Security Directory

S

Stiftung z'Rieche

zrieche.ch

48

Stiftung z'Rieche is a Swiss cultural foundation dedicated to publishing the annual 'Jahrbuch z’Rieche', a yearbook focusing on the history, culture, and societal developments of the Riehen community near Basel. Established in 1961, the foundation serves a niche audience interested in regional heritage and cultural documentation. The website is built on TYPO3 CMS and integrates modern web technologies such as Google Analytics and Google Tag Manager for visitor tracking. The site is well-designed, mobile-optimized, and provides clear navigation to its key offerings including yearbook sales and news updates. However, direct contact information such as emails or phone numbers is not explicitly displayed, relying instead on a contact form.

O

OneStore

one.store

65

OneStore is a technology company specializing in AI-powered customer engagement and marketing solutions tailored for e-commerce businesses. Their platform offers a comprehensive suite of tools including abandoned cart recovery, social proof notifications, gamified popups, email and SMS marketing, and integrations with major e-commerce platforms such as Shopify, WooCommerce, and BigCommerce. The company has established a strong market presence with over 150,000 businesses using their services and more than 2,450 five-star reviews on the Shopify App Store, indicating high customer satisfaction and trust. Technically, the website employs a modern technology stack with JavaScript frameworks, analytics tools like Google Analytics and ProfitWell, and customer support integrations such as Crisp chat. The site is hosted behind Cloudflare, ensuring performance and security benefits. The website is well-optimized for mobile devices, accessible, and SEO-friendly, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and uses domain status protections to prevent unauthorized transfers or updates. Cookie consent mechanisms are implemented in compliance with GDPR and CCPA regulations. However, there is no explicit security policy or incident response contact information published, and DNSSEC is not enabled, which could be improved to enhance security posture. Overall, OneStore presents a professional, trustworthy, and technically sound online presence with strong privacy compliance and business credibility. Strategic improvements in security transparency and DNS security would further strengthen their risk profile.

Oceanpayment operates as an online payment service provider targeting global businesses with fast and secure payment processing solutions. The website presents a professional and consistent brand image, emphasizing its position as a leading payment processor. The technical infrastructure is based on WordPress with common analytics and marketing tools such as Google Analytics and Google Tag Manager, indicating a moderate level of digital maturity. The website is mobile optimized and includes a comprehensive cookie consent mechanism, reflecting good privacy compliance practices. However, the absence of WHOIS registration data and lack of explicit contact or security incident information introduces concerns regarding transparency and trustworthiness. Security posture is generally good with HTTPS enabled, but the lack of visible security headers and incident response details suggests room for improvement. Overall, the website is functional and professional but would benefit from enhanced transparency and security disclosures.

Swatch is a globally recognized watch brand operating an official Finnish e-commerce website offering a wide range of watches. The site is built on Salesforce Commerce Cloud, indicating a mature digital infrastructure supporting e-commerce functionalities such as product search, cart, and checkout. The website demonstrates strong branding consistency and professional design, targeting general consumers in Finland. Technically, the site uses modern web technologies and integrates multiple analytics and marketing tools, including Google Tag Manager and TikTok Analytics, with a cookie consent mechanism ensuring GDPR compliance. Security posture is solid with HTTPS enforced and CSRF protections, though explicit security headers should be verified. WHOIS data was unavailable from the raw output, likely due to query restrictions, but the domain is a well-known brand domain, reducing suspicion. Overall, the site is trustworthy, professional, and compliant with privacy regulations.

S

search.ch AG

search.ch

71

search.ch AG operates a leading Swiss local search engine and directory platform offering a wide range of services including phone directory, weather, maps, route planning, timetables, TV guides, cinema listings, and web search. The website targets Swiss residents and users seeking localized information, positioning itself as a comprehensive and trusted Swiss information hub. The business model centers on providing free access to local data supported by advertising revenue, with partnerships such as localsearch.ch enhancing its ecosystem. Technically, the site employs modern JavaScript libraries, advertising technologies, and analytics tools, delivering a good user experience with mobile optimization and multilingual support. Security posture is strong with HTTPS enforced and secure login forms, though formal security policies and incident response contacts are not publicly documented. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism, trustworthiness, and technical maturity.

G

Gilde etablierter Schweizer Gastronomen

gilde.ch

57

Gilde etablierter Schweizer Gastronomen is a Swiss hospitality association focused on promoting high-quality gastronomy across Switzerland. Their website offers a comprehensive restaurant search tool, gourmet guides, recipes, food trends, and event information, targeting both consumers and member restaurants. The platform supports members and partners through digital marketing and event engagement, positioning itself as a reputable player in the Swiss gastronomy sector. Technically, the website is built on WordPress with WooCommerce and Elementor, leveraging modern web technologies and SEO best practices. The site is mobile-optimized and integrates Google Analytics and social media for marketing and user engagement. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers could be improved. No critical vulnerabilities or suspicious activities were detected. Overall, the website demonstrates a professional, trustworthy, and user-friendly digital presence aligned with its business goals.

Energiestadt Turbenthal is a community-driven energy and sustainability initiative based in Turbenthal, Switzerland. The website serves as a platform to inform residents and stakeholders about local energy projects, sustainability efforts, and community events. It is positioned as a local government affiliated entity focused on promoting renewable energy and sustainable living. The site leverages TYPO3 CMS and integrates Google Analytics and Tag Manager for visitor insights, with basic privacy considerations such as IP anonymization. The design is professional and user-friendly, with clear navigation and mobile optimization. However, the absence of explicit privacy and cookie policies represents a compliance gap. Security posture is adequate with HTTPS enabled but lacks several recommended security headers. Contact information is available via a contact form and obfuscated email, enhancing user communication. Overall, the site is trustworthy and well-aligned with its community mission.

