Security Directory

U

University of California

universityofcalifornia.edu

71

The University of California website represents a large, well-established public university system with a strong focus on education, research, healthcare, and public service. The site provides comprehensive information about its campuses, health centers, national labs, and outreach programs, targeting students, faculty, researchers, and the general public. Technically, the site is built on Drupal 10, uses modern web technologies, and integrates Google Analytics and social sharing tools. The website is mobile-optimized, accessible, and professionally designed, offering a high-quality user experience. From a security perspective, the site enforces HTTPS and follows several best practices, though explicit security headers and incident response information are not prominently displayed. Privacy and terms of service policies are present and comprehensive, indicating good compliance posture, though a cookie consent mechanism is missing, which could be improved for GDPR compliance. The WHOIS data for the exact queried domain is missing, which is unusual but likely due to querying the 'www' subdomain rather than the root domain. Overall, the site appears legitimate and trustworthy. The risk assessment is moderate with no critical vulnerabilities detected. Strategic recommendations include enhancing security headers, implementing cookie consent, and publishing security policies and incident response contacts to improve transparency and compliance.

M

Missouri Department of Transportation

modot.org

63

The Missouri Department of Transportation (MoDOT) operates as the primary state government agency responsible for transportation infrastructure and services within Missouri. The website serves as a comprehensive portal for residents, travelers, contractors, and businesses, providing critical information on road conditions, projects, permits, and traveler resources. MoDOT maintains a strong market position as the authoritative transportation entity in the state, offering a wide range of services including road maintenance, traveler information, and regulatory compliance support. Technically, the website is built on Drupal 10, leveraging modern web technologies such as Font Awesome 6 and integrating analytics tools like Google Analytics and Facebook Pixel. The site demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Performance is moderate, with a well-structured navigation system and professional design. From a security perspective, the site enforces HTTPS, employs standard security headers, and uses secure forms consistent with Drupal's framework. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a public vulnerability disclosure policy and incident response contact information suggests room for improvement in transparency and security readiness. Overall, MoDOT's website reflects a high level of professionalism and trustworthiness appropriate for a government entity. The lack of WHOIS data limits domain registration trust verification, but the official .org domain and consistent branding support legitimacy. Strategic recommendations include publishing security policies, enhancing incident response visibility, and maintaining ongoing security assessments to uphold trust and compliance.

P

Physio Austria Seminarzentrum & Bildungsreferat

phydelio.at

58

Phydelio.at is the official website for Physio Austria Seminarzentrum & Bildungsreferat, providing continuing education and training services for physiotherapists primarily in Austria. The site offers a comprehensive catalog of seminars, workshops, and educational resources both online and in-person, targeting healthcare professionals seeking professional development. The business is positioned as a reputable and established provider in the physiotherapy education sector, supported by certifications such as ISO 9001 and Ö-Cert, and is affiliated with the parent organization Physio Austria. Technically, the website is built on Drupal 10 with modern web technologies including Bootstrap and FontAwesome, ensuring good mobile optimization, accessibility, and SEO practices. Google Analytics is used for user tracking with a GDPR-compliant cookie consent mechanism in place. The site is served over HTTPS with strong SSL configuration and basic security headers, reflecting a solid security posture. However, explicit security policies and incident response information are not publicly available. Overall, the website demonstrates a professional and trustworthy online presence with clear contact information and social media integration. The security posture is good but could be enhanced by adding vulnerability disclosure and incident response details. The domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

F

Fabasoft AG

fabasoft.com

75

Fabasoft AG is a well-established European technology company specializing in digital business process design and cloud-native enterprise content, records, and business process management solutions. Their flagship platform, the Fabasphere, integrates AI capabilities with secure cloud services to support organizations in digital transformation. The company targets enterprise and government sectors, emphasizing European data sovereignty and compliance. Technically, the website is built on Drupal 10 with modern frameworks and demonstrates excellent performance, mobile optimization, and accessibility. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though explicit incident response and vulnerability disclosure policies are absent. The absence of WHOIS data for the domain is a notable anomaly that impacts trust assessment. Overall, Fabasoft presents a professional, secure, and compliant digital presence with room for improvement in transparency around security incident handling.

O

OneSciencePlace

onescienceplace.org

55

OneSciencePlace is a specialized technology platform designed to provide scalable, extensible, and composable solutions for research computing, data management, and scientific repositories. It targets a broad research ecosystem including principal investigators, educators, HPC administrators, and institutional stakeholders. The platform emphasizes ease of deployment, FAIR principles compliance, and seamless integration with diverse computational and storage backends. Technically, the website is built on Drupal 10 and hosted on AWS infrastructure, demonstrating a modern and flexible technology stack. The site is well-designed, mobile-optimized, and provides rich, relevant content tailored to its audience. Security posture is moderate with HTTPS implied, but lacks DNSSEC and explicit security headers. Privacy and cookie policies are absent, representing compliance gaps. Overall, the domain registration and WHOIS data align well with the business claims, supporting legitimacy and trustworthiness.

Q

Quakeworx

quakeworx.org

56

Quakeworx is a specialized science gateway platform focused on earthquake simulations, providing curated applications, datasets, and pipelines integrated with HPC and cloud computing resources. The platform targets the earthquake science research community, including academic institutions and HPC users, aiming to foster collaboration and advance earthquake science through accessible tools and FAIR publishing. The website is professionally designed using Drupal 10 and hosted on AWS infrastructure, with moderate performance and good mobile optimization. However, it lacks explicit privacy, cookie, and security policies, which impacts its privacy compliance score. Security posture is moderate with no DNSSEC and missing security headers, though institutional Single Sign-On is used for authentication on the staging environment. Overall, the domain registration is consistent and transparent, supporting the legitimacy of the platform.

