Security Directory

L

Logista d.o.o.

logista.hr

10

Logista d.o.o. is a medium-sized Croatian company specializing in distribution and telecommunications services, including tobacco product distribution, mobile technology, and B2B telecommunications support. The company has a strong market position in Croatia, recognized among the top 400 companies and listed by the London Stock Exchange as an inspiring European business. Their key services include JTI tobacco distribution, A1 telecommunications support, and e-distribution services. The website is professionally designed, mobile-optimized, and uses modern tracking and analytics tools. Hosting is provided via Oracle Cloud, and the site employs HTTPS with reCAPTCHA for security. However, there is no publicly available security policy or incident response information, which could be improved. Overall, the website is trustworthy and well-maintained, with clear contact information and GDPR-compliant cookie consent.

T

Trophy Monster

trophymonster.com

56

Trophy Monster is a UK-based e-commerce retailer specializing in trophies, medals, plaques, cups, and awards with custom printing services. Established in 2016, the company targets sports clubs, schools, corporate clients, and individuals seeking quality awards. The website demonstrates a professional design with clear navigation and multiple language support, indicating an international market presence. Technically, the site uses modern JavaScript features, Google Analytics, and Google Ads for marketing and tracking, hosted on AWS infrastructure. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though DNSSEC is not enabled and security policies are not explicitly published. Overall, the domain registration aligns well with the business claims, supporting legitimacy and trustworthiness.

P

Pokale Bauer

pokale-bauer.at

70

Pokale Bauer is a regional e-commerce and retail business specializing in the production and sale of sports trophies, medals, plaques, and custom awards. The company operates multiple physical stores across Austria, Czech Republic, Germany, and serves customers online with multilingual support. Their business model focuses on custom printing starting from a single piece, targeting sports clubs, event organizers, and individual customers. The website demonstrates a solid market position with trust signals such as verified Trustpilot reviews and active social media presence. Technically, the website uses modern web technologies including lazy loading, IntersectionObserver API, Google Tag Manager, and Google Analytics for tracking. The site is mobile optimized with good SEO practices and structured data implementation. Performance is moderate with room for improvement in accessibility and security headers. Security posture is good with HTTPS enforced and nonce usage in scripts, but lacks explicit security headers and a cookie consent mechanism. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic with a privacy policy present but no visible cookie consent banner. Business credibility is high due to clear contact information, physical store locations, and trust indicators. Overall, the website is professional, trustworthy, and functional with recommendations to enhance security headers, implement cookie consent, and publish incident response policies to improve compliance and security maturity.

O

Organikk

organikk.cz

55

Organikk.cz is a Czech Republic based e-commerce platform specializing in sustainable lifestyle products including household items, personal care, kitchenware, dental care, and fashion accessories. The company emphasizes eco-friendly, chemical-free, and plastic-free products, supporting small producers and environmental causes. The website is professionally designed with clear navigation, comprehensive product information, and customer testimonials, positioning Organikk as a niche leader in sustainable retail within its market. Technically, the site runs on the Shoptet platform, uses modern analytics and marketing tools with GDPR-compliant cookie consent, and maintains a good security posture with HTTPS and CSRF protections. However, the WHOIS data is unavailable, limiting domain trust assessment. Overall, Organikk demonstrates a mature digital presence with room for security header enhancements and updated libraries.

C

CHASING

chasing.com

47

CHASING operates as a technology company specializing in the design and sale of innovative underwater drones targeting both consumer and light-industrial markets. Their website presents a professional and modern digital presence, leveraging advanced JavaScript frameworks and multiple analytics and marketing tools to engage users globally. Despite the lack of WHOIS registration data, the site demonstrates a credible e-commerce platform with clear product offerings and a consistent brand image. The technical infrastructure is robust with HTTPS and content security policies in place, though additional security headers could enhance protection. Privacy compliance is limited, with no explicit privacy or cookie policies detected, which may pose compliance risks. Overall, the business appears legitimate but would benefit from improved transparency and security practices.

W

Web25

web25.io

63

Web25 is a technology company offering affordable website design and integrated business tools on a subscription basis, targeting new businesses and entrepreneurs. Their market position emphasizes cost savings compared to established SaaS competitors by bundling multiple services such as review management, AI chatbots, email automation, and CRM into one platform. The website is built on modern web technologies including Webflow CMS and integrates Google Analytics and Tag Manager for tracking. The technical infrastructure is solid with good mobile optimization and SEO practices, although accessibility features are basic. Security posture is adequate with HTTPS enabled and asynchronous loading of tracking scripts, but lacks explicit security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. Overall, the site is professional and trustworthy but would benefit from enhanced transparency and compliance documentation.

P

Pädagogische Hochschule Oberösterreich

ph-ooe.at

70

Pädagogische Hochschule Oberösterreich (PH OÖ) is a regional higher education institution specializing in teacher education and educational research in Upper Austria. The website serves students, educators, and academic staff by providing information on study programs, continuing education, research initiatives, and international mobility. The institution positions itself as a key player in education within the region, offering comprehensive academic and professional development services. Technically, the website is built on TYPO3 CMS with Bootstrap and jQuery, featuring a responsive design and moderate performance. Security measures include HTTPS enforcement and a GDPR-compliant cookie consent mechanism. However, some HTTP security headers are missing, which could be improved. Overall, the site is professional, trustworthy, and compliant with privacy regulations, with clear contact information and active social media presence.

