Security Directory

V

Valvoline

valvoline.ee

51

Valvoline.ee is the Estonian localized website for Valvoline, a globally recognized lubricant and automotive chemical brand with a history dating back to 1866. The website presents product offerings primarily focused on lubricants, coolants, and maintenance chemicals targeting automotive, industrial, and motorsports sectors. The site demonstrates a moderate level of digital maturity with use of common JavaScript libraries and Google Analytics for tracking. However, it lacks visible privacy and cookie policies, contact information, and security headers, which are important for compliance and trust. The website is accessible without WAF or blocking mechanisms, indicating no access restrictions. Overall, the site is professionally designed with good content relevance but could improve in privacy compliance and security posture.

D

Dalmatia Storytelling

dalmatiastorytelling.com

43

Dalmatia Storytelling is a niche cultural tourism business founded in 2021, offering storytelling experiences in the Dalmatia region through interpretive guides, theatrical groups, and technology. The website is professionally designed using WordPress and Elementor, with multilingual support and a clear focus on cultural and travel audiences. The technical infrastructure is modern and includes popular libraries and frameworks, hosted by a reputable provider Hetzner Online GmbH. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is good with a comprehensive cookie policy and GDPR consent. Business credibility is supported by consistent branding and structured data.

M

MIN – MEĐIMURJE, INVESTICIJE, NEKRETNINE d.o.o.

medjimurje-nekretnine.hr

36

MIN – MEĐIMURJE, INVESTICIJE, NEKRETNINE d.o.o. is a Croatian limited liability company specializing in managing investments and real estate operations within the Međimurje County. The company operates with a clear regional focus, providing investment management, financial planning, and public procurement services. The website reflects a small-sized business with a stable market presence since 2008, targeting local investors and public entities. Technically, the website is built on WordPress 4.9.26 with common JavaScript libraries like jQuery and FancyBox, hosted on Totohost servers. While the site is accessible and functional, it uses outdated software versions that pose security risks. Security posture is moderate with HTTPS enabled but lacking modern security headers and updated components. Privacy compliance is partial, with a GDPR policy page present but no cookie consent mechanism. Overall, the website is trustworthy but would benefit from technical and security improvements to enhance resilience and compliance.

K

KIKE

konferencjakike.pl

45

KIKE is a Polish organization specializing in telecommunications industry conferences, focusing on infrastructure security, regulatory challenges, and digital transformation. The website promotes their upcoming conference in October 2025, targeting local telecom operators and industry stakeholders. The site is built on WordPress using a modern theme and plugins, with a moderate level of technical sophistication and good mobile optimization. Security posture is solid with HTTPS and reCAPTCHA integration, though some improvements in security headers and vulnerability disclosure are recommended. Privacy compliance is partial, lacking explicit cookie consent and GDPR policy statements. Overall, the website is professional and trustworthy, supporting KIKE's position as a reputable conference organizer in Poland.

The website www.knihkupectvipant.cz operates as an online bookstore specializing in books related to 20th century history and contemporary society, primarily targeting Czech-speaking audiences interested in educational content. The business supports educational initiatives and promotes its offerings through a structured e-commerce platform with clear navigation and product categorization. The site integrates modern web technologies including Bootstrap, jQuery, Google reCAPTCHA, Google Analytics, and Facebook Pixel to enhance user experience and marketing capabilities. Security measures include HTTPS and CAPTCHA for forms, but lack advanced security headers and explicit incident response policies. The absence of WHOIS data reduces domain trustworthiness, though the website content and business presentation appear professional and legitimate. Privacy and cookie policies exist but are basic, with limited GDPR compliance indicators. Contact information is limited to an email address and inquiry forms, with no phone or physical address disclosed. Overall, the site demonstrates a moderate level of digital maturity and security posture, suitable for a small specialized e-commerce business.

P

Positive Groupe France

sarbacane.com

66

Sarbacane, a brand under Positive Groupe France, is a well-established French company founded in 2007 specializing in digital marketing communication solutions. Their flagship offering, Sarbacane Suite, provides a comprehensive set of tools including email marketing, SMS campaigns, marketing automation, CRM, landing pages, chatbots, and transactional messaging APIs. The company targets businesses and organizations seeking to optimize their marketing efforts with a SaaS subscription model complemented by personalized consulting and support services. Sarbacane holds a strong market position as a leading French provider with recognized certifications and a consistent brand presence.

E

Eberspächer Gruppe GmbH & Co. KG

eberspaecher-karriere.de

66

Eberspächer Gruppe GmbH & Co. KG is a well-established international family-owned company in the automotive industry, founded in 1865 and headquartered in Germany. The company operates as a leading system developer and supplier, focusing on innovation and sustainable mobility solutions. Their career website targets a broad audience including students, experienced professionals, and leadership candidates, offering diverse career paths in engineering, IT, sales, production, logistics, and management. The site emphasizes corporate values such as diversity, inclusion, and social engagement, reinforcing their market position and employer brand. Technically, the website is built on TYPO3 CMS with modern web technologies including jQuery, Bootstrap, and Flexslider. It is hosted on Microsoft Azure DNS infrastructure, ensuring reliable performance and scalability. The site is mobile-optimized, accessible, and SEO-friendly, with proper meta tags and structured navigation. Consent management is implemented via Usercentrics, supporting GDPR compliance. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. However, security headers are not explicitly observed, and no public security policy or incident response contacts are provided. The WHOIS data aligns with the business claims, showing a consistent and transparent domain registration without privacy protection, appropriate for an enterprise entity. Overall, the website demonstrates a strong digital maturity with excellent content quality, good technical implementation, and solid privacy compliance. Strategic improvements could focus on enhancing security headers, publishing security policies, and establishing vulnerability disclosure channels to further strengthen trust and security posture.