U

U.S. Department of Energy

energy.gov

84

The U.S. Department of Energy website serves as the official digital presence of a major federal government agency focused on energy policy, scientific research, and national security. The site provides comprehensive information on energy topics, national laboratories, and government initiatives, targeting a broad audience including the general public, researchers, and policymakers. The website demonstrates a high level of professionalism, consistent branding, and clear navigation, reflecting its authoritative status. Technically, the site is built on Drupal CMS with modern web technologies and integrates analytics tools such as Google Analytics and Microsoft Clarity. It is optimized for mobile devices and accessibility, ensuring broad usability. Security is robust with HTTPS enforced, multiple security headers, and clear privacy and vulnerability disclosure policies, indicating a mature security posture. Overall, the website is trustworthy and well-maintained, with no detected vulnerabilities or suspicious content. The lack of WHOIS data is typical for .gov domains and does not detract from the site's legitimacy. Strategic recommendations include maintaining security best practices, updating third-party scripts, and enhancing incident response communications to further strengthen trust and compliance.

N

National Science Foundation

nsf.gov

75

The National Science Foundation (NSF) is an independent federal agency dedicated to supporting science and engineering research and education across the United States. The website serves as a comprehensive portal for funding opportunities, award management, and information about NSF's priorities and initiatives. It targets a broad audience including researchers, educators, students, entrepreneurs, and industry professionals. The NSF holds a strong market position as the primary federal agency for fundamental research funding in science and engineering. The site features consistent branding, professional design, and clear navigation, reflecting its authoritative government status. Technically, the website is built on Drupal 10 and leverages modern analytics and tracking tools such as Google Analytics, CrazyEgg, and DigitalGov Analytics. It employs HTTPS with strong SSL configuration and demonstrates good mobile optimization and accessibility standards. The site integrates USWDS for consistent government web design and uses various scripts for user engagement and analytics. From a security perspective, the site enforces HTTPS and includes a vulnerability disclosure policy, though explicit security headers are not fully visible in the HTML. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies are comprehensive, though cookie consent mechanisms are not prominently implemented. Contact information is clearly provided, enhancing trust and transparency. Overall, the NSF website presents a low-risk profile with strong business credibility and technical maturity. It effectively supports its mission with a secure, accessible, and user-friendly platform. Strategic recommendations include enhancing visible security headers, implementing cookie consent for compliance, and publishing a security.txt file to improve incident response transparency.

P

Physio Austria

physioaustria.at

67

Physio Austria is the national professional association representing physiotherapists in Austria. The website serves as a comprehensive resource for both professionals and patients, offering information on education, events, advocacy, and a therapist search function. The organization positions itself as a key player in the Austrian healthcare sector, focusing on professional development and patient support. Technically, the website is built on Drupal 10, employs modern web technologies, and includes privacy and cookie consent mechanisms aligned with GDPR requirements. Security posture is good with HTTPS enforced and no evident vulnerabilities, though some security headers could be improved. The absence of WHOIS data limits domain registration transparency but does not detract from the site's professional presentation and trustworthiness. Overall, the site is well-maintained, user-friendly, and trustworthy, supporting the organization's mission effectively.

C

California Residential Mitigation Program (CRMP)

earthquakebracebolt.com

71

The California Residential Mitigation Program (CRMP) website provides detailed information about the Earthquake Brace + Bolt (EBB) retrofit program, which offers grants and resources to homeowners of pre-1980 raised foundation homes in California. The program aims to strengthen homes against earthquake damage by providing financial assistance and contractor training. The website is professionally designed using Drupal 10 and integrates modern analytics and tracking tools such as Google Tag Manager, Facebook Pixel, Hotjar, and Crazy Egg. It offers comprehensive content including program rules, retrofit details, contractor resources, and contact information. Security posture is good with HTTPS enforced and no exposed sensitive data, though some security headers and privacy compliance mechanisms like cookie consent are missing. WHOIS data is unavailable due to a malformed response, which slightly reduces trust but the website's government affiliation and professional presentation support its legitimacy. Overall, the site is a reliable resource for earthquake retrofit information and services in California.

G

Global Environment Facility

thegef.org

70

The Global Environment Facility (GEF) website serves as the official platform for an international partnership focused on environmental funding and sustainability initiatives. The site provides comprehensive information about the organization's structure, funding mechanisms, projects, and stakeholder engagement. It targets governments, NGOs, civil society, and private sector partners globally. The website is professionally designed with clear navigation and rich content, reflecting a mature digital presence. Technically, the site is built on Drupal 10 CMS, leveraging modern JavaScript libraries and frameworks such as jQuery and Bootstrap. It integrates Google Analytics and Tag Manager for tracking and uses responsive design techniques to ensure good mobile usability. While performance is moderate, the site is accessible and well-structured. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers in the HTML source, which could be improved. No vulnerability disclosure or incident response information is publicly available, which is common for such organizations but could be enhanced for transparency. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. The lack of WHOIS data due to privacy protection is justified given the organization's international nature. Strategic recommendations include enhancing security headers, publishing security policies, and improving transparency around incident response.

