Security Directory

T

Turistické informační centrum Vyškov

ticvyskov.cz

44

Turistické informační centrum Vyškov is a local government-operated tourist information center serving the city of Vyškov, Czech Republic. The website provides comprehensive information about local attractions, events, cultural and sports activities, and services for tourists. It targets visitors and tourists seeking guidance and information about the region. The business model is public service-oriented, focusing on promoting tourism and local culture. The site maintains a consistent brand presence with official city links and active social media channels.

M

Mutuelle Mare Gaillard

mutuelle-mmg.com

58

Mutuelle Mare Gaillard is a well-established mutual health insurance company based in Guadeloupe, France, with a history dating back to 1933. The company offers a broad range of health insurance products tailored for individuals, families, seniors, and professionals, emphasizing personalized service and regional presence in the Antilles-Guyane area. Their digital presence is modern, leveraging Next.js and React technologies, with a mobile-optimized website and active social media engagement. The website features clear navigation, professional design, and relevant content aligned with their business model. Security posture is solid with HTTPS enforcement and domain protection statuses, though there is room for improvement in publishing explicit security policies and vulnerability disclosure mechanisms. Overall, the website reflects a credible and trustworthy business with good privacy compliance and user experience.

M

Mgen - Espace Public

mgen.fr

64

MGEN is a leading mutual insurance organization in France specializing in health, insurance, and retirement services primarily for public service agents, employees, students, and retirees. The website reflects a mature digital presence with comprehensive service offerings including health insurance, life insurance, savings plans, and various specialized insurance products. The site is well-branded and consistent with the parent company Groupe VYV, indicating a strong market position. Technically, the site uses Drupal CMS with modern frameworks like Bootstrap and integrates privacy and analytics tools such as TagCommander and Piano Analytics. Security posture is good with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not found. WHOIS data is unavailable due to AFNIC policies, but the site’s content and structure strongly support legitimacy. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

H

Harmonie Mutuelle

harmonie-mutuelle.fr

68

Harmonie Mutuelle is a large French mutual insurance company specializing in health insurance, provident schemes, and complementary retirement savings for individuals, entrepreneurs, companies, and the social and solidarity economy (ESS). It is part of the Groupe VYV and positions itself as a collective advancement mutual. The website is professionally designed, well-structured, and targets a broad audience including private individuals, entrepreneurs, public sector employees, and social economy actors. Key services include health mutual insurance, provident plans, and retirement savings products. The company maintains a strong market position in France with a clear brand identity and consistent messaging.

B

Bubble Group, Inc

valorimetre.com

67

Bubble Group, Inc operates Bubble.io, a leading no-code platform that enables users ranging from first-time founders to experienced engineers to build, design, and launch web applications rapidly without coding. The platform supports SaaS, marketplaces, and CRM applications hosted on Bubble's cloud infrastructure. The website content and metadata confirm a strong market position as a pioneer in visual programming and no-code development tools. Technically, the site leverages modern JavaScript libraries, Google Fonts, and animation frameworks, hosted on Cloudflare with robust SSL encryption. The presence of multiple analytics and marketing tools indicates a mature digital marketing strategy. Security posture is solid with HTTPS enforcement and domain transfer protections, though DNSSEC is not enabled. Privacy and cookie policies are comprehensive and GDPR compliant, supporting user trust and regulatory adherence. Overall, the site is professional, well-branded, and trustworthy, with no signs of malicious or adult content.

M

MAIF

maif.fr

67

MAIF is a major French insurance company providing a wide range of insurance products and services for individuals, professionals, associations, and public entities. Their website offers comprehensive information on auto, home, health, life insurance, and financial products, along with online tools for quotes and personal account access. The company maintains a strong market position in France with consistent branding and a professional digital presence. Technically, the site uses modern web technologies including JavaScript frameworks, a CMS (Jahia), and personalization tools like Kameleoon. The website is mobile-optimized, accessible, and SEO-friendly. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers and explicit security policies are not visible. WHOIS data is unavailable, which slightly impacts trust but the overall site quality and branding strongly support legitimacy. No WAF or blocking mechanisms were detected, allowing full content access.

U

Unabridged Software

unabridgedsoftware.com

55

Unabridged Software is a US-based software consultancy specializing in custom software development primarily using Ruby on Rails and JavaScript. The company positions itself as a small but experienced consultancy with nearly a decade of client relationships and expertise across diverse industries. Their key services include blueprint sessions, full stack web development, technical consulting, and engineering management consulting. The website is professionally designed, mobile optimized, and provides clear navigation and contact information, reflecting a mature digital presence. Technically, the website leverages modern technologies including Google Fonts, Google Analytics, and Netlify Identity for authentication, hosted likely on Netlify. The site performs moderately well with good SEO and accessibility basics but lacks advanced security headers and explicit privacy or cookie policies, which are compliance gaps. The use of Google Analytics indicates moderate user tracking without clear privacy disclosures. From a security perspective, the website uses HTTPS and does not expose sensitive data or vulnerable libraries. However, the absence of security headers and lack of incident response or vulnerability disclosure information reduce its security posture. The WHOIS data is missing or unavailable, which is inconsistent with the active website and reduces trustworthiness. Overall, the site is professional and trustworthy but would benefit from improved privacy compliance and security transparency. Strategically, the company should prioritize implementing privacy and cookie policies with consent mechanisms, add security headers, publish incident response contacts, and clarify domain registration details to enhance trust and compliance.

