Security Directory

N

Nový Hlavák

novyhlavak.com

10

Nový Hlavák is a Czech public infrastructure project focused on revitalizing the Vrchlického sady park, constructing a new tramway line, and reconstructing the main railway station's new hall in Prague. The project is led by the Danish architectural studio Henning Larsen Architects, which won the competitive dialogue with their design 'Šťastný Hlavák'. The website serves as an informational platform showcasing the project vision, visual comparisons, and virtual tours, targeting city residents, visitors, and stakeholders. Technically, the site is built on WordPress with Elementor and integrates Google Analytics for visitor tracking. The site is well-structured and mobile-optimized but lacks explicit privacy and cookie policies, which are important for GDPR compliance. Security posture is adequate with HTTPS enabled but could be improved by adding security headers and DNSSEC.

S

Správa železnic, státní organizace

novymostvyton.cz

10

The website novymostvyton.cz serves as an official information portal for the new Výtoň railway bridge project managed by Správa železnic, a Czech government transportation authority. It provides detailed project descriptions, visualizations, news updates, and public engagement resources, targeting commuters, urban planners, and the general public interested in Prague's infrastructure development. The site is well-branded, professionally designed, and consistent with government standards. Technically, the site is built on the Liferay CMS platform and employs modern JavaScript libraries such as jQuery, Slick Carousel, and Unite Gallery. It integrates Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag for analytics and marketing purposes. The site is mobile-optimized with good accessibility and SEO practices, although some advanced security headers are not explicitly detected. From a security perspective, the site uses HTTPS with good SSL configuration and avoids exposing sensitive data. However, it lacks a published security policy, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced transparency and trust. Cookie consent is implemented in compliance with GDPR, and contact information is clearly provided. Overall, the website demonstrates a solid digital presence for a government infrastructure project with good content quality, technical implementation, and business credibility. Strategic improvements in security policy publication and advanced security headers would further strengthen its posture.

S

Schuelbe Promotion Service GmbH

krones-merchandising.com

50

The KRONES Merchandise Shop is an e-commerce platform operated by Schuelbe Promotion Service GmbH, specializing in branded promotional and fan merchandise for the KRONES brand. The website targets customers and fans interested in purchasing official KRONES products. The business operates in the e-commerce sector with a focused niche market. The website is professionally designed with consistent branding and provides a user-friendly shopping experience. Technically, the site uses the Cosmoshop platform with jQuery and related libraries, delivering moderate performance and good mobile optimization. Security-wise, the site enforces HTTPS and implements a cookie consent mechanism via Cookiebot, but lacks advanced security headers and visible contact or security policy information, which could be improved. The absence of WHOIS data for the domain raises some concerns about domain legitimacy, although the website content and compliance features suggest a legitimate business presence. Overall, the site is functional and trustworthy but would benefit from enhanced transparency and security practices.

3

3M

3m.com

73

3M is a large multinational technology and manufacturing company that applies science and innovation to deliver a broad portfolio of products and solutions across multiple industries including automotive, commercial solutions, consumer products, electronics, energy, government, manufacturing, safety, and transportation. The website reflects a mature digital presence with comprehensive content, multimedia elements, and clear navigation tailored to a diverse audience of industrial, commercial, and consumer customers. The company maintains strong branding consistency and trust indicators such as investor relations and sustainability disclosures. Technically, the site uses modern JavaScript frameworks, tag management, and performance monitoring tools, hosted likely on Akamai with IBM WebSphere Portal CMS. Security posture is good with HTTPS, cookie consent mechanisms, and no visible vulnerabilities, though explicit security headers and incident response contacts are not evident. WHOIS data is unavailable due to registry restrictions, but the website's professional nature and corporate disclosures support legitimacy. Overall, the site is well-constructed, secure, and compliant with privacy regulations, serving as a reliable digital asset for 3M's global operations.

