Security Directory

E

European Coalition to End Animal Experiments (ECEAE)

eceae.org

48

The European Coalition to End Animal Experiments (ECEAE) is a well-established non-profit umbrella organization founded in 1990, representing 18 animal protection and scientific organizations across Europe. Their mission focuses on abolishing animal experiments and promoting humane, animal-free research methods. The organization holds a recognized position with official stakeholder status in several EU bodies, enhancing their influence in policy and advocacy. The website reflects this mission with clear, relevant content targeted at animal welfare advocates, researchers, and policymakers. Technically, the website is built on Joomla CMS with a modern and responsive design, delivering a good user experience across devices. The infrastructure is moderate in performance, with no blocking or WAF challenges detected. However, some security best practices such as DNSSEC and security headers are missing, and no cookie consent mechanism is implemented, which is a compliance gap given GDPR relevance. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks published security policies or incident response contacts. The WHOIS data is transparent and consistent with the organization's identity and location, supporting legitimacy. Overall, the site is professional and trustworthy but could improve privacy compliance and security hardening. Strategic recommendations include enabling DNSSEC, implementing security headers, adding cookie consent for GDPR compliance, and publishing security and incident response policies to enhance trust and compliance.

The Luxembourg House of Cybersecurity (LHC) website represents a government-backed initiative focused on cybersecurity coordination and awareness within Luxembourg. The site primarily serves as an informational landing page announcing the transformation of SECURITYMADEIN.LU into LHC, targeting government entities and cybersecurity stakeholders. The business model is centered on providing a national cybersecurity hub and fostering community engagement in cybersecurity matters. Technically, the website is built using the Hugo static site generator, with basic CSS and JavaScript. The site is simple and moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. No analytics or tracking technologies are detected, indicating a minimal digital footprint. From a security perspective, the site lacks visible security headers and published privacy or cookie policies, which are important for compliance and user trust. The absence of WHOIS data limits the ability to verify domain registration legitimacy, although the presence of official government links supports authenticity. No forms or user input fields reduce attack surface but also limit user engagement. Overall, the website is safe and professional but basic in content and technical sophistication. Strategic improvements in security headers, privacy compliance, and WHOIS transparency would enhance trust and compliance posture.

R

Raision Kaupunki

raisio.fi

63

Raisio.fi is the official website of Raision Kaupunki, the municipal government of Raisio city in Finland. The site provides comprehensive information and services related to housing, environment, city planning, and public events targeted primarily at residents, immigrants, and tourists. The website is built on Drupal 10 and incorporates modern web technologies including Matomo analytics and CookieHub for cookie consent management. The site demonstrates good design quality, clear navigation, and mobile optimization, reflecting a mature digital presence for a local government entity. From a security perspective, the website enforces HTTPS and uses a consent management platform, but lacks DNSSEC and explicit security headers, which are recommended for enhanced security. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with cookie consent mechanisms present but no explicit privacy policy or terms of service pages found in the analyzed content. WHOIS data confirms the domain is legitimately registered to the city of Raisio with consistent registration details and a long domain age, supporting trustworthiness. Overall, Raisio.fi presents a secure and professional municipal website with room for improvement in privacy transparency and DNS security. The site is safe for general audiences and does not contain any adult or questionable content.

T

Turun kaupunki

turku.fi

65

The website www.turku.fi is the official digital portal for the City of Turku, Finland. It serves as a comprehensive platform providing residents, businesses, and visitors with access to municipal services, cultural events, educational resources, and administrative information. The site is well-structured, professionally designed, and offers multilingual support, reflecting a mature digital presence for a large government entity. The business model is focused on public service delivery and community engagement, positioning Turku as a transparent and accessible city administration.

A

Associazione Trasvolatori Atlantici

trasvolatoriatlantici.it

40

The Associazione Trasvolatori Atlantici website serves as the official online presence for a small non-profit association focused on the history and commemoration of transatlantic aviators. The site provides historical content, galleries, and information about cruises and events related to aviation history. The business model is cultural and educational, targeting enthusiasts and members of the association. The website is built on Joomla! CMS with the JA T3 Framework, indicating a moderate level of technical maturity but with basic design and content quality. Security posture is adequate with HTTPS and DNSSEC enabled, but lacks security headers and privacy compliance documentation. No contact information or forms are present, limiting user engagement and trust signals. Overall, the site is functional but could benefit from enhanced privacy, security, and user experience improvements.

U

Ubiquiti Inc.

ui.com

77

Ubiquiti Inc. is a well-established enterprise technology company specializing in networking hardware and software solutions, particularly under the UniFi brand. The company targets enterprise customers and IT professionals with a comprehensive portfolio of products designed to unify networking and security management through an advanced software interface. The website reflects a mature digital presence with a professional design, clear navigation, and mobile optimization, supporting a strong market position in the technology and telecommunications sectors. Technically, the website leverages modern web technologies including React and JavaScript, hosted on Amazon AWS infrastructure, ensuring fast performance and scalability. The site employs best practices in SEO, accessibility, and user experience, with comprehensive metadata and structured data supporting search engine visibility. Analytics and marketing tools are integrated responsibly with user consent mechanisms in place. From a security perspective, the site enforces HTTPS, implements key security headers, and avoids exposing sensitive data. However, DNSSEC is not enabled, which is a recommended enhancement for DNS security. The absence of a public security policy or incident response contact is noted as an area for improvement. Overall, the security posture is strong with no critical vulnerabilities detected. The domain WHOIS data confirms the legitimacy of the website, showing a long registration history consistent with the company's founding date and no use of privacy protection, which aligns with the public nature of the business. The website is free from WAF or blocking mechanisms, allowing full content access and analysis. Strategic recommendations include enabling DNSSEC, publishing a security policy and incident response contacts, and maintaining regular audits of third-party scripts to sustain security and compliance standards.

