Security Directory

Ž

Življenjska zavarovalnica Vita

zav-vita.si

64

Življenjska zavarovalnica Vita operates as the largest bank-affiliated life insurance provider in Slovenia, offering health and life insurance products with 24/7 customer support. The company positions itself as a trustworthy insurer with transparent terms and no fine print, targeting a broad Slovenian audience. The website reflects a professional and consistent brand image aligned with its banking parent company, NLB. Technically, the site employs modern JavaScript frameworks, Google Tag Manager for analytics, and Google reCAPTCHA for bot protection, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and bot protection but lacks explicit security headers and published security policies. Privacy compliance is weak due to missing privacy and cookie policies and no visible consent mechanisms. Overall, the site is safe, professional, and credible but would benefit from enhanced privacy and security transparency.

The website gemeinwohlprojekte.at operates as a crowdfunding platform dedicated to financing projects that promote the common good, including sustainable development, social initiatives, and ecological projects primarily in Austria. It offers services such as project submission, support, and verification, targeting individuals and organizations interested in social impact investments. The platform is built on TYPO3 CMS and integrates Piwik/Matomo analytics with privacy-conscious settings. The site features secure login and registration forms with password encryption and provides clear privacy and cookie policies compliant with GDPR. Social media presence is established on Facebook, YouTube, and Twitter, enhancing community engagement. However, the absence of WHOIS data for the domain raises some concerns about domain registration transparency.

F

fairchat

fairchat.net

67

The website fairchat.net appears to be a technology-focused platform, likely related to chat or messaging services, as indicated by the site title and domain name. The domain was registered in 2017 and is maintained with a reputable registrar, suggesting a stable presence. However, the website content is minimal and lacks detailed business descriptions, contact information, or legal policies, which limits the ability to fully assess the business model or market position. Technically, the site uses the Meteor.js framework and custom JavaScript, with moderate performance and basic mobile optimization. Security posture is moderate but could be improved by enabling DNSSEC, adding security headers, and publishing privacy and cookie policies. No signs of WAF or content blocking were detected, allowing full content access for analysis.

B

Bio en Grand Est

biograndest.org

9

Bio en Grand Est is a regional non-profit organization dedicated to supporting and promoting organic agriculture in the Grand Est region of France. The website serves as a network hub for organic producers and provides information, news, events, and resources related to organic farming. The organization targets both professionals in the organic sector and consumers interested in organic products. The site is professionally designed using WordPress and integrates modern web technologies and plugins to deliver a good user experience. Social media integration and structured data enhance its digital presence. Security measures such as HTTPS and reCAPTCHA are implemented, but there is room for improvement in DNS security and HTTP headers. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Overall, the website is trustworthy and serves its business purpose effectively.

K

Koop Domeinnaam

cookiebanner.eu

8

Koop Domeinnaam operates as a domain reseller specializing in selling domain names such as cookiebanner.eu. The website is a straightforward landing page offering the domain for sale at a fixed price, targeting individuals or businesses interested in acquiring domain names quickly. The business model is simple and focused on domain sales with immediate invoicing and transfer token delivery. The market position is that of a niche domain reseller within the Netherlands, with a small-scale operation and basic online presence. Technically, the website employs standard HTML5, CSS, and JavaScript, with Cloudflare services used for CDN and security purposes. The site is moderately optimized for performance and mobile devices but lacks advanced frameworks or CMS platforms. SEO and accessibility features are basic, and no analytics or tracking services are detected, indicating minimal data collection. From a security perspective, the site benefits from Cloudflare's protection but lacks explicit security headers and cookie consent mechanisms, which are important for GDPR compliance. No forms or sensitive data collection points are present, reducing attack surface. The absence of detailed security policies and incident response information suggests limited security maturity. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the limited scope and content of the site, but improvements in privacy compliance, security headers, and transparency would enhance trustworthiness and regulatory adherence. Strategic recommendations include implementing cookie consent, adding security headers, publishing terms of service, and improving mobile and accessibility features.

S

Svazek obcí Dobříšska a Novoknínska

dobrisskonovokninsko.cz

10

Svazek obcí Dobříšska a Novoknínska is a regional governmental association serving municipalities in the Dobříš and Nový Knín areas of the Czech Republic. The website provides official information, documents, event calendars, and contact services aimed at local government officials and residents. The site is well-structured with clear navigation and comprehensive content relevant to its audience. Technically, it uses a CMS platform (Vismo), integrates Google Analytics with GDPR-compliant consent mechanisms, and employs Google reCAPTCHA for form security. The security posture is solid with HTTPS and form protections, though it lacks some advanced HTTP security headers. Overall, the site demonstrates good privacy compliance and business credibility consistent with a small governmental entity.

The domain regiotv.cz is currently expired and parked, showing no active business content or services. The website primarily serves as a placeholder with advertising iframes and links to domain sale contact pages. There is no evidence of an operational company or digital services under this domain. The technical infrastructure is minimal, relying on basic HTML and JavaScript with external ad and tracking scripts. No CMS or modern frameworks are detected. Security posture is weak due to lack of HTTPS enforcement, absence of security headers, and expired domain status. Privacy and compliance policies are missing, indicating non-compliance with GDPR and related regulations. Overall, the site presents a low trust profile and minimal business credibility.