W

WiT Events

witevents.com

55

WiT Events is a professional event organizer specializing in travel and technology conferences across Asia, Africa, the Middle East, and other regions. Their portfolio includes flagship events such as WiT Seoul, WiT Africa, WiT Japan & North Asia, and The Phocuswright Conference, targeting travel industry professionals, startups, investors, and technology innovators. The website demonstrates a mature digital presence built on WordPress with modern plugins and tracking tools, providing a good user experience and mobile optimization. Security posture is adequate with HTTPS enabled, though improvements in security headers and privacy compliance are recommended. The absence of WHOIS data is a notable anomaly that impacts domain trustworthiness. Overall, the site is professional and content-rich, serving a niche but important market segment.

The website hoeblau.at serves as a domain parking page redirecting visitors to Regery, Ltd., a company specializing in domain registration, SSL certificate issuance, and web hosting services. The site is professionally designed using Bootstrap and includes interactive visual elements via particles.js. It targets individuals and businesses seeking affordable domain and security solutions. The business model is primarily reseller-based, leveraging Regery's platform and infrastructure. Technically, the site is hosted via Hosting concepts B.V. and uses Cloudflare DNS, ensuring good performance and security at the DNS level. The site is mobile responsive and has basic SEO and accessibility features. However, it lacks advanced security headers and cookie consent mechanisms, which are important for compliance and security hardening. From a security perspective, the site benefits from HTTPS and Cloudflare protection but does not publish a security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent and transparent, supporting the legitimacy of the domain and its association with Regery. Overall, the site is safe and professional but could improve privacy compliance and security posture by adding cookie consent, security headers, and clearer contact information. These improvements would enhance trust and regulatory adherence.

D

Dr. Rader Immobilien

raderimmobilien.at

53

Dr. Rader Immobilien is a professional real estate company specializing in property brokerage and revitalization in the Kärnten region of Austria. The company emphasizes quality over quantity, offering comprehensive and modern real estate marketing services including home staging. Their market position is that of a specialized regional player with a focus on premium locations and professional service. The website is built on WordPress using the Enfold theme and integrates plugins such as Yoast SEO and Complianz for SEO and GDPR compliance. Hosting is provided by easyname GmbH, a reputable Austrian registrar and hosting provider. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers are missing and no explicit security policy or incident response contacts are found. Overall, the site is professional, compliant, and trustworthy with clear contact information and partner links.

E

Elektrotechnik Kerschbaumer GmbH

elektro-kerschbaumer.at

10

Elektrotechnik Kerschbaumer GmbH is a small Austrian company specializing in electrical engineering services, including project management, planning, and construction management, primarily serving the St. Veit an der Glan region. The company emphasizes customer satisfaction and sustainable solutions, targeting both private and business clients in the energy and construction sectors. Their website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the website is built on WordPress using the Enfold theme, leveraging modern web technologies such as lazy loading, Google Fonts, and structured data for SEO. Hosting is provided by netcup GmbH, a reputable provider. The site performs moderately well with good mobile optimization and basic accessibility features. From a security perspective, the site uses HTTPS with good SSL configuration and implements cookie consent mechanisms compliant with GDPR. However, it lacks explicit security headers, published security policies, and incident response information. No vulnerabilities or malicious content were detected, but improvements in security best practices are recommended. Overall, the website presents a trustworthy and professional digital presence with minor technical and security enhancements recommended to further strengthen compliance and resilience.

The website fertighausspezialist.at currently presents minimal content, primarily a placeholder or coming soon page with no visible business information, contact details, or policies. The business focus and services cannot be determined from the site content. The technical infrastructure is based on WordPress with a coming soon plugin, using Tailwind CSS and jQuery libraries. Hosting is provided by kasserver.com, consistent with the domain's WHOIS data. Security posture is weak due to lack of security headers, absence of privacy and cookie policies, and no visible contact or incident response information. The site is accessible without WAF or security challenges but lacks substantive content and compliance features. Overall, the site scores low on content quality, privacy compliance, and business credibility, indicating it is either under development or poorly maintained.

A

ACA - The Academic Cooperation Association

aca-secretariat.be

62

ACA - The Academic Cooperation Association is a well-established membership organization founded in 1999, focused on promoting and funding the internationalisation of higher education across Europe and beyond. It serves as a think tank, advocacy platform, and project coordinator for national-level international education organizations. The website reflects a professional and authoritative presence with comprehensive content, clear navigation, and strong branding consistency. The organization benefits from EU Erasmus+ co-funding and maintains active engagement through events, publications, and a monthly newsletter.

