Security Directory

N

NFE Norddeutscher Fachverband Elektro- und Informationstechnik e.V.

nfe.de

46

NFE Norddeutscher Fachverband Elektro- und Informationstechnik e.V. is a well-established regional association representing approximately 350 medium-sized companies in the electrical and information technology sectors in Hamburg. The organization provides advocacy, certification, training, and networking services to its members, positioning itself as a key industry stakeholder in the region. The website reflects a professional and member-focused approach with clear communication of benefits and services. Technically, the site is built on TYPO3 CMS with Bootstrap, ensuring responsive design and good accessibility. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers and explicit policies could be improved. Overall, the site is trustworthy, well-maintained, and compliant with GDPR requirements.

E

E-Handwerke Berlin/Brandenburg

eh-bb.de

38

E-Handwerke Berlin/Brandenburg is a regional trade association focused on supporting electrical craftsmen and professionals in the Berlin and Brandenburg regions. The organization provides certification services such as E-Check, training seminars, apprenticeship support, and member services. The website reflects a professional and consistent brand presence with clear navigation and relevant content targeted at trade professionals and apprentices. Technically, the site is built on TYPO3 CMS, hosted by SchlundTech, and uses modern tracking and consent management tools, including Usercentrics and Google Tag Manager. The site is mobile optimized and performs moderately well. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response information are absent. Overall, the domain registration and hosting align well with the business purpose, indicating legitimacy and trustworthiness.

L

Landesinnungsverband für das Bayerische Elektrohandwerk

elektroverband-bayern.de

37

The Landesinnungsverband für das Bayerische Elektrohandwerk is a regional trade association representing the Bavarian electrical craft sector. It provides member services including training, certification (E-Marke), public relations, and a platform for news and events. The website targets professionals, trainees, and stakeholders in the electrical industry within Bavaria, positioning itself as an authoritative and trusted organization in this niche. Technically, the site is built on TYPO3 CMS, employs modern JavaScript libraries, and integrates a consent management platform (Usercentrics) alongside analytics tools such as Google Analytics and TikTok Pixel. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a moderate to good digital maturity. Security posture is solid with HTTPS enforced and privacy compliance mechanisms in place; however, there is room for improvement in publishing explicit security policies and implementing additional HTTP security headers. Overall, the domain registration data aligns well with the website content, indicating legitimacy and consistency. The site is free from blocking mechanisms or WAF challenges, enabling full content accessibility.

F

Fachverband Elektro- und Informationstechnik Baden-Württemberg

fv-eit-bw.de

43

The Fachverband Elektro- und Informationstechnik Baden-Württemberg is a regional industry association focused on the electrical and information technology sectors in Baden-Württemberg, Germany. It provides its members with industry news, training, networking opportunities, and advocacy services. The website reflects a professional and well-structured digital presence, targeting professionals and businesses within the regional energy and technology sectors. The association maintains a strong market position as a trusted regional body with a clear focus on quality and member services. Technically, the website is built on TYPO3 CMS and integrates modern technologies including Usercentrics for consent management, Google Analytics, and TikTok Pixel for analytics and marketing. The site is hosted on a domain controlled by DomainControl, likely GoDaddy, and shows good mobile optimization and SEO practices. Performance is moderate with no critical technical issues detected. From a security perspective, the website uses HTTPS with SSL and implements privacy best practices such as IP anonymization and cookie consent mechanisms. However, it lacks explicit security headers and does not provide visible security or incident response policies. No vulnerabilities or suspicious content were detected. Overall, the security posture is good but could be improved with additional headers and documented policies. The overall risk assessment is low with no signs of malicious activity or content safety concerns. Strategic recommendations include enhancing security headers, publishing incident response information, and maintaining regular audits of third-party scripts to ensure ongoing compliance and security.

A

Arbeitsgemeinschaft Medienwerbung GmbH im Zentralverband der Deutschen Elektro- und Informationstechnischen Handwerke

e-check.de

46

The website www.elektrohandwerk.de is a professionally maintained information portal affiliated with the German electrical trade association (ZVEH). It focuses on promoting the E-CHECK service, which provides electrical safety inspections and energy efficiency advice primarily for private homeowners, tenants, landlords, and property managers. The site offers comprehensive content on electrical safety, damage prevention, energy saving, and comfort enhancements, positioning itself as an authoritative resource in the energy sector within Germany. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CSS technologies, and integrates a consent management platform (Usercentrics) alongside Google Tag Manager and TikTok analytics for tracking, all implemented with GDPR compliance in mind. Security-wise, the site enforces HTTPS and uses consent-based tracking but lacks explicit security headers and published security policies or incident response information. Overall, the site is trustworthy, well-branded, and user-friendly, with moderate to good performance and mobile optimization.

R

RTL

rtl.lu

69

RTL Lëtzebuerg operates as a leading media and broadcasting company in Luxembourg, offering a comprehensive range of services including news, television, radio, and digital content. The website is professionally designed with excellent content quality and clear navigation, targeting a general audience interested in regional and international news and entertainment. Technically, the site employs a modern technology stack with extensive use of JavaScript libraries, consent management tools, and analytics platforms, supporting both web and mobile app platforms. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response information are not publicly available. Privacy compliance is robust, featuring a comprehensive GDPR consent mechanism. The absence of WHOIS data due to malformed queries slightly reduces domain trustworthiness but does not detract from the overall legitimacy of the site. Strategic recommendations include publishing security and incident response policies, providing clear contact information, and adding terms of service to enhance legal clarity and user trust.

