Security Directory

U

Upstatement

upstatement.com

71

Upstatement is a strategic digital studio founded in 2008, specializing in building digital products, large-scale platforms, editorial products, and brand design with a strong editorial mindset. The company serves established brands, historic institutions, visionary leaders, and mission-focused startups, boasting a notable client portfolio including Nike, Vogue, Microsoft, PBS News, MIT, and ESPN. Their market position is that of a reputable and experienced digital design and development partner with a focus on quality and storytelling. Technically, the website is built on Craft CMS, hosted by DreamHost, and employs modern web technologies including Google Analytics, Google Tag Manager, HubSpot Analytics, and Google reCAPTCHA Enterprise for form security. The site is well-optimized for performance, mobile responsiveness, accessibility, and SEO, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, uses reCAPTCHA Enterprise to protect forms, and has domain transfer protections in place. However, DNSSEC is not enabled, and explicit security headers are not detected, indicating room for improvement. Privacy and cookie policies are present and GDPR compliant, but no explicit security policy or incident response information is published. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enabling DNSSEC, adding security headers, publishing a security policy, and establishing a vulnerability disclosure process to further enhance trust and security posture.

E

Ethan Marcotte

ethanmarcotte.com

59

Ethan Marcotte's website serves as a professional personal brand platform showcasing his expertise as a web designer, writer, and speaker. The site highlights his pioneering role in responsive web design, his published books, speaking engagements, and thought leadership in technology and labor issues. The business model centers on content creation, consulting, and public speaking, targeting digital professionals and tech labor advocates. Technically, the site is built using the Eleventy static site generator, hosted on DigitalOcean, and optimized for performance, accessibility, and mobile devices. Security posture is solid with HTTPS enabled and no exposed sensitive data, though improvements are recommended in DNSSEC, security headers, and published security policies. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the site is trustworthy, professional, and well-maintained, with minor gaps in compliance and security best practices.

L

Left Logic Ltd.

leftlogic.com

62

Left Logic Ltd. is a UK-based small technology company specializing in JavaScript development. The company maintains notable projects such as JS Bin, ffconf (a leading UK JavaScript conference), and nodemon, a popular Node.js utility. Their business model combines open source project maintenance, conference organization, and bespoke JavaScript development services targeting front-end and server-side developers. The website reflects a consistent brand and professional presence with clear navigation and relevant content for their target audience of JavaScript developers and tech professionals. Technically, the website is built using modern JavaScript frameworks, specifically Next.js and Webpack, hosted behind Cloudflare DNS and CDN services. The site demonstrates moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. No CMS is detected, indicating a custom or framework-based build. The absence of analytics or tracking scripts suggests a privacy-conscious approach or minimal data collection. From a security perspective, the site uses HTTPS with a valid certificate and has a domain status of OK. However, it lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options, which could enhance protection. No explicit security policies or incident response contacts are published, and no cookie consent mechanism is present, indicating partial GDPR compliance. The WHOIS data is transparent and consistent with the business history, enhancing trust. Overall, the website presents a trustworthy and professional image with solid business credibility and technical implementation. Security posture is adequate but could be improved with additional headers and policies. Privacy compliance is basic and should be enhanced to meet GDPR standards fully. Strategic recommendations include enabling DNSSEC, adding security headers, publishing security and incident response policies, and implementing cookie consent mechanisms.

E

Eleventy

11ty.io

60

Eleventy is an open source static site generator focused on simplicity, performance, and flexibility. It targets developers and technical users who want full control over their static website output without the overhead of client-side JavaScript frameworks. The project is well-established since 2017 and enjoys a strong community and sponsorship ecosystem, including endorsements from reputable organizations such as NASA, Google, and Mozilla. The website provides comprehensive documentation, tutorials, and community resources to support users. Technically, the website leverages modern web technologies including Eleventy v4.0.0, Node.js, JavaScript, Liquid templates, and Markdown. It uses custom web components and ES modules, with assets served via CDNs for performance. The site is fast, mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and avoids telemetry or tracking scripts, enhancing user privacy. However, it lacks explicit security headers, a published security policy, and vulnerability disclosure mechanisms, which are recommended for further strengthening its security posture. No sensitive data exposure or vulnerabilities were detected in the content. Overall, Eleventy’s website demonstrates high professionalism, trustworthiness, and technical maturity with minimal privacy compliance gaps. Strategic improvements in security policies and cookie consent would enhance its compliance and user trust further.

W

Walnut Creek Creative LLC

beinclusive.app

65

Be Inclusive is a specialized SaaS provider offering manual accessibility audit software designed to simplify and streamline the process of defining, tracking, and sharing digital accessibility audits. Positioned as a niche solution between cumbersome spreadsheets and expensive enterprise tools, it targets accessibility professionals, agencies, and freelancers. The company behind the product is Walnut Creek Creative LLC, a small US-based business with a clear focus on accessibility compliance and usability. Technically, the website employs modern web technologies including Vue.js and custom JavaScript, with a strong emphasis on accessibility and responsive design. The site loads quickly and includes SEO best practices and meta tags. Security is well implemented with HTTPS, CSRF tokens, and standard security headers, though no explicit security or incident response policies are published. The security posture is strong with no detected vulnerabilities or exposed sensitive data. Privacy compliance is good with a comprehensive privacy policy and terms of service, but the absence of a visible cookie consent mechanism may pose GDPR compliance risks. The site maintains a professional and trustworthy appearance with customer testimonials and active social media channels. Overall, the website represents a credible, well-executed business with a solid technical foundation and good security hygiene. Strategic improvements around cookie consent and security transparency would further enhance compliance and trust.