J

Jaga Media, s.r.o.

floranazahrade.cz

58

Homebydleni.cz is a Czech online lifestyle magazine specializing in home, garden, and living topics. Owned by Jaga Media, s.r.o., it offers a variety of articles, tips, and inspirations targeting homeowners and garden enthusiasts. The website is well-established, with a domain age dating back to 2009, and maintains a consistent brand presence with professional content and advertising partnerships. Technically, the site is built on WordPress, leveraging popular plugins for SEO and ad management, and integrates consent management for GDPR compliance. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers could be improved. Overall, the site provides a good user experience with mobile optimization and clear navigation.

C

Carletta Ltd.

pinup777.mx

54

Pin-Up Casino México is an established online gambling platform targeting the Mexican market, offering a wide range of casino games, live dealer options, and sports betting. The business operates under Carletta Ltd., licensed by Curazao eGaming, ensuring regulatory compliance and player protection. The website is professionally designed, mobile-optimized, and provides comprehensive information about registration, bonuses, and payment methods. Technically, it leverages WordPress with Bootstrap, Cloudflare DNS, and integrates analytics tools like Google Analytics and Microsoft Clarity. Security posture is solid with HTTPS and SSL encryption, RNG certification, and account verification, though it lacks some advanced security headers and published incident response policies. The domain WHOIS data shows some inconsistency with the domain creation date being in the future, which warrants monitoring but does not currently undermine legitimacy. Overall, the platform presents a trustworthy and user-friendly experience for adult players in Mexico.

A

American College of Physicians

acponline.org

70

The American College of Physicians (ACP) is a large, well-established professional medical organization focused on internal medicine. It serves a global membership of over 162,000 physicians, subspecialists, and medical students, providing advocacy, education, clinical guidance, and certification resources. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation tailored to healthcare professionals. Technically, the site is built on Drupal 10 and integrates modern analytics and marketing tools, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforced and secure forms, though explicit security headers and policies could be improved. Privacy compliance is evident with a detailed privacy policy and cookie consent mechanisms. WHOIS data is unavailable due to privacy protection, which is typical for such organizations. Overall, the site is trustworthy, professional, and well-positioned in its market.

F

Feel IQM d.o.o.

iqmpass.com

55

IQM Pass is a Croatian tourism-focused digital pass service operated by Feel IQM d.o.o., founded in 2020. The service offers tourists special discounts and benefits across multiple Croatian destinations by partnering with local businesses. The website is well-structured, professionally designed, and targets travelers seeking enhanced destination experiences. Technically, the site uses modern web technologies including React, Google Analytics, and Facebook Pixel, hosted on DigitalOcean. Security posture is adequate with HTTPS and cookie consent implemented, though some security headers and policies could be improved. The domain registration is consistent with the business timeline and shows no suspicious indicators. Overall, the website presents a trustworthy and professional digital tourism service.

Civilnodruštvo.hr is a Croatian non-profit portal operated by the Nacionalna zaklada za razvoj civilnog društva, focused on civil society, activism, and social initiatives. Established in 2004, it serves as an information hub connecting various actors in civil activism and promoting civil initiatives. The website offers news, event announcements, educational materials, and multimedia content relevant to its audience. Technically, the site is built on WordPress with a mature plugin ecosystem including Yoast SEO, Contact Form 7, and social sharing tools, ensuring good SEO and user engagement. The site is mobile optimized and performs moderately well. Security posture is solid with HTTPS enforced and reCAPTCHA implemented, though some security headers are missing and no explicit security policies are published. Privacy and cookie policies are present and GDPR compliant. Overall, the site is trustworthy, professional, and well-positioned in its niche.

M

Ministarstvo rada, mirovinskog sustava, obitelji i socijalne politike

mrms.hr

54

The website represents the official online presence of the Croatian Ministry of Labour, Pension System, Family and Social Policy. It serves as a comprehensive information portal for Croatian citizens and stakeholders regarding labor laws, social welfare programs, pension regulations, and family policies. The site is well-positioned as a government resource, providing authoritative content and official communications. The target audience includes citizens, social service users, and public sector employees. Technically, the website employs a traditional web stack with jQuery, Modernizr, and various UI libraries such as Fancybox and Owl Carousel. It uses HTTPS with Google Analytics for visitor tracking, and includes cookie consent mechanisms compliant with GDPR. The site demonstrates good mobile optimization and accessibility features, though some libraries like jQuery are outdated, which could pose security risks. From a security perspective, the site enforces HTTPS and has implemented cookie consent, but lacks visible security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data is unavailable due to GDPR privacy restrictions, but the domain is a government .gov.hr domain, indicating high legitimacy. Overall, the website is a trustworthy and professional government portal with good content quality and privacy compliance. Strategic improvements include updating technical libraries, enhancing security headers, and publishing security policies to strengthen trust and resilience.

