Security Directory

B

BNP PARIBAS

commercialcards.bnpparibas

67

BNP Paribas Commercial Cards website serves as a professional portal offering a range of corporate payment solutions including procurement cards, virtual cards, and travel-related payment services. The site targets corporate clients and businesses, positioning itself as part of the large international banking group BNP Paribas. The business model focuses on providing secure, efficient payment methods integrated with modern technologies such as Apple Pay. Technically, the website is built on WordPress with modern frameworks like Bootstrap and uses common libraries such as jQuery and FontAwesome. SEO and mobile optimization are well implemented, though accessibility is basic. Security posture is strong with HTTPS enforced and domain registration protections in place, but lacks DNSSEC and explicit security headers. Privacy compliance is adequate with visible cookie and privacy policies, and GDPR considerations are addressed. Overall, the site is trustworthy, professional, and well-maintained, with minor areas for improvement in security and contact transparency.

V

Virtua Research, Inc.

virtuaresearch.com

64

Virtua Research, Inc. is a specialized provider of market and competitive intelligence solutions tailored for publicly traded and private companies, focusing on financial research, analytics, and reporting. The company offers a suite of services including Consensus Analytics, Financial Benchmarking, and Interactive Analyst Centers, targeting investor relations, FP&A, C-suite executives, and financial professionals. Established in 2004, Virtua Research has a solid market position supported by a long-standing domain and trusted by notable clients. Technically, the website employs modern web technologies such as Bootstrap, jQuery, Owl Carousel, and Google Analytics, ensuring a responsive and user-friendly experience. The infrastructure is hosted under a reputable registrar with secure HTTPS implementation and basic performance optimizations. However, there is room for improvement in security headers and DNS security. From a security perspective, the site demonstrates good practices including HTTPS enforcement and CAPTCHA protection on forms, but lacks advanced security headers and DNSSEC. Privacy compliance is partially addressed with comprehensive privacy and terms policies, though cookie consent mechanisms are absent. No critical vulnerabilities or suspicious content were detected, indicating a generally secure posture. Overall, Virtua Research presents a professional and credible online presence with moderate technical maturity and a solid security baseline. Strategic enhancements in security headers, DNSSEC, and privacy compliance would further strengthen their digital trustworthiness and regulatory adherence.

K

KVG Main-Kinzig mbH

kvg-main-kinzig.de

51

KVG Main-Kinzig mbH is a regional public transportation company serving the Main-Kinzig district in Germany. The company provides bus services, on-demand transport options such as CARLOS, and various mobility projects aimed at improving local transit. The website is professionally designed using Joomla CMS and modern frontend technologies, offering good accessibility features including visual assistance tools. Contact information and social media presence are clearly provided, enhancing user trust and engagement. The site is fully accessible without any blocking or WAF challenges, indicating good operational stability. Security posture is solid with HTTPS enforced and CSRF protections in place, though security headers and explicit security policies could be improved. Privacy compliance is adequate with a comprehensive privacy policy and cookie information, but lacks an explicit cookie consent mechanism. Overall, the website reflects a credible and professional transportation service provider with room for enhancements in security and compliance documentation.

B

Bundesinstitut für Öffentliche Gesundheit (BIÖG)

diabetesnetz.info

70

Diabetesnetz Deutschland is a public health network initiative coordinated by the Bundesinstitut für Öffentliche Gesundheit (BIÖG) aimed at strengthening diabetes prevention efforts across Germany. The website serves as a platform to connect key stakeholders, disseminate educational materials, and promote national diabetes awareness campaigns. It is supported by the German Federal Ministry of Health, reflecting a strong governmental backing and positioning within the healthcare sector. The business model is non-profit and focused on public health impact rather than commercial gain. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap 5 and uses Matomo for privacy-conscious web analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. However, some security best practices such as HTTP security headers and explicit incident response policies are not evident from the content. From a security perspective, the site employs GDPR-compliant cookie consent mechanisms and anonymizes IP addresses in analytics, reflecting a mature privacy posture. The absence of WHOIS data due to malformed responses suggests privacy protection, which is reasonable for a public health entity. No critical vulnerabilities or suspicious content were detected, indicating a generally secure and trustworthy platform. Overall, Diabetesnetz Deutschland presents a credible, well-maintained, and professionally managed website that aligns with its public health mission. Strategic improvements in security headers, incident response transparency, and WHOIS data availability could further enhance trust and compliance.

M

Members Village

membersvillage.com

53

Members Village is a Canadian-based software provider specializing in association management solutions. Their platform offers a comprehensive suite of integrated applications including CRM, website building, payment processing, event management, and email marketing tailored for associations and nonprofits. The company positions itself as a niche SaaS provider focused on simplifying and enhancing association operations with modern, user-friendly tools. Technically, the website employs a modern tech stack with Bootstrap 5, jQuery, and Google services integration, delivering a good user experience with mobile optimization and clear navigation. Security posture is adequate with HTTPS and bot protection via reCAPTCHA, but lacks advanced security headers and published security policies. Privacy compliance is partial, with privacy and terms pages present but no cookie consent mechanism detected. WHOIS data is transparent and consistent with the business claims, supporting legitimacy. Overall, the website is professional, trustworthy, and well-positioned in its market niche.