H

Harmonie Norge AS

harmonie.no

67

Harmonie Norge AS operates a professional e-commerce website focused on manufacturing and retailing doors, windows, and smart lock solutions primarily for the Norwegian market. The company has a consistent brand presence and offers a range of products including exterior and interior doors, garage doors, and accessories. The website is built on a modern technical stack with JavaScript frameworks, Google Analytics, and a cookie consent mechanism, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced, but lacks visible security headers and explicit privacy and terms policies. Overall, the website is trustworthy and functional but could improve compliance and security transparency.

S

Scan Trade AS

scantrade.no

10

Scan Trade AS is a Norwegian retail company specializing in sports club equipment and apparel, operating since 1999. The website serves both private customers and sports clubs, offering e-commerce services with integration to Shopify and ASP.NET technologies. The technical infrastructure includes Cloudflare for CDN and security, and Google Analytics for user behavior tracking. The site demonstrates good digital maturity with a functional cookie consent mechanism and privacy policy compliance. Security posture is solid with HTTPS enforcement and security headers, though lacks explicit security policy and incident response information. Overall, the website is professional, trustworthy, and compliant with GDPR requirements.

M

MaM Multimedia s.r.o.

mam.sk

37

MaM Multimedia s.r.o. is a Slovak technology service provider specializing in web design, e-commerce solutions, web hosting, and online marketing. Established in 2003, the company offers a comprehensive range of internet-related services including graphic design, IT equipment provisioning, and internet connectivity. Their market position is supported by a long domain age and references to notable projects such as the official city website of Žilina and various e-commerce clients. Technically, the website employs legacy technologies with JavaScript and Google Analytics integrations but lacks modern security and privacy features. The absence of HTTPS enforcement and security headers, combined with no visible privacy or cookie policies, indicates compliance and security gaps. Overall, the site is functional but requires modernization and enhanced security measures to improve trust and compliance.

L

Liechtensteiner Alpenverein

alpenverein.li

63

The Liechtensteiner Alpenverein is a regional alpine club focused on organizing mountain sports activities, events, and managing mountain huts in Liechtenstein. The website serves as an information hub for members and interested parties, offering event schedules, membership benefits, and contact details. The club targets hiking and climbing enthusiasts, seniors, and youth within the region. Technically, the site is built on Concrete5 CMS with modern JavaScript libraries like jQuery and Slick Slider, and uses Foundation framework for responsive design. Analytics are handled via Piwik (Sitewalk). Security posture is adequate with HTTPS enforced and email obfuscation, but lacks security headers and explicit incident response information. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is professional, trustworthy, and well-maintained, suitable for its non-profit alpine club purpose.

A

Amt für Gesundheit (Office for Health, Liechtenstein)

hitze.li

48

The website 'Hitze und Gesundheit' is an official government health information portal managed by the Amt für Gesundheit of Liechtenstein. It focuses on educating the public about heat-related health risks, protective measures, and vulnerable groups. The site is well-positioned as a trusted source for health and climate-related information in the region, targeting the general population with clear, scientifically backed content. Technically, the site is built on WordPress with a modern theme and uses standard web technologies such as jQuery and Typekit fonts. It is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and obfuscates emails to reduce spam, but lacks some security headers and a formal vulnerability disclosure mechanism. Privacy compliance is partially met with a privacy policy present, but no cookie consent mechanism is detected, which could be improved. Overall, the site is credible, secure, and professionally maintained, serving its public health mission effectively.

I

Internationale Bodenseekonferenz IBK

ibk-gesundheit.org

54

The website ibk-gesundheit.org represents the International Bodenseekonferenz (IBK) initiative focused on awarding the IBK-Preis for health promotion and prevention projects in the Bodensee region. It serves as an informational platform presenting project details, award winners, and upcoming events, targeting regional stakeholders in healthcare and social sectors. The site is built on TYPO3 CMS and integrates modern privacy and analytics tools such as Cookiebot and Matomo, reflecting a mature digital infrastructure. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and some HTTP security headers are missing. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and a detailed privacy policy. However, explicit contact information and security policies are not prominently provided. Overall, the site is professional, trustworthy, and well-aligned with its non-profit mission.