E

Eberspächer Gruppe GmbH & Co. KG

eberspaecher.com

69

Eberspächer Gruppe GmbH & Co. KG is a well-established German automotive supplier specializing in exhaust technology, climate control systems, and automotive electronics. With a history spanning over 160 years, the company positions itself as a key player in clean and smart mobility solutions for the automotive industry. Their website reflects a professional and comprehensive corporate presence targeting automotive industry professionals and partners worldwide. The business model focuses on manufacturing and supplying components and systems to automotive OEMs and related sectors. Technically, the website is built on the TYPO3 CMS platform, utilizing modern JavaScript libraries such as jQuery and Bootstrap for responsive design and user experience. The site incorporates consent management via Usercentrics and Google Tag Manager for analytics and marketing. Performance and accessibility are good, with mobile optimization and SEO best practices implemented. However, some security headers are missing, and no explicit security policy or incident response information is publicly available. From a security perspective, the site enforces HTTPS and uses consent management, indicating a good baseline for privacy compliance. The absence of WHOIS data transparency is a notable concern, although the website content and branding strongly support legitimacy. No vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the security posture is solid but could be improved with additional headers and published policies. The overall risk assessment is moderate-low, with recommendations to enhance domain registration transparency, publish security policies, and implement a vulnerability disclosure program. These steps would strengthen trust and compliance, aligning with the company's professional image and industry standards.

F

Accueil

foire-montlucon.com

57

The website www.foire-montlucon.com represents a regional event organizer focused on the annual Montluçon fair held at the Parc des Expositions. It serves as a platform for approximately 300 exhibitors and targets both professionals and the general public. The site provides event information, exhibitor registration, visitor details, and thematic content for the fair. Technically, the site is built on the WebSee CMS platform and uses common JavaScript libraries such as jQuery, Jssor Slider, and Fancybox to enhance user experience. The site is mobile responsive and includes accessibility features such as skip links. Security-wise, the site uses cookie consent mechanisms and legal mentions indicating GDPR compliance, but lacks visible advanced security headers and the SSL configuration status is unknown. The WHOIS data is missing, which raises concerns about domain registration legitimacy, though the website content and professional presentation suggest a legitimate business. Overall, the site is functional and informative but would benefit from improved security practices and domain registration transparency.

MONEV is a French association established in 1928 that manages and owns the Parc des Expositions "Théophile Giraud" in Montluçon. It organizes a wide range of events including agricultural, cultural, commercial, and sporting activities. The organization emphasizes sustainable development, notably through a large photovoltaic solar panel installation on its premises. The website targets event organizers and the general public interested in regional exhibitions and fairs. The business model revolves around event management and venue rental, positioning MONEV as a key regional player in the exhibition and event sector. Technically, the website is built on the WebSee CMS platform and utilizes common JavaScript libraries such as jQuery, Jssor Slider, and Fancybox for interactive features. The site is moderately performant, mobile-optimized, and accessible, with basic SEO practices in place. However, there is no evidence of advanced analytics or tracking services, indicating a minimal user tracking approach. From a security perspective, the site uses HTTPS but lacks visible HTTP security headers and explicit security or privacy policies. Cookie consent is implemented, reflecting some privacy compliance. The absence of WHOIS data limits domain trust verification, but the website content and contact information appear legitimate and consistent with a regional association. No vulnerabilities or malicious content were detected. Overall, the website presents a professional and trustworthy front for MONEV's business activities, though improvements in security headers, privacy policies, and WHOIS transparency would enhance trust and compliance.

P

Purem GmbH

purem.com

69

Purem GmbH, a subsidiary of the Eberspächer Group, specializes in exhaust gas cleaning and acoustic systems aimed at enabling clean and quiet mobility for passenger cars and commercial vehicles. The company positions itself as a key player in the automotive supplier sector, focusing on innovative solutions to improve air quality and reduce noise emissions globally. The website reflects a professional and consistent brand image aligned with its parent company, targeting automotive industry stakeholders and environmentally conscious customers. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and includes consent management tools, indicating a mature digital infrastructure. Security posture is solid with HTTPS and consent mechanisms, though explicit security headers and incident response information are absent. The missing WHOIS data for the domain is a notable concern but is mitigated by the strong brand presence and external references to the reputable parent company. Overall, the site demonstrates good business credibility and technical implementation with room for improvement in transparency and security disclosures.

A

Ad Shop AB

glasmonter.se

53

Glasmonter.se is an established Swedish e-commerce business specializing in the sale of glass showcases and cabinets primarily targeting professional customers such as companies, schools, museums, and private individuals valuing high quality and functional products. The company operates under Ad Shop AB and has been active since 2003, offering delivery and assembly services alongside standard and custom products. The website demonstrates a solid market position with trust indicators including a high credit rating and a professional online presence. Technically, the site is built on ASP.NET Web Forms with common JavaScript libraries and includes modern tracking and marketing tools with GDPR-compliant consent mechanisms. Security posture is adequate with HTTPS and reCAPTCHA usage, though it lacks advanced security headers and published security policies. The absence of WHOIS data for the domain is a notable concern that impacts trustworthiness and should be investigated further. Overall, the site provides a good user experience with clear business information and no adult or questionable content.