L

Let's Make Your Website Amazing

ottawawebdesign.ca

46

Ignite Web Solutions, operating under the brand 'Let's Make Your Website Amazing', is a small Canadian technology service provider specializing in custom responsive web design, CRM, and database solutions primarily targeting associations, small and medium businesses, and charities in Ottawa and beyond. The company has a strong local market position with over 100 projects completed and more than $200 million in transactions processed, demonstrating significant operational experience and client trust. Their business model focuses on delivering comprehensive digital platforms including web hosting, SEO, branding, and e-commerce, supported by a free strategy call to engage potential clients. Technically, the website employs modern web technologies such as Bootstrap 5, jQuery, and Google reCAPTCHA, ensuring a responsive and user-friendly experience. The site is well-structured with good SEO and accessibility practices, though performance is moderate. Hosting and domain registration are managed by Rebel.ca Corp., with domain age consistent with the company's operational history. However, some technical security enhancements like DNSSEC and security headers are missing. From a security perspective, the site benefits from HTTPS and spam protection via reCAPTCHA, but lacks published privacy and cookie policies, which are critical for GDPR compliance and user trust. No incident response or vulnerability disclosure information is provided, representing an area for improvement. The WHOIS data is privacy protected but shows no suspicious patterns, supporting the legitimacy of the domain. Overall, the website is professional, trustworthy, and well-positioned in its niche, but would benefit from enhanced privacy compliance and security best practices to further strengthen its risk posture and user confidence.

K

Kalthoff & Kollegen

kalthoff-kollegen.de

58

Kalthoff & Kollegen is a well-established German professional services firm specializing in tax advisory, business consulting, and legal services. Operating in multiple cities, the company targets SMEs, medical professionals, entrepreneurs, and private individuals. The firm holds reputable certifications such as the DStV-Qualitätssiegel and Digital DATEV-Kanzlei, underscoring its commitment to quality and digital transformation. Their service portfolio is comprehensive, covering digital tax consulting, compliance, payroll, legal advice, and corporate consulting. The website reflects a mature digital presence with modern technologies and a professional design, supporting their market position as a trusted regional leader. Technically, the website is built on Joomla CMS with Bootstrap and jQuery frameworks, incorporating interactive elements like sliders and app promotion. The site is mobile-optimized and SEO-friendly but lacks explicit privacy and terms of service pages. Security-wise, HTTPS is used, and CSRF tokens are present, but security headers and incident response information are missing, indicating room for improvement in security posture. No WAF or blocking mechanisms were detected, and no vulnerabilities were apparent in the provided content. Overall, the website demonstrates a solid business and technical foundation with good trust indicators. However, enhancements in privacy compliance, security policies, and transparency would strengthen their security and compliance standing. The absence of direct contact emails and postal addresses on the main page suggests potential improvements in contact accessibility. Strategic recommendations include publishing comprehensive privacy and security policies, implementing security headers, and establishing a vulnerability disclosure process to enhance trust and compliance.

S

SWR Media Services GmbH

swr3tickets.de

52

SWR Ticketservice, operated by SWR Media Services GmbH, is a regional German media-related ticketing platform specializing in event ticket sales for SWR-branded concerts and festivals. The website provides comprehensive event information and ticket purchasing options targeting the general public interested in cultural and music events. Technically, the site is built on TYPO3 CMS with Bootstrap frontend, leveraging modern JavaScript libraries such as jQuery and Photoswipe for enhanced user experience. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Security-wise, the site uses HTTPS and implements cookie consent mechanisms with Matomo analytics for privacy-respecting user tracking. However, it lacks explicit security policies and incident response contacts, and security headers are not evident, indicating room for improvement. Overall, the domain registration data aligns well with the business identity, supporting legitimacy and trustworthiness.

S

Indikatori za Ciljeve održivog razvoja

sdgmontenegro.me

62

The website www.sdgmontenegro.me serves as an official or semi-official platform providing data and indicators related to the United Nations Sustainable Development Goals (SDGs) specifically for Montenegro. It offers users access to indicator data, downloadable datasets, news, and publications related to SDG progress. The target audience includes government agencies, researchers, policymakers, and the general public interested in sustainable development metrics. The platform is built on the Open SDG framework, leveraging modern web technologies such as Bootstrap, jQuery, Chart.js, and Leaflet for interactive data visualization and mapping.

PlusPunktZeit is a community-oriented cultural platform operated by the City of Lörrach's Department of Culture and Tourism, primarily targeting senior citizens and local residents. The website offers a variety of programs including cultural events, excursions, movement and relaxation activities, digital literacy workshops, and educational lectures. It serves as a local government initiative to promote community engagement and cultural participation. Technically, the website employs modern frontend technologies such as Bootstrap 5, jQuery, and DMX App Connect components, with a backend powered by Parse Server. The site is hosted by Infomaniak, a reputable hosting provider. The design is responsive and user-friendly, with dynamic content loading from the backend. However, some technical improvements could be made in SEO and accessibility. From a security perspective, the site uses HTTPS and does not expose sensitive data in the HTML. However, no security headers were detected, and there is no visible cookie consent mechanism, which are areas for improvement. No incident response or security policy information is published, and no vulnerability disclosure policy is present. Overall, the website is trustworthy and professionally maintained, reflecting its public sector nature. Strategic recommendations include implementing security headers, adding cookie consent, publishing security and incident response policies, and enhancing contact information visibility to improve user trust and compliance.

C

Catcha

avida.fi

60

Catcha.fi operates as a specialized domain sales and leasing platform focusing on Finnish .fi domains. The company, registered in Finland and founded in 2022, offers domain purchase, leasing, backorder, and selling services targeting individuals and businesses interested in Finnish domain names. The website presents a professional and consistent brand image with clear business information and contact details, positioning itself as a niche player in the domain marketplace sector. Technically, the website is built on WordPress with modern frameworks such as Bootstrap 5 and integrates Google Tag Manager and Google reCAPTCHA for analytics and security. Hosting appears to be on Amazon AWS infrastructure, ensuring reliable performance. The site is mobile-optimized and SEO-friendly, with good navigation and content quality. From a security perspective, the site enforces HTTPS and uses CAPTCHA to protect forms, but lacks DNSSEC and explicit security headers, which are recommended for enhanced security. Privacy compliance is partially addressed with a clear privacy policy, but the absence of a cookie consent mechanism may pose GDPR compliance risks. No signs of malicious activity or vulnerabilities were detected. Overall, Catcha.fi demonstrates a solid business and technical foundation with room for security and privacy improvements. The domain registration details align well with the business claims, supporting legitimacy and trustworthiness.