C

CIRCL

vulnerability-lookup.org

69

Vulnerability-Lookup is a specialized cybersecurity platform developed and operated by CIRCL, focusing on vulnerability tracking, correlation, and coordinated vulnerability disclosure. It serves security teams, researchers, and system administrators by aggregating data from multiple vulnerability sources and providing tools for managing security advisories and sightings. The platform integrates with global initiatives such as the Global CVE Allocation System and supports compliance with directives like NIS2. Technically, the website is built using the Hugo static site generator and employs modern JavaScript libraries for search functionality, delivering a fast and accessible user experience. Security posture is solid with HTTPS implied, but lacks explicit security headers and published privacy policies, which are areas for improvement. WHOIS data is unavailable, reducing transparency but the association with CIRCL and EU funding projects supports legitimacy. Overall, the site is professional, trustworthy, and well-positioned within the cybersecurity niche.

U

Udruga Prijatelji životinja

prijatelji-zivotinja.hr

46

Udruga Prijatelji životinja is a well-established Croatian non-profit organization founded in 2001, dedicated to promoting animal rights, vegetarianism, and veganism. The website serves as a comprehensive platform for advocacy, education, event promotion, and community engagement, targeting environmentally and ethically conscious individuals. Their market position is strong within the Croatian and regional animal rights community, supported by memberships in European and international organizations. Technically, the website uses a custom or unknown CMS with a traditional tech stack including HTML, CSS, JavaScript, and jQuery, supplemented by Matomo analytics for privacy-conscious tracking. While the site is functional and moderately optimized, some outdated libraries present potential security risks. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the site is trustworthy and professional, with clear contact information and active social media presence.

V

Valtion tieto- ja viestintatekniikkakeskus Valtori

oskari.org

60

Oskari.org is a Finnish government-affiliated open source project providing a flexible web mapping application platform. The platform targets developers and government agencies needing spatial data infrastructure solutions, leveraging modern web technologies like React and Next.js. The website demonstrates a mature technical infrastructure with fast performance, good accessibility, and clear navigation. Security posture is solid with HTTPS enabled and no exposed sensitive data, though improvements are recommended in DNS security and security headers. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the site is trustworthy and professional, reflecting its government backing and active community engagement.

G

glammr.us

glammr.us

66

glammr.us operates as a niche Mastodon instance dedicated to individuals interested in galleries, libraries, archives, museums, memory work, and records (GLAMMR). It provides a decentralized, harassment-free social media platform emphasizing inclusivity and community support. The platform encourages diverse content beyond GLAMMR topics, fostering a welcoming environment for all users. The business model relies on community donations via Patreon and Ko-Fi to sustain server operations. Technically, the site is built on the Mastodon platform using modern web technologies including React and ES modules, delivering a moderately performant and mobile-optimized user experience. Security posture is adequate with HTTPS enforced and domain transfer protections in place, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is basic, with a privacy policy present but lacking cookie consent mechanisms and GDPR-specific disclosures. Overall, the site demonstrates good business credibility and technical maturity for a small independent social media server.

S

Saturation

saturation.social

63

Saturation.social is a small, invitation-only decentralized social media server powered by Mastodon and a Hometown fork. It targets users who value a social media experience focused on community and trust rather than commercial interests or power dynamics. The platform emphasizes open source technology and a grassroots approach to social networking. Technically, the site uses modern web technologies including React-based components and serves content over HTTPS with good SSL configuration. However, it lacks some security headers and formal security policies. Privacy compliance is basic with a privacy policy present but no cookie consent or GDPR-specific indicators. The site does not engage in advertising or tracking, enhancing user privacy. Overall, the platform is a niche community with moderate technical maturity and a good security posture but could improve in privacy compliance and formal security documentation.

T

tech.lgbt Moderators

tech.lgbt

60

tech.lgbt operates as a niche Mastodon instance providing a federated social networking platform primarily for LGBTQIA+ individuals and allies interested in technology and academic topics. The platform fosters community engagement through posts, hashtags, and news aggregation from across the fediverse, positioning itself as a trusted space for marginalized identities within the tech sector. The website's content and user base reflect a focused community with approximately 2.7K active users, indicating a small but engaged audience. The business model centers on community-driven social networking without commercial advertising or tracking, emphasizing privacy and inclusivity. From a technical perspective, the site leverages modern web technologies including React and JavaScript ES modules, hosted on DigitalOcean with domain registration via NameCheap. The platform runs Mastodon version 4.4.0-alpha.5+glitch, indicating active maintenance and use of open-source social networking software. The website demonstrates good mobile optimization and basic accessibility features, though SEO and performance optimizations are moderate. The absence of cookie consent mechanisms and some security headers suggests areas for improvement in compliance and security hardening. Security posture is solid with HTTPS enforced and no exposed sensitive data detected. However, the lack of DNSSEC and security headers such as CSP or HSTS represents potential vulnerabilities. The WHOIS data shows privacy protection for the domain registrant, which is justified given the community nature of the platform. No incident response or vulnerability disclosure policies are publicly available, which could be enhanced to improve trust and security readiness. Overall, tech.lgbt presents a professional, trustworthy, and community-focused platform with a strong emphasis on privacy and inclusivity. Strategic recommendations include enabling DNSSEC, implementing comprehensive security headers, adding cookie consent and vulnerability disclosure policies, and providing clearer contact information for security incidents. These steps would enhance compliance, security posture, and user trust, supporting sustainable growth and resilience in the federated social networking space.