A

A.D Shop AB

morework.se

53

Morework.se is an established Swedish e-commerce business specializing in material handling, carts, and storage solutions for workplaces. It operates under the parent company A.D Shop AB and has been active since 2006, offering a broad product range with a focus on quality and fast delivery. The website targets business customers needing reliable workplace equipment and storage products. Technically, the site is built on a custom ASP.NET platform using mature JavaScript libraries and integrates Google reCAPTCHA for form security. Analytics and marketing tools such as Google Analytics, Google Ads, and LiveChat are employed to enhance user engagement and track performance. Security posture is solid with HTTPS and form protections, though improvements in HTTP security headers are recommended. The WHOIS data for the www subdomain is missing, but the overall business legitimacy is supported by consistent branding, contact information, and a strong credit rating. Privacy compliance is addressed with a GDPR-compliant privacy policy and cookie consent mechanisms.

A

A.D Shop AB

more.nu

56

More.nu is a Swedish retail and manufacturing business specializing in store fixtures, glass showcases, wall systems, mannequins, and office furniture. It operates as part of A.D Shop AB, targeting retail businesses and office environments with a focus on quality products and direct import. The website is professionally designed with clear navigation and mobile optimization, supporting multiple customer interaction forms protected by Google reCAPTCHA. Technically, the site uses ASP.NET WebForms with common JavaScript libraries, though some libraries are outdated. Security posture is moderate with HTTPS enabled and CAPTCHA protection but lacks advanced security headers and uses older jQuery versions. Privacy compliance is basic with a cookie consent banner and privacy policy present. The domain WHOIS data is missing, which reduces trust from a domain registration perspective but the website content and business information are consistent and professional.

V

Verband Schweizer Plastic Recycler (VSPR)

plasticrecycler.ch

51

The Verband Schweizer Plastic Recycler (VSPR) is a Swiss non-profit association serving as the competence center for plastic recycling in Switzerland. It connects municipalities, collection systems, and recycling companies to promote sustainable, high-quality plastic recycling and circular economy principles. The website reflects a strong commitment to sustainability, quality assurance, and transparency, supported by a monitoring and licensing system that awards a quality label to certified collection systems. The target audience includes municipalities, industry partners, and the general public interested in environmental sustainability within Switzerland. Technically, the website is built on WordPress with modern JavaScript libraries such as jQuery, Slick Carousel, LazyLoad, and Fancybox. It employs multilingual support via Weglot and integrates Google reCAPTCHA for form security. Cookie consent is managed through the Complianz GDPR plugin, ensuring compliance with European privacy regulations. The site is well-optimized for mobile devices and demonstrates good SEO practices. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms. Email addresses are obfuscated to prevent scraping. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly configured, representing an area for improvement. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional, trustworthy, and compliant digital presence for the VSPR. It effectively communicates its mission and services while maintaining good technical and security standards. Strategic recommendations include enhancing security headers, fixing minor image loading issues, and publishing a formal security policy or incident response contact to further strengthen trust and compliance.

S

Star Casino Group

cecpraha.cz

64

Star Casino Group is a prominent operator of casino and gaming venues in the Czech Republic, boasting over 50 physical locations and an online casino platform. The company emphasizes fair play and has a long operational history exceeding 25 years. Their target audience is adults interested in gambling and casino entertainment. The website is professionally designed with good navigation and mobile optimization, leveraging modern JavaScript libraries and Google Maps integration for location services. Security-wise, the site enforces HTTPS, includes age verification, and manages cookie consent in compliance with GDPR. However, the absence of explicit privacy policy and terms of service pages, as well as missing WHOIS registration data, slightly detracts from overall trustworthiness. The company provides clear contact information and an ethical whistleblower program, indicating a commitment to compliance and corporate governance.

C

CEC Praha a.s.

starcasinopetrovice.cz

9

Star Casino Petrovice is a regional casino operator in the Czech Republic, offering live table games such as poker, blackjack, and roulette, alongside a wide selection of modern VLT slot machines. The casino operates 24/7 with free entry and is located conveniently next to a shopping center with parking. The business is operated by CEC Praha a.s., a registered company with licensing from the Czech Ministry of Finance. The website demonstrates a moderate level of digital maturity, using modern JavaScript libraries and multimedia content to engage visitors. Security measures include HTTPS, CSRF tokens, and age verification, but lack some advanced security headers and explicit privacy policy pages. Overall, the site is professional and trustworthy but would benefit from enhanced security and compliance documentation.

A

American Chamber of Commerce in Croatia

amcham.hr

69

The American Chamber of Commerce in Croatia is a well-established non-profit organization founded in 1999, serving as the leading international business advocacy group in Croatia. The website reflects its role as a membership organization providing advocacy, networking events, business delegations, and public policy representation. The content is professionally presented in Croatian and English, targeting business professionals and international companies. The organization maintains a strong market position as a trusted voice for international businesses in Croatia.

I

Interreg MED Programme

interreg-med.eu

48

The Interreg MED Programme website represents a European transnational cooperation initiative focused on sustainable growth in the Mediterranean region. It serves as an information and project support portal for 13 European countries collaborating on innovative and resource-conscious projects. The site targets public sector entities, project partners, and stakeholders involved in regional development. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and includes privacy-conscious analytics via Matomo and a robust cookie consent mechanism. Security posture is solid with HTTPS and RSA encryption for login forms, though it lacks explicit published security policies and advanced HTTP headers. Overall, the site is professional, well-structured, and trustworthy, with a clear focus on transparency and compliance. Strategic recommendations include enhancing security disclosures and incident response readiness to further strengthen trust and compliance.