T

Truyo

truyo.ai

66

Truyo is a mature technology company founded in 2011, specializing in AI governance and compliance solutions. Their platform offers comprehensive tools to identify, assess, and mitigate AI risks, ensuring organizations adopt AI responsibly and in compliance with evolving regulations. The company targets enterprises and organizations seeking to manage AI usage, risk, and regulatory compliance effectively. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates advanced features such as AI model validation, data de-identification, and framework assessments. The site is well-optimized for SEO, mobile-friendly, and uses reputable third-party services like Google Tag Manager and HubSpot for analytics and marketing. Security-wise, the site enforces HTTPS, uses security headers, and shows no signs of vulnerabilities, although DNSSEC is not enabled. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Overall, Truyo presents a professional, trustworthy, and technically sound digital presence aligned with its business focus on AI governance.

A

Academian

academian.com

60

Academian is a well-established EdTech company founded in 2003, specializing in delivering innovative digital learning solutions and services. Their offerings include strategic consulting, technology solutions, publishing, learning design, and staffing solutions, targeting K-12 learners, higher education, workforce upskilling, and EdTech sectors. The company emphasizes digital transformation and DEIB (Diversity, Equity, Inclusion, and Belonging) commitments, positioning itself as a partner for educational institutions and organizations seeking transformative learning experiences. Technically, the website is built on WordPress with modern frameworks like Bootstrap and uses popular JavaScript libraries for enhanced user experience. SEO and mobile optimization are well implemented, though accessibility could be improved. Security posture is good with HTTPS and domain transfer protections, but lacks advanced security headers and explicit incident response policies. Privacy compliance is partially addressed with privacy and cookie policies, but lacks explicit consent mechanisms. Overall, the website reflects a credible and professional business with strong market positioning in the EdTech industry.

The Universalschlichtungsstelle des Bundes is an official German federal arbitration body providing neutral dispute resolution services to consumers and businesses. The website clearly communicates its mission to help resolve disputes out of court, targeting both consumers and companies. It operates as a government-affiliated entity, offering services such as case submission and informational resources. The site is built on TYPO3 CMS with modern web technologies and includes multilingual support, enhancing accessibility and user experience. Technically, the website employs a solid infrastructure with TYPO3 CMS, Bootstrap 5, and Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is good with HTTPS enforced and a comprehensive cookie consent mechanism, although explicit security headers and a published security policy are absent. No vulnerabilities or exposed sensitive data were detected. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. The domain registration data aligns well with the website's official nature, supporting legitimacy. However, the absence of terms of service and incident response information suggests areas for improvement in transparency and security readiness. Strategic recommendations include implementing security headers, publishing a security policy and incident response contacts, and establishing a vulnerability disclosure process to enhance trust and security posture further.

T

Truyo

truyo.com

67

Truyo is a technology company specializing in AI governance and privacy compliance solutions. Their platform offers comprehensive services including AI inventory, risk management, consent and preference management, data privacy automation, and vendor risk assessments. Recognized by industry leaders such as IAPP and Forrester, Truyo targets enterprise clients seeking to manage AI risks and comply with evolving data privacy regulations globally. The website demonstrates a mature digital presence with modern technologies, responsive design, and strong SEO practices. Security posture is solid with HTTPS and basic security headers, though additional enhancements are recommended. No critical vulnerabilities or blocking mechanisms were detected, indicating a trustworthy and accessible platform. Overall, Truyo presents as a credible and professional business with a clear focus on AI governance and privacy compliance.

M

Mississippi State University

msstate.edu

59

Mississippi State University operates a comprehensive and professionally designed website that serves a broad audience including prospective and current students, faculty, staff, alumni, and visitors. The institution is positioned as a large, well-established public research university in the United States, offering extensive academic programs, research initiatives, and community engagement. The website leverages a modern technology stack centered on Drupal 8, enhanced with multiple analytics and marketing tools such as Google Analytics, Microsoft Clarity, Facebook Pixel, and Marketo. Security posture is strong with HTTPS enforced and reputable third-party scripts, though some security headers and policies could be improved. Privacy compliance is partially addressed with a clear privacy policy but lacks a cookie consent mechanism. WHOIS data is incomplete, likely due to querying the subdomain rather than the root domain, but the website's branding and content strongly support legitimacy. Overall, the site demonstrates high professionalism, trustworthiness, and technical maturity.

C

CentroFinance, s.r.o.

ofin.cz

50

CentroFinance, s.r.o. operates the website ofin.cz, providing non-bank loan services primarily targeting individuals in the Czech Republic. The platform offers quick online loan applications, contract signing in a client zone, and fast disbursement of loans ranging from 1,000 to 30,000 CZK. The company holds a license from the Czech National Bank and is a member of the Asociace poskytovatelů nebankovních úvěrů, indicating regulatory compliance and industry recognition. The website is professionally designed with good content quality and clear navigation, supporting a positive user experience.

