Security Directory

W

World Council of Churches

oikoumene.org

62

The World Council of Churches website serves as the digital presence for a large, established non-profit organization dedicated to fostering unity, justice, and peace among global Christian churches. The site offers rich content including news, events, resources, and educational materials, targeting a worldwide ecumenical audience. The organization is well-positioned in its sector with a history dating back to 1948 and a domain registered since 2003, reflecting stability and credibility. Technically, the website is built on Drupal 11, leveraging modern web technologies and hosted with Cloudflare DNS services. It demonstrates good mobile optimization, accessibility, and SEO practices. The presence of Google Analytics and social sharing tools indicates moderate user tracking balanced with privacy compliance, including a clear cookie consent mechanism. From a security perspective, the site enforces HTTPS, employs standard security headers, and restricts domain transfers, contributing to a strong security posture. However, DNSSEC is not enabled, and explicit security policies or incident response contacts are not published, representing areas for improvement. Overall, the website is professional, trustworthy, and safe for general audiences, with no adult or questionable content detected. The domain registration and website content are consistent, supporting a high legitimacy score. Strategic recommendations include enabling DNSSEC, publishing security and incident response policies, and adding vulnerability disclosure information to enhance transparency and trust.

V

Viva con Agua

vivaconagua.ch

54

Viva con Agua is a non-profit network dedicated to ensuring global access to clean drinking water. The organization operates primarily in Switzerland and targets a general audience interested in charitable causes and sustainability. Their website serves as an information hub and fundraising platform, promoting their water projects and branded mineral water. The site is multilingual, supporting German, French, and English, reflecting their international outreach. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO for optimization, Google Tag Manager for analytics, and multilingual support via WPML. The site demonstrates good mobile optimization and moderate performance, with a clean and professional design that enhances user experience. However, some accessibility features could be improved. From a security perspective, the site uses HTTPS with excellent SSL configuration and employs best practices such as no exposed sensitive data and secure script loading. Nonetheless, it lacks important security headers and formalized security policies such as a security.txt or incident response contacts. Privacy compliance is limited due to the absence of explicit privacy and cookie policies or consent mechanisms. Overall, Viva con Agua's website is a credible and trustworthy platform with strong business credibility and a good security posture. To further enhance their digital maturity and compliance, they should implement comprehensive privacy and cookie policies, add security headers, and provide clear incident response information.

S

Skat Foundation

skat-foundation.ch

49

Skat Foundation is a Swiss non-profit organization dedicated to development cooperation and sustainable development initiatives. The website presents a professional image with a focus on international development services, capacity building, and advisory roles. The target audience includes development professionals, donors, and partner organizations. The business model is typical for a non-profit foundation operating in the international cooperation sector. Technically, the website is built on WordPress using the Divi theme, with standard plugins for multilingual support and cookie consent management. The site is moderately optimized for performance and mobile devices, with basic accessibility and SEO features. Security posture is adequate with HTTPS enabled and a cookie consent mechanism in place; however, there is room for improvement in security headers and published security policies. No critical vulnerabilities or blocking mechanisms were detected. Overall, the domain registration data aligns well with the website's claims, indicating legitimacy and trustworthiness.

T

Treezor

treezor.com

76

Treezor is a European leader in Banking-as-a-Service, providing a comprehensive modular platform that enables fintechs and large businesses to embed financial services seamlessly into their customer journeys. The company offers a wide range of services including core banking, payment issuing and acquiring, SEPA payments, KYC/KYB compliance, and credit solutions. Their market position is strong within Europe, supported by a professional website with rich content, multilingual support, and visible trust indicators such as PCI DSS certification and client success stories. Technically, the website is built on WordPress with modern tools like WPBakery, jQuery, and Swiper.js, and integrates Google Analytics and Tag Manager for analytics. The site is mobile-optimized and SEO-friendly, though some accessibility features could be improved. Security posture is solid with HTTPS enforced and PCI DSS certification, but lacks some security headers and explicit incident response contact information. The WHOIS data is missing, which raises some concerns about domain registration transparency, but the professional presentation and business legitimacy mitigate this risk. No blocking or WAF challenges were detected, allowing full content analysis. Overall, the site demonstrates a mature digital presence with good security and compliance practices, suitable for its fintech audience. Recommendations include enhancing security headers, publishing an incident response policy, adding vulnerability disclosure mechanisms, and improving accessibility to further strengthen trust and compliance.

M

Mosaiq

mosaiq.ch

51

Mosaiq is a Swiss-based full-service marketing and communication agency specializing in integrated brand success. The company offers a broad range of services including consulting, content marketing, creative design, online marketing, and web development. Positioned as a trusted partner for small and medium-sized enterprises in the Mittelland region, Mosaiq emphasizes comprehensive brand identity and multi-channel communication strategies. The website reflects a professional and modern digital presence with strong branding consistency and client testimonials that reinforce trust. Technically, the website is built on WordPress with UIkit framework and leverages modern tools such as Google Tag Manager, Microsoft Clarity, and Brevo for marketing automation. The site is mobile-optimized, accessible, and SEO-friendly, indicating a mature digital infrastructure. Security measures include HTTPS enforcement and use of Google reCAPTCHA, although some security headers could be enhanced. The security posture is solid with no evident vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a clear privacy policy, cookie consent mechanism, and GDPR adherence. However, there is no explicit security policy or incident response information publicly available. Overall, the website and domain registration data indicate a legitimate and trustworthy business with a strong online presence. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and improving incident response contact visibility to further strengthen security and trust.

