.at is currently inaccessible or blocked, presenting only an empty HTML body with no metadata, content, or visible business information. This severely limits the ability to analyze the business, technical infrastructure, or security posture. The domain WHOIS data is privacy protected, further reducing transparency and trust. Without accessible content, no meaningful insights into the company's operations, services, or compliance can be derived. The lack of HTTPS or security headers also indicates a minimal security posture. Overall, the site appears to be either under construction, blocked by a WAF, or improperly configured, resulting in a very low trust and credibility score.

L

LIVEST

livest.cz

44

LIVEST is a Czech Republic based real estate development company specializing in residential projects including family houses and apartment buildings. The company focuses on ZTV projects and construction services, targeting general consumers interested in housing. The website is professionally designed using WordPress with modern plugins and frameworks, reflecting a moderate to good level of digital maturity. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks security headers and formal privacy and cookie policies, indicating room for improvement in compliance and security best practices. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. Strategic recommendations include implementing privacy and cookie policies, adding security headers, and establishing a vulnerability disclosure process to enhance trust and compliance.

F

Frameland s.r.o

frameland.cz

40

Frameland s.r.o is a small Czech Republic based company specializing in custom wood and metal manufacturing and construction services, including bespoke wooden houses, pergolas, terraces, and home accessories. The company leverages an architectural atelier for design and project customization, positioning itself as a local expert in the České Budějovice region. The website is built on WordPress using the Avada theme and includes modern marketing tools such as Google Tag Manager and Facebook Pixel. While the site is well designed, mobile optimized, and SEO friendly, it lacks explicit privacy and cookie policies, which is a compliance gap. Security posture is good with HTTPS and secure forms but missing security headers and incident response information. Overall, the domain registration data is consistent with the business claims, indicating legitimacy and trustworthiness.

K

Klein Building s.r.o.

kleinbuilding.cz

41

Klein Building s.r.o. is a Czech Republic-based small construction and engineering company specializing in building family houses, reconstruction projects, and energy-efficient building solutions including passive and low-energy homes. The company also provides energy consulting services and assists clients with subsidy programs such as Nová zelená úsporám. The website is professionally designed using WordPress and includes modern technologies like Google reCAPTCHA and Contact Form 7 for user interaction. Privacy and cookie policies are present, indicating awareness of GDPR compliance. However, the absence of WHOIS registrant data and explicit contact emails or phone numbers on the website reduces transparency and trustworthiness. Security posture is moderate with HTTPS enforced but lacking advanced security headers. Overall, the website presents a credible small business with room for improvement in security and contact transparency.

The website www.penb-audit.cz represents a small Czech company specializing in energy consulting services, particularly focused on the Nová zelená úsporám subsidy program, energy performance certificates (PENB), and energy audits. The company has a proven track record with over 100 successfully processed subsidy projects, targeting homeowners and commercial property owners seeking energy efficiency improvements. The website is professionally designed, uses HTTPS, and provides clear contact information, although it lacks privacy and cookie policies which are important for GDPR compliance. Technically, the site is built on WordPress 4.9.3 and uses older versions of jQuery and jQuery Migrate, which may expose it to security vulnerabilities. The site includes Google Analytics and Google Tag Manager for tracking, but no advanced security headers were detected. The performance and mobile optimization are moderate to basic, with room for improvement in accessibility and modern technology adoption. From a security perspective, the site benefits from HTTPS but lacks explicit security headers and uses outdated JavaScript libraries. The absence of WHOIS registration data reduces trustworthiness and raises concerns about domain legitimacy. No privacy or cookie policies were found, indicating compliance gaps with GDPR and related regulations. No incident response or security policy information is available. Overall, the website is functional and professional but requires updates to its technical stack, improved security practices, and enhanced privacy compliance to strengthen its security posture and trustworthiness.