Mailocator is a Czech Republic based technology company operating a premium display marketing platform focused on increasing conversions and collecting valuable marketing data. Founded in 2016, the company offers a SaaS solution with a wide range of campaign types including lead generation, gamification, countdowns, and product recommendations. The platform integrates with over 55 popular email marketing and CRM tools, positioning Mailocator as a versatile marketing technology provider for ecommerce, content websites, agencies, and developers. The website demonstrates a professional design with clear navigation and good mobile optimization, supporting a positive user experience. Technically, the site uses modern JavaScript, Google Tag Manager, and asynchronous script loading, ensuring moderate performance and SEO optimization. Security posture is good with HTTPS enforced and no exposed sensitive data, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is limited by the absence of a visible privacy policy page, despite a cookie consent mechanism being implemented. Overall, Mailocator presents a trustworthy and credible business with clear contact information and social media presence, though it should enhance privacy transparency and security policies to strengthen compliance and user trust.

M

ME-METAL

me-metal.cz

47

ME-METAL is a Czech manufacturing company specializing in precision milling and turning of parts primarily from aluminum alloys, steel, and plastics. Founded in 1994 and operating from a large facility near Chomutov, the company focuses on small batch and custom production, serving both domestic and international clients. Their business model includes full production services with in-house transport for delivery. The website reflects a stable and established market position with over 30 years of experience and a consistent brand presence. Technically, the website is built using Nicepage site builder with standard web technologies including HTML5, CSS3, JavaScript, and jQuery. Hosting is likely provided by WEDOS, consistent with the registrar and nameservers. The site is mobile optimized and SEO friendly, though accessibility features are basic. No advanced analytics or advertising tools are detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS (inferred though not explicitly confirmed), includes GDPR and cookie consent mechanisms, but lacks explicit security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the content. WHOIS data is consistent and supports the legitimacy of the domain and business. Overall, the website presents a professional and trustworthy image with good content quality and privacy compliance. Security posture is moderate with room for improvement in security headers and incident response transparency. The risk level is low, but strategic enhancements in security documentation and technical hardening are recommended.

I

INPROMA, spol. s r.o.

inproma.cz

57

INPROMA, spol. s r.o. is a Czech manufacturing company specializing in precise machining of metal castings and profiles, as well as ventilation products under the RENSON brand. The company targets industrial and business clients requiring high-quality engineering production services. The website reflects a medium-sized enterprise with a professional online presence, including certifications such as TUV and IATF, which enhance its market credibility. The site is well-structured, mobile-optimized, and provides clear contact information, supporting effective client engagement. Technically, the website uses standard web technologies including HTML5, CSS3, JavaScript, and Google Web Fonts. It employs a slider for visual content and has implemented a cookie consent mechanism compliant with GDPR. However, the security headers are minimal, with an empty Content-Security-Policy and absence of other common security headers, indicating room for improvement in security hardening. The site uses HTTPS, ensuring encrypted communications. From a security perspective, the site shows moderate maturity with HTTPS and cookie consent but lacks comprehensive security headers and visible incident response or vulnerability disclosure policies. The absence of WHOIS data raises concerns about domain registration transparency, although the website content and certifications suggest legitimacy. No signs of malware or phishing were detected, and the content is safe for general audiences. Overall, the website presents a professional and trustworthy business front with moderate technical and security maturity. Strategic improvements in security headers, WHOIS transparency, and incident response documentation would enhance its security posture and trustworthiness.

C

Crowdin

crowdin.com

75

Crowdin is a well-established localization and translation management platform founded in 2008 and headquartered in Estonia. It serves teams and businesses by providing a comprehensive SaaS solution that integrates AI-powered translation, automated workflows, and extensive integrations with development and marketing tools. The platform is positioned as a leader in the localization technology market, offering services tailored for engineering, marketing, support, design, and translation teams. Crowdin's website reflects a mature digital infrastructure with fast performance, mobile optimization, and strong SEO practices. The use of modern analytics and monitoring tools such as Google Analytics, PostHog, and Sentry indicates a high level of digital maturity. Security posture is robust with HTTPS enforcement, security headers, CSRF protections, and Cloudflare bot management, although explicit security policies and incident response information are not publicly detailed. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Overall, Crowdin presents a trustworthy and professional online presence with strong business credibility and technical implementation.

Kristy z Ostravy is a small freelance marketing specialist business based in Ostrava, Czech Republic, founded in 2024. The website presents professional marketing services including strategy, online marketing, and event support targeted at local firms and entrepreneurs. The business positions itself as a local expert with a passion for Ostrava and marketing. Technically, the website is built on WordPress using the Astra theme, integrating modern marketing and analytics tools such as Google Tag Manager and Hotjar. Cookie consent is implemented, indicating awareness of privacy compliance, though no explicit privacy policy or terms of service pages were found. Security posture is good with HTTPS enabled and no exposed sensitive data, but could be improved by adding explicit security headers and incident response information. Overall, the website is professional, well-branded, and trustworthy with moderate SEO and mobile optimization.

R

RFM

rfm.fr

44

RFM is a well-established French radio station with a strong digital presence offering live streaming, music news, podcasts, contests, and video content. The website targets French-speaking audiences interested in music and entertainment. Technically, the site uses modern web technologies including JavaScript frameworks and CDNs under the lanmedia.fr domain, indicating corporate hosting and infrastructure. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the site enforces HTTPS and uses privacy and cookie consent mechanisms, but lacks explicit security headers and detailed security policies. WHOIS data is unavailable, which reduces transparency but the site’s professional appearance and active content suggest legitimacy. Overall, the site scores well on content quality, technical implementation, privacy compliance, and business credibility, with room for improvement in security posture and transparency.