C

Online Kasina pro Česke Hrace ᑕ❤️ᑐ Nejlepší Online Casino CZ

casinopointcz.com

56

The website casinopointcz.com is a Czech language online casino review and affiliate platform targeting Czech players interested in online gambling. It provides detailed casino reviews, bonus offers, game guides, and payment method information. The site is professionally designed with good mobile optimization and uses modern analytics tools such as Google Analytics and Microsoft Clarity. However, it lacks visible privacy, cookie, and terms of service policies, as well as direct contact information, which impacts its privacy compliance and business credibility scores. The WHOIS data for the domain is unavailable or the domain is unregistered, which raises concerns about domain legitimacy despite the active and professional website presence. Security posture is generally good with HTTPS enabled but could be improved by adding security headers and formal security policies. Overall, the site serves its niche well but should improve transparency and compliance to enhance trust and security.

The analyzed content corresponds to a Chrome internal error page (chrome-error://chromewebdata/) indicating that the actual website content for the domain 'chromewebdata' is inaccessible or blocked. No business-related content, metadata, or contact information is present, making it impossible to assess the company's market position, services, or technical infrastructure. The page appears to be a default browser error page rather than a functional website. From a technical perspective, the page includes embedded JavaScript and CSS related to the Chrome offline dinosaur game, but no external resources, analytics, or security headers are detected. The security posture is minimal due to lack of HTTPS and security policies. Privacy compliance and business credibility cannot be evaluated due to absence of relevant content. Overall, the website is non-functional or blocked, resulting in a low AI score and no actionable business or security insights. For accurate analysis, access to the actual website content is required.

K

Klinika Cellthera

cellthera.org

45

Klinika Cellthera is a specialized healthcare provider focused on regenerative medicine and anti-aging treatments based in Brno, Czech Republic. The clinic offers a broad range of advanced medical services including immunology, oncology supportive care, orthopedics, stem cell therapies, and innovative diagnostic and therapeutic procedures. Their market position is that of a niche provider with over 25 years of experience in the field, targeting patients seeking alternative and comprehensive healing approaches. The website is professionally designed, content-rich, and compliant with GDPR regulations, reflecting a mature digital presence.

A

Armáda České republiky

doarmady.cz

58

The website doarmady.mo.gov.cz serves as the official recruitment and informational portal for the Army of the Czech Republic. It provides comprehensive information about military careers, recruitment opportunities, news, and preparation guidance for prospective soldiers. The site is clearly targeted at Czech citizens interested in joining the military and is branded consistently with official government imagery and messaging. Technically, the site is built using modern web technologies such as Next.js and React, ensuring a responsive and user-friendly experience. However, some areas such as explicit privacy and cookie policies, security headers, and contact information are lacking or not clearly presented, which could be improved to enhance trust and compliance. The security posture is generally good with HTTPS enforced, but additional security best practices should be implemented. Overall, the site is professional, trustworthy, and serves its government function effectively.

P

Printerka J&R s.r.o.

printerka.sk

42

Printerka J&R s.r.o. operates a specialized event service business in Slovakia, providing photobooth and instant photo printing solutions for corporate events, weddings, parties, and festivals. The company positions itself as a regional leader with over a decade of experience and a professional online presence. Their website is well-structured, visually appealing, and targets event organizers and agencies seeking photo printing services. Technically, the site uses standard web technologies including jQuery, Google Analytics, and Facebook Pixel, but relies on an outdated jQuery version which may pose security risks. The site is HTTPS enabled and uses asynchronous loading for analytics, contributing to moderate performance and good mobile optimization. Security posture is adequate but could be improved by adding security headers and updating libraries. Privacy compliance is weak due to the absence of privacy and cookie policies and no visible consent mechanisms. Contact information is limited to contact forms without direct emails or phone numbers, which may impact user trust. Overall, the site is professional and trustworthy but would benefit from enhanced privacy and security practices.

Vojenské lesy a statky ČR, s.p. is a Czech state-owned enterprise with a long tradition exceeding 80 years, specializing in the management of military forests and related activities. The organization offers a variety of services including forest management, sale of firewood and surplus assets, recreational accommodations, and high-quality game meat sales. The website targets the general public, business partners, and government entities, positioning itself as a key player in forestry and land management within the Czech Republic. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with embedded multimedia content such as YouTube videos. It integrates Google Analytics and Google Tag Manager for tracking and marketing purposes. The site is mobile-optimized with good navigation and SEO practices, although accessibility features are basic. No CMS or hosting provider details were identified. From a security perspective, the site uses HTTPS and does not expose sensitive data or vulnerable libraries. However, it lacks visible security headers, explicit cookie consent mechanisms, and published security policies or incident response contacts. The absence of WHOIS data reduces domain trust slightly but the overall digital footprint and content quality support legitimacy. Overall, the website is professional, content-rich, and trustworthy with moderate technical and security maturity. Strategic improvements in security headers, privacy compliance, and incident response transparency would enhance its posture and user trust.

S

spddm.org

spddm.org

66

spddm.org is a recently established WordPress-based blog focused on automobile news, vehicle launches, and reviews. The site targets automobile enthusiasts and general readers interested in transportation news. It uses a modern WordPress theme (GeneratePress) and SEO plugin (Rank Math) to optimize content visibility. The technical infrastructure includes Google Analytics for tracking and LaraPush for push notifications, hosted on GoDaddy. Security posture is basic with HTTPS enabled but lacks DNSSEC and security headers. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism. Business credibility is moderate given the new domain and limited contact information. Overall, the site is functional and content-rich but could improve security and privacy practices.