D

Deutscher Verlag für Gesundheitsinformation GmbH

leading-medicine-guide.de

49

Leading Medicine Guide is a German healthcare expert portal operated by Deutscher Verlag für Gesundheitsinformation GmbH, founded in 2001. The website provides a curated directory of highly qualified German medical specialists and clinics across various medical fields, targeting patients and healthcare consumers seeking expert medical advice and treatment options in Germany. The business model centers on providing trusted healthcare information and facilitating connections between patients and medical professionals. The site maintains a consistent brand presence and good content quality, supporting its niche market position in the German healthcare sector. Technically, the website employs a moderate technology stack including jQuery, Cookiebot for cookie consent management, Matomo for analytics, and Google Tag Manager. It uses HTTPS and includes structured data for SEO and social media integration. The site is mobile-optimized with good navigation and accessibility features, although some improvements in security headers and performance optimization could be made. From a security perspective, the site implements a comprehensive cookie consent mechanism with granular user controls, indicating good privacy compliance efforts. However, no explicit privacy policy or terms of service pages were detected in the provided content, and WHOIS data is missing or domain registration is unconfirmed, which raises concerns about domain legitimacy. No security policy or incident response information is published, and security headers appear absent, suggesting room for improvement in security posture. Overall, the website is professional and trustworthy in content and business presentation but would benefit from enhanced transparency in domain registration, explicit privacy and security policies, and improved security best practices to strengthen user trust and compliance with data protection regulations.

K

KOSMAS

kosmas.at

73

KOSMAS is a specialized full-service marketing agency based in Vienna, Austria, focusing on providing tailored marketing solutions for medical practices, particularly doctors. Their services include web design, online marketing, corporate identity, graphic design, and IT services, aimed at increasing patient acquisition and retention. The company has a strong market position supported by 20 years of experience and high customer satisfaction. Technically, the website is built on WordPress with modern tools like Bricks Builder and Automatic CSS, ensuring excellent performance, mobile optimization, and SEO. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place, although explicit security policies and incident response contacts are not published. The domain registration data aligns well with the business claims, enhancing trustworthiness. Overall, the website is professional, secure, and compliant with GDPR, making it a reliable digital presence for the agency.

M

medsyn

medsyn.at

43

medsyn is a modern medical and therapy center based in Vienna, Austria, offering a wide range of specialized healthcare services including orthopedics, intervention pain therapy, autologous cell therapy, physiotherapy, neurology, dermatology, and more. The website presents a professional image with detailed information about medical specialties and staff, targeting patients seeking high-quality medical care. The business operates as a private healthcare provider with a medium-sized presence in the regional market. Technically, the website is built on WordPress using popular plugins such as WPBakery Page Builder and RevSlider, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and secure forms, but lacks visible security headers and formal security policies. Privacy compliance is weak due to the absence of a privacy policy and terms of service, though a cookie consent mechanism is present. Overall, the site is trustworthy and professional but would benefit from enhanced privacy and security disclosures.

F

Faulmann & Faulmann Küchen

faulmann.at

49

Faulmann & Faulmann Küchen is a well-established kitchen design and retail company based in Vienna, Austria, founded in 1998. The company specializes in planning and designing high-quality kitchens, offering a showroom experience with premium kitchen brands and appliances. Their market position is that of a trusted regional player focusing on premium kitchen solutions for discerning customers. Technically, the website is built on TYPO3 CMS with modern frontend technologies, providing a good user experience with mobile optimization and clear navigation. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, though additional security headers and explicit security policies could enhance their stance. Overall, the website reflects a professional and credible business with strong branding and trust indicators such as awards and social media presence.

O

Orthopäde Priv. Doz. Dr. Reinhard Schuh

orthopaede-drschuh.at

57

Orthopäde Priv. Doz. Dr. Reinhard Schuh operates a specialized orthopedic medical practice focusing on foot and ankle disorders in Vienna and Lower Austria. The website presents a professional and comprehensive overview of services including conservative treatments and surgical interventions, supported by strong trust indicators such as certifications and extensive experience. The practice targets patients seeking expert foot care and surgery, positioning itself as a leading foot surgeon in Austria with over 5,000 operations performed. Technically, the website is built on WordPress with Elementor, employs Matomo for analytics, and uses Borlabs Cookie for GDPR-compliant consent management. Security posture is strong with HTTPS and cookie consent mechanisms, though some security headers could be improved. Overall, the site is well-optimized for SEO, mobile-friendly, and accessible, providing a high-quality user experience.