W

Washington University in St. Louis

washubears.com

64

Washington University in St. Louis operates an official athletics website providing comprehensive information about its NCAA Division III sports teams, schedules, rosters, news, and athletics department resources. The site targets students, athletes, alumni, and sports fans, serving as a central hub for university sports engagement. The business model is focused on supporting university athletics and community involvement, positioning itself as a trusted source for sports information within the education sector. Technically, the website leverages a modern JavaScript stack including jQuery, RequireJS, Knockout.js, and integrates with Google Tag Manager and Google Analytics for tracking. It is hosted on Cloudfront CDN with DNS managed by Rackspace. The site is mobile optimized, accessible, and uses the Sidearm Sports CMS platform, reflecting a mature digital infrastructure suitable for its audience and purpose. From a security perspective, the site enforces HTTPS and employs standard domain protections but lacks DNSSEC and some advanced security headers like Content Security Policy. No WAF or blocking mechanisms were detected, and no critical vulnerabilities were found in the visible content. Privacy compliance is partial, with a privacy policy present but no explicit cookie consent mechanism despite active tracking scripts. Overall, the website demonstrates a solid security posture and business credibility with room for improvement in privacy compliance and DNS security. Strategic recommendations include enabling DNSSEC, implementing a cookie consent banner, adding security headers, and publishing a vulnerability disclosure policy to enhance trust and compliance.

WilldooIT Pty Ltd is a well-established Australian company specializing in Odoo ERP software solutions tailored for diverse industries including timber, food distribution, manufacturing, and renewables. With over 15 years of experience and multiple industry awards such as the Odoo APAC Partner of the Year, WilldooIT holds a strong market position as a trusted ERP partner in Australia and New Zealand. Their business model focuses on B2B consulting, implementation, custom development, and ongoing support services, targeting medium-sized enterprises seeking to streamline operations and improve productivity through ERP technology. Technically, the website is built on the Odoo CMS platform, hosted on Amazon Web Services, and incorporates modern web technologies including JavaScript, FontAwesome, Google Tag Manager, and Hotjar for analytics and user behavior tracking. The site demonstrates good performance, mobile optimization, and SEO practices, reflecting a mature digital infrastructure. However, there is room for improvement in security headers and DNSSEC implementation. From a security perspective, the website enforces HTTPS and includes CSRF tokens, indicating attention to secure session management. No critical vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present with consent mechanisms, though explicit GDPR compliance indicators are limited. The absence of a published security policy or incident response contact is noted as an area for enhancement. Overall, WilldooIT presents a professional, trustworthy online presence with strong business credibility and a solid technical foundation. The security posture is good but could benefit from additional hardening measures. The website content is safe for general audiences, and the company provides clear contact information and transparent policies. Strategic recommendations include enabling DNSSEC, adding security headers, publishing a security policy, and enhancing GDPR compliance to further strengthen trust and security.

Shen Yun Performing Arts is a globally recognized performing arts company specializing in classical Chinese dance and music, established in New York in 2006. The company focuses on reviving and presenting traditional Chinese culture through breathtaking performances that include classical dance, ethnic and folk dance, and orchestral music. Their market position is strong as a premier classical Chinese dance company with a broad international audience. The website reflects a professional and consistent brand image with multilingual support, targeting a general audience interested in cultural and performing arts experiences. Technically, the website employs modern JavaScript libraries, analytics tools, and accessibility features, indicating a mature digital infrastructure. However, some areas such as explicit privacy and cookie policies and WHOIS transparency could be improved. Security posture is good with HTTPS and no visible vulnerabilities, but security headers and incident response information are lacking. Overall, the site is trustworthy and well-maintained but would benefit from enhanced privacy compliance and domain registration transparency.

The website mestafrica.com/lander is currently a minimal placeholder or parking page with very limited content. It primarily serves advertising via Google Adsense and does not provide any business-related information, contact details, or policies. The domain is newly registered in November 2023 through GoDaddy, with no privacy protection on WHOIS data. The technical infrastructure is basic, using JavaScript and a proprietary 'PW' lander system, hosted on GoDaddy's DNS servers without DNSSEC enabled. Security posture is weak due to lack of HTTPS enforcement details, missing security headers, and absence of privacy or cookie policies. Overall, the site lacks professionalism and trust indicators, making it unsuitable for business or customer engagement in its current state.

M

MSA

msa.fr

63

The website www.msa.fr/lfp represents the official online portal of the MSA (Mutualité Sociale Agricole), the French agricultural social security organization. It provides comprehensive social protection services including health insurance, family benefits, retirement pensions, and work accident coverage for agricultural workers and employers in France. The portal targets individuals, exploitants, employers, partners, and elected representatives within the agricultural sector. The business model is that of a government social security entity, serving a large user base with essential social services. The website is professionally designed with clear navigation and multiple service sections tailored to different user groups. Technically, the site is built on the Liferay CMS platform, utilizing modern JavaScript libraries such as YUI, jQuery, Bootstrap, and Clay components. It incorporates a secure login mechanism via OpenID Connect and includes a cookie consent banner, indicating attention to privacy compliance. The site is mobile-optimized and accessible, with good SEO practices evident from meta tags and structured navigation. From a security perspective, the site enforces HTTPS and uses secure authentication flows. While explicit security headers and policies are not visible in the HTML, the overall posture appears strong with no evident vulnerabilities or exposed sensitive data. However, the absence of a published security policy, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in transparency and security communication. Overall, the website is a trustworthy and authoritative source for agricultural social security services in France. The lack of WHOIS data limits domain registration trust analysis but does not detract from the site's legitimacy given its government affiliation and professional presentation. Strategic recommendations include publishing privacy and security policies, adding security.txt for vulnerability reporting, and enhancing contact information for security incidents to strengthen trust and compliance.