M

Macardo-Club 1904

macardo-club.ch

55

Macardo-Club 1904 is a niche hospitality club based in Switzerland, focused on providing an exclusive social and enjoyment experience centered around the Macardo Swiss Distillery brand. The club offers personalized membership cards granting access to a unique honesty bar and cigar lounge, along with events and corporate benefits. The website reflects a professional and consistent brand image with clear contact information and active event promotion. Technically, the site is built on WordPress with WooCommerce and uses modern web technologies and SEO best practices, though performance is moderate. Security posture is good with HTTPS and no obvious vulnerabilities, but lacks explicit security policies and headers. Privacy compliance is partial, with a cookie policy and consent mechanism present but no privacy policy page found. Overall, the domain registration and WHOIS data support legitimacy and consistency with the business claims.

C

Carcept Prev

carcept-prev.fr

71

Carcept Prev is a French social protection insurer specializing in the transport sector, offering health, retirement, and provident insurance solutions tailored to transport employees and companies. The website presents a professional and well-structured digital presence, leveraging Drupal CMS and modern web technologies to deliver a responsive and accessible user experience. The site includes comprehensive privacy and cookie policies with active consent mechanisms, reflecting good GDPR compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the website reflects a trustworthy and credible business entity with a clear focus on its niche market.

C

Caritas beider Basel

caritas-beider-basel.ch

11

Caritas beider Basel is a regional non-profit organization focused on providing social and legal support services, integration assistance, and emergency aid to individuals in the Basel-Landschaft and Basel-Stadt regions of Switzerland. The organization operates multiple service locations and offers a wide range of programs including social counseling, legal advice related to social welfare, secondhand clothing stores, affordable meals, child sponsorships, and support for caregivers. Their market position is strong within the regional social services sector, supported by their ZEWO certification which attests to their trustworthy handling of donations. Technically, the website employs modern web technologies including JavaScript, Google Tag Manager, and SEOmatic for SEO management. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and professional design. Privacy and cookie policies are implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Analytics usage is extensive, leveraging Google Analytics and Tag Manager, with transparent cookie consent. From a security perspective, the site uses HTTPS and includes CSRF tokens, but explicit security headers are not clearly visible in the HTML content. No critical vulnerabilities or exposed sensitive data were detected. The domain WHOIS data aligns well with the organization's identity and location, indicating legitimacy and consistency. No WAF or blocking mechanisms interfere with content access. Overall, Caritas beider Basel presents a professional, trustworthy, and well-maintained online presence that supports its mission of social aid and community support. Strategic recommendations include enhancing security headers, publishing a formal security policy, and establishing a vulnerability disclosure process to further strengthen their security posture.

W

West Fraser Timber Company

westfraser.com

53

West Fraser Timber Company operates a professional corporate website focused on manufacturing renewable wood building products. The company targets construction professionals and sustainability-conscious customers, positioning itself as a large player in the manufacturing sector. The website is built on Drupal 10, leveraging modern technologies such as Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is well optimized for mobile and accessibility, with good SEO practices and a clear cookie consent mechanism. Security posture is solid with HTTPS enforced, though explicit security headers are not detected and no vulnerability disclosure policy is published. WHOIS data for the domain is unavailable, which raises transparency concerns but does not negate the professional appearance and trust signals on the site. Overall, the website demonstrates a mature digital presence suitable for a large manufacturing business.

I

Infomaniak Network SA

swisstransfer.com

10

SwissTransfer is a free large file transfer service operated by Infomaniak Network SA, a Swiss hosting company. The service allows users to send files up to 50 GB without registration, storing data securely in Switzerland for up to 30 days. The website is professionally designed using modern web technologies such as Angular and Stencil web components, with integrations for Google reCAPTCHA and Google Tag Manager to enhance security and analytics. Despite the lack of WHOIS data, the branding and social media presence strongly associate the service with Infomaniak, indicating legitimacy. However, explicit privacy and cookie policies are not clearly presented, which is a compliance gap.

P

Portal für den deutschen Holzfachhandel – Holz vom Fach

holzvomfach.de

10

Holz vom Fach is a specialized German portal dedicated to the wood trade industry, providing comprehensive information on wood products, expert advice, and a directory of wood dealers across Germany. The website serves both industry professionals and consumers interested in sustainable wood products and related educational content. It positions itself as a trusted resource with a strong emphasis on sustainability and apprenticeship opportunities within the wood sector. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates SEO and analytics tools such as All in One SEO and Google Tag Manager. The site demonstrates good mobile optimization and accessibility, though some improvements in security headers could be made. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks explicit security policy or incident response contacts. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Overall, the site is professional, trustworthy, and well-aligned with its business goals.

M

Meier + Cie AG

schaffhauser-magazin.ch

10

Schaffhauser Magazin is a regional cultural and society magazine published by Meier + Cie AG in Switzerland. It targets readers interested in the cultural scene of the Schaffhausen region and offers advertising opportunities for local businesses. The magazine is published one to two times per year and distributed with the Schaffhauser Nachrichten newspaper. The website presents a professional and consistent brand image with clear contact information and a cookie consent mechanism, indicating a moderate level of digital maturity. Technically, the site uses jQuery, Google Tag Manager, and the Skel responsive framework, but lacks advanced CMS or hosting details. Security posture is adequate with HTTPS and cookie consent but lacks explicit security headers and incident response policies. Overall, the site is trustworthy and well-positioned in its niche but could improve in mobile optimization and security transparency.

