Security Directory

G

Goldsmiths College

goldsmithscca.art

46

Goldsmiths Centre for Contemporary Art (Goldsmiths CCA) is an educational and cultural institution affiliated with Goldsmiths College in London, UK. The organization focuses on contemporary art exhibitions, events, residencies, and engagement programs targeting artists, students, and the general public interested in art. The website reflects a well-established institution with a clear mission to foster creativity and debate in the arts sector. The domain registration aligns with the institution's identity and geographic location, supporting its legitimacy. Technically, the website is built on WordPress with a custom theme and integrates modern technologies such as Google Analytics, Google Tag Manager, and Shopify Buy Button SDK for e-commerce capabilities. The site demonstrates good mobile optimization, SEO practices, and moderate performance. However, some accessibility features are basic, and there is room for improvement in security headers and DNS security. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks DNSSEC and explicit security headers. There are no visible incident response or security policies published, which could be improved to enhance trust and compliance. Privacy compliance is basic, with a privacy policy and cookie consent mechanism present but no explicit GDPR compliance statements. Analytics usage is moderate, with user tracking via multiple services. Overall, the website is professional, trustworthy, and serves its educational and cultural mission effectively. Strategic recommendations include enhancing DNS security, implementing security headers, publishing security policies, and improving privacy compliance to strengthen the security posture and user trust.

S

Stage de rugby Stade Rochelais

stages-staderochelais.com

58

The website 'Stages Stade Rochelais' offers rugby training camps associated with the Stade Rochelais rugby club, targeting rugby players and enthusiasts primarily in France. The business operates a niche sports training service with a focus on rugby camps. The website is built on the Wix platform, utilizing modern web technologies including Google Analytics and Tag Manager for tracking. The site is professionally designed, mobile-optimized, and provides structured business information including a physical address. However, the absence of WHOIS data for the domain raises concerns about domain registration legitimacy. Security posture is adequate with HTTPS enforced but lacks explicit security headers and privacy compliance mechanisms such as a privacy policy or cookie consent banner. Overall, the site presents a moderate risk profile with recommendations to improve privacy compliance and domain registration transparency.

P

Paul Mellon Centre for Studies in British Art and Yale Center for British Art

britishartstudies.ac.uk

59

British Art Studies is a specialized academic digital publication focusing on peer-reviewed scholarship in British art, with a current thematic issue on Queer Art in Britain since the 1980s. The website is affiliated with reputable institutions such as the Paul Mellon Centre for Studies in British Art and the Yale Center for British Art, positioning it as a trusted source in its niche academic field. The content is rich, well-structured, and targeted towards academics, researchers, and students interested in British and queer art history. Technically, the site uses a modern JavaScript framework (Quire) and is hosted on Netlify, with Google Tag Manager implemented for analytics. The site demonstrates good mobile optimization and accessibility, though SEO could be improved. Security posture is moderate with HTTPS implied but lacks explicit security headers and formal privacy or cookie policies. No forms or contact information for incident response are present, which limits user engagement and security transparency. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

CosmoCaixa Barcelona is a science museum operated by Fundación “la Caixa”, a well-established non-profit foundation in Spain. The website serves as an educational platform offering exhibitions, conferences, and divulgative activities aimed at the general public interested in science. The site is professionally designed, localized in Spanish, and uses a modern CMS platform (Liferay) with integrated analytics and cookie consent mechanisms. The domain is long-standing and registered transparently, reflecting a mature and credible organization. Security posture is good with HTTPS enabled and cookie consent implemented, though some security headers and explicit policies are missing. Overall, the website is trustworthy and serves its educational mission effectively.

Z

Zahnärztliche Mitteilungen

zm-online.de

69

zm-online.de is a German-language news portal specializing in dental medicine and healthcare news. It serves dental professionals and stakeholders with up-to-date articles, continuing education, job listings, and market information. The site is powered by TYPO3 CMS and integrates modern web technologies including Google Analytics and Traffective advertising. The website demonstrates a good level of technical maturity with mobile optimization, SEO best practices, and privacy consent mechanisms in place. Security posture is solid with HTTPS enforced and use of reCAPTCHA, though explicit security headers and policies could be improved. Overall, the site is professional, trustworthy, and well-positioned in its niche market.

K

Kassenzahnärztliche Bundesvereinigung (KZBV)

zaehnezeigen.info

56

The website www.zaehnezeigen.info is a professional campaign platform operated by the Kassenzahnärztliche Bundesvereinigung (KZBV) and associated regional dental associations in Germany. It focuses on advocating for improved dental healthcare policies, emphasizing prevention, reduced bureaucracy, better digital infrastructure, and reliable financing for dental practices. The site targets patients, dental professionals, and policymakers, aiming to raise awareness and support for sustainable dental care. Technically, the site is built on TYPO3 CMS with modern web technologies and includes cookie consent management and Google Tag Manager for analytics. Security posture is moderate with HTTPS usage and cookie consent but lacks visible advanced security headers or explicit incident response contacts. WHOIS data is unavailable due to privacy protections, but the site’s branding and external references strongly support its legitimacy. Overall, the site is well-designed, content-rich, and trustworthy, serving as an important advocacy tool in the German dental healthcare sector.