S

Systek AS

systek.no

64

Systek AS is a Norwegian employee-owned consultancy specializing in digital solutions and software development, serving both public sector and private clients. Founded in 2022, the company offers a broad range of services including platform and cloud services, Java and Kotlin development, project management, frontend development, testing and automation, data analytics, .NET, architecture, and design. Their market position is solid within Norway, supported by reputable clients such as Skatteetaten and Digitaliseringsdirektoratet. The website is professionally designed, mobile-optimized, and content-rich, targeting businesses and government organizations seeking digital transformation expertise. Technically, the site uses modern frameworks like Astro and JavaScript libraries such as Konva.js, with fast performance and good SEO and accessibility practices. Security posture is good with HTTPS enforced and no cookies used, though explicit security headers and incident response policies are absent. Privacy compliance is adequate with a privacy policy present but no cookie consent mechanism. Overall, the domain registration aligns with the business information, indicating legitimacy and transparency.

E

ESET

eset.cz

74

ESET is a globally recognized cybersecurity company providing advanced antivirus and internet security solutions for both personal and business use. The website targets Czech-speaking customers, offering localized content and support. The company positions itself as a trusted leader with over 30 years of experience, emphasizing reliable protection and local customer service. Technically, the website is built on TYPO3 CMS, uses modern JavaScript libraries, and integrates Google Tag Manager and Bing tracking for analytics and marketing. Security posture is strong with HTTPS enforced and multiple security headers present, though explicit incident response contacts and security.txt are not found. Overall, the site is professional, secure, and compliant with GDPR, reflecting a mature digital presence.

C

Creatim d.o.o.

creatim.com

70

Creatim d.o.o. is a well-established Slovenian digital solutions company with over 25 years of experience, specializing in web applications, portals, e-commerce, AI, and user experience design. The company targets businesses seeking digital transformation and offers comprehensive services from strategy to long-term support. Their market position is strong, supported by multiple industry awards and certifications including ISO 27001. Technically, the website is built on a modern stack with advanced accessibility features and good SEO practices, reflecting a mature digital infrastructure. Security posture is robust with HTTPS, security certifications, and regular audits, though explicit security headers and incident response contacts could be improved. Overall, the website is professional, trustworthy, and compliant with privacy regulations, though the lack of WHOIS data for the domain introduces some uncertainty about domain registration legitimacy.

K

Kolektor

kolektorgradbenistvo.si

46

Kolektor Gradbeništvo is a construction-focused branch of the Kolektor group, operating primarily in Slovenia with a strong emphasis on infrastructure, high-rise buildings, and reinforced concrete structures. The company leverages its subsidiaries Kolektor Koling and Kolektor CPG to deliver comprehensive construction engineering services. The website reflects a mature business with a clear market position in the regional construction sector, targeting industry clients and potential employees. Technically, the site uses modern JavaScript libraries and tracking tools, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms, though it lacks explicit security headers and documented security policies. Overall, the site is professional, trustworthy, and safe for general audiences.

The website at yfdnzfa.com presents minimal accessible content, primarily consisting of an invisible tracking pixel and an embedded iframe sourced from unrelated external domains. There is no visible business information, contact details, or user-facing content. The domain WHOIS data is suspicious, showing a creation date in the future (July 2025) and listing the registrar as PDR Ltd., a domain registrar service, without any registrant organization details. This raises concerns about the legitimacy and purpose of the domain. Technically, the site uses basic HTML and JavaScript but lacks modern security headers, DNSSEC, and privacy compliance mechanisms. The embedded third-party content suggests potential user tracking and profiling. Overall, the site appears to be a placeholder or a tracking intermediary rather than a legitimate business website.

G

GambleAware

gambleaware.org

11

GambleAware is a UK-based non-profit organization dedicated to providing free, confidential advice and support for individuals affected by gambling harms, including their family and friends. The website offers a comprehensive range of services such as a gambling harms assessment, support tools including a dedicated app, live chat, and a helpline. It also provides research publications and a service finder to locate local support. The organization partners with GamCare to deliver live support services, reinforcing its position as a leading entity in gambling harm prevention in Great Britain. Technically, the website employs modern JavaScript libraries and frameworks, including jQuery, Google Tag Manager, Cookiebot for consent management, and Gleap for user feedback. The site is well-optimized for mobile devices, features fast loading times, and includes accessibility considerations. The use of HTTPS and secure third-party integrations indicates a strong digital maturity. From a security perspective, the site enforces HTTPS and integrates consent management to comply with privacy regulations. While explicit security headers are not fully visible in the HTML, the overall posture is strong with no exposed sensitive data or vulnerable libraries detected. However, the absence of publicly available incident response or vulnerability disclosure policies suggests room for improvement. Overall, GambleAware presents a trustworthy, professional, and user-centric platform with a high level of content quality and security. The lack of WHOIS data due to privacy protection is justified given the sensitive nature of the services offered. Strategic recommendations include enhancing transparency around security policies and publishing a security.txt file to facilitate vulnerability reporting.

P

Plinko

safetysleeve.cz

9

The website safetysleeve.cz (content points to plinkohra.cz) is an informational and promotional platform focused on the Plinko gambling game targeted at Czech players. It provides detailed guides, game mechanics, casino recommendations, and demo access to Plinko games. The site leverages Cloudflare for DNS and CDN services and uses modern web technologies including JSON-LD structured data for SEO and rich snippets. The content is well-structured, mobile-optimized, and professionally presented, though it lacks explicit cookie consent and some security headers. The domain WHOIS data is suspicious due to a future creation date, which undermines trust and raises questions about legitimacy. Contact information is limited to an email address, with no phone or physical address provided. Social media presence is established across multiple platforms, enhancing credibility. Overall, the site is functional and informative but requires improvements in privacy compliance and security transparency.

ArtMoment is a newly launched business in Slovakia focused on offering creative workshops. The website serves primarily as a landing page to announce the upcoming launch and collect newsletter subscriptions, incentivizing sign-ups with a promotional 1+1 voucher. The business appears to be a small-scale operation targeting general consumers interested in creative activities. Technically, the website uses standard modern web technologies including Google Tag Manager and Facebook Pixel for marketing and analytics. Hosting is inferred to be with Wedos based on nameservers. Security posture is basic with no advanced headers or policies detected, and no privacy or cookie policies published, indicating room for compliance improvements. The domain registration is recent but consistent with the business launch timeline, supporting legitimacy. Overall, the site is safe, professional at a basic level, and suitable for general audiences.