G

Gotthilf Benz Turngerätefabrik GmbH + Co KG

benz-sport.com

57

Gotthilf Benz Turngerätefabrik GmbH + Co KG operates a professional e-commerce platform specializing in sports equipment, targeting a broad audience in Germany and neighboring countries. The company positions itself as a quality manufacturer and retailer with a comprehensive product catalog and service offerings including maintenance and partner cooperation. The website is well-branded, consistent, and provides clear contact information and trust signals such as the EHI certification. Technically, the site is built on PrestaShop 1.7, leveraging modern web technologies and marketing tools like Google Tag Manager and Facebook Pixel, ensuring a moderate to good performance and mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, though there is room for improvement in security headers and explicit security policies. Overall, the site is trustworthy, GDPR compliant, and professionally maintained, supporting the company's retail business effectively.

Bayer AG is a globally recognized enterprise operating primarily in healthcare, agriculture, and related life sciences sectors. The website serves as the German country platform, providing localized content, news, and corporate information. Bayer holds a strong market position as a leader in pharmaceuticals and crop science, supported by a large enterprise scale and multiple subsidiaries such as Monsanto and Covestro. The site reflects a professional and consistent brand image with comprehensive content tailored to a broad audience including customers, investors, and partners. Technically, the website is built on Drupal 11, leveraging modern web technologies and third-party services such as Google Analytics, Hotjar, and OneTrust for cookie compliance. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and employs security best practices including cookie consent mechanisms and security modules. However, explicit security headers like Content-Security-Policy and X-Frame-Options were not confirmed in the HTML and should be verified. No vulnerabilities or exposed sensitive data were detected. The absence of a public incident response or vulnerability disclosure page suggests an area for improvement. Overall, the website is trustworthy, compliant with GDPR, and professionally maintained. The missing WHOIS data is likely due to registry restrictions or privacy protection and does not detract from the site's legitimacy. Strategic recommendations include enhancing security header implementation, publishing incident response policies, and continuous monitoring of third-party libraries for vulnerabilities.

D

Digt AG

digt.ch

61

Digt AG is a Swiss-based company specializing in community building, brand creation, and product promotion within the e-commerce sector. Their website presents a professional and modern digital presence, targeting businesses seeking to grow their communities, create brands, and promote products in the Swiss market. The company appears to be relatively new, founded around 2021, with a clear focus on service provision in e-commerce and brand distribution. Technically, the website is built on WordPress with a solid tech stack including Bootstrap, jQuery, and SEO tools like Yoast. It is mobile-optimized and uses Google Analytics and Tag Manager for tracking, indicating a moderate level of digital maturity. Security-wise, the site enforces HTTPS and avoids exposing sensitive data, but lacks some security headers and explicit policies, which could be improved. Overall, the site is trustworthy and professional, with minor gaps in privacy compliance and security transparency.

S

Schweizer Agrarmedien AG

agrarmedien.ch

67

Schweizer Agrarmedien AG is the largest agricultural specialized publishing company in Switzerland, offering a portfolio of print and digital media products including newspapers, magazines, and online marketplaces focused on agriculture, nature, and environment. Their target audience includes farming families, animal and nature enthusiasts, and professionals in the Swiss agricultural sector. The company maintains a strong market position with multiple well-known media brands and digital platforms. Technically, the website is built on TYPO3 CMS and leverages modern JavaScript libraries and analytics tools such as Matomo, Microsoft Clarity, and Google Tag Manager, indicating a mature digital infrastructure. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is solid with HTTPS enforced and use of reCAPTCHA, but lacks some security headers and explicit security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website is trustworthy and professionally managed, with room for improvement in security and privacy transparency.

A

Agirc-Arrco

agirc-arrco.fr

58

Agirc-Arrco is a French government-related organization managing supplementary pension schemes for private sector employees. The website provides information and services related to retirement and pension rights, targeting private individuals and retirees. The organization holds a leading position in the French pension market, offering key services such as pension management and online account access. Technically, the website is built on Drupal 11 with modern web technologies and is mobile-optimized, providing a good user experience. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though security headers and explicit privacy policies are missing. The absence of WHOIS data limits domain ownership verification but does not detract from the site's professional appearance and trustworthiness. Overall, the site is safe, well-structured, and serves its audience effectively.

F

First Sight AG

first-sight.ch

54

First Sight AG is a specialized ophthalmology practice located at Bahnhofplatz 9, Zurich, Switzerland, focusing on eye care for children and adults. The practice offers a range of services including pediatric eye examinations, amblyopia therapy, myopia management, and surgical interventions such as strabismus and cataract operations. The website is professionally designed with clear navigation, multilingual support (German and English), and comprehensive content tailored to patients seeking eye care services. Structured data and patient testimonials enhance trust and SEO performance. Technically, the site is built on WordPress with modern JavaScript frameworks and integrates Google Tag Manager for analytics. Security posture is good with HTTPS enforced, but lacks explicit security headers and a cookie consent mechanism, which are recommended for GDPR compliance. Contact information is clearly presented, reinforcing business credibility. Overall, the website reflects a mature digital presence suitable for a healthcare provider.

I

Input interior

inputinterior.dk

46

Input interior is a leading independent interior design and furnishing group operating across the Nordic region, specializing in tailored solutions for offices, hospitality, education, and care sectors. The company emphasizes sustainability and offers a broad product range supported by multiple regional websites and active social media engagement. The website demonstrates a mature digital presence with multilingual support and comprehensive content showcasing projects, news, and services. Technically, the site is built on WordPress with modern plugins and frameworks, ensuring good performance and SEO optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies are not publicly documented. The absence of WHOIS data limits domain trust verification, but the professional presentation and business transparency mitigate concerns. Overall, Input interior presents a credible and well-established business with a strong online footprint.