A

AGROLA AG

agrola.ch

53

AGROLA AG is a Swiss energy and mobility company providing a broad range of products and services including heating oil, wood pellets, electricity, electromobility charging solutions, and solar energy systems. The company targets both residential and commercial customers within Switzerland, positioning itself as a reliable regional partner in energy and mobility sectors. The website reflects a mature digital presence with clear navigation, professional design, and multilingual support (German and French). Technically, the site employs modern web technologies such as Bootstrap, Google Tag Manager, Google Analytics, and Facebook Pixel, indicating a moderate to advanced digital infrastructure. Security posture is generally good with HTTPS enforced and secure form handling, though the absence of explicit security headers and incident response information suggests room for improvement. Privacy compliance is partially met with a comprehensive privacy policy available, but lacks a visible cookie consent mechanism. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

F

fenaco Genossenschaft

fenaco.ch

53

fenaco Genossenschaft is a large Swiss agricultural cooperative with a 150-year history, serving over 40,000 members including active Swiss farmers. The organization operates across multiple sectors including agriculture, food industry, retail, and energy, with well-known subsidiary brands such as UFA, RAMSEIER, Volg, LANDI, and AGROLA. The website reflects a mature digital presence built on Drupal 11, featuring comprehensive content, multimedia, and multilingual support. It demonstrates good technical infrastructure with modern tracking and marketing tools integrated, including Facebook Pixel and Google Tag Manager. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers and incident response contacts are not clearly published. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional and consistent branding and content. Overall, fenaco's website is a trustworthy and well-maintained digital asset supporting its cooperative business model and stakeholder engagement.

V

Volvo Car Switzerland

volvocars-news.ch

51

Volvo Cars News Switzerland operates as an official or semi-official digital platform providing news, model information, and event updates related to Volvo Cars in Switzerland. The website targets automotive enthusiasts and customers interested in Volvo's innovations and sustainable mobility solutions. The business is positioned as a trusted source within the transportation sector, leveraging Volvo's brand and parent company association. Technically, the site is built on WordPress with a modern plugin ecosystem including Yoast SEO and Elementor Pro, ensuring good SEO and content management capabilities. The site is mobile optimized and uses HTTPS with a good SSL configuration, though some security headers are not explicitly detected. The security posture is solid but could be improved by adding explicit security policies and cookie consent mechanisms. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site is professional and trustworthy but should enhance privacy and security transparency to meet higher compliance standards.

F

fit4future foundation Germany

fit4future-foundation.de

49

fit4future foundation Germany is a Munich-based non-profit organization dedicated to promoting health and environmental sustainability among children and youth. Their focus lies in educating about the intersection of climate change and health, supporting school projects, and running tree planting donation campaigns. The foundation targets schools, educators, and environmentally conscious individuals in Germany, positioning itself as a niche player in the non-profit sector focused on future generations' well-being. Technically, the website employs modern web technologies including Vue.js for frontend rendering, Google Tag Manager for analytics, and Usercentrics for GDPR-compliant cookie consent management. The site is mobile-optimized with good navigation and content quality, though no explicit CMS or hosting provider details are evident. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site uses HTTPS and implements cookie consent but lacks visible security headers and published security policies or incident response information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is supported by a privacy policy and cookie banner, but terms of service and vulnerability disclosure mechanisms are absent. Overall, the website is trustworthy and professional with a strong focus on its mission. Recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and improving accessibility compliance to strengthen the security posture and user trust.

S

Stiftung Deutsche Sporthilfe

sporthilfe.de

54

Stiftung Deutsche Sporthilfe is a well-established non-profit organization dedicated to supporting young and elite athletes in Germany. With a history dating back to 1967, it plays a pivotal role in private sports funding, contributing significantly to Germany's international sports successes. The website reflects a professional and comprehensive presentation of their services, partnerships, and events, targeting donors, sponsors, and sports enthusiasts. Technically, the site is built on TYPO3 CMS with modern integrations such as Google Tag Manager, reCAPTCHA, and consent management, ensuring a good digital maturity level. Security posture is strong with HTTPS, secure forms, and privacy compliance, though explicit security policies and vulnerability disclosures are absent. Overall, the site is trustworthy, well-branded, and provides a positive user experience with clear navigation and rich content.

I

Imbach Logistik AG

imbach-logistik.ch

71

Imbach Logistik AG is a Swiss-based logistics and transport company specializing in cargo, bottle, and event logistics. The company operates with approximately 340 employees and a fleet of 70 trucks, emphasizing innovative and sustainable transport solutions. It is part of the Galliker Group, which enhances its market position and operational capabilities. The website reflects a professional and modern digital presence, with clear service offerings and strong branding consistency. Technical infrastructure includes modern web technologies such as Google Tag Manager, Google Analytics, and a cookie consent framework, supporting compliance and user experience. Security posture is good with HTTPS enforced and privacy mechanisms in place, though some security headers and explicit security policies are missing. Overall, the domain registration and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.

X

XLENT Sverige

xlent.se

64

XLENT Sverige is a Swedish IT consulting company specializing in digital transformation, AI readiness, cybersecurity, CRM systems, and sustainability reporting. The company positions itself as a trusted partner for organizations undergoing change, offering a broad range of consulting services with local expertise across multiple Swedish offices. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content about their offerings and corporate culture. Technically, the site uses modern web technologies including Google Tag Manager and CookieTractor for cookie consent management, and it employs HTTPS with good SSL configuration. Security best practices are partially implemented, with room for improvement in security headers and incident response transparency. Privacy compliance is strong, with detailed cookie policies and GDPR-aligned consent mechanisms. Overall, the website reflects a credible and established business with a strong digital presence and good user experience.