W

WebSource

websource.li

51

WebSource is a specialized digital agency based in Liechtenstein, focusing on WordPress websites, WooCommerce online shops, mobile app development, and hosting services. The company targets businesses and individuals in Liechtenstein and the surrounding Ostschweiz region, positioning itself as a trusted expert in digital transformation and web solutions. The website reflects a professional and consistent brand image with clear service offerings and a modern design. Technically, the site is built on WordPress 6.8.3, leveraging standard web technologies and including plausible analytics for minimal user tracking. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Performance is moderate, with no major technical issues detected. From a security perspective, the website enforces HTTPS and uses a modern WordPress version, which is positive. However, it lacks explicit security headers and published security or incident response policies. No vulnerabilities or exposed sensitive data were found in the HTML content. Privacy compliance is weak due to the absence of privacy and cookie policies and consent mechanisms. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security transparency to improve user trust and regulatory adherence.

S

stopsmoking

stopsmoking.ch

68

stopsmoking.ch is a professionally designed national platform based in Switzerland dedicated to supporting individuals in quitting smoking. It offers comprehensive educational content, counseling services, and tools tailored for both smokers and healthcare professionals. The platform is well-positioned in the healthcare and non-profit sectors, targeting a mature audience seeking tobacco cessation support. Technically, the site is built on TYPO3 CMS, employs modern JavaScript libraries like Swiper.js, and uses Matomo analytics hosted on a Swiss cloud provider, reflecting a good level of digital maturity and privacy awareness. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR and cookie regulations.

M

Mois Sans Tabac

month-without-tobacco.ch

51

Month Without Tobacco is a well-established Swiss public health campaign aimed at helping smokers quit through a structured 30-day program, practical guides, and community support. The website is multilingual, targeting French, German, Italian, and English speakers in Switzerland. It leverages WordPress with Elementor and several plugins to deliver a rich user experience including multimedia content, testimonials, and interactive forms. The campaign partners with various health organizations and provides free professional advice and online community engagement. Technically, the site is well-structured with good SEO practices, mobile optimization, and security headers in place. However, it lacks explicit privacy and terms of service pages, and no published security or incident response policies were found. Overall, the site is trustworthy and professionally maintained, with a strong focus on user engagement and health promotion.

The Zentrum Allergie und Umwelt (ZAUM) is a reputable academic research institute jointly funded by the Technical University of Munich and Helmholtz Zentrum München. It specializes in allergy and environmental health research, aiming to advance scientific understanding and therapeutic development. The website reflects a mature digital presence with clear navigation, professional design, and comprehensive content targeted at researchers, students, and the public. Technically, the site uses TYPO3 CMS and integrates privacy-respecting analytics (Matomo), with good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. Overall, the site is trustworthy, compliant with GDPR, and well-aligned with its academic mission.

H

Helmholtz Munich

helmholtz-muenchen.de

60

Helmholtz Munich is a leading German research center specializing in health and environmental sciences. The organization focuses on biomedical research areas such as diabetes, obesity, environmental health, stem cells, bioengineering, and artificial intelligence. It serves a broad audience including researchers, healthcare professionals, and scientific partners, offering cutting-edge research, technology transfer, and scientific career development. The website reflects a strong market position as a reputable and well-established institution in the healthcare research sector. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and Matomo for analytics, indicating a mature digital infrastructure. The site is well-optimized for mobile devices, accessible, and SEO-friendly, with a professional design and clear navigation. Security measures include HTTPS enforcement, security headers, and script nonce usage, contributing to a robust security posture. Security-wise, the site demonstrates good practices with no visible vulnerabilities or exposed sensitive data. However, it lacks a visible cookie consent mechanism and a dedicated vulnerability disclosure policy, which are recommended for full GDPR compliance and security transparency. Incident response contact details are also not explicitly provided. Overall, the website is professional, trustworthy, and secure, with minor areas for improvement in privacy compliance and security transparency. The domain registration data aligns well with the organization's identity, reinforcing legitimacy and trustworthiness.