S

Scire Pty Ltd

scire.au

63

Scire Pty Ltd operates a professional Australian journalism website focused on business news and analysis, with its flagship publication Capital Brief targeting founders, executives, investors, and policymakers. The company positions itself as a challenger to the existing media oligopoly in Australia by providing transparent, trustworthy, and practical journalism. The website is well-designed, mobile-optimized, and provides clear navigation and relevant content, although it lacks comprehensive privacy and cookie policies. Technically, the site uses modern web standards and Google Fonts but does not employ advanced security headers or extensive analytics tracking. Security posture is adequate with HTTPS enabled but could be improved with additional headers and policies. WHOIS data is limited due to .au domain privacy restrictions, but the domain appears legitimate based on content and contact information. Overall, the site is a credible media outlet with moderate risk and room for compliance and security enhancements.

P

PQINA

pqina.nl

60

PQINA is a small technology company based in the Netherlands, specializing in designing and building high-performance, responsive web components primarily for image and video editing and file uploading. Their product suite includes JavaScript libraries such as Pintura Image Editor, FilePond uploader, and Flip counter plugin, alongside online services like CropGuide and Edit • Photo/Video editors. The company maintains an active blog with technical articles, indicating ongoing development and engagement with the developer community. The website is professionally designed with excellent content quality and clear navigation, targeting web developers and businesses needing advanced web components and editing tools. Technically, the website employs modern web standards including JavaScript, CSS, and HTML5, with good mobile optimization and accessibility. The site uses HTTPS and includes SEO-friendly meta tags and social media integration. Analytics are handled via Simple Analytics, reflecting a privacy-conscious approach with minimal user tracking. However, some security best practices such as DNSSEC and security headers are not implemented, and there is no cookie consent mechanism, which may impact compliance with privacy regulations. From a security perspective, the site shows a basic but solid posture with no detected vulnerabilities or exposed sensitive data. The WHOIS data confirms a consistent and legitimate domain registration dating back to 2015, aligning with the business maturity. No security policies or incident response contacts are published, which could be improved to enhance trust and readiness. Overall, the site is trustworthy, professional, and technically sound, with room for improvement in privacy compliance and security hardening. The overall risk is low, but strategic recommendations include enabling DNSSEC, adding security headers, implementing cookie consent, publishing security policies, and enhancing GDPR compliance to strengthen the security and privacy posture further.

A

Antithesis Operations LLC

antithesis.com

74

Antithesis Operations LLC operates a sophisticated autonomous software testing platform designed to identify and reproduce bugs in complex distributed systems, with a focus on fintech, blockchain, databases, and cloud infrastructure sectors. The company positions itself as an innovative leader in autonomous testing, providing deterministic simulation testing that enhances software reliability and reduces time-to-resolution for critical bugs. Their website reflects a mature, professional business with strong trust signals including customer testimonials and SOC 2 Type 2 certification. Technically, the website employs modern JavaScript frameworks, analytics tools such as PostHog and HubSpot, and is hosted with Amazon Registrar, indicating a robust digital infrastructure. The site is well-optimized for mobile devices, has good SEO practices, and offers a seamless user experience. However, there is room for improvement in DNS security and cookie consent mechanisms. From a security perspective, the company demonstrates good practices with HTTPS enforcement, domain status protections, and a dedicated security manifesto page. The absence of DNSSEC and explicit security headers, as well as lack of a vulnerability disclosure policy, represent minor gaps. The contact form is well-validated and includes anti-bot measures, enhancing security posture. Overall, Antithesis presents a low-risk profile with a strong business and technical foundation. Strategic improvements in DNS security, privacy compliance, and vulnerability disclosure would further enhance their security maturity and trustworthiness.

E

Ecma International's TC39

tc39.es

55

Ecma International's TC39 is a specialized standards organization focused on the development and maintenance of the JavaScript (ECMAScript) language specification. The website serves as a hub for developers, implementers, and academics to access meeting agendas, proposals, and specification documents. The organization holds a strong market position as the authoritative body for JavaScript standards, with a clear focus on community collaboration and open development. Technically, the website is well-constructed using modern web standards including HTML5, CSS3, and JavaScript, with Google Fonts enhancing typography. The site is mobile-optimized, fast-loading, and accessible, providing a professional user experience. However, there is room for improvement in security headers and explicit privacy and cookie policies. From a security perspective, the site uses HTTPS and does not expose sensitive data or vulnerable libraries. The absence of explicit security headers and vulnerability disclosure mechanisms suggests an opportunity to strengthen the security posture. No signs of blocking or WAF interference were detected, indicating full accessibility. Overall, the website is trustworthy and professional, with strong business credibility linked to Ecma International. The lack of contact information and privacy policies slightly reduces privacy compliance scores but does not significantly impact overall trust. Strategic recommendations include enhancing security headers, publishing clear privacy and cookie policies, and providing contact channels for security incidents.

Getty.edu is the official website for the Getty museums and library located in Los Angeles, providing rich resources for visual art and cultural heritage. The site targets a broad audience including art enthusiasts, researchers, and the general public interested in cultural education. It offers access to museum exhibitions, library resources, and free research tools, positioning itself as a leading non-profit educational institution in the arts sector. The website branding and content quality are excellent, reflecting a mature and professional digital presence. Technically, the site utilizes modern JavaScript frameworks such as Vue.js and Nuxt.js, along with multiple third-party analytics and marketing tools including Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Twitter Universal Website Tag. The site is mobile optimized and performs moderately well, though accessibility features could be enhanced. The SSL configuration is excellent, ensuring secure HTTPS connections. From a security perspective, the site lacks visible security headers and explicit privacy or cookie policies, which are critical for compliance and user trust. No vulnerability disclosure or incident response information is published, and no contact information is readily available in the scanned content. The absence of WHOIS data is unusual for an established .edu domain, raising some transparency concerns, though the overall trustworthiness remains high due to the site's content and institutional nature. Overall, Getty.edu is a high-quality, trustworthy educational resource with strong content and branding but would benefit from improved privacy compliance, security headers, and transparency in domain registration details.