U

Unionen

unionen.se

62

Unionen is a prominent Swedish trade union representing salaried employees in the private sector. The website offers extensive information about membership benefits, legal advice, income insurance, and support for various member categories including students, managers, and self-employed individuals. The organization positions itself as a strong advocate for workplace success, security, and satisfaction. Technically, the website is built on Drupal 10, employs modern JavaScript libraries, and integrates Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is well-structured, mobile-optimized, and accessible, reflecting a mature digital presence. Security-wise, the site enforces HTTPS and cookie consent but lacks explicit security headers and published security policies. WHOIS data for the subdomain www.unionen.se is unavailable, likely because it is a subdomain of unionen.se, which is consistent with the organization's identity. Overall, the website is professional, trustworthy, and compliant with GDPR, serving its audience effectively.

J

JYSK

jysk.de

65

JYSK is a large retail company specializing in furniture and home goods, serving primarily the German market. The website offers both online shopping and in-store purchase options, with features such as Click & Collect and gift card redemption. The company maintains a strong market position with a significant customer base, as evidenced by over 35,000 reviews and a solid aggregate rating. Technically, the website is built on Drupal 10 and leverages modern marketing and analytics tools including Dynamic Yield, Google Tag Manager, and Salesforce Live Agent chat. Hosting is managed via Akamai CDN, ensuring reliable performance and security. Security posture is strong with HTTPS enforced, security headers present, and a comprehensive cookie consent mechanism. However, the site lacks a dedicated security policy and incident response contact information, which are recommended for enhanced trust and compliance. Overall, the website is professional, user-friendly, and trustworthy, with no indications of malicious or suspicious activity.

U

United Nations Development Programme

adaptation-undp.org

51

The website adaptation-undp.org serves as the UNDP Climate Change Adaptation Portal, providing a comprehensive knowledge-sharing platform focused on climate adaptation projects supported by the United Nations Development Programme. It targets governments, development partners, and stakeholders involved in climate adaptation, offering detailed thematic areas and project information. The site is well-branded with UNDP identity and links to official UNDP resources, positioning itself as a leading UN system service provider in climate adaptation globally. Technically, the site is built on Drupal 10 CMS, leveraging modern web technologies including Google Analytics and Tag Manager for tracking, and SecKit for security enhancements. The site demonstrates good mobile optimization, accessibility, and SEO practices, with multimedia content such as videos enhancing user engagement. Performance is moderate with no critical technical issues detected. From a security perspective, the site enforces HTTPS and uses security modules but lacks explicit security headers and visible privacy or cookie policies, which are areas for improvement. The WHOIS data is unavailable due to malformed output, limiting domain registration trust analysis, but the strong UNDP branding and external official links mitigate concerns. No vulnerabilities or exposed sensitive data were found. Overall, the site is professional, content-rich, and trustworthy from a business and user perspective, though it would benefit from enhanced privacy compliance and clearer security policies to improve user trust and regulatory adherence.

B

Brunei Darussalam–Indonesia–Malaysia–Philippines East ASEAN Growth Area

bimp-eaga.asia

53

BIMP-EAGA is a regional economic cooperation initiative involving Brunei Darussalam, Indonesia, Malaysia, and the Philippines, focused on promoting sustainable economic growth through trade, investment, tourism, and green technologies. The website serves as an official information portal targeting government agencies, businesses, and stakeholders in Southeast Asia. Technically, the site is built on Drupal 10 with modern frameworks like Bootstrap and Font Awesome, hosted on A2 Hosting, and includes responsive design and accessibility features. Security posture is moderate with HTTPS enabled and Google Analytics configured with IP anonymization, but lacks security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is professional and trustworthy but could improve in privacy and security transparency.

U

UN Decade on Restoration

decadeonrestoration.org

59

The UN Decade on Restoration website serves as the official platform for the United Nations' global initiative to promote ecosystem restoration. It provides comprehensive information on the importance of restoring ecosystems to support food and water security, mitigate climate change, and prevent environmental degradation. The site targets a broad audience including governments, environmental organizations, restoration practitioners, and the general public. Technically, the website is built on Drupal 10, leveraging modern web technologies and third-party integrations such as Google Tag Manager and Facebook SDK for analytics and marketing. The security posture is solid with HTTPS and standard security practices, though explicit privacy and cookie policies are not found in the provided content, which is a compliance gap. The domain WHOIS data is unavailable, likely due to privacy protection, which is justified for a UN initiative. Overall, the website is professional, trustworthy, and well-positioned as an authoritative source on ecosystem restoration.

L

La Région Auvergne-Rhône-Alpes

laregionvoustransporte.fr

63

La Région vous transporte is the official regional transportation portal for the Auvergne-Rhône-Alpes region in France. It provides comprehensive information on interurban and school transportation services, including trains (TER, Léman Express), buses, carpooling, and traffic updates. The website serves residents and travelers seeking reliable and up-to-date mobility information within the region. The site is well-branded with consistent regional government identity and offers a user-friendly experience with clear navigation and mobile optimization. Technically, the website is built on Drupal 10 CMS and integrates Matomo analytics for privacy-respecting user tracking. It employs modern JavaScript libraries such as Splide.js for carousels and Orejime for cookie consent management. The site uses HTTPS with good SSL configuration but lacks explicit security headers in the provided data. Forms include CSRF protections and autocomplete features enhancing usability. From a security and compliance perspective, the site demonstrates strong privacy practices with a clear cookie consent mechanism and a comprehensive privacy policy aligned with GDPR. However, it lacks a publicly available security policy, incident response contacts, or vulnerability disclosure information. WHOIS data is unavailable, limiting domain trust verification, but the official nature of the content and external partner links support legitimacy. Overall, the website is a professional, secure, and privacy-conscious platform that effectively supports regional transportation needs. Strategic improvements include adding security headers, publishing a security policy, and providing incident response contacts to enhance trust and security posture.

