Security Directory

D

Danske Bank A/S Lithuania branch

danskebanka.lv

69

Danske Bank A/S Lithuania branch operates as a financial institution providing banking-related services and customer support, although it explicitly states it does not provide banking services in Lithuania directly. The website serves as a contact portal offering press contacts, support for former customers, and general inquiries. The bank is a branch of the well-established Danske Bank A/S, a major Nordic banking group, with a domain registered since 2006, indicating a mature online presence. Technically, the website employs modern web technologies including JavaScript, jQuery, and Adobe Dynamic Tag Management for analytics and tracking. The site is well-structured, mobile-optimized, and includes accessibility features. Hosting and DNS services are managed by reputable providers, and the site uses HTTPS with strong SSL configuration, ensuring secure communications. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and a comprehensive cookie consent mechanism with granular user options. However, explicit security headers are not evident, and no dedicated security policy or vulnerability disclosure page is published. The presence of a Data Protection Officer contact aligns with GDPR compliance requirements. No security blocking or WAF challenges were detected, and no vulnerabilities were found in the visible content. Overall, the website reflects a professional, trustworthy banking institution with strong privacy and security awareness. Strategic improvements could include publishing a dedicated security policy, implementing additional security headers, and providing a vulnerability disclosure channel to enhance transparency and security posture.

P

Peikko Group

peikko.com

68

Peikko Group operates as a global leader in manufacturing and supplying innovative construction solutions, specializing in slim floor structures and connection technologies for precast and cast-in-situ construction. Their website reflects a professional and comprehensive digital presence targeting construction professionals, engineers, and designers worldwide. The company emphasizes sustainability and performance enhancement in construction projects through their product offerings and design tools. Technically, the website employs modern web technologies including Google Tag Manager, AddSearch, and Google Maps API, ensuring a functional and moderately performant user experience. The site is mobile optimized with good navigation clarity and SEO practices, although some accessibility features could be improved. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms, but lacks visible security headers and explicit security policies or incident response contacts. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website is trustworthy and professional, but the absence of WHOIS registration data raises some concerns about domain registration transparency. Strategic recommendations include enhancing security headers, publishing a security policy, and verifying domain registration details to strengthen trust and compliance.

W

WESS Auto Grupa

wess.lv

56

WESS Auto Grupa is a major automotive group in Latvia, operating authorized dealerships for Toyota, Lexus, Dongfeng, Honda, and an authorized BMW service center along with Bosch Car service. The group offers new and used car sales, full-cycle auto servicing, car rental, body repair, spare parts sales, and insurance services. With over 200 employees and 30 years of market presence, WESS Auto Grupa holds a strong position in the Latvian automotive sector. The website is built on WordPress and integrates Google Analytics and Tag Manager for visitor tracking. It is multilingual, supporting Latvian, English, and Russian languages, catering to a broad audience in Latvia. The site is well-branded and professionally designed with good navigation and mobile optimization.

L

Loxam

loxam.de

70

Loxam is a leading company specializing in the rental and sale of professional equipment for construction, industrial, and landscaping sectors. The company targets both private customers and business clients, offering a wide range of machinery including mini excavators, chainsaws, aerial work platforms, and more. Their market position is strong in Germany and internationally, supported by a large network of branches and a comprehensive online presence. The website reflects a mature digital infrastructure built on SAP Hybris Commerce, with responsive design and integrated search capabilities. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though some security headers are missing and incident response details are not publicly disclosed. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, supporting a large enterprise business model.

N

NRK Super

nrksuper.no

63

NRK Super is a Norwegian public broadcasting platform dedicated to children's programming, offering a wide range of series, films, and entertainment content. The website reflects a well-established media entity with consistent branding and a clear target audience of children in Norway. The technical infrastructure leverages modern web technologies, including JavaScript frameworks and Google Analytics for user tracking, hosted likely on NRK's infrastructure. Security posture is solid with HTTPS enabled and no visible vulnerabilities, although security headers could be enhanced. Privacy compliance is lacking as no explicit privacy or cookie policies are found, which is a gap for GDPR adherence. Overall, the website is professional and trustworthy but would benefit from improved privacy disclosures and contact transparency.