S

Ströer Connections GmbH

stayfriends.de

60

StayFriends.de is a well-established German social networking platform focused on reconnecting former school friends, viewing class photos, and organizing reunions. Operated by Ströer Connections GmbH, it serves a large user base with over 15 million members and extensive class photo archives. The platform targets German-speaking alumni and offers freemium services with paid subscription options. Technically, the website employs a modern JavaScript stack including jQuery, Bootstrap, and Google Tag Manager, with custom CMS elements. The site is moderately optimized for performance and mobile use, with good SEO and basic accessibility features. Security posture is solid with HTTPS enforced and privacy consent mechanisms in place, though explicit security policies and incident response contacts are not published. Overall, the site demonstrates high professionalism and trustworthiness with consistent branding and comprehensive privacy compliance.

E

etracker GmbH

speisekarte.de

56

speisekarte.de is a well-established German online platform specializing in digital restaurant menus and restaurant search, operating since 2008. It serves a large user base with over 150,000 restaurants listed and millions of monthly visitors. The platform offers searchable menus, user accounts, and community features to enhance the dining experience. Technically, the website employs modern web technologies including JavaScript, CSS, and integrates third-party services such as Hotjar and eTracker for analytics, as well as a Consent Management Platform to ensure GDPR compliance. Hosting and DNS are managed via Cloudflare, providing robust performance and security. Security posture is strong with HTTPS enforced and consent mechanisms in place, though some security headers and explicit security policies are absent. Overall, the site is professional, user-friendly, and trustworthy with good privacy compliance and advertising transparency.

The website at highfivve.com is currently inaccessible, returning a 403 Forbidden error page which blocks access to any meaningful content. As a result, no business information, contact details, or policy documents are available for analysis. The domain is registered since 2018 with a reputable registrar and no privacy protection, indicating a legitimate registration. However, the lack of accessible content and absence of security or privacy policies significantly limit the ability to assess the company's market position or digital maturity. The technical infrastructure appears to be hosted on SiteGround based on nameservers, but no further technology stack or analytics tools are detectable. Security posture cannot be fully evaluated due to the blocked content, but the absence of DNSSEC and security headers suggests room for improvement. Overall, the site currently presents a high risk due to inaccessibility and lack of transparency.

C

C4all Gesellschaft mbH & Co. KG

c4all.de

48

C4all Gesellschaft mbH & Co. KG is a German-based digital marketing service provider specializing in telephony, SMS, video, and image services to help businesses analyze campaigns, track customer touchpoints, and acquire new clients. With over 10 years of experience and a client base of 175 companies, C4all positions itself as a reliable partner in the digital marketing ecosystem. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content tailored to business customers seeking marketing measurement and communication solutions. Technically, the site is built on Umbraco CMS with modern HTML5, CSS3, and JavaScript technologies, leveraging the uSkinned sitebuilder framework. While performance and SEO are adequate, there is room for improvement in accessibility and security headers. Security posture is moderate, with secure form handling and CAPTCHA but lacking visible security policies and headers. Privacy compliance is partially met with a privacy policy and GDPR consent checkbox but missing a cookie consent mechanism. Overall, the domain registration data aligns with the business claims, indicating legitimacy and consistency.

D

dialo.de Startseite

dialo.de

9

The website dialo.de presents a German-language homepage with a basic description and branding consistent with a small business or service provider. The site uses Bootstrap 3.3.7 and FontAwesome for styling and includes eTracker analytics and OneTrust cookie consent mechanisms, indicating some level of digital maturity. However, the absence of a privacy policy, terms of service, and contact information limits its compliance and trustworthiness. Security posture is moderate with HTTPS implied but no visible security headers or incident response contacts. Overall, the site is accessible and safe for general audiences but would benefit from enhanced transparency and security practices.

B

BundesTelefonbuch

bundes-telefonbuch.de

9

BundesTelefonbuch operates as an online telephone directory service targeting the German market, providing users with quick access to telephone numbers and business contact information. The website is professionally designed using Bootstrap and includes standard web technologies, with a focus on usability and mobile responsiveness. It integrates advertising via Google Adsense and analytics through eTracker, indicating a moderate level of digital maturity. Security-wise, the site uses HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and published privacy or terms of service policies, which are important for compliance and trust. Overall, the site appears legitimate and functional but would benefit from enhanced transparency and security practices to improve user trust and regulatory compliance.