U

United Nations Environment Programme

unep.org

63

The United Nations Environment Programme (UNEP) is a globally recognized authority on environmental issues, operating as a key program under the United Nations. The website reflects UNEP's mission to address climate change, biodiversity, pollution, and sustainable development through comprehensive programs and advocacy. It targets a broad audience including governments, NGOs, and the general public worldwide. The site is well-branded, professionally designed, and offers multilingual support, enhancing its global reach. Technically, the website is built on Drupal 10, leveraging modern web technologies such as asynchronous script loading, Google Tag Manager, and Facebook SDK for enhanced user engagement and analytics. The site demonstrates good performance, mobile optimization, and accessibility features, indicating a mature digital infrastructure. From a security perspective, the site enforces HTTPS and uses reputable third-party scripts responsibly. However, it lacks explicit security headers and a public security policy or vulnerability disclosure page, which are recommended for further strengthening its security posture. The WHOIS data is incomplete, which slightly reduces confidence in domain registration transparency but does not detract from the site's legitimacy given its strong UN affiliation and trust signals. Overall, UNEP's website is a high-quality, trustworthy platform that effectively supports its mission. Strategic improvements in security transparency and WHOIS data completeness would further enhance its credibility and resilience.

U

United Nations Environment Programme

unenvironment.org

63

The United Nations Environment Programme (UNEP) is a globally recognized authority on environmental issues, operating under the United Nations umbrella. The website serves as a comprehensive platform for environmental programs focusing on climate action, nature conservation, pollution control, and sustainable development. It targets a broad audience including governments, NGOs, civil society, and the general public. UNEP holds a strong market position as a leading international environmental organization with extensive partnerships and a clear mission. Technically, the website is built on Drupal 10, leveraging modern web technologies such as jQuery, Font Awesome, Google Tag Manager, and Facebook SDK. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The infrastructure reflects a mature digital presence suitable for a large international organization. From a security perspective, the site enforces HTTPS and uses modern libraries without exposing sensitive data. However, it lacks explicit security headers and published security policies or incident response information, which are recommended for enhanced security posture. Privacy and cookie policies are present and comprehensive, indicating good compliance with GDPR and related regulations. Overall, the website is professional, trustworthy, and well-maintained, with minor areas for improvement in security transparency and technical optimization. The incomplete WHOIS data does not detract significantly from the site's legitimacy given its strong UN affiliation and consistent branding.

B

Banque de France / Mes questions d'argent

mesquestionsdargent.fr

55

The website 'Mes questions d'argent' is a French national financial education portal affiliated with Banque de France. It provides comprehensive educational content on budgeting, banking, taxes, debt management, and social aids, targeting the general French public including students and families. The site is well-branded, consistent, and offers a professional user experience with clear navigation and relevant content. Technically, it is built on Drupal 10 with modern web technologies and includes privacy and cookie consent mechanisms. Security posture is good with HTTPS and reCAPTCHA integration, though additional security headers could enhance protection. WHOIS data is unavailable, which slightly impacts trust but the site's affiliation with Banque de France supports legitimacy. Overall, the site is a trustworthy, authoritative resource for financial literacy in France.

R

Région Auvergne-Rhône-Alpes

auvergnerhonealpes.fr

56

The website www.auvergnerhonealpes.fr is the official institutional portal for the Auvergne-Rhône-Alpes regional government in France. It provides comprehensive information about regional governance, public services, aids, news, and events targeted at residents, professionals, students, and public entities within the region. The site is well-branded and professionally designed, reflecting its status as a government entity. Technically, it is built on Drupal 10 CMS, leveraging modern web technologies such as lazy loading images and Matomo analytics for privacy-conscious tracking. The site is mobile-optimized and accessible, with clear navigation and structured content. From a security perspective, the website enforces HTTPS and employs cookie consent mechanisms compliant with GDPR. However, it lacks explicit security headers and a published security policy or incident response page. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data for the domain is unavailable, which is common for domains under AFNIC registry or due to privacy protections, but the website's content and official branding strongly support its legitimacy. Overall, the site demonstrates a mature digital presence for a regional government entity, balancing user experience, privacy, and security reasonably well. Strategic improvements could include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure mechanism to further strengthen trust and compliance.

E

Ethical Trading Initiative

ethicaltrade.org

48

The Ethical Trading Initiative (ETI) is a well-established non-profit alliance comprising trade unions, NGOs, and businesses focused on promoting ethical trade and human rights in global supply chains. The website positions ETI as a leading organization in this space, offering membership, training, transparency frameworks, and resources to support responsible business practices. The presence of major retail and NGO members underscores its market position and credibility. Technically, the website is built on Drupal 10, leveraging modern web technologies including Google Analytics with IP anonymization, CookiesJSR for cookie consent management, and Vimeo for video content. The site demonstrates good mobile optimization, accessibility, and SEO practices, though some security headers are missing which could be improved. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not present, representing areas for enhancement. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is professional, trustworthy, and safe for general audiences. The lack of WHOIS data due to privacy protection is justified given the non-profit nature of the organization. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and providing direct security contact information to strengthen trust and compliance.