E

European Mathematical Society - EMS - Publishing House GmbH

ems-ph.org

64

EMS Press is the official publishing house of the European Mathematical Society, specializing in high-quality academic publishing in mathematics. It offers a portfolio of peer-reviewed journals and books, focusing on open access and sustainable publishing models. The website reflects a mature digital presence with modern technologies such as React and Next.js, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC and explicit security policies could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, EMS Press presents a trustworthy and professional platform serving the academic mathematics community.

C

Centrum Wiskunde & Informatica (CWI)

cwi.nl

73

Centrum Wiskunde & Informatica (CWI) is the national research institute for mathematics and computer science in the Netherlands. It conducts pioneering fundamental research in key areas such as algorithms, data and intelligent systems, cryptography and security, and quantum computing. The institute collaborates closely with Dutch universities and industry partners, providing education and knowledge transfer through semester programmes and joint research initiatives. CWI is positioned as a leading academic and research entity within the Dutch and international scientific community. The website infrastructure is modern and professionally implemented, utilizing JavaScript, CSS, MathJax for mathematical rendering, and Piwik/Matomo for analytics. The site is mobile-optimized, accessible, and SEO-friendly, with clear navigation and consistent branding. Privacy and cookie policies are present with consent mechanisms, reflecting good compliance with GDPR requirements. However, explicit security policies and incident response information are not published. Security posture is strong with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. The site could improve by adding security headers and publishing a vulnerability disclosure or security.txt file. WHOIS data confirms the legitimacy of the domain, matching the institutional identity and country. Overall, the website is trustworthy, professional, and serves its academic audience effectively.

The website is a LinkedIn public profile for Alexander W., representing a small local tutoring business named Bloomington Tutors based in Bloomington, Indiana, USA. The profile highlights educational services and includes links to related tutoring websites. The digital infrastructure relies on LinkedIn's proprietary platform with secure authentication mechanisms including Google OAuth. Privacy and cookie policies are clearly presented, indicating compliance with GDPR and other regulations. The site is professionally designed with good content quality and user experience, optimized for mobile and accessibility. Security posture is strong with HTTPS, secure forms, and standard security headers, though WHOIS data is privacy protected and unavailable for detailed domain registration analysis. Overall, the site is trustworthy and suitable for its educational purpose.

Kevin Brown-Silva's website serves as a professional portfolio showcasing his software development expertise and contributions to open source projects. The site highlights his skills in technologies such as Python, Django, JavaScript, and jQuery, and provides links to his GitHub, Stack Overflow, LinkedIn, and Twitter profiles, establishing a credible online presence. The business model is personal branding and professional networking, targeting technology professionals and potential employers or collaborators. Technically, the website is built with standard web technologies including HTML, CSS, and JavaScript, with references to frameworks like Django REST framework and jQuery. Hosting and DNS are managed via Cloudflare, ensuring good SSL configuration and domain security. The site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. From a security perspective, the website benefits from HTTPS and domain transfer protection but lacks critical security headers and formal privacy or cookie policies. No forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement features. The absence of vulnerability disclosure or incident response information indicates room for improvement in security maturity. Overall, the website is a safe, professional, and trustworthy personal portfolio with good business credibility but limited privacy compliance and security best practices. Strategic enhancements in privacy policies, security headers, and incident response readiness would strengthen the site's security posture and compliance.

C

Conostix S.A.

conostix.com

56

Conostix S.A. is a small Luxembourg-based technology company specializing in security and system services, with a focus on security management consultancy, tailored open source software solutions, and customer care. Founded in 2001, the company positions itself as a niche provider for enterprises requiring advanced security expertise. The website content reflects this business focus but is basic in design and technical sophistication. Technically, the website is a simple HTML and CSS implementation with no detected CMS or advanced frameworks. There is no evidence of HTTPS enforcement or security headers, and mobile optimization is poor. The site lacks privacy and cookie policies, contact information, and incident response details, indicating limited digital maturity and compliance readiness. From a security perspective, the domain is well-established with consistent WHOIS data and clientTransferProhibited status, supporting legitimacy. However, the absence of HTTPS and security headers, as well as missing privacy compliance elements, represent vulnerabilities and compliance gaps. No forms or data collection mechanisms were found, reducing immediate data exposure risks. Overall, the website presents a moderate risk profile with room for significant improvements in security posture, privacy compliance, and technical modernization. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, improving mobile responsiveness, and enhancing security headers and incident response capabilities.

E

Eko Kvarner

ekokvarner.hr

41

Eko Kvarner is a Croatian non-profit environmental organization focused on promoting sustainable energy, climate change awareness, and ecological protection in the Kvarner region. The website serves as an information hub providing news, activities, projects, and educational resources to local communities and stakeholders interested in environmental issues. The organization appears well-established with a domain registered since 2012 and clear contact information including physical address, phone numbers, and email. The site content is primarily in Croatian and targets regional audiences. Technically, the website uses an older CMS platform called Galaksija and relies on legacy JavaScript libraries such as jQuery and Fancybox. While the site is accessible and contains meaningful content, it loads some external scripts over unsecured HTTP, which introduces mixed content risks. The site lacks modern security headers and advanced privacy or cookie consent mechanisms, indicating room for improvement in security and compliance maturity. Hosting is provided by Totohost, a Croatian hosting provider, and the domain registrar is CARNET, a reputable Croatian academic network. From a security perspective, the site uses HTTPS but does not implement additional security headers or content security policies. No incident response or security policy pages are found, and no vulnerability disclosure or security.txt files are present. The WHOIS data is consistent with the website's business profile and geographic location, supporting legitimacy. No suspicious or malicious indicators were detected. Overall, the website is functional and provides valuable content for its target audience but would benefit from technical modernization, improved security practices, and enhanced privacy compliance to strengthen trust and resilience against threats.