I

Input interior

inputinterior.com

56

Input interiör is a leading independent Nordic interior design group specializing in tailored interior solutions for offices, hospitality, education, and healthcare sectors. The company emphasizes sustainability and offers a broad product range supported by certifications such as Svanen and EcoLabel. Their website demonstrates a mature digital presence with multilingual support, comprehensive content, and active social media engagement. Technically, the site is built on WordPress with modern plugins and performance optimizations, ensuring fast and accessible user experience. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers could be enhanced. WHOIS data for the exact www subdomain is unavailable, but this is typical and does not detract significantly from trust given the professional site content. Overall, Input interiör presents a credible and well-managed online presence aligned with their business stature.

I

Input interior

inputinterior.se

47

Input interiör is a leading independent interior design group in the Nordic region, specializing in tailored interior solutions for offices, hospitality, education, and healthcare sectors. The company operates multiple showrooms and offers a broad product range with a strong emphasis on sustainability and functionality. Their market position is strong, supported by certifications and a professional digital presence. Technically, the website is built on WordPress with modern plugins and frameworks, optimized for performance, SEO, and mobile responsiveness. The use of Google Tag Manager and reCAPTCHA indicates a mature digital infrastructure. Security practices are good with HTTPS and cookie consent mechanisms, though some HTTP security headers could be improved. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent. Contact information is clearly presented, enhancing business credibility. Overall, the website and business present a low risk profile with strong trust indicators. The missing WHOIS data for the subdomain is not a significant concern given the overall professionalism and transparency of the site. Strategic recommendations include enhancing HTTP security headers and publishing a vulnerability disclosure policy.

L

LANDI

landi.ch

61

LANDI is a well-established Swiss retail company specializing in products for home, garden, agriculture, and pets, operating both physical stores and an extensive online shop. The website reflects a mature e-commerce platform with a broad product catalog and user-friendly navigation, targeting consumers in Switzerland interested in these sectors. Technically, the site uses modern web technologies including JavaScript frameworks, Google Maps API, Facebook Pixel, and Google Tag Manager, with a CMS likely based on Concrete5. The site is mobile-optimized and performs moderately well. Security posture is strong with HTTPS enforcement, security headers, and cookie consent mechanisms, although explicit security policies and incident response contacts are not publicly available. WHOIS data confirms the domain's legitimacy and alignment with the parent company Fenaco. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations.

K

KEIM Commercial

keim-usa.com

53

KEIM Commercial is a medium-sized manufacturing company specializing in mineral silicate paints and stains, serving the construction and historic restoration markets primarily in the United States, Canada, and the Caribbean. The company offers a broad range of eco-friendly, durable paint products supported by extensive technical documentation and a knowledgeable sales and service team. The website is built on WordPress with WooCommerce and Elementor, reflecting a modern digital infrastructure with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and domain transfer protections, though improvements are needed in DNSSEC and security headers. Privacy compliance is lacking due to missing privacy and cookie policies. Overall, the site is professional and trustworthy, with strong business credibility but some compliance and security enhancements recommended.

L

Lexus

discoverlexus.com

60

DiscoverLexus.com serves as a global lifestyle and brand marketing platform for Lexus, a premium automotive brand. The website focuses on delivering luxury and lifestyle content that aligns with Lexus's market positioning as a leader in the transportation sector. The site targets luxury vehicle enthusiasts and Lexus customers worldwide, providing brand storytelling and vehicle-related information. The business model centers on brand engagement and lifestyle marketing rather than direct sales. The domain age and WHOIS data support the legitimacy and maturity of the brand presence online. Technically, the website employs modern frontend technologies including Vue.js and Nuxt.js, with a CMS likely based on Statamic. Hosting is supported by Microsoft Azure DNS infrastructure. The site demonstrates good mobile optimization and SEO practices, with cookie consent managed by Cookiebot. Performance is moderate, with room for improvement in accessibility and security headers. From a security perspective, the site uses HTTPS and enforces domain transfer protection. However, DNSSEC is not enabled, and security headers are not detected in the provided data. There is no visible privacy policy or terms of service, which are critical for compliance and user trust. No incident response or vulnerability disclosure mechanisms are found. The site integrates Google Tag Manager for analytics and tracking, balanced with a cookie consent mechanism. Overall, the website is professionally designed and trustworthy, with a strong brand presence. To enhance security posture and compliance, it is recommended to publish privacy and terms policies, enable DNSSEC, implement security headers, and provide clear contact information for incident response. These steps will improve user trust, regulatory compliance, and resilience against threats.

V

Vieser Oy

vieser.fi

58

Vieser Oy is a Finnish manufacturing company specializing in floor drains, with a market presence dating back to 1973. The company targets construction professionals and consumers primarily in Finland and the Nordic region. Their website reflects a mature digital presence built on WordPress and WooCommerce, supporting e-commerce and multilingual content. The technical infrastructure is modern and includes standard industry tools such as Google Analytics and Cookie Information for privacy compliance. Security posture is solid with HTTPS enforced and standard security headers, though there is room for improvement in CSP implementation and incident response transparency. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, supporting the company's established market position.