T

Twistoo SIA

twistoo.co

64

Twistoo SIA operates a specialized SaaS platform focused on gamification and video marketing solutions tailored for e-commerce businesses. Their platform enables clients to engage users through gamified promotions, educational short videos, and offline QR code games, supported by a user dashboard for campaign management and analytics. The company appears to be a small but professional entity founded in 2021, with a clear market focus on enhancing e-commerce marketing KPIs. Technically, the website is built with modern web technologies including Cloudflare DNS, Google reCAPTCHA for form security, and interactive JavaScript libraries like Swiper.js. The site is mobile-optimized and presents content with good design and navigation clarity, although accessibility and SEO could be further improved. Hosting and DNS are managed via Cloudflare, but DNSSEC is not enabled, representing a minor security gap. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms from bots. Domain registration is privacy protected but consistent with the business profile. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of published security policies or incident response contacts suggests room for maturity in security governance. Overall, Twistoo presents a credible and professional online presence with a moderate security posture and good business credibility. Strategic improvements in DNS security, security headers, and transparency around security policies would enhance trust and compliance.

R

Rīgas lidosta

riga-airport.com

58

Rīgas lidosta operates as the official website for Riga International Airport, providing comprehensive information about flights, passenger services, baggage handling, transport options, and business partnerships. The site targets passengers, visitors, and business partners, positioning itself as the primary gateway for air travel in Latvia. The website is built on Drupal CMS with modern web technologies, offering good mobile optimization and accessibility features. Security posture is moderate with HTTPS implied and cookie consent implemented, but lacks visible security headers and explicit privacy policies. The absence of WHOIS data for the domain is a notable concern, potentially impacting trustworthiness despite the professional and consistent branding. Strategic recommendations include verifying domain registration details, publishing privacy and security policies, and enhancing security headers to improve overall trust and compliance.

A

AS Tallink Grupp

tallink.com

65

AS Tallink Grupp operates the Tallink Silja Line ferry and cruise services across the Baltic Sea, connecting major cities such as Helsinki, Stockholm, Tallinn, Turku, and the Åland Islands. The company offers passenger transportation, cargo services, onboard entertainment, tax-free shopping, and hotel accommodations, positioning itself as a leading maritime transport provider in the Baltic region. The website reflects a mature digital presence with a modern tech stack based on Next.js and React, delivering fast performance and excellent mobile optimization. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not publicly disclosed. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. The absence of WHOIS data reduces domain registration transparency but does not detract significantly from the overall trustworthiness given the professional branding and extensive external references. Strategic recommendations include publishing a security policy, incident response contacts, and vulnerability disclosure information to enhance trust and compliance.

S

SMSPinigai.lt

smspinigai.lt

66

SMSPinigai.lt is a Lithuanian online lending platform established in 2010, offering personal loans, credit cards, and refinancing services. The company positions itself as a reliable and customer-focused financial service provider with a strong online presence and a user-friendly loan application process. Their market position is supported by a consistent brand, clear contact channels, and a comprehensive service offering tailored to Lithuanian consumers. Technically, the website employs modern JavaScript libraries, tracking tools, and structured data to enhance SEO and user experience. The site is mobile-optimized and provides clear navigation and content relevant to its audience. Security-wise, the site enforces HTTPS, uses cookie consent mechanisms, and avoids exposing sensitive data, though it lacks explicit security policies and incident response information. Overall, the website demonstrates a mature digital infrastructure with good privacy compliance and business credibility, though there is room for improvement in security transparency and accessibility.

A

Alma Career

lmc.eu

67

Alma Career is a prominent HR and recruitment services provider operating primarily in Czechia and across Europe. The company offers a comprehensive suite of services including job portals, online education platforms, recruitment management tools, employee engagement surveys, and salary benchmarking. Their market position is strong, supported by multiple well-known brands such as Jobs.cz and Platy.cz, serving a broad audience of HR professionals, employers, and job seekers. The website reflects a mature digital presence with modern technologies and a professional design. Technically, the website is built using Next.js and React frameworks, leveraging modern web standards and optimized for performance and mobile responsiveness. The use of Google Tag Manager and Analytics indicates a moderate level of user tracking balanced with privacy compliance. The site employs security best practices including HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. From a security perspective, the site demonstrates a good posture with no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS data for the domain introduces some uncertainty regarding domain legitimacy, although the strong brand presence and consistent business information mitigate this concern. Overall, the risk is moderate with recommendations to enhance transparency around security policies and incident response. Strategically, Alma Career should focus on publishing detailed security and incident response policies, consider a vulnerability disclosure program, and continue to monitor domain registration details to maintain trust. Enhancing accessibility and expanding data retention disclosures would further improve compliance and user trust.