L

Latin Studio

latinstudio.at

58

Latin Studio is a small local dance studio based in Austria specializing in Latin dance styles. The website is built on the Wix platform and offers information about dance classes and workshops targeting dance enthusiasts. The technical infrastructure is standard for Wix-hosted sites, with moderate performance and basic mobile optimization. Security posture is basic with HTTPS enabled but lacks security headers and formal privacy or cookie policies. No contact or incident response information is provided, limiting transparency and compliance. Overall, the site is functional but would benefit from enhanced security and privacy features to improve trust and compliance.

F

Fondation Restena

restena.lu

72

Fondation Restena is a Luxembourg-based non-profit foundation that manages telecommunication infrastructure and services for the research, education, culture, health, and administration sectors in Luxembourg. It operates the national research and education network, manages the .lu domain registry, and provides a range of services including email, hosting, network connectivity, and IT security. The foundation is well-established, with origins dating back to 1989 and formal foundation status since 2000. Their market position is strong as a key national infrastructure provider with a focus on public and academic institutions. Technically, the website is built on Drupal 8, featuring modern web technologies and good mobile optimization. The site is well-structured with clear navigation and professional design. Security posture is strong, supported by ISO 27001 certification and secure form handling, although some security headers are not visibly implemented. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism. Overall, the security posture is robust with dedicated incident response services (CSIRT) and ongoing certification efforts. No major vulnerabilities or suspicious patterns were detected. The domain WHOIS data aligns well with the website content, confirming legitimacy and consistency. Strategic recommendations include enhancing privacy compliance with cookie consent, adding security headers, and publishing a vulnerability disclosure policy to further strengthen trust and security culture.

P

Private by Design, LLC

bolha.one

63

Bolhinha is an independent Mastodon instance serving a Portuguese-speaking community. It offers a moderated social networking platform without a specific theme, leveraging the Mastodon federated social network technology. The site is relatively new, founded in 2022, and operated by Private by Design, LLC, a US-based entity. The platform targets Portuguese speakers interested in decentralized social networking and community engagement.

G

GOVCERT.LU

govcert.lu

71

GOVCERT.LU serves as the official Computer Security Incident Response Team (CSIRT) for the Government of Luxembourg, providing centralized cybersecurity incident management and response services for government and critical infrastructure operators. The website offers comprehensive information on incident reporting, security advisories, and contact channels, positioning GOVCERT.LU as a trusted national cybersecurity authority. Technically, the site is built using the Hugo static site generator, delivering fast performance, mobile optimization, and accessible design. Security posture is strong with HTTPS enforced and secure communication channels, though improvements are needed in security headers and formal vulnerability disclosure policies. Overall, the site demonstrates a professional and trustworthy presence aligned with government standards.

A

Association d'assurance accident

aaa.lu

57

The Association d'assurance accident (AAA) website serves as the official online presence for the Luxembourg governmental accident insurance association. It provides comprehensive information on accident insurance, workplace safety, indemnifications, and related public services. The site targets residents, workers, and employers in Luxembourg, offering resources, contact points, and regulatory information. The organization holds ISO9001:2015 certification, reinforcing its commitment to quality and trustworthiness. Technically, the website is built on Adobe Experience Manager CMS, leveraging modern web technologies including RequireJS and Adobe Dynamic Tag Manager for analytics and marketing. The site is well-structured, mobile-optimized, and accessible, with clear navigation and professional design. Cookie consent and privacy policies are implemented in compliance with GDPR. Security posture is moderate with HTTPS usage inferred, but no explicit security headers were detected in the provided data. No vulnerabilities or exposed sensitive data were found. The absence of WHOIS data limits domain registration trust analysis, but the domain's public.lu TLD and content strongly indicate an official government entity. Overall, the website is a reliable and professional government resource with good content quality and privacy compliance. Recommendations include enhancing security headers, publishing explicit security policies, and improving WHOIS data transparency where possible.

L

Le Gouvernement du Grand-Duché du Luxembourg

accessibilite.lu

54

The website accessibilite.lu is an official government portal of Luxembourg dedicated to providing information on accessibility across digital platforms, infrastructure, and products/services. It serves as a public service resource aimed at residents and stakeholders interested in accessibility issues within Luxembourg. The site is branded consistently with Luxembourg government identity and offers navigation in French with an option for German. Technically, the site uses standard HTML5, CSS, and JavaScript, including Adobe Launch for analytics, indicating a moderate level of digital maturity. The site is mobile optimized and accessible, though content quality is basic with limited depth on the landing page. Security posture is adequate with HTTPS implied, but lacks visible security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. No contact or incident response information is provided, limiting user engagement and trust channels. Overall, the domain registration and DNS configuration align with official Luxembourg government infrastructure, confirming legitimacy and trustworthiness. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance the site's security and user trust.

