Security Directory

S

Sjómaq

sjomaq.org

64

Sjómaq is a non-profit youth project aimed at fostering connections and mutual understanding among young people across Denmark, the Faroe Islands, and Greenland. The initiative is a collaboration among youth organizations in these regions, emphasizing values such as respect, curiosity, equality, and openness to build friendships and cultural understanding. The website serves as an informational and engagement platform for this community-building effort. Technically, the website is built on the TYPO3 CMS platform, utilizing modern JavaScript libraries such as jQuery and Fancybox, and is hosted via AWS Cloudfront CDN, ensuring moderate performance and good mobile optimization. The site includes minimal tracking via Simple Analytics, with no visible cookie consent mechanism, which is a minor privacy compliance gap. From a security perspective, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and security headers, which are recommended improvements. No incident response or vulnerability disclosure information is publicly available. The WHOIS data is transparent and consistent with the organization's profile, supporting the site's legitimacy. Overall, the website is professional, trustworthy, and well-aligned with its non-profit mission, though it could benefit from enhanced security practices and privacy compliance measures.

T

TypoConsult A/S

typoconsult.dk

71

TypoConsult A/S is a Danish web agency specializing in energy-efficient and sustainable web solutions using the TYPO3 CMS platform. Established in 2003, the company focuses on delivering high-performance, secure, and user-friendly websites tailored to various industries. Their market position is that of a niche expert in sustainable digital solutions within Denmark, leveraging open source technologies and emphasizing digital sovereignty. Technically, the website is built on TYPO3 CMS with modern libraries such as jQuery and integrates analytics and marketing tools like Google Tag Manager, Simple Analytics, and LinkedIn Insight Tag. The site is well-optimized for performance, mobile responsiveness, and accessibility, hosted via AWS Cloudfront CDN. Security posture is strong with HTTPS enforced and cookie consent managed by Cookiebot, although some security headers could be improved. Privacy compliance is robust with clear cookie policies and GDPR adherence. Overall, the website projects professionalism, trustworthiness, and technical maturity.

B

BKK Dachverband

bkk-pflegefinder.de

70

The BKK PflegeFinder website is a well-structured, professional service platform operated by the BKK Dachverband to assist insured persons in Germany with finding suitable care services including nursing homes, ambulatory care, day and night care, and support offers. The platform provides comprehensive information including quality reports and payment details, targeting BKK insured individuals and their families. Technically, the site uses modern frontend technologies such as Bootstrap 5, jQuery, and FontAwesome, with a self-hosted Matomo analytics setup that is currently disabled, reflecting a privacy-conscious approach. The presence of a cookie consent mechanism and chatbot enhances user experience and compliance. Security posture is adequate with HTTPS enforced and session management in place, but lacks explicit security headers and published security policies. Overall, the site is trustworthy, with consistent branding and clear navigation, though it could improve by publishing terms of service and incident response information.

B

BKK Dachverband

bkk-klinikfinder.de

70

The BKK Klinikfinder website is a professionally designed and well-structured healthcare information platform operated by the BKK Dachverband. It provides BKK insured persons in Germany with a comprehensive hospital search tool based on official quality reports. The site offers multiple search filters and additional resources such as checklists and related service finders for care, doctors, and midwives. Technically, the site uses modern web technologies including Bootstrap, jQuery, and self-hosted Matomo analytics, ensuring good performance, mobile optimization, and privacy compliance. Security posture is adequate with HTTPS and cookie consent mechanisms, though it lacks published security policies or incident response contacts. Overall, the site is trustworthy, privacy-conscious, and well-aligned with its target audience.

B

BKK Dachverband

bkk-arztfinder.de

70

The BKK ArztFinder website is a professional service platform operated by the BKK Dachverband, aimed at assisting statutory health insurance members in Germany to find doctors, dentists, and other healthcare providers. The site offers a user-friendly search interface with multiple filtering options and links to related healthcare services such as hospital, care, and midwife finders. The platform is well-branded and consistent with the parent organization's identity. Technically, the website uses a modern frontend stack including jQuery, Bootstrap, and FontAwesome, with responsive design and accessibility features. The site implements a cookie consent mechanism compliant with GDPR, using Matomo analytics in a privacy-conscious manner (disabled by default until consent). No major technical or security flaws are evident, though security headers and explicit security policies are absent. From a security perspective, the site uses HTTPS and does not expose sensitive data or vulnerable libraries. However, it lacks a published security policy, incident response contacts, and vulnerability disclosure mechanisms. The WHOIS data is consistent with a legitimate organization, with no privacy protection or suspicious patterns, supporting the site's trustworthiness. Overall, the site is a trustworthy, well-maintained healthcare service platform with good privacy compliance and moderate security posture. Strategic improvements in security headers, incident response transparency, and vulnerability disclosure would enhance its security maturity and user trust.