M

MediaGuru.cz

mediaguru.cz

9

MediaGuru.cz is a Czech online media platform focused on delivering news, insights, and information related to media, advertising, and marketing. The website targets professionals in the media and marketing sectors as well as the general public interested in these topics. It offers a variety of content including articles, interviews, event listings, and video showcases of advertising campaigns. The platform maintains a consistent brand presence and integrates social media channels to engage its audience. Technically, the website employs modern JavaScript libraries and tracking tools such as Google Analytics, Google Tag Manager, Microsoft Application Insights, and Gemius for audience measurement. It uses Azure CDN for content delivery, ensuring moderate performance and good mobile optimization. The site is served over HTTPS, enhancing security, though some security headers are not explicitly detected in the HTML source. From a security perspective, the site enforces HTTPS and includes a default cookie consent mechanism denying ad and analytics storage until user consent. However, it lacks visible privacy and cookie policies, terms of service, and security.txt files, which are important for compliance and transparency. The absence of WHOIS data for the domain reduces trustworthiness and transparency, although the website content and technical setup appear professional and legitimate. Overall, MediaGuru.cz presents as a credible and professional media news platform with room for improvement in privacy disclosures, security headers, and domain registration transparency. Strategic recommendations include publishing comprehensive privacy and cookie policies, implementing security headers, and clarifying domain registration details to enhance trust and compliance.

G

Chat Button for Your Website: WhatsApp, ChatGPT, Messenger | GetButton

getbutton.io

49

GetButton.io is a technology company providing an all-in-one chat button solution that integrates popular messaging platforms such as WhatsApp, Messenger, Instagram, and AI-powered chatbots including Custom ChatGPT. The service targets website owners and businesses aiming to enhance visitor engagement through seamless chat interactions. With over 736,000 websites trusting their solution, GetButton.io holds a strong market position in the customer engagement SaaS sector. The company was founded in 2019 and operates with a medium-sized business profile based in Malta. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript with Knockout.js for UI bindings, and leverages Cloudflare for DNS and CDN services. The site is mobile-optimized, SEO-friendly, and integrates third-party services such as CookieYes for GDPR-compliant cookie consent and FastSpring for payment processing. Analytics are conducted via Yandex Metrica, with extensive user tracking managed through cookies and device scanning. From a security perspective, the website enforces HTTPS, employs clientTransferProhibited domain status, and provides a granular cookie consent mechanism. However, DNSSEC is not enabled, and explicit security policies or incident response contacts are not published. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, GetButton.io presents a professional and trustworthy digital presence with good privacy compliance and security posture. The absence of explicit privacy policy and terms of service documents on the main page is a notable gap. Strategic recommendations include enabling DNSSEC, publishing comprehensive privacy and security policies, and adding vulnerability disclosure information to enhance transparency and trust.

E

European University Foundation

uni-foundation.eu

9

The European University Foundation (EUF) operates as a non-profit organization focused on fostering collaboration among European universities and supporting higher education initiatives. The website presents a professional and consistent brand image, targeting academic institutions and stakeholders within the European education sector. The technical infrastructure is based on WordPress with the Divi theme, leveraging modern web technologies and integrating Google Analytics and Tag Manager for user tracking and analytics. The site demonstrates moderate digital maturity with good mobile optimization and basic SEO practices. Security posture is adequate with HTTPS enforced and cookie consent implemented; however, the absence of explicit security headers and lack of published privacy and security policies indicate areas for improvement. Overall, the website is safe, trustworthy, and suitable for a general audience, but could enhance compliance and security transparency to strengthen user trust and regulatory adherence.

C

CESAER

cesaer.org

68

CESAER is a prominent non-profit association representing over 50 leading universities of science and technology across more than 25 European countries. The organization serves as a unified voice advocating for the interests of its members in European research and education policy arenas, including the European Research Area and European Education Area. Its key services include advocacy, networking, policy influence, organizing events, and publishing relevant materials to support its mission. The website reflects a professional and consistent brand image, targeting academic institutions, researchers, and policymakers in the science and technology education sector. Technically, the website employs modern web technologies such as HTML5, CSS3, JavaScript, and utilizes libraries like Slick Slider and a custom cookie consent mechanism (Brainlane Cookiewall). The site is mobile-optimized with good SEO practices and moderate performance. While no CMS or hosting provider is explicitly identified, the infrastructure appears stable and well-maintained. From a security perspective, the site enforces HTTPS and implements a granular cookie consent mechanism, demonstrating compliance with GDPR. However, it lacks explicit security headers and does not provide visible security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data is unavailable or privacy protected, which is common and justified for non-profit organizations, and no suspicious patterns were found. Overall, CESAER's website is a credible, secure, and well-maintained platform that effectively supports its mission. Strategic recommendations include enhancing security headers, publishing a security policy, and improving accessibility features to further strengthen its security posture and compliance.

E

Eugloh

eugloh.eu

40

EUGLOH is a European University Alliance focused on global health, uniting nine research-intensive universities to provide innovative education, research, and international collaboration opportunities. The website is professionally designed using TYPO3 CMS and integrates Matomo analytics with privacy-conscious settings. Security posture is generally good with HTTPS enforced and no exposed sensitive data, though improvements are recommended in security headers and cookie consent mechanisms. The domain is privacy protected under EURid, which is typical for EU domains, and the website content strongly supports legitimacy and trustworthiness. Overall, the site serves as a comprehensive platform for students, academics, and partners engaged in global health education and research.