W

WordPress Care

wordpresscare.com

57

WordPress Care is a specialized service provider focused on WordPress website building and maintenance tailored for small and medium-sized businesses. The company offers a range of services including daily backups, WordPress core, theme and plugin updates, heat maps, and the use of professional plugins to enhance website functionality. The website presents a professional image with client testimonials and certifications that reinforce trust and expertise in the WordPress domain. Technically, the website is built on WordPress 6.8.3 using the Avada theme and several modern plugins such as Yoast SEO and SuperPWA, indicating a mature digital infrastructure. Analytics and tracking tools like Google Analytics, LinkedIn Insight Tag, and Hotjar are employed to monitor user behavior and marketing effectiveness. Security posture is generally good with HTTPS enabled and no visible vulnerabilities, but lacks explicit security headers and formal security policies. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website content and business presentation are consistent with a legitimate small business. Privacy and cookie policies are present, but the lack of a cookie consent mechanism and incident response information suggests room for improvement in compliance and transparency.

O

OKsystem a.s.

oksystem.com

67

OKsystem a.s. is a well-established Czech IT company specializing in custom software development, IT services, and training with over 35 years of market presence. The company targets private firms and public administration, offering innovative, secure, and reliable software solutions. Their market position is strong, supported by a large customer base and official partnerships such as the Czech national pavilion at EXPO 2025. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, Google Tag Manager, and reCAPTCHA, with good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though security headers and explicit incident response policies are not evident. The absence of WHOIS data for the .com domain is a concern but may be due to privacy or alternative domain usage. Overall, the website is professional, trustworthy, and compliant with GDPR.

F

ForCamping s.r.o.

4camping.cz

73

ForCamping s.r.o. operates 4camping.cz, a leading Czech retailer specializing in outdoor and camping equipment. The company combines e-commerce with a network of 21 physical stores, offering over 12,000 products. The website targets outdoor enthusiasts, hikers, cyclists, and families, positioning itself as a market leader with recognized awards such as ShopRoku. The business model focuses on providing a comprehensive product range with customer advisory services and a loyalty program. Technically, the website employs modern web technologies including JavaScript, Google Tag Manager, and a proprietary e-commerce framework named Asgard. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. The absence of WHOIS data limits full domain legitimacy verification, but the professional presentation and business presence support trust. Overall, the site is well-structured, user-friendly, and compliant with GDPR requirements.

W

Web Revolution s.r.o.

wikyhracky.cz

53

Wikyhracky.cz is a Czech Republic-based retail and wholesale e-commerce platform specializing in toys, games, school, and office supplies. The company boasts over 30 years of tradition and operates more than 70 physical stores nationwide, positioning itself as a significant player in the Czech toy retail market. The website offers a broad product catalog with recommended and new products, supported by social media channels and a B2B e-shop. Technically, the site uses a mix of legacy and modern web technologies including jQuery 1.11.1, Select2, PrettyPhoto, and integrates marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and Bing Ads. While the site is accessible and well-structured with good content quality and user experience, it lacks explicit privacy and cookie policies, and uses an outdated jQuery version that may pose security risks. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the business presence and content suggest a legitimate operation. Security headers and SSL configuration details are not available, limiting a full security posture assessment.

A

Altisima software SE

e-jidelnicek.cz

41

e-Jídelníček is a Czech Republic based SaaS platform specializing in intelligent food ordering and canteen management services. The platform enables users to order and cancel meals, monitor account balances, and verify attendance, targeting educational institutions and their users. The website is operated by Altisima software SE, an established software company with a domain age dating back to 2001, indicating a mature market presence. The business model revolves around providing digital meal management solutions accessible via web and mobile apps on Android and iOS platforms. The company maintains a consistent brand presence and partners with related software solutions, enhancing its ecosystem.

S

Schools United s.r.o.

kraloveskoly.cz

58

Schools United s.r.o. operates a professional e-commerce platform specializing in custom clothing and supplies for schools, sports teams, and interest groups primarily in the Czech Republic. The company offers tailored apparel collections and school equipment through a user-friendly online shop, supported by strong customer testimonials and a clear brand identity. The website is well-structured, mobile-optimized, and provides comprehensive privacy and cookie policies, reflecting a mature digital presence. Technically, the site leverages the Shoptet e-commerce platform with integrations for analytics and marketing tools such as Google Analytics, Facebook SDK, and Poptin. Security posture is solid with HTTPS enforcement and CSRF protections, though explicit security headers could be improved. The absence of WHOIS data indicates privacy protection, common for such businesses, but reduces transparency. Overall, the site demonstrates a trustworthy and professional business with good compliance and technical standards.

InGenius Webdesign is a Czech Republic-based small web development company specializing in custom internet presentations, web applications, e-commerce, and related digital services. With over 200 completed projects, they serve businesses seeking tailored online solutions. Their website demonstrates a professional design with clear navigation and good mobile optimization, leveraging technologies such as jQuery, LESS.js, Kooboo CMS, and integrating marketing tools like Google Analytics and Facebook Pixel. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. However, the absence of WHOIS data and security headers indicates areas for improvement in trust and security posture. Overall, the company presents a credible and professional digital presence with moderate technical maturity and a good security baseline.

Sportovec roku is a well-established Czech sports award platform operated by BPA sport marketing a.s., with a domain age dating back to 2004. The website serves as a media and event promotion platform targeting sports journalists and fans within the Czech Republic. It offers news, event information, and partner links related to Czech sports awards. Technically, the site is built on WordPress with Bootstrap and jQuery, featuring a responsive design and basic SEO and accessibility features. Security posture is adequate with HTTPS and GDPR-compliant cookie consent, though lacking advanced security headers and explicit security policies. No critical vulnerabilities or suspicious patterns were detected. Overall, the site is professional, trustworthy, and compliant with privacy regulations.