F

Forum Veranstaltungswirtschaft

forumveranstaltungswirtschaft.org

45

Forum Veranstaltungswirtschaft is a coalition of six major German event industry associations aiming to unify lobbying efforts and increase political influence. The website serves as an information hub for industry news, events, and publications, targeting professionals and policymakers in the event sector. Technically, the site is built on WordPress with modern plugins and frameworks, showing good digital maturity and mobile optimization. Security posture is adequate with HTTPS and domain protections but lacks advanced DNS security and explicit security policies. Overall, the site is professional and trustworthy but could improve privacy and security disclosures.

S

SPIRIT MEDICAL spol. s r.o.

spiritmedical.cz

54

SPIRIT MEDICAL spol. s r.o. is a specialized healthcare company focused on the distribution and servicing of micro-surgical medical products, primarily for ophthalmology. The company targets medical professionals and ophthalmology specialists, offering a niche portfolio of products and services. Their market position is that of a specialized supplier with a professional online presence and active social media engagement. The website is well-structured, professionally designed, and optimized for SEO, reflecting a mature digital presence. Technically, the website is built on WordPress with WooCommerce, leveraging modern libraries such as Bootstrap, jQuery, and various plugins for SEO, analytics, and GDPR compliance. The site is mobile-optimized and performs moderately well, with good accessibility and SEO features. Analytics are implemented via Google Analytics and MonsterInsights, with a cookie consent mechanism in place. From a security perspective, the site enforces HTTPS and uses cookie consent but lacks visible security headers and a published privacy policy, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data reduces transparency and slightly impacts trustworthiness, though the website content and business information appear legitimate. Overall, the website presents a professional and trustworthy front for a small healthcare business, with room for improvement in privacy policy publication and security header implementation to enhance compliance and security posture.

VšĮ Respublikinė Panevėžio ligoninė is a well-established public healthcare institution in Lithuania, founded in 2007. It provides a broad range of medical services including consultations, diagnostics, treatment, and rehabilitation, serving patients primarily in the Panevėžys region. The website reflects a professional and comprehensive digital presence with clear navigation, multilingual support, and extensive patient education resources. The institution maintains active communication channels including email, phone, and social media platforms, enhancing accessibility and engagement with its audience. The business model is focused on public healthcare service delivery, supported by government and healthcare partners.

V

VšĮ Vilniaus universiteto ligoninė Santaros klinikos

santa.lt

43

VšĮ Vilniaus universiteto ligoninė Santaros klinikos is a leading university hospital in Lithuania providing comprehensive healthcare services including emergency care, specialist consultations, pediatric and adult treatments, and biomedical research. The institution is well-established with a founding date of 1998 and maintains a strong online presence with professional content and clear patient-oriented information. The website demonstrates a moderate to high level of digital maturity, utilizing modern web technologies such as jQuery, Swiper.js, and Google reCAPTCHA to enhance user experience and security. Privacy and cookie policies are clearly presented and GDPR compliant, reflecting a commitment to data protection. Security posture is good with HTTPS enforced and bot protection in place, though some security headers are missing and no explicit vulnerability disclosure or incident response contacts are published. Overall, the website is trustworthy, professional, and safe for general audiences, supporting the hospital's mission and services effectively.

M

Mizuho OSI

mizuhosi.com

63

Mizuho OSI is a specialized healthcare company focused on manufacturing and supplying surgical tables and pressure management products primarily for orthopedic and spine surgeons. With over 40 years of industry presence, the company offers a range of surgical tables, positioning accessories, and related products designed to improve patient outcomes. The website reflects a mature digital presence built on WordPress with WooCommerce, incorporating modern web technologies and compliance mechanisms such as GDPR cookie consent. Security posture is solid with HTTPS and security headers, though the absence of a public security policy and incident response information suggests room for improvement. The missing WHOIS data raises concerns about domain legitimacy, warranting further verification. Overall, the website is professional, user-friendly, and compliant with privacy regulations, targeting healthcare professionals and institutions.

The website www.akai.ch represents the Ausgleichskasse Appenzell Innerrhoden, a regional government social insurance institution in Switzerland. It provides essential social security services including old-age, disability, unemployment insurance, and family allowances. The site targets residents and businesses in the Appenzell Innerrhoden canton, offering information, forms, and e-portals related to social insurance. The business model is public sector focused, serving as a trusted intermediary for social insurance administration. Technically, the website is built on the Contao Open Source CMS platform, utilizing modern JavaScript libraries such as jQuery, Swiper, and Lottie for enhanced user experience. The site is mobile optimized with good navigation and SEO practices, though accessibility features are basic. Performance is moderate with no critical technical issues detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks important security headers and does not provide a privacy or cookie policy, which are compliance gaps. There is no visible incident response or vulnerability disclosure information. The WHOIS data aligns well with the website’s claims, indicating legitimacy and trustworthiness. Overall, the website is professional, trustworthy, and serves its public sector function well. Strategic improvements include adding privacy and cookie policies, implementing security headers, and publishing incident response contacts to enhance compliance and security posture.

M

Morekontor

morekontor.se

10

Morekontor is a Swedish e-commerce retailer specializing in office furniture and related services such as delivery, assembly, and office interior design. The company has been operating online since 2004 and targets business customers primarily in Sweden. The website presents a professional and comprehensive catalog of products with clear navigation and customer service information. Technically, the site is built on ASP.NET WebForms with modern JavaScript libraries and integrates multiple marketing and analytics tools including Google Analytics, Facebook Pixel, and InMobi advertising. Security posture is strong with HTTPS, security headers, and reCAPTCHA usage, although no explicit security or incident response policies are published. The absence of WHOIS data for the domain www.morekontor.se raises questions about domain registration legitimacy, but the website content and business information appear consistent and trustworthy. Overall, the site demonstrates good digital maturity and business credibility with room for improvement in transparency and domain registration verification.