R

Rerum Finance s.r.o

rerum.cz

52

Rerum Finance s.r.o operates the website rerum.cz, providing fast and accessible non-bank loans primarily targeting individual consumers in the Czech Republic. The business model focuses on online loan applications with quick approval and disbursement, offering loans up to 30,000 CZK with flexible repayment options. The company positions itself as a convenient alternative to traditional banking loans, emphasizing speed and ease of access. Technically, the website employs modern web technologies including Bootstrap 5, noUiSlider, jQuery, and integrates multiple analytics and tracking tools such as Google Analytics, Microsoft Clarity, and Cookiebot for consent management. The site is mobile responsive and well-structured, with good SEO practices and user experience. However, some accessibility features could be improved. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks visible security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the content. The absence of WHOIS data for the domain reduces trustworthiness and raises questions about domain registration transparency. Overall, the website is professional and trustworthy in appearance, with good business credibility and user experience. The main risks relate to missing WHOIS transparency and incomplete privacy and security documentation. Strategic improvements in these areas would enhance compliance and trust.

L

LINUS WITTICH Medien Gruppe

wittich.de

65

LINUS WITTICH Medien Gruppe is a well-established German media company specializing in local newspapers, magazines, and digital media services. With over 60 years of history and multiple locations across Germany and Austria, it serves a broad audience including citizens, municipalities, businesses, and tourism sectors. The company offers a comprehensive portfolio of print and digital products, advertising solutions, and related services, supported by a strong online presence and multiple specialized portals. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap 5 and integrates various JavaScript libraries for enhanced user experience. The site is mobile-optimized, accessible, and SEO-friendly. Google Analytics is used with IP anonymization, and cookie consent mechanisms are implemented, reflecting good privacy compliance. From a security perspective, the site enforces HTTPS, uses cookie consent with opt-in/out, and avoids exposing sensitive data. However, explicit security headers are not clearly visible in the HTML source and could be improved. No vulnerabilities or suspicious activities were detected. The WHOIS data aligns well with the business claims, supporting legitimacy and trust. Overall, LINUS WITTICH Medien Gruppe presents a professional, secure, and user-friendly digital footprint with strong business credibility. Strategic improvements in security headers and public security policies could further enhance their security posture.

A

Autopay RS sp. z o.o.

autopayglobal.com

73

Autopay RS sp. z o.o. operates the Autopay Global platform, providing a unified payment solution that simplifies global payment processing through a single API integration. The company targets businesses seeking to optimize payment acceptance, reduce costs, and ensure compliance across multiple markets. The website demonstrates a strong market position with endorsements from major financial institutions and highlights key services such as smart routing, multi-currency support, and fraud detection. Technically, the site employs modern frameworks like Bootstrap 5, uses Amazon AWS for hosting, and integrates privacy and analytics tools such as Consentmanager.net and Plausible Analytics. Security posture is robust with PCI DSS compliance, tokenization, and 3D Secure authentication, though there is room for improvement in security headers and incident response transparency. Overall, the website is professional, well-structured, and compliant with GDPR, reflecting a credible and trustworthy business presence.

A

Autopay S.A.

autopay.ro

70

Autopay S.A. is a well-established payment processing and fintech solutions provider operating primarily in Romania and Europe. The company offers a broad range of services including card processing, 3DS authentication, API support, and data-driven payment products. It holds important certifications such as PCI DSS and PCI 3DS and is supervised by the Polish Financial Supervision Authority, indicating a strong regulatory compliance posture. The website is professionally designed, mobile-optimized, and provides comprehensive cookie consent mechanisms aligned with GDPR requirements. Technical infrastructure leverages modern frontend frameworks like Vue.js and Bootstrap, with analytics implemented via Matomo and Google Tag Manager. Security practices include HTTPS enforcement and certified payment processing standards, though HTTP security headers could be improved. Overall, the domain registration and WHOIS data are consistent with the business claims, supporting legitimacy and trustworthiness.

A

Autopay S.A.

autopay.eu

74

Autopay S.A. is a well-established payment processing company founded in 1999, offering a broad range of payment solutions including card processing, 3DS authentication, and data-driven insights. The company targets businesses such as e-commerce platforms, fintechs, and payment service providers, positioning itself as a trusted partner with regulatory supervision and certifications like PCI DSS. The website reflects a mature digital presence with modern technologies like Vue.js and Bootstrap, integrated analytics, and a strong cookie consent mechanism. Security posture is robust with HTTPS, security headers, and no visible vulnerabilities. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

B

Bezvafinance s.r.o.

hyperfinance.cz

66

Hyperfinance.cz is a Czech Republic based financial product comparison and brokerage portal operated by Bezvafinance s.r.o., licensed by the Czech National Bank. The website offers comprehensive comparison services for loans, mortgages, accounts, and insurance products, targeting consumers seeking to save time and money by selecting optimal financial products online. The platform features a professional design, clear navigation, and a broad portfolio of partner financial institutions, establishing a strong market presence with over 235,000 clients annually and more than 10 years in the finance sector. Technically, the site employs modern web technologies including Bootstrap 5, jQuery, Google Tag Manager, and Facebook Pixel, ensuring a responsive and user-friendly experience. Security posture is solid with HTTPS enforcement and security headers, although explicit security policy and incident response contacts are not published. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. However, the absence of WHOIS domain registration data reduces domain trustworthiness from a registration perspective. Overall, the website is a credible and professional financial services platform with room for improvement in transparency and contact information.

Z

Zaplo

zaplopujcky.cz

55

Zaplo.cz is a Czech financial services website specializing in fast, tailored loans for individuals. Established in 2017, it operates with a moderate digital maturity, leveraging modern web technologies such as Bootstrap 5 and Google Tag Manager. The website demonstrates good content quality and user experience, with a clear focus on loan services tailored to the Czech market. Technically, the site is hosted likely via WEDOS, uses HTTPS, and implements a comprehensive cookie consent mechanism compliant with GDPR standards. Security posture is adequate with HTTPS and consent management, though lacks explicit security headers and dedicated security policy pages. Overall, the site is legitimate, with no blocking or WAF interference detected, and integrates multiple third-party analytics and advertising platforms with user consent.