E

Eliko Location Technologies OU

eliko.ee

61

Eliko Location Technologies OU is a technology company specializing in next-generation location tracking solutions based on ultra-wideband (UWB) technology. Their website presents a mature and professional digital presence, highlighting their RTLS products, case studies with reputable clients such as Bosch, and a strong emphasis on accuracy, reliability, and tailored solutions for industrial and immersive applications. The company targets machine builders, enterprise software providers, and manufacturing operations, positioning itself as a trusted provider with over 200 companies relying on their technology. Technically, the website is built on WordPress and leverages modern web technologies including Google Analytics, Google Tag Manager, and Google reCAPTCHA for security and analytics. The site is well-optimized for performance, mobile responsiveness, and accessibility, with comprehensive SEO metadata and structured data enhancing search visibility. From a security perspective, the site enforces HTTPS, uses reCAPTCHA to protect forms, and implements a cookie consent mechanism, demonstrating awareness of privacy and security best practices. However, explicit privacy policies, terms of service, and security policies are not found, representing areas for improvement. DNSSEC is not enabled, which could enhance DNS security. Overall, the security posture is good but could be strengthened with more explicit documentation and technical controls. The domain WHOIS data aligns well with the website content, showing consistent registrant information and appropriate domain age, supporting the legitimacy of the business. No WAF or blocking mechanisms were detected, allowing full content access and analysis. Strategically, Eliko is well-positioned in the RTLS market with a solid technical foundation and trusted customer base. Enhancing transparency around privacy, security policies, and incident response would further strengthen trust and compliance posture.

V

Veebimajutus.ee

veebimajutus.ee

55

Veebimajutus.ee is an Estonian technology service provider specializing in domain registration, web hosting, website creation, and email hosting services. The company targets Estonian businesses and individuals seeking an integrated and user-friendly platform to manage their online presence. Their market position is that of a trusted local provider with a focus on ease of use and customer support. Technically, the website employs modern tracking and analytics tools such as Google Analytics, Microsoft Clarity, and Facebook Pixel, and enforces HTTPS with strong security headers, indicating a mature digital infrastructure. However, the absence of explicit privacy and cookie policies represents a compliance gap that should be addressed. Security posture is strong with no visible vulnerabilities, but incident response and security policies are not publicly documented. Overall, the website is professional, trustworthy, and well-structured, though improvements in privacy compliance and transparency are recommended.

A

AS Alexela

220energia.ee

55

AS Alexela is a prominent Estonian energy company specializing in electricity, natural gas, and liquid fuels. The recent merger with 220 Energia expands its customer base and enhances its service offerings, including a customer loyalty program and mobile app for service management. The website reflects a mature digital presence with a modern Drupal 10 CMS, integrated analytics, and mobile optimization. Security posture is strong with HTTPS and cookie consent mechanisms, though explicit privacy and security policies are not found on the analyzed page. Overall, the company demonstrates a solid market position in the energy sector with good technical infrastructure and user experience.

A

Avitus

avitus.ee

41

Avitus is a small Estonian health portal providing information and practical advice on mental and physical health, nutrition, exercise, vitamins, and supplements. The website targets Estonian-speaking users interested in improving their health and wellbeing through informed lifestyle choices. The business operates primarily as an informational platform without visible e-commerce or direct service offerings. Technically, the site is built on WordPress using the GeneratePress theme, with modern web technologies and good mobile optimization. The hosting and domain registration are consistent with the business location and age. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is minimal, with only a basic privacy policy present and no cookie consent mechanism. Contact information is limited to a single company email address, with no phone or physical address provided. Overall, the site is professionally designed and trustworthy but could improve in privacy and security practices.

H

Holm Bank

holmbank.ee

65

Holm Bank is an Estonian financial institution with approximately 30 years of experience, headquartered in Haapsalu. The bank offers a range of retail and business banking services including loans, credit cards, leasing, and deposits with competitive interest rates. The website targets private individuals and business clients within Estonia, emphasizing personalized service and digital convenience. The site is built on modern web technologies such as Next.js and React, ensuring good mobile optimization and user experience. Security posture is strong with HTTPS enforced and cookie consent implemented, though explicit security headers and policies are not publicly visible. Contact information is clearly provided, enhancing business credibility. Overall, the website reflects a professional and trustworthy banking service with room for improvement in privacy and security disclosures.