O

Oregon Symphony

orsymphony.org

74

Oregon Symphony is a well-established regional symphony orchestra with a long history dating back to 1896. The organization offers world-class concerts primarily serving the Portland and Salem, Oregon areas. Their website serves as the official source for ticket sales and information about their performances, targeting music enthusiasts and the general public interested in cultural events. The business model is typical of non-profit performing arts organizations, focusing on community engagement and ticketed events. Technically, the website employs modern JavaScript libraries and tracking tools such as Google Tag Manager, Cookiebot for consent management, and Braze for marketing automation. Hosting and DNS are managed via Cloudflare, providing performance and security benefits. The site is mobile-optimized with good SEO practices, though no explicit CMS was detected, suggesting a custom or proprietary platform. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks DNSSEC and security headers, which are recommended for enhanced protection. Cookie consent is implemented, indicating awareness of privacy regulations, but no explicit privacy policy or terms of service were found in the provided content. No vulnerability disclosure or incident response information is published, which could be improved to enhance trust and compliance. Overall, the website is professional, trustworthy, and serves its audience well. Strategic improvements in security headers, DNSSEC, and publishing privacy and security policies would strengthen its security posture and compliance readiness.

T

The Accessibility Project

a11yproject.com

57

The A11Y Project is a well-established community-driven initiative focused on making digital accessibility easier through educational content, resources, and community engagement. The website serves as a hub for accessibility professionals, developers, and designers, offering workshops, checklists, and spotlight features. It operates as a small non-profit entity with a strong reputation in the accessibility space. Technically, the site is built using modern static site generation technology (Eleventy) and hosted on Netlify, ensuring fast performance and excellent mobile optimization. Accessibility is a core focus, reflected in the site's design and content structure. Security posture is good with HTTPS enforced and no exposed sensitive data, though some improvements are recommended such as adding security headers and a cookie consent mechanism. The absence of WHOIS data is unusual but does not detract significantly from the site's trustworthiness given its community presence and transparency. Overall, the site scores well in content quality, technical implementation, and business credibility, making it a reliable resource in its domain.

C

CloudCannon

cloudcannon.com

71

CloudCannon is a New Zealand-based technology company founded in 2009, offering a Git-powered Jamstack CMS platform designed for marketers and developers. The platform enables teams to manage static websites with visual editing capabilities, integrating tightly with Git workflows and supporting multiple static site generators. Positioned as a niche leader in the Jamstack CMS market, CloudCannon targets digital agencies, enterprises, and development teams seeking scalable, secure, and performant website management solutions. The website demonstrates excellent content quality, professional design, and clear navigation, reflecting a mature and trustworthy business. Technically, the site leverages modern JavaScript libraries, Google Analytics, and Cloudflare DNS, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though improvements are recommended in DNSSEC and security headers. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Overall, CloudCannon presents a credible and professional online presence with room to enhance privacy and security transparency.

G

Google

v8.dev

58

The V8.dev website represents Google's V8 JavaScript and WebAssembly engine, a critical open source technology powering major platforms like Chrome and Node.js. The site provides comprehensive technical content aimed at developers and technology professionals, showcasing Google's leadership in high-performance JavaScript engine development. The website is well designed, fast, and optimized for multiple platforms, reflecting a mature digital infrastructure. From a security perspective, the site benefits from Google's robust hosting and HTTPS enforcement, with no visible vulnerabilities or exposed sensitive data. However, explicit security headers and incident response information are not present, representing areas for improvement. Privacy compliance is strong due to linkage to Google's official privacy policies, though no cookie consent mechanism is detected. Overall, the website is highly credible, trustworthy, and professional, with clear alignment between domain registration and business identity. The absence of contact information and security policy details slightly limits transparency but does not detract significantly from the site's reliability. Strategic recommendations include enhancing security headers, adding incident response contacts, and implementing cookie consent to further strengthen compliance and trust.

L

Left Logic

ffconf.org

53

FFConf is a well-established UK-based web development conference organized by Left Logic, a small Brighton development company specializing in Node.js and front-end technologies. The conference focuses on curated sessions about the future of the web, targeting web developers and technology enthusiasts. The website reflects a professional and consistent brand with a clear event history dating back to 2009. The business model centers on event organization, community engagement, and content dissemination through talks, articles, and job listings. Technically, the website is custom-built without a CMS, leveraging modern web standards including HTML5, CSS3, and JavaScript. It uses Plausible Analytics for privacy-conscious visitor tracking and is hosted behind Cloudflare DNS and CDN services. The site is mobile optimized, accessible, and performs well with good SEO practices. However, some security enhancements such as DNSSEC and security headers are missing. From a security perspective, the site enforces HTTPS and uses domain transfer protection, but lacks explicit security headers and cookie consent mechanisms, indicating partial GDPR compliance. No direct contact emails or phone numbers are provided, limiting direct communication channels. No vulnerability disclosure or incident response policies are publicly available. Overall, the security posture is moderate with room for improvement. The overall risk assessment is low given the nature of the site as an informational and event platform with no sensitive transactions. Strategic recommendations include enabling DNSSEC, implementing security headers, adding cookie consent for GDPR compliance, and publishing security and incident response policies to enhance trust and compliance.

E

Every Layout

every-layout.dev

59

Every Layout is a specialized educational platform focused on teaching resilient and modern CSS layout techniques. It offers a paid book, custom layout components, and free educational content aimed primarily at web developers and designers. The website demonstrates a strong market position within its niche, supported by testimonials from industry professionals and usage by reputable organizations such as the BBC and W3C. Technically, the site employs modern web standards including Web Components, service workers for offline access, and integrates Stripe for secure payment processing. The design is professional, mobile-optimized, and accessible, providing an excellent user experience. Security posture is solid with HTTPS and secure payment integration, though it lacks some advanced security headers and explicit security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and well-maintained, with minor areas for improvement in privacy and security transparency.