O

Ortsgemeinde Asbach

ortsgemeinde-asbach.de

58

Ortsgemeinde Asbach operates as a local government portal serving the community of Asbach in the Westerwald region of Germany. The website provides residents and visitors with comprehensive information about local events, community services, administrative contacts, and cultural highlights. It positions itself as a family-friendly, lively, and welcoming municipal site, emphasizing community engagement and local identity. Technically, the website is built on modern web technologies including Bootstrap 5, jQuery, FontAwesome, and the Bolt CMS platform. It is mobile-optimized and features a clear navigation structure with good SEO practices. The site uses HTTPS with an excellent SSL configuration, ensuring secure data transmission. Analytics are handled via Plausible, a privacy-focused service, indicating a moderate approach to user tracking. From a security perspective, the site enforces HTTPS but lacks explicit security headers and published security policies or incident response contacts. No cookie consent mechanism was detected, which is a gap in GDPR compliance. No vulnerabilities or suspicious content were found, and the WHOIS data aligns well with the website's governmental nature, indicating legitimacy and trustworthiness. Overall, the website is a well-maintained municipal portal with good content quality and technical implementation. Strategic improvements in privacy compliance and security policy transparency would enhance its security posture and regulatory adherence.

A

Autopay

autopay.pl

70

Autopay.pl is a well-established Polish payment solutions provider founded in 2015, offering a range of services including online payments for e-commerce, fleet management solutions, and prepaid phone top-ups. The company targets both business and individual customers primarily in Poland and Europe, positioning itself as a reliable and certified payment service provider with regulatory endorsements from NBP and KNF. The website demonstrates a mature digital presence with modern technologies such as Vue.js and Bootstrap, integrated analytics, and a comprehensive cookie consent mechanism ensuring GDPR compliance. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although some security headers could be improved. Privacy policies are comprehensive and accessible, but explicit contact information and security incident response details are not readily found on the main site. Overall, the site is professional, trustworthy, and optimized for mobile users, supporting Autopay's market position as a credible payment service provider.

W

Wirtschaftsförderung im Landkreis Neuwied GmbH

wfg-nr.de

55

Wirtschaftsförderung im Landkreis Neuwied GmbH is a regional economic development organization focused on promoting the economic strengths and tourism of the Neuwied district in Germany. The website presents a professional and well-structured digital presence using Joomla CMS and modern frontend technologies. It targets local businesses, startups, students, and regional stakeholders with services including economic promotion, tourism, regional development, and networking projects. The organization maintains active social media channels and provides clear privacy and cookie policies compliant with GDPR. Technically, the site uses HTTPS, Google Analytics with IP anonymization, and a cookie consent mechanism, reflecting a moderate to good digital maturity level. Security posture is adequate but could be improved by adding explicit security headers and publishing security policies or incident response information. Overall, the website is trustworthy, safe, and professionally maintained, serving its public sector mission effectively.

P

Privacy Coalitie

privacycoalitie.org

51

Privacy Coalitie is a Dutch non-profit coalition advocating for enhanced digital privacy and privacy-friendly alternatives in the Netherlands. Founded in 2022, it brings together multiple organizations and individuals to promote awareness, responsible data use, and societal dialogue on digital privacy. The coalition positions itself as a thought leader aiming to influence both policy and public behavior towards a more privacy-respecting digital society. The website serves as an informational and advocacy platform, providing a manifesto, member lists, and contact points for engagement. Technically, the website uses modern frontend technologies including Bootstrap 5 and jQuery 3.6.0, hosted by Combell NV. The site is mobile responsive with good navigation and content structure. However, no CMS or advanced backend technologies are detected. Performance is moderate with basic accessibility and SEO optimizations in place. No analytics or tracking scripts are present, reflecting a privacy-conscious approach. From a security perspective, the site uses HTTPS and has clientTransferProhibited domain status, but lacks DNSSEC and security headers, which are recommended for improved security posture. No privacy or cookie policies are published, representing a compliance gap with GDPR best practices. Contact is provided solely via email, with no forms or phone numbers. No incident response or vulnerability disclosure mechanisms are evident. Overall, the website is trustworthy and professional for its advocacy purpose but would benefit from enhanced privacy compliance documentation and improved security hardening. The domain registration is consistent and legitimate, supporting the coalition's credibility.

G

Groupe Ficade

groupeficade.fr

59

Groupe Ficade is a French-based international media and communication group operating in over 50 countries, specializing in B2B media, audiovisual content, events, consulting, and training services. The company targets professional communities and businesses, providing platforms for information and communication to support business growth and networking. The website reflects a mature digital presence with a professional design and clear navigation, supporting the company's market position as a diversified media and consulting group. Technically, the website is built on Joomla CMS with modern frameworks such as Helix Ultimate and Bootstrap 5, incorporating popular JavaScript libraries for enhanced user experience. Hosting is provided by OVH, a reputable provider, and the site uses HTTPS with a good SSL configuration. Performance is moderate with good mobile optimization, though accessibility features could be improved. From a security perspective, the site employs HTTPS and CSRF tokens in forms, but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is addressed with a GDPR-compliant privacy policy and cookie consent mechanism. Analytics usage is moderate, primarily via Google Analytics and Google Tag Manager. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation. Strategic recommendations include enhancing security headers, publishing a security policy, and improving accessibility to further strengthen trust and compliance.