F

Felix Burda Stiftung

felixburda.de

56

The Felix Burda Stiftung is a well-established German non-profit organization dedicated to the prevention and early detection of colorectal cancer. Founded in 2001 by Dr. Christa Maar and Prof. Dr. Hubert Burda, it honors their son Felix Burda who died of colorectal cancer. The foundation is a recognized leader in health awareness campaigns, digital health tools, and advocacy within Germany. Their website reflects a mature digital presence built on Drupal 10, featuring comprehensive content, multimedia, and strong privacy compliance mechanisms including GDPR-aligned cookie consent. Contact information and social media presence are transparent and professional. Security posture is good with HTTPS and consent-based tracking, though some security headers could be improved. Overall, the site is trustworthy, user-friendly, and serves a broad audience interested in health prevention.

B

BKK Dachverband e.V.

bkk-dachverband.de

54

BKK Dachverband e.V. is a German healthcare interest association representing 68 company health insurance funds and four regional associations, collectively covering 9 million insured persons. The website serves as a comprehensive platform for political advocacy, innovation promotion, prevention, and healthcare service information. Technically, the site is built on TYPO3 CMS, employs jQuery, and uses self-hosted Matomo analytics, reflecting a mature and privacy-conscious digital infrastructure. The site is well-structured, mobile-optimized, and accessible, with a strong emphasis on sustainability through green hosting. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. Overall, the website projects professionalism and trustworthiness appropriate for a healthcare non-profit organization.

B

BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V.

bkk-like-dich-selbst.de

41

The website 'BKK-Kampagne: Like Dich selbst!' is a health promotion platform operated by the non-profit association BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V. It focuses on educating the German public about nutrition, exercise, stress management, and addiction prevention through webinars and podcasts. The site targets a general audience interested in improving personal health and wellness. Technically, the site is built on WordPress with modern web technologies such as jQuery and Google Fonts, hosted with domain control via GoDaddy DNS. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS but lacks advanced security headers and published security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professional but could improve in security and privacy transparency.

B

BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V.

bkk-fokussiert.de

42

BKK fokussiert is a German health prevention campaign operated by the BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V., focusing on promoting healthy work environments and stress prevention for employees. The website serves as an informational platform offering videos, podcasts, and educational content targeting employees and companies interested in workplace health. The campaign positions itself as a niche player within the healthcare and non-profit sectors in Germany. Technically, the website is built on WordPress 6.8.3 with standard plugins including WPML for multilingual support. It uses Google Fonts and embeds media from Mixcloud. The site is hosted with domain control via GoDaddy name servers and employs HTTPS with good SSL configuration. The site is mobile optimized and provides a good user experience with clear navigation and consistent branding. From a security perspective, the website enforces HTTPS but lacks visible security headers and cookie consent mechanisms, which are recommended for GDPR compliance. No forms or data collection fields are present on the homepage, reducing attack surface. No vulnerability disclosure or incident response information is published. The WHOIS data is minimal but consistent with a legitimate domain registration. Overall, the website is professional, secure, and trustworthy with minor improvements recommended in privacy compliance and security headers to enhance protection and user trust.

B

BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V.

bkk-care-life.de

48

BKK Care & Life is a healthcare-focused website dedicated to raising awareness about testicular cancer and promoting early detection through self-examination. The platform is supported by the BKV – Interessengemeinschaft Betriebliche Krankenversicherung e. V., a German statutory health insurance association. The website provides detailed educational content, including anatomy, function, and practical guides for self-checking testicles, targeting men primarily between 25 and 45 years old. The site is professionally designed, multilingual, and well-structured to serve its niche audience effectively. Technically, the website is built on WordPress 6.8.3 with WPML for multilingual support and uses standard web technologies including jQuery and custom JavaScript. Hosting is managed via domaincontrol.com name servers, indicating a stable and reputable hosting environment. Performance and mobile optimization are good, with accessibility and SEO features well implemented. From a security perspective, the site uses HTTPS with excellent SSL configuration but lacks some advanced security headers and a cookie consent mechanism. No forms collecting personal data were detected on the main page, reducing immediate privacy risks. The WHOIS data is consistent and legitimate, with no suspicious patterns. However, the site could improve by publishing a security policy, incident response contacts, and vulnerability disclosure information. Overall, BKK Care & Life presents a trustworthy, professional, and secure platform for health education with minor areas for improvement in privacy compliance and security best practices.