S

SOBAG AG

nordagenda.ch

65

Nordagenda.ch is a regional event and cultural platform operated by SOBAG AG and associated with Meier + Cie AG, focusing on providing comprehensive event listings, cinema programs, gastronomy guides, and cultural information primarily for the Schaffhausen region and neighboring areas in Switzerland and southern Germany. The website offers categorized event data, interactive search and calendar features, and integrates social media channels to engage its audience. Technically, the site uses a modern tech stack including Bootstrap, jQuery, and various analytics and advertising services, delivering a good user experience with mobile responsiveness and clear navigation. Security posture is adequate with HTTPS and reCAPTCHA usage, but lacks some recommended security headers and explicit security policies. Privacy compliance is basic with a cookie consent banner and a privacy policy accessible via the contact/impressum page. Overall, the site is legitimate, well-branded, and serves its target audience effectively.

DeinDeal AG operates a Swiss-focused e-commerce platform specializing in private sales offering discounts up to 70% on a wide range of products including apparel, cosmetics, home goods, and travel. The company targets consumers in Switzerland seeking branded products at discounted prices. The website demonstrates a mature digital infrastructure leveraging modern web frameworks such as Next.js and React, integrated with Prismic CMS for content management. Performance and error monitoring are implemented via New Relic, and bot protection is enforced using Google reCAPTCHA v3. The security posture is strong with HTTPS and Content Security Policy in place, although explicit security policy and incident response information are not publicly available. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms active. Overall, the platform presents a professional and trustworthy online retail experience with extensive marketing and analytics integrations.

S

Schweizer Agrarmedien AG

tierwelt.ch

66

TierWelt is a Swiss-based animal and nature magazine operated by Schweizer Agrarmedien AG, targeting readers interested in animals, nature, and environmental topics. The website offers rich editorial content, subscription services, classifieds, and e-paper access, positioning itself as a reputable media outlet in Switzerland. The business model combines content publishing with advertising and subscription revenue streams. Technically, the site is built on TYPO3 CMS with a modern tech stack including jQuery, Flipster, and multiple analytics and advertising integrations. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is strong with HTTPS, security headers, CAPTCHA protections, and cookie consent mechanisms, although explicit security policies and incident response contacts are not published. WHOIS data confirms the legitimacy and consistency of the domain registration with the business identity. Overall, the website is professional, trustworthy, and compliant with privacy regulations.

É

État de Vaud - Direction générale de l’enseignement supérieur (DGES)

hev.ch

63

The Direction générale de l’enseignement supérieur (DGES) is a governmental entity under the Canton of Vaud, Switzerland, responsible for the strategic oversight and policy development of higher education institutions within the canton. It supports education, research, and innovation, focusing on optimizing conditions for universities and specialized schools. The website serves as an official communication channel providing detailed information on missions, projects, legal frameworks, and contact points for stakeholders including students, academic institutions, and government partners. Technically, the website is built on TYPO3 CMS with modern frameworks like Bootstrap, and integrates analytics tools such as Matomo, Mouseflow, and Google Tag Manager. The site demonstrates good mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure suitable for a public sector organization. From a security perspective, the site enforces HTTPS and uses some security headers, though explicit security policies and incident response contacts are not published. No vulnerabilities or suspicious content were detected. Privacy compliance is basic, with cookie consent mechanisms and a privacy policy present, but GDPR compliance is not explicitly stated. Overall, the website is trustworthy, professional, and well-maintained, with a strong alignment between domain registration and organizational identity. Strategic recommendations include enhancing security header implementation, publishing security and incident response policies, and improving privacy compliance transparency.

G

Gotthilf Benz Turngerätefabrik GmbH + Co KG

benz-sport.de

57

Gotthilf Benz Turngerätefabrik GmbH + Co KG operates a professional e-commerce platform specializing in sports equipment manufacturing and retail. The company targets a broad audience in Germany and neighboring countries, offering a wide range of sports products with a focus on quality and service. The website is well-branded, consistent, and provides clear contact and business information, reinforcing its market position as a trusted sports equipment provider. Technically, the website leverages Prestashop CMS with modern integrations such as Google Tag Manager, Facebook Pixel, and PayPal SDK, indicating a mature digital infrastructure. The site is mobile-optimized and includes SEO best practices, although some accessibility features could be enhanced. Performance is moderate, suitable for the business scale. Security posture is solid with HTTPS enforced and GDPR compliance mechanisms in place, including cookie consent and privacy policy. However, explicit security headers could be improved. No critical vulnerabilities or suspicious activities were detected. The WHOIS data aligns well with the business identity, supporting legitimacy. Overall, the website presents a low-risk profile with good privacy compliance and business credibility. Strategic improvements in security headers and accessibility would further strengthen its posture.

A

ARAG Allgemeine Versicherungs-AG

arag.de

68

ARAG Allgemeine Versicherungs-AG is Germany's largest family-owned insurance company, offering a broad portfolio of insurance products including legal protection, health, liability, travel, home, pet, and commercial insurance. The website reflects a mature, well-established business with over 90 years of market presence and a strong customer base exceeding 12 million. The company emphasizes tailored insurance solutions and customer service accessibility through multiple channels including online portals, live chat, and local advisors. The site is professionally designed, mobile-optimized, and rich in content relevant to its target audience of private and commercial insurance customers in Germany. Technical infrastructure incorporates modern web technologies, consent management, and analytics tools, indicating a digitally mature organization. Security posture is strong with HTTPS, consent mechanisms, and reputable third-party integrations, though explicit security policies and vulnerability disclosure mechanisms are not publicly detailed. Overall, ARAG's website demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, supporting its market leadership and customer trust.