H

Harmonie Mutuelle

harmonie-et-moi.fr

58

Harmonie & Moi is a client portal website for Harmonie Mutuelle, a French mutual insurance company specializing in healthcare insurance services. The website provides access to client accounts and online services, targeting existing customers of Harmonie Mutuelle. The domain is well-established since 2018 and is actively maintained with consistent WHOIS registration data. The website uses modern JavaScript frameworks, likely Angular, and employs Dynatrace for performance monitoring. However, the landing page content is minimal, possibly due to an error or loading state, and lacks visible privacy, cookie, or terms of service policies. No contact information or security policies are presented, which limits transparency and user trust. Security posture is moderate with HTTPS enforced and domain transfer protections, but missing security headers and incident response details reduce overall security maturity. The website is safe for general audiences with no adult or explicit content detected.

P

Pintura Labs

edit.video

63

Edit.video is a free online video editor demo website powered by Pintura Labs, a technology company specializing in image and video editing tools. The site offers a privacy-focused, no-ads, no-tracking, no-account-required video editing experience directly in the browser. It targets general users seeking quick and private video editing without watermarks or intrusive elements. The business model is supported indirectly by companies purchasing Pintura licenses, enabling this demo to remain free and open. Technically, the website is well implemented using modern web technologies including JavaScript, HTML5, CSS3, and the Pintura video editor framework. It supports mobile and desktop platforms with good performance and basic accessibility features. The site uses HTTPS exclusively and employs privacy-first analytics, avoiding cookies and tracking scripts. However, explicit security headers and formal security policies are not published. From a security perspective, the site demonstrates strong privacy practices by not collecting personal data or requiring accounts. The absence of security headers and incident response information is a minor gap. No vulnerabilities or suspicious elements were detected. The domain WHOIS data is privacy protected, which is typical for small tech demos, and no suspicious registration patterns were found. Overall, the website is trustworthy, professionally designed, and well suited for its purpose as a demo tool. Strategic recommendations include adding security headers, publishing a security policy and incident response contacts, and clarifying cookie usage to further enhance trust and compliance.

D

Duckyard BV

edit.photo

63

Edit.photo is a free online photo editing web application operated by Duckyard BV, a Netherlands-based company founded in 2017. The website offers a fast, privacy-focused photo editor with no ads, popups, cookies, or account requirements, targeting general users seeking simple image manipulation in-browser. The service is powered by Pintura Labs, a commercial product provider, which finances the free offering indirectly. The website is well-structured with clear navigation, privacy, and terms pages, and uses modern web technologies including service workers and Cloudflare DNS for hosting and performance optimization. Security posture is strong with HTTPS enforced, no tracking cookies, and minimal data collection, although some security headers could be improved. WHOIS data is consistent with the business claims, showing a legitimate and transparent registration. Overall, the site demonstrates a good balance of usability, privacy, and security for its niche.

C

CropGuide B.V.

crop.guide

59

CropGuide B.V. operates a specialized SaaS platform providing image cropping and editing tools that integrate seamlessly with popular NoCode platforms and JavaScript libraries. The service targets website owners and developers seeking to improve user-uploaded photo quality by enabling client-side cropping, resizing, and orientation correction. The website is professionally designed, mobile-optimized, and offers clear navigation with demos and detailed documentation, positioning CropGuide as a niche but trusted player in the image editing technology market. Technically, the website employs modern web technologies including JavaScript, CSS3, and HTML5, with integrations for Crisp chat and Simple Analytics for user engagement and minimal tracking. The platform emphasizes privacy by performing all image processing client-side, ensuring no image data is transmitted to CropGuide servers. Performance is fast, and the site is accessible across modern browsers and devices. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a published security policy or incident response plan. No vulnerability disclosure or security.txt file is present, and cookie consent mechanisms are absent, which may impact compliance. The WHOIS data is unavailable due to TLD restrictions, but the website's professional presentation and trust signals mitigate concerns about legitimacy. Overall, CropGuide demonstrates a strong business and technical foundation with room for improvement in formal security policies and privacy compliance mechanisms. Strategic enhancements in these areas would further strengthen trust and regulatory adherence.

A

AŽD Praha s.r.o.

azd.cz

54

AŽD Praha s.r.o. is a leading Czech company specializing in the manufacturing and supply of security and control systems for transportation, focusing primarily on railway and road transport sectors. The company offers a broad range of products and services including telecommunications, automation technologies, system integration, and training. Their market position is strong within the Czech Republic and they maintain a professional online presence with comprehensive information about their offerings and corporate policies. Technically, the website employs modern web technologies such as Vue.js for chatbot functionality, Google reCAPTCHA for form security, and LinkedIn Insight for analytics, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. The absence of WHOIS data reduces transparency but does not detract significantly from the overall legitimacy given the professional content and compliance indicators. Overall, the website reflects a well-established business with a focus on transportation technology and security solutions.

P

PONATURE s.r.o.

kilpisport.com

66

KilpiSport.com is a medium-sized retail and e-commerce business specializing in outdoor clothing, footwear, and accessories. The company operates both online and through nine physical stores in the Czech Republic, targeting outdoor enthusiasts and lifestyle customers. Their product range includes gear for hiking, running, cycling, and casual wear, emphasizing quality and performance materials. The website is professionally designed with clear navigation and a consistent brand presence, supported by a loyalty program and informative blog content. Technically, the site uses modern JavaScript frameworks, Google Tag Manager, and CDN hosting to deliver a responsive and moderately performant user experience. Security posture is good with HTTPS enforced and standard tracking scripts, though some security headers could be improved. Privacy and cookie policies are present with consent mechanisms, indicating GDPR compliance. However, the domain WHOIS data is missing, which slightly reduces trustworthiness but does not detract from the overall legitimacy of the business.