B

BKK Dachverband e.V.

bkk-meindv.de

61

BKK Dachverband e.V. operates the BKK MeinDV portal, a centralized web platform for members to manage their profiles and access various information portals related to the BKK healthcare association. The website is professionally designed, primarily targeting German-speaking members of the BKK Dachverband. It provides essential services such as login authentication, user registration, and feedback submission, positioning itself as a key digital touchpoint for the organization’s members. Technically, the website employs a modern tech stack including jQuery, Bootstrap 5, and Popper.js, ensuring responsive design and moderate performance. The site uses HTTPS with CSRF protection on forms, indicating a good baseline security posture. However, some security headers are missing, and no explicit cookie consent mechanism is present, suggesting room for improvement in compliance and security hardening. From a security perspective, the site demonstrates good practices such as encrypted connections and secure form handling but lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms. No suspicious or malicious content was detected, and the site is free from adult or questionable content, making it safe for general audiences. Overall, the website is a credible and professional portal for the BKK Dachverband community, with a solid technical foundation and good privacy compliance. Strategic enhancements in security headers, cookie consent, and transparency around security policies would further strengthen its trustworthiness and compliance posture.

G

Generation Digitale GmbH & Co. KG

generationdigitale.net

53

Generation Digitale GmbH & Co. KG is a Hamburg-based digital agency specializing in web, video on demand, digital signage, and emerging technologies such as AR and VR. Established since 2002, the company offers comprehensive digital solutions including enterprise technology integration, UX/UI design, and online video platform development. Their market position is that of an experienced innovator serving businesses, brands, and public institutions with a focus on user-centered and technology-driven products. Technically, the website leverages modern Microsoft .NET technologies, Umbraco CMS, and cloud services like Azure, indicating a mature digital infrastructure. Privacy compliance is robust, with detailed GDPR-aligned policies and an opt-in cookie consent mechanism using Matomo analytics. Security posture is moderate, with room for improvement in security headers and explicit incident response disclosures. Overall, the website is professional, content-rich, and trustworthy, though the absence of WHOIS data for the domain introduces some uncertainty regarding domain legitimacy.

A

AlsterCloud GmbH

alstercloud.de

53

AlsterCloud GmbH is a small, Hamburg-based online marketing agency specializing in web design, Google Adwords, SEO, and social media marketing. Founded in 2017, the company targets local businesses seeking to enhance their digital presence. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress with modern plugins for SEO and caching, supported by Google Analytics and Tag Manager for analytics, and Usercentrics for cookie consent management. Security posture is solid with HTTPS and reCAPTCHA integration, though explicit security headers and policies are absent. Overall, the site is trustworthy and well-optimized for its market segment.

H

HIBLend

hiblend.eu

49

HIBLend is an educational project focused on enhancing the quality of blended mobility in European higher education. The website serves as an informational platform for stakeholders involved in this EU initiative. The technical infrastructure is based on WordPress with the Divi theme and Yoast SEO plugin, indicating a moderate level of digital maturity. The site is hosted via GoDaddy and uses HTTPS, ensuring basic security standards. However, the absence of privacy and cookie policies, as well as contact information, limits its compliance and user trust. Security posture is adequate but could be improved with additional headers and policies. Overall, the website is professional and relevant to its niche audience but requires enhancements in privacy and security transparency.

O

OeAD - Agency for Education and Internationalisation

oead.at

60

OeAD is Austria's official agency for education and internationalisation, providing advisory, support, and connection services to individuals and institutions in education, science, research, and culture globally. The website reflects a well-structured government agency portal with comprehensive information on scholarships, events, and educational programs. The target audience includes students, researchers, educational institutions, and government bodies. Technically, the site is built on TYPO3 CMS, uses modern JavaScript modules, and integrates consent management and analytics tools, indicating a mature digital infrastructure. Security posture is strong with HTTPS, consent mechanisms, and no visible vulnerabilities, though some security headers and explicit policies could be improved. Overall, the site is professional, trustworthy, and compliant with privacy norms, though explicit privacy and terms pages were not detected in the provided content.

L

Lipscore

lipscore.com

65

Lipscore is a Norway-based SaaS company specializing in review and ratings management software for e-commerce businesses. The platform emphasizes verified customer feedback to boost trust and sales, integrating seamlessly with major e-commerce platforms. The website demonstrates a mature digital presence with modern technologies, strong SEO, and comprehensive content supporting business growth and customer engagement. Security posture is solid with HTTPS, domain transfer protection, and verified-only reviews to prevent fake feedback. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, Lipscore presents a professional, trustworthy, and technically sound online presence.

S

SiteGround

siteground.eu

72

SiteGround is a large, established web hosting provider offering services to over 3 million domains globally. Their business model focuses on providing ultrafast, secure, and reliable web hosting solutions with 24/7 expert support. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to website owners and developers. Technically, the site uses modern JavaScript libraries, Google Tag Manager, Cookiebot for GDPR compliance, and integrates with trusted third-party services such as Stripe for payments and Typeform for forms. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and policies could be improved. Overall, the website demonstrates a high level of professionalism and trustworthiness consistent with a major technology company.

V

Virtuplex

virtuplex.com

64

Virtuplex operates the world's largest commercial VR labs with locations in Dubai, Bratislava, and Prague, offering immersive virtual reality solutions primarily for architecture, urban planning, defense, and training sectors. Their services include concept validation, spatial optimization, interactive 3D presentations, live remote collaboration, and training simulations. The website is professionally designed, well-structured, and optimized for SEO and mobile devices, reflecting a mature digital presence. Technically, the site is built on WordPress using the Breakdance builder, integrates Google Tag Manager for analytics, and employs modern web technologies such as Lottie animations and Swiper.js for interactive elements. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response policies are not publicly documented. The absence of WHOIS registration data is a notable concern, potentially impacting trust and legitimacy perceptions. Overall, Virtuplex presents as a credible and professional business with room for improvement in transparency and security disclosures.