Ř

Římskokatolická farnost Klimkovice

farnostklimkovice.cz

56

The website www.farnostklimkovice.cz represents the Roman Catholic parish of Klimkovice, a small non-profit religious organization serving its local community. The site provides parish news, religious service schedules, historical information, and contact details. It targets local parishioners and visitors interested in the parish's activities and spiritual services. The business model is community and faith-based, with no commercial intent. Technically, the website is built on the Webnode CMS platform and uses Cloudfront CDN for content delivery. It incorporates Google Analytics with IP anonymization for visitor tracking. The site is mobile-optimized and has a moderate performance profile. However, it lacks advanced accessibility features and comprehensive SEO optimization. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks important security headers such as Content-Security-Policy and Strict-Transport-Security. There are no visible vulnerabilities or exposed sensitive data. Privacy compliance is weak due to the absence of privacy and cookie policies. Contact information is clearly presented, enhancing business credibility. Overall, the website is safe, professional, and trustworthy for its intended audience. The lack of WHOIS data suggests privacy protection, which is typical for small non-profits. Strategic improvements in privacy compliance and security headers would enhance the site's security posture and regulatory adherence.

R

RHEINZINK

rheinzink.de

55

RHEINZINK is a globally recognized manufacturer specializing in titanium zinc products, primarily serving the construction and architectural sectors. The company positions itself as a market leader with a strong emphasis on quality, sustainability, and innovative solutions for roofing, facades, and drainage systems. Their website reflects a mature digital presence with comprehensive product information, localized domains for international markets, and a professional design tailored to architects, craftsmen, distributors, and builders. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and includes performance optimizations and mobile responsiveness. Security measures such as HTTPS, security headers, and cookie consent mechanisms are in place, indicating a solid security posture. However, explicit security policies and incident response contacts are not prominently published. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. The absence of blocking mechanisms or WAF challenges allows full content accessibility and analysis. Strategic recommendations include enhancing security transparency and publishing vulnerability disclosure information to further strengthen trust.

H

Heckert Solar Shop

heckertsolar.com

48

Heckert Solar Shop is a German-based e-commerce and service provider specializing in photovoltaic modules, storage systems, inverters, and related solar technology products. The company targets a broad audience including private consumers, professional partners, investors, and commercial clients. The website demonstrates a professional and consistent brand presence with a good range of products and services, positioning itself as a reliable expert in the solar energy sector. Technically, the site is built on the Shopware platform, uses modern JavaScript libraries, and integrates multiple advertising and analytics tools, indicating a mature digital infrastructure. Security posture is adequate with HTTPS and domain protection statuses, but lacks advanced DNS security and explicit security policies. Privacy compliance is partial, with cookie consent implemented but no visible privacy or terms policies. Overall, the website is trustworthy and well-maintained but could improve transparency and security documentation.

H

Hager Group

elcom.de

66

Hager Group operates a professional website focused on door communication and security solutions, targeting primarily B2B customers in the energy sector. The company has a long-standing market presence since 1976, supported by a domain registered since 1997. The website content is well-structured, professionally designed, and consistent with the company's branding and business model. The technical infrastructure leverages modern technologies including Sitecore CMS, Akamai CDN, and advanced search capabilities via Algolia, indicating a mature digital presence. Security posture is generally good with HTTPS enforced and domain transfer protections in place, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is partially addressed with a cookie consent mechanism but lacks visible privacy policy and terms of service on the analyzed page. Overall, the website reflects a credible and trustworthy enterprise with room for enhanced security and privacy transparency.

Netatmo is a recognized smart home technology company specializing in connected consumer electronics designed to enhance home safety, health, and comfort. The company operates under the parent company Legrand, a global leader in electrical and digital building infrastructures. The website currently is in maintenance mode, returning a 500 server error, limiting access to full content and services. The digital infrastructure employs modern JavaScript frameworks such as Nuxt.js and integrates analytics and marketing tools like Google Tag Manager and Qualibooth. However, the absence of visible privacy, cookie, and terms of service policies, as well as lack of contact information, reduces transparency and user trust. Security posture is moderate with HTTPS enforced but missing security headers and vulnerability disclosure information. The WHOIS data is unavailable, which raises concerns about domain registration transparency but may be due to privacy protection or technical issues. Overall, the site reflects a professional brand but currently suffers from accessibility and compliance gaps.

Á

Árvakur hf.

mogginn.is

59

Árvakur hf. operates the www.mbl.is website, a leading Icelandic news media platform offering a broad range of news content including domestic, international, business, sports, and cultural news. The site supports multiple content formats such as PDF newspapers, text articles, audio summaries, and daily podcasts, targeting the general Icelandic-speaking public and subscribers. The business model is subscription-based with additional free content, positioning it as a major player in Iceland's media landscape. Technically, the website employs a modern tech stack including JavaScript frameworks, Google Analytics, Microsoft Clarity, and the Piano paywall system for subscription management. The site is mobile-optimized and uses responsive design principles, with good SEO and accessibility features. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and uses secure forms and cookie consent mechanisms. However, explicit security headers like Content-Security-Policy are not evident, and no public security or incident response policies are published. The absence of WHOIS data limits domain registration transparency, though the site content and branding strongly support legitimacy. Overall, the website presents a professional, trustworthy, and user-friendly platform with extensive analytics and advertising integrations. Strategic improvements in security policy transparency and domain registration visibility would enhance trust and compliance.