E

Ege Carpets

egecarpets.com

10

Ege Carpets is a Denmark-based company specializing in designing and manufacturing high-quality carpets for commercial use, including wall-to-wall carpets, carpet tiles, planks, and rugs. The company emphasizes sustainability and innovative design, targeting commercial sectors such as hospitality, office, retail, healthcare, and marine industries. Their website showcases rich multimedia content, custom design tools, and a strong sustainability agenda, positioning them as a reputable player in the commercial carpet market. Technically, the website employs modern JavaScript libraries, video integrations, and cookie consent management, reflecting a mature digital infrastructure. Security posture is generally good with HTTPS and cookie consent but lacks some advanced security headers and published security policies. WHOIS data is unavailable, which raises some legitimacy concerns, but the presence of detailed contact information and social media presence supports business credibility. Overall, the website is professional, user-friendly, and trustworthy, with room for improvement in security transparency and domain registration clarity.

D

Designers’ Saturday

designerssaturday.no

63

Designers’ Saturday is a Norwegian event organization specializing in showcasing design news in furniture, textiles, lighting, flooring, interior, and furnishing products. Positioned as Norway's only dedicated design exhibition platform, it targets design professionals, exhibitors, and enthusiasts primarily in Oslo and the surrounding region. The website reflects a professional and modern digital presence, leveraging advanced web technologies such as htmx, Google Tag Manager, and AWS S3 for media hosting, and is built on Craft CMS. The site is well-optimized for mobile and SEO, with clear navigation and rich multimedia content. From a security perspective, the website employs HTTPS with strong SSL configuration and includes security best practices such as CSRF tokens in forms. However, it lacks explicit cookie consent mechanisms and published security or incident response policies, which are areas for improvement. The absence of WHOIS data due to privacy protection is common for event organizations but reduces transparency. Overall, the site demonstrates a high level of professionalism and trustworthiness with moderate privacy compliance. Strategically, the organization should focus on enhancing privacy compliance by implementing cookie consent banners, publishing terms of service, and providing clear security incident contact channels. These steps will strengthen user trust and regulatory adherence. The technical infrastructure is robust, but ongoing audits of third-party scripts and security policies are recommended to maintain a strong security posture.

A

AXOR

axor-design.com

72

AXOR is a premium luxury brand specializing in avant-garde design for bathrooms and kitchens, collaborating with leading designers to offer high-end mixers, showers, and fixtures. The website targets discerning consumers and design professionals seeking luxury bathroom and kitchen products. The business operates primarily in the retail sector with a B2C and partner network model, positioning itself strongly in the luxury market segment. The website content is professionally presented, multilingual, and consistent with the brand's premium image. Technically, the website leverages a modern technology stack including SAP Hybris as the CMS, advanced analytics platforms such as Google Analytics, Piwik PRO, New Relic, and Visual Website Optimizer, and integrates a comprehensive GDPR-compliant consent management system. The site is well-optimized for performance and mobile devices, with good SEO and accessibility basics in place. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not visible in the HTML, the use of CSRF tokens and asynchronous loading of scripts indicates adherence to security best practices. No vulnerabilities or suspicious content were detected. However, the absence of visible privacy policy, terms of service, and contact information pages in the provided content suggests areas for improvement. Overall, AXOR's website demonstrates a mature digital presence with strong business credibility and compliance posture. Strategic recommendations include publishing explicit privacy and terms pages, enhancing security headers, and providing clear contact and incident response information to further strengthen trust and compliance.

I

Input interior

inputinterior.no

59

Input interior is a leading independent interior furnishing group in the Nordic region, specializing in tailored solutions for offices, hospitality, education, and healthcare sectors. The company operates multiple showrooms and maintains a strong digital presence with comprehensive content and social media engagement. Their website is professionally designed, mobile-optimized, and SEO-friendly, reflecting a mature digital infrastructure. Security posture is solid with HTTPS, cookie consent management, and reCAPTCHA integration, though some security headers could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, Input interior presents a trustworthy and credible business front with strong market positioning in the Nordic interior furnishing industry.

S

sigdal

sigdal.com

73

Sigdal is a well-established Norwegian company specializing in high-quality kitchen, bathroom, and wardrobe solutions. With over 70 years of history, it operates primarily in the retail sector, offering both products and design services. The website reflects a mature digital presence with comprehensive content, professional design, and multiple customer engagement channels including free design meetings and installation services. The company maintains consistent branding and leverages modern web technologies to deliver a responsive and user-friendly experience. Technically, the site uses a modern JavaScript framework (Vue.js), integrates telemetry and analytics via Microsoft Application Insights and Google Tag Manager, and employs cookie consent management to comply with privacy regulations. Security posture is generally strong with HTTPS enforced and no visible vulnerabilities, though the absence of explicit security policies and incident response contacts is noted. The WHOIS data for the domain is missing or unavailable, which is unusual for a commercial entity and slightly impacts trustworthiness. Overall, Sigdal presents a professional and trustworthy online presence with room for improvement in transparency of security policies.

N

Norfax AS

norfax.no

53

Norfax AS is a well-established Norwegian manufacturer specializing in the production and delivery of outdoor shelters (leskur) and furniture for both public and private sectors. With a founding date of 1946 and product delivery since 1984, Norfax positions itself as a quality-focused provider offering customized solutions tailored to client projects. The company maintains a strong digital presence with comprehensive contact information, social media engagement, and clear privacy and cookie policies, reflecting a mature business approach. Technically, the website employs modern JavaScript frameworks, analytics tools, and security best practices, ensuring a reliable and user-friendly experience. Security posture is robust with HTTPS enforcement and security headers, though there is room for improvement in publishing explicit security policies and incident response contacts. Overall, Norfax demonstrates a high level of professionalism, trustworthiness, and compliance, making it a credible and secure business entity online.