A

Asian Development Bank

development.asia

66

Development Asia is a knowledge collaboration platform operated by the Asian Development Bank, focusing on sharing development expertise, best practices, and technology relevant to Sustainable Development Goals in Asia. The platform targets professionals, government officials, civil society organizations, researchers, and students interested in economic and social development. It offers a wide range of content including case studies, policy briefs, technical notes, and interactive communities, positioning itself as a key regional knowledge resource. Technically, the website is built on Drupal 10 CMS with modern frameworks like Bootstrap 5 and Font Awesome 6, hosted on Microsoft Azure DNS infrastructure. It integrates analytics and marketing tools such as Google Analytics and Mailchimp for user engagement and tracking. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. From a security perspective, the site uses HTTPS with domain status protections but lacks DNSSEC and explicit security headers. No public security or incident response policies are found, and no vulnerability disclosure mechanisms are published. Privacy compliance is partial, with a privacy policy and terms of use present but no cookie consent mechanism detected. Overall, the site is professional, trustworthy, and well-positioned in its niche, with recommendations to enhance DNS security, implement security headers, and improve privacy compliance to strengthen its security posture and user trust.

A

adelphi

adelphi.de

63

adelphi is a leading independent European think tank and consultancy specializing in climate, environment, and development. The organization offers research, policy advice, and project management services, positioning itself as a key player in sustainability and socio-ecological transformation. The website reflects a professional and well-structured digital presence, leveraging Drupal 10 CMS and privacy-conscious analytics tools like Matomo and Klaro. Contact information is clearly provided, enhancing business credibility. However, explicit privacy policies, terms of service, and security policies are not found in the provided content, representing areas for improvement. The security posture is solid with HTTPS and consent management but could benefit from enhanced security headers and incident response disclosures. Overall, the website is trustworthy, well-branded, and serves its target audience effectively.

N

Nationale Klimaschutzinitiative des Bundesministeriums für Wirtschaft und Klimaschutz

klimaschutz.de

68

The website www.klimaschutz.de represents the Nationale Klimaschutzinitiative, an official climate protection initiative under the German Federal Ministry for Economic Affairs and Climate Action. It serves as a platform to promote climate protection projects, provide information, and foster a community for citizens, companies, and municipalities engaged in climate action. The site is well-branded, professional, and targets a broad German audience interested in sustainability and energy efficiency. Technically, the site is built on Drupal 10, leveraging modern web technologies including Matomo for analytics and Cookiebot for GDPR-compliant cookie management. The site is mobile-optimized, accessible, and performs moderately well. Security best practices such as HTTPS and consent management are implemented, though some security headers could be improved. From a security perspective, the site shows a good posture with no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security or incident response policies and minimal WHOIS registrant information slightly reduce trust. The domain uses managed IP name servers, which is common but lacks registrant transparency. Overall, the website is a trustworthy, professional government initiative with strong privacy compliance and a solid technical foundation. Strategic improvements in security headers, incident response transparency, and WHOIS data disclosure would further enhance its security and credibility.

N

NGOsource

ngosource.org

59

NGOsource is a well-established non-profit service project operated by TechSoup Global and the Council on Foundations, specializing in streamlining equivalency determination for international grantmaking. The website presents a professional, content-rich platform targeting foundations, donor advised funds, and NGOs, offering legal and administrative support to facilitate cross-border philanthropy. The site demonstrates a strong market position with a decade of operational history and trusted partnerships. Technically, the website is built on Drupal 10 with modern front-end frameworks such as Bootstrap and FontAwesome, ensuring good mobile responsiveness and accessibility. Integration with Google Analytics and Tag Manager indicates a moderate level of user tracking and marketing insight. Performance is moderate with no critical technical issues detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, the absence of visible security headers and cookie consent mechanisms suggests room for improvement in compliance and security best practices. The lack of direct contact information and incident response policies limits transparency but is consistent with the organization's operational model. Overall, NGOsource presents a trustworthy and professional online presence with a solid business model and technical foundation. Strategic enhancements in privacy compliance and security policy publication would further strengthen its posture and user trust.

8

89up

89up.org

70

89up is a specialized integrated communications agency founded in 2014, focused on serving non-profit organizations and global causes. The website presents a professional and consistent brand image targeting non-profits worldwide. The business model centers on providing communications services tailored to important social causes, positioning itself as a global agency in this niche. The site content is relevant and well-structured, with clear navigation and good mobile optimization.

A

Africa Investment Forum

africainvestmentforum.com

62

The Africa Investment Forum is a premier investment marketplace focused on mobilizing private capital to unlock Africa's development potential. Championed by the African Development Bank and supported by key African financial institutions, it facilitates project advancement, capital raising, and deal closure through its flagship Market Days event and other initiatives. The platform targets investors, development finance institutions, and government leaders interested in African infrastructure and development projects. Technically, the website is built on Drupal 10 with modern libraries and frameworks, offering a responsive and accessible user experience. Security posture is strong with HTTPS and secure forms, though some security headers and policies could be improved. The absence of WHOIS data is a concern but the website's professional content and partner ecosystem support its legitimacy. Overall, the site is well-positioned as a trusted platform for African investment facilitation.