W

Winterhalter Gastronom GmbH

winterhalter.com

64

Winterhalter Gastronom GmbH is a well-established family-owned company specializing in commercial warewashing technology, including dishwashers, water treatment, chemicals, and accessories for the hospitality and catering industries. The company positions itself as a quality leader with a comprehensive system approach to warewashing solutions. The website is professionally designed, multilingual, and targets a global audience of commercial kitchen operators. Technically, the site is built on TYPO3 CMS, uses modern web technologies, and integrates consent management and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, bot protection via Cloudflare Turnstile, and privacy compliance through Usercentrics, although explicit security headers could be improved. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional web presence and contact transparency. Overall, the website demonstrates a high level of professionalism, trustworthiness, and business credibility.

B

Bundesverband Solarwirtschaft (BSW-Solar) e.V.

bsw-solar-shop.de

49

The website www.bsw-solar-shop.de serves as the official online shop for the Bundesverband Solarwirtschaft (BSW-Solar) e.V., a German solar industry association. It offers publications, guides, and studies related to solar thermal energy, photovoltaics, and energy storage. The platform targets investors, members of the association, and other stakeholders interested in solar energy solutions. The business model is primarily e-commerce focused on niche solar energy content, supported by member discounts and campaign information. The site holds a strong position within the German solar energy sector as a trusted source of industry publications. Technically, the website is built on the Magento CMS platform, utilizing standard web technologies such as HTML5, CSS, and JavaScript. The site demonstrates good mobile responsiveness and basic accessibility features. Hosting is provided by a German hosting provider (kasserver.com), and the site structure supports clear navigation and SEO best practices. However, some modern security headers and cookie consent mechanisms are missing, which could be improved to enhance compliance and security. From a security perspective, the site uses HTTPS (assumed though not explicitly confirmed), does not expose sensitive data, and avoids vulnerable libraries in the visible code. However, it lacks explicit security headers and published security policies or incident response information. No vulnerability disclosure or security.txt files are present. The site does not appear to use tracking or advertising scripts, which reduces privacy risks but also indicates limited marketing automation. Overall, the website is professional, trustworthy, and focused on its niche market. Security posture is moderate with room for improvement in headers and compliance mechanisms. Privacy compliance is basic, with a privacy policy present but no cookie consent banner. The risk level is low, but strategic improvements in security and privacy transparency are recommended to maintain trust and compliance.

M

Metadata ehf.

metadata.is

56

Metadata ehf. is a small Icelandic technology-focused local business specializing in metadata evaluation services, as indicated by their website and structured data. The company operates primarily within the Icelandic market and targets local businesses or individuals interested in metadata services. The website is professionally designed using the Wix platform, featuring modern web technologies and good mobile optimization. However, the content is relatively basic and lacks comprehensive privacy or cookie policies, which impacts compliance and trustworthiness. Security posture is moderate with HTTPS enforced and some security hardening scripts, but lacks explicit security headers and visible incident response information. The absence of WHOIS data for the domain www.metadata.is is notable and reduces confidence in domain legitimacy, though the website itself appears legitimate and professionally maintained. Overall, the site presents a moderate risk profile with room for improvement in privacy compliance and security transparency.

Analytica ehf. is a small Icelandic financial advisory firm specializing in financial and risk management services for professional investors. Founded in 1993, the company leverages decades of expertise particularly in risk management and foreign exchange. Their website presents a professional image with clear descriptions of their services and target audience. Technically, the site uses JavaScript and jQuery for dynamic content but lacks modern CMS or advanced frameworks. Performance and mobile optimization are basic but functional. Security posture is weak due to missing HTTPS confirmation, lack of security headers, and no DNSSEC. Privacy and cookie policies are absent, indicating compliance gaps. WHOIS data is consistent and supports legitimacy with a domain age of over 13 years. Overall, the site is trustworthy but requires improvements in security and privacy compliance to meet modern standards.

S

Skypark

skypark.lt

43

Skypark.lt is the online presence of Skypark, the largest trampoline park and entertainment center in Lithuania, offering leisure activities for all age groups across multiple physical locations. The website serves as a landing page directing visitors to specific location subdomains. The business is positioned as a family-friendly entertainment provider with a medium-sized footprint in the hospitality sector, founded in 2014. Technically, the site uses a custom CMS (Greativ), Google Fonts, and Google Analytics with consent management scripts that deny ad and analytics storage by default, indicating some privacy awareness. However, the site lacks visible privacy and cookie policies, contact emails, and security headers, which are areas for improvement. No WAF or blocking mechanisms were detected, and the site content is accessible and safe for general audiences.

The website psaroom.com currently serves as a redirect or domain parking page with minimal accessible content. The domain is registered since 2015 and uses ParkLogic nameservers, a known domain monetization service. There is no visible business information, contact details, or policies on the site, indicating it is not actively used for business purposes. The technical infrastructure is minimal, relying on JavaScript redirects and lacks modern security headers or HTTPS confirmation in the provided data. Security posture is weak due to absence of security best practices and no visible compliance documentation. Overall, the site presents a low trust profile and limited business credibility.

The Local Europe AB operates a professional English-language news website focused on European news, travel, politics, and practical guides. Established in 2010 and headquartered in Stockholm, Sweden, it targets English-speaking residents and expatriates across Europe. The business model combines advertising, membership subscriptions, and job listings, positioning it as a reputable media outlet in its niche. The website features a modern, responsive design with comprehensive content and clear navigation, supported by a robust technical infrastructure including CMS, analytics, and membership management platforms. Technically, the site employs a variety of modern web technologies such as Google Tag Manager, Piano.io for membership/paywall, Cxense for content personalization, and MailerLite for newsletters. The site is well-optimized for mobile devices and SEO, though some accessibility features could be enhanced. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, but explicit security headers and incident response information are not publicly detailed. The absence of WHOIS domain registration data is a notable anomaly that impacts domain trustworthiness, although the website content and business information appear legitimate and professional. Privacy policies and cookie consent comply with GDPR, reflecting a commitment to user data protection. Overall, the site presents a low risk profile but would benefit from improved transparency in domain registration and security policies.