I

Innovation Cooperative Limited

social.coop

67

social.coop is a niche Mastodon instance operated by Innovation Cooperative Limited, a UK-based organization founded in 2017. The platform serves a community interested in cooperative and collective projects, providing a decentralized social networking service within the Fediverse. The website demonstrates a good level of content quality with active user engagement and a clear focus on its target audience. Technically, it employs modern web technologies including React and JavaScript ES modules, hosted on DigitalOcean Spaces CDN with Cloudflare DNS services. The site is mobile optimized and offers a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is partial, with a basic privacy policy present but no cookie consent mechanism or terms of service found. Business credibility is strong given transparent WHOIS data and consistent domain registration details. Overall, social.coop is a trustworthy and well-maintained community platform with room for improvement in security and privacy compliance.

G

Google LLC

golang.org

63

The website go.dev is the official site for the Go programming language, an open source project supported and maintained by Google LLC. It serves as a comprehensive resource hub for developers, offering documentation, learning materials, downloads, and community engagement. The site targets software developers and engineering teams seeking to build secure, scalable systems using Go. The business model revolves around providing an open source programming language ecosystem backed by a major technology company, positioning Go as a leading language in cloud and network services, web development, and DevOps. Technically, the site is well-implemented with modern web technologies including HTML5, CSS3, JavaScript, and Google’s own analytics and tag management tools. It is hosted on Google Cloud Platform, ensuring fast performance and excellent mobile optimization. The site demonstrates good SEO and accessibility practices, with clear navigation and professional design. No CMS is detected, indicating a custom-built platform tailored for the Go project. From a security perspective, the website enforces HTTPS with strong SSL configuration and includes standard security headers. It uses Google Analytics and Tag Manager scripts loaded asynchronously, and a cookie consent banner is present to comply with privacy regulations. However, there is no explicit security policy or vulnerability disclosure page, nor contact information for incident response, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected. Overall, go.dev is a high-quality, trustworthy, and professional website that effectively supports the Go programming language community. It reflects the credibility of Google LLC and provides valuable resources for developers. Strategic recommendations include publishing a dedicated security policy, adding vulnerability disclosure information, and providing clear security incident contacts to enhance trust and compliance.

Limecast is an emerging privacy-first, open-source podcasting platform aimed at podcasters and privacy-conscious users. The website serves as a coming soon landing page highlighting the platform's focus on privacy and distributed podcasting technology. The business is positioned as a startup founded in 2020, with a small team and a technology sector focus. The platform emphasizes open-source development and community involvement, as evidenced by links to their Codeberg repository and social media presence on Mastodon and Bluesky. Technically, the website is built with modern HTML5 and CSS3 standards, uses Google Fonts, and integrates an EmailOctopus subscription form for user engagement. Hosting appears to be managed via NameCheap, with domain registration consistent with the startup's timeline. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for improvement. Privacy compliance is currently poor due to the absence of privacy and cookie policies and consent mechanisms. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website is professional and well-branded but requires enhancements in privacy compliance and security best practices to improve trust and user confidence.

W

Wemove

wemove.se

66

Wemove.se is an e-commerce website focused on retailing well-known brands, primarily targeting consumers in Sweden and the Nordic region. Founded in 2020, the business operates on a modern digital infrastructure leveraging ASP.NET, Shopify, and Cloudflare services. The website demonstrates good content quality, mobile optimization, and user experience, with a clear cookie consent mechanism that complies with GDPR requirements. However, explicit contact information and security policy pages are not present, which limits direct communication and transparency in security matters. The domain registration data is consistent with the business profile, indicating legitimacy and trustworthiness. Overall, the website is professionally designed and functional, serving its retail audience effectively.

W

Wemove

wemove.no

69

Wemove.no is a Norwegian e-commerce retailer specializing in sports, training, and leisure branded products such as Umbro, Scott, and Fibra. The website targets sports enthusiasts and offers a curated selection of well-known brands. The business appears to be a small-sized entity founded in 2016, with a consistent domain age and market presence. Technically, the website employs modern web technologies including ASP.NET, Cloudflare CDN, and integrates with Shopify and various third-party marketing and analytics tools. The site is mobile optimized and uses HTTPS with appropriate security headers, reflecting a good digital maturity level. Security posture is solid with no visible vulnerabilities or exposed sensitive data, although explicit security policies and incident response information are not published. Privacy compliance is strong, featuring a comprehensive cookie consent mechanism with granular user controls and links to detailed privacy policies. Overall, the website is professional, trustworthy, and safe for general audiences.

R

Ramo AS

ramo.no

67

Ramo AS is a Norwegian importer and retailer specializing in well-known sports and outdoor brands such as Scott, Nordica, Syncros, Therm-ic, and Sidas. The company has an established market presence since 1999, targeting consumers interested in sports equipment within Norway. Their website reflects a professional retail platform with a focus on user experience and compliance with privacy regulations. Technically, the website leverages ASP.NET technology, Cloudflare CDN and security services, and Shopify for e-commerce functionalities. The site is well-optimized for mobile devices and includes a comprehensive cookie consent mechanism aligned with GDPR requirements. Security posture is strong with HTTPS enforcement and appropriate security headers, although there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is trustworthy, professionally maintained, and compliant with relevant privacy standards.