M

Ministarstvo rada, mirovinskog sustava, obitelji i socijalne politike

mrms.hr

54

The website represents the official online presence of the Croatian Ministry of Labour, Pension System, Family and Social Policy. It serves as a comprehensive information portal for Croatian citizens and stakeholders regarding labor laws, social welfare programs, pension regulations, and family policies. The site is well-positioned as a government resource, providing authoritative content and official communications. The target audience includes citizens, social service users, and public sector employees. Technically, the website employs a traditional web stack with jQuery, Modernizr, and various UI libraries such as Fancybox and Owl Carousel. It uses HTTPS with Google Analytics for visitor tracking, and includes cookie consent mechanisms compliant with GDPR. The site demonstrates good mobile optimization and accessibility features, though some libraries like jQuery are outdated, which could pose security risks. From a security perspective, the site enforces HTTPS and has implemented cookie consent, but lacks visible security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data is unavailable due to GDPR privacy restrictions, but the domain is a government .gov.hr domain, indicating high legitimacy. Overall, the website is a trustworthy and professional government portal with good content quality and privacy compliance. Strategic improvements include updating technical libraries, enhancing security headers, and publishing security policies to strengthen trust and resilience.

A

AUREA INVEST, a.s.

betonserver.cz

40

BetonServer.cz is a well-established Czech industry portal specializing in concrete and related construction materials and services. Operating since 1999 under the company AUREA INVEST, a.s., it offers a comprehensive directory of companies, categorized listings, industry news, and advertising opportunities tailored to construction professionals and suppliers in the Czech Republic. The portal serves as a key resource for locating concrete producers, prefabricate manufacturers, material suppliers, and recycling centers, positioning itself as a leading niche platform in its market. Technically, the website employs a modern JavaScript stack including jQuery, Select2, Fancybox, and MapLibre GL JS for interactive maps, alongside Google Analytics for user tracking. The site is mobile-optimized with responsive design and uses HTTPS for secure content delivery. However, no explicit CMS or security frameworks are identified, and some standard security headers appear to be missing. From a security perspective, the site shows good baseline practices such as HTTPS usage and no exposed sensitive data. Yet, it lacks visible privacy and cookie policies, security incident response contacts, and vulnerability disclosure mechanisms, which are important for compliance and trust. The domain WHOIS data is consistent with the business claims, showing a long-standing registration since 1999, reinforcing legitimacy. Overall, BetonServer.cz is a credible and professionally maintained portal with solid business credibility and technical implementation. To enhance its security posture and privacy compliance, it should implement explicit privacy and cookie policies, add security headers, and provide incident response information. These improvements will strengthen user trust and regulatory adherence.

W

Wirtschaftsförderungsgesellschaft der Elektrohandwerke mbH (WFE)

wfe-shop.de

43

The WFE-Shop is a specialized B2B e-commerce platform serving the electrical trade sector in Germany. It provides essential work materials such as digital and print protocols, calculation aids, technical and business literature, and promotional items tailored for electrical craftsmen and Innungsmitglieder (guild members). The platform is positioned as a niche leader supporting the electrical trade community with targeted products and services. Technically, the website is built on the Magento platform, leveraging common JavaScript libraries and integrating Google reCAPTCHA and Usercentrics for security and privacy compliance. While the site demonstrates good content quality, navigation, and GDPR compliance, there are areas for security enhancement, notably updating outdated libraries and implementing security headers. Overall, the site is professional, trustworthy, and well-aligned with its business objectives.

Základní škola, Praha 10, Křimická 314 is a Czech primary school focused on extended language education, offering English from first grade and German from sixth grade. The school provides various facilities including computer labs, a library, sports facilities, and a modern training kitchen. It actively participates in language and sports competitions and maintains partnerships with institutions abroad. The website serves as a communication platform for students, parents, and staff, featuring blogs, event calendars, and document archives. Technically, the site uses a modern tech stack with popular JavaScript libraries and CSS frameworks, built on the Vitalex CMS platform. Security posture is moderate with HTTPS and cookie consent implemented, but lacks advanced security headers and explicit security policies. The absence of WHOIS data reduces domain trust but the website content and contact details indicate a legitimate educational institution. Overall, the site is well-designed, mobile-optimized, and provides relevant content for its audience.

C

Cortusa Group s.r.o.

cortusa.cz

53

Cortusa Group s.r.o. is a small regional real estate developer based in the Czech Republic, specializing in residential housing projects near Plzeň. The company emphasizes affordable, modern, and energy-efficient homes with a focus on customer satisfaction and proximity to nature. Their website reflects a professional approach with clear contact information, project showcases, and financing options. Technically, the site uses modern JavaScript libraries and tracking tools such as Google Analytics and CookieScript for consent management, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS implied, but lacks visible advanced security headers and explicit security policies. The absence of WHOIS data due to privacy protection slightly reduces trust but is common for small businesses. Overall, the website is safe, compliant with GDPR, and presents a trustworthy business front.