N

Neumarkter Lammsbräu

lammsbraeu.de

62

Neumarkter Lammsbräu is a German company specializing in organic beverages with a focus on sustainability and ecological responsibility. Their website presents a professional and consistent brand image targeting general consumers interested in organic products. The company leverages modern digital marketing and analytics tools such as HubSpot and Google Analytics, integrated with a robust cookie consent mechanism via Cookiebot to ensure GDPR compliance. The technical infrastructure is based on HubSpot CMS, supported by standard web technologies including jQuery and Google Tag Manager, providing a moderate performance and good mobile optimization. Security posture is strong with HTTPS enforcement and standard security headers, although explicit security policies and incident response contacts are not publicly available. Overall, the website is trustworthy, well-maintained, and compliant with privacy regulations, making it suitable for its business purpose.

W

WOMEN'S EHF EURO 2024

catchthespirit2024.com

50

The website catchthespirit2024.com serves as the official digital platform for the Women’s EHF EURO 2024 Handball Championship, providing comprehensive event information including news, schedules, host city details, ticketing links, and multimedia content. It targets handball fans and event attendees, positioning itself as the authoritative source for the championship. The site leverages WordPress CMS with popular plugins such as Elementor and Yoast SEO, and integrates Cookiebot for GDPR-compliant cookie consent management. External partnerships for ticketing and merchandise are clearly linked, enhancing the user journey for event participation. Technically, the site employs modern web technologies including jQuery, Bootstrap, and Google Tag Manager for analytics. The site is mobile-optimized and SEO-friendly, with multilingual support via WPML. Security posture is adequate with HTTPS enforced and domain transfer protections in place, though the absence of DNSSEC and security headers suggests room for improvement. Privacy compliance is partial due to missing explicit privacy and terms of service pages. No direct contact information or incident response details are published, which could impact user trust and compliance. Overall, the website presents a professional and trustworthy front for the event, with good content quality and user experience. However, enhancing privacy disclosures, security headers, and contact transparency would strengthen compliance and security posture. The domain registration is consistent with the event timeline and shows no suspicious patterns, supporting legitimacy.

K

Urlaub in Kitzbühel, Tirol buchen | Wandern, Skifahren & mehr

kitzbuehel.com

58

The website www.kitzbuehel.com serves as a comprehensive tourism portal for the Kitzbühel region in Tirol, Austria. It provides information on year-round alpine activities including hiking and skiing, accommodation options, and local events. The site targets tourists and travelers seeking alpine vacation experiences. Technically, the site is built on TYPO3 CMS and integrates modern web technologies including Cookiebot for consent management, Google Tag Manager, Matomo analytics, and Facebook Pixel for marketing and tracking. The presence of a chat widget enhances user engagement. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers and incident response information are not explicitly found. Privacy compliance is good with cookie consent and GDPR-related mechanisms, but no explicit privacy policy or terms of service pages were detected in the provided content. WHOIS data for the domain is missing, which raises concerns about domain registration transparency but does not necessarily indicate illegitimacy given the professional nature of the site. Overall, the site is well-designed, user-friendly, and trustworthy for its target audience.

M

MaxFun Sports GmbH

maxfunsports.com

46

MaxFun Sports GmbH operates a leading Austrian running sports platform focused on providing comprehensive content, event registration, race results, multimedia, and community engagement for runners and sports enthusiasts primarily in Austria and German-speaking regions. The website is well-structured, content-rich, and professionally designed, offering a broad range of services including news, training plans, and event calendars. The platform integrates modern web technologies such as jQuery, Bootstrap, and Google Tag Manager, and employs a custom CMS likely based on the Yii framework. Privacy compliance is robust with a comprehensive privacy policy and cookie consent mechanism implemented via CookieFirst. Security posture is good with HTTPS and CSRF protections, though some security headers are missing and no explicit security policy or incident response information is provided. The domain WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional appearance and active business presence. Overall, the website scores well on content quality, technical implementation, and privacy compliance but is penalized for the lack of verifiable domain registration data.

.

.LOUPE

loupe.link

65

The website loupe.link represents .LOUPE, a specialized provider of compliance management solutions focusing on whistleblowing, anti-corruption, integrity management, risk assessments, and corporate sustainability due diligence. The company targets businesses requiring turnkey compliance solutions, positioning itself as a niche player with ISO 27001 certification enhancing its credibility. The website is built on modern web technologies including Nuxt.js and Vue.js, with integrated analytics and cookie consent mechanisms reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and GDPR-compliant privacy and cookie policies, though some areas like explicit Terms of Service and vulnerability disclosure policies are missing. Overall, the site is professional, trustworthy, and safe for general audiences.

R

Recisio

karaoke-version.de

63

Karaoke-Version.de is a German-based e-commerce platform specializing in downloadable karaoke and instrumental music tracks, including custom backing tracks and karaoke videos. The site is operated by Recisio, an established company since 2004, offering a large catalog of over 84,000 instrumental playbacks. The platform targets karaoke enthusiasts and musicians seeking personalized music tracks. Technically, the website employs modern web technologies such as jQuery, Google Analytics, and Google Tag Manager, hosted on Recisio's CDN infrastructure, delivering fast and mobile-optimized user experiences. Security posture is solid with HTTPS enforced and no exposed sensitive data, though improvements could be made by adding explicit security headers and cookie consent mechanisms. Privacy and terms policies are comprehensive and GDPR compliant, but direct contact emails and phone numbers are not publicly listed, relying on contact forms instead. Overall, the site demonstrates a mature digital presence with good business credibility and trustworthy domain registration.