A

ALPA, a.s.

alpa.cz

49

ALPA, a.s. is a Czech company specializing in natural cosmetic products with a heritage spanning over 100 years. Their product portfolio includes massage products, embrocations, preparations for athletes, children's cosmetics, and other personal care items. The company targets general consumers, families, and athletes seeking traditional and natural health and cosmetic solutions. The website reflects a well-established brand with consistent messaging and a good level of professionalism. Technically, the website is built on the xartCMS platform, utilizing JavaScript libraries such as MooTools and jQuery for interactive features. Google Tag Manager is implemented for analytics and marketing purposes. The site is mobile-optimized with good SEO practices, though some accessibility features could be improved. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and includes a GDPR-compliant cookie consent mechanism. However, it lacks important security headers and does not provide visible incident response or vulnerability disclosure information. The absence of WHOIS data reduces transparency but does not necessarily indicate malicious intent given the brand's established presence. Overall, the website presents a trustworthy and professional front for ALPA, a.s., with minor technical and security improvements recommended to enhance compliance and user trust.

P

PeckaDesign

peckadesign.cz

57

PeckaDesign is a well-established Czech company specializing in custom e-commerce solutions for large market players, boasting 25 years of experience. Their services encompass bespoke e-shop development, omnichannel strategies, UX research, frontend coding, mobile applications, and consulting. The company targets leading e-commerce businesses in the Czech and Slovak markets, positioning itself as a trusted partner with a strong portfolio of references and awards. Technically, the website employs modern JavaScript technologies, including New Relic for performance monitoring and Google Tag Manager for analytics, reflecting a mature digital infrastructure. The site is mobile-optimized, accessible, and professionally designed, providing a positive user experience. Security-wise, the site uses HTTPS and cookie consent mechanisms but lacks explicit security headers and published privacy or terms policies, which are areas for improvement. The absence of WHOIS data for the domain raises concerns about domain registration transparency, although the website content and branding are professional and trustworthy. Overall, the site demonstrates solid business credibility and technical implementation but would benefit from enhanced security and compliance documentation.

R

Rat für Formgebung – German Design Council

german-brand-award.com

58

The German Brand Award website represents a well-established branding award platform operated by the Rat für Formgebung – German Design Council. It targets marketing professionals and companies seeking recognition for brand excellence. The site offers comprehensive information about the award, jury, events, and participation benefits, positioning itself as a reputable and professional entity in the branding and marketing sector. The business model revolves around organizing award competitions, hosting award shows, and facilitating networking events to promote brand success. Technically, the website is built on the TYPO3 CMS platform, leveraging modern JavaScript libraries such as Swiper.js and integrating analytics and marketing tools including Google Tag Manager, Google Analytics, Hotjar, and Criteo. The site is mobile-optimized, accessible, and SEO-friendly, with a professional design and clear navigation. Hosting appears to be supported by Cloudflare as a CDN, enhancing performance and security. From a security perspective, the website enforces HTTPS and employs a cookie consent mechanism compliant with GDPR. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly implemented, and no dedicated security policy or incident response contact information is provided. The absence of WHOIS registration data for the domain is a notable concern, potentially indicating privacy protection or registration issues, which slightly reduces the overall trustworthiness. Overall, the website demonstrates a strong digital presence and business credibility, with room for improvement in security transparency and domain registration clarity. Strategic recommendations include implementing explicit security headers, publishing a security policy, and verifying domain registration details to enhance trust and compliance.

R

Ranxplorer

kifdom.com

52

KifDom is a French niche marketplace specializing in the acquisition and resale of expired .fr domain names, targeting SEO professionals and domain investors. The website is professionally designed, mobile-optimized, and provides clear navigation with comprehensive domain listings, auctions, and immediate purchase options. The business is operated by Ranxplorer, a company accredited by AFNIC since 2014, indicating a stable market presence. Technically, the site uses modern frontend technologies including Bootstrap, Tailwind CSS, and Google Tag Manager, with HTTPS enforced for secure communications. Security measures include CSRF protection and session management, though some standard security headers are not explicitly detected. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy in French, consistent with GDPR requirements. Contact is primarily via a web form, with no direct emails or phone numbers publicly listed. WHOIS data for the domain is unavailable or shows no match, which raises minor concerns about domain registration transparency but does not detract significantly from the site's legitimacy. Overall, KifDom presents a trustworthy and functional platform for expired domain transactions in the French market.

The analyzed content corresponds to an internal Chrome browser error page (chrome-error://chromewebdata/) that appears when a webpage fails to load or is inaccessible. This page includes the offline dinosaur game and related scripts but contains no actual website content, business information, or external links. Consequently, no privacy, cookie, or terms of service policies are present, and no contact or security policies are available. The technical infrastructure is limited to Chromium's internal JavaScript and canvas-based game implementation. Security posture cannot be fully assessed due to the nature of the content, but no obvious vulnerabilities or sensitive data exposure are detected. Overall, this is not a public-facing website but an internal browser error page, and thus the risk assessment is minimal with no business credibility or privacy compliance to evaluate.

C

Cluster Industrial

clusterindustrial.com.mx

25

Cluster Industrial is a Mexican-based digital platform focused on providing leading information and specialized content for the mobility and industrial sectors. The company positions itself as a key player in transforming the industrial landscape in Mexico through its digital platform, strategic events, and expert content. The website reflects a professional and consistent brand image targeting industry professionals and stakeholders in Mexico. Technically, the site is built on the Ghost CMS platform, leveraging modern web technologies and analytics tools such as Google Analytics and Microsoft Clarity, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement and appropriate security headers, although the absence of visible privacy and cookie policies indicates room for compliance improvement. Overall, the site is trustworthy and well-structured but would benefit from enhanced privacy and legal disclosures to improve user trust and regulatory compliance.