B

Úvod

bonavitabody.cz

45

Bonavita.cz operates as a loyalty program platform primarily targeting consumers in the Czech Republic. The website facilitates the collection of loyalty points through a dedicated mobile application and allows users to redeem these points for rewards. The business model centers on incentivizing customer engagement and repeat purchases through partnerships with various retail brands. The site demonstrates a consistent brand presence and integrates social media channels to enhance user engagement. From a technical perspective, the website employs a modern frontend technology stack including Bootstrap 4.3.1, jQuery, Google reCAPTCHA v3, and various UI enhancement libraries such as Slick Carousel and AOS. The site is mobile-optimized and includes basic SEO and accessibility features. SSL is properly configured, ensuring secure communications. Security posture is moderate with HTTPS enforced and bot protection via reCAPTCHA. However, the absence of advanced security headers and explicit security policies indicates room for improvement. Privacy compliance is addressed through a cookie consent mechanism and a basic cookie policy page, aligning with GDPR requirements. No direct company contact emails or phone numbers are provided, which may impact user trust and support accessibility. Overall, the website presents a legitimate and functional loyalty program platform with a moderate security and privacy posture. The lack of WHOIS data due to privacy protection is common for small businesses and does not raise immediate concerns. Strategic enhancements in security headers, accessibility, and transparent contact information would strengthen the platform's trustworthiness and compliance.

O

Obiteljsko Poljoprivredno Gospodarstvo Damjanić Ivan

damjanic.eu

45

Damjanić Wines is a small family-owned winery based in Fuškulin near Poreč, Croatia, with a long tradition dating back to the early 18th century. The company produces a variety of wines and olive oil, offers wine tastings by appointment, and operates a webshop for direct sales. Their market position is that of a leading regional winery in Istria, targeting wine consumers, tourists, and distributors. The website is multilingual and professionally designed to support their business model and customer engagement. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and various frontend libraries. Hosting is provided by a Croatian hosting company, and the site uses HTTPS with a cookie consent mechanism to comply with GDPR. Performance and mobile optimization are good, though accessibility features are basic. SEO is well implemented with proper meta tags and structured data. From a security perspective, the site enforces HTTPS and uses cookie consent banners but lacks advanced security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the business information, indicating a legitimate and trustworthy domain. Overall, the website presents a professional and trustworthy online presence for a small winery business, with good privacy compliance and moderate security posture. There are opportunities to enhance security headers and incident response information to further improve trust and compliance.

T

TNX s.r.l.

avatable.com

48

AVATABLE is a specialized SaaS provider offering a comprehensive restaurant booking management system integrated with a website solution. The company, TNX s.r.l., targets restaurants, pizzerias, fast food outlets, and event organizers primarily in Italy. Their platform includes a booking engine, table and room management, digital menus, CRM capabilities, marketing automation, and delivery integration. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content for its target audience. Technically, the site uses modern web technologies including jQuery, Bootstrap, and various JavaScript libraries, with good SEO and performance characteristics. Security posture is solid with HTTPS enforced and no obvious vulnerabilities, though explicit security headers and incident response policies are absent. Privacy and cookie policies are present and GDPR compliant. WHOIS data is missing, which reduces trust slightly but the overall business presence and content quality support legitimacy.

O

Ordinalo

ordinalo.net

52

Ordinalo is an Italian-based software service provider specializing in take away and food delivery management solutions for restaurants and food businesses. The company offers a comprehensive SaaS platform including a website, mobile apps for Android and iOS, order management, delivery rider coordination, digital menus with QR codes, and marketing tools such as push notifications. Ordinalo positions itself as a niche player enabling restaurants to disintermediate from large food delivery platforms and build direct customer relationships. The website is professionally designed, content-rich, and targets small to medium-sized food service businesses in Italy. Technically, the site uses modern web technologies and integrates analytics and tracking tools, but lacks some advanced security headers and a published security policy. The WHOIS data is unavailable, which slightly reduces domain trustworthiness, but the overall business credibility is supported by clear contact information, client logos, and active social media presence. Privacy and cookie policies are implemented with consent mechanisms, indicating GDPR awareness. Overall, Ordinalo presents a solid digital presence with room for security and compliance improvements.

S

Suzuki

suzuki.hr

49

Suzuki.hr is the official Croatian website representing Suzuki automobiles and motorcycles. The site provides information about Suzuki vehicles with a focus on affordability and quality, targeting general consumers interested in transportation solutions. The website is built on WordPress with modern SEO practices, including structured data and social media integration, indicating a moderate level of digital maturity. Cookie consent is managed via Cookiebot, demonstrating awareness of privacy compliance requirements. However, the absence of a privacy policy and contact information limits full compliance and user trust. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit incident response contacts. Overall, the site is legitimate and professionally maintained but would benefit from enhanced privacy and security disclosures.

T

Tokić d.d.

tokic.hr

52

Tokić d.d. is a leading regional distributor and retailer of auto parts and related equipment with over 35 years of tradition. The company operates a large network of physical stores across Croatia and Slovenia, complemented by a comprehensive online webshop. They also provide educational services through their certified training center and operate an Auto Check Center for vehicle servicing. The website reflects a mature business with a strong market position and a broad target audience including mechanics, drivers, and automotive enthusiasts. Technically, the site is built on WordPress with modern libraries and frameworks, offering good mobile optimization and SEO practices. Security posture is strong with HTTPS, reCAPTCHA integration, and cookie consent mechanisms, although some security headers could be improved. Privacy compliance is well addressed with clear policies and user consent. Overall, the website is professional, trustworthy, and well-aligned with the company's business model and market presence.

T

TNX s.r.l.

tnx.it

50

TNX s.r.l. is an established Italian technology company specializing in custom software development, web design, e-commerce solutions, and digital marketing services. Founded in 1999 and based in Poggibonsi, Siena, TNX serves over 8000 clients across Italy, positioning itself as a reliable and experienced partner for businesses seeking digital transformation and online presence enhancement. Their portfolio includes proprietary products such as Ordinalo, Invoicex, Avatable, and Ekeepup, indicating a diversified product offering tailored to various business needs. The company emphasizes long-term client relationships and a talented team of developers, designers, and marketing experts.