B

Bountii

bountii.net

62

Bountii is a newly launched e-commerce platform specializing in aggregating coupons, promo codes, and daily deals across a wide variety of categories and stores. The website targets general consumers looking for discounts and savings, leveraging affiliate marketing as its primary business model. The platform is positioned as a niche coupon aggregator with a consistent brand presence and a good quality content offering. Technically, the site employs modern web technologies including Bootstrap, jQuery, Algolia search, and multiple analytics and tracking tools such as Google Tag Manager, Microsoft Clarity, and Sentry for error monitoring. The site is hosted and registered via Cloudflare, ensuring reliable DNS and HTTPS support. Security posture is moderate with HTTPS enforced and some security headers present, but lacks advanced DNS security features like DNSSEC and comprehensive privacy policies. No direct contact or incident response information is publicly available, which could be improved to enhance trust. Overall, the site is safe for general audiences with no adult or explicit content detected.

O

osb international

osb-i.com

55

osb international is a medium-sized consulting firm based in Germany, specializing in systemic consulting, organizational design, leadership development, and change management. The company targets organizations and family businesses, offering coaching, seminars, and strategy consulting services. The website is professionally designed using TYPO3 CMS and modern frontend technologies, providing a good user experience with mobile optimization and clear navigation. The presence of a detailed cookie consent mechanism indicates a commitment to privacy compliance, including GDPR. However, the absence of WHOIS data for the domain www.osb-i.com raises concerns about domain legitimacy and registration status, which should be verified to ensure trustworthiness. Security posture is strong with HTTPS and cookie consent, but the site lacks explicit security policies and incident response information. Overall, the website is functional, professional, and privacy-aware but would benefit from enhanced transparency and verified domain registration.

T

Think Blue Data

thinkbluedata.com

47

Think Blue Data is a technology service provider specializing in interactive data experiences, custom data tools, and workflows tailored to client branding. Founded in 2012, the company positions itself as a niche player in data visualization and big data integration, targeting businesses seeking to transform complex data into actionable insights. The website is built on Drupal 10 with modern front-end frameworks and big data technologies, hosted by GoDaddy. The site demonstrates good design quality, mobile optimization, and accessibility, but lacks explicit privacy and cookie policies, as well as security headers and incident response information. The domain registration is consistent with the business age and shows no suspicious patterns. Overall, the website is professional and trustworthy but could improve compliance and security posture.

B

BIO COMPANY SE

biocompany.de

50

BIO COMPANY SE operates as a regional organic supermarket chain primarily serving Berlin, Brandenburg, and Sachsen since 1999. The company focuses on providing high-quality, sustainable, and regional organic food products, supported by a strong online presence including an e-commerce shop, newsletter, and customer loyalty programs. Their market position is that of a trusted regional leader in organic retail with a medium-sized business footprint. Technically, the website employs modern web technologies such as Bootstrap, jQuery, and Swiper.js, alongside specialized services like Matomo for analytics, Brevo for newsletters, and Uberall for store location mapping. The site is hosted on rzone.de infrastructure and uses a MODX CMS platform. Performance and mobile optimization are good, with a comprehensive cookie consent mechanism ensuring GDPR compliance. From a security perspective, the site enforces HTTPS, uses Google reCAPTCHA to protect forms, and manages cookie consent effectively. However, it lacks publicly available formal security policies and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The domain registration data is consistent with the business claims, indicating legitimacy and trustworthiness. Overall, BIO COMPANY SE's website is professional, secure, and compliant with privacy regulations, supporting its business credibility and customer trust. Strategic improvements could focus on publishing formal security policies and enhancing security headers to further strengthen the security posture.

Sanatorium plastické a estetické chirurgie Chotoviny is a specialized healthcare provider focused on plastic and aesthetic surgery, serving a primarily Czech and international clientele. The company offers a broad range of surgical and laser procedures, rejuvenation treatments, and hand and vascular surgeries, supported by a professional team with over 30 years of experience. Their business model includes direct patient consultations, surgical services, and an e-commerce platform for gift vouchers and related products. The website is professionally designed, mobile-optimized, and includes client testimonials and external review integrations, enhancing trust and credibility. Technically, the website employs modern web technologies such as Bootstrap 5, jQuery, FontAwesome, and integrates third-party services including Google Analytics, Facebook Customer Chat, and Packeta shipping widgets. The site is hosted on a Czech hosting provider and demonstrates good performance and SEO practices. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and clear privacy and terms of service pages. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent aligned with GDPR. However, no explicit security headers were detected, and no security.txt or incident response information is published, which are areas for improvement. The absence of WHOIS data for the domain is a notable concern, reducing trust from a domain registration standpoint, though the website content and external reviews support legitimacy. Overall, the website presents a professional and trustworthy front for the business, with moderate technical and security maturity. Strategic improvements in domain registration transparency and security policy publication would enhance trust and compliance.

I

International Federation of Mountain Guides Associations

ifmga.info

52

The International Federation of Mountain Guides Associations (IFMGA) is a globally recognized non-profit federation that represents professional mountain guides and coordinates national member associations. The organization focuses on maintaining high standards in training, certification, and safety for mountain guides worldwide. Their website reflects a professional and consistent brand presence, targeting professional guides and related stakeholders. Technically, the site is built on Joomla CMS with modern frontend technologies and is hosted via GoDaddy. The site is responsive and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS and domain locking, but lacks DNSSEC and formal privacy and cookie policies, which are compliance gaps. No signs of blocking or WAF interference were detected, and the domain registration is consistent and legitimate. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and DNS security.