P

PickyStory

heyamplify.com

61

Amplify, operated by PickyStory, is a SaaS growth platform designed specifically for Shopify merchants to increase revenue through AI-powered bundles, upsells, and subscription services. The platform targets e-commerce brands seeking to boost average order value and conversions with intelligent cart and checkout optimizations. The website is professionally built on WordPress using Elementor and integrates multiple marketing and analytics tools such as HubSpot, Google Analytics, and Facebook Pixel, indicating a mature digital marketing infrastructure. Security posture is adequate with HTTPS and domain transfer protections, though improvements like DNSSEC and security headers are recommended. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Overall, the site is trustworthy, business-focused, and well-positioned in the e-commerce SaaS market.

S

Sparkassen- und Giroverband Hessen-Thüringen (SGVHT)

mein-fahrtwind.de

55

Mein Fahrtwind is a promotional website operated by the Sparkassen- und Giroverband Hessen-Thüringen (SGVHT), a public financial association in Germany. The site hosts a contest offering participants the chance to win one of eight electric scooters, targeting residents of Hessen, Thüringen, and parts of Rheinland-Pfalz. The website is professionally designed with comprehensive legal and privacy documentation, reflecting a strong commitment to GDPR compliance and user data protection. The contest employs a double opt-in mechanism to ensure participant consent and data accuracy. Technically, the site uses modern web technologies including Google Tag Manager, Matomo analytics, Adobe Typekit fonts, and a cookie consent management system. Hosting is managed via DomainControl, indicating a professional infrastructure. The site is mobile-optimized and accessible, with good SEO practices. Security measures include HTTPS and IP masking in analytics, though HTTP security headers are not explicitly detected. From a security perspective, the site demonstrates good practices with no visible vulnerabilities or exposed sensitive data. Privacy policies are detailed and transparent, including a named data protection officer contact. No incident response or vulnerability disclosure policies are found, which could be areas for improvement. Overall, the site presents a low risk profile with strong compliance and trust indicators. Strategically, the site effectively supports the SGVHT's marketing and public engagement goals, leveraging digital tools to promote sustainable mobility. The integration of multiple marketing and tracking tools is balanced with user privacy considerations, positioning the organization as responsible and trustworthy in its digital presence.

S

Sparkassen- und Giroverband Hessen-Thüringen (SGVHT)

finanzen-mit-daniel-jung.de

47

The website 'finanzen-mit-daniel-jung.de' is an educational platform focused on financial literacy, primarily targeting students and educators in the Hessen and Thüringen regions of Germany. It is operated under the auspices of the Sparkassen- und Giroverband Hessen-Thüringen, a reputable financial association. The site offers a series of well-structured, easy-to-understand videos and learning materials to enhance financial knowledge. The partnership with Sparkassen and the inclusion of the Sparkassen-SchulService platform reinforce its credibility and regional relevance. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and integrates Google Tag Manager and Matomo for analytics, alongside a GDPR-compliant cookie consent mechanism. The site is hosted on servers indicated by the nameservers 'your-server.de' and related domains, suggesting a professional hosting environment. The site is mobile-optimized and demonstrates good SEO and accessibility practices, though some improvements in accessibility and security headers could be made. From a security perspective, the site uses HTTPS with strong SSL configuration and implements cookie consent for privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies and terms of service are comprehensive and clearly presented, with a designated data protection officer contact provided. The site does not employ a vulnerability disclosure policy, which could be considered for future enhancement. Overall, the website presents a low-risk profile with strong business credibility and compliance posture. It effectively serves its educational mission with professional content and transparent governance. Strategic recommendations include enhancing HTTP security headers, formalizing a vulnerability disclosure process, and improving accessibility features to further strengthen the site's security and user experience.

H

Helvetiarockt

helvetiarockt.ch

48

Helvetiarockt is a Swiss non-profit organization dedicated to empowering girls, women, intersex, non-binary, trans, and agender individuals through music workshops, sensitization events, and networking platforms. The organization positions itself as a niche player in the Swiss cultural and social empowerment sector, leveraging partnerships such as musicdirectory.ch and diversityroadmap.org to extend its reach and impact. The website is multilingual, supporting German, French, Italian, Romansh, and English, reflecting its inclusive and broad audience approach. Technically, the website is built on WordPress with modern integrations including Google Analytics, Google Tag Manager, and Elfsight widgets. It uses jQuery and GSAP for animations and interactive elements. The site demonstrates good mobile optimization and SEO practices, although some accessibility features could be enhanced. Performance is moderate, with deferred script loading to improve user experience. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks advanced security headers and explicit security or incident response policies. Privacy compliance is basic, with privacy and cookie policies present but no active consent mechanism. The site collects user data via newsletter subscription forms and uses tracking scripts moderately. Overall, Helvetiarockt presents a trustworthy and professional online presence with a clear mission and audience. Security and privacy practices are adequate but could be improved to meet higher compliance standards. The domain registration data aligns well with the organization's profile, supporting legitimacy. Strategic recommendations include enhancing security headers, implementing cookie consent, and publishing explicit security policies to strengthen trust and compliance.

T

Theater Basel

theater-basel.ch

56

Theater Basel is a well-established cultural institution in Switzerland offering a diverse range of performing arts including opera, theater, and ballet. The website effectively communicates its offerings with detailed event calendars, production information, and ticket purchasing options. The institution targets a broad audience including families, schools, and general theater enthusiasts. Technically, the website is built on Drupal 10, employs modern web technologies, and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Security posture is strong with HTTPS and security headers, though improvements can be made in privacy compliance by adding cookie consent mechanisms and publishing terms of service. Overall, the website reflects a professional and trustworthy organization with a solid digital presence.