The Extensible Web Manifesto website serves as a platform to promote a new philosophy for web standards development, emphasizing low-level capabilities and iterative JavaScript-based feature development. It targets web developers, standards committees, and browser vendors, positioning itself as a thought leadership and advocacy initiative within the technology sector. The site content is well-structured and professional, featuring notable industry signatories, but lacks commercial or transactional elements. Technically, the website uses standard web technologies including HTML5, CSS, JavaScript, Google Fonts, and integrates Google Analytics and AddThis for tracking and social sharing. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. No CMS or hosting provider details are evident. From a security perspective, the domain is stable and legitimate with a long registration period and appropriate domain status flags. However, the site lacks DNSSEC, security headers, and visible HTTPS enforcement details. Privacy and cookie policies are absent, which impacts compliance and user trust. Tracking technologies are present without clear consent mechanisms. Overall, the website is a credible and professional advocacy platform with moderate technical maturity and security posture. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and compliance.

V

Vykupujeme-online.cz

vykupujeme-online.cz

44

The website vykupujeme-online.cz operates as an online buyback platform primarily focused on purchasing used books and various types of games from customers in the Czech Republic. Founded in 2021, it targets general consumers looking for a convenient and quick way to sell their unwanted items online. The business model revolves around providing an easy-to-use online interface for submitting items and receiving payment, positioning itself as a niche player in the local retail market for second-hand books and games. The website features a professional design with good SEO and mobile optimization, leveraging modern web technologies such as Nuxt.js and Google Tag Manager for analytics and tracking. However, it lacks explicit privacy, cookie, and terms of service policies, which are critical for compliance and user trust.

Arche TI is a Canadian technology company specializing in Odoo ERP consulting, implementation, and optimization services. Positioned as the top Odoo integrator in Canada, they serve businesses primarily in Montreal, Quebec, Toronto, and other Canadian regions. Their key offerings include ERP consultation, project rescue, migration, customization, and ongoing support, targeting medium-sized businesses seeking digital transformation and operational efficiency. The company has a professional web presence with detailed service descriptions, client testimonials, and multiple office locations, reflecting a mature and credible business model. Technically, the website is built on the Odoo platform, leveraging modern web technologies such as JavaScript, FontAwesome, and Google Tag Manager for analytics. The site is mobile-optimized, accessible, and SEO-friendly, with fast to moderate performance. However, there is room for improvement in security headers and explicit privacy compliance features. From a security perspective, the site uses HTTPS and includes CSRF tokens, indicating a baseline security posture. The domain is registered with GoDaddy and secured with registrar locks, consistent with the business's age and claims. No critical vulnerabilities or suspicious patterns were detected, but the absence of a visible privacy policy and cookie consent mechanism represents compliance gaps. The presence of a named Data Protection Officer with contact details is a positive indicator. Overall, Arche TI presents a trustworthy and professional digital footprint with strong business credibility and technical maturity. Strategic enhancements in privacy compliance and security best practices would further strengthen their security posture and regulatory alignment.

B

Be Bouncy

bebouncy.com

9

Be Bouncy is an AI-driven social media management platform designed to simplify and optimize social media growth for creators, SMBs, and agencies. The platform offers a suite of tools including smart scheduling, analytics, automated moderation, and gamified team management, all powered by its AI agent Nimbus. The website demonstrates a modern technical infrastructure built on React and Next.js, providing a responsive and user-friendly experience. However, the absence of WHOIS registration data and some minor issues such as a suspicious YouTube link domain and lack of cookie consent mechanisms slightly reduce trustworthiness. Security posture is moderate with HTTPS implied but no explicit security headers detected. Overall, the platform presents a professional and promising solution in the social media SaaS market, but domain legitimacy verification and enhanced privacy compliance are recommended.

R

Reacteev

reacteev.com

9

Reacteev is a technology company specializing in product management, agile methodologies, and AI-powered organizational tools. The website presents a professional and modern interface built on React and Gatsby, indicating a mature digital infrastructure. The business appears to target organizations looking to enhance their product and agile processes through AI solutions. The domain registration data supports the legitimacy and stability of the business, with a domain age consistent with the company's founding year of 2015. However, the website lacks critical privacy and cookie policies, as well as explicit contact information, which impacts its compliance and trustworthiness scores. Security posture is moderate with HTTPS enabled but missing security headers and vulnerability disclosures.

I

Immoshoot

immoshoot.info

56

Immoshoot is a small real estate service provider with a website built on the Wix platform. The site presents basic branding and marketing content focused on real estate but lacks detailed business information, contact details, and compliance policies. Technically, the site uses Wix's standard technology stack with modern JavaScript polyfills and is hosted securely with HTTPS. However, the absence of privacy, cookie, and terms of service policies, as well as missing WHOIS data, limits the trust and compliance posture. Security headers and incident response information are also not present, indicating room for improvement in security maturity. Overall, the website is functional but basic, with moderate technical implementation and security posture.

Z

ZAZUMi – vše pro zahradu i domov

zazumi.cz

57

ZAZUMi.cz is a Czech Republic-based e-commerce retailer specializing in plants, gardening supplies, and pet products. The website offers a broad catalog of products for home and garden enthusiasts, including indoor plants, garden equipment, and pet accessories. The platform supports customer accounts with login and registration features and provides clear contact information for customer support. The site is professionally designed with good navigation and mobile optimization, targeting primarily Czech-speaking customers interested in gardening and home care. Technically, the website employs modern JavaScript libraries such as Algolia for search and Mailkit for email services, alongside Google Tag Manager for analytics. The site uses HTTPS, ensuring encrypted communication, but lacks visible security headers which could enhance protection against common web attacks. Performance is moderate with room for improvement in accessibility and SEO features. From a security perspective, the site demonstrates basic best practices such as secure login forms with CSRF tokens and encrypted connections. However, the absence of privacy and cookie policies, as well as no visible incident response or vulnerability disclosure mechanisms, indicates gaps in compliance and security maturity. The lack of WHOIS data for the domain raises concerns about domain registration transparency and trustworthiness. Overall, ZAZUMi.cz presents a functional and user-friendly e-commerce platform with a solid business focus but requires improvements in transparency, privacy compliance, and security hardening to enhance trust and regulatory adherence.