K

Klub sportovních novinářů České republiky

ksn.cz

44

Klub sportovních novinářů České republiky is a professional association dedicated to sports journalists, including reporters, photographers, and filmmakers focused on sports topics. The organization provides news, organizes awards such as Sportovec roku and Zlatý míč, and offers member-exclusive events and databases. The website serves as a communication platform for members and the public, showcasing news, events, and contests related to sports journalism in the Czech Republic. Technically, the site is built on WordPress with Elementor and uses modern JavaScript libraries like Vue.js and Axios, supported by Google Analytics and Tag Manager for visitor tracking. The site is mobile-optimized and presents a professional design with clear navigation. Security posture is adequate with HTTPS and cookie consent mechanisms, though it lacks advanced security headers and explicit incident response information. WHOIS data is unavailable, likely due to privacy protection, but the website content and contact details support legitimacy. Overall, the site is a credible and professional platform for its niche audience.

S

SATOYA s.r.o.

satoya.cz

43

SATOYA s.r.o. is a Czech Republic-based IT service provider specializing in computer sales and servicing, IT outsourcing, web design, hosting services including webhosting, email, cloud, virtual and dedicated servers, and server housing. The company also develops custom software and hardware solutions, targeting businesses and individuals requiring reliable IT infrastructure and support. The website demonstrates a professional digital presence with detailed service descriptions, client references, and a regularly updated blog, indicating active engagement with its audience. Technically, the site is built on WordPress with modern plugins such as Smart Slider 3 and Yoast SEO, ensuring good SEO and mobile responsiveness. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and explicit privacy policies are lacking. The absence of WHOIS data due to privacy protection slightly reduces trust but does not detract from the overall legitimacy. Strategic recommendations include implementing comprehensive privacy and cookie policies, publishing security and incident response information, and enhancing security headers and accessibility features.

I

inlab medical s.r.o.

inlab.cz

46

inlab medical s.r.o. is a Czech-based company specializing in the supply of medical and veterinary diagnostic equipment and consumables. With over 20 years of experience, the company serves both veterinary and human medical sectors, offering products such as hematology analyzers, biochemistry devices, and infectious disease detection tools. Their business model includes an e-commerce platform targeting medical professionals and practices. The website demonstrates a solid market position within its niche, supported by active content updates and customer engagement features.

O

oikos International

oikos-international.org

58

oikos International is a well-established non-profit organization focused on transforming management and economics education towards sustainability. With a global student community presence since 1987, it offers leadership programs, events, and advocacy for sustainable education. The website is built on a modern WordPress infrastructure using Elementor and Bootstrap, supported by Cloudflare DNS and Google analytics tools. Security posture is solid with HTTPS and domain transfer protection, though DNSSEC and security headers are absent. Privacy compliance is limited due to missing explicit privacy and cookie policies. Overall, the site is professional, trustworthy, and safe for general audiences.

C

Cortusa Group s.r.o.

cortusa.cz

53

Cortusa Group s.r.o. is a small regional real estate developer based in the Czech Republic, specializing in residential housing projects near Plzeň. The company emphasizes affordable, modern, and energy-efficient homes with a focus on customer satisfaction and proximity to nature. Their website reflects a professional approach with clear contact information, project showcases, and financing options. Technically, the site uses modern JavaScript libraries and tracking tools such as Google Analytics and CookieScript for consent management, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS implied, but lacks visible advanced security headers and explicit security policies. The absence of WHOIS data due to privacy protection slightly reduces trust but is common for small businesses. Overall, the website is safe, compliant with GDPR, and presents a trustworthy business front.

F

Forschungszentrum Inklusive Bildung (FZIB)

fzib.at

10

The Forschungszentrum Inklusive Bildung (FZIB) is a collaborative research center affiliated with Universität Graz, Pädagogische Hochschule Steiermark, and Private Pädagogische Hochschule Augustinum. It focuses on research in inclusive education and digitalization, supporting scientific youth and practical applications through its Digital Lab for Inclusion. The website reflects a well-established academic entity with a clear mission and target audience in education and research sectors. Technically, the site is built on TYPO3 CMS with Angular components, uses modern web standards, and integrates analytics tools like Matomo and Google Analytics with privacy considerations such as IP anonymization and cookie consent. Security posture is strong with HTTPS and no visible vulnerabilities, though formal security policies and incident response contacts are absent. Overall, the site is professional, trustworthy, and compliant with GDPR, serving its academic and public audience effectively.

H

Heimstaden UK

heimstaden.com

58

Heimstaden UK operates as a leading residential and commercial landlord offering long-term rental apartments and commercial properties across Europe. The company positions itself as a market leader with a strong focus on simplifying and enhancing tenants' lives through its Friendly Homes vision. The website reflects a mature business with a large portfolio, supported by a consistent brand presence and comprehensive content targeting renters and commercial clients in the UK and Europe. Technically, the site is built on WordPress with modern SEO and analytics tools, hosted on Azure infrastructure, and implements cookie consent mechanisms aligned with GDPR requirements. Security posture is solid with HTTPS and cookie management, though some security headers and policies could be improved. The domain WHOIS data confirms a long-established and legitimate business presence. Overall, the website is professional, trustworthy, and compliant with privacy regulations, though it lacks explicit contact and security policy details.