Avadis Vorsorge AG is a Swiss financial services company specializing in pension fund management and investment solutions for institutional and private clients. The company offers a range of services including pension fund administration, private equity investments, real estate investments, and financial planning. With over 450 institutional clients and a strong presence in Switzerland, Avadis positions itself as a reliable and independent partner in the financial sector. The website reflects a professional and consistent brand image, targeting institutional investors and private individuals seeking investment opportunities and pension solutions. Technically, the website employs modern JavaScript frameworks, Google Analytics, and OneTrust for cookie consent, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Security-wise, the site uses HTTPS with strong SSL configuration and appropriate security headers, but lacks publicly available security policies or incident response contacts. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates a high level of professionalism and trustworthiness, with minor recommendations to enhance security transparency and incident response readiness.

M

mediacampus-frankfurt

mediacampus-frankfurt.de

66

Mediacampus Frankfurt is an established educational institution specializing in seminars, training, and educational programs for the book trade and media industry in Germany. The website presents a professional and well-structured platform offering a variety of courses, webinars, and training sessions targeting professionals, newcomers, and specialists in publishing and media sectors. The institution maintains a strong social media presence and provides detailed event information, enhancing its market position as a key player in media education. Technically, the website employs modern web technologies including JavaScript, Algolia Search for site search functionality, and Google Tag Manager for analytics, which is loaded conditionally upon cookie consent. The site is hosted on Anexia servers, uses HTTPS with good SSL configuration, and is optimized for mobile devices with good accessibility and SEO practices. However, some security headers are not explicitly detected, and no explicit security or incident response policies are published. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and privacy-aware analytics loading. No vulnerabilities or exposed sensitive data were found in the provided content. The WHOIS data aligns with the business claims, showing consistent domain registration and hosting. Privacy and cookie policies are not explicitly found in the provided content, which is a compliance gap. Overall, the site is safe, professional, and trustworthy with room for improvement in privacy disclosures and security policy transparency.

À

À la lyonnaise

alalyonnaise.fr

61

À la lyonnaise is a French lifestyle media company focusing on the city of Lyon, offering content related to food, shopping, cultural discoveries, and leisure activities. The website serves as a digital platform complementing their print magazine editions, targeting residents and visitors interested in Lyon's local culture and lifestyle. Their market position is that of a niche local media outlet with a consistent brand presence and active social media engagement. Technically, the website employs modern JavaScript libraries, Matomo and Google Analytics for tracking, and uses HTTPS with cookie consent mechanisms, indicating a moderate level of digital maturity. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS and cookie consent but lacks explicit security headers and public security policies, suggesting room for improvement in security posture. No critical vulnerabilities or blocking mechanisms were detected. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, though it could enhance transparency around terms of service and incident response. Strategic recommendations include implementing security headers, publishing security policies, and improving SEO and accessibility compliance.

O

Office du Tourisme et des Congrès de la métropole de Lyon

visiterlyon.com

69

The website www.visiterlyon.com serves as the official tourism portal for Lyon and its metropolitan area, operated by the Office du Tourisme et des Congrès de la métropole de Lyon. It provides comprehensive tourism information, online booking services for hotels, restaurants, leisure activities, and city passes such as the Lyon City Card. The site targets tourists, families, business travelers, and groups, positioning itself as an authoritative and trusted source for visiting Lyon. The content is rich, professionally presented, and available in multiple languages, enhancing accessibility and user experience. Technically, the website employs modern web technologies including Alpine.js for interactivity, Swiper.js for sliders, and MapLibre GL for mapping. It integrates Google Tag Manager and Google reCAPTCHA for analytics and security. The site is mobile-optimized, accessible, and SEO-friendly, with good performance metrics. Security best practices are observed with HTTPS enforcement, security headers, and secure forms, although explicit security policy and incident response information are not published. The security posture is strong with no detected vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies, GDPR adherence, and consent mechanisms. However, WHOIS data for the domain is missing or unavailable, which is unusual for an official entity and slightly impacts trustworthiness. Despite this, the website's certifications, social media presence, and comprehensive content support its legitimacy. Overall, the website is a high-quality, secure, and user-friendly platform for promoting tourism in Lyon. Strategic recommendations include publishing a dedicated security policy, incident response contacts, and a vulnerability disclosure policy to further enhance trust and transparency.

N

NETHINKS GmbH

nethinks.com

56

NETHINKS GmbH is a well-established German IT and telecommunications service provider founded in 2004. The company specializes in network solutions, VoIP, web and mail hosting, and professional IT infrastructure consulting. Positioned as a manufacturer-neutral partner, NETHINKS serves business clients with tailored, future-proof communication and IT infrastructure solutions. Their market presence is reinforced by partnerships with major technology vendors and an ISO 27001 certification, underscoring their commitment to security and quality. Technically, the website is built on WordPress using WPBakery Page Builder and integrates Borlabs Cookie for GDPR-compliant cookie management. The site employs modern web technologies including jQuery and Google Tag Manager for analytics and marketing. Hosting and domain registration are managed by Vautron Rechenzentrum AG, a reputable provider. The website demonstrates good mobile optimization, SEO practices, and accessibility features, though some security headers are missing. From a security perspective, NETHINKS shows a mature posture with HTTPS enforced, cookie consent mechanisms, and ISO 27001 certification. However, there is room for improvement in publishing explicit incident response contacts and security.txt files. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear policies and consent management in place. Overall, NETHINKS GmbH presents a trustworthy and professional online presence with solid business credibility and technical implementation. The risk profile is low, but enhancing security headers and incident response transparency would further strengthen their security posture.