J

Jonatan Heyman

heyman.info

53

The website heyman.info is a personal technical blog and project showcase maintained by Jonatan Heyman. It features a wide range of technical articles, open source projects, and websites developed by the author, targeting developers and tech enthusiasts. The site has a consistent and professional design with content dating back to 2010, indicating a mature and established personal brand. The business model is primarily content publishing and personal branding with no direct commercial transactions evident. Technically, the site uses a static site generator (likely Pelican), Google Analytics for visitor tracking, and integrates external fonts and scripts for enhanced user experience. The site is mobile optimized and has good SEO practices but lacks explicit privacy and cookie policies. Security posture is moderate with HTTPS enabled but missing security headers and no visible incident response or security policies. Overall, the site is legitimate and trustworthy but could improve compliance and security transparency.

K

Knackeriet Coworking Space - Mariatorget - Stockholm

knackeriet.se

48

The website www.knackeriet.se appears to be a Wix-hosted site with minimal content and no visible business or contact information. The domain WHOIS data is missing or the domain is unregistered, raising significant legitimacy concerns. Technically, the site uses standard Wix scripts and polyfills but lacks security headers and privacy policies. There is no evidence of forms or data collection, and no social media or external business links are present. Overall, the site lacks essential trust and compliance indicators, making it unsuitable for business or customer engagement in its current state.

H

H2G Internetagentur AG

h2g.ch

46

H2G Internetagentur AG is a Swiss-based web agency located in Aarau, specializing in consulting, design, development, and hosting of websites and web applications. The company targets businesses and institutions seeking innovative and user-centric digital solutions. Their market position is that of a reputable regional agency with a diverse client base, including international companies and local institutions. The website reflects a professional and modern digital presence with clear service offerings and client references. Technically, the website employs modern web technologies including JavaScript, SVG graphics, and Matomo for privacy-conscious analytics. The site is well-optimized for mobile devices and demonstrates good SEO and accessibility practices. Hosting appears to be managed internally or via trusted providers, with HTTPS enforced and minimal tracking. From a security perspective, the site uses HTTPS and respects user privacy by disabling cookies in analytics and honoring Do Not Track signals. However, it lacks some advanced security headers and explicit security or incident response policies. No vulnerabilities or suspicious activities were detected. Overall, the website is trustworthy, professional, and compliant with GDPR requirements. The risk profile is low, with recommendations to enhance security headers and add explicit cookie consent mechanisms to further improve privacy compliance and security posture.

C

Catalystic

catalystic.cz

43

Catalystic.cz is a small, Czech Republic-based independent platform focused on interdisciplinary research, non-formal education, and public outreach related to exponential changes in technology and society. The website presents a clear business model centered on fostering creativity, criticality, and exponentiality through research initiatives, educational programs, and partnerships. The site uses modern web technologies including Three.js for interactive graphics and is hosted on Forpsi servers with Webflow CMS. While the website is well-designed with good navigation and mobile optimization, it lacks critical compliance documents such as privacy and cookie policies, and does not provide incident response or vulnerability disclosure information. Security posture is moderate with HTTPS assumed but no visible security headers or advanced protections. Overall, the site is professional and trustworthy but could improve compliance and security transparency.

B

Brejlando | take-away divadlo

brejlando.cz

38

Brejlando.cz is a Czech-based small media business specializing in delivering experimental theater recordings through virtual reality technology. The website offers users the ability to experience popular Prague theater performances from the comfort of their homes using modern VR technologies. The business appears to have been founded in 2021, consistent with the domain registration date. The website is built using modern frontend technologies such as Bootstrap and Nuxt.js, providing a good user experience with responsive design and clear navigation. However, the site lacks critical privacy and security policies, including privacy, cookie, and terms of service documents, as well as contact information for users or incident response. No analytics or advertising scripts were detected, indicating minimal user tracking. The domain registration data aligns well with the website content and business profile, supporting legitimacy. Overall, the website is safe for general audiences and professionally presented but requires improvements in privacy compliance and security posture.

C

CARNET

evisitor.hr

63

The www.evisitor.hr website is an official Croatian government platform managed by CARNET, designed to facilitate the registration and deregistration of tourists in Croatia. It serves commercial and non-commercial accommodation providers, integrating with the national authentication system NIAS for secure user login. The platform is well-positioned as a critical digital service in the Croatian tourism sector, providing essential compliance and informational services to stakeholders. Technically, the site employs modern web technologies including JavaScript, CSS, and Kendo UI components, with a focus on accessibility and multilingual support. Security measures include HTTPS enforcement and anti-CSRF tokens, although some advanced security headers and policies are not visibly implemented. Privacy compliance is basic, with terms of service available but no explicit cookie or privacy policies on the login page. Overall, the site demonstrates a strong business credibility and trustworthy government affiliation, with a moderate to good technical and security posture.