OZ BRÁZDA s.r.o. is a Czech Republic-based company specializing in the supply and distribution of fresh fruits and vegetables. Established in 2010, the company offers a wide range of over 1600 product types and operates distribution services 362 days a year, positioning itself as a reliable supplier in the retail sector. The website reflects a medium-sized business with a clear focus on fresh produce and serves a general audience interested in healthy food options. Technically, the website is built on WordPress using the Avia Framework and integrates Google Analytics and Google Tag Manager for tracking. The site is moderately optimized for performance and mobile devices, with good SEO practices in place. Security-wise, the site uses HTTPS but lacks visible security headers and formal security policies, indicating room for improvement in security posture and compliance. Privacy compliance is limited due to the absence of a privacy policy and terms of service, although a cookie consent mechanism is implemented. Overall, the domain registration data aligns well with the business claims, supporting the legitimacy of the company.

P

Poháry Bauer

pohary-bauer.cz

53

Poháry Bauer is a Czech-based company specializing in the manufacture and sale of sports trophies, medals, plaques, and figurines. The company operates both an e-commerce platform and multiple physical stores across the Czech Republic and neighboring countries, targeting sports clubs, event organizers, and individuals seeking sports awards. Their business model includes custom production and printing services starting from a single piece, positioning them as a leading supplier in their niche market. The website is professionally designed with good navigation, mobile optimization, and SEO practices, reflecting a mature digital presence. Technically, the website employs modern JavaScript libraries, Google Tag Manager, and structured data for SEO enhancement. It uses HTTPS with a good SSL configuration and includes accessibility features. The site integrates tracking tools with consent management, indicating a basic level of privacy compliance. However, explicit privacy and security policy pages are limited, and WHOIS data for the domain is unavailable, which slightly impacts trust assessment. From a security perspective, the site enforces HTTPS and uses Google’s analytics and advertising tools with consent restrictions. No critical vulnerabilities or exposed sensitive data were detected. Security headers are assumed but not explicitly visible in the HTML. The absence of a dedicated security policy or vulnerability disclosure page suggests room for improvement in security transparency. Overall, Poháry Bauer presents a trustworthy and professional online presence with a solid business foundation. The lack of WHOIS data and limited explicit privacy/security policies are minor concerns. Strategic recommendations include enhancing security headers, publishing clear security and privacy policies, and establishing a vulnerability disclosure process to further strengthen trust and compliance.

I

ilogs smartwear GmbH

mynextring.com

47

MYnextRING is a health-focused wearable technology company offering a smart ring that monitors various biometric data such as heart rate, sleep, stress, and activity. The company positions itself as a premium European brand with a focus on privacy and user-friendly design. The website is well-developed using WordPress and WooCommerce, integrating modern marketing and analytics tools. Security posture is good with HTTPS and domain transfer protection, though DNSSEC is not enabled and cookie consent mechanisms are missing. Contact information is clearly provided, enhancing business credibility. Overall, the website presents a professional and trustworthy digital presence suitable for its target market.

A

Altera

altera.hr

48

Altera is a Croatian company specializing in the rental and sale of tents and pagodas for weddings, corporate events, sports events, and fairs. With over 20 years of experience, the company positions itself as a reliable partner for outdoor event solutions, offering additional equipment and services to support event organization. The website is professionally designed using WordPress with the Avada theme and includes modern plugins such as Slider Revolution and Yoast SEO, indicating a mature digital infrastructure. Security measures include HTTPS enforcement, reCAPTCHA integration, and standard security headers, reflecting a good security posture. However, the absence of explicit privacy and terms of service policies suggests room for improvement in compliance and transparency. Overall, the website is trustworthy, content-rich, and well-optimized for SEO and mobile devices, supporting Altera's market presence in the hospitality and event services sector.

E

Europski socijalni fond

esf.hr

46

The website www.esf.hr serves as the official Croatian government portal for the European Social Fund (ESF), focusing on the development of human potentials through various social, employment, education, and governance projects. It provides comprehensive information about funding calls, project examples, and relevant documentation, targeting civil society organizations, cultural institutions, and social service providers. The site is well-positioned as a trusted government resource with consistent branding and clear navigation. Technically, the site is built on WordPress 5.1.19 with a modern tech stack including jQuery, Google Analytics, and SEO plugins. It demonstrates good mobile optimization and accessibility features, although performance is moderate. The hosting appears to be managed by CARNET, a Croatian academic network, aligning with the official nature of the site. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks advanced security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially addressed with a privacy policy and cookie notice, but lacks a full consent mechanism. Contact information is limited to a physical address without direct email or phone contacts. Overall, the website is a reliable and professional government platform with a strong business credibility score. Strategic improvements could focus on enhancing security headers, implementing cookie consent, and publishing security policies to strengthen trust and compliance.