A

ASFAC

asfac.pt

56

ASFAC is a Portuguese association representing specialized credit institutions, focusing on industry representation, financial education, legislative updates, and statistical information. The website serves as an information hub for consumers and financial entities interested in specialized credit. Technically, the site is built on WordPress with Bootstrap and jQuery, incorporating modern analytics (Matomo) and a robust cookie consent mechanism (Cookiebot), reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities, though formal security and incident response policies are not published. Overall, the site is professional, compliant with GDPR, and trustworthy, with room for improvement in explicit security policy disclosures and contact information transparency.

E

European Automobile Manufacturers' Association

futuredriven.eu

59

The website represents the European Automobile Manufacturers' Association (ACEA) and serves as a platform to promote their #FutureDriven initiative focused on the EU automotive industry's future, sustainability, and mobility revolution. It provides policy recommendations, manifestos, and multimedia content targeting policymakers, industry stakeholders, and the public. The technical infrastructure is built on WordPress with modern plugins and frameworks, ensuring good performance and SEO optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and incident response contacts are missing. Overall, the site is professional, trustworthy, and compliant with GDPR, reflecting a mature digital presence for a large industry association.

Á

Área Metropolitana de Lisboa

aml.pt

47

Área Metropolitana de Lisboa (AML) is a regional government organization coordinating development policies across 18 municipalities in the Lisbon metropolitan area. The website serves as an official portal providing information on regional initiatives, cultural events, social development, and transport authority functions. AML holds a key position as a metropolitan authority facilitating economic, social, and environmental strategies in coordination with local governments. The site targets residents, local authorities, and stakeholders interested in regional development and public services. Technically, the website is built on WordPress with Bootstrap and jQuery, optimized for performance using WP Rocket, and supports multilingual content via Weglot. It employs modern web standards, including HTTPS, CSP, and cookie consent mechanisms, ensuring a secure and privacy-compliant user experience. Security posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy and cookie policies are comprehensive and GDPR compliant. Overall, the website reflects a professional, trustworthy, and well-maintained digital presence for a government entity.

K

Közös Értékeink Program

kozosertekeink.hu

49

The Közös Értékeink Program website serves as an informational and support platform for a Hungarian non-profit initiative funded by the European Union. It focuses on supporting civil organizations that promote fundamental rights and values within the EU framework. The site is built on Drupal 10, employs modern web technologies, and provides a good user experience with mobile optimization and accessibility features. While the site lacks direct contact information and dedicated security or terms pages, it maintains a moderate security posture with HTTPS and cookie consent mechanisms. The domain registration aligns well with the program's recent launch, and partner organizations add credibility. Overall, the website is professional, trustworthy, and serves its target audience effectively.

E

ENVIPARTNER, s.r.o.

wegas.cz

48

ENVIPARTNER, s.r.o. operates the WEGAS platform, a Czech GIS web portal tailored for municipalities to manage and share spatial data online. The platform offers modular GIS solutions, including a mobile data collection app, and targets local governments with a SaaS business model featuring a free trial and usage-based pricing. The website is professionally designed, mobile-optimized, and uses modern web technologies such as WordPress, Bootstrap, and Leaflet.js. Security posture is good with HTTPS and some best practices, though improvements are recommended in security headers and formal policies. The domain registration is consistent with the business entity and country, supporting legitimacy. Overall, the site is trustworthy, content-rich, and well-positioned in its niche market.

M

Muzeum regionu Boskovicka, p. o.

muzeum-boskovicka.cz

56

Muzeum regionu Boskovicka is a regional museum based in Boskovice, Czech Republic, offering a variety of exhibitions, educational programs, and cultural events focused on local history, archaeology, and Jewish heritage. The museum targets a broad audience including families, school groups, and cultural tourists, operating as a non-profit cultural institution. The website is built on Drupal 9 with Bootstrap 5, featuring modern design and good mobile optimization. It integrates Google Analytics and CookieHub for analytics and cookie consent management. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers could be improved. WHOIS data is unavailable, limiting domain trust verification, but the website's professional presentation and clear contact information support legitimacy. Overall, the site is well-structured, informative, and compliant with GDPR requirements.

H

Hoermann

hoermann-akademie.com

62

Hoermann-Akademie is an educational platform affiliated with the Hoermann brand, providing training and knowledge resources primarily targeting professionals and learners in Germany. The website uses modern web technologies including Vue.js, Bootstrap 5, and Kendo UI, indicating a moderate level of digital maturity. The site is mobile optimized and moderately performant but lacks advanced SEO and accessibility features. Security posture is adequate with HTTPS enforced and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website is legitimate and professionally branded but could improve in privacy and security practices to better align with GDPR and industry standards.

K

Kultura Boskovice

kulturaboskovice.cz

50

Kultura Boskovice operates a well-structured cultural event website serving the Boskovice region in the Czech Republic. The site provides comprehensive listings of cultural events, including concerts, theater, festivals, and courses, targeting local residents and visitors interested in cultural activities. The business model is primarily non-profit and community-focused, offering event information and linking to ticket sales via a trusted external platform. The website is built on Drupal 10, leveraging modern web technologies and ensuring good mobile responsiveness and accessibility.

M

MilDef

mildef.com

72

MilDef Group AB is a well-established Swedish company founded in 2001, specializing in rugged IT solutions tailored for military, government, and critical infrastructure sectors. The company operates as a systems integrator providing a full spectrum of hardware, software, and services designed to withstand harsh environments and high-stakes operational contexts. Their market position is strong within defense and security domains, supported by a professional and content-rich website that clearly communicates their offerings and corporate identity. Technically, the website is built on WordPress with modern frameworks such as Bootstrap and employs a comprehensive set of analytics and marketing tools including Google Analytics, HubSpot, and Facebook Pixel. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital presence. Security practices include HTTPS enforcement and use of Google reCAPTCHA, although DNSSEC is not enabled and some security headers appear to be missing. From a security posture perspective, the site demonstrates good practices but lacks explicit security policies and incident response contacts. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms, aligning with GDPR requirements. The domain registration data is consistent with the business claims, showing a long-standing and legitimate presence. Overall, MilDef's website reflects a professional, trustworthy, and secure digital asset supporting their business objectives in a sensitive industry. Minor improvements in DNS security and explicit security disclosures could further enhance their security posture and trustworthiness.