C

Crest

crestpontoonboats.com

71

Crest Pontoon Boats is a well-established manufacturer specializing in luxury pontoon and tritoon boats, including electric models, targeting families and boating enthusiasts. The company emphasizes craftsmanship, premium materials, and customization options, positioning itself as a premium brand in the transportation sector. The website reflects a mature digital presence with rich multimedia content, clear navigation, and mobile optimization. Technically, the site employs modern analytics and marketing tools such as Google Analytics, Facebook Pixel, and Microsoft Application Insights, hosted on a reliable infrastructure with Google Cloud DNS and Squarespace Domains. Security posture is strong with HTTPS enforced and reCAPTCHA protecting forms, though some security headers could be improved. Privacy compliance is robust with clear policies and consent mechanisms. Overall, the site is professional, trustworthy, and aligned with industry best practices.

M

myf.global

myf.global

53

The website at myf.global presents minimal accessible content with no clear business description or contact information. The domain WHOIS data is limited and privacy-protected, providing no creation or expiry dates, registrant organization, or country information, which reduces trust and transparency. Technically, the site uses common analytics and tag management tools such as Google Tag Manager and Yandex Metrika, but lacks visible security headers and privacy compliance indicators. The overall security posture is basic, with no advanced protections or policies evident. The site appears to be a minimal or placeholder presence with low content quality and limited business credibility.

A

Anaveo

anaveo.com

38

Anaveo is a French company specializing in intelligent video surveillance and electronic security solutions. Positioned as a leader in the French market, it offers a comprehensive portfolio of services including video surveillance, access control, intrusion and fire detection, remote monitoring, and a suite of smart security and business applications. The website targets business customers across multiple sectors such as retail, hospitality, healthcare, logistics, and urban mobility. The company emphasizes transforming environments into safer, smarter, and more efficient spaces through innovative technology.

R

Ri-Velo

ri-velo.it

53

Ri-Velo is a regional innovative network based in Veneto, Italy, focused on logistics, supply chain, and sustainability projects. The organization integrates companies, institutions, and universities to foster innovation in logistics 4.0 and eco-sustainability. The website positions Ri-Velo as a key player in the regional logistics innovation ecosystem, supported by recognized certifications such as the ECEI Bronze Label. The target audience includes businesses and organizations involved in logistics and supply chain within the Veneto region. Technically, the website is built on WordPress with modern plugins and frameworks, including Yoast SEO, WPML for multilingual support, and Google Tag Manager for analytics. Security measures include HTTPS, Google reCAPTCHA on contact forms, and GDPR-compliant cookie consent mechanisms. However, some security headers are missing, and no explicit security or incident response policies are published. Overall, the website is professional, well-structured, and trustworthy, with good content quality and compliance with privacy regulations.

N

naturenergie netze

ednetze.de

74

naturenergie netze is a regional utility network operator based in Südbaden, Germany, providing essential services in electricity, water, lighting, communication technology, and training. The company operates as part of the Energiedienst-Gruppe, targeting customers and partners in the energy and utility sectors. The website is professionally designed using TYPO3 CMS, with good content quality and clear navigation tailored to its audience. The technical infrastructure includes modern web technologies and is hosted on Microsoft Azure DNS, indicating a reliable hosting environment. The site incorporates accessibility features and is optimized for mobile devices. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented via Cookiebot, ensuring GDPR compliance. However, explicit security headers and incident response policies are not publicly documented. Overall, the website demonstrates a mature digital presence with moderate tracking and marketing tools, balanced with user privacy considerations.

A

Advantour

advantour.com

52

Advantour is a specialized boutique tour operator focusing on private and group tours along the Silk Road, Central Asia, and the Caucasus regions. Established in 2001, the company offers authentic, custom-made travel experiences emphasizing safety, comfort, and expert local partnerships. The website reflects a strong market position with clear branding, rich content, and a professional presentation targeting culturally curious travelers interested in niche destinations. Technically, the site employs a modern tech stack including Bootstrap and jQuery, with integrated analytics and marketing tools such as Google Analytics, Facebook Pixel, and Yandex Metrika. Mobile optimization and SEO practices are well implemented, though accessibility features are basic. Security posture is solid with HTTPS enforced and secure form handling, but lacks some advanced security headers and explicit incident response or security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is primarily via a web form, with no direct emails or phone numbers visible. Overall, the site is trustworthy, professional, and safe for general audiences.

Т

ТОО One Media Press

weproject.media

51

Weproject.media is a lifestyle media outlet focused on people and culture in Central Asia, primarily Kazakhstan. It positions itself as a unique regional media source without politics or religion, targeting a broad audience interested in positive lifestyle content. The company behind the site is ТОО One Media Press, based in Astana, Kazakhstan. The website offers articles, news, and advertising services, supported by active social media channels and subscription options. Technically, the site uses Bitrix CMS, jQuery, and integrates multiple analytics and marketing tools such as Google Analytics, Yandex Metrika, Facebook Pixel, and SendPulse. The site is mobile-optimized with good navigation and professional design. Security-wise, HTTPS is enforced, but explicit security headers are missing, and privacy and cookie policies are absent, indicating compliance gaps. Overall, the site is safe, professional, and credible but would benefit from enhanced privacy compliance and security hardening.