G

Gardners

gardners-eshop.cz

57

Gardners operates a professional e-commerce platform specializing in indoor plants, stylish flower pots, substrates, and plant care products primarily targeting the Czech market. The website is well-structured, with clear navigation and a comprehensive product catalog, positioning itself as the largest online shop for indoor plants in the region. The business model focuses on retail sales with additional services such as workshops and educational content. Technically, the site leverages the Shoptet e-commerce platform, integrates multiple analytics and marketing tools including Google Analytics, Facebook SDK, and Microsoft Clarity, and uses modern web technologies with CDN support for performance. Security posture is solid with HTTPS enforced, CSRF protection on forms, and cookie consent mechanisms, although explicit security policies and incident response information are not publicly available. The absence of WHOIS data reduces domain trust slightly but does not detract significantly from the overall legitimacy given the professional presentation and business focus. Overall, the website demonstrates a mature digital presence with good privacy compliance and user experience.

Rijksdienst voor Ondernemend Nederland (RVO) is a Dutch government agency dedicated to supporting sustainable and strong economic development. The agency provides a wide range of services including information dissemination, advisory support, financing options, and networking opportunities to entrepreneurs, individuals, governments, and knowledge institutions. The website reflects a mature digital presence with comprehensive content tailored to its diverse audience, emphasizing sustainability, innovation, and international business growth. The agency's market position is that of a key national facilitator for economic and environmental initiatives in the Netherlands.

The website mest.com is currently a parked domain with minimal content, primarily serving as a placeholder indicating the domain may be for sale. There is no active business presence or descriptive content about services or products. The site embeds an external iframe from an unrelated domain and includes multiple advertising and tracking scripts. The technical infrastructure is basic, with no detected CMS or advanced frameworks, and the hosting appears to leverage AWS Cloudfront CDN for static assets. Mobile optimization and accessibility are minimal, and SEO practices are poor due to lack of meaningful content and metadata. Security posture is weak, with no HTTPS enforcement visible in the provided data, no security headers, and no privacy or cookie policies, which raises compliance concerns. The WHOIS data shows the domain is old (registered in 1999) but uses parking DNS servers, consistent with the parked domain status. Overall, the site lacks business credibility and trust indicators, and the security and privacy compliance posture is poor.

The University of Wisconsin–Madison is a prestigious public research university located in Madison, Wisconsin, founded in 1849. It offers comprehensive education opportunities to undergraduate, graduate, and professional students, and is recognized as one of the top-ranked research institutions in the United States. The university emphasizes public service through the Wisconsin Idea, aiming to improve lives beyond campus boundaries. Its website reflects a mature digital presence with extensive content, clear navigation, and strong branding consistency. Technically, the site employs modern web technologies including Google Tag Manager, Google Analytics, and Eloqua for marketing and analytics. The site is well-optimized for mobile and accessibility, with good SEO practices. Hosting appears to be managed via university infrastructure or a dedicated CDN. Performance is moderate, with room for improvement in security headers and explicit security policy disclosures. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, featuring comprehensive privacy and cookie policies with user consent mechanisms. However, the absence of a published security policy or vulnerability disclosure program is noted. WHOIS data is unavailable, which is unusual but does not detract from the overall legitimacy given the institutional nature and external trust signals. Overall, the website is professional, trustworthy, and well-maintained, supporting the university's mission and public image effectively.

N

NRK P3

p3.no

61

NRK P3 is a well-established Norwegian public media channel focused on music, humor, and news, operating under the Norwegian Broadcasting Corporation (NRK). The website p3.no serves as a digital platform for their content, targeting Norwegian-speaking audiences interested in contemporary music and entertainment. The site demonstrates a mature technical infrastructure built on WordPress with modern JavaScript libraries and analytics tools, ensuring a good user experience and mobile optimization. Security posture is strong with HTTPS and security headers implemented, though visible privacy and cookie policies are lacking, indicating room for compliance improvement. Overall, the website is trustworthy and professionally managed, reflecting its status as a national broadcaster.

K

kode24

kode24.no

62

Kode24.no is a Norwegian online news portal dedicated to the developer community, providing news, opinions, guides, and reports related to programming and the Norwegian technology sector. The website serves a niche audience of Norwegian developers and tech professionals, positioning itself as a specialized media outlet within the technology and media industries. The business model revolves around content publication and job listings, supported by advertising partnerships. Technically, the site employs modern web technologies including responsive design, SVG graphics, and WebP images, ensuring a good user experience across devices. While the site uses HTTPS and modern scripts, explicit security headers and privacy policies are not found, indicating room for improvement in security and compliance. The WHOIS data is unavailable due to registry restrictions typical for .no domains, but the website content and structure indicate a legitimate and professional operation. Overall, the site demonstrates good content quality, technical implementation, and business credibility, with moderate privacy compliance and security posture.