L

Leafworks

helpdeskapi.com

51

Leafworks is a small technology company specializing in providing middleware solutions that integrate Zendesk with CRM, ERP, and eCommerce systems. Their website focuses on promoting their Zendesk API middleware product, which automates workflows and enhances support capabilities for businesses using Zendesk. The company targets business clients seeking seamless integration and automation of their customer service platforms. Technically, the website is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable infrastructure. The presence of Google Tag Manager and CookieFirst consent scripts shows a moderate level of digital maturity and compliance awareness. Security-wise, the site enforces HTTPS and uses best practices like cookie consent, but lacks explicit security policies, incident response contacts, and security headers, which are areas for improvement. Overall, the website is professional, well-structured, and trustworthy, but could enhance privacy and security transparency to further strengthen its posture.

K

Krones

krones.com

11

Krones is a globally recognized manufacturer specializing in complete production lines and individual machines for the beverage and food industries. Their offerings include process technology, filling and packaging machines, digital services, and recycling solutions. The company maintains a strong market position with a comprehensive portfolio and a focus on sustainability and innovation. The website reflects a mature digital presence with extensive corporate, investor, and compliance information, indicating a well-established enterprise. Technically, the site employs modern web technologies, including Google Tag Manager and a consent management platform, ensuring privacy compliance and user tracking minimization. Security posture is solid with HTTPS enforced and consent mechanisms in place, though explicit security headers could be improved. Overall, the site is professional, trustworthy, and well-optimized for user experience and SEO.

B

BKK Landesverband Bayern

bkk-gesundheit.de

55

BKK Landesverband Bayern operates the Gesundheitsportal website, providing comprehensive health-related information and tools such as BMI calculators and resilience tests. The portal targets the general public interested in health and wellness, positioning itself as a trusted regional health information provider linked to statutory health insurance. Technically, the site is built on TYPO3 CMS, uses Matomo for analytics, and is hosted on Schlundtech infrastructure. The website demonstrates good digital maturity with modern technologies, responsive design, and accessibility features. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though it lacks publicly visible security policies and incident response contacts. Overall, the site is professional, trustworthy, and compliant with GDPR, making it a reliable resource for health information.

V

Vispato GmbH

vispato.com

54

Vispato GmbH is a German-based technology company specializing in providing a secure, anonymous whistleblowing system designed to help organizations comply with the EU Whistleblower Directive and other global data protection laws. The company operates a SaaS model, offering a modern, user-friendly platform with strong security features such as end-to-end encryption and ISO 27001 certified hosting. Vispato serves a broad range of enterprises, particularly in the DACH region, and is part of the HR WORKS family, enhancing its market credibility. Technically, the website is built on WordPress with a modern theme and integrates multiple marketing and analytics tools including Google Tag Manager, Usercentrics CMP for cookie consent, Microsoft Clarity, and Pipedrive for lead management. Hosting is provided by the ISO 27001 certified DATEV data center, ensuring a high security standard. The site is well-optimized for SEO, mobile-friendly, and accessible, with comprehensive multilingual support. From a security perspective, Vispato demonstrates strong practices including HTTPS enforcement, penetration testing, access controls, and activity logging. However, the site could improve by adding security headers and publishing a security.txt file to facilitate vulnerability disclosures. No critical vulnerabilities or exposed sensitive data were detected. Overall, Vispato presents a professional, trustworthy, and compliant digital presence with clear business information, transparent pricing, and strong customer testimonials. The domain registration data aligns well with the business claims, supporting legitimacy. Strategic recommendations include enhancing legal documentation with Terms of Service and incident response details to further strengthen compliance and trust.