D

Deutsche Messe AG

ligna.de

66

LIGNA is a globally recognized trade fair organized by Deutsche Messe AG, focusing on tools, machines, and plants for woodworking and wood processing industries. The website serves as a comprehensive platform for exhibitors, visitors, and press, providing event information, exhibitor details, news, and multimedia content. The site is well-branded, professionally designed, and targets industry professionals and stakeholders primarily in Germany but with international reach. Technically, the website employs modern JavaScript frameworks like Vue.js, integrates a consent management platform (Usercentrics), and uses Google Tag Manager for analytics and tracking. Hosting is managed via managed IP name servers, ensuring reliable delivery. Security posture is strong with HTTPS enforced and CSRF tokens present, though some security headers are missing and no explicit security policy or incident response contacts are published. Privacy compliance is robust with clear privacy and cookie policies and active consent mechanisms. Overall, the website is trustworthy, professional, and secure, with no signs of adult or questionable content.

The European Space Agency (ESA) is a well-established intergovernmental organization dedicated to space exploration, science, and technology development in Europe. The website www.esa.int serves as the official portal providing comprehensive information about ESA's missions, news, educational resources, and multimedia content. It targets a broad audience including the general public, researchers, students, and media professionals. The site demonstrates a high level of professionalism, with consistent branding and rich, relevant content that is regularly updated. Technically, the website employs modern web technologies including jQuery, FontAwesome, and Matomo analytics for user tracking. It uses HTTPS with strong SSL configuration and includes cookie consent mechanisms, indicating good privacy practices. The site is mobile-optimized and performs well with fast loading times and clear navigation. From a security perspective, the site follows best practices such as HTTPS enforcement and cookie consent but lacks explicit published security policies, incident response information, or vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. The domain WHOIS data confirms the legitimacy and long-standing presence of ESA, enhancing trustworthiness. Overall, the website is a reliable and authoritative source for space-related information from ESA, with strong business credibility and good technical and privacy compliance. Strategic improvements could include publishing detailed security policies and incident response contacts to further enhance transparency and trust.

C

Central European Institute of Technology

ceitec.cz

10

The Central European Institute of Technology (CEITEC) is a multidisciplinary research and education consortium based in Brno, Czech Republic, comprising six partner universities and research institutions. It focuses on advancing scientific knowledge in life and material sciences, providing access to cutting-edge core facilities, and fostering industry cooperation. The website reflects a professional and well-structured digital presence targeting scientists, students, and industrial partners. Technically, the site employs modern JavaScript libraries, Google Tag Manager, Microsoft Clarity, and Facebook SDK, hosted likely on DigitalOcean infrastructure. Security posture is solid with HTTPS and form protection via reCAPTCHA, though it lacks explicit security headers and published privacy or cookie policies. The WHOIS data is unavailable due to EURid privacy restrictions, but the domain and website content indicate legitimacy and alignment with the claimed academic mission. Overall, the site is trustworthy, well-maintained, and suitable for its audience.

I

IOCB Tech s.r.o.

iocbtech.cz

44

IOCB Tech s.r.o. is a Czech-based technology transfer company specializing in transforming scientific research from the Institute of Organic Chemistry and Biochemistry (IOCB) into commercially viable products, primarily in the healthcare and pharmaceutical sectors. The company has a strong market position supported by partnerships with major pharmaceutical firms such as Gilead Sciences, Merck, and Novo Nordisk. Their business model focuses on licensing, intellectual property management, and project development to bring innovations to market. The website reflects a professional and credible presence with clear descriptions of their services and success stories. Technically, the website employs modern frontend technologies including Bootstrap and jQuery, with responsive design and moderate performance. The site is hosted likely via the registrar Active24, with no CMS detected, indicating a custom-built platform. SEO and accessibility are adequately addressed, though some improvements could be made. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers, privacy and cookie policies, and a vulnerability disclosure mechanism. Google Analytics is used without an explicit cookie consent banner, indicating partial privacy compliance. No forms or input fields are present on the main pages, reducing attack surface but also limiting user interaction. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices to align with GDPR and modern security standards. Strategic improvements in these areas would strengthen user trust and regulatory adherence.

Q

qiwio.io

qiwio.io

55

The website ww25.qiwio.io is a domain parking page primarily serving advertising content with minimal actual business information or user engagement features. The site lacks meaningful content, contact details, or clear business identity, indicating it is likely used for domain monetization rather than active commercial operations. The technical infrastructure relies on basic HTML, CSS, and JavaScript with Google Adsense and Bodis advertising networks integrated. Security posture is weak with no advanced headers or privacy mechanisms, and WHOIS data is unavailable, reducing trustworthiness. Overall, the site presents a low-risk profile but offers limited value or credibility as a business entity.

A

AJ Produkter

ajprodukter.se

61

AJ Produkter is a leading Swedish company specializing in office, warehouse, and workshop furniture and workplace equipment. The company operates a professional e-commerce platform complemented by a catalog sales model, targeting business customers seeking quality workplace furnishings with fast delivery and extended warranties. The website demonstrates a mature digital infrastructure utilizing modern JavaScript frameworks, comprehensive analytics, and marketing tools, ensuring a rich user experience and effective customer engagement. Security posture is strong with HTTPS, Content-Security-Policy headers, and cookie consent mechanisms in place, although explicit privacy and terms policies are not found in the provided content. WHOIS data is missing, which raises concerns about domain registration transparency but does not detract from the professional presentation and contact availability on the site. Overall, AJ Produkter presents a credible and well-established business with room for improvement in compliance documentation and domain registration transparency.