B

BitWave Consulting s.r.o.

pohorelicko.cz

49

Pohořelicko.cz is a regional online portal operated by BitWave Consulting s.r.o., serving the Pohořelicko region in the Czech Republic. The portal offers a comprehensive range of services including regional news, event calendars, job listings, classifieds, real estate offers, and a business directory. It targets local residents and businesses, aiming to support community engagement and regional development. The website is part of a larger network of regional portals, enhancing its reach and relevance. Technically, the website employs a modern technology stack featuring Bootstrap 4.5.3, jQuery, Google Tag Manager, and Google reCAPTCHA, ensuring a responsive and interactive user experience. The site is mobile-optimized and includes SEO best practices such as meta tags and Open Graph data. Performance is moderate, with room for optimization. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms compliant with GDPR. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not evident, suggesting an area for improvement. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the portal demonstrates a solid digital presence with good content quality and privacy compliance. The absence of WHOIS data limits domain trust assessment, but the professional presentation and operational features indicate a legitimate and functional regional service.

M

Magic.Res GmbH

magicres.de

52

Magic.Res GmbH operates a specialized web-based Computer Reservation System (CRS) with integrated price comparison functionalities tailored for the European tourism market. Their platform serves travel agencies, tour operators, and related service providers by aggregating and enabling booking of diverse tourist products. The company positions itself as a niche technology provider with a focus on efficiency and comprehensive content delivery for travel professionals. Technically, the website employs established web technologies including jQuery and Bootstrap, delivering a moderately performant and mobile-optimized user experience. The site structure is clear and professional, though it lacks advanced SEO and accessibility features. No CMS is detected, indicating a custom or lightweight solution. From a security perspective, the site uses HTTPS but lacks visible security headers and cookie consent mechanisms, which are important for GDPR compliance and modern web security best practices. No incident response or security policy information is publicly available, and no vulnerability disclosure or security.txt files are found. WHOIS data is minimal but consistent with the business location and domain usage. Overall, the website presents a professional and trustworthy business front with moderate technical maturity and some gaps in security and privacy compliance. Strategic improvements in security headers, privacy mechanisms, and contact transparency would enhance trust and compliance.

S

STABILITA, d.d.s., a.s.

stabilita.sk

49

STABILITA, d.d.s., a.s. is a Slovak financial services company specializing in supplementary pension savings under the third pillar system. With over 20 years of market presence, it offers a range of pension funds and investment advisory services, targeting Slovak residents preparing for retirement. The website reflects a mature digital presence with dedicated portals for participants, employers, and beneficiaries, and provides comprehensive information about its funds and services. The company maintains a strong market position as a trusted pension fund provider in Slovakia. Technically, the website employs a modern JavaScript stack including jQuery, Chart.js, and various UI libraries, alongside analytics and marketing tools such as Google Tag Manager, Hotjar, and Facebook Pixel. The site is mobile-optimized and features a detailed cookie consent mechanism compliant with GDPR. Performance is moderate with good SEO and accessibility basics. From a security perspective, the site enforces HTTPS and uses Google reCAPTCHA to mitigate bot attacks. Cookie consent is granular and user-friendly. However, explicit security headers and a published security policy or incident response contacts are not evident, representing areas for improvement. No critical vulnerabilities or suspicious content were detected. Overall, the website demonstrates a solid security posture and compliance with privacy regulations, supporting the company’s credibility. Strategic enhancements in security transparency and accessibility could further strengthen trust and user experience.

P

PERSKIMEDIA Szymon Perski

chb14.pl

56

CHB14 is a modern office building located in Kraków, Poland, offering high-standard office spaces with flexible layouts across five floors. The business targets companies seeking premium office rental spaces with amenities such as 24/7 security, underground parking, and energy-efficient solutions. The website reflects a professional real estate leasing business with a clear market position in the Kraków commercial property sector. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates SEO and analytics tools such as Yoast SEO and Google Analytics. Security posture is good with HTTPS and reCAPTCHA usage, though improvements in DNSSEC and security headers are recommended. Privacy compliance is strong with comprehensive cookie and privacy policies and a consent mechanism. Overall, the website is trustworthy, well-designed, and suitable for its business purpose.

D

DOLS-výroba Dveří, Oken, Listovních Schránek, a.s.

parcel-boxy-dols.cz

57

The website www.parcel-boxy-dols.cz represents a Czech manufacturing company specializing in the production and sale of high-quality parcel boxes and mailboxes. The company offers a variety of products including wall-mounted, built-in, and free-standing parcel boxes, as well as mailboxes equipped with additional features such as doorbells and video modules. Their target audience includes homeowners, apartment complexes, and developers. The business model is focused on manufacturing and e-commerce sales, positioning the company as a reputable local manufacturer with a comprehensive product portfolio. Technically, the website employs a custom e-commerce platform (Shopion.cz) and utilizes common JavaScript libraries such as jQuery, bxSlider, and Fancybox. The site is mobile-optimized with good SEO practices and a moderate performance profile. Privacy and cookie policies are implemented with a consent mechanism, reflecting GDPR compliance. However, no explicit security headers or incident response information are present, which could be improved. From a security perspective, the site uses HTTPS with a good SSL configuration and no visible vulnerabilities or exposed sensitive data. The absence of WHOIS data for the domain reduces trustworthiness and raises questions about domain registration legitimacy. No WAF or blocking mechanisms were detected, and the site content is fully accessible and safe for general audiences. Overall, the website is professional and trustworthy in terms of business presentation and privacy compliance but would benefit from enhanced security headers, incident response disclosures, and verification of domain registration details to improve legitimacy and security posture.