Duravit.no is the Norwegian localized website of Duravit, a well-established international brand specializing in bathroom furniture and porcelain products. The company has a long history dating back to 1817 and collaborates with renowned designers to offer high-quality, stylish, and functional bathroom solutions. The website provides rich content including product categories, design inspiration, and tools for customers to plan their bathrooms. Technically, the site uses modern JavaScript libraries, consent management tools, and performance monitoring, hosted likely on a CDN with good SSL configuration. Security posture is solid but could be improved with additional headers and explicit security policies. Privacy compliance is partially addressed with a cookie consent mechanism but lacks a clearly accessible privacy policy page in the provided content. No WHOIS data is publicly available due to Norwegian domain registry privacy policies, but the domain appears legitimate and consistent with the brand. Overall, the website is professional, trustworthy, and well-positioned in the retail bathroom products sector.

T

TreCe

trece.se

54

TreCe is a Swedish company specializing in office storage and recycling solutions designed to integrate seamlessly with office interiors. Their website presents a professional and well-structured digital presence built on WordPress with WooCommerce, leveraging modern plugins such as Yoast SEO and Cookiebot for SEO and privacy compliance. The site targets businesses and organizations seeking flexible and user-friendly storage and sorting solutions for office and public environments. Technically, the website is well-optimized for mobile devices and includes standard tracking and consent mechanisms, indicating a moderate level of digital maturity. Security-wise, the site enforces HTTPS and uses reCAPTCHA, but lacks some advanced security headers and explicit security policies, which could be improved. The absence of WHOIS data for the domain www.trece.se reduces trustworthiness from a domain registration perspective, though the website content and structure appear legitimate and professional. Overall, the site is safe for general audiences and provides a solid foundation for business operations, but would benefit from enhanced transparency in privacy and security documentation.

E

Essem Design

essem.se

61

Essem Design is a Swedish company specializing in the retail of hall furniture and interior accessories, focusing on design, sustainability, and functionality. Their website showcases a well-structured e-commerce platform with rich product offerings, design stories, and inspiration targeted at consumers interested in hall furnishings. The company maintains a consistent brand presence across multiple social media platforms and provides comprehensive privacy and cookie policies compliant with GDPR regulations. Technically, the website is built on the Umbraco CMS, uses modern JavaScript libraries such as Swiper.js, and integrates third-party services like Vimeo and Cookiebot for enhanced user experience and compliance. Security-wise, the site enforces HTTPS, employs strong security headers, and uses cookie consent mechanisms, although explicit security policies and incident response contacts are not published. The WHOIS data query for the subdomain 'www.essem.se' returned no results, which is expected as WHOIS data is typically registered for the root domain 'essem.se'. Overall, the website demonstrates a mature digital presence with good security posture and privacy compliance, suitable for its business model and audience.

L

LAUFEN

laufen.no

62

LAUFEN is a company specializing in high-quality Swiss bathroom products and design solutions, targeting consumers and professionals interested in premium bathroom furnishings. The website reflects a medium-sized retail business with a consistent and professional brand presence, offering a wide range of bathroom products including toilets, sinks, showers, and furniture. Technically, the site is built on the Liferay CMS platform, utilizing modern web technologies and standard analytics tools such as Google Analytics and Google Tag Manager. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the website enforces HTTPS and includes cookie consent mechanisms, but lacks explicit privacy policy and terms of service pages, as well as contact information for security incidents or data protection officers. The absence of WHOIS data limits the ability to fully verify domain legitimacy, though the site itself appears trustworthy and professional. Overall, the website scores well in content quality and security posture but should improve privacy compliance and business credibility transparency.

K

KEIM Commercial

keim.com

56

KEIM Commercial is a well-established manufacturer and distributor of mineral silicate paints and stains, serving commercial and residential markets with a focus on sustainable, long-lasting, and breathable coatings. The company has a strong market position in the niche of mineral coatings, supported by detailed product information, technical data, and a comprehensive sales team presence. The website is built on a modern WordPress platform with WooCommerce and Elementor, indicating a mature digital infrastructure. Security posture is good with HTTPS and clientTransferProhibited domain status, though improvements like DNSSEC and security.txt publication are recommended. Privacy compliance is lacking due to missing privacy and cookie policies. Overall, the site is professional, trustworthy, and well-structured, supporting KEIM's business credibility.

I

INR

inr.no

71

INR is a Scandinavian bathroom furnishing company offering customizable, high-quality products such as shower solutions, bathroom furniture, mirrors, storage, mixers, and towel warmers. The company targets consumers seeking stylish and functional bathroom designs with a focus on Scandinavian aesthetics. Their market position is that of an established brand with Swedish production and long-term warranties, emphasizing quality and design. Technically, the website uses modern web technologies including jQuery, Google Tag Manager, OneTrust for cookie consent, and Swiper.js for UI components. The site is mobile-optimized and SEO-friendly but lacks explicit privacy and security policies. Security posture is good with HTTPS and cookie consent but could be improved by adding security headers and incident response information. Overall, the website is professional, trustworthy, and safe for general audiences.