P

ProveSource

provesrc.com

61

ProveSource operates as a SaaS provider specializing in social proof and live sales notification tools designed to boost online sales conversions. The company positions itself as a market leader in this niche, targeting e-commerce businesses and online marketers. The website reflects a modern WordPress-based infrastructure with Elementor and Yoast SEO plugins, supported by AWS hosting inferred from DNS servers. The technical setup includes multiple analytics and marketing scripts such as Mixpanel, Facebook Pixel, and Google Tag Manager, indicating a mature digital marketing strategy. Security posture is adequate with HTTPS enabled and domain registration protections in place, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies, which is a notable gap for GDPR and other regulations. Overall, the site is professional and trustworthy but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

T

Tablet LLC

tablethotels.com

65

Tablet Hotels operates as a specialized online booking platform focusing on boutique and luxury hotels worldwide. Affiliated with the MICHELIN Guide since 2018, it offers curated hotel selections, verified reviews, concierge-level service, and exclusive member benefits through its Tablet Plus program. The website targets discerning travelers seeking unique and memorable lodging experiences. Technically, the site leverages a modern React-based single-page application architecture, supported by a headless CMS (Strapi) and CDN hosting via Amazon CloudFront. It integrates multiple third-party analytics and marketing tools including Google Tag Manager, Facebook SDK, and Kameleoon for A/B testing. Security posture is strong with HTTPS enforced and tokenization for payment data, though explicit security headers and published security policies are absent. Privacy compliance is partial, lacking visible privacy and cookie policies despite consent mechanisms being present. Overall, the site demonstrates high professionalism, good performance, and strong branding consistency.

P

Pilgerzentrum St. Jakob Zürich

jakobspilger.ch

49

Pilgerzentrum St. Jakob Zürich is a small non-profit organization affiliated with the reformierte Kirche Zürich, focused on offering spiritual pilgrimage experiences, thematic pilgrimages, community events, and educational programs. Their website provides detailed event listings, newsletter signups, and community engagement features targeting pilgrims and spiritually interested individuals primarily in Switzerland. Technically, the site uses modern JavaScript libraries such as jQuery and Swiper.js, integrates Google Analytics and Tag Manager for tracking, and is built on the Redaxo CMS platform. The site is mobile optimized with good SEO and accessibility basics. Security posture is solid with HTTPS enforced and email obfuscation implemented, though it lacks advanced security headers and explicit security policies. Privacy and cookie policies are present and GDPR compliant. WHOIS data confirms the domain is registered consistently with the organization's identity, enhancing trust. Overall, the site is professional, trustworthy, and well-suited for its community-focused mission.

M

MVB GmbH

vlb.de

46

MVB GmbH operates the VLB (Verzeichnis Lieferbarer Bücher), a central platform for automated exchange of product information in the German-speaking book industry. The website serves key stakeholders including bookstores, publishers, self-publishers, and service providers, offering services such as order clearing (IBU), reference databases, and subscription discounts. The platform holds a strong market position as an authoritative source in its sector. Technically, the website employs modern web technologies including Bootstrap, Owl Carousel, and Google Tag Manager, hosted on Anexia infrastructure. It features responsive design, good SEO, and accessibility standards, with a cookie consent mechanism ensuring privacy compliance. The site is well-structured and professionally designed, providing a positive user experience. From a security perspective, the site uses HTTPS with good SSL configuration and no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policy pages, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced security posture. Overall, the website is trustworthy, professionally maintained, and compliant with GDPR. The WHOIS data aligns with the business entity, reinforcing legitimacy. Strategic improvements in security transparency and incident response readiness would further strengthen the platform's reliability.

M

MVB GmbH

mvb-online.com

65

MVB GmbH operates as a central technology and information provider in the book industry, offering digital platforms and media formats to publishers, booksellers, self-publishers, and service providers primarily in Germany and internationally. The company has a strong market position as a connector within the book industry, supported by a professional and content-rich website that reflects its business focus and international presence. Technically, the website employs modern web technologies including FontAwesome, Google Tag Manager, and a cookie consent management system, hosted on Anexia infrastructure. The site is mobile optimized and SEO friendly, providing a good user experience. Security posture is solid with HTTPS enforced and domain transfer protection, though improvements like DNSSEC and enhanced security headers are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the domain registration data aligns well with the business claims, indicating a trustworthy and established entity.

N

National Geographic España

nationalgeographic.es

55

National Geographic España operates as a prominent media brand delivering high-quality content focused on science, nature, history, and travel. The website serves a broad general audience with a mix of free and subscription-based content, supported by advertising partnerships and e-commerce through affiliated domains. The brand is well-established in Spain, leveraging multimedia content and digital subscriptions to maintain market relevance. Technically, the website employs a modern tech stack including advanced advertising technologies, consent management via Didomi, and multimedia delivery through JWPlayer. The site is mobile-optimized and uses HTTPS with appropriate security headers, reflecting a mature digital infrastructure. However, some areas such as explicit privacy policy publication and accessibility could be improved. Security posture is solid with HTTPS enforcement and consent mechanisms, but lacks visible vulnerability disclosure or incident response contacts. The absence of WHOIS data limits domain trust verification, though the website's professional presentation and branding strongly indicate legitimacy. Overall, the site presents a low-risk profile with good content quality and technical implementation, but should enhance transparency around privacy, contact information, and security disclosures to strengthen trust and compliance.