D

Dcreate BV

digicreate.be

72

Dcreate BV is a communication agency based in Brugge, Belgium, specializing in branding, website development, graphic design, and print services. The company targets businesses seeking to enhance their brand visibility and communication effectiveness. Their market position is that of a local/regional agency with a professional and consistent brand presence. The website reflects a well-structured service offering with clear navigation and relevant content. Technically, the site is built on Umbraco CMS with AngularJS and Bootstrap frameworks, delivering a moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and a cookie consent mechanism, though some security headers are missing and no incident response or vulnerability disclosure information is published. Overall, the website is trustworthy and professional, with clear contact details and social media presence supporting business credibility.

T

TIPSA

tip-sa.com

65

TIPSA is a well-established logistics and urgent parcel delivery company operating primarily in Spain and Portugal, offering a wide range of services including express deliveries, healthcare logistics, eCommerce specialized shipping, and international transport. The website is professionally designed using Drupal CMS, with modern technologies and good mobile optimization. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place. However, the WHOIS data is missing or inconsistent, which raises concerns about domain registration legitimacy. Overall, the website presents a trustworthy and professional front but requires verification of domain registration details to fully confirm legitimacy.

R

Ramirent Group

ramirent.com

59

Ramirent Group is a leading equipment rental service provider specializing in construction and industrial equipment rental, scaffolding, and weather protection services. As part of the Loxam Group, Ramirent operates in 30 countries worldwide and holds a strong market position as a top three player in nine countries and fourth worldwide within its parent group. The company targets construction firms, industrial clients, and equipment renters, offering a wide range of high-quality rental equipment and support services. The website reflects a professional and comprehensive digital presence with excellent content quality and branding consistency. Technically, the website is built on WordPress CMS with modern technologies including Yoast SEO for optimization, Google Tag Manager for analytics, and Cookiebot for cookie consent management. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Performance is moderate, with room for improvement in hosting and speed. From a security perspective, the site enforces HTTPS, implements key security headers, and provides mechanisms for reporting cybersecurity incidents. However, it lacks a dedicated security policy page and vulnerability disclosure program. The absence of WHOIS registration data raises concerns about domain registration transparency, which slightly impacts business credibility. Overall, the security posture is good but could be enhanced with formal policies and disclosures. The overall risk assessment indicates a legitimate and professional business with strong digital maturity but with a notable gap in domain registration transparency. Strategic recommendations include verifying domain registration details, publishing formal security policies, and enhancing vulnerability disclosure practices to improve trust and compliance.

U

UAB Legal Balance

legalbalance.lt

52

Legal Balance is a Lithuanian legal services company specializing in debt collection, debt purchasing, and payment administration with over 12 years of experience. The company targets both private clients and businesses, offering a modern online platform for managing debts. The website reflects a professional and consistent brand presence with clear contact information and comprehensive privacy and cookie policies. Technically, the site uses modern JavaScript technologies, Google Analytics, Facebook SDK, and New Relic for monitoring, ensuring good performance and user experience. Security posture is strong with HTTPS enforced and secure forms, though some security headers and policies could be improved. Overall, the website is trustworthy and well-maintained, supporting the company's market position in the finance sector.

A

Acme TV

acmetv.co.uk

58

Acme TV is a small independent media production company based in the United Kingdom, specializing in documentary, drama, music, entertainment, and digital content. Founded in 2011 by Jaimie D’Cruz, it has established a reputation for producing content for major networks and platforms with a focus on diverse and contemporary cultural stories. The website is professionally designed using the Squarespace platform, featuring good content quality and clear navigation. Technical infrastructure is modern and mobile-optimized, with HTTPS and HSTS enabled, indicating a solid security foundation. However, the absence of privacy and cookie policies and lack of explicit security disclosures represent compliance gaps. The domain WHOIS data is unavailable due to an invalid domain registration error from Nominet UK, which raises concerns about domain legitimacy but does not affect the accessible and professional nature of the website content. Overall, the site demonstrates a good digital maturity level with room for improvement in privacy compliance and security transparency.