마

마이페어(MyFair)

myfair.co

63

마이페어(MyFair) is a Korean-based online platform specializing in overseas exhibition booth reservation and comprehensive participation management services. The platform targets businesses, including SMEs, startups, and organizations seeking to participate in global trade shows. It offers key services such as exhibition search, booth reservation, professional partner matching, and management of exhibition-related tasks. The website is professionally designed with a clear structure and good user experience, primarily in Korean language, catering to the Korean market. Technically, the site uses modern frameworks like Next.js and React, integrates multiple marketing and analytics tools, and is hosted on a reliable CDN infrastructure. Security measures include HTTPS enforcement and standard security headers, although explicit privacy and cookie policies are missing. Overall, the site demonstrates a moderate to good security posture with room for improvement in privacy compliance and contact transparency.

K

K-Swiss

kswiss.nl

10

K-Swiss is a heritage American tennis footwear and apparel brand with a strong European online presence, operating a multilingual e-commerce platform primarily targeting tennis enthusiasts and sneaker consumers. The website is professionally designed, leveraging the Shopify platform with integrations for marketing, analytics, and search optimization. The technical infrastructure is modern and performant with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and CAPTCHA protections on forms, though improvements such as DNSSEC and explicit security headers are recommended. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, the site presents a trustworthy and professional retail experience with no critical security or compliance issues detected.

Fundación "la Caixa" is a well-established Spanish non-profit foundation with over a century of history dedicated to social, cultural, educational, and scientific initiatives. It operates as a key player in the non-profit sector in Spain, leveraging its strong brand and affiliation with CaixaBank. The website reflects a mature digital presence with comprehensive content aimed at beneficiaries, donors, and partners. Technically, the site is built on the Liferay CMS platform, utilizing modern JavaScript frameworks and integrates multiple analytics and marketing tools, indicating a good level of digital maturity. Security posture is solid with HTTPS enforced and domain protections in place, though improvements such as DNSSEC and enhanced security headers could be implemented. Privacy compliance is robust, with clear GDPR-aligned policies and cookie consent mechanisms. Overall, the website and domain registration data indicate a trustworthy and professional organization with a strong market position in the non-profit sector.

D

Deutsche Apotheker- und Ärztebank

apobank.de

70

Deutsche Apotheker- und Ärztebank (apoBank) is a specialized financial institution serving healthcare professionals and their organizations in Germany. The website clearly communicates its banking and financial services tailored to this niche, including accounts, financing, asset management, and insurance products. The bank positions itself as the leading financial service provider in the healthcare sector, targeting professionals such as pharmacists, doctors, and related entities. The business model focuses on specialized banking solutions with a strong emphasis on customer service and sector expertise. Technically, the website is built on a modern infrastructure using Magnolia CMS, jQuery UI, and integrates consent management via Usercentrics and CAPTCHA protection through FriendlyCaptcha. The site is hosted on UltraDNS name servers and employs HTTPS with proper security headers, ensuring secure and reliable access. The design is professional, mobile-optimized, and accessible, providing a positive user experience. From a security perspective, the site demonstrates good practices including HTTPS enforcement, CAPTCHA on forms, and privacy compliance with GDPR. However, there is room for improvement by adding additional security headers and publishing incident response contacts or a security.txt file. No vulnerabilities or suspicious content were detected. Overall, the apoBank website is a trustworthy, professional, and secure platform that aligns well with its business goals and regulatory requirements. It effectively serves its target audience with clear communication and robust technical implementation.

U

US Green Building Council California

usgbc-ca.org

60

US Green Building Council California (USGBC-CA) is a non-profit organization dedicated to advancing sustainability, green building, climate resilience, and environmental justice across California. The organization provides advocacy, education, certification programs, and networking opportunities to sustainability professionals and advocates. Their market position is that of a regional leader in sustainability initiatives, with a focus on transforming the built environment in California. The website is professionally designed, mobile-optimized, and uses modern web technologies including WordPress and NitroPack for performance optimization. Social media integration and structured data enhance their digital presence. Security posture is good with HTTPS enabled and domain protections in place, though improvements are recommended such as enabling DNSSEC and adding security headers. Privacy compliance is currently weak due to the absence of privacy and cookie policies. Overall, the website is trustworthy and well-positioned to serve its target audience, but should enhance privacy and security disclosures to improve compliance and user trust.

S

Southern California Institute of Architecture

sciarc.edu

64

The Southern California Institute of Architecture (SCI-Arc) is a well-established independent architecture school located in Los Angeles, offering undergraduate, graduate, and postgraduate programs. The institution is recognized for its innovative approach to architectural education and is NAAB accredited. The website reflects a professional educational institution with a clear focus on architecture students and prospective applicants. The site provides comprehensive information about programs, events, and admissions, supported by rich multimedia content and consistent branding. Technically, the website employs modern tracking and analytics tools including Google Analytics, Google Tag Manager, and Facebook Pixel, alongside video hosting via Wistia and smart form integration from HeyHalda. The site is hosted with assets served from Google Cloud Storage, ensuring reliable performance. The website is mobile-optimized, accessible, and SEO-friendly, though some improvements in security headers and cookie consent mechanisms are recommended. From a security perspective, the site uses HTTPS with good SSL configuration but lacks visible security headers and cookie consent banners, which are important for compliance and security best practices. The WHOIS data for the domain is unavailable, which is common for .edu domains but slightly reduces transparency. Overall, the security posture is solid but could be enhanced by adding security policies and incident response contacts. The overall risk assessment is low with a high degree of trustworthiness based on content quality, business credibility, and technical implementation. Strategic recommendations include implementing cookie consent, enhancing security headers, and publishing security and incident response policies to further strengthen compliance and trust.