Scantrade is a Swedish retail supplier specializing in alpine, cycling, outdoor, and club sports equipment. Established since 2008, the company maintains a professional and consistent online presence with a well-structured website that targets retail customers and sports clubs in the Nordic region. The website employs modern technologies including ASP.NET, Shopify, and Cloudflare, indicating a mature digital infrastructure. The presence of Google Analytics and Sleeknote reflects active marketing and user engagement strategies. Security posture is adequate with HTTPS enabled and cookie consent mechanisms in place, though there is room for improvement in security headers and incident response transparency. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

K

Klubb.no

klubb.no

69

Klubb.no is a Norwegian e-commerce platform specializing in products for clubs and their members. Established in 2015, it serves a niche market with a medium-sized business model. The website employs modern technologies including ASP.NET, Shopify, and Cloudflare CDN, ensuring a robust technical infrastructure. The site features a comprehensive cookie consent mechanism and integrates Google Analytics and marketing tools like Sleeknote, reflecting a mature digital presence. Security posture is solid with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not published. Overall, the website is professional, trustworthy, and compliant with GDPR requirements.

M

Hem - Mizuno Sverige

mizuno.se

9

The website www.mizuno.se serves as an e-commerce platform targeting Swedish consumers interested in Mizuno sportswear and related products. The site features a professional design with a focus on product presentation and customer reviews, leveraging third-party services such as Lipscore for review management and Google Analytics for visitor tracking. The technical infrastructure is based on ASP.NET technologies, supported by Cloudflare CDN for performance and security enhancements. Despite the solid technical foundation, the absence of WHOIS data for the exact domain raises questions about domain registration transparency. The site implements a comprehensive cookie consent mechanism, reflecting awareness of privacy regulations, although no explicit privacy policy or terms of service pages were detected in the provided content. Security posture is moderate, with room for improvement in security headers and public security policies. Overall, the site is functional and professional but would benefit from enhanced transparency and compliance documentation.

M

Mizuno Norge

mizuno.no

70

Mizuno.no is the official Norwegian online store for Mizuno sportswear and equipment, targeting Norwegian consumers interested in sports products. The website operates as an e-commerce retail platform, leveraging ASP.NET technology and Cloudflare for hosting and security. It integrates multiple third-party services such as Google Analytics, Lipscore for reviews, and CookieInformation for consent management, demonstrating a mature digital infrastructure. The site is well-branded, consistent, and provides a comprehensive cookie consent mechanism aligned with GDPR requirements. Security posture is solid with HTTPS enforced and Cloudflare protection, though some security headers could be improved. The absence of publicly available WHOIS data suggests privacy protection, which is common for commercial sites but reduces transparency. Overall, the site is professional, trustworthy, and compliant with privacy standards.

M

Hjem - Mizuno Danmark

mizuno.dk

9

Mizuno Danmark operates a regional e-commerce website focused on sportswear and related products for the Danish market. The site leverages modern web technologies including ASP.NET, Shopify, and Cloudflare for hosting and security. It integrates marketing and analytics tools such as Google Analytics, Google Tag Manager, Sleeknote, and Lipscore to enhance user engagement and track performance. The website demonstrates good design quality, mobile optimization, and basic accessibility features, providing a professional user experience. However, the absence of a visible privacy policy, terms of service, and explicit contact information limits transparency and user trust. Security posture is solid with HTTPS enforcement and security headers, but lacks published incident response or vulnerability disclosure mechanisms. WHOIS data is unavailable, reducing confidence in domain legitimacy verification. Overall, the site is functional and moderately secure but would benefit from enhanced compliance documentation and clearer business contact details.

L

Limeleaf Worker Collective

apply.coop

52

apply.coop is a specialized job board operated by Limeleaf Worker Collective, LLC, focusing on connecting job seekers with values-driven organizations such as cooperatives, nonprofits, and public benefit corporations. The platform offers curated job listings with detailed workplace profiles, targeting individuals seeking meaningful careers with social impact. The website is relatively new, founded in 2025, and positions itself as a niche player in the job board market with a clear mission and consistent branding. Technically, the website employs modern web standards including HTML5 and CSS3 with Flexbox Grid for layout, and uses GoatCounter for privacy-conscious analytics. Hosting is provided by EnCirca, Inc., and the domain is secured with HTTPS and clientTransferProhibited status, though DNSSEC is not enabled. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. No major CMS or frameworks are detected, suggesting a custom or lightweight platform. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. No explicit security policies or incident response contacts are published, and no cookie consent mechanism is present despite analytics usage. The overall security posture is moderate with room for improvement in headers and transparency. Overall, apply.coop presents a professional, trustworthy, and focused platform with good content quality and business credibility. The main risks relate to security best practices and privacy compliance enhancements. Strategic improvements in security headers, cookie consent, and published policies would strengthen trust and compliance.