B

BOSS TONE EXCHANGE

bosstoneexchange.com

56

BOSS TONE EXCHANGE is a specialized online platform launched in 2022 that enables users of BOSS musical products to share original Livesets globally. The platform targets musicians and music producers who use BOSS gear, providing a community-driven service focused on content sharing. The website is professionally designed with good SEO and mobile optimization, leveraging modern web technologies and third-party services such as Google Analytics and OneTrust for cookie consent management. Hosting appears to be on AWS infrastructure, ensuring reliable performance. Security posture is adequate with HTTPS enforced and cookie consent implemented; however, DNSSEC is not enabled and security headers are missing, representing areas for improvement. No direct contact information or detailed security policies are published, which could impact user trust. Overall, the domain registration is consistent and legitimate, supporting the platform's credibility. The site contains no adult or questionable content and maintains a safe environment for general audiences.

K

Krüger + Co. AG

krueger.ch

58

Krüger + Co. AG is a Swiss medium-sized company specializing in heating, cooling, humidification, dehumidification, and water damage drying solutions, serving both industrial and residential markets across 21 locations. The company offers a broad range of products and services including emergency heating, climate systems, and consulting, positioning itself as a reliable regional player in the energy sector. Technically, the website is built on WordPress with WooCommerce, enhanced by modern plugins for SEO, multilingual support, and GDPR compliance. Analytics tools like Microsoft Clarity, Google Tag Manager, and Hotjar are used for user behavior insights. Security posture is solid with HTTPS and consent mechanisms, though security headers and explicit policies could be improved. Overall, the website is professional, user-friendly, and trustworthy, with transparent contact information and compliance with privacy regulations.

F

FORS AG

fors.ch

68

FORS AG is a Swiss-based company specializing in the retail and professional supply of household and commercial appliances, with over 40 years of market presence. The website showcases a broad product range including cooling, cooking, washing, and professional equipment, supported by warranty and service offerings. The company targets both private consumers and professional clients, positioning itself as a trusted specialist in its sector. Technically, the website is built on WordPress with WooCommerce, leveraging modern SEO and marketing tools such as Yoast SEO, Google Tag Manager, and multiple tracking pixels. The site demonstrates good design quality, mobile optimization, and SEO practices, though accessibility could be enhanced. Security posture is strong with HTTPS and security headers implemented, but lacks explicit privacy and cookie policies, which impacts compliance. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

S

Schulthess Maschinen AG

schulthess.ch

59

Schulthess Maschinen AG is a well-established Swiss manufacturer and retailer specializing in washing machines, dryers, and dishwashers. The company emphasizes innovation rooted in tradition, targeting both homecare and professional customers primarily in Switzerland and German-speaking regions. Their business model combines product sales, service contracts, and an online shop for wash cards, positioning them as a trusted brand in the household appliance sector. The website reflects a mature digital presence with multilingual support and comprehensive customer engagement tools. Technically, the site is built on WordPress with Elementor and integrates modern analytics and marketing tools such as Google Analytics, Google Tag Manager, and Facebook Pixel. Security posture is strong with HTTPS enforced and GDPR-compliant cookie consent mechanisms, although explicit security policies and incident response contacts are not publicly disclosed. Overall, the website is professional, secure, and compliant, supporting the company's market position effectively.

S

Swiss Olympic

coolandclean.ch

64

The website coolandclean.ch represents a national youth sports prevention program operated under the auspices of Swiss Olympic. It focuses on promoting healthy behaviors, fair play, and substance abuse prevention among young athletes and their leaders. The platform offers educational content, training tips, a material shop, and community support including regional ambassadors and consultation services. The site is well-branded, professionally designed, and targets youth sports organizations and their stakeholders in Switzerland. Technically, the site employs modern web technologies including Google Analytics, Facebook Pixel, and Google Maps API, likely built on a CMS such as Adobe Experience Manager. Security posture is strong with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response contacts are not visible. Overall, the domain registration aligns well with the business identity, supporting legitimacy and trustworthiness.

N

natelo

natelo.ch

64

natelo is a Swiss-based retail and e-commerce company specializing in mobile subscriptions, smartphones, buyback, repairs, and accessories. The company operates both online and through four physical locations, targeting Swiss consumers seeking mobile technology products and services. The website presents a professional and consistent brand image with a clear focus on the Swiss market. Technically, the site is built on WordPress with WooCommerce and Elementor, leveraging modern plugins for SEO and payment processing. It employs HTTPS and security best practices such as Google reCAPTCHA and cookie consent management, indicating a mature digital infrastructure. However, the absence of a dedicated privacy policy and terms of service pages represents a compliance gap. Security posture is strong with appropriate headers and no visible vulnerabilities, but incident response and security policy documentation are lacking. Overall, natelo demonstrates a solid market presence with good technical and security foundations but should enhance privacy compliance and transparency to improve trust and regulatory adherence.

S

Suva

suva.ch

75

Suva is a leading Swiss public institution specializing in accident prevention, insurance, and rehabilitation services. The organization serves a broad audience including employers and insured individuals across Switzerland, positioning itself as a key player in the national insurance and healthcare sector. The website reflects a mature digital presence with a clear focus on user experience and compliance with privacy regulations. Technically, the site leverages modern frameworks such as Angular, integrates reputable third-party services like Google Tag Manager and Cookiebot, and employs a Sitecore CMS backend, indicating a robust and scalable infrastructure. Security posture is strong with enforced HTTPS, cookie consent mechanisms, and CSRF protections, although explicit security policies and incident response contacts are not publicly detailed. Overall, Suva's website demonstrates high professionalism, trustworthiness, and compliance, supporting its role as a major government-related insurance provider.