D

Domainkeskus Oy

containershipsgroup.com

28

The website containershipsgroup.com currently serves as a parked domain page managed by Domainkeskus Oy, a Finnish domain registration and web hosting provider. The page indicates that the domain is registered but not actively used for business purposes. Domainkeskus offers domain registration, web hosting, email services, and virtual servers, targeting individuals and businesses in Finland. The domain is well-established, created in 1997, and shows consistent WHOIS data aligning with the website branding. Technically, the site uses modern JavaScript modules and CSS with SVG icons but lacks advanced frameworks or CMS detection. The hosting DNS is managed by Euronic.fi. The site is mobile-optimized with basic accessibility and SEO features but overall content quality is minimal, reflecting its placeholder status. From a security perspective, the domain uses clientTransferProhibited status, which protects against unauthorized transfers. However, no HTTPS enforcement or security headers are evident in the HTML content, and no privacy or cookie policies are present, indicating compliance gaps. No incident response or vulnerability disclosure information is provided. Social media links point to Domainkeskus official profiles, not the containershipsgroup.com domain. Overall, the site is low risk but lacks active business content and security best practices. Strategic recommendations include enabling HTTPS, adding privacy and cookie policies, implementing security headers, and providing incident response contacts to improve trust and compliance.

S

sveacasino.se

sveacasino.se

64

Sveacasino.se operates as a Swedish online casino comparison and review platform, positioning itself as the largest casino guide in Sweden since 2012. The site offers comprehensive listings of casino bonuses, free spins, and detailed reviews targeting Swedish online casino players. Technically, the website is built on WordPress with Bootstrap framework, leveraging modern web technologies including JSON-LD structured data and Google Analytics for tracking. The site is mobile optimized and presents a professional design with clear navigation. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is weak due to the absence of explicit privacy and cookie policies. The lack of WHOIS data for the domain raises concerns about domain registration legitimacy, impacting business credibility. Overall, the site is functional and professional but requires improvements in privacy compliance and domain registration transparency.

G

Google

doubleclick.net

72

Google Marketing Platform is an enterprise-grade advertising and analytics solution offered by Google, designed to integrate advertising and analytics for better customer insights and marketing results. The platform targets large enterprises seeking to optimize their marketing investments with advanced tools such as Display & Video 360, Analytics 360, and Campaign Manager 360. The website reflects Google's strong market position and brand reputation, providing comprehensive information and resources for enterprise customers. Technically, the site is built on modern web technologies including AngularJS and Google Tag Manager, hosted on Google's infrastructure, ensuring fast performance and mobile optimization. Security posture is strong with HTTPS, security headers, and privacy compliance aligned with Google's global standards. However, explicit security policies and incident response contacts are not present on this page. Overall, the site is professional, trustworthy, and well-aligned with Google's enterprise marketing offerings.

S

State Farm

statefarm.com

62

State Farm is a well-established insurance and financial services company with over 100 years of experience, offering a wide range of products including auto, home, life, health insurance, banking, and investment services. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding. The company targets consumers and small businesses seeking personalized insurance and financial solutions, supported by a large network of agents and digital tools such as a mobile app with high user ratings. Technically, the website employs modern web technologies including React and Next.js frameworks, integrates analytics and marketing tools like Google Tag Manager and Optimizely, and demonstrates good performance and mobile optimization. Security best practices are evident with HTTPS enforcement, security headers, and secure form handling. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant. The security posture is strong with no detected vulnerabilities or blocking mechanisms. However, the site could improve by publishing explicit incident response contacts and vulnerability disclosure information. Overall, the domain registration data aligns well with the company's identity, reinforcing trust and legitimacy. Strategically, State Farm maintains a robust online presence that supports its market leadership in insurance and financial services, leveraging technology to enhance customer experience and operational efficiency.

S

Soa Aids Nederland

sekswerk.info

58

Sekswerk.info is a well-established non-profit informational website operated by Soa Aids Nederland, dedicated to improving the position and health of sex workers in the Netherlands. The site provides comprehensive resources on safe sex work, free STI testing, hepatitis B vaccination, workplace advice, and legal rights. It also offers a complaint and advice point to support users with organizational issues. The website is professionally designed with clear navigation and is mobile optimized, targeting sex workers and related stakeholders in the Dutch healthcare and social support sectors. Technically, the site runs on Drupal 10, uses Matomo for analytics with privacy considerations, and integrates accessibility features such as ReadSpeaker. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. Privacy and cookie policies are present and GDPR compliant, though explicit security policies and incident response contacts are not found. WHOIS data is privacy protected, consistent with the non-profit nature of the site. Overall, Sekswerk.info demonstrates a mature digital presence with a focus on trust, user safety, and compliance.