F

Fiqus

farox.coop

46

Farox is a cooperative software development company based in Argentina, specializing in professional services related to Data Science, Machine Learning, high concurrency systems, and full-stack development. The company positions itself as a tech leader in the cooperative sector with over a decade of experience. Their website showcases key services such as product development, software consultancy, and team extension, targeting businesses seeking expert technology partners. The digital infrastructure is modern, leveraging React and Next.js frameworks hosted on AWS, with a professional and mobile-optimized website design. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced DNS security and security headers. Privacy compliance is limited due to absence of explicit policies and consent mechanisms. Overall, the website is trustworthy and professional, though improvements in privacy and security disclosures are recommended.

C

COMP COOPERATIVE, INCORPORATED

comp.coop

53

COMP COOPERATIVE, INCORPORATED is a newly established technology cooperative based in the United States, founded in early 2024. The company focuses on providing world-class technology solutions with an emphasis on accessibility and collaborative development. Their website, comp.coop, reflects a modern and professional design using the Astro framework and Cloudflare DNS services, targeting businesses or organizations seeking advanced tech solutions. The cooperative business model positions them as an emerging player in the technology sector, aiming to build custom solutions collaboratively. From a technical perspective, the website leverages modern web technologies such as Astro v5.9.2 and the Inter font, hosted behind Cloudflare DNS. The site demonstrates good mobile optimization and a clean user experience, although SEO and accessibility features are basic. Performance is moderate, with no detected analytics or tracking scripts, indicating a privacy-conscious approach but also limited marketing insights. Security posture is moderate but could be improved. HTTPS is enabled, and the domain status includes clientTransferProhibited, which protects against unauthorized transfers. However, DNSSEC is not enabled, and no security headers were detected in the HTML content, which are important for mitigating common web vulnerabilities. The absence of privacy and cookie policies, as well as lack of incident response or vulnerability disclosure information, indicates gaps in compliance and security transparency. Overall, the website and domain registration data are consistent and legitimate, reflecting a startup cooperative technology business. The lack of direct contact emails or phone numbers and absence of privacy-related policies reduce trust and compliance scores. Strategic improvements in security headers, DNSSEC, privacy documentation, and contact transparency would enhance the security posture and business credibility.

C

Colab Cooperative Inc

colab.coop

55

Colab Cooperative Inc is a US-based worker-owned agency specializing in crafting complex websites and custom applications for socially responsible organizations since 2010. The company positions itself as a niche provider focusing on cooperatives and non-profits, emphasizing listening and mission fulfillment. Their key services include discovery, design, development, support, maintenance, and Kubernetes hosting. The website reflects a professional and consistent brand image with strong trust indicators such as client testimonials and recognized certifications like B Corporation and US Federation of Worker Cooperatives. Technically, the site is built on WordPress, hosted on AWS infrastructure, and employs modern web standards with good mobile optimization and accessibility. Security posture is solid with HTTPS and anti-spam measures, though improvements are recommended in security headers and explicit security policies. Privacy compliance is partially met with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the site demonstrates high business credibility and technical maturity with minor gaps in privacy and security documentation.

W

WorX Printing Cooperative

worxprinting.com

54

WorX Printing Cooperative is a US-based union print shop specializing in print on demand custom merchandise such as American made T-shirts and swag. Established in 2014, the cooperative operates a niche business model focused on union and worker-owned principles, serving union members, organizers, and small businesses. Their services include bulk order printing, online swag shops, and order fulfillment, positioning them as a trusted union cooperative in the retail sector. Technically, the website is built on WordPress using the Divi theme, with modern JavaScript libraries and tracking tools integrated. The site is mobile optimized and provides a good user experience with clear navigation and professional design. Security-wise, HTTPS is enabled and no major vulnerabilities are detected, though DNSSEC is not enabled and security headers are missing, indicating room for improvement. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is credible and trustworthy but would benefit from enhanced privacy and security disclosures.

P

Piton Labs

pitonlabs.com

55

Piton Labs is a technology-focused startup development agency founded in 2021, specializing in helping early-stage companies and entrepreneurs rapidly build and launch MVPs. Their services include product strategy, expert software development, and team assembly to ensure long-term success. The website reflects a professional and consistent brand with clear messaging targeted at startups seeking reliable development partners. Technically, the site uses modern frameworks such as Next.js and React, with Tailwind CSS for styling, indicating a contemporary and maintainable tech stack. Performance and mobile optimization are adequate, though accessibility and SEO could be improved. Security posture is moderate; HTTPS is implied, but no security headers or DNSSEC are enabled, and no explicit security or privacy policies are published, which are areas for improvement. The domain registration is consistent with the business profile, showing legitimacy and no suspicious patterns. Overall, the site is functional and professional but would benefit from enhanced privacy compliance and security hardening.