P

Partnering for Green Growth

p4gpartnerships.org

60

Partnering for Green Growth (P4G) is a non-profit multistakeholder initiative focused on accelerating climate transitions in low- and middle-income countries, primarily in the energy sector. The organization supports early-stage businesses and partnerships through grants and technical assistance to become investment ready, contributing to sustainable development goals. The website is professionally designed using Drupal 10, with a moderate level of technical sophistication including modern analytics and tracking tools. The security posture is generally good with HTTPS enabled and domain lock status, but lacks DNSSEC and security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website presents a credible and trustworthy image aligned with its mission, but could improve transparency and security practices.

B

Banque de France

banque-france.fr

66

Banque de France is the national central bank of France, serving citizens, businesses, and public institutions with a broad range of financial and economic services. The website reflects its role in monetary policy, financial stability, payment systems, and economic education. It is positioned as a reputable government entity with a strong market presence in the finance sector. The technical infrastructure is modern, leveraging Drupal 10 CMS and contemporary analytics tools, with good mobile optimization and accessibility. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and incident response contacts could be improved. Overall, the site is professional, trustworthy, and compliant with privacy norms, supporting its authoritative role.

M

MediaMarktSaturn

mediamarktsaturn.com

55

MediaMarktSaturn is a leading European consumer electronics retailer operating a professional and well-structured website built on Drupal 10. The company emphasizes sustainability, social responsibility, and customer experience through innovative retail concepts such as Space-as-a-Service. The website demonstrates a mature digital infrastructure with modern technologies and good mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security best practices like DNSSEC and security policy disclosures could be improved. Privacy compliance is well addressed with GDPR-aligned policies and consent management. Overall, the site reflects a trustworthy and credible business with strong branding and market position.

F

Fryslân Veilig

fryslanveilig.nl

71

Fryslân Veilig is a regional government safety information platform focused on providing residents of Friesland, Netherlands, with timely updates on incidents, risks, and safety advice. The website serves as a trusted source for public safety information, featuring recent incident notifications, news, and guidance on emergency preparedness. The platform leverages modern web technologies including Drupal 10, Cookiebot for cookie consent management, and Monsido for accessibility and analytics. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS and DNSSEC enabled, though additional HTTP security headers could enhance protection. Privacy compliance is strong, with a comprehensive cookie policy and consent mechanism in place. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the website is professional, trustworthy, and aligns well with its public service mission.

D

Digitaliseringsdirektoratet

uustatus.no

64

The website uustatus.no is a Norwegian government digital service platform managed by Digitaliseringsdirektoratet. It provides a login portal for accessibility declarations and supplier evaluations, primarily targeting public sector entities and private ICT solution providers used in the public sector. The platform integrates with ID-porten, a trusted Norwegian authentication service, ensuring secure user access. The site is built on Drupal 10, leveraging modern web technologies and providing a professional and accessible user experience. Privacy and cookie policies are present, though no explicit cookie consent mechanism is implemented. Security policies and incident response information are not publicly available, indicating room for improvement in transparency and compliance. Overall, the site demonstrates a solid business credibility and technical foundation appropriate for a government service.

N

Nordea Funds Oy

nordeafunds.com

71

Nordea Funds Oy operates as a Nordic investment fund company focused on creating added value for investors through reliable, transparent, and responsible investment practices. The company leverages the extensive investment expertise of the Nordea Group, positioning itself strongly in the Nordic financial market. The website is professionally designed using Drupal 10, featuring comprehensive content about funds, responsible investing, and market insights, primarily targeting Finnish-speaking investors and savers. Technically, the site employs modern analytics and tag management tools such as Adobe Analytics and Tealium, with good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers are not evident. WHOIS data is unavailable, likely due to privacy protection, but the website's branding and content align with a reputable financial institution. Overall, the site presents a trustworthy and professional digital presence for Nordea Funds Oy.

W

World Resources Institute

wri.org

69

World Resources Institute (WRI) is a globally recognized non-profit research organization dedicated to advancing environmental sustainability, climate action, and equitable development. The organization leverages data, research, and global partnerships to influence policy and catalyze systemic change across sectors such as climate, energy, forests, freshwater, oceans, cities, and finance. WRI maintains a strong international presence with offices and initiatives worldwide, positioning itself as a leader in environmental research and advocacy. Technically, WRI's website is built on Drupal 10, utilizing modern JavaScript libraries and multiple analytics platforms including Google Analytics, Microsoft Clarity, Matomo, and privacy-focused tools like Osano CMP. The site demonstrates good performance, mobile optimization, and accessibility features, reflecting a mature digital infrastructure. Privacy compliance is robust, with clear cookie consent mechanisms and a comprehensive privacy policy. From a security perspective, the site enforces HTTPS and employs reputable third-party services for analytics and consent management. While explicit security headers were not fully confirmed in the provided data, no vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected, which is typical and justified for a large non-profit entity. Overall, the security posture is strong with room for minor improvements such as explicit security header implementation and vulnerability disclosure mechanisms. The overall risk assessment is low, with the website exhibiting high professionalism, trustworthiness, and compliance with privacy regulations. Strategic recommendations include enhancing security header deployment, establishing a security.txt file for vulnerability reporting, and continuous monitoring of third-party scripts to maintain security integrity.