F

fenaco Genossenschaft

landi.swiss

53

LANDI is a Swiss cooperative network supporting farmers and rural populations through services in agriculture, retail, and energy sectors. The website reflects a mature digital presence using modern technologies such as Angular and Google APIs, with a professional design and clear branding. Privacy and cookie policies are well implemented, demonstrating compliance with GDPR standards. Security posture is good with HTTPS and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Overall, the domain registration aligns well with the business entity, indicating legitimacy and trustworthiness.

S

Steve Edge Design Ltd.

steve-edgeshop.com

46

Steve Edge Design Ltd. operates the Steve Edge Shop, an e-commerce platform specializing in artist-created merchandise such as posters, books, and badges. The business targets art enthusiasts and collectors, offering unique design products with personal significance. The website is built on WordPress with WooCommerce, leveraging modern web technologies and tracking tools like Google Analytics and Tag Manager. The site is mobile-optimized and provides clear navigation and professional design, supporting a positive user experience. However, the absence of WHOIS registration data raises concerns about domain legitimacy, despite the site's professional appearance and active social media presence. Security posture is moderate with HTTPS enabled but lacks important security headers and cookie consent mechanisms, indicating room for improvement in compliance and protection. Overall, the site presents a trustworthy retail front but should address domain registration transparency and enhance security and privacy compliance to strengthen its credibility and user trust.

D

DFL Stiftung

dfl-stiftung.de

71

DFL Stiftung is a well-established German non-profit foundation founded in 2008, focused on supporting children, youth, and young sports talents through social and sports-related projects. The foundation leverages a strong network and expertise from professional football to promote social participation, healthy development, and elite sports success. The website reflects a professional and consistent brand presence with comprehensive content in German and English, targeting a broad audience interested in youth development and sports. Technically, the site is built on WordPress with modern plugins and frameworks, hosted on AWS infrastructure, and employs SEO and analytics tools such as Yoast SEO, Google Tag Manager, and Matomo. Security posture is good with HTTPS enforced, though some security headers and explicit policies are missing. Privacy compliance is adequate with a comprehensive privacy and cookie policy but lacks a cookie consent mechanism. Overall, the site is trustworthy, well-maintained, and aligned with its mission.

E

Electronic Arts

ea.com

73

Electronic Arts (EA) is a leading global publisher of video games across console, PC, and mobile platforms. The company positions itself as an industry leader with a strong brand presence and a focus on inspiring the world through play. The website reflects a mature digital infrastructure with modern technologies such as Google Tag Manager, Google Optimize, and New Relic for analytics and performance monitoring. The site is well-optimized for mobile and accessibility, providing an excellent user experience with professional design and clear navigation. Security posture is moderate with HTTPS and cookie consent mechanisms implemented, though explicit security policies and incident response information are not evident in the provided content. WHOIS data is unavailable, likely due to privacy protections common for large enterprises, but the website's branding and structured data confirm legitimacy. Overall, EA's website demonstrates a strong business and technical foundation with room for improvement in transparency around security and privacy policies.

A

Avoxa - Mediengruppe Deutscher Apotheker GmbH

aponet.de

11

aponet.de is a comprehensive German health portal operated by Avoxa - Mediengruppe Deutscher Apotheker GmbH, serving as the official information platform for pharmacists and health consumers in Germany. The site offers a wide range of health news, pharmacy services, podcasts, and digital health tools, positioning itself as a trusted and authoritative source in the healthcare media sector. The business model centers on content provision supported by advertising and informational services tailored to the healthcare community and general public. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including JavaScript, CSS, and integrated consent management platforms such as Sourcepoint and ContentPass. Hosting is inferred to be with Deutsche Telekom, ensuring reliable infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the website enforces HTTPS, employs GDPR-compliant consent mechanisms, and integrates reputable advertising and tracking services. While explicit security headers are not fully confirmed, the overall posture is strong with no evident vulnerabilities or exposed sensitive data. However, the site could improve by publishing explicit security policies and incident response contacts. Overall, aponet.de presents a low-risk profile with high business credibility, excellent content quality, and solid technical implementation. Strategic recommendations include enhancing security header implementation, publishing vulnerability disclosure information, and expanding transparency around incident response to further strengthen trust and compliance.

W

Whois Corp.

whois.co.kr

11

Whois Corp., operating the website whois.co.kr, is a leading South Korean domain registration and business IT solutions provider established in 1998. The company offers a comprehensive suite of services including domain registration, email solutions, cloud hosting, SSL certificates, groupware, and website creation. The website reflects a mature digital presence with professional design, clear navigation, and extensive service offerings targeting businesses and enterprises in South Korea. The company maintains strong trust signals such as ISMS certification and KISA privacy excellence, and serves major Korean corporations as clients. Technically, the website employs modern JavaScript libraries like jQuery, Owl Carousel, and Google Analytics for tracking and user experience enhancement. Hosting appears to be managed internally by Whois Corp., with moderate performance and good mobile optimization. Security posture is strong with HTTPS enforced and domain status set to clientTransferProhibited, though DNSSEC is not implemented. Privacy compliance is adequate with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the security posture is robust with no evident vulnerabilities or exposed sensitive data. The WHOIS data is consistent and transparent, reinforcing the legitimacy of the domain and business. The website is fully accessible without WAF or blocking mechanisms, supporting a high trustworthiness rating. Strategic recommendations include implementing DNSSEC, enhancing security headers, and adding cookie consent to improve privacy compliance. This analysis concludes that Whois Corp. operates a professional, secure, and credible online presence suitable for its business domain and customer base.