M

Ministarstvo gospodarstva i održivog razvoja Republike Hrvatske

mingor.hr

65

The website mingor.hr/login serves as a secure login portal for the Nextcloud platform used by the Ministry of Economy and Sustainable Development of the Republic of Croatia. It provides government employees and authorized users with a safe environment for data storage and collaboration. The site leverages modern web technologies including Vue.js and Nextcloud version 30, hosted by CARNET, the Croatian Academic and Research Network. The domain registration data aligns well with the government entity, confirming legitimacy and trustworthiness. Technically, the site demonstrates good security practices such as HTTPS enforcement, Content Security Policy with nonce, and session management. However, it lacks publicly accessible privacy, cookie, and terms of service policies, as well as contact or incident response information, which are important for compliance and user trust. The site is minimalistic as expected for a login page, with no advertising or tracking scripts detected, indicating a focus on privacy and security. Overall, the security posture is strong with no obvious vulnerabilities detected in the provided content. The site is well-optimized for mobile and has a professional design consistent with government branding. The main risks relate to the absence of visible privacy and compliance documentation, which should be addressed to improve transparency and regulatory adherence.

F

Fond za zaštitu okoliša i energetsku učinkovitost

fzoeu.hr

56

Fond za zaštitu okoliša i energetsku učinkovitost is a Croatian governmental fund dedicated to environmental protection and energy efficiency. Established in 2004, it serves as a national authority providing funding, regulatory oversight, and public information related to waste management, renewable energy, and environmental sustainability. The website offers comprehensive resources including public tenders, announcements, and educational content targeting Croatian citizens, businesses, and public institutions. The organization maintains a consistent and professional online presence aligned with its governmental role. Technically, the website employs modern web technologies including JavaScript, CSS, and HTML5, with Google Analytics integrated for user tracking under a compliant cookie consent mechanism. Hosting and DNS services are supported by Cloudflare, ensuring reliable performance and security. The site is mobile optimized and includes accessibility features enhancing usability for diverse users. From a security perspective, the website enforces HTTPS and implements cookie consent, but lacks visible security policy documentation and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the organization's Croatian governmental identity, enhancing trustworthiness. Overall, the website presents a secure, professional, and informative platform supporting the fund's mission. Strategic improvements include publishing explicit security policies, incident response information, and enhancing security headers to further strengthen the security posture.

Y

Yufe

yufe.hr

70

YUFE (Young Universities for the Future of Europe) is a European University Alliance comprising 10 partner universities, focused on providing innovative educational opportunities, civic engagement activities, and staff development across Europe. The alliance is recognized by the European Commission and aims to add a European dimension to studies and careers. The website is professionally designed, content-rich, and well-structured, targeting students, researchers, academic staff, citizens, and organizations. It leverages modern web technologies including WordPress, Google Tag Manager, and multimedia embeds to deliver an engaging user experience. Security posture is good with HTTPS and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is evident with GDPR-aligned policies and cookie management. The domain is privacy-protected under EURid, which is typical for .eu domains and justified for this type of organization. Overall, the website presents a trustworthy and credible digital presence for an educational alliance.

Y

Yufe

yufe.eu

70

YUFE (Young Universities for the Future of Europe) is a European University Alliance comprising 10 partner universities. The organization focuses on providing innovative educational programs, including on and offline university-level courses, civic engagement activities, language courses, and staff development opportunities across Europe. The website presents a professional and well-structured digital presence, targeting students, researchers, academic staff, citizens, and organizations interested in European higher education collaboration. Technically, the site is built on WordPress with modern integrations such as Google Tag Manager, Mailchimp, and video embeds from Vimeo and YouTube, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and privacy compliance mechanisms in place, although no explicit security policy or incident response contacts are published. Overall, the site is trustworthy, well-branded, and compliant with GDPR, supporting its role as a reputable educational alliance.

Die Schlösserstrasse is a regional development association focused on promoting cultural tourism and heritage sites, specifically castles and fortresses in Southeast Austria and Slovenia. The website serves as an information hub for tourists and cultural enthusiasts, offering event announcements, booking options, and educational content. The organization appears to have a solid market position within its niche, supported by regional tourism partners and a network of castles. Technically, the website uses basic web technologies such as jQuery and JavaScript, with moderate performance and basic mobile optimization. Security posture is average, with no HTTPS or security headers information available from the provided data, and no cookie consent mechanism detected despite EU audience relevance. The WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy, although the website content and partner references suggest a legitimate operation. Overall, the site is professional and trustworthy but would benefit from improved technical and security measures.

3

Trije gradovi,dve deželi,ena zgodba - 321 Go

321go.si

47

The website www.321go.si is a Slovenian regional or cultural site, likely focused on tourism or local heritage, as indicated by the title 'Trije gradovi,dve deželi,ena zgodba - 321 Go'. The domain was registered in 2019 with a local Slovenian registrar, consistent with the website's regional focus. The site is multilingual, offering Slovenian, English, and German versions. Technically, the site is built on WordPress and uses WPRocket for optimization, with Google Analytics integrated for visitor tracking. However, the site lacks visible privacy and cookie policies, and no contact information is explicitly provided in the analyzed content. Security headers are not detected, and SSL configuration details are not available, though HTTPS is used. Overall, the site presents good design and user experience but has gaps in privacy compliance and security best practices.

P

Pikant

pikant.hr

46

Pikant is a Croatian design and marketing studio providing a broad range of creative and IT services including web design, graphic design, product design, branding, IT support, and marketing consulting. The company positions itself as a regional leader with a focus on quality and client satisfaction, serving businesses primarily in Croatia and the EU. The website is professionally designed, mobile-optimized, and provides clear contact information and client references. Technically, the site uses modern web technologies such as Google Fonts, Revolution Slider, and Cognito Forms for contact management, with Google Analytics for traffic analysis. Security posture is good with HTTPS enabled and secure form handling, though some security headers and cookie consent mechanisms are missing. The WHOIS data is privacy protected due to GDPR, which is justified for this business type. Overall, the website reflects a legitimate, small-sized business with a solid digital presence.