B

Banque de France

ngfs.net

71

The Network for Greening the Financial System (NGFS) is a collaborative network of central banks and supervisors focused on integrating environmental and climate risk management into the financial sector. Launched in 2017 and hosted under the Banque de France Eurosystème brand, the NGFS provides research, scenario analysis, capacity building, and data services to support sustainable finance transitions globally. The website is professionally designed using Drupal 10, with strong branding consistency and comprehensive content targeting financial regulators, policymakers, and researchers. Technical infrastructure includes modern analytics and privacy-compliant cookie management. Security posture is solid with HTTPS and security headers, though explicit security policies and incident response contacts are not published. WHOIS data is unavailable, which is a concern but offset by the site's official affiliation and content quality. Overall, the NGFS website demonstrates a mature digital presence aligned with its mission and audience.

I

Inter-American Development Bank

iadb.org

76

The Inter-American Development Bank (IDB) operates as a leading regional development bank focused on improving lives in Latin America and the Caribbean through financial and technical support. The website reflects a mature, enterprise-level organization with a clear mission to reduce poverty and inequality, enhance infrastructure, and support education and health. The digital infrastructure is built on Drupal 10, leveraging modern analytics and consent management tools, indicating a well-maintained and technically sound platform. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the website demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, supporting the organization's credibility and market position.

A

Asian Development Bank

adb.org

78

The Asian Development Bank (ADB) is a leading multilateral development bank focused on fostering sustainable, inclusive, and resilient growth across Asia and the Pacific. Founded in 1966, it serves 69 members and provides loans, grants, technical assistance, and equity investments to promote social and economic development. The website reflects a mature, enterprise-level organization with a clear mission and extensive service offerings targeting governments, investors, and development partners. Technically, the website is built on Drupal 10 with modern frameworks like Bootstrap and integrates advanced analytics and tracking tools such as Google Tag Manager, Facebook Pixel, and Microsoft Clarity. The site is mobile-optimized, accessible, and SEO-friendly, demonstrating a high level of digital maturity. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, though explicit security headers could be more visible. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is unavailable, likely due to privacy protection, which is justified for an international organization of this nature. Overall, the website is professional, trustworthy, and compliant with privacy regulations, making it a reliable source of information and services related to development banking in the Asia-Pacific region.

I

International Institute for Sustainable Development

iisd.org

65

The International Institute for Sustainable Development (IISD) operates as an independent, award-winning think tank dedicated to advancing sustainable development globally. The organization focuses on research, policy analysis, and advocacy to promote environmental and social well-being. The website reflects a professional and consistent brand image, targeting policymakers, researchers, and stakeholders in sustainability. Technically, the site is built on Drupal 10, leveraging modern analytics and tracking tools such as Microsoft Clarity, Google Tag Manager, and Hotjar, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced, though the absence of visible security headers suggests room for improvement. The lack of WHOIS transparency is typical for non-profit entities and does not detract significantly from trustworthiness. Overall, the site presents a credible and authoritative presence in its sector.

C

Commonwealth Secretariat

thecommonwealth.org

72

The Commonwealth Secretariat operates as a large, well-established intergovernmental organization focused on promoting democracy, peace, prosperity, and sustainable development among its member countries. The website reflects a professional and authoritative presence with comprehensive content covering its mission, programs, and events. The organization targets governments, civil society, youth, and the general public interested in Commonwealth affairs. Technically, the site is built on Drupal 10 with modern integrations such as Algolia Search and Google Tag Manager, hosted with reputable providers and secured with HTTPS. Security posture is strong with no critical vulnerabilities detected, though improvements such as enabling DNSSEC and publishing a security policy could enhance trust further. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. Overall, the site demonstrates high professionalism, trustworthiness, and digital maturity.

C

Coalition of Finance Ministers for Climate Action

financeministersforclimate.org

59

The Coalition of Finance Ministers for Climate Action is a globally recognized non-profit coalition that unites finance ministries from over 90 countries to lead climate policy and economic transition aligned with the Paris Agreement. The website serves as a platform for sharing expertise, promoting carbon pricing, mobilizing climate finance, and engaging in national climate commitments. Technically, the site is built on Drupal 10 with modern libraries and integrates analytics and tracking tools responsibly. Security posture is solid with HTTPS and some security headers, though improvements are recommended. The absence of WHOIS data due to privacy protection is typical for such organizations and does not detract from legitimacy. Overall, the site is professional, content-rich, and trustworthy, targeting government officials and climate finance stakeholders.

E

Euronext Securities Oslo

vps.no

72

Euronext Securities Oslo operates as a central securities depository (CSD) within the Euronext group, providing critical post-trade services including custody, settlement, issuance, and data services to the Norwegian financial market. The website reflects a mature and professional financial institution with a strong market position in the Nordic region. It targets financial institutions, issuers, and investors, offering a comprehensive suite of services aligned with regulatory requirements and market needs. Technically, the site is built on Drupal 10 with modern front-end libraries and is optimized for mobile devices, ensuring a good user experience and accessibility. Security posture is strong with HTTPS enforcement, secure forms, and privacy compliance, although explicit security policies and incident response contacts are not prominently published. Overall, the domain's legitimacy is supported by the professional presentation and affiliation with the Euronext group, despite the absence of WHOIS registration details due to registry restrictions. Strategic recommendations include enhancing transparency around security policies and incident response, improving accessibility features, and publishing a security.txt file to facilitate vulnerability reporting.