H

Hugsmiðjan

hugsmidjan.is

56

Hugsmiðjan is a professional Icelandic digital agency specializing in designing and developing user-friendly, visually appealing, and results-driven web solutions. The company targets businesses and organizations seeking comprehensive digital services including strategy, design, development, marketing, and hosting. Their market position is supported by a portfolio of notable projects and a consistent brand presence. Technically, the website is built on modern frameworks such as Next.js and React, with good performance and mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security headers and privacy policies are lacking. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and domain registration transparency.

S

Simple Bytes

simplebytes.at

51

Simple Bytes is a small Austrian technology company specializing in modern, customized web design and app development for web, iOS, and macOS platforms. The company offers a range of services including web design, CMS integration, webshop solutions, domain registration, hosting, email and productivity service setup, app development, and ongoing support. Their market position is that of a specialized local service provider with a professional and client-focused approach, supported by client testimonials and references. Technically, the website employs a modern technology stack including Craft CMS, React, Vue.js, SvelteKit, and backend technologies like PHP Yii2 and Elixir Phoenix, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is good with HTTPS enforced and SSL certificates in use, but lacks some advanced security headers and explicit privacy and cookie policies, which are compliance gaps. WHOIS data is unavailable, which slightly reduces domain trustworthiness, but the website content and references support legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security transparency.

C

c/o whoisproxy.com

vmst.io

68

vmst.io operates as an independent Mastodon server catering to respectful technologists, geeks, and nerds. It provides a federated social networking platform allowing users to participate in the fediverse with features such as trending posts, hashtag exploration, and user profiles. The platform is positioned as a niche community server with a small but active user base, emphasizing respectful and tech-focused interactions. The business model revolves around hosting and community management rather than commercial advertising or monetization. Technically, the site leverages Mastodon version 4.5.0-alpha.1, React for frontend rendering, and is hosted on DigitalOcean with domain registration via 1API GmbH using privacy proxy services. The infrastructure is modern and supports mobile optimization and accessibility at a basic level. Security posture is solid with HTTPS enforced and domain transfer protection enabled, though DNSSEC is not active and security headers are not explicitly detected. Privacy compliance is supported by the presence of privacy and terms of service pages, but lacks a cookie consent mechanism. Overall, the site is trustworthy, professional, and safe for general audiences.

A

Associazione Aeronautica

assoaeronautica.it

50

Associazione Aeronautica is an Italian aeronautical association focused on serving professionals and stakeholders in the aviation and transportation sector. The website is built on the Wix platform, indicating a moderate level of digital maturity with basic content and design. The technical infrastructure relies on Wix's Thunderbolt framework and standard web technologies. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and policies. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the site presents a basic but functional online presence for the association.

W

Waldhart Software

skischool.shop

48

Waldhart Software operates a specialized online platform providing e-commerce and booking solutions tailored for ski schools and snow sports schools primarily in Alpine regions. The website serves as a reference showcase for nearly 300 live client online shops, demonstrating a strong market presence in the niche retail sector for winter sports education and services. The business model focuses on B2B SaaS offerings, enabling ski schools to manage online bookings and sales effectively. Technically, the website employs modern JavaScript frameworks, likely Vue.js with the Quasar UI framework, and integrates Google Maps APIs for location services. Hosting is managed via profiwebspace.at, with domain registration through InterNetX GmbH in Austria. The site is served over HTTPS, ensuring encrypted communications, but lacks DNSSEC and security headers, which are recommended for enhanced security. Security posture is moderate; while HTTPS and domain transfer protections are in place, the absence of security headers and privacy/cookie policies indicates room for improvement in compliance and security best practices. No forms or contact details were found in the analyzed content, limiting direct user engagement and incident response capabilities. Overall, the website is professional and well-structured, targeting ski schools and related businesses with a clear value proposition. However, to strengthen trust and compliance, the addition of privacy and cookie policies, security headers, and clear contact information is advised.

The Belgian Science Policy Office (BELSPO) operates as the Federal Public Planning Service Science Policy, providing coordination and support for scientific research and federal scientific institutions in Belgium. The website serves as an official government portal offering multilingual content in Dutch, French, and English, targeting government stakeholders, researchers, and the public interested in science policy. Key services include support for federal museums, participation in European and international scientific organizations, research funding, and management of the Belnet telematics network. Technically, the website uses basic HTML, CSS, and JavaScript without advanced frameworks or CMS detected. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. Security headers and SSL configuration details are not visible in the provided data, suggesting room for improvement in security hardening. From a security perspective, the site shows no signs of vulnerabilities or exposed sensitive data but lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. Privacy and cookie policies are present, though cookie consent mechanisms are not implemented. WHOIS data is restricted by DNS Belgium policy, which is typical for government domains, and does not raise legitimacy concerns. Overall, the site is trustworthy and professional but could enhance its security posture and privacy compliance. The overall risk is low given the official nature and content safety, but strategic improvements in security headers, HTTPS enforcement, and transparency in incident response would strengthen the security and trust profile.

L

Le Gouvernement du Grand-Duché de Luxembourg

lu-alert.lu

58

LU-Alert is the official Luxembourg government website dedicated to the national alert and information system for the population. It provides timely alerts issued by public authorities and promotes the LU-Alert mobile application available on iOS and Android platforms. The website targets residents and citizens of Luxembourg, aiming to enhance public safety through effective communication channels. The site is well-branded with consistent government identity and offers content primarily in French with language alternatives.