G

Google

flutter.dev

70

Flutter.dev is the official website for Flutter, an open source multi-platform app development framework maintained by Google LLC. The site targets developers and software engineers, offering comprehensive resources to build, test, and deploy applications across mobile, web, desktop, and embedded platforms from a single codebase. The website reflects Google's strong market position in developer tools and frameworks, supported by a large global community and integration with Google's ecosystem services such as Firebase and Google Ads. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, Alpine.js, and integrates Google services like Google Analytics and Tag Manager for analytics and tracking. The site is hosted on Google Cloud infrastructure, ensuring fast performance and excellent mobile optimization. Security best practices are observed with HTTPS enforcement and use of Google reCAPTCHA on forms, although explicit security headers are not visible in the HTML content. The security posture is strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is robust, linking to Google's comprehensive privacy and cookie policies, and providing a cookie consent mechanism. However, the site lacks explicit incident response contact details and a public vulnerability disclosure page. Overall, the website is highly trustworthy, professional, and secure, reflecting Google's standards. Strategically, Flutter.dev serves as a critical platform for Google to engage the developer community, promote its cross-platform framework, and integrate with its broader cloud and advertising ecosystem. The site’s design, content quality, and technical implementation support a high level of user trust and engagement.

F

Filament Group, Inc.

filamentgroup.com

55

Filament Group, Inc. is a specialized UI design studio focused on creating intuitive, accessible, and resilient websites and web applications. Established since 2001, the company has built a strong reputation through collaborations with notable clients such as Boston Globe, LEGO, and vineyard vines. Their core competencies include responsive design, accessibility, and scalable UI design systems, targeting clients who prioritize exceptional user experience. The website reflects a professional and consistent brand image with high-quality content and multimedia presentations. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with references to Bootstrap for UI components. The site is well-optimized for mobile devices and accessibility, demonstrating good SEO practices. However, there is no evidence of a CMS or hosting provider details. Performance appears fast with no broken elements detected. From a security perspective, the site lacks explicit security headers and privacy-related policies such as privacy and cookie policies, which are critical for compliance with regulations like GDPR. No forms collecting sensitive data are present, reducing immediate risk, but the absence of incident response contacts and vulnerability disclosure mechanisms indicates room for improvement. The WHOIS data is missing, which raises concerns about domain registration transparency, although the business legitimacy is supported by the website content and client portfolio. Overall, the website scores well on content quality, technical implementation, and business credibility but falls short on privacy compliance and some security best practices. Strategic recommendations include adding privacy and cookie policies, implementing security headers, publishing vulnerability disclosure information, and verifying domain registration details to enhance trust and compliance.

M

Mocha

mochajs.org

64

Mocha is an established open source JavaScript testing framework designed for Node.js and browser environments. It offers flexible asynchronous testing capabilities, parallel test execution, and extensible reporting. The project is community-driven, supported by sponsors and backers, and hosted on GitHub. The website serves as a comprehensive documentation and community hub for developers using Mocha. Technically, the site is well-structured, performant, and mobile-optimized, leveraging modern web technologies and Matomo analytics for user tracking. However, it lacks formal privacy and cookie policies, contact information, and explicit security policies, which are areas for improvement. The domain registration is consistent and appropriate for the project's age and nature, indicating legitimacy and trustworthiness.

T

ThinkDoBeCreate - Stephanie Eckles

moderncss.dev

62

ModernCSS.dev is a specialized educational website authored by Stephanie Eckles under the ThinkDoBeCreate brand, focusing on modern CSS solutions and frontend development techniques. The site offers a rich collection of articles, tutorials, and resources aimed at frontend developers and CSS enthusiasts, positioning itself as a niche expert content provider with strong author credibility and community endorsements. Technically, the site is built using the Eleventy static site generator, leveraging modern web standards including HTML5, CSS3, and JavaScript, with excellent mobile optimization and fast performance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though it lacks explicit security headers and formal privacy or cookie policies. The site uses minimal tracking via Plausible Analytics and monetizes through Carbon Ads and BuySellAds, maintaining a good balance between user experience and advertising. Overall, the website is trustworthy, professional, and well-maintained, though it could improve compliance by adding privacy and cookie policies and enhancing security headers.

Městský společenský dům v Kolíně operates as a local cultural center in Kolín, Czech Republic, offering concerts, balls, exhibitions, and venue rental services. The website targets local community members and visitors interested in cultural events, positioning itself as a key venue for social and cultural gatherings. The business model centers on event hosting and space rental, serving a small-sized organization with a focus on hospitality and cultural activities. Technically, the website employs standard web technologies including HTML, CSS, JavaScript with MooTools and jQuery libraries, and integrates Google Analytics for visitor tracking. The site is moderately optimized for mobile devices and provides a cookie consent mechanism, indicating some level of privacy awareness. However, no CMS or advanced frameworks are detected, and performance is moderate. From a security perspective, the site lacks visible security headers and a published privacy policy, which are areas for improvement. The WHOIS data is missing, reducing transparency and trustworthiness. No blocking or WAF mechanisms are detected, and no critical vulnerabilities are apparent from the provided data. The cookie consent banner and clear contact information are positive security and compliance indicators. Overall, the website is functional and serves its business purpose well but would benefit from enhanced security practices, privacy policy publication, and improved WHOIS transparency to increase trust and compliance.