M

Ministerie van Algemene Zaken

government.nl

60

The website government.nl serves as the official online portal for the Government of the Netherlands, managed by the Ministerie van Algemene Zaken. It provides comprehensive information on government services, policies, immigration, housing benefits, citizenship, and current news. The site targets a broad audience including residents, expatriates, and businesses interacting with Dutch government entities. It holds a strong market position as the authoritative source of government information in the Netherlands. Technically, the website employs modern JavaScript libraries such as jQuery UI and integrates Piwik PRO analytics and Pastease survey tools, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and performs well with fast loading times. The CMS is not explicitly identified but appears to be a custom or government-specific platform. From a security perspective, the site enforces HTTPS and employs secure forms without visible vulnerabilities. However, explicit security headers and a dedicated security policy page are absent, and no incident response contacts are provided. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. No vulnerabilities or suspicious domains were detected. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance suitable for a government entity. Strategic recommendations include enhancing security headers, publishing a security policy, and providing incident response contacts to further strengthen the security posture.

S

Swedish Council for Higher Education

nordplusonline.org

60

Nordplusonline.org is the official platform for Nordic-Baltic educational collaboration, administered by the Swedish Council for Higher Education on behalf of the Nordic Council of Ministers. The website facilitates funding applications, project management, and dissemination of educational projects and events within Nordic and Baltic countries. It targets educational institutions and project coordinators seeking collaboration and funding opportunities. The platform holds a strong market position as an official government-backed initiative with a clear focus on education and regional cooperation. Technically, the website employs modern web technologies including Bootstrap for responsive design, privacy-friendly Plausible Analytics for user insights, and Klaro for cookie consent management. The CMS appears to be Episerver, indicating a mature content management infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, with moderate performance. Hosting and domain registration are consistent with a legitimate government-related entity. From a security perspective, the site uses HTTPS with a good SSL configuration and enforces clientTransferProhibited status on the domain. Cookie consent mechanisms and privacy policies are in place, reflecting GDPR compliance. However, DNSSEC is not enabled, and security headers are not explicitly detected, suggesting room for improvement. No critical vulnerabilities or exposed sensitive data were found. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include enabling DNSSEC, publishing explicit security policies, and adding terms of service to enhance transparency and trust.

K

KAB Page

kab.page

57

KAB Page is a technology-focused company offering a modern, AI-powered SEO website builder platform designed to enable users to quickly launch fast, secure, and search engine optimized websites. The business targets individuals and businesses seeking competitive online presence with easy-to-use tools and AI assistance. The website demonstrates a good level of digital maturity, leveraging the Astro framework for performance and SEO optimization. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site is professional, trustworthy, and well-positioned in its niche.

B

Brainz Immersive s. r. o.

immersive.cz

42

Brainz Immersive s. r. o. is a Prague-based immersive creative studio specializing in virtual and augmented reality experiences. Founded in 2019 and part of the BRAINZ STUDIOS group, the company offers a comprehensive suite of services including AR/VR creative development, 360° video production, multi-platform app development, and immersive installations. Their client portfolio includes notable brands such as ŠKODA AUTO, Vogue, and Czech Radio, positioning them as a niche leader in immersive technology solutions for brands and entertainment. The website reflects a professional and modern digital presence with rich multimedia content and clear navigation. Technically, the site uses modern web technologies and frameworks, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and formal privacy or cookie policies, indicating room for compliance improvement. Analytics and marketing tracking are implemented via Google Analytics and Facebook Pixel, but without explicit cookie consent mechanisms. WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, Brainz Immersive demonstrates a strong market position in immersive technology with a professional online presence but should enhance privacy compliance and security best practices to further strengthen trust and regulatory adherence.

C

Christian Kiewaldt & Benjamin Braun GbR

kiwis-and-brownies.de

45

KIWIS & BROWNIES is a small German software development company specializing in custom enterprise software, eCommerce solutions using Magento, and promotional applications to increase reach and lead generation. The company operates primarily in the Gummersbach and Oberberg regions of Germany, targeting local businesses seeking digital transformation and marketing services. Their website reflects a professional and modern digital presence with a focus on clear communication and customer engagement via WhatsApp and downloadable informational materials. Technically, the website employs standard modern web technologies including HTML5, CSS, JavaScript with jQuery, and Google Fonts. The hosting is managed via DomainControl nameservers, and Magento is indicated as the eCommerce platform. The site is moderately optimized for performance and mobile devices, though accessibility features are basic. SEO practices are adequately implemented with meta tags and structured content. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a formal security policy or incident response contacts. The privacy policy is comprehensive and GDPR compliant, but no cookie consent mechanism is present, which is a compliance gap. No vulnerability disclosure or security.txt files are found, limiting transparency in security practices. Overall, the website presents a trustworthy and professional image suitable for its business scope. The risk level is moderate with recommendations to enhance security headers, implement cookie consent, and publish security policies to improve compliance and trust. The domain registration aligns with the business identity, supporting legitimacy.

The website mep.lt is currently a parked domain page indicating that the domain is for sale. It does not represent an active business or service provider. The content is minimal, primarily advertising the domain sale with no substantive business information, contact details, or privacy policies. The technical infrastructure relies on basic HTML, CSS, and JavaScript with embedded third-party iframes and ad scripts, which introduces potential security risks. There is no evidence of HTTPS enforcement or security headers, and no compliance with privacy regulations is demonstrated. Overall, the site lacks professionalism and trustworthiness, reflecting its status as a domain parking page rather than an operational business website.