The Swiss Paraplegic Group is a well-established non-profit organization based in Switzerland, dedicated to supporting individuals with spinal cord injuries through a comprehensive network of services including rehabilitation, advocacy, and education. The website reflects a professional and trustworthy presence with clear communication of their mission and services. Technically, the site is built on modern frameworks such as Gatsby and React, leveraging reputable third-party services for analytics and consent management, ensuring a fast and accessible user experience. Security posture is strong with HTTPS enforcement, appropriate security headers, and no detected vulnerabilities, although a formal security policy and incident response information could enhance trust further. Privacy compliance is robust, with a detailed cookie policy and consent mechanism aligned with GDPR requirements. Overall, the site demonstrates high business credibility and technical maturity, suitable for its healthcare and non-profit sector audience.

W

WOLF-POWER GMBH

wolf-power.ch

54

Wolf-Power GmbH operates a professional automotive tuning e-commerce and service website based in Switzerland, offering a wide range of tuning software, hardware, and related services with over 50 years of experience. The company targets car enthusiasts and vehicle owners seeking performance enhancements and motorsport support. The website is built on the Shopware platform and integrates multiple modern marketing and analytics technologies, including Google Analytics, TikTok Pixel, Facebook Pixel, and Sendinblue marketing tools. Security posture is solid with HTTPS and reCAPTCHA v3, but lacks explicit privacy and cookie policies, which are compliance gaps. No contact emails or phone numbers are explicitly provided on the site, limiting direct communication channels. Overall, the website is professional, well-structured, and trustworthy, but could improve privacy compliance and transparency.

K

KIZ | Kommunikations- und Innovations-Zentrum

kiz.de

50

KIZ | Kommunikations- und Innovations-Zentrum is a well-established German company specializing in career coaching, business consulting, and support for self-employment. With over 28 years of experience, it offers services such as job and career coaching, startup and business coaching, and digital projects including online programs. The website is professionally designed, content-rich, and targets individuals seeking professional development and entrepreneurial support primarily in Germany. Technically, the site is built on TYPO3 CMS, uses modern JavaScript libraries, and integrates consent management and analytics tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers and explicit policies could be improved. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and credible with no signs of suspicious activity or content safety concerns.

W

WOA

woa.de

50

WOA is a German advertising agency specializing in integrated communication services including web design, events, PR, and classical advertising. The company targets businesses seeking comprehensive marketing and communication solutions primarily in the German regions of Wiesbaden, Frankfurt, Hamburg, and central Hesse. Their website reflects a professional and consistent brand image with a clear presentation of services and client references. Technically, the website is built on Joomla CMS with Yootheme templates and uses modern web technologies such as UIkit, Google Tag Manager, and HubSpot integrations. The site is mobile optimized and includes standard SEO and accessibility features, though some accessibility aspects could be improved. Performance is moderate with no critical technical issues detected. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms compliant with GDPR. However, explicit security headers are missing, and no dedicated security or incident response policies are published. The site uses multiple third-party marketing and analytics tools, which are managed with user consent. No vulnerabilities or suspicious domains were detected. Overall, WOA presents a trustworthy and professional online presence with good privacy compliance and a solid technical foundation. Strategic improvements in security headers and incident response transparency would enhance their security posture further.

H

Hochschulen Fresenius GmbH

hs-fresenius.de

71

Hochschulen Fresenius GmbH is a large, well-established private higher education institution in Germany, founded in 1848. It offers a broad range of Bachelor and Master degree programs across multiple disciplines including Chemistry, Biology, Business, Media, Health, Social Sciences, and Fashion & Design. The university serves over 17,000 students with flexible study options including full-time, part-time, on-campus, and online formats. The website reflects a professional and modern digital presence, leveraging WordPress CMS, SEO best practices, and cookie consent management via Usercentrics. Hosting is provided by Adacor, with consistent DNS and SSL configurations ensuring secure access. However, explicit privacy and security policies are not readily visible, and security headers are not detected, indicating room for improvement in security posture. Overall, the website is trustworthy, well-branded, and compliant with basic GDPR cookie consent requirements.

V

Verband der Metall- und Elektro-Unternehmen Hessen (HESSENMETALL)

hessenmetall.de

51

HESSENMETALL is a prominent industry association representing employers in the metal, electrical, and IT sectors in Hessen, Germany. The organization provides comprehensive services including labor relations, legal advice, workforce development, digital transformation support, and innovation facilitation. It holds a strong market position as a leading regional network for over 200,000 employment relationships in the region's M+E industry. The website reflects a professional and well-structured digital presence with member portals and extensive content tailored to its audience of employers and industry stakeholders. Technically, the site is built on the Contao CMS platform, utilizing modern JavaScript libraries such as jQuery and Swiper.js, and integrates analytics tools like Matomo and Google Tag Manager. Accessibility features are enhanced by the inclusion of eyeAble tools. The site is mobile-optimized and demonstrates good SEO practices with proper metadata and structured navigation. From a security perspective, the website enforces HTTPS and employs secure login forms with CSRF tokens. While explicit security headers are not fully visible in the HTML, the overall SSL configuration is good. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place, aligning with GDPR requirements. Overall, the website presents a low-risk profile with a high degree of professionalism and trustworthiness. Strategic recommendations include enhancing security headers, increasing transparency around incident response contacts, and maintaining up-to-date CMS and third-party components to mitigate potential vulnerabilities.