B

Beast gym

beastgym.cz

46

Beast gym is a small fitness and combat sports facility located in Slavkov u Brna, Czech Republic. The business offers a variety of services including gym facilities with quality equipment, combat sports training such as boxing and kickboxing, solarium services, Power Plate conditioning, personal training, and a fitness bar. The website is professionally designed, targeting fitness enthusiasts and local community members interested in health and sports activities. The business appears to be active since at least 2020, with a clear focus on providing comprehensive fitness and wellness services in a local market. Technically, the website is built on WordPress 6.6.2 with a modern tech stack including Bootstrap, jQuery, and various plugins for UI enhancements like carousels and lazy loading. The site is mobile optimized and SEO friendly, with good content structure and metadata. Performance is moderate, with room for improvement in accessibility features. Security posture is decent with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and formal vulnerability disclosure mechanisms. The security evaluation shows no critical vulnerabilities or exposed sensitive data, but the absence of WHOIS data raises concerns about domain registration transparency. The website includes clear contact information and social media presence, enhancing business credibility. Privacy compliance is addressed with a cookie policy and privacy policy linked, indicating GDPR awareness. Overall, Beast gym presents a trustworthy and professional online presence for a local fitness business, but should improve domain registration transparency and enhance security headers to strengthen trust and security posture further.

B

Best Block

bestblock.com

62

Best Block is a medium-sized US-based manufacturer specializing in concrete masonry units and related hardscape products. The company operates multiple manufacturing plants across various states, serving construction professionals and masonry suppliers. Their website is built on WordPress with modern technologies such as Bootstrap and jQuery, featuring a professional design and good content quality. Analytics tools including Google Analytics and Heatmap.it are used for user tracking. Security posture is adequate with HTTPS enabled, but lacks some security headers and explicit privacy/cookie policies. The absence of WHOIS data raises concerns about domain registration legitimacy, though the website content and structure appear professional and trustworthy. Strategic recommendations include improving privacy compliance, adding security headers, and verifying domain registration status.

A

Artfood Traiteur

artfood.be

53

Artfood Traiteur is a small hospitality business specializing in organic and sustainable event catering services based in Brussels, Belgium. The company targets both professional and private clients, offering bespoke catering for weddings, corporate events, and private parties with a strong emphasis on environmental responsibility and quality gastronomy. The website reflects a professional and consistent brand image supported by multiple recognized sustainability certifications. Technically, the site is built on WordPress using modern frameworks like Bootstrap and integrates Google Analytics, Tag Manager, and reCAPTCHA for analytics and security. The security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though security headers and formal security policies are absent. The WHOIS data is restricted by the registry, which is common for privacy protection and justified for this business type. Overall, the website is trustworthy, well-structured, and compliant with privacy norms, though it lacks explicit privacy and terms of service pages.

Mediafin is a prominent Belgian media company specializing in business journalism and related services. Their portfolio includes well-known brands such as De Tijd and L’Echo, targeting business professionals and investors. The company also offers data platforms, PR, advertising, and podcast services, positioning itself as a comprehensive media and communication provider in Belgium. The website reflects a mature digital presence with modern technologies and strong GDPR compliance, including a cookie consent mechanism and privacy policy. Security posture is solid with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not published. The domain WHOIS data is restricted, which is common for media companies, but the website's professionalism and transparency in privacy practices support its legitimacy. Overall, Mediafin demonstrates a strong market position and digital maturity with room for improvement in security transparency and direct contact information.

B

La Bataille de Waterloo - 210è anniversaire

bataillewaterloo.com

47

The website bataillewaterloo.com serves as an informational and promotional platform for the 210th anniversary of the Battle of Waterloo, a significant historical event. It provides visitors with event details, ticket purchasing options, and downloadable guides, targeting history enthusiasts and tourists interested in cultural commemorations. The site is professionally designed with consistent branding and multilingual support, enhancing accessibility for a diverse audience. Technically, it leverages modern web technologies including WordPress CMS, Bootstrap, jQuery, and integrates tracking and marketing tools such as Google Tag Manager and Facebook Pixel. The presence of a cookie consent mechanism indicates awareness of privacy regulations, although formal privacy and terms of service documents are absent. Security posture is adequate with HTTPS enforced, but lacks advanced security headers and vulnerability disclosure mechanisms. The WHOIS data is notably missing, raising concerns about domain registration legitimacy despite the active and professional website presence. Overall, the site is functional and user-friendly but would benefit from enhanced transparency and security practices.

K

KOSYKA, s.r.o.

kosyka.cz

52

KOSYKA, s.r.o. is a well-established Czech manufacturer specializing in cable harnesses, electromechanical assemblies, and component sales, serving industries such as automotive and consumer electronics. The company has a strong market position as one of the largest purely Czech manufacturers in its sector, supported by multiple ISO certifications and memberships in relevant industry associations. Their website reflects a professional and comprehensive digital presence with clear business information and compliance with GDPR and cookie regulations. Technically, the site uses modern frameworks and libraries including Bootstrap, jQuery, and Nette Framework, with integrated analytics and retargeting tools. Security posture is good with HTTPS and cookie consent mechanisms, though some security headers are not visibly implemented. Overall, the site is trustworthy, well-maintained, and aligned with the company's business claims.