C

COFFEEXP

bcncoffeeguide.com

62

BCNCOFFEEGUIDE is a niche online specialty coffee guide focused primarily on Barcelona, Europe, and global specialty coffee spots. The website offers a comprehensive directory of coffee shops, event listings, B2B coffee offers, and related services such as coffee jobs and gear sales. It targets coffee enthusiasts, tourists, and local consumers interested in specialty coffee experiences. The business operates on a small scale with a focused market position in the hospitality sector. Technically, the website is built on WordPress using the Citadela theme and plugins, integrating Google Maps for location services and Google Analytics for traffic monitoring. The hosting provider is Bluehost Inc., and the site uses HTTPS with a good SSL configuration. Security posture is moderate with room for improvement in security headers and DNSSEC implementation. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Overall, the website is professional, well-branded, and trustworthy, with safe content suitable for general audiences.

J

JapaneseUp

japaneseup.com

48

JapaneseUp is a niche educational website dedicated to helping users learn the Japanese language through free games and resources focused on Hiragana, Katakana, and Kanji alphabets. The site targets language learners, especially beginners, offering interactive tools and phrase resources to facilitate learning without the need for in-person tutors. The business model appears to be primarily content-driven with potential paid coaching services. Technically, the website is built on WordPress with common plugins for analytics and marketing, including Google Analytics and Facebook Pixel. The site is moderately optimized for performance and mobile use, with a consistent and professional design. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, and does not provide explicit security or incident response policies. Privacy compliance is partial, with privacy and terms pages present but no cookie consent mechanism. Overall, the domain registration is consistent with the business age and content, indicating legitimacy. The website is safe for general audiences with no adult or questionable content detected.

O

Oil & Gas Magazine

energymagazine.mx

60

Oil & Gas Magazine is a well-established Mexican media company specializing in news and information related to the energy and industrial sectors. Founded in 2014, it serves as a key information source for professionals and stakeholders in Mexico and Latin America, offering news articles, interviews, videos, podcasts, and webinars. The website demonstrates a professional design and consistent branding, with a clear focus on energy industry content. Technically, the site is built on WordPress with common plugins and integrates Google Analytics for user tracking. It is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is solid with HTTPS enabled and no exposed sensitive data, but lacks security headers and formal privacy and cookie policies, indicating compliance gaps. The WHOIS data confirms legitimacy and consistency with the business claims. Overall, the site is credible and trustworthy but would benefit from enhanced privacy compliance and security best practices.

E

El Gran Bajío Network

elgranbajionetwork.com

60

El Gran Bajío Network is a business networking platform focused on connecting entrepreneurs, governments, and key organizations primarily in Mexico and internationally. The website is built on the Wix platform, indicating a moderate level of digital maturity with standard web technologies and polyfills to support modern browsers. The site presents a professional design and clear business-oriented content but lacks critical compliance and security features such as privacy policies, cookie consent, and security headers. The absence of WHOIS registration data for the domain raises concerns about the legitimacy and trustworthiness of the domain ownership, despite the active and accessible website. Overall, the security posture is moderate but requires improvements in policy disclosures and technical security configurations to enhance trust and compliance.

I

Italian German Exhibition Company Mexico

igeco.mx

47

IGECO Mexico is a medium-sized event organization company specializing in industrial transformation, environmental technology, and energy sector trade fairs primarily in Mexico and Latin America. The company organizes key events such as Industrial Transformation Mexico, Americas’ Mobility of the Future, and RE+ Mexico, positioning itself as a leading promoter of industrial and environmental innovation events with strong international partnerships. The website reflects a professional and consistent brand image with good content quality and clear navigation, targeting industrial and energy sector professionals. Technically, the website is built using the Astro framework, leveraging modern web technologies with good performance and mobile optimization. The site is well-structured with valid HTML and CSS, though it lacks some advanced accessibility features. Security posture is strong with HTTPS enforced and standard security headers present, and no visible vulnerabilities or exposed sensitive data were detected. However, the site lacks a cookie policy and consent mechanism, terms of service, and published security or incident response policies, which are important for compliance and trust. Contact information is limited to an email and physical address, with no phone numbers or social media links explicitly provided. WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security transparency to improve user trust and regulatory adherence.

L

Lu'nivers Production

luniversproduction.com

56

Lu'nivers Production is a small photography and video service provider specializing in ceremonies, corporate events, and sports events. The website is professionally designed using the Wix platform, offering a good user experience and clear navigation. However, the technical infrastructure is basic, relying on Wix's standard technologies without advanced customizations. Security posture is moderate but lacks important security headers and documented policies. The absence of WHOIS data raises concerns about domain legitimacy and trustworthiness. Privacy and cookie policies are missing, which impacts compliance with GDPR and other regulations. Overall, the website serves its business purpose but requires improvements in security, privacy, and legitimacy transparency to enhance trust and compliance.

D

DRILL IT

drill-it.com

60

DRILL IT is a newly launched online education platform specializing in Brazilian Jiu-Jitsu training, offering video modules and courses for all skill levels. The platform targets individuals interested in learning martial arts online, primarily French-speaking users. The business operates on a small scale with a niche focus in the education sector. Technically, the website is built on the Bubble.io platform, integrating Stripe for payment processing and using modern JavaScript libraries such as Howler.js. The site demonstrates basic mobile optimization and SEO practices but lacks advanced accessibility features. Security posture is moderate with HTTPS enabled and domain status protections, but lacks DNSSEC and security headers, which are recommended for improvement. Privacy and compliance policies are absent, representing a significant gap in GDPR adherence and user trust. No contact information or incident response channels are provided, limiting transparency and user support. Overall, the website is functional and relevant but requires enhancements in security, privacy compliance, and business credibility to improve trust and regulatory adherence.