K

Kakao Corp.

kakao.com

59

Kakao Corp. is a leading South Korean technology company specializing in AI, communication, lifestyle, business, shopping, and entertainment services. The company operates a diverse portfolio of digital platforms including KakaoTalk, KakaoMap, KakaoPay, and Melon, serving a broad general audience primarily in South Korea. The website demonstrates a high level of digital maturity with modern frameworks such as Nuxt.js and integration of major analytics and marketing tools. Security posture is strong with HTTPS enforcement and multiple security headers, though no explicit vulnerability disclosure or DPO contact details are published. Overall, the site is professional, well-structured, and compliant with privacy regulations, reflecting a trustworthy and enterprise-grade digital presence.

CaixaForum is a cultural initiative operated by the Fundación Bancaria Caixa d'Estalvis i Pensions de Barcelona, "la Caixa", providing a wide range of cultural activities including exhibitions, workshops, and family events across multiple centers in Spain. The website reflects a well-established non-profit organization with a clear mission to promote culture to the general public. The digital infrastructure is built on the Liferay CMS platform, leveraging modern web technologies and third-party services such as Google Analytics and ReadSpeaker for accessibility and analytics. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms in place. Security posture is good with HTTPS enforced and domain registration showing strong legitimacy, although some improvements in security headers and incident response transparency are recommended. Overall, the website is professional, trustworthy, and well-positioned within its cultural sector.

V

Victoria and Albert Museum

vam.ac.uk

76

The Victoria and Albert Museum (V&A) is a prominent UK-based family of museums dedicated to art, design, and performance. It offers a wide range of exhibitions, educational programs, and membership opportunities, positioning itself as a leading cultural institution with a strong public and international presence. The website reflects this stature with comprehensive content, clear navigation, and consistent branding. Technically, the site is built on a modern Ruby on Rails framework, employs responsive design, and integrates privacy and consent management tools such as OneTrust. Security practices are robust, with HTTPS enforced, CSRF protection, and no visible vulnerabilities. However, explicit security policies and incident response contacts are not publicly detailed, representing an area for improvement. Overall, the site demonstrates a mature digital infrastructure aligned with its institutional mission.

U

University of Bath

bath.ac.uk

65

The University of Bath website represents a leading UK higher education institution with a strong international reputation for teaching, research, and community engagement. The site effectively communicates its academic offerings, research impact, and enterprise initiatives, targeting students, staff, alumni, and business partners. The university maintains a consistent and professional brand presence with high-quality content and clear navigation. Technically, the website employs modern web technologies including jQuery, Foundation framework, Material Components Web, and integrates Google Tag Manager and Civic Cookie Control for analytics and privacy compliance. The site is mobile-optimized, accessible, and performs moderately well, though some improvements in hosting transparency and CMS identification could be made. From a security perspective, the site enforces HTTPS and uses nonce attributes for scripts, indicating a good security posture. However, it lacks explicit security headers and publicly available security policies or incident response contacts. No vulnerabilities or suspicious content were detected, and privacy compliance is strong with clear cookie and privacy policies aligned with GDPR. Overall, the website is trustworthy, professional, and well-maintained, with a high AI score reflecting excellent content quality, technical implementation, and business credibility. The absence of WHOIS data is due to Nominet UK privacy policies and does not detract from the domain's legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and adding vulnerability disclosure mechanisms to further strengthen trust and security.

P

Paul Mellon Centre

paul-mellon-centre.ac.uk

73

The Paul Mellon Centre is a UK-based non-profit educational charity dedicated to supporting original research into the history of British art and architecture across all periods. The organization offers key services including research support, publishing, events, conferences, grants, and fellowships, targeting academics, researchers, and students interested in British art history. The website reflects a professional and consistent brand image with good content quality and clear navigation, supporting its mission effectively. Technically, the site employs modern web technologies including JavaScript libraries, Google Analytics, and Cookiebot for privacy compliance, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and cookie consent implemented, though the absence of visible security headers and lack of published security policies suggest room for improvement. WHOIS data is unavailable due to privacy protection, which is justified for this type of organization. Overall, the site is trustworthy, safe, and compliant with GDPR, but could enhance transparency by publishing contact and security-related policies.

G

Goldsmiths, University of London

gold.ac.uk

59

Goldsmiths, University of London is a well-established higher education institution specializing in creative, cultural, and social disciplines. The website reflects a strong market position as a leading university in South East London, offering degree programs, research opportunities, and community engagement. The target audience includes prospective and current students, academics, and researchers. The business model focuses on education and research services with a large institutional size and a history dating back to 1904. Technically, the website employs a modern technology stack including multiple analytics and advertising pixels managed through Google Tag Manager, and uses TerminalFour CMS. The site is mobile-optimized, accessible, and SEO-friendly, with good performance. Cookie consent and privacy mechanisms are robust, reflecting GDPR compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security headers and a public security policy or incident response page suggests room for improvement. The WHOIS data is unavailable or privacy protected, which is common for UK academic domains and justified in this context. Overall, the website is professional, trustworthy, and secure with minor recommendations to enhance security transparency and header implementation. The risk level is low, and the site effectively supports the university's digital presence and business objectives.