S

Stichting OSGeo.nl

osgeo.nl

51

OSGeo.nl is a small, community-driven non-profit organization dedicated to promoting and supporting open source geo-information software within the Dutch language area. As a local chapter of the international OSGeo Foundation, it serves a niche audience of developers, users, and enthusiasts interested in open geo technologies. The website provides information about community events, user groups, and relevant news, positioning itself as a key resource for the Dutch open geo community. Technically, the website is built using the Hugo static site generator, leveraging modern web technologies such as JavaScript bundles and CSS with Subresource Integrity. The site is served over HTTPS with DNSSEC enabled, indicating a good baseline security posture. However, there is room for improvement in security headers and privacy compliance, as no privacy or cookie policies are present, and no incident response or vulnerability disclosure information is provided. The security posture is solid in terms of transport security and resource integrity but lacks comprehensive security policies and headers that would enhance protection against common web threats. The absence of tracking and advertising technologies suggests a privacy-conscious approach, though the lack of formal privacy documentation is a compliance gap. Overall, OSGeo.nl presents a trustworthy and professional front for its community mission but should prioritize adding privacy policies, cookie consent mechanisms, and security headers to improve compliance and security maturity. Enhancing contact information and incident response details would further strengthen trust and preparedness.

Personalehuset.dk is a Danish content website focused on providing articles across a broad range of lifestyle and practical topics. The site targets Danish-speaking users interested in subjects such as work, leisure, home decoration, IT, and health. The business model is primarily content publishing via a WordPress platform, with no visible monetization or e-commerce features. Technically, the site uses WordPress 6.5.5 with standard plugins and Google Fonts, hosted under the registrar Simply.com A/S. Performance and mobile optimization are moderate to good, but accessibility and SEO are basic. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC, which are recommended for improved protection. Privacy compliance is poor due to the absence of privacy and cookie policies, and no GDPR indicators are present. Contact information is minimal, with no explicit emails or phone numbers found, only a contact form. Overall, the site is functional but basic in professionalism and security maturity.

E

EIVA a/s

eiva.com

70

EIVA a/s is a well-established engineering company specializing in software and hardware solutions for maritime survey, offshore, and shallow water construction industries. With over 45 years of experience, EIVA offers a comprehensive portfolio including software products, equipment sales and rental, integrated system solutions, 24/7 support, and professional training services. Their market position is strong, supported by a professional website, active social media presence, and a broad customer base in the energy and transportation sectors. Technically, the website employs modern web technologies such as Google Tag Manager, Cookiebot for consent management, and lazy loading for performance optimization. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS and uses secure forms but lacks explicit security headers and a public security policy or incident response information, which are areas for improvement. The absence of WHOIS data for the domain is a notable anomaly, slightly reducing trust in domain registration transparency, though the overall business credibility remains high. Strategic recommendations include publishing a dedicated security policy, enhancing security headers, and providing incident response contacts to strengthen trust and compliance.

G

Google Transparency

transparency.google

61

The Google Transparency Center website serves as a comprehensive resource detailing Google's product policies, enforcement actions, and commitment to user safety and transparency. It targets a broad audience including users, developers, creators, and researchers, providing clear and accessible information about Google's approach to policy development and enforcement. The site reflects Google's position as a global technology leader with a strong emphasis on transparency and trust. Technically, the website is built on a modern, performant infrastructure leveraging Google's internal frameworks, Google Cloud hosting, and best practices in web development including responsive design, accessibility, and SEO optimization. The use of Google Tag Manager and Analytics indicates a mature digital analytics setup. From a security perspective, the site demonstrates excellent security posture with HTTPS enforcement, comprehensive security headers, and no detected vulnerabilities or exposed sensitive data. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. However, direct contact information for security or incident response is not prominently provided. Overall, the website is highly professional, trustworthy, and secure, reflecting Google's commitment to transparency and user protection. No critical issues or blocking mechanisms were detected, allowing for a full and detailed analysis.