M

moskova-europe

moskova-europe.com

63

Moskova Europe operates as a niche e-commerce retailer specializing in surf and action sports apparel, targeting European surfers and enthusiasts. The company offers a range of products including underwear, clothing, Jiu-Jitsu gear, and surf accessories, with a focus on comfort and quality validated by the action sports community. The business leverages Shopify as its e-commerce platform, integrating marketing and analytics tools such as Klaviyo and Yotpo to enhance customer engagement and sales performance. The website is professionally designed, mobile-optimized, and supports multiple languages, primarily French, English, and Spanish.

S

STRAP BJJ

strap-bjj.com

56

Strap BJJ is a small business focused on providing a Brazilian Jiu-Jitsu mobile application available on both iOS and Android platforms. The website serves primarily as a landing page to promote app downloads and partnership opportunities. The business targets BJJ practitioners and enthusiasts, positioning itself in a niche sports app market. The website content is minimal but functional, with basic branding and contact information limited to an email address. Technically, the website is built using modern web technologies including Next.js and React, indicating a contemporary development approach. The site is mobile-optimized and loads with moderate performance, though SEO and accessibility features are basic. There is no detected CMS or hosting provider information. The absence of security headers and lack of HTTPS configuration details suggest room for improvement in security hardening. From a security perspective, the site lacks visible security policies, incident response information, and cookie consent mechanisms. The WHOIS data is missing or unavailable, which raises concerns about domain legitimacy and trustworthiness. No forms or data collection mechanisms are present, reducing immediate data exposure risks. Overall, the security posture is basic with recommendations to implement HTTPS, security headers, and privacy compliance measures. The overall risk is moderate due to the lack of domain registration transparency and minimal security controls. Strategic improvements in domain registration verification, security best practices, and privacy compliance would enhance trust and reduce risk.

I

ICODIA

icodia.com

52

ICODIA is a French technology company specializing in secure, high availability hosting solutions including shared, dedicated, and virtual servers. With over 25 years of experience and ISO 27001 certification, ICODIA positions itself as a reliable regional hosting provider focused on quality service and personalized support. Their offerings include cloud hosting, email services, backup, and IT management, targeting businesses and developers seeking robust infrastructure. Technically, the website is well-structured with moderate performance and basic mobile optimization, hosted on their own datacenter in Brittany, France. Security posture is strong with ISO 27001 certification and domain protections, though DNSSEC is not enabled and some security headers are missing. Privacy compliance is good with a comprehensive privacy policy, but lacks a cookie consent mechanism. Overall, the website is professional, trustworthy, and business-focused with clear contact information and social media presence.

S

SFR

sfr.fr

60

SFR is a major French telecommunications company offering a wide range of services including fiber and ADSL internet, 5G mobile plans, smartphones, TV packages, and home security solutions. The website reflects a mature digital presence with comprehensive product information, customer reviews, and clear navigation tailored to both consumers and business clients. Technically, the site uses modern web technologies including Django, asynchronous JavaScript, and optimized media formats, ensuring good performance and mobile responsiveness. Security posture is solid with HTTPS enforced and no obvious vulnerabilities, though some security headers could be enhanced and a security.txt file added. Privacy compliance is well addressed with clear policies and consent mechanisms. WHOIS data is unavailable due to AFNIC restrictions, which slightly impacts trust but is typical for French domains. Overall, the site is professional, trustworthy, and well-optimized for its market.

R

Ringier Slovakia Communities s. r. o.

pokec.sk

60

Pokec.sk is the largest Slovak online social networking and chat community platform operated by Ringier Slovakia Communities s. r. o., a subsidiary of Ringier Axel Springer Slovakia. The platform serves over 500,000 daily users, offering chat rooms, user profiles, photo sharing, and mobile app access. It targets a broad Slovak and neighboring country audience seeking social interaction and entertainment. Technically, the site leverages modern web technologies including React and Next.js, with integrated analytics and advertising platforms managed under GDPR-compliant consent mechanisms. Security posture is strong with HTTPS and secure login forms, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the website is professionally designed, well-branded, and trustworthy, with safe content suitable for general audiences.

I

Integrity Watch Česká republika

integritywatch.cz

45

Integrity Watch Česká republika is a specialized transparency platform focused on monitoring the financial activities of Czech political parties from 2017 to 2022. It provides detailed visualizations and data tables to promote political transparency and accountability. The platform is affiliated with Transparency International Czech Republic, enhancing its credibility and trustworthiness. Technically, the website uses modern JavaScript libraries such as D3.js and dc.js for interactive data visualization and is hosted on DigitalOcean, indicating a reliable infrastructure. However, the site lacks explicit privacy and cookie policies, and no contact information is provided, which may affect user trust and compliance. Security-wise, the site uses HTTPS but lacks visible security headers and incident response contacts, suggesting room for improvement in security posture. Overall, the website is professional, content-rich, and trustworthy for its target audience but should enhance privacy compliance and security transparency to improve its overall risk profile.

C

ÇA NE TIENT PLUS ! Le 11 octobre, les associations se mobilisent

canetientplus.org

54

The website www.canetientplus.org is a minimal content site built on the Wix platform. It lacks substantive business information, contact details, privacy policies, and security disclosures. The technical infrastructure relies on Wix hosting and standard Wix scripts, including Sentry for error monitoring. The site is accessible without any detected WAF or security challenge, but the absence of WHOIS data and registrant information raises concerns about domain legitimacy. Overall, the website demonstrates poor content quality, limited technical sophistication, and weak security posture, making it unsuitable for trust-dependent business operations.