L

Le Gouvernement du Grand-Duché de Luxembourg

etat.lu

64

The website etat.public.lu serves as the official directory and portal for public administration websites of the Grand Duchy of Luxembourg. It provides comprehensive listings and links to government ministries, agencies, and related public services primarily in French. The site is government-operated, targeting public sector employees, citizens, and stakeholders seeking official information. The business model is informational and public service oriented, with a strong market position as the authoritative government directory. Technically, the site is built on Adobe Experience Manager, uses modern web standards, and is mobile optimized with good accessibility features. Security posture is moderate with HTTPS implied and cookie consent implemented, but lacks explicit security headers and incident response information. The absence of WHOIS data limits domain trust verification, though the content and branding strongly indicate legitimacy. Overall, the site is professional, trustworthy, and serves its public information purpose effectively.

L

Le Gouvernement du Grand-Duché de Luxembourg

guichet.lu

67

Guichet.public.lu is the official government portal of Luxembourg dedicated to providing citizens with easy access to a wide range of public services and administrative information. The website offers comprehensive coverage of topics such as financial aids, citizenship, family and education, taxation, immigration, inclusion, justice, housing, leisure, health, transport, and employment. It serves as a centralized digital gateway for Luxembourg residents to navigate government procedures efficiently. Technically, the site is built on Adobe Experience Manager (AEM), leveraging modern web technologies including SVG icons, JavaScript, and CSS for a responsive and accessible user experience. The presence of Adobe Dynamic Tag Manager indicates a mature approach to analytics and marketing tag management. The site is mobile-optimized and includes accessibility features, ensuring usability for a broad audience. From a security perspective, the website enforces HTTPS and integrates secure login mechanisms linking to official government authentication services. Cookie consent and privacy policies are clearly presented, reflecting compliance with GDPR requirements. While explicit security headers are not fully visible in the provided data, the overall posture appears strong with no evident vulnerabilities or exposed sensitive data. Overall, guichet.public.lu demonstrates a high level of professionalism, trustworthiness, and user-centric design, making it a reliable resource for Luxembourg citizens. The main limitation in the analysis is the absence of WHOIS data, which restricts domain registration trust assessment. Nonetheless, the official branding and domain extension support its legitimacy.

L

Le gouvernement luxembourgeois

gouvernement.lu

65

The website gouvernement.lu is the official portal of the Luxembourg government, providing authoritative information, news, and access to public services. It serves a broad audience including citizens, residents, businesses, and international partners. The site is well-structured, multilingual, and professionally designed, reflecting its role as a government information hub. Technically, it is built on Adobe Experience Manager CMS and uses Adobe DTM for tracking, indicating a mature digital infrastructure. Security posture is adequate with HTTPS and cookie consent mechanisms, though explicit security headers and policies could be improved. WHOIS data is unavailable due to query rate limits, but the domain's .lu TLD and official branding support legitimacy. Overall, the site demonstrates strong business credibility and good privacy compliance.

S

sitour Slovakia

sitour.sk

50

sitour Slovakia operates as a key player in the tourism advertising sector, providing innovative and flexible advertising solutions primarily in ski resorts, aquaparks, and online platforms. As part of the larger sitour International network, it leverages a strong market position across Alpine regions to deliver targeted out-of-home and digital advertising services. The website reflects a professional and modern digital presence, utilizing the Astro framework and integrating Google Tag Manager for analytics and marketing purposes. Privacy and cookie consent mechanisms are robust and GDPR compliant, enhancing user trust. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response contacts are absent. Overall, the site demonstrates a mature business with a clear focus on tourism advertising and technology, supported by consistent branding and comprehensive content.

T

The Waterfront

sweetmelissascafe.com

59

The Waterfront is a hospitality business operating as a restaurant located in Venice, California. The website serves as an online presence providing information about the restaurant, menus, reservations, and scheduling. The business appears to be a small local restaurant with a focus on dining services and event scheduling. The website is built on the Squarespace platform, leveraging standard web technologies and third-party scripts such as Iubenda for cookie management, although no active cookie consent mechanism or privacy policy is present. The site is moderately optimized for performance and mobile devices, with a clean and consistent branding approach. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is functional and professional but would benefit from enhanced privacy and security measures to improve trust and compliance.

T

The Waterfront

yourfitnesspath.com

59

The website content analyzed corresponds to 'The Waterfront', a hospitality business likely operating as a restaurant or event venue. The site offers menus, reservation options, and scheduling links, targeting general public customers. The technical infrastructure is based on Squarespace CMS, leveraging standard web technologies and third-party services like Iubenda for cookie management. The site is mobile optimized and has moderate performance. Security posture is adequate with HTTPS enabled but lacks advanced security headers and privacy compliance documentation. The WHOIS data for the provided domain yourfitnesspath.com is missing, and the website content does not match the domain, indicating a possible domain-content mismatch or error in the provided URL. This discrepancy impacts trust and legitimacy assessments. Overall, the site is professionally designed but requires improvements in privacy compliance, contact transparency, and security best practices.

T

Tiskárna GARMOND spol. s r.o.

garmond-tisk.cz

44

Tiskárna GARMOND spol. s r.o. is a small Czech printing company established in 1992, offering comprehensive printing services including prepress preparation, offset and digital printing, surface finishing, embellishments, bookbinding, and delivery. The company emphasizes in-house production capabilities and minimal external subcontracting, positioning itself as a reliable regional provider with specialized binding services. The website is professionally designed using WordPress with multilingual support, optimized for SEO and mobile devices, reflecting a mature digital presence. Security posture is good with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and formal privacy/cookie policies, indicating areas for compliance improvement. Overall, the business demonstrates legitimacy and professionalism with clear contact information and client testimonials, but should enhance privacy compliance and security best practices to strengthen trust and regulatory adherence.