JWP.com is a minimalistic website primarily serving as a login portal for users with credentials. The site lacks public-facing business descriptions or detailed service information, indicating it is likely an internal or restricted access platform. The domain is long-established, dating back to 1996, which suggests a mature presence, although no registrant organization details are publicly available. The hosting is provided by DreamHost, and the domain is registered through Epik LLC without DNSSEC enabled. Technically, the website uses basic HTML, CSS, and JavaScript with a PHP backend for form submission. There is no evidence of modern frameworks or CMS usage. The site shows basic design and accessibility but lacks mobile optimization and advanced SEO features. Security posture is weak, with no HTTPS enforcement visible in the provided data, no security headers, and no anti-CSRF or CAPTCHA protections on the login form. Privacy and cookie policies are absent, and no analytics or marketing tools are detected. Overall, the security posture is below average, with critical recommendations including enabling HTTPS, adding security headers, and implementing protections against automated login attacks. The site content is safe for general audiences, with no adult or questionable content detected. Contact information is limited to an obfuscated email address ([email protected]) and a login form, with no phone numbers or physical addresses provided. The overall risk assessment indicates a low trustworthiness level due to minimal content, lack of security best practices, and absence of compliance documentation. Strategic improvements in security, privacy compliance, and content transparency are recommended to enhance business credibility and user trust.

B

Ben's Bites Ltd

bensbites.co

61

Ben's Bites is a technology-focused newsletter authored by Ben Tossell, targeting AI builders, startup enthusiasts, and investors. The business operates on a subscription model hosted on the Substack platform, offering high-quality content including mini-tutorials, tool reviews, and insights into startups and investing. The website demonstrates excellent content quality, professional design, and clear navigation, appealing to a specialized audience interested in AI and startups. Technically, the site leverages modern web technologies such as React, Tailwind CSS, and integrates third-party services like Sentry for error tracking and Stripe for payments, ensuring a robust and performant user experience. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and a public security policy are absent. The lack of WHOIS data for the bensbites.com domain introduces some uncertainty regarding domain registration legitimacy; however, the use of the reputable Substack platform and quality content mitigates this risk. Overall, the website is trustworthy, well-maintained, and compliant with privacy regulations, making it a credible source for its target audience.

I

I Worked On

iworkedon.com

45

I Worked On is a small technology-focused platform founded in 2006 that enables individuals, makers, and developers to create and share portfolios showcasing their projects. The website emphasizes a modern approach to professional experience by focusing on tangible work and outcomes rather than traditional resumes. The platform targets users who want an easy and visually appealing way to present their work to the world. Technically, the website uses modern web technologies including HTML5, CSS3, JavaScript, and Alpine.js for interactivity. It integrates Google Analytics and Google Tag Manager for user tracking and marketing insights. The site is mobile optimized with good SEO practices but lacks some accessibility features and security headers. Hosting details are not explicitly stated but the domain is registered with eNom, LLC and uses name-services.com for DNS. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and important security headers such as Content-Security-Policy and Strict-Transport-Security. No privacy or cookie policies are published, which is a compliance gap. No incident response or vulnerability disclosure information is available. The domain is stable and legitimate with a long registration history, supporting trustworthiness. Overall, the website is professional and functional with moderate security posture and limited privacy compliance. Strategic improvements in security headers, privacy policies, and contact transparency would enhance trust and compliance.

M

Mubs Inc

mubs.inc

64

Mubs Inc is a small digital product studio founded in 2021 and operated by Mubashar Iqbal, focusing on AI, web3, and blockchain product development. The website presents a professional and modern design built on Next.js and React, optimized for mobile and fast loading. However, it lacks critical compliance documents such as privacy and cookie policies, and does not provide contact information, which limits trust and transparency. The domain is privacy protected but registered with a reputable registrar, consistent with a small technology business. Security posture is moderate with HTTPS enabled but missing security headers and vulnerability disclosure mechanisms. Overall, the site is safe and suitable for a general audience with no adult content.

T

The Times

thetimes.co.uk

10

The Times is a well-established UK-based news media organization providing breaking news, in-depth analysis, and commentary across various sectors including UK, US, world, business, and sports news. The website demonstrates a mature digital presence with a professional design, mobile optimization, and structured data for SEO. The technical infrastructure leverages modern technologies such as React, GraphQL APIs, and integrates multiple analytics and advertising platforms including New Relic and Google Tag Manager. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit privacy and cookie policies were not found in the provided content, indicating room for improvement in privacy compliance transparency. The absence of WHOIS data limits domain registration trust analysis but does not detract from the site's evident legitimacy and enterprise-level operation. Overall, the site is a high-quality, trusted media platform with a solid technical and security foundation.

Z

zone35 GmbH & Co. KG

bkk-ernaehrungscoach.de

50

The website www.bkk-ernaehrungscoach.de is an established German-language online nutrition coaching platform operated by zone35 GmbH & Co. KG. It offers interactive tools such as an online check for calorie needs, motivational training, and weekly newsletters to support users in achieving healthier eating habits. The platform targets health-conscious consumers seeking guidance on nutrition and lifestyle improvements. Technically, the site is built on the TYPO3 CMS framework with a modern tech stack including jQuery and Bootstrap, delivering a responsive and user-friendly experience. Security posture is solid with HTTPS enforced and cookie consent implemented, though there is room for improvement in security headers and formal security policies. Overall, the site demonstrates good business credibility with clear contact information and trust signals such as user testimonials. No critical vulnerabilities or compliance gaps were detected, making it a trustworthy resource for its audience.