E

Ekofond SPP, n.o.

ekofondspp.sk

48

Ekofond SPP is a Slovak non-profit organization dedicated to environmental sustainability, carbon footprint reduction, and social responsibility. The website presents a professional and well-structured platform focused on promoting environmental projects and educational initiatives. The organization has an established market presence since 2007 and targets a general audience interested in energy and sustainability. Technically, the website employs modern JavaScript libraries, Google Tag Manager, and a comprehensive cookie consent mechanism, reflecting a moderate level of digital maturity. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and incident response information could be improved. Overall, the site is trustworthy and compliant with GDPR, with clear privacy and cookie policies. Recommendations include enhancing security headers, publishing terms of service and incident response contacts, and improving accessibility features.

C

Cofidis S.A. Sucursal en España

cofidis.es

72

Cofidis S.A. Sucursal en España operates as a prominent financial services provider specializing in consumer credit, personal loans, and insurance products tailored to the Spanish market. With over 30 years of experience and a strong market presence, Cofidis offers flexible and personalized financial solutions including direct credit, personal loans, payment protection insurance, dental insurance, and installment purchase financing. The company targets general consumers seeking accessible credit options without changing banks, positioning itself as a trusted financial partner in Spain. Technically, the website demonstrates a mature digital infrastructure leveraging modern JavaScript libraries, Google Tag Manager, and multiple marketing and analytics tools. The site is mobile-optimized, accessible, and SEO-friendly with extensive use of structured data (JSON-LD) to enhance search engine visibility and user experience. The loan simulator is interactive and well-integrated, indicating a robust front-end implementation. From a security perspective, the website enforces HTTPS with strong SSL configuration and implements key security headers such as Content Security Policy and Strict-Transport-Security. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks explicit published security policies, incident response contacts, or vulnerability disclosure mechanisms, which are recommended for enhanced transparency and trust. Overall, Cofidis.es presents a professional, trustworthy, and user-friendly online presence consistent with a large financial institution. The absence of WHOIS data due to query restrictions is mitigated by strong on-site business information and contact details. Strategic recommendations include publishing formal security and incident response policies and establishing a vulnerability disclosure program to further strengthen security posture and customer confidence.

C

Cofidis

cofidis.sk

72

Cofidis Slovakia operates as a financial services provider specializing in consumer credit products such as unsecured loans, installment purchases, car loans, insurance, and eco-loans. The website targets Slovak consumers and offers an online loan calculator to facilitate loan amount and repayment term selection. The company appears to be well-established in the Slovak market with a professional online presence. Technically, the website uses modern JavaScript libraries including jQuery and Underscore.js, served via e-i.com CDN infrastructure, and supports HTTPS for secure communications. However, it lacks some advanced security headers and explicit privacy and cookie policies, which are important for compliance and user trust. No social media or direct contact emails were found in the provided content, though a contact page is linked. Overall, the site is functional and professional but could improve privacy compliance and security posture.

C

Cofidis SA

cofidis.fr

74

Cofidis is a well-established French financial services company specializing in online consumer credit, personal loans, credit refinancing, and credit insurance. With over 35 years of experience and a strong market presence in France, Cofidis offers a comprehensive range of financing solutions tailored to individual customer needs. The website reflects a mature digital infrastructure with modern technologies, responsive design, and extensive content that supports user engagement and trust. The integration of third-party review platforms like Trustpilot and visible certifications further enhance credibility. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, although explicit security headers could be more visible. The absence of public WHOIS data is consistent with privacy protection practices common in France and does not detract from the site's legitimacy. Overall, Cofidis demonstrates a strong business and digital maturity with good compliance to privacy regulations and user experience standards.

C

Cofidis

cofidis.be

63

Cofidis Belgium operates as a financial services provider specializing in consumer credit and loan products, targeting French and Dutch speaking customers in Belgium. The website is bilingual and designed to guide users to their preferred language section. The business appears to be an established player in the Belgian consumer credit market, offering personal loans and financial solutions. The website infrastructure relies on HTTPS and uses a CDN for resource delivery, with JavaScript libraries such as jQuery for interactivity. However, the site lacks visible privacy and cookie policies and does not provide direct contact information on the landing page, which may impact user trust and compliance perception. Security posture is moderate with HTTPS enabled but missing visible security headers and incident response contacts. WHOIS data is restricted, showing privacy protection, which is common for financial entities but limits transparency. Overall, the site is functional and professional but could improve in privacy compliance and user trust signals.

S

Sector s.r.o.

onlinegamesector.com

55

Onlinegamesector.com is a small-scale online gaming portal operated by Sector s.r.o., offering a broad selection of free browser games including flash, Unity 3D, HTML5, and multiplayer games. The site targets casual gamers seeking entertainment and relaxation. The business model is primarily advertising-supported, leveraging Google Adsense and tracking services such as Google Analytics and Quantcast. The website demonstrates moderate digital maturity with a functional design, basic mobile optimization, and standard SEO practices. However, the use of outdated JavaScript libraries and lack of visible security headers indicate technical debt and potential security risks. The absence of publicly available WHOIS data raises concerns about domain registration transparency, although the site itself appears legitimate and professionally maintained. Privacy compliance is minimal, with no dedicated privacy or terms of service pages, but a cookie consent mechanism is implemented via Quantcast CMP.

Č

Česká basketbalová federace

cz.basketball

10

CZ.BASKETBALL is the official website of the Czech Basketball Federation, serving as the primary digital platform for basketball news, competitions, clubs, and national team information in the Czech Republic. The site targets basketball players, fans, coaches, referees, and other stakeholders, providing comprehensive schedules, results, and federation-related content. It maintains a strong market position as the authoritative source for Czech basketball information. Technically, the website employs modern web technologies including Google Tag Manager and Google Analytics for tracking, uses web fonts with FontFaceObserver, and is optimized for mobile devices. The site is served over HTTPS, ensuring secure communications, though there is room for improvement in security headers and accessibility features. From a security perspective, the site demonstrates good practices such as HTTPS and cookie consent mechanisms, but lacks explicit security policies, incident response contacts, and advanced security headers. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with cookie consent present but no visible privacy or terms of service pages. Overall, the website is professional, trustworthy, and well-branded, with a good user experience and relevant content. Strategic improvements in security policies, privacy documentation, and accessibility would enhance its compliance and security posture.