D

Deutsche Postcode Lotterie

deutschepostcode-lotterie.de

70

The Deutsche Postcode Lotterie operates a socially responsible lottery platform in Germany, allowing participants to win prizes based on their postal codes. The website is professionally designed, mobile-optimized, and provides comprehensive information about participation, prizes, and social impact. The platform is TÜV Saarland certified and regulated by the German gambling authority, enhancing its trustworthiness. Technically, the site uses modern frameworks such as Next.js and Storyblok CMS, hosted on Vercel, ensuring fast performance and good accessibility. Privacy compliance is well addressed with GDPR-aligned policies and a consent management platform. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. Overall, the site presents a trustworthy and professional digital presence for a large non-profit lottery business.

P

PRISMA European Capacity Platform GmbH

prisma-capacity.eu

68

PRISMA European Capacity Platform GmbH operates a leading SaaS platform facilitating gas capacity trading across Europe. The platform serves Transmission System Operators, Storage System Operators, LNG Operators, Shippers, and AggregateEU participants, enabling efficient auctioning and trading of gas transmission and storage capacity. The company positions itself as a key enabler for Europe's energy security and the Green Transition through digital innovation. Technically, the website is built on HubSpot CMS, leveraging modern web technologies and analytics tools, delivering a professional and responsive user experience. Security-wise, PRISMA demonstrates a mature posture with ISO 27001 certification, HTTPS enforcement, and cookie consent mechanisms, though some security headers could be explicitly verified and incident response contacts published. Overall, the website is trustworthy, professional, and compliant with GDPR, with no signs of blocking or malicious content.

P

Pigsar

pigsar.de

68

Pigsar is a specialized service provider in Germany focusing on the testing and calibration of high-pressure natural gas meters. Positioned as a leading test facility, the company offers precise and accurate metrology services primarily targeting industrial and commercial clients involved in natural gas measurement. The website reflects a professional business model centered on metrology and calibration services, supported by downloadable company brochures and multilingual content to serve a broader audience. Technically, the website is built on the Neos CMS platform using the Flow PHP framework, hosted on Adacor nameservers. The site demonstrates good digital maturity with responsive design, SEO optimization, and a cookie consent mechanism compliant with GDPR. Google Tag Manager and Google Analytics are used for analytics and tracking, with clear user consent for statistics cookies. From a security perspective, the website enforces HTTPS and employs cookie consent for privacy compliance. However, it lacks explicit security headers and does not provide a public security policy or vulnerability disclosure page. No critical vulnerabilities or exposed sensitive data were detected, indicating a solid security posture but with room for improvement in transparency and header implementation. Overall, the website is trustworthy, professionally designed, and compliant with privacy regulations. The risk level is low, but strategic enhancements in security policy publication and header configurations would further strengthen the security posture and user trust.

V

Vier Gas Transport GmbH

viergas.de

51

Vier Gas Transport GmbH is a German company specializing in the acquisition, holding, and management of interests in gas transmission assets and the broader energy sector. Founded in 2012, it is the sole owner of Open Grid Europe, a leading European gas transmission system operator. The website targets investors and energy sector stakeholders, providing corporate, financial, and business news information. The business model focuses on asset management and energy sector investments, positioning Vier Gas as a significant player in European energy infrastructure. Technically, the website is built on the Neos CMS platform using the Flow PHP framework, with frontend technologies including jQuery and Bootstrap. Hosting is provided by Adacor, indicated by the nameservers. The site demonstrates good mobile optimization, SEO practices, and moderate performance. The technical stack is modern and well-maintained, supporting a professional digital presence. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks several security headers and does not publish explicit security or incident response policies. There is no cookie consent mechanism despite GDPR compliance indicated by the privacy policy. No vulnerabilities or malicious content were detected. Overall, the security posture is solid but could be improved by implementing additional headers and transparency measures. The overall risk assessment is low, with the website presenting a trustworthy and professional corporate image. Strategic recommendations include enhancing security headers, publishing incident response information, implementing cookie consent, and adding a vulnerability disclosure policy to strengthen compliance and trust.