F

FANSHOP BK Mladá Boleslav

fanshopbkboleslav.cz

53

FANSHOP BK Mladá Boleslav operates an e-commerce platform dedicated to selling fan merchandise for the BK Mladá Boleslav hockey team. The website offers a variety of products including apparel, accessories, and souvenirs targeted at fans and supporters. The business model is focused on niche retail e-commerce within the Czech Republic, catering to a specific sports fan base. The site demonstrates consistent branding and good content quality with clear product listings and pricing. Technically, the site uses a custom or proprietary e-commerce platform with JavaScript, CSS, and Matomo analytics integration. The website is mobile optimized and provides a cookie consent mechanism aligned with GDPR principles, although a formal privacy policy page is not clearly identified. Security posture is adequate with HTTPS enforced and secure form handling, but lacks some security headers and explicit security policies. WHOIS data is unavailable, which impacts domain trust and legitimacy assessment. Overall, the site is functional and professional but would benefit from enhanced transparency and security documentation.

Kapela Severka is a small music band based in the Czech Republic, with a website primarily serving as an informational and promotional platform. The site provides basic details about the band, including history, concerts, photo galleries, and partner information. The target audience is general public and fans interested in the band's activities. The business model is focused on band promotion and event announcements. Technically, the website is built with basic HTML, CSS, and JavaScript, including Google Analytics for visitor tracking. There is no detected CMS or advanced frameworks. The site shows moderate performance and basic mobile optimization but lacks modern security and privacy features. From a security perspective, the website lacks HTTPS enforcement and security headers, exposing it to potential risks. There are no privacy or cookie policies, nor any contact information for security incidents or data protection officers. Google Analytics is used without visible consent mechanisms, indicating poor privacy compliance. Overall, the website presents a low to moderate risk profile but requires improvements in security posture, privacy compliance, and contact transparency to enhance trustworthiness and user safety.

Nadoraz.cz is the official website of a Czech music band named Nadoraz, based in Hradec Králové, with a history spanning nearly four decades. The band offers live music performances across various genres including swing, dixieland, country, rap, funky, and rock, and participates in numerous festivals and events both domestically and internationally. Their business model centers on entertainment services, music sales, and event appearances targeting Czech-speaking music fans and event organizers. The website provides detailed band member information, upcoming event dates, and contact details for bookings. Technically, the website is built with basic HTML5, CSS, and JavaScript technologies including jQuery and Modernizr. The site has a moderate performance profile with basic mobile optimization and accessibility features. However, it lacks modern CMS integration and advanced technical frameworks. SEO optimization is basic with minimal meta tags and no structured data or Open Graph tags. From a security perspective, the site lacks HTTPS enforcement and security headers, and does not provide privacy or cookie policies, which are critical for GDPR compliance. No vulnerability disclosure or incident response information is present. The absence of analytics and tracking scripts indicates minimal user tracking, which is positive for privacy but also suggests limited marketing insights. Overall, the security posture is weak and needs improvement to protect user data and enhance trust. The overall risk assessment indicates a low to moderate risk profile primarily due to missing security best practices and compliance documentation. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and cookie policies, and establishing vulnerability disclosure mechanisms to improve security and compliance posture.

M

Město Letohrad

letohrad.eu

48

The website letohrad.eu serves as the official online presence for the town of Letohrad, Czech Republic. It provides comprehensive information about municipal services, news, events, public administration, and community resources. The site targets residents, visitors, and local businesses, offering a centralized portal for accessing city-related information and services. The business model is that of a government entity focused on public service and community engagement. Technically, the site is built on a proprietary CMS platform (vismo) common among Czech municipalities, utilizing standard web technologies such as HTML5, CSS, and JavaScript. It integrates Google Translate for multilingual support and maintains a moderate performance profile with good mobile optimization. Accessibility features are basic but present, and SEO practices are adequate for the site's purpose. From a security perspective, the website enforces HTTPS and uses secure form submissions but lacks advanced security headers and explicit incident response or security policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a privacy and cookie policy present but no active consent mechanism. Contact information is clearly provided, enhancing trust and credibility. Overall, the site is a well-maintained municipal portal with a good balance of content quality, usability, and security. Strategic improvements in security headers, privacy consent, and incident response documentation would further enhance its posture and compliance.

K

Královéhradecká provozní, a.s.

khp.cz

59

Královéhradecká provozní, a.s. is a regional water utility company operating primarily in the Hradec Králové region of the Czech Republic. It provides essential services including water supply, wastewater treatment, and customer support. The company is part of the larger Veolia group, which is a significant player in the energy and water sectors. The website reflects a professional and service-oriented business model targeting local residents and businesses. Technically, the site uses a proprietary CMS (Vizus CMS) and integrates Matomo analytics for traffic measurement, indicating a moderate level of digital maturity. The site is mobile-optimized and provides clear navigation and content relevant to its audience. Security-wise, the site uses HTTPS and has a cookie consent mechanism with granular controls, but lacks visible security headers and a published privacy policy, which are areas for improvement. The absence of WHOIS data limits domain trust verification, but the website content and branding strongly suggest legitimacy. Overall, the site is functional, professional, and trustworthy with room for enhanced compliance and security transparency.