R

RASTREATOR COMPARADOR CORREDURÍA DE SEGUROS S.L.U

rastreator.com

64

Rastreator.com is a well-established Spanish online comparison platform specializing in insurance, energy tariffs, finance products, and telecommunications offers. Founded in 2009, it serves consumers by providing transparent price comparisons and expert advisory services to help users select the best products in sectors such as car insurance, health insurance, mortgages, and energy. The website demonstrates a professional and consistent brand presence with comprehensive content and a user-friendly interface optimized for mobile devices. Technically, the site uses modern web technologies including lazy loading scripts and Google Tag Manager for analytics and marketing, hosted on a secure HTTPS platform. Security posture is strong with no visible vulnerabilities, though some security headers and explicit policies are missing. Privacy compliance is partially met with a cookie consent mechanism but lacks a visible privacy policy and terms of service in the provided content. The WHOIS data is notably absent, which slightly reduces trustworthiness but does not negate the legitimacy indicated by the website content and structured data. Overall, Rastreator.com is a credible and professional service with room for improvement in transparency and security documentation.

G

GGD Rotterdam-Rijnmond

ggdrotterdamrijnmond.nl

69

GGD Rotterdam-Rijnmond is a regional public health organization dedicated to protecting and promoting the health of residents in the Rotterdam-Rijnmond area. The website serves as an official portal providing health information, vaccination services, sexual health testing, travel health advice, and public health research. It targets residents, healthcare professionals, and travelers, positioning itself as a trusted government health authority. The site is well-branded with municipal affiliation and maintains active social media channels for outreach. Technically, the website is built on modern frameworks including Next.js and React, with evidence of Drupal CMS usage for content management. It employs accessibility features such as ReadSpeaker for text-to-speech and is optimized for mobile devices. Performance is fast, and SEO best practices are followed with proper meta tags and structured content. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms. While explicit security headers are not fully confirmed, no vulnerabilities or exposed sensitive data were detected. The absence of a published security policy or vulnerability disclosure page suggests room for improvement in transparency and incident response readiness. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. The domain registration aligns with the organization's public nature, reinforcing legitimacy. Strategic recommendations include enhancing security header implementation, publishing security policies, and adding vulnerability disclosure mechanisms to further strengthen security posture.

V

Veiligheidsregio Gelderland-Zuid

vrgz.nl

69

Veiligheidsregio Gelderland-Zuid (VRGZ) is a governmental regional safety organization in the Netherlands, serving 14 municipalities with integrated emergency services including fire brigade, ambulance care, and crisis management. The website reflects a mature and professional digital presence, leveraging WordPress CMS with modern SEO and analytics tools. The organization positions itself as a key public safety entity within the Dutch safety region framework, providing timely incident updates, risk information, and community engagement through social media and news updates. Technically, the site is well-structured, mobile-optimized, and uses HTTPS with DNSSEC for domain security. However, explicit security policies and vulnerability disclosure mechanisms are absent, and cookie consent mechanisms could be improved for full GDPR compliance. Overall, the website demonstrates a strong security posture and business credibility appropriate for a public sector entity.

S

SIA "Optimera Latvia"

buvniecibas-abc.lv

61

Būvniecības ABC, operated by SIA "Optimera Latvia", is a leading Latvian retailer specializing in construction materials, tools, and garden equipment. The company offers a broad product catalog accessible via an online store and supports customer loyalty programs and rental services. The website demonstrates a solid market position within Latvia's retail construction sector, targeting both consumers and professional clients. Technically, the site leverages modern web technologies including Cloudflare hosting, Google Tag Manager, and Facebook SDK for analytics and marketing. The site is mobile-optimized with good navigation and content quality. Security posture is moderate with HTTPS usage and CSRF tokens, but lacks explicit security headers and published security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the domain registration data aligns well with the business identity, supporting legitimacy. Strategic improvements in privacy compliance and security transparency would enhance trust and regulatory adherence.

T

The Royal College of Ophthalmologists

rcophth.ac.uk

40

The Royal College of Ophthalmologists is a UK-based professional membership organisation and charity dedicated to promoting and supporting the ophthalmic profession nationally and internationally. The website serves as a comprehensive resource for members, trainees, researchers, and patients, offering information on training, examinations, research, policy, and events. The organisation holds a strong market position as the authoritative body for ophthalmology in the UK, with a clear focus on education, professional development, and advocacy. Technically, the website is built on WordPress with a modern tech stack including jQuery, Google Tag Manager, and cookie consent tools. It demonstrates good digital maturity with responsive design, accessibility considerations, and SEO optimization. Performance is moderate