H

HMC Architects

hmcarchitects.com

55

HMC Architects is a well-established, employee-owned architecture firm founded in 2002, specializing in healthcare, education, and civic space design. The company emphasizes community impact and sustainability through its 'Design For Good' philosophy. The website reflects a professional and consistent brand image with a focus on employee ownership and community service. Technically, the site is built on WordPress with modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. The site is mobile optimized and offers a good user experience with clear navigation. Security posture is moderate with HTTPS enabled but lacks DNSSEC and explicit security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the domain registration data supports the legitimacy and longevity of the business.

A

ARC Document Solutions, Inc.

e-arc.com

78

ARC Document Solutions, Inc. operates a professional website offering reprographics, digital printing, scanning, and document workflow solutions with a broad network of over 140 locations. The company targets businesses and enterprises requiring high-quality printing and document management services. The website demonstrates a mature digital presence with modern technologies such as WordPress, Alpine.js, and Google Tag Manager, ensuring good performance, SEO, and mobile responsiveness. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response contacts are not publicly detailed. The absence of WHOIS data for the domain is a notable anomaly, suggesting either privacy protection or a data retrieval issue, which should be further investigated to confirm domain legitimacy. Overall, the website is professional, trustworthy, and well-optimized for its business purpose.

M

Metropol Kurier GmbH

billwalleurope.com

53

Bill Wall Europe operates as the official European distributor for Bill Wall Leather, specializing in artwork, leather goods, and jewelry that have been recognized since 1985. The company targets collectors, retailers, and enthusiasts within Europe, positioning itself as a niche distributor with a strong brand association to Bill Wall Leather. The business model focuses on distribution and retail, supported by a professional website that provides product impressions, contact information, and retail locations. The company is based in Switzerland and operates under the legal entity Metropol Kurier GmbH. Technically, the website is built on WordPress using the Elementor page builder and several premium plugins, including Google Analytics and Google Maps integrations. The hosting is likely provided by Hostpoint AG, inferred from the DNS nameservers. The site demonstrates moderate performance with good mobile optimization and basic accessibility features. SEO is well addressed with proper meta tags, Open Graph, and structured data. From a security perspective, the site uses HTTPS and Google reCAPTCHA v3 on its contact form, which are positive indicators. However, it lacks DNSSEC and advanced security headers, which could enhance its security posture. No incident response or vulnerability disclosure policies are present, and cookie consent mechanisms are missing, indicating partial GDPR compliance. Overall, the security posture is moderate but could be improved. The overall risk assessment suggests a trustworthy and professional online presence with minor compliance and security gaps. Strategic recommendations include enabling DNSSEC, implementing security headers, adding cookie consent, and publishing incident response information to strengthen trust and compliance.

K

K-Swiss

kswiss.de

44

K-Swiss.de is the official German-language online shop for the established American tennis brand K-Swiss, specializing in sneakers and racketsport apparel. The website targets European tennis enthusiasts and operates on the Shopify platform with localized versions for multiple European countries. The site offers a professional e-commerce experience with product releases, promotions, and customer engagement through forms protected by Google reCaptcha. Technically, the site leverages modern web technologies and integrates marketing and analytics tools such as Klaviyo, Microsoft Clarity, and Trustpilot, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and secure form handling, though explicit security headers could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site presents a trustworthy and professional retail presence with no critical vulnerabilities detected.

D

Dunlop Sports

dunlopsports.com

50

Dunlop Sports operates a professional e-commerce website specializing in sports equipment and apparel, primarily for tennis, squash, padel, and table tennis. The company is an established player in the retail sports sector with a domain registered since 1995 and owned by PSI-Japan, Inc. The website targets sports enthusiasts and athletes, offering a broad range of products and engaging content such as news and stories. The digital infrastructure leverages modern web technologies including Bootstrap and Google Tag Manager, hosted behind Cloudflare DNS services, ensuring reliable performance and security. Privacy and cookie policies are implemented with consent mechanisms, reflecting compliance with GDPR standards. However, explicit security policies and incident response contacts are not published, indicating room for improvement in transparency and security maturity. Overall, the website presents a trustworthy and professional front with good content quality and user experience.

S

Special Olympics Deutschland

specialolympics.de

53

Special Olympics Deutschland is a well-established non-profit organization dedicated to promoting inclusive sports opportunities for people with intellectual disabilities in Germany. The website reflects a professional and consistent brand presence, offering comprehensive information about their programs, engagement opportunities, and health initiatives. Their market position as the leading Special Olympics entity in Germany is supported by partnerships with reputable service providers such as Stripe and Fundraisingbox. The target audience includes athletes, volunteers, supporters, and affiliated organizations.

D

Deutscher Tennis Bund (DTB)

tennisimnorden.de

71

The website tennis.de serves as the official platform for the Deutscher Tennis Bund (DTB), focusing on providing comprehensive information about the Regionalliga Nord-Ost and related tennis leagues in Germany. It offers league results, official documents, contact details for league officials, and integrates with the nuLiga platform for result entry. The site targets tennis players, clubs, officials, and fans primarily in northern and eastern Germany. The business model revolves around sports federation services and information dissemination. Technically, the site is built on Adobe Experience Manager (AEM) with modern JavaScript frameworks including ZK Framework and Litepicker. It is hosted on Adobe's cloud infrastructure, ensuring reliable performance and scalability. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Cookie consent is managed via Cookiebot, and Google Tag Manager is used for analytics and marketing. From a security perspective, the site enforces HTTPS and uses consent management for cookies, but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious content were detected. The domain WHOIS data indicates professional management consistent with a reputable organization. Overall, the website is a trustworthy, well-maintained official sports federation site with good content quality and technical implementation. Strategic improvements could include enhanced security headers and publishing a security policy to further strengthen trust and compliance.