V

Van Tilburg-Bastianen

tb.nl

67

Van Tilburg-Bastianen is a well-established family-owned truck company founded in 1934, specializing as a leading DAF truck dealer with a strong presence in the Netherlands, Germany, and Poland. The company offers a comprehensive range of services including truck sales, service, parts, leasing, and rental, positioning itself as a top-5 DAF dealer in Europe. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the site is built on Drupal 10 and integrates modern analytics and marketing tools, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and policies could be improved. Privacy compliance is strong with clear policies and GDPR adherence. Overall, the domain registration and WHOIS data align well with the company's claims, indicating high legitimacy and trustworthiness.

B

Bundesverband der Deutschen Spirituosen-Industrie und -Importeure e. V. (BSI)

massvoll-geniessen.de

62

The website massvoll-geniessen.de is an educational and consumer information platform operated by the Bundesverband der Deutschen Spirituosen-Industrie und -Importeure e. V. (BSI), a German spirits industry association. It aims to promote responsible and moderate consumption of alcoholic beverages by providing comprehensive information on health, enjoyment, societal responsibility, nutrition, and leisure related to alcohol. The site targets German-speaking consumers and serves as a trusted resource backed by industry members and a code of conduct. Technically, the site is built on Drupal 10 with responsive design and accessibility features, delivering a good user experience. Security posture is moderate with HTTPS implied and cookie consent implemented, but lacks explicit privacy policies, terms of service, and security headers. No direct contact or incident response information is found in the provided content. WHOIS data indicates a legitimate domain with consistent registration and no privacy protection. Overall, the site is professional, trustworthy, and focused on consumer education about alcohol.

L

Losch Group

losch.lu

68

Losch Group is a well-established Luxembourg-based diversified business group operating primarily in automotive retail and import, real estate, energy, and financial services. The website reflects a professional and consistent brand presence with clear sector segmentation and a focus on customer and employee needs. Technically, the site is built on Drupal 10, leveraging modern JavaScript libraries and integrating marketing and analytics tools such as Google Tag Manager and Hotjar. The presence of a GDPR-compliant cookie consent mechanism via OneTrust indicates awareness of privacy regulations, although explicit privacy and terms of service policies are not found in the provided content. Security posture is moderate with HTTPS implied and no exposed sensitive data, but there is room for improvement in publishing security policies and incident response contacts. Overall, the website is accessible, well-structured, and trustworthy, supporting the company's market position in Luxembourg.

G

GVL

gvl.de

63

GVL is a prominent German collective rights management organization specializing in the protection and licensing of performance rights for artists and producers. The website reflects a professional and consistent brand presence, targeting a large audience of rights holders in the media sector. Technically, the site is built on Drupal 10, integrates Usercentrics for consent management, and uses Google Analytics for traffic analysis, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though some security headers and explicit policies could enhance trust further. Overall, the site is reliable and trustworthy with room for improvement in privacy disclosures and contact transparency.

I

Innovid

flashtalking.com

59

Innovid, operating the flashtalking.com domain, is a mature enterprise-level advertising technology company specializing in AI-powered creative personalization and media solutions. The company is positioned as a global ad tech leader with a comprehensive platform that connects creative and media teams to optimize advertising outcomes. The website is professionally designed, mobile-optimized, and built on Drupal 10, integrating modern marketing and analytics tools such as Marketo and Google Tag Manager. Security posture is strong with HTTPS enforced and domain protections in place, though DNSSEC is not enabled and explicit security policies are not published. Privacy compliance is well addressed with clear privacy and cookie policies including consent mechanisms. The WHOIS data confirms domain legitimacy with a long registration history and consistent domain status. Overall, the site reflects a high level of digital maturity and business credibility.

Paramount is a globally recognized leader in the media and entertainment industry, producing premium content that reaches billions worldwide. Their business model centers on content production, distribution, and direct-to-consumer streaming services such as Paramount+. The website reflects a mature digital presence with a modern CMS, responsive design, and integrated consent management, indicating a high level of digital maturity. Security posture is strong with HTTPS enforcement, use of reCAPTCHA, and consent tools, though explicit security headers could be more visible. The absence of WHOIS data is a notable gap but does not detract significantly from the overall legitimacy given the brand's prominence. Strategic recommendations include enhancing transparency around security policies and incident response contacts to further build trust.

Paramount is a leading global entertainment company specializing in premium content production and streaming services. The website focuses on their streaming business, showcasing their market position and key services in delivering entertainment content worldwide. The site is professionally designed, mobile-optimized, and uses modern technologies such as Drupal 10 and Google reCAPTCHA to enhance user experience and security. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response information are not publicly available. The absence of WHOIS data limits domain trust analysis, but the overall digital maturity and branding consistency indicate a legitimate and well-managed online presence. Strategic recommendations include publishing detailed security policies and providing direct security contact channels to improve transparency and trust.

Paramount is a leading global media and entertainment company specializing in premium content production and distribution, reaching billions worldwide. The website reflects a mature digital presence with a professional design, clear navigation, and integration of modern technologies such as Drupal CMS, Google reCAPTCHA, and consent management tools. Security posture is strong with HTTPS enforcement and bot protection, though some security best practices like explicit security policies and security headers could be improved. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the corporate branding and content quality. Strategic recommendations include enhancing security transparency and publishing vulnerability disclosure information.