V

Vojenské lesy a majetky SR, š.p.

vlm.sk

63

Vojenské lesy a majetky SR, š.p. is a Slovak state enterprise responsible for the ecological management of forest and agricultural lands within military training areas. The organization operates through a general directorate and multiple branch offices, providing services such as forestry management, agricultural activities, water management, and public education. The website reflects a professional government portal with clear contact information and compliance with privacy regulations. Technically, the site uses modern web technologies including Bootstrap and Cookiebot for consent management, ensuring good mobile optimization and accessibility. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response information are not published. Overall, the site is trustworthy, well-structured, and compliant with GDPR requirements.

Aglo Solutions s.r.o. is a Slovakian technology company specializing in custom web applications, website and e-shop development, online marketing, and server management services. Established in 2003, the company has over 15 years of experience and serves more than 400 clients, positioning itself as a trusted local provider with ISO 9001 certification indicating a commitment to quality management. Their website reflects a professional and consistent brand image targeting businesses seeking tailored digital solutions. Technically, the site is built on the SysCom CMS platform, uses modern web technologies, and integrates Google Analytics for traffic insights. The site is mobile optimized and provides clear navigation and content relevant to its audience. Security-wise, the website uses HTTPS and implements a comprehensive cookie consent mechanism aligned with GDPR requirements. However, it lacks explicit security headers and incident response disclosures, which are recommended for enhanced security posture. Overall, the domain registration details are consistent with the business claims, supporting the legitimacy and trustworthiness of the company.

A

Allianz - Slovenská poisťovňa, a.s.

allianzsp.sk

68

Allianz - Slovenská poisťovňa, a.s. operates a professional insurance website targeting private individuals and entrepreneurs in Slovakia. The company offers a broad range of insurance products including property, car (including electric and older vehicles), travel, life, and business insurance. The website reflects a strong market position as part of the global Allianz Group, with consistent branding and clear service offerings. Technically, the site is built on Adobe Experience Manager, uses modern JavaScript libraries, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers and policies are not published. Overall, the site is trustworthy, well-structured, and provides a good user experience with moderate performance and good mobile optimization.

P

People in Need (implied from domain and cookie providers)

jedensvetonline.cz

65

Jeden svět online is a Czech Republic-based online streaming platform dedicated to showcasing the best films from the Jeden svět human rights festival. Founded in 2021, it serves a niche audience interested in human rights and cultural content, providing access to festival films across the country. The platform leverages modern web technologies including JavaScript frameworks, Video.js for media playback, and integrates third-party services such as Google Tag Manager and Facebook Pixel for analytics and marketing. Cookiebot is used to ensure GDPR-compliant cookie consent management, reflecting a commitment to privacy compliance. Security posture is solid with HTTPS enforced and use of CSRF tokens, though some security headers could be explicitly confirmed and enhanced. No critical vulnerabilities or suspicious WHOIS patterns were detected, and the domain registration aligns well with the business profile. Overall, the website presents a professional and trustworthy digital presence with good content quality and user experience.

F

Funding Centre

fundingcentre.com.au

65

Funding Centre is an Australian-based organization providing a comprehensive grants database and fundraising capacity building services primarily targeting not-for-profits, schools, businesses, government entities, and individuals. The website offers subscription-based membership plans granting access to a rich database of live grants, fundraising tools, and resources, positioning itself as a leading platform in the Australian fundraising ecosystem with over 20 years of experience. The parent company, Our Community, supports the platform, enhancing its credibility and market presence. Technically, the website employs modern web technologies including Bootstrap 4, FontAwesome, Google reCAPTCHA v3, and Google Tag Manager, ensuring a responsive and user-friendly experience across devices. The site demonstrates good SEO practices and moderate performance, with room for improvement in accessibility and explicit security header implementation. From a security standpoint, the site enforces HTTPS and integrates bot protection via reCAPTCHA. However, it lacks explicit security headers and a visible security or incident response policy. Privacy compliance is partially addressed with a comprehensive privacy policy hosted on the parent domain, but no cookie consent mechanism is present. WHOIS data is privacy-protected, which is typical for such organizations, and no suspicious patterns were detected. Overall, the website presents a professional, trustworthy, and functional platform with moderate technical maturity and a solid business model. Strategic improvements in privacy compliance and security transparency would enhance its risk posture and user trust.

E

EDELRID

edelrid.de

65

EDELRID is a well-established German company specializing in mountain sports, climbing, and occupational safety equipment with a history spanning over 160 years. The website serves both sports enthusiasts and professional users, offering a broad catalog of products and training services. The company maintains a strong market position with a focus on quality and innovation. Technically, the website is built with modern web technologies, including JavaScript frameworks and consent management tools, hosted on Cloudflare infrastructure. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place, although DNSSEC is not enabled and no explicit security policy or incident response information is published. Overall, the website is professional, trustworthy, and compliant with GDPR requirements.