Z

zone35 GmbH & Co. KG

zone35.de

61

zone35 GmbH & Co. KG is a medium-sized, owner-managed digital agency based in Berlin, specializing in healthcare and welfare sectors. Established in 1999, the company offers strategic planning, crossmedia design, and tailored digital solutions including online consulting platforms such as beranet.de. Their market position is solid within their niche, supported by a portfolio of projects and partnerships with health-focused digital products. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and integrates Piwik/Matomo analytics, reflecting a mature digital infrastructure with good mobile optimization and SEO practices. Security posture is good with HTTPS enforcement and cookie consent mechanisms, though formal security policies and incident response details are absent. Overall, the website is professional, trustworthy, and compliant with GDPR, supporting a positive business credibility profile.

L

Leafworks

leafworks.de

49

Leafworks is a small consulting firm specializing in customer experience and CX management, targeting businesses seeking to improve their customer interactions. The website is built on a modern WordPress infrastructure using popular plugins and themes such as Yoast SEO, Astra, Elementor, and WP Rocket, indicating a moderate level of digital maturity. The site is well-designed, mobile-optimized, and provides relevant content aligned with its consulting services. However, the security posture is limited, with no visible security headers, privacy or cookie policies, or incident response information, which could expose the business to compliance and security risks. The absence of explicit contact information reduces transparency and trust. Overall, the website is functional and professional but requires improvements in privacy compliance and security practices to enhance trustworthiness and regulatory adherence.

The website 'Zeit für Mich' is a German health promotion initiative operated by BKV - Interessengemeinschaft Betriebliche Krankenversicherung e. V., focusing on strengthening personal resources and promoting a healthy work-life balance. It offers information, online self-assessment tests, and access to quality-approved prevention courses such as relaxation techniques and yoga. The target audience primarily includes working adults interested in health and stress management. The business model is non-profit, supported by statutory health insurance entities in Germany, aiming to provide accessible health resources and course subsidies. Technically, the site is built on WordPress using the Understrap child theme, incorporating jQuery and Google Fonts. The infrastructure appears standard for a small non-profit website, with moderate performance and good mobile optimization. SEO and accessibility are basic but functional. No advanced analytics or tracking tools are detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS as indicated by resource URLs, but no explicit security headers were detected in the provided data. There is no evidence of vulnerability disclosure mechanisms or security policies. Contact information is clearly provided, but privacy and cookie policies are absent, which is a compliance gap. No forms or data collection points were found on the homepage, reducing immediate risk exposure. Overall, the website is professional, trustworthy, and safe for general audiences. However, improvements in privacy compliance and security hardening are recommended to enhance trust and regulatory adherence.

The website 'Ich hab's gecheckt!' is a German health awareness campaign focused on educating the public about metabolic syndrome and promoting a healthy lifestyle to prevent cardiovascular diseases. It is operated by the BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V., a non-profit health insurance interest group based in Berlin. The site provides educational content and an online health check tool to engage users in monitoring their health. The target audience is the general German-speaking public interested in health and wellness. Technically, the website is built on WordPress using the Understrap theme framework with a child theme. It employs common web technologies such as jQuery and Popper.js. The site is served over HTTPS with a moderate performance profile and good mobile optimization. However, it lacks advanced security headers and structured data markup, which could improve SEO and security posture. From a security perspective, the site uses HTTPS and a cookie consent mechanism, but it does not provide a privacy policy or incident response information. No security.txt file or vulnerability disclosure policy is present. The absence of security headers like CSP and HSTS reduces the overall security score. No tracking or advertising scripts were detected, indicating minimal user tracking. Overall, the website is trustworthy and professional with clear contact information and a consistent brand presence. The main risks relate to incomplete privacy compliance and security best practices. Strategic recommendations include publishing a privacy policy, implementing security headers, and providing incident response contacts to enhance user trust and regulatory compliance.

B

BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V.

bkk-bettgefluester.de

42

Bettgeflüster is a German health campaign operated by the BKV association, focusing on promoting healthy sleep habits through educational content, multimedia resources, and downloadable materials. The campaign targets the general public interested in improving sleep quality and overall health. The website is built on WordPress, leveraging modern web technologies such as Breeze caching and Google Fonts, and is hosted with domain control services consistent with the domain registration. The site is well-structured, mobile-optimized, and provides clear navigation and relevant content. Security posture is solid with HTTPS enforced, though it lacks some security headers and cookie consent mechanisms, which are recommended for GDPR compliance. Contact information is clearly provided with official email and physical address, enhancing business credibility.

I

Interessengemeinschaft Betriebliche Krankenversicherung e.V. (BKV)

bkv-verein.de

53

The Interessengemeinschaft Betriebliche Krankenversicherung e.V. (BKV) operates as a coalition of company-related health insurance funds in Germany, representing approximately one million insured individuals. The organization engages with political, administrative, and association stakeholders to advocate for its members' interests. The website serves as an information hub, providing news, campaigns, and resources related to corporate health insurance and prevention initiatives. The target audience includes companies with company health insurance funds, insured persons, and relevant policy makers. Technically, the website is built on TYPO3 CMS, a robust open-source content management system, and employs modern web technologies including jQuery and Matomo for analytics. The site is hosted on DomainControl nameservers and demonstrates good mobile optimization and SEO practices. Cookie consent is implemented with clear user options and detailed cookie information, reflecting compliance with GDPR requirements. From a security perspective, the site enforces HTTPS and uses a cookie consent mechanism to manage user privacy preferences. However, explicit security headers and published security policies or incident response contacts are absent, representing areas for improvement. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website presents a professional and trustworthy digital presence aligned with its business purpose. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to strengthen the security posture and user trust.