V

Valga Muuseum

valgamuuseum.ee

40

Valga Muuseum is a regional cultural and educational institution based in Valga, Estonia, providing museum exhibitions, educational programs, research activities, and a museum shop. The website reflects a stable and established organization with a domain registered since 2010. The museum targets a broad audience including local visitors, students, and researchers, offering a variety of cultural and educational services. Technically, the website uses a common CMS (Greativ), standard JavaScript libraries, and integrates Google Analytics and Facebook SDK for tracking. The site is mobile-optimized with good navigation and content relevance. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks some security headers and a cookie consent mechanism, which impacts privacy compliance. Overall, the website is professional, trustworthy, and serves its purpose well.

The website 'Crveni popis Hrvatske' is an official Croatian government portal managed by the Ministry of Environment and Green Transition, specifically the Institute for Environmental Protection and Nature. It serves as a comprehensive resource for data on endangered wild species in Croatia, providing risk assessments, conservation information, and public education. The portal targets a broad audience including researchers, policymakers, and the general public interested in biodiversity and environmental protection. Technically, the site employs modern web technologies such as HTML5, CSS3, JavaScript, Chart.js for data visualization, and Leaflet.js for mapping. The presence of a CSRF token and HTTPS indicates a secure infrastructure, although some security headers are missing. Accessibility is addressed but with room for improvement, particularly in image alt attributes and text scaling. The site is moderately performant and mobile-optimized. From a security perspective, the portal demonstrates good practices including GDPR compliance, cookie consent mechanisms, and secure form handling. However, it lacks explicit incident response contact details and a published vulnerability disclosure policy. No critical vulnerabilities or suspicious activities were detected. WHOIS data confirms the domain's legitimacy and alignment with the governmental nature of the site. Overall, the website is trustworthy, professionally maintained, and fulfills its mission effectively. Strategic improvements in security headers, accessibility, and incident response transparency would further enhance its posture.

H

HDIT

hdit.hr

56

HDIT is a Croatian IT integration company established in 2006, specializing in IT system implementation, maintenance, custom software and web development, cybersecurity, and IT consulting. The company holds a strong market position as a leading system integrator and helpdesk support provider in Croatia. Their services cover comprehensive IT infrastructure and application solutions, supported by partnerships with major technology vendors. The website reflects a mature digital presence with professional design, clear navigation, and mobile optimization. Technically, the site is built on WordPress with modern plugins and follows good performance and accessibility standards. Security posture is solid with HTTPS, GDPR compliance, and ISO certifications, though some security headers and incident response disclosures could be improved. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

P

Placehold

placehold.co

55

Placehold is a small technology service offering a free, fast, and simple image placeholder generation platform supporting multiple image formats and customization options. The website is well designed, mobile optimized, and provides clear documentation for users, primarily targeting developers and designers needing placeholder images for projects. The technical infrastructure is modern, leveraging standard web technologies and Google Analytics for tracking, with advertising via Carbon Ads. Security posture is good with HTTPS enforced, but lacks security headers and formal policies such as privacy or cookie policies. No forms or sensitive data collection reduces risk exposure. Overall, the site is professional and trustworthy but could improve compliance and security transparency. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, and adding vulnerability disclosure information.

P

Pučko otvoreno učilište Katarina Zrinska – Ozalj

poukz.hr

54

Pučko otvoreno učilište Katarina Zrinska – Ozalj is a small educational institution based in Croatia, founded in 2022. The organization offers a variety of educational and creative programs targeting children, youth, retirees, and adults, focusing on lifelong learning and community engagement. The website reflects a local community-oriented business model with clear contact information and social media presence, positioning itself as a trusted local educational provider. Technically, the website employs modern front-end technologies including Bootstrap, jQuery, and various JavaScript libraries to provide a responsive and visually appealing user experience. While the site is mobile-optimized and well-structured, there is room for improvement in accessibility and SEO optimization. Hosting and domain registration are consistent with the business location, enhancing trustworthiness. From a security perspective, the website implements a cookie consent mechanism compliant with GDPR, but lacks visible advanced security headers and incident response information. No critical vulnerabilities or exposed sensitive data were detected in the provided content. The absence of terms of service and security policies suggests an opportunity to strengthen compliance and user trust. Overall, the website is functional, professional, and safe for general audiences. The risk level is low, but strategic improvements in security posture and privacy transparency would enhance the institution's digital maturity and trustworthiness.

G

Gradska knjižnica i čitaonica Ivana Belostenca

gkc-ivanabelostenca.hr

47

Gradska knjižnica i čitaonica Ivana Belostenca is a small, non-profit public library and cultural institution located in Ozalj, Croatia. It offers library services, cultural events, and access to significant historical works such as the Gazophylacium bilingual dictionary. The website serves as an informational portal for the local community and cultural enthusiasts. Technically, the site is built on Joomla CMS using common web technologies including jQuery, Bootstrap, and Google Maps API. The hosting is provided by ZoNet, a reputable Croatian hosting provider. The site is accessible, with clear navigation and consistent branding, but shows room for improvement in mobile optimization and accessibility. Security posture is moderate with HTTPS enabled but lacking important security headers and privacy compliance documentation. No forms or tracking scripts are present, minimizing privacy risks but also limiting interactivity. Overall, the website is trustworthy and professionally presented but would benefit from enhanced security and privacy measures.

jQuery Tools is an open source JavaScript UI library providing essential user interface components such as tabs, tooltips, overlays, and form utilities. The website serves web developers and site creators by offering demos, documentation, and downloads of the library. It holds a moderate market position as a popular UI toolkit used by various websites worldwide. The business model is centered on open source distribution without direct commercial offerings. Technically, the site uses jQuery and the jQuery Tools library, hosted on HostGator, with moderate performance and basic mobile optimization. The site lacks HTTPS in the HTML content, uses HTTP for script loading, and does not implement security headers or privacy policies, indicating a low security posture. Google Analytics is used for tracking without visible cookie consent, raising privacy compliance concerns. Overall, the website is professional and functional but requires significant improvements in security and privacy compliance to enhance trust and protect users.