L

LEONI Group

leoni.com

61

LEONI Group is a global enterprise specializing in innovative cable and wiring systems primarily for the automotive and mobility sectors. The company positions itself as a key player shaping the future of mobility through advanced manufacturing solutions. Their website reflects a professional corporate presence with a focus on product offerings such as low and high voltage wiring harnesses and integrated system solutions. Technically, the website is built on TYPO3 CMS and employs Cookiebot for GDPR-compliant cookie management, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in security headers and explicit incident response contacts. The absence of WHOIS data introduces some uncertainty regarding domain registration transparency but does not detract significantly from the overall legitimacy given the professional content and branding. Strategic recommendations include enhancing security headers, publishing a security policy, and improving contact transparency to bolster trust and compliance.

O

Orange France

orange.fr

65

Orange France operates a comprehensive telecommunications portal offering mobile, internet, TV, and streaming services primarily targeting the French market. The website demonstrates a strong market position as a leading telecom operator with a wide range of consumer offerings and a professional digital presence. The technical infrastructure utilizes modern web technologies including JavaScript libraries for carousels and sliders, and structured data for SEO and business information. Security posture is moderate with HTTPS implied but lacks explicit security headers and published security policies. Privacy compliance is limited in visible content with no clear privacy or cookie policies detected. Overall, the website is professional, trustworthy, and safe for general audiences, but could improve transparency in privacy and security disclosures. The absence of WHOIS data limits domain legitimacy verification but does not detract significantly from the brand's credibility given its established presence.

E

EXHOBBY LIMITED

exhobby.com

68

EXHOBBY LIMITED operates a professional e-commerce platform specializing in remote control hobby products including planes, boats, trucks, and accessories under the VOLANTEXRC brand. The company targets hobbyists primarily in Europe and globally, offering localized storefronts and free shipping from US stock. The website is built on Shopify, leveraging a modern tech stack with multiple marketing and analytics integrations, demonstrating a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and CAPTCHA protections, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site presents a trustworthy and professional retail experience with room for enhanced transparency in security and privacy disclosures.

A

AvalonKing

avalonking.com

69

AvalonKing is a specialized e-commerce business focused on providing high-quality automotive ceramic coating products directly to consumers. Established in 2017, the company has positioned itself as a leading provider of DIY ceramic coating kits with a strong reputation supported by thousands of positive customer reviews. The website is professionally designed, mobile-optimized, and offers clear navigation and comprehensive product information. The business targets automotive enthusiasts and vehicle owners seeking durable and effective car protection solutions. Technically, the site is built on the Shopify platform, leveraging modern JavaScript libraries and multiple marketing and analytics integrations, ensuring a robust digital presence and good performance. Security posture is strong with HTTPS enforced, domain registration consistent and stable, and privacy compliance evident through detailed policies and consent mechanisms. No critical vulnerabilities or blocking mechanisms were detected, indicating a trustworthy and well-maintained online store.

P

PHYSICS TODAY

physicstoday.org

65

Physics Today is a reputable publication operated by the American Institute of Physics, serving the physics community with news, analysis, and career resources. The website demonstrates a mature digital infrastructure with modern web technologies, including MathJax for scientific notation, and integrates comprehensive privacy and cookie consent mechanisms. Security posture is strong with HTTPS enforcement and standard security headers, though explicit security policies and incident response information are not publicly detailed. Overall, the site is professional, trustworthy, and well-optimized for its target audience.

S

STUDENTS

spsnational.org

66

The SPS website serves as a comprehensive resource for physics students, operated under the American Institute of Physics umbrella. It provides news, educational content, event information, and opportunities for student involvement, positioning itself as a key platform for the physics student community. The affiliation with AIP lends credibility and trust to the site, reinforcing its role in the educational and non-profit sector. Technically, the website employs modern web technologies including JavaScript, Web Components, and a CMS platform (Brightspot). It integrates Google Tag Manager for analytics and Osano for cookie consent management, reflecting a mature digital infrastructure. The site is mobile-optimized and demonstrates good SEO practices, although some accessibility features could be enhanced. From a security perspective, the site uses HTTPS and cookie consent mechanisms effectively. However, explicit security headers and vulnerability disclosure mechanisms are absent, representing areas for improvement. The lack of WHOIS data due to privacy protection is common for organizations but limits domain trust analysis. Overall, the security posture is solid but could benefit from additional transparency and policy disclosures. The overall risk assessment is low, with the site appearing legitimate, professional, and compliant with privacy regulations. Strategic recommendations include enhancing security headers, publishing incident response and security policies, and implementing a security.txt file to improve transparency and trust.

S

Sensitech Inc.

sensitech.com

74

Sensitech Inc. is a well-established company specializing in supply chain visibility solutions, particularly focusing on real-time temperature monitoring and cold chain logistics for industries such as life sciences, food, and industrial sectors. The company operates under the parent organization Carrier Global Corporation, indicating a strong market position and corporate backing. Their website reflects a mature digital presence with comprehensive product and solution offerings, targeting business customers requiring advanced supply chain monitoring technologies. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and integrates third-party services like Google Tag Manager and OneTrust for analytics and privacy compliance. The site is mobile-optimized, accessible, and SEO-friendly, with a professional design and clear navigation structure. The use of Carrier CMS suggests a tailored content management approach. From a security perspective, the website enforces HTTPS and implements cookie consent mechanisms, indicating attention to privacy and regulatory compliance. However, explicit security headers are not clearly visible in the provided data, and no dedicated security or incident response policies are published on the site. The WHOIS data for the domain is unavailable or not found, which is unusual for a company of this stature but does not detract significantly from the overall trustworthiness given the strong branding and parent company association. Overall, Sensitech's website demonstrates a high level of professionalism, technical maturity, and compliance with privacy standards, making it a trustworthy and credible source for its target audience. Strategic improvements in publishing explicit security policies and ensuring WHOIS transparency could further enhance trust and security posture.