C

Cornell University

cornell.edu

67

Cornell University is a prestigious Ivy League private research university offering comprehensive undergraduate, graduate, and professional education across multiple campuses including Ithaca, New York City, and Doha, Qatar. The institution is well-positioned in the education sector with a strong reputation for research and public engagement. The website reflects this stature with rich content, multimedia, and clear navigation targeting students, faculty, alumni, and the general public. Technically, the site employs modern web technologies including HTML5, CSS3, JavaScript, and integrates analytics and tag management tools to optimize user experience and data collection. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though additional security headers and published security policies could enhance protection. Privacy compliance is robust with clear privacy and cookie policies and GDPR considerations. Overall, the site demonstrates high professionalism and trustworthiness consistent with a leading educational institution.

C

Cardiff University

cardiff.ac.uk

64

Cardiff University is a leading higher education institution in Wales, recognized for research excellence and comprehensive academic offerings. The website reflects a mature digital presence with strong branding, clear navigation, and extensive content targeting prospective students, researchers, and partners. Technically, the site leverages modern CDN and analytics technologies, ensuring fast performance and good mobile responsiveness. Security posture is solid with HTTPS, cookie consent, and privacy policies in place, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site demonstrates high professionalism and trustworthiness consistent with a major university.

L

Lyon & Turnbull

lyonandturnbull.com

10

Lyon & Turnbull is a well-established UK specialist auction house with a rich history dating back to 1826. The company operates primarily in Edinburgh and London, offering expert auctioneering services in fine art, antiques, jewellery, and collectibles. Their market position is strong within the UK auction sector, targeting collectors and sellers of high-value items. The website reflects a professional and modern digital presence, utilizing advanced web technologies such as Next.js and Material-UI, and integrates multiple analytics and tracking tools with user consent mechanisms. Security posture is generally good with HTTPS enforced and no exposed sensitive data, though the absence of WHOIS data and security headers suggests room for improvement in transparency and security best practices. Privacy compliance is basic, with a cookie consent mechanism present but no explicit privacy or terms of service pages detected in the provided content. Overall, the website is trustworthy and professional, but the lack of domain registration data and some missing security policies slightly reduce the confidence level.

V

Vitsœ

vitsoe.com

72

Vitsœ is a specialized furniture company focused on modular, timeless designs created by Dieter Rams since 1959. The company operates a direct-to-consumer business model selling high-quality furniture designed for longevity and adaptability. Their market position is niche premium retail with a strong emphasis on sustainability and design heritage. Technically, the website is well-constructed using modern JavaScript libraries, Google Tag Manager, and OneTrust for privacy compliance, hosted on a performant CDN. Security posture is solid with HTTPS and bot protection via reCAPTCHA, though it lacks explicit security policies and incident response information. The absence of WHOIS data reduces transparency but the website content and branding are professional and trustworthy. Overall, the site demonstrates a mature digital presence with good privacy compliance and user experience.

W

Welsh Government

gov.wales

73

The Welsh Government website serves as the official digital portal for the devolved government of Wales, providing comprehensive information and services across a broad range of policy areas including health, education, environment, and public services. It targets residents, businesses, and public sector organizations within Wales, positioning itself as an authoritative and trusted source of government information. The website's business model is focused on public service and information dissemination, with a large-scale operational footprint and consistent branding. Technically, the site is built on Drupal 11, leveraging modern web technologies such as jQuery and Google Tag Manager for analytics and tracking. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The use of Sentry indicates proactive error monitoring. However, some security best practices like explicit security headers and a published security policy are absent. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, reflecting a strong privacy posture. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the official government entity, confirming legitimacy and trustworthiness. However, the absence of a security.txt file or incident response contact information suggests room for improvement in vulnerability disclosure and incident management. Overall, the website is professional, secure, and compliant with privacy regulations, making it a reliable resource for its audience. Strategic recommendations include enhancing security headers, publishing a security policy and incident response contacts, and adding a vulnerability disclosure mechanism to further strengthen trust and security posture.

F

Fredrikstad Webdesign AS

fredrikstadwebdesign.no

48

Fredrikstad Webdesign AS is a Norwegian web design and digital marketing company specializing in creating websites, e-commerce platforms, and multimedia content that rank well in Google search results. The company emphasizes quality, long-term client relationships, and local Norwegian language support. Their website demonstrates a mature digital presence with modern technologies such as WordPress, Yoast SEO, Google Tag Manager, and reCAPTCHA, indicating a strong technical infrastructure. Security practices include HTTPS enforcement and cookie consent mechanisms, though some security headers could be improved. Overall, the site is professional, well-structured, and compliant with GDPR requirements. The business shows strong trust signals including partner badges, awards, and client testimonials, supporting a high legitimacy score.

A

Arquine

arquine.com

49

Arquine is an established international architecture and design magazine primarily serving Spanish-speaking audiences, founded in 1999. The website operates on a WordPress CMS platform with WooCommerce integration, hosted on DigitalOcean infrastructure. It employs modern web technologies including Google Fonts, Google Analytics, TikTok and Facebook tracking pixels, and Google Tag Manager, indicating a mature digital marketing and analytics setup. Security posture is adequate with HTTPS enabled and domain transfer protections in place, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is weak due to the absence of visible privacy and cookie policies, which could expose the organization to regulatory risks. No direct contact or incident response information is provided, limiting transparency and user trust. Overall, the site is professional and content-rich but would benefit from improved privacy and security practices.