T

Tennis Deutschland · tennisnet.com

tennisnet.com

50

The website tennisnet.com is a German-language sports news platform specializing in tennis coverage, including ATP and WTA news, live scores, and tournament updates. It targets tennis enthusiasts primarily in Germany and operates on the TYPO3 CMS platform, integrating various advertising and tracking technologies such as Google Analytics, Google Tag Manager, Facebook Pixel, and Google Adsense. The technical infrastructure is modern and supports mobile optimization, though performance is moderate. Security posture is generally good with HTTPS enabled, but lacks some security headers and explicit privacy and cookie policies. The absence of WHOIS data raises questions about domain registration legitimacy, though the website content and design appear professional and trustworthy. Overall, the site is functional and relevant to its audience but would benefit from enhanced privacy compliance and clearer business contact information.

N

naturenergie netze

naturenergie-netze.de

74

naturenergie netze is a regional energy network operator based in Südbaden, Germany, providing essential utility services including electricity, water, lighting, communication technology, and training. The company operates as part of the Energiedienst-Gruppe, positioning itself as a key regional player in energy distribution and infrastructure services. The website reflects a professional and consistent brand presence targeting customers and partners within the energy sector in the region. Technically, the site is built on TYPO3 CMS, hosted on Azure DNS infrastructure, and integrates modern web technologies including Cookiebot for GDPR-compliant cookie management, Google Analytics, and social media tracking tools. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Security posture is solid with HTTPS enforced and use of reputable third-party scripts, although explicit security headers and incident response information are not clearly published. Privacy compliance is well addressed through a comprehensive privacy policy and granular cookie consent mechanisms. Overall, the website is trustworthy, professional, and compliant with relevant regulations, supporting the company's business credibility and digital maturity.

A

AUTOTRASPORTI CAMBIANICA SRL

cambianica.com

68

AUTOTRASPORTI CAMBIANICA SRL is an established transportation and logistics company based in Italy, with over 50 years of experience in national and international freight transport. The company targets businesses and individuals requiring reliable transport services primarily in the Bergamo and Brescia regions. The website is built on WordPress using the Divi theme and incorporates SEO best practices via Yoast SEO, along with Google Tag Manager and reCAPTCHA for analytics and security. While the website presents a professional and consistent brand image with good content quality and user experience, there are notable gaps in privacy compliance and security posture, including the absence of privacy and cookie policies and missing security headers. The WHOIS data for the domain is unavailable, raising concerns about domain registration legitimacy. Overall, the site is functional and moderately secure but requires improvements in compliance and domain registration transparency.

A

AVANZINI

avasped.it

46

Avanzini is a well-established Italian logistics and transportation company with over 30 years of experience, primarily serving clients in Italy and across Europe. The company offers comprehensive transport and integrated logistics solutions, including specialized services for wine, beer, and alcoholic products. Their market position is strong in Verona, supported by multiple operational sites and a significant volume of shipments and warehouse space. Technically, the website employs modern JavaScript libraries and frameworks, ensuring a good user experience with mobile optimization and basic accessibility. Privacy compliance is robust, featuring a comprehensive cookie consent mechanism and GDPR-aligned policies. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements in security headers and incident response documentation are recommended. Overall, the website reflects a professional and trustworthy business with clear contact information and certifications that enhance credibility.

T

Transports Allemand

transports-allemand.fr

46

Transports Allemand is a well-established French transportation and logistics company specializing in road freight, storage, and freight forwarding services. Founded in 1942, it operates primarily in the regional, national, and international transport sectors and is a member of the ASTRE European transport group. The company emphasizes reliability, rapid delivery, and sustainable practices, including a fully Euro 6 compliant vehicle fleet and an ongoing RSE commitment. Their website reflects a professional business presence with clear service offerings and contact information. Technically, the website is built on WordPress using Elementor and Yoast SEO, hosted by OVH, and incorporates modern web technologies including Google Tag Manager and Facebook SDK for analytics and marketing. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Security posture is good with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and explicit security policies. Overall, the security posture is solid with no visible vulnerabilities or exposed sensitive data. The domain registration data aligns well with the company's history and business claims, supporting legitimacy. The site complies with GDPR through cookie consent and privacy policy presence. No WAF or blocking mechanisms were detected, allowing full content access. Strategically, the company should enhance its security transparency by publishing security policies and incident response contacts, improve accessibility, and maintain regular audits of third-party scripts. These steps will strengthen trust and compliance in an increasingly regulated environment.

M

Manitou

manitou.com

64

Manitou is a well-established French manufacturing company specializing in handling, lifting, and earthmoving equipment for diverse sectors including agriculture, construction, and industries. With over 60 years of experience, the company offers a broad range of machinery such as telehandlers, forklift trucks, and aerial work platforms, complemented by attachments and services like financing and maintenance. The website reflects a mature global brand with extensive multilingual support and a professional digital presence. Technically, the website is built on Drupal 10, leveraging modern web technologies including Google Tag Manager and Matomo for analytics. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in security headers and incident response transparency. The WHOIS data is notably missing, which reduces transparency but is likely due to privacy protection services. Despite this, the website's professional content, structured data, and social media presence support its legitimacy. No WAF or blocking mechanisms were detected, allowing full content access. Overall, Manitou's website demonstrates strong business credibility and technical maturity, with minor security and transparency gaps that can be addressed to enhance trust and compliance.