APIS IT d.o.o. operates as an IT service provider specializing in identity federation and authentication services primarily for Croatian government entities such as Grad Zagreb and the Ministry of Culture. The website analyzed is a Home Realm Discovery page facilitating user authentication selection among trusted identity providers. The business targets organizational users within government and affiliated institutions, leveraging Microsoft Active Directory Federation Services (ADFS) technology to provide secure access management. The company holds a moderate market position as a government IT service provider with a medium-sized organizational footprint in Croatia. Technically, the site employs standard web technologies including HTML5, JavaScript, and CSS, integrated with Microsoft ADFS frameworks. The site is functional with basic mobile optimization and accessibility features but lacks advanced SEO and performance optimizations. The infrastructure appears stable but could benefit from enhanced security headers and improved user experience elements. From a security perspective, the site uses HTTPS and implements basic input validation on forms. However, it lacks explicit security headers such as Content-Security-Policy and Strict-Transport-Security, which are recommended for modern secure web applications. No privacy or cookie policies are present, indicating gaps in compliance and user transparency. No contact or incident response information is provided, limiting user support and security communication channels. Overall, the website is safe and professional for its intended government audience but requires improvements in privacy compliance, security hardening, and user support to enhance trust and regulatory adherence.

S

Stokker AS

stokker.com

64

Stokker AS is a leading sales and service company specializing in professional tools, machinery, and maintenance services primarily serving the Baltic region and Europe. With over 30 years of experience, it operates both physical tool centers and an e-commerce platform, offering a broad range of products and services including a loyalty program and financing solutions. The company positions itself as a reliable partner with extensive expertise and a large maintenance team. Technically, the website is built on modern frameworks such as Next.js and React, integrating Google Tag Manager and Salesforce Live Agent for analytics and customer support. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, although some advanced security policies and incident response information are not publicly disclosed. Privacy and cookie policies are present and GDPR compliant. Overall, the website is professional, user-friendly, and trustworthy, though the absence of WHOIS data introduces some uncertainty about domain registration details.

DVD Novalja is a small, local volunteer firefighting organization based in Novalja, Croatia, serving the community on the island of Pag. The website provides information about their firefighting activities, technical interventions, and community safety efforts. The organization appears to be well-established with a domain age dating back to 2005, consistent with their operational history. The site targets local residents and visitors needing emergency and safety information. Technically, the website uses older web technologies such as jQuery 1.4.2 and lacks modern security features like HTTPS and security headers. The site is basic in design and functionality, with limited mobile optimization and no visible analytics or tracking tools. Contact information is clearly presented, but there are no privacy or cookie policies, which is a compliance gap. From a security perspective, the absence of HTTPS and use of outdated libraries pose risks. No advanced security policies or incident response contacts are provided. The site does not appear to collect user data via forms, reducing exposure but also limiting engagement. Overall, the security posture is weak and requires improvements to protect users and enhance trust. The overall risk is moderate due to the lack of encryption and outdated technology, but the site content is safe and non-malicious. Strategic recommendations include implementing HTTPS, updating libraries, adding privacy and cookie policies, and enhancing security headers to improve compliance and user trust.

I

Institut za Neuromarketing

neuromarketinginstitut.com

55

Institut za Neuromarketing is a specialized Croatian institute providing neuromarketing services including neuroadvertising, neurobranding, scientific and expert research, and advanced technologies such as EEG, eye tracking, biometric methods, and facial coding. The website positions the institute as a market leader in Croatia with a focus on business and scientific clients. The digital infrastructure is built on WordPress with modern plugins and tools, ensuring good performance and mobile optimization. Privacy and cookie policies are well implemented, reflecting GDPR compliance. Security posture is adequate with HTTPS and reCAPTCHA usage, though improvements in DNSSEC and security headers are recommended. Overall, the website is professional, trustworthy, and well-maintained, supporting the institute's credibility and market presence.

D

Dizajn Studio Novalja

novalja.info

33

Novalja.info is a regional tourism portal dedicated to providing comprehensive information and direct booking options for private accommodation on the island of Pag, Croatia, focusing on the city of Novalja and surrounding destinations. The website offers a variety of services including accommodation listings, live web cameras, weather forecasts, ferry schedules, and local news, targeting tourists and visitors planning their holidays. The business operates as a small-sized entity with a long-standing presence since 2005, managed by Dizajn Studio Novalja. Technically, the website relies on legacy technologies such as an outdated jQuery version and lacks HTTPS, which impacts its security posture and user trust. The site uses Google Analytics and Tag Manager for visitor tracking but does not provide visible privacy or cookie policies, indicating limited privacy compliance. Security-wise, the absence of HTTPS and modern security headers, combined with outdated libraries, exposes the site to potential vulnerabilities. Overall, the website is functional and content-rich but requires significant improvements in security and privacy to meet modern standards.