M

Medical Research Council (MRC)

mrc.ac.uk

72

The Medical Research Council (MRC) is a UK government-funded research council operating under UK Research and Innovation (UKRI). It focuses on funding world-leading discovery and translational medical research to accelerate diagnosis, advance treatment, and prevent human illness. The website serves researchers, healthcare professionals, and policy makers by providing information on funding opportunities, research programs, and collaboration initiatives. The MRC holds a leading position in the UK's medical research funding landscape, offering fellowships and grants to support scientific advancement. Technically, the website is built on WordPress and leverages modern web technologies including Google Tag Manager, Google Analytics, Siteimprove Analytics, and Hotjar for performance and user behavior insights. It employs the GOV.UK design system ensuring accessibility and responsive design. The site is well-optimized for SEO and mobile devices, with a clear navigation structure and professional content presentation. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. While explicit security headers are not visible in the HTML, the overall security posture is good with no exposed sensitive data or vulnerable libraries detected. The WHOIS data is unavailable due to query failure, but the domain is consistent with official UK government domains, indicating high legitimacy. Overall, the MRC website demonstrates a strong digital maturity with excellent content quality, good technical implementation, and solid privacy compliance. It is a trustworthy and authoritative source for medical research funding information in the UK.

P

Public Library of Science (PLOS)

plosmedicine.org

72

PLOS Medicine is a leading open-access medical journal operated by the Public Library of Science, a reputable non-profit academic publisher based in the United States. The website serves as a platform for disseminating peer-reviewed medical research and commentary, targeting researchers, clinicians, and healthcare professionals globally. The business model focuses on open-access publishing, supported by article processing charges and institutional funding, positioning PLOS Medicine as a key player in the academic publishing industry. Technically, the website employs a modern technology stack including jQuery, Foundation framework, and integrates analytics and marketing tools such as Google Analytics, New Relic, and HubSpot. The site demonstrates good performance, mobile optimization, and accessibility, reflecting a mature digital infrastructure suitable for its audience. From a security perspective, the site enforces HTTPS, implements multiple security headers, and maintains secure cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a public vulnerability disclosure policy and incident response contact information suggests areas for improvement in transparency and security readiness. Overall, the website is professional, trustworthy, and compliant with privacy regulations including GDPR. The domain WHOIS data is privacy protected but consistent with the organization's branding and reputation. The risk profile is low, with recommendations focusing on enhancing security policies and disclosure practices to further strengthen trust and compliance.

COPE (Committee on Publication Ethics) is a well-established non-profit membership organization dedicated to promoting integrity in scholarly research and publication. Founded in 2008, it serves the global scholarly publishing community by providing guidance, tools, events, and forums to uphold ethical standards. The website reflects a professional and comprehensive digital presence with clear navigation, rich content, and a strong brand identity. Technically, the site is built on Drupal 10, uses Cloudflare DNS, and integrates modern analytics and consent management tools, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement, domain protection statuses, and bot mitigation via Google reCAPTCHA, though enabling DNSSEC and explicit security headers would enhance security further. Privacy compliance is robust, featuring a comprehensive cookie policy and consent mechanism aligned with GDPR requirements. Overall, the site demonstrates high professionalism, trustworthiness, and a commitment to ethical standards in scholarly publishing.

A

American College of Physicians

annals.org

65

Annals of Internal Medicine is a reputable medical journal published by the American College of Physicians, targeting healthcare professionals and researchers in internal medicine. The website offers a wide range of peer-reviewed articles, clinical guidelines, and educational content, positioning itself as a leading source in the medical publishing industry. The business model is primarily subscription-based with additional revenue from advertising and continuing medical education offerings. The site demonstrates consistent branding and a professional presentation aligned with its parent organization.

A

Aurora Colapis

aurora-experience.com

56

Aurora Colapis operates the Aurora River Experience, offering unique cultural and historic river boat tours on the traditional Žitna lađa Zora in Croatia. The business targets tourists and local groups seeking authentic river experiences, team building events, and private parties. The website is professionally designed using WordPress with WooCommerce and Elementor, integrating booking and e-commerce functionalities. The technical infrastructure is modern and includes Google Analytics and Ads for marketing and tracking. Security posture is adequate with HTTPS and reCAPTCHA, but lacks DNSSEC and some security headers. Privacy compliance is good with GDPR-aligned policies and cookie consent mechanisms. Overall, the business presents a trustworthy and niche tourism offering with solid digital presence.

N

Novena d.o.o.

novena.hr

52

Novena d.o.o. is a Croatian digital media studio specializing in multimedia solutions for cultural heritage, museums, interpretation centers, and tourist destinations. Established in 1997, the company offers a broad range of services including multimedia applications, web design and hosting, photo and video production, AR/VR, 3D modeling, and audio guides. Their market position is that of a specialized service provider with a focus on cultural and educational sectors. The website reflects a professional and consistent brand image targeting institutions and organizations in the cultural and tourism industries. Technically, the website uses a mix of legacy and modern JavaScript libraries such as jQuery, UIkit, Slick Carousel, and Splide.js, hosted behind Cloudflare. The site is HTTPS enabled with Google Analytics and reCAPTCHA integrated, indicating a moderate level of digital maturity. Performance and mobile optimization are adequate, though accessibility features are basic. SEO practices are implemented through meta tags and structured data. From a security perspective, the site benefits from HTTPS and anti-bot measures but lacks visible security headers and dedicated security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. Privacy compliance is weak due to the absence of privacy and cookie policies, which is a notable gap given GDPR requirements. Overall, the website is safe, professional, and trustworthy with a solid business foundation. However, improvements in privacy compliance and security best practices are recommended to enhance trust and regulatory adherence.