S

Scoop.it

scoop.it

59

Scoop.it is a technology-driven content curation platform that enables professionals and businesses to discover, curate, and distribute relevant content efficiently. Positioned as a trusted leader in content marketing and distribution, it serves a broad audience including marketers, business intelligence professionals, and individual content curators. The platform offers a SaaS business model with free signup options and premium services, supported by a parent company, Meltwater. Technically, the website employs modern web technologies including React, HubSpot marketing tools, and robust cookie consent management via tarteaucitron.js, ensuring compliance with privacy regulations such as GDPR. The site is well-optimized for mobile and SEO, with a moderate performance profile leveraging CDN hosting. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are absent. Overall, the website demonstrates high professionalism, trustworthiness, and compliance, making it a reliable platform in its sector.

C

Commissariat à l’énergie atomique et aux énergies alternatives (CEA)

ceasciences.fr

59

The website represents the Direction de la Recherche Fondamentale (DRF) of the Commissariat à l’énergie atomique et aux énergies alternatives (CEA), a major French public research institution. It showcases extensive scientific research activities across multiple disciplines including physics, chemistry, biology, and health sciences, supported by a large community of over 6000 researchers. The site serves multiple audiences including researchers, institutional partners, journalists, and the general public, providing news, resources, and institutional information. The business model is focused on public research and innovation with strong ties to academic and industrial partners. Technically, the site is built on Microsoft SharePoint, leveraging standard web technologies and integrating Matomo analytics for user tracking and Google reCAPTCHA for bot protection. The infrastructure appears stable and professionally maintained, with moderate performance and basic mobile optimization. SEO and accessibility are adequately addressed, though some improvements could be made. From a security perspective, the site uses HTTPS and implements standard SharePoint security features such as form digest tokens. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not evident. Privacy compliance is good with a comprehensive GDPR-aligned privacy policy, but lacks a visible cookie consent mechanism. No incident response or vulnerability disclosure information is published. Overall, the website is trustworthy, professional, and aligned with the institutional identity of CEA. It poses low risk from a security and privacy standpoint but could enhance transparency and user consent mechanisms to improve compliance and user trust.

C

CEA-Leti

leti-cea.fr

59

CEA-Leti is a prominent French government research institute specializing in micro and nanotechnologies, focusing on applied research and innovation in wireless communication systems, biology and health, imaging, and micro-nano systems. The website reflects a well-established institution with a strong market position in technology research, supported by the Commissariat à l'Énergie Atomique et aux Énergies Alternatives (CEA). The site targets a broad audience including the general public, enterprises, journalists, and academic institutions. Technically, the website is built on Microsoft SharePoint, leveraging modern web technologies and analytics tools such as Matomo and Google reCAPTCHA for security. The security posture is solid with HTTPS enforced, though improvements could be made by adding security headers and cookie consent mechanisms. The absence of WHOIS data is noted but does not detract significantly from the site's legitimacy given its official nature and consistent branding. Overall, the site is professional, trustworthy, and serves as a comprehensive portal for CEA-Leti's research activities and partnerships.

C

CEA

prisonnier-quantique.fr

52

Le Prisonnier quantique is an educational interactive game developed and hosted by the French public research organization CEA. It aims to promote scientific and technical culture through a free browser-based adventure game targeting a general audience including students and educators. The website is well-branded with official CEA logos and partnerships, providing a trustworthy platform for educational content. Technically, the site uses standard web technologies with responsive design and integrates Matomo analytics for privacy-conscious user tracking. Security posture is adequate with HTTPS and no visible vulnerabilities, though security headers and explicit cookie consent mechanisms are missing. Contact information is limited to official CEA email addresses, supporting legitimacy but lacking phone or physical address details. Overall, the site is professional, secure, and suitable for its educational mission.

G

Galerie výtvarného umění v Ostravě, p. o.

gvuo.cz

49

Galerie výtvarného umění v Ostravě, p. o. is the oldest regional art gallery in Ostrava, Czech Republic, established in 1952. It operates as a non-profit cultural institution under the Moravskoslezský kraj (Moravian-Silesian Region) and offers art exhibitions, educational programs, virtual tours, and an e-shop. The website reflects a well-established institution with a clear focus on art and culture, targeting the general public and educational sectors. The business model is centered on cultural enrichment and public engagement rather than commercial profit. Technically, the website employs a modern technology stack including HTML5, CSS3, JavaScript libraries such as jQuery, Leaflet.js for maps, and Google Analytics for tracking. It uses the Shopnero CMS platform and is hosted by Active24. The site is mobile-optimized with good SEO practices and structured data enhancing search engine visibility. Performance is moderate with room for optimization. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent mechanisms. However, it lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with a clear privacy policy and GDPR adherence. Overall, the website is professional, trustworthy, and well-maintained, with a strong cultural and educational focus. Strategic improvements in security policies and accessibility could further enhance its posture and user trust.

D

Divadlo Petra Bezruče, s.r.o.

bezruci.cz

43

Divadlo Petra Bezruče, s.r.o. is a regional theatre company based in Ostrava, Czech Republic, providing theatrical performances, ticketing services, subscriptions, and cultural event hosting. The website serves as a portal for program schedules, ticket reservations, and company information, targeting local theatre audiences and cultural enthusiasts. The business operates with support from local government and cultural partners, positioning itself as a key cultural institution in the region. Technically, the website employs modern front-end technologies including Bootstrap, JavaScript libraries like WOW.js, and a cookie consent mechanism from TermsFeed. The site is mobile-optimized with responsive design and provides a user-friendly navigation experience. However, there is no evidence of a CMS or advanced analytics tools, and performance is moderate. From a security perspective, the site uses HTTPS but lacks visible security headers and published privacy or terms of service policies. Cookie consent is implemented with express consent, indicating some GDPR awareness. The absence of WHOIS data reduces domain trustworthiness, but the professional presentation and clear contact information mitigate some concerns. Overall, the website is functional and professional but would benefit from enhanced security practices, published privacy documentation, and WHOIS transparency to improve trust and compliance.