The website alleswurscht.li is a government health promotion project operated by the Amt für Gesundheit des Fürstentums Liechtenstein. It provides a rich collection of healthy recipes emphasizing fresh, regional, and seasonal products, curated by a certified nutritionist. The site targets the general population of Liechtenstein, promoting balanced nutrition and healthy lifestyles through accessible content and community engagement via newsletters and a forum. The website is professionally designed with consistent branding and clear navigation, supporting a positive user experience. Technically, the site is built on the Contao Open Source CMS platform, utilizing common web technologies such as jQuery, Google Analytics, Google Tag Manager, and Google Maps API. The site is mobile-optimized and performs moderately well, though there is room for improvement in accessibility and SEO. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks important security headers and published security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the security posture is solid but could be enhanced by implementing security headers, publishing incident response information, and adding cookie consent to improve GDPR compliance. The domain WHOIS data confirms official government ownership, reinforcing the site's legitimacy and trustworthiness. No adult or explicit content is present, making the site safe for general audiences. Strategic recommendations include improving security headers, adding cookie consent, publishing security and incident response policies, and enhancing privacy compliance to strengthen trust and regulatory adherence.

T

The Times

thetimes.com

11

The Times is a leading UK-based news media company providing breaking news, in-depth analysis, and commentary across various sectors including UK, US, world, business, and sports. It operates primarily on a subscription-based business model under the parent company News UK, targeting a general audience interested in quality journalism. The website demonstrates a mature digital presence with modern technologies such as React and comprehensive analytics and monitoring tools. Security posture is strong with HTTPS enforcement and appropriate security headers, though WHOIS data is privacy protected, which is typical for large media entities. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a commitment to user data protection. Overall, the site is professional, trustworthy, and well-optimized for performance and accessibility.

L

Limeleaf Worker Collective

limeleaf.coop

10

Limeleaf Worker Collective is a US-based worker-owned cooperative specializing in building fast, reliable, scalable, and maintainable software systems. Their business model focuses on collaborative software development services, targeting teams and organizations needing planning, optimization, and platform building support. The cooperative has established a credible market position, evidenced by partnerships and client logos from major companies and cooperatives. Technically, the website employs modern CSS frameworks and JavaScript analytics, with good mobile optimization and accessibility. However, the domain is relatively new, created in 2025, aligning with the cooperative's founding date. Security posture is moderate with HTTPS enabled but lacks DNSSEC and security headers, and no privacy or cookie policies are present, indicating compliance gaps. Overall, the website is professional and trustworthy but would benefit from enhanced security and privacy measures.

Mubs.me is a personal and professional portfolio website for Mubashar Iqbal, a solo software developer and content creator based in Upstate New York. The site showcases his product studio, side projects, and blog articles, positioning him as a niche solo developer with a strong personal brand. The business model revolves around software development and content creation, targeting tech enthusiasts and potential clients. The website is well designed with good content quality and consistent branding, reflecting a small but professional operation. Technically, the site uses modern web technologies including Alpine.js and Splide.js for interactivity, along with web fonts from Google Fonts and Fontshare. The site is mobile optimized and performs moderately well, though no CMS or hosting provider details are evident. SEO and accessibility are basic but adequate for the site's scope. From a security perspective, the domain is registered with a reputable registrar and has clientTransferProhibited status, indicating some protection against unauthorized transfers. However, DNSSEC is not enabled, and no security headers or privacy policies are present on the site, representing compliance and security gaps. No forms or sensitive data collection points are detected, reducing immediate risk exposure. Cloudflare Web Analytics is used for traffic monitoring with minimal user tracking. Overall, the website is safe, professional, and trustworthy with moderate security posture. Key recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact information to enhance compliance and trust.

A

AccessPress Themes | Premium WordPress Themes & Plugins

accesspressthemes.com

3

AccessPress Themes operates a website offering premium WordPress themes and plugins targeting WordPress users and developers. The site presents professional design and content relevant to its niche. However, the absence of WHOIS registration data raises concerns about domain legitimacy or data availability. The technical infrastructure is based on WordPress with standard web technologies, showing moderate performance and good mobile optimization. Security posture is weak due to lack of visible HTTPS confirmation, security headers, and privacy compliance indicators. Overall, the site appears functional but lacks critical trust and security elements, increasing risk for users and business credibility.

O

OneTicket.cz

oneticket.cz

67

OneTicket.cz is a Czech Republic-based transportation ticketing platform offering a unified railway ticketing system across multiple carriers. Operated by the state enterprise CENDIS under the Ministry of Transport, it provides various ticket types including single, route, and network passes, as well as family and corporate accounts. The platform targets railway passengers seeking convenient and flexible travel options within the Czech rail network. The website is professionally designed, mobile-optimized, and provides comprehensive service information and user support. Technically, it leverages modern web technologies such as React and Google Fonts, with a moderate performance profile and good SEO and accessibility features. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and explicit incident response policies are absent. Privacy and cookie policies are present and GDPR compliant. Overall, the site demonstrates high business credibility and trustworthiness with official backing and transparent contact information.