A

Azimut

azimut.net

61

Azimut is a French technology company specializing in custom digital solutions including interactive kiosks, software platforms, and dynamic digital signage. With over 30 years of experience, they serve a diverse clientele including enterprises, public sector entities, and cultural ticketing points of sale. Their website reflects a mature digital presence with professional design, client testimonials, and certifications that support their market credibility. Technically, the site employs modern web technologies and includes a cookie consent mechanism, indicating awareness of privacy compliance, though explicit privacy and terms policies are not found. Security posture is generally good with HTTPS and tracking tools in place, but lacks some security headers and incident response disclosures. WHOIS data is missing or unavailable, which raises some concerns about domain registration transparency but does not detract from the apparent legitimacy of the business. Overall, Azimut presents as a credible and established digital solutions provider in the French market.

S

Sector s.r.o.

webhry.cz

36

Webhry.cz is an online gaming portal operated by Sector s.r.o., targeting Czech and Slovak audiences with a wide variety of free online games including flash, HTML5, and Unity-based titles. The site offers categorized game listings, user account features, and integrates advertising as its primary revenue model. The technical infrastructure leverages common web technologies such as jQuery, Google Analytics, and Google Adsense, with a consent management platform for cookie compliance. While the site is accessible over HTTPS and includes basic security practices, it uses outdated JavaScript libraries and lacks visible privacy and terms of service pages, which are areas for improvement. The absence of WHOIS data limits domain trust verification, but the presence of company contact information and consistent branding supports legitimacy. Overall, the site provides a good user experience with family-friendly content and moderate technical maturity.

meteoblue AG operates a professional weather forecasting platform offering detailed meteorological data including forecasts, radar, satellite imagery, and weather warnings. The company targets a broad audience from general users to professionals requiring precise weather data. The website demonstrates a mature digital presence with multilingual support, structured data, and integration of modern web technologies such as Google Tag Manager and Google Ads for analytics and advertising. Security posture is good with HTTPS enforced, though explicit security headers could be improved. Privacy compliance is evident with clear privacy and cookie policies and consent mechanisms. However, the absence of WHOIS data for the domain introduces some uncertainty about domain registration transparency. Overall, the site is professional, trustworthy, and technically sound.

D

Destinační agentura České středohoří, o.p.s.

stredohori.cz

48

The website stredohori.cz serves as a comprehensive regional tourism portal for the České středohoří area in the Czech Republic. It provides detailed information about local attractions, events, accommodations, and services, targeting tourists and visitors interested in cultural, outdoor, and recreational activities. The site is operated by Destinační agentura České středohoří, o.p.s., a small regional destination management organization established in 2011. The business model focuses on promoting regional tourism and supporting local service providers through information dissemination and event promotion. From a technical perspective, the website employs modern web technologies including Google Fonts, Google Analytics, and Google Tag Manager, with a responsive design optimized for mobile devices. The site is hosted likely by Wedos, consistent with the domain registrar information. Performance is moderate with good SEO and basic accessibility features. The site uses HTTPS with a valid SSL certificate, ensuring secure communications. Security posture is solid with HTTPS enforced and a cookie consent mechanism that complies with GDPR requirements. However, the site lacks explicit privacy policy and terms of service pages, as well as published security policies or incident response contacts. No security headers were detected in the HTML content, which could be improved to enhance security. No vulnerabilities or exposed sensitive data were found in the analysis. Overall, the website is trustworthy and professional, with a clear focus on regional tourism promotion. Strategic recommendations include publishing comprehensive privacy and security policies, implementing security headers, and providing explicit incident response contacts to improve compliance and security maturity.

B

BurnIT, s.r.o.

dtonline.cz

40

DTonline.cz is a Czech fan portal dedicated to the collectible card game Doom Trooper from the Mutant Chronicles universe. Operated by BurnIT, s.r.o., the site provides a card catalog, tournament announcements and reports, a fan magazine, and a simple game. It targets Czech-speaking fans and players, serving as a community hub rather than a commercial enterprise. The website is modest in scale and content quality is good for its niche audience. Technically, the site uses standard web technologies including jQuery and Google Analytics, but lacks modern CMS or advanced frameworks. Security posture is basic with HTTPS enabled but missing important security headers and privacy compliance elements such as cookie and privacy policies. No social media presence or direct contact emails are provided, limiting user engagement channels. Overall, the site is legitimate and consistent with its stated purpose but would benefit from improved security and privacy practices.

Ú

Újezdní úřad Březina

vojujezd-brezina.cz

47

The website vojujezd-brezina.cz serves as the official online presence for the Military Training Area Březina, a government-operated military district in the Czech Republic. It provides authoritative information regarding the military district's administration, access restrictions, safety protocols, and official announcements. The site targets a broad audience including the general public, visitors, government officials, and military personnel. Its business model is focused on public information dissemination and regulatory communication within a government context. Technically, the website employs a traditional HTML/CSS/JavaScript stack with the vismo CMS platform. It integrates Google Translate for multilingual support and maintains a moderate performance profile with basic mobile optimization and accessibility features. SEO and modern web practices are implemented at a basic level, with room for enhancement. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a formal security or incident response policy. Cookie policies exist but lack active consent mechanisms. No vulnerabilities or malicious content were detected, indicating a generally secure posture appropriate for a government informational site. Overall, the website is trustworthy and professional, though improvements in security headers, privacy compliance mechanisms, and mobile accessibility would enhance its digital maturity and user experience. The domain's WHOIS data confirms legitimacy and long-standing registration consistent with the site's official status.