H

Hilson Moran

hilsonmoran.com

10

Hilson Moran is an interdisciplinary consultancy specializing in engineering and advisory services focused on shaping sustainable built environments. The company offers a broad range of expertise including acoustics, building performance, energy and carbon management, environmental consultancy, and smart building technologies. Positioned as a medium-sized firm with international reach, Hilson Moran is part of the Tyréns Group and holds a B Corporation certification, underscoring its commitment to sustainability and social responsibility. The website reflects a professional and modern digital presence with strong branding and comprehensive content tailored to business clients seeking expert consultancy services. Technically, the website is built on WordPress and leverages modern web technologies such as jQuery, Google Tag Manager, and CookieYes for privacy compliance. The site is well-optimized for SEO and mobile devices, with good accessibility features. Performance is moderate, with room for improvement in loading speed and technical optimizations. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms with detailed categories. However, it lacks explicit security headers and does not provide a public security policy or incident response contacts, which are areas for enhancement. The absence of WHOIS registration data for the domain raises concerns about domain legitimacy and trustworthiness, despite the professional appearance and content quality of the website. Overall, Hilson Moran's website demonstrates a strong business and technical foundation but would benefit from improved transparency in domain registration and enhanced security disclosures to bolster trust and compliance.

T

Tyréns Group

tyrens.com

9

Tyréns Group is a multidisciplinary consultancy specializing in sustainable urban design, infrastructure, and the built environment. The company positions itself as a market leader in delivering sustainable solutions for cities and infrastructure projects, targeting urban planners, municipalities, and infrastructure developers. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on Umbraco CMS and integrates modern tools such as Google Tag Manager and Cookiebot for analytics and cookie consent management. The site is mobile optimized and performs moderately well in terms of speed and accessibility. Security posture is solid with HTTPS enforced and standard security headers present, although there is room for improvement by adding a Content-Security-Policy header and publishing security policies. Privacy compliance is partially met with a cookie consent mechanism but lacks a visible privacy policy page. The absence of WHOIS registration data is a notable concern, reducing overall trustworthiness despite the professional appearance. Contact information is available, including a Stockholm office address and phone number, but no direct company emails were found. Overall, the site scores well but should address privacy and WHOIS transparency to improve credibility.

M

MasterCraft Boat Company

mastercraft.com

77

MasterCraft Boat Company is a leading manufacturer and marketer of premium performance inboard wakesurfing, wakeboarding, and ski boats. The company holds a strong market position as an innovator with numerous patents and awards, targeting watersports enthusiasts and boat buyers. Their business model includes direct sales supported by a dealer network and a comprehensive digital presence. The website reflects a mature digital infrastructure with modern technologies such as Google Analytics, Facebook Pixel, Microsoft Application Insights, and reCAPTCHA for security. The site is well-optimized for mobile and accessibility, featuring a professional design and clear navigation. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though explicit security headers and incident response contacts could be improved. Overall, the domain appears legitimate despite missing WHOIS data, supported by trust signals including NASDAQ listing and ISO certifications. Strategic recommendations include enhancing security header transparency, publishing vulnerability disclosure information, and improving incident response visibility.

E

E.M. StatusPal UG

noticely.io

63

Noticely is a technology startup offering a SaaS platform for hosted status pages and automated incident notifications, targeting small teams and growing companies. The platform emphasizes ease of use, scalability, and fair pricing, positioning itself as a modern alternative in the status communication market. The business is a product of E.M. StatusPal UG, founded in 2025, with a clear focus on technology and customer communication services. The website is professionally designed, mobile-optimized, and integrates modern analytics and consent management tools, reflecting a mature digital infrastructure for a young company. Security posture is solid with HTTPS, privacy protection in domain registration, and cookie consent mechanisms, though there is room for improvement in DNSSEC and security headers. Overall, the site is trustworthy, with transparent business information and active social media presence. Recommendations include enhancing security policies and publishing vulnerability disclosure information to further strengthen trust and compliance.

S

ShareDesk Global Inc.

optixapp.com

65

Optix, operated by ShareDesk Global Inc., is a specialized SaaS provider offering automation-first coworking and flexible workspace management software. The platform emphasizes end-to-end automation, including booking, invoicing, CRM, and branded mobile apps, targeting coworking operators and community managers seeking to streamline workflows and accelerate growth. The website presents a professional, well-branded, and content-rich experience with strong trust signals such as customer testimonials and industry awards. Technically, the site is built on WordPress with modern marketing and analytics tools integrated, including HubSpot, Google Analytics, and Facebook Pixel. Security posture is solid with HTTPS and some security plugins, though explicit security headers and policies are not evident. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks a visible cookie consent mechanism. WHOIS data for the domain is missing, which raises concerns about domain registration transparency, though the website content and branding suggest a legitimate business. Overall, the site is mature, professional, and well-optimized but would benefit from enhanced transparency and security disclosures.

M

Messe München GmbH

bauma.de

61

The bauma.de website represents the official online presence of the bauma trade fair, the world's leading exhibition for construction, mining, and building machinery. Managed by Messe München GmbH, the site serves a global audience of exhibitors, visitors, and journalists, providing comprehensive information about the event, including dates, exhibitor directories, programs, and visitor services. The business model centers on event organization and industry networking, positioning bauma as a key innovation and market platform in the manufacturing and transportation sectors. Technically, the website employs modern web technologies such as JavaScript ES modules, web components, and cloud-based hosting via Amazon Cloudfront and Azure Elastic Cloud, ensuring fast performance and excellent mobile optimization. Security posture is strong with HTTPS enforcement, security headers, and GDPR-compliant cookie consent mechanisms, although explicit security policies and incident response contacts are not prominently published. Overall, the site is professional, trustworthy, and well-aligned with industry standards, with no detected vulnerabilities or suspicious elements.