Z

ZOAA

zoaa.cz

44

ZOAA is a Czech architectural studio specializing in designing hospitality and residential projects. Their website showcases a portfolio of projects including restaurants, hotels, and apartments, emphasizing modern and aesthetic architectural solutions. The company targets private investors and hospitality businesses seeking architectural design services. The website is built on WordPress with modern web technologies and integrates social media and analytics tools. Security posture is moderate with HTTPS enabled but lacks security headers and formal privacy or cookie policies. WHOIS data is unavailable, which limits domain trust assessment. Overall, the site is professional and content-rich but would benefit from enhanced privacy compliance and security best practices.

S

SCHINDLER SEKO ARCHITEKTI s.r.o.

schindlerseko.cz

10

SCHINDLER SEKO ARCHITEKTI s.r.o. is a Czech architectural studio operating since 2011, specializing in unique architectural projects across Central Europe. The company presents itself as a small but established player in the real estate and architectural design sector, offering tailored project solutions. Their website reflects a professional and consistent brand image with a focus on showcasing their portfolio and services. Technically, the site is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable infrastructure. The site is mobile-optimized and includes social media integration, enhancing digital presence. Security-wise, the website uses HTTPS and avoids exposing sensitive data, but lacks advanced security headers and explicit privacy or cookie policies, which are areas for improvement. Overall, the site is accessible, trustworthy, and professionally presented but could enhance compliance and security posture.

A

ATELIÉR Klein

atelierklein.cz

44

ATELIÉR Klein is a Czech architectural design firm specializing in low-energy and passive family houses as well as commercial buildings. Their services include interior design, project documentation, and energy consulting, with a strong focus on energy efficiency and subsidy program support. The website reflects a small but professional business with consistent branding and a clear market position in the Czech Republic's real estate and energy sectors. Technically, the site is built on WordPress with modern scripts and integrations such as Google reCAPTCHA and Facebook Pixel, indicating a moderate level of digital maturity. Security posture is good with HTTPS and some security best practices, though there is room for improvement in security headers and incident response transparency. Overall, the site is trustworthy, GDPR compliant, and provides clear privacy and cookie policies, but lacks explicit contact details and terms of service. The domain WHOIS data is unavailable, likely due to privacy protection, but the website content and partner references support legitimacy.

B

BLAŽEK PROJEKT s.r.o.

blazekprojekt.com

10

BLAŽEK PROJEKT s.r.o. is a Czech architectural and interior design firm specializing in custom project design and consulting services primarily in Ostrava and Opava. The company has a strong market presence with over 7 years of experience and more than 1000 completed projects, supported by positive client testimonials and a professional online presence. The website is built on WordPress with the Divi theme and includes modern SEO and tracking tools, demonstrating a moderate to high level of digital maturity. Security posture is adequate with HTTPS enabled and domain transfer protection, though improvements such as DNSSEC and security headers are recommended. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. Overall, the site reflects a trustworthy and professional business with a solid technical foundation.