E

Exevio Ltd.

exevio.hr

55

Exevio Ltd. is a Croatian-based small technology company specializing in corporate IT solutions including web development, loyalty platforms, app and game development, and quality assurance services. Founded in 2013, the company positions itself as a quality-focused partner for businesses seeking tailored IT solutions. Their website reflects a professional and consistent brand image, supported by ISO 9001 and ISO 27001 certifications and EU funding partnerships, enhancing their credibility in the market. Technically, the website employs modern web technologies such as jQuery and integrates Google Analytics and Tag Manager for data insights. The site is mobile optimized with good SEO practices, though some improvements in accessibility and security headers could be made. Hosting details are limited but the domain is registered with NameCheap and secured with HTTPS. From a security perspective, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and visible security headers. No incident response or vulnerability disclosure policies are published, which could be improved to enhance trust. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website and business present a low-risk profile with strong business credibility and moderate technical maturity. Strategic improvements in security policies and technical hardening are recommended to further strengthen their posture.

F

Fakat

fakat.eu

41

Fakat is a Croatian event agency specializing in comprehensive ideation, organization, and production services for a wide range of events including campaigns, festivals, concerts, exhibitions, corporate events, conferences, and sports events. The company positions itself as a full-service partner offering turnkey solutions and hardware rental with professional staffing. The website is well-structured, professionally designed, and targets businesses and individuals seeking event management services. Technically, the site uses modern web technologies including HTML5, CSS3, JavaScript, jQuery, and the Gumby framework, with Google Analytics integrated for visitor tracking. However, there is no evidence of a CMS or hosting provider details. Security posture is moderate with no visible security headers or HTTPS verification, and privacy compliance is low due to missing privacy and cookie policies. Contact information is clearly presented, including company email and phone, along with active social media profiles. WHOIS data is unavailable due to EURid privacy policies, but no suspicious indicators are present. Overall, the site is functional and professional but would benefit from improved security and privacy compliance.

W

Westgate

westgate.hr

46

Westgate.hr is the official website of Westgate, the largest shopping center in Croatia. The site provides comprehensive information about retail stores, restaurants, entertainment options, and services available at the mall. It targets a broad audience including families and shoppers seeking a variety of brands and leisure activities. The website is built on modern web technologies such as Vue.js and Nuxt.js, integrating analytics and marketing tools like Google Analytics and Facebook Pixel to monitor user engagement and optimize marketing efforts. The design is professional, mobile-optimized, and offers clear navigation, enhancing user experience. Security measures include HTTPS enforcement and standard security headers, though explicit privacy and terms of service policies are not published, which is a compliance gap. Overall, the site is trustworthy and well-maintained, with room for improvement in privacy transparency and direct contact information for security or incident response.

S

Suzuki

suzuki.hr

49

Suzuki.hr is the official Croatian website representing Suzuki automobiles and motorcycles. The site provides information about Suzuki vehicles with a focus on affordability and quality, targeting general consumers interested in transportation solutions. The website is built on WordPress with modern SEO practices, including structured data and social media integration, indicating a moderate level of digital maturity. Cookie consent is managed via Cookiebot, demonstrating awareness of privacy compliance requirements. However, the absence of a privacy policy and contact information limits full compliance and user trust. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit incident response contacts. Overall, the site is legitimate and professionally maintained but would benefit from enhanced privacy and security disclosures.

T

Tokić d.d.

tokic.hr

52

Tokić d.d. is a leading regional distributor and retailer of auto parts and related equipment with over 35 years of tradition. The company operates a large network of physical stores across Croatia and Slovenia, complemented by a comprehensive online webshop. They also provide educational services through their certified training center and operate an Auto Check Center for vehicle servicing. The website reflects a mature business with a strong market position and a broad target audience including mechanics, drivers, and automotive enthusiasts. Technically, the site is built on WordPress with modern libraries and frameworks, offering good mobile optimization and SEO practices. Security posture is strong with HTTPS, reCAPTCHA integration, and cookie consent mechanisms, although some security headers could be improved. Privacy compliance is well addressed with clear policies and user consent. Overall, the website is professional, trustworthy, and well-aligned with the company's business model and market presence.

P

Primorsko-goranska županija

pgz.hr

56

Primorsko-goranska županija is the official regional government authority for the Primorsko-goranska County in Croatia. The website serves as a comprehensive portal for residents and stakeholders, offering information on administrative structure, ongoing projects, public calls, news, and official documents. It targets local citizens, businesses, and public entities, providing transparent access to government services and communications. The site is well-positioned as a trusted government resource with clear contact channels and certifications from recognized bodies such as Bureau Veritas and SGS. Technically, the website is built on WordPress with modern JavaScript libraries like Swiper and Flickity for interactive elements. It employs Google Analytics for visitor insights and uses cookie consent mechanisms compliant with GDPR. The site demonstrates good mobile optimization, accessibility features, and SEO practices, reflecting a mature digital infrastructure suitable for public sector needs. From a security perspective, the site enforces HTTPS with strong SSL configurations and includes standard security headers. It uses cookie consent banners and privacy policies aligned with GDPR requirements. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a dedicated security policy or incident response contact information, which could enhance its security posture. Overall, the website is a reliable, professional, and secure government platform with strong compliance and trust indicators. Strategic improvements in security transparency and incident response readiness would further strengthen its position and user trust.