B

Kandidát na evropské město kultury | Broumov2028

broumov2028.cz

60

Broumov2028.cz is a professionally designed website representing the cultural initiative of the Broumov region in the Czech Republic, aiming to become the European Capital of Culture in 2028. The site provides extensive information about cultural events, projects, and community engagement, supported by testimonials from ambassadors and partners. The technical infrastructure includes modern web technologies and tracking tools such as Google Analytics and Facebook Pixel, indicating a moderate level of digital maturity. However, the absence of explicit privacy and cookie policies, as well as missing WHOIS registration data, presents gaps in privacy compliance and domain transparency. Security posture is moderate with HTTPS implied but lacking visible security headers or incident response information. Overall, the website serves its cultural promotion purpose well but would benefit from enhanced privacy, security, and transparency measures.

K

Klub českých turistů

casopisturista.cz

56

Časopis Turista is a Czech magazine operated by Klub českých turistů, focusing on hiking, tourism, and cultural heritage related to outdoor activities in the Czech Republic. The website serves as a content platform providing articles, event information, and reader competitions, targeting hiking enthusiasts and the general public interested in nature and tourism. The business model revolves around content publishing, subscriptions, and advertising revenue. Technically, the site is built on WordPress with Elementor and uses standard web technologies such as jQuery and PHP. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS but lacks important security headers, and no privacy or cookie policies are present, indicating compliance gaps. WHOIS data is unavailable, which reduces transparency but the site provides clear contact information and social media presence, supporting legitimacy. Overall, the site is functional and professional but could improve privacy compliance and security hardening.

Z

Zabbix

zabbix.com

77

Zabbix is a globally recognized enterprise-class open-source network and application monitoring solution. The company offers a comprehensive suite of products including on-premise software, a fully managed cloud platform, professional services, and extensive training and certification programs. Their market position is strong, supported by a large deployment base and trusted by Fortune 500 companies and government entities. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support. Technically, the site uses modern JavaScript libraries and tracking tools, with good performance and mobile optimization. Security posture is solid with HTTPS enforced and published security policies, though some security headers could be improved and a cookie consent mechanism is missing, which may affect GDPR compliance. Overall, the business credibility is high, supported by case studies, partner programs, and active community engagement. The WHOIS data is unavailable or protected, which is a minor concern but does not detract from the overall trustworthiness given the company's established reputation.

M

Město Dolní Bousov

dolni-bousov.cz

9

The website dolni-bousov.cz serves as the official municipal portal for the town of Dolní Bousov in the Czech Republic. It provides residents and visitors with information about the town's history, local government, cultural events, and public services. The site promotes a mobile app and offers contact details for the municipal office, positioning itself as a trusted source of local information. Technically, the site is built on WordPress with a moderate performance profile and basic mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and cookie consent mechanisms. Privacy compliance is minimal, with a basic accessibility statement but no comprehensive GDPR-aligned privacy or cookie policies. Overall, the site is credible and professionally maintained but could improve in privacy and security best practices.

B

brno-prorodiny.cz

brno-prorodiny.cz

46

brno-prorodiny.cz is a Czech language online magazine targeting parents and families in the Brno region, providing practical advice, tips, and inspiration for family well-being. The site covers a broad range of topics including health, finance, law, technology, and local activities. It operates primarily as a content publishing platform monetized through Google Adsense advertising. The website demonstrates a good level of content quality and user experience with clear navigation and mobile optimization. Technically, it uses standard web technologies including HTML5, CSS, JavaScript, Google Adsense, and Matomo analytics, hosted on vas-hosting.com. Security posture is moderate with HTTPS enabled but lacks advanced security headers and explicit security policies. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. WHOIS data shows inconsistencies with domain creation date in the future, which may indicate placeholder data or require further verification. Overall, the site is professional and safe for general audiences but could improve in privacy and security transparency.

K

Kubíček Balloons

kubicekballoons.cz

55

Kubíček Balloons is a Czech-based manufacturer specializing in hot air balloons, offering innovative and reliable products inspired by pilot needs. The company provides a comprehensive range of services including pilot training, custom balloon design, and sales of stock balloons. Their market position is strong within the ballooning community, supported by decades of experience and a reputation for quality and innovation. The website is professionally designed, mobile-optimized, and rich in content, targeting balloon pilots and enthusiasts globally. Technically, the site employs modern JavaScript frameworks and libraries, with good SEO and accessibility features. Security posture is solid with HTTPS, security headers, and privacy compliance, though it lacks explicit incident response and vulnerability disclosure information. Overall, the site is trustworthy and well-maintained, with a moderate risk profile primarily due to the absence of public WHOIS data and some missing policy pages.

The website represents Sdružení cestovního ruchu Jizerské hory, a regional tourism association promoting the Jizera Mountains area in the Czech Republic. It serves as an informational portal with partnerships from local municipalities and ski-related businesses. The site is modest in scope, focusing on regional tourism promotion without e-commerce or complex services. Technically, the site is simple, built with basic HTML and CSS, with no detected CMS or advanced frameworks. It lacks modern SEO, accessibility, and performance optimizations but is functional and mobile responsive at a basic level. Security posture is minimal, with no HTTPS verification visible from the data, no security headers, and no privacy or cookie policies, indicating low compliance with modern privacy standards. The absence of WHOIS data reduces domain trust, though the website content and contact information appear consistent with a legitimate regional tourism entity. Overall, the site is low complexity, with moderate business credibility but requires improvements in security, privacy, and technical modernization.