M

M H Furniture Holdings Ltd trading as Iconic Interiors

iconicinteriors.com

56

Iconic Interiors is a UK-based specialist retailer focused on mid century modern and Bauhaus replica designer furniture. The company operates an e-commerce platform offering a curated selection of high-quality replica furniture pieces, targeting consumers who appreciate classic design aesthetics. The business emphasizes quality craftsmanship and offers next day delivery on in-stock items. The website is professionally designed with clear navigation and good mobile optimization, supporting a positive user experience. Technical infrastructure includes modern JavaScript frameworks (Vue.js), integration with Snipcart for e-commerce, and Google Tag Manager for analytics. Security posture is generally strong with HTTPS and secure payment processing, though the absence of security headers and cookie consent mechanisms are areas for improvement. The WHOIS data for the domain is missing, which raises some concerns about domain registration legitimacy; however, the presence of company registration details and trust signals on the site mitigate this risk. Overall, the website is credible and professional but would benefit from enhanced privacy compliance and security best practices.

G

Goran Jordović

jordovic.eu

9

The website www.jordovic.eu represents the personal and professional online presence of Goran Jordović, a technology enthusiast and digital professional based in Serbia. The site serves as a portfolio and blog, highlighting his roles as a developer, business owner, and Erasmus+ ambassador. The content is well-structured, professionally presented, and targets a general audience interested in technology and personal insights. The business model is centered on personal branding and professional services, with no direct e-commerce or transactional components. Technically, the site is built on WordPress using the WPBakery Page Builder, incorporating modern web fonts and icons, and integrates Google Analytics and Google Tag Manager for visitor tracking. The site is mobile optimized and performs moderately well, though there is room for improvement in accessibility and SEO. The SSL configuration is excellent, ensuring secure HTTPS connections. From a security perspective, the site lacks several important security headers and does not provide privacy or cookie policies, which impacts compliance and user trust. No WHOIS registrant data is publicly available due to EURid privacy restrictions, but the domain appears legitimate and consistent with the personal brand presented. No signs of WAF or blocking mechanisms were detected, and no adult or explicit content is present. Overall, the website is a good example of a personal professional site with solid technical foundations but would benefit from enhanced security practices, privacy compliance, and formal policies to improve trust and regulatory adherence.

T

Toada

toada.consulting

45

Toada is a specialized consultancy focused on transforming cultural and event visions into impactful, human-centric experiences. The company positions itself as a premier consultancy that leverages culture to drive action, identity to build communities, and impact to foster sustainable growth. Their core services include strategizing, conceptualizing, and performing, aimed at simplifying complexity and delivering measurable outcomes. The website is professionally designed using Webflow CMS, with a clear and consistent branding approach targeting organizations and stakeholders interested in culture-driven initiatives. Technically, the website employs modern web technologies such as Webflow, jQuery, and WebFont Loader, hosted likely on GoDaddy infrastructure. The site demonstrates good mobile optimization and user experience, though accessibility and SEO optimizations are basic. Security posture is moderate; HTTPS is presumably enabled, but no security headers or explicit privacy and cookie policies are present, indicating room for improvement in compliance and security best practices. Overall, the security posture is adequate for a small consultancy but lacks advanced protections and transparency in privacy compliance. The WHOIS data is privacy protected, which is common for such businesses, and no suspicious patterns are detected. The site is safe for general audiences with no adult or explicit content. Strategic recommendations include enhancing security headers, adding privacy and cookie policies, and improving accessibility and compliance features to strengthen trust and regulatory adherence.

A

Apartmenthaus Alpenblick Villach

alpenblick-villach.at

51

Apartmenthaus Alpenblick Villach is a small hospitality business offering apartments and rooms for rent near the city of Villach, Austria. The website targets both vacationers and business travelers, providing modern accommodations with online booking and inquiry capabilities. The business positions itself as a local accommodation provider with a focus on proximity to nature and city amenities. Technically, the website is built on WordPress using common plugins and frameworks such as Bootstrap and jQuery, with GDPR compliance managed via the Complianz plugin. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enabled and cookie consent mechanisms in place, though security headers are missing and no explicit security or incident response policies are published. Overall, the domain registration data is consistent with the business location and supports legitimacy. No adult or explicit content is present, making the site safe for general audiences.