P

Pivovarna Laško Union d.o.o.

pivovarnalaskounion.com

58

Pivovarna Laško Union d.o.o. is the largest beer and beverage producer in Slovenia, with a rich 200-year tradition in brewing. The company emphasizes sustainability and social responsibility, positioning itself as a leader in the Slovenian beverage market. Their website reflects a professional and modern digital presence, showcasing their brands and corporate values. Technically, the site is well-implemented with modern HTML5 and CSS, mobile responsiveness, and a cookie consent mechanism aligned with GDPR requirements. Security posture is solid with HTTPS enforced and age verification for alcohol content, though some security headers and policies could be improved. Overall, the domain registration and WHOIS data are consistent with the business claims, supporting legitimacy and trustworthiness.

A

A1 Slovenija

a1.si

64

A1 Slovenija is a leading private telecommunications provider in Slovenia, offering a wide range of communication services including mobile subscriptions, prepaid packages, triple play bundles, and devices. The company serves over 700,000 users with a strong market presence and a workforce of more than 500 employees. Their website reflects a mature digital infrastructure with modern technologies such as Liferay CMS, Vue.js, and various accessibility and analytics tools. The site is well-optimized for SEO, mobile-friendly, and compliant with GDPR regulations, including a comprehensive cookie consent mechanism. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although explicit security policies and incident response information are not publicly disclosed. Overall, the domain registration and business information align well, indicating a trustworthy and legitimate enterprise.

P

Patrick Hofmann IT-Solutions

p-hofmann.de

36

Patrick Hofmann IT-Solutions is a small, specialized IT service provider based in Berlin, focusing on WordPress development, web design, security, and server management. The company offers a comprehensive range of services including WordPress maintenance contracts, web hosting, e-commerce consulting, automation with AI, API programming, and progressive web apps. The website positions the business as a reliable and competent partner for clients seeking professional IT solutions in the local market. Technically, the website is built on WordPress using the Enfold theme and several well-known plugins such as Contact Form 7 and Mailster. The site is mobile-optimized, has good SEO practices, and includes modern web technologies like HTML5 and JavaScript. Hosting details are not explicit, but the use of anycast DNS suggests a focus on performance and reliability. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism with Google Analytics opt-out functionality. The contact form is protected by a captcha and requires explicit privacy consent. However, additional security headers and a published security policy or incident response contacts are absent, representing areas for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. The business demonstrates a solid digital presence with good content quality and user experience. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to further strengthen trust and compliance.

P

PUMA Europe GmbH

puma.com

72

PUMA Europe GmbH operates a professional e-commerce platform targeting the Finnish market under the global PUMA brand, a leading sportswear company founded in 1948. The website offers footwear, apparel, and accessories with a strong focus on performance and lifestyle products. The platform is built on Salesforce Commerce Cloud, integrating advanced personalization and analytics tools such as Emarsys and Google Tag Manager, reflecting a mature digital infrastructure. Security posture is robust with HTTPS enforcement, cookie consent mechanisms, and no visible vulnerabilities, although explicit security policies and incident response contacts are not publicly detailed. Overall, the site demonstrates high professionalism, strong branding consistency, and compliance with GDPR, supporting a high trustworthiness rating.

C

Crownpeak Technology, Inc

attraqt.com

67

Crownpeak Technology, Inc offers Fredhopper, an advanced AI-powered product discovery solution designed to enhance e-commerce experiences for enterprise retailers and brands, particularly in fashion and beauty sectors. The platform provides intelligent merchandising, personalized recommendations, and AI-driven search capabilities that significantly boost conversions and average order values. The website demonstrates a mature digital presence with integrations across major e-commerce platforms such as Shopify and Salesforce Commerce. Technically, the site employs modern tracking and marketing technologies, robust consent management, and enforces HTTPS with security headers, reflecting a strong security posture. However, the absence of WHOIS registration details slightly reduces trust but is mitigated by the professional site content and branding. Overall, the site scores highly on content quality, technical implementation, security, privacy compliance, and business credibility.

F

FTV Prima

cnnprima.cz

58

FTV Prima operates the CNN Prima NEWS website, a leading Czech news media outlet providing trustworthy, fast, and clear news coverage for a broad audience. The site offers live TV streaming, news articles, video content, and a mobile app, targeting general audiences in the Czech Republic. The business is positioned as a major player in the Czech media industry with consistent branding and a comprehensive content offering. Technically, the website uses modern web technologies including JavaScript frameworks, Google Tag Manager, and a consent management platform (Didomi) to ensure GDPR compliance. The site is mobile-optimized, accessible, and integrates multiple trusted third-party services for analytics and advertising. Performance is moderate with good SEO and accessibility practices. Security posture is strong with HTTPS enforced, consent management, and no visible vulnerabilities or exposed sensitive data. However, explicit security headers should be verified and a security.txt file or incident response contact could enhance transparency. Privacy compliance is well addressed with clear cookie and privacy policies. Overall, the website presents a low risk profile with high professionalism and trustworthiness. The lack of WHOIS data is likely due to privacy protection and does not detract from the legitimacy of the site. Strategic recommendations include enhancing security header implementation, publishing vulnerability disclosure information, and maintaining regular audits of third-party scripts.

D

Deník Referendum

denikreferendum.cz

59

Deník Referendum is an independent Czech media outlet founded in 2009, focusing on political, social, and climate-related journalism without paywalls or oligarch influence. The website is well-structured, uses modern web technologies including Svelte, and integrates multiple analytics and tracking tools such as Google Analytics, Hotjar, and Facebook Pixel. The site implements a comprehensive cookie consent mechanism, allowing users granular control over cookie categories. Security posture is strong with HTTPS enforced and Cloudflare Bot Management in place, though explicit privacy and security policies are not found in the provided content. Overall, the site is professional, content-rich, and trustworthy, serving a Czech-speaking audience interested in independent journalism.