K

KORTAN poštovní schránky s.r.o.

kortan.cz

44

KORTAN poštovní schránky s.r.o. is a Czech family-owned business specializing in the manufacture, sale, and installation of postal mailboxes and mailbox assemblies for residential buildings and family homes. Established in 1995, the company has a strong market presence with over 1000 completed projects across the Czech Republic and Slovakia. Their services include custom design, production, installation, and removal of old mailboxes, supported by additional masonry and drywall work, positioning them as a comprehensive service provider in their niche. The website reflects a professional and consistent brand image with clear contact information and trust signals such as ISO 9001 certification.

LETOV AIR s.r.o. is a small, dynamically growing private aviation company based in the Czech Republic, offering a broad range of aviation services including air transport, pilot training, aircraft maintenance, and sales. The company emphasizes compliance with aviation regulations such as PART 145 and CAMO management, positioning itself as a professional service provider in the regional aviation market. The website content is relevant and informative, targeting general aviation clients and enthusiasts. Technically, the website employs legacy JavaScript libraries like jQuery and Fancybox, with Google Analytics integrated for user tracking. The site shows basic mobile optimization and accessibility but lacks modern responsive design and advanced SEO features. Security measures are minimal, with no visible HTTPS enforcement or security headers, though a cookie consent banner and email obfuscation are implemented to enhance privacy. From a security perspective, the absence of WHOIS data limits domain trust verification, and the lack of HTTPS and security headers presents vulnerabilities. No privacy policy or terms of service pages are published, which may impact compliance with GDPR and other regulations. The overall risk is moderate, with recommendations to improve security posture, privacy compliance, and technical modernization to enhance trust and user experience.

C

Czech Airlines Technics, a.s.

csatechnics.com

55

Czech Airlines Technics, a.s. is a medium-sized, established provider of aircraft maintenance and technical services based in the Czech Republic. The company offers a comprehensive range of services including base and line maintenance, landing gear overhaul, component maintenance, structural repairs, and CAMO support, targeting airlines and aviation operators. Their market position is supported by a decade-plus domain age and a professional web presence. Technically, the website employs modern JavaScript libraries, Google Tag Manager, and Cookiebot for privacy compliance, reflecting a moderate to good digital maturity. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers and DNSSEC are missing. Overall, the site is trustworthy, well-branded, and compliant with GDPR requirements. Recommendations include enhancing security headers, publishing incident response policies, and enabling DNSSEC to further strengthen trust and security.

T

Tina Kadoic

tinakadoic.com

50

Tina Kadoic is a freelance filmmaker specializing in capturing dance, movement, and action, with a strong focus on creating dynamic dance visuals. The website positions Tina as an experienced professional with 13 years in the industry and a portfolio that includes work for major brands. The business model is service-oriented, targeting artists, creators, and dance studios needing specialized video content. The site is well-branded, visually appealing, and integrates multimedia content effectively to showcase expertise. Technically, the website is built on WordPress using popular plugins such as Yoast SEO and WPBakery Page Builder, ensuring good SEO and content management capabilities. The site is mobile-optimized and performs moderately well, though there is room for improvement in accessibility and security headers. Hosting and domain registration are stable and consistent with the business claims. From a security perspective, the site uses HTTPS with a valid SSL certificate and has domain transfer protections enabled. However, DNSSEC is not enabled, and no advanced security headers were detected. There is no explicit security or incident response policy published, which could be improved to enhance trust and compliance. Overall, the website presents a professional and trustworthy image with strong business credibility and good privacy compliance. Strategic improvements in security practices and explicit policy disclosures would further strengthen the security posture and user trust.

M

Ministarstvo unutarnjih poslova Republike Hrvatske

mup.hr

10

The Ministry of the Interior of the Republic of Croatia operates the official government website mup.gov.hr, providing authoritative information and services related to internal affairs, police operations, and citizen support. The website serves a broad audience including Croatian citizens, residents, media, and international visitors seeking official updates and resources. It maintains a strong market position as the primary government entity responsible for internal security and public safety in Croatia. Technically, the website employs a modern technology stack including Google Analytics, Google Tag Manager, Facebook Pixel, and JavaScript libraries such as Galleria and Fancybox for enhanced user experience. The site is mobile-optimized and accessible, with a clear navigation structure and professional design. Privacy compliance is robust, featuring a comprehensive privacy policy, cookie consent mechanisms, and GDPR adherence. From a security perspective, the site enforces HTTPS and uses tracking consent banners, but lacks visible security headers in the HTML source. No critical vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data is due to GDPR privacy protections, which is typical for government domains. Overall, the domain and website exhibit high legitimacy and trustworthiness. The overall risk assessment is low, with recommendations to enhance security headers, publish a formal security policy, and consider a vulnerability disclosure mechanism to further strengthen security posture and transparency.

OpenPandora GmbH operates a niche technology business focused on the development and support of the Pandora handheld device, a Linux-based portable gaming and productivity computer. The company maintains a dedicated community and software ecosystem, positioning itself as a leader in open handheld gaming devices. The website provides detailed product information, community links, and contact details, reflecting a small but focused business with a loyal user base. Technically, the website uses legacy JavaScript libraries and lacks modern security headers and privacy policies, indicating areas for improvement in digital maturity. Security posture is moderate with domain registration legitimacy but missing DNSSEC and security best practices. Overall, the website is professional and content-rich but requires enhancements in privacy compliance and security to meet modern standards.