H

Homestaging-Expert

homestaging-expert.at

51

Homestaging-Expert is a small Austrian company specializing in home staging services aimed at preparing properties for sale or rent to achieve optimal market positioning and pricing. Operating primarily from Villach, Kärnten, it serves a broad Austrian market with additional services including property visualizations and real estate brokerage partnerships. The website is professionally designed using WordPress with the Avada theme and incorporates modern SEO and analytics tools, reflecting a mature digital presence. Privacy and cookie compliance are well implemented with clear policies and consent mechanisms. Security posture is solid with HTTPS and basic best practices, though additional security headers and incident response information could enhance trust. Overall, the business presents a credible and professional front with consistent branding and clear contact information.

D

DOKYO

dokyo.de

10

DOKYO is a Hamburg-based full-service advertising agency specializing in creating multi-channel, integrated brand and product advertising campaigns. They serve notable clients such as AXE, Dove, and Ben & Jerry’s, positioning themselves as a creative agency that leverages pop culture to make brands more emotional, relevant, and popular. The agency has a strong market presence with over 150 campaigns for more than 30 brands over 15 years, supported by a B CORP certification indicating social and environmental responsibility. Technically, the website is built with modern web standards including HTML5, CSS3, and JavaScript, utilizing the Swiper.js library for interactive sliders. Hosting is provided by Strato AG, a German hosting provider, consistent with the agency’s location. The site is mobile optimized with good SEO practices and basic accessibility features, though there is room for improvement in accessibility and performance optimization. From a security perspective, the website enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. However, it lacks explicit security headers, published security policies, incident response contacts, and vulnerability disclosure mechanisms. No analytics or tracking scripts were detected, indicating a minimal user tracking approach. The WHOIS data is minimal but consistent with the hosting provider and geographic location, with no privacy protection that would raise suspicion. Overall, the website is professional, trustworthy, and compliant with privacy regulations, but could enhance its security posture by adding explicit security policies, headers, and incident response information. The absence of direct contact emails or phone numbers on the main page may impact user trust and accessibility. Strategic improvements in these areas would strengthen the agency’s digital maturity and security readiness.

B

bontempo GmbH & Co. KG

bontempo.de

41

Bontempo GmbH & Co. KG is a medium-sized German agency and manufactory specializing in retail design, exhibition construction, shopfitting, and event services across Europe. The company positions itself as a creative partner turning spaces into brand experiences, serving a diverse clientele including notable brands in retail and events. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and uses Matomo for analytics with device fingerprinting. The site is mobile-optimized and SEO-friendly, though some accessibility features are basic. Performance is moderate, with room for optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place. However, additional security headers and a formal security policy or incident response contact are absent. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with comprehensive privacy and cookie policies aligned with GDPR. Overall, the website presents a trustworthy and professional digital presence with minor areas for security and technical enhancement. The domain WHOIS data supports legitimacy and transparency, reinforcing business credibility.

The FC St. Pauli Museum website serves as a digital gateway promoting the museum's mobile app, targeting fans and visitors interested in the cultural heritage of the FC St. Pauli football club. The business operates as a non-profit cultural institution based in Germany, leveraging digital platforms such as Google Play and Apple App Store to distribute its app. The website content is well-structured, visually consistent, and provides clear calls to action for app downloads, supported by official social media channels and endorsements from reputable German cultural bodies. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with minimal external dependencies. It integrates Umami analytics for privacy-conscious user tracking. The site is mobile-optimized and offers a good user experience, although accessibility and SEO optimizations are basic. No advanced CMS or hosting details are evident from the content. From a security perspective, the website lacks visible security headers and does not provide explicit security or incident response policies. The absence of a cookie consent mechanism indicates partial GDPR compliance, though a privacy policy is present and accessible. No forms or direct contact information are provided, limiting data exposure risks but also reducing user engagement options. Overall, the website presents a trustworthy and professional front for the museum app, with low risk from a security and privacy standpoint. Strategic improvements in security headers, cookie consent, and published policies would enhance compliance and user trust. The domain WHOIS data was not provided, limiting the ability to assess domain registration legitimacy and history fully.