T

Turistička Zajednica Varaždinske Županije

turizam-vzz.hr

52

The website turizam-vzz.hr serves as the official tourism portal for Varaždin County in Croatia, managed by the regional tourism board Turistička Zajednica Varaždinske Županije. It provides comprehensive information about local destinations, cultural heritage, accommodation options, events, and tourism offers, targeting tourists and visitors interested in exploring the region. The site is positioned as a regional governmental/non-profit entity focused on tourism promotion. Technically, the website is built on Joomla CMS using Bootstrap, jQuery, and other common web technologies. It features responsive design and moderate performance, with good SEO and basic accessibility features. The site employs HTTPS and includes a cookie consent mechanism, demonstrating awareness of GDPR requirements, though it lacks a clearly published privacy policy and terms of service. From a security perspective, the site uses HTTPS but lacks important security headers and does not publish security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the content. The domain registration data aligns well with the website's claims, indicating legitimacy and trustworthiness. Overall, the site is professional and trustworthy but could improve its security posture and privacy compliance documentation.

K

Karlovačka županija

kazup.hr

59

Karlovačka županija's official website serves as a comprehensive digital portal for the regional government of Karlovac County, Croatia. It provides citizens and stakeholders with access to administrative information, news updates, public tenders, open data, and contact details. The site is well-structured, professionally designed, and targets local residents and interested parties in the government sector. The business model is focused on public service and transparency, positioning the site as a trusted source of regional governmental information. Technically, the website is built on Joomla CMS with modern frameworks such as Helix Ultimate and SP Page Builder, incorporating Bootstrap and Font Awesome for responsive design and iconography. It integrates accessibility tools like UserWay and supports multilingual content via GTranslate. The site demonstrates good mobile optimization and SEO practices, with moderate performance characteristics. From a security perspective, the site enforces HTTPS, uses CSRF tokens in forms, and implements a cookie consent mechanism compliant with GDPR. While some security headers like Content-Security-Policy are not detected, the overall security posture is solid with no visible vulnerabilities or exposed sensitive data. The WHOIS data confirms the domain's legitimacy and long-term registration consistent with a government entity. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include enhancing security headers and maintaining up-to-date CMS and extensions to mitigate potential risks.

H

Hrvatski Telekom d.d.

putovanja.hr

43

Putovanja.hr is a well-established Croatian travel portal operated under the domain registered by Hrvatski Telekom d.d., a reputable Croatian telecommunications company. The website serves as an information hub for travelers, providing comprehensive travel advice, rights information, and a directory of UHPA members including travel agencies, hotels, and other tourism-related services. It targets tourists and travel professionals interested in Croatian and European travel. The site features a modern design with good navigation, mobile optimization, and integration of popular JavaScript libraries and Google Analytics for user tracking. Security-wise, the site uses HTTPS and implements a cookie consent banner, but lacks visible advanced security headers or explicit security policies. The WHOIS data confirms the domain's legitimacy and consistent registration details. Overall, the website demonstrates a solid business presence with moderate technical maturity and a good security posture.

Z

Zadar region tourist board

zadar.hr

61

The website www.zadar.hr serves as the official tourism portal for the Zadar region in Croatia, managed by the regional tourist board. It provides comprehensive information about destinations, experiences, events, and travel planning to attract and assist tourists. The site is well-positioned as an authoritative source for regional tourism, supported by a long-established domain and official Croatian registrars. Technically, the site uses modern web technologies including Vue.js and integrates popular analytics and tracking tools such as Google Analytics, Facebook Pixel, and TikTok Pixel. The site is mobile-optimized and offers a rich user experience with clear navigation and multilingual support. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers and explicit security policies are absent. Privacy and cookie policies are present with consent mechanisms, indicating GDPR compliance. Overall, the site is professional, trustworthy, and well-maintained, supporting the regional tourism business effectively.

P

Plus Hosting Grupa d.o.o.

opencity.hr

44

openCity Hrvatska is a Croatian public sector project aimed at promoting the opening of public sector data in line with EU standards. The website provides interactive visualizations to make public information easily understandable for citizens. The project targets Croatian government entities and the general public interested in transparent data access. The business model focuses on government data transparency and public engagement through digital tools. The website is relatively small in scale, founded in 2018, and hosted by Plus Hosting Grupa d.o.o. The content is primarily in Croatian and is professionally presented with good navigation and mobile optimization. Technically, the website uses modern web technologies including HTML5, CSS3, JavaScript, jQuery, CartoDB, and Leaflet for mapping. It integrates Google Analytics and Facebook SDK for analytics and social media engagement. Hosting is provided by a Croatian registrar consistent with the domain registration data. Performance is moderate with room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks important security headers and formal security policies such as incident response or vulnerability disclosure. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. The WHOIS data is consistent and indicates a legitimate registration aligned with the website's purpose. Overall, the website is functional and trustworthy for its niche but should improve privacy compliance and security best practices to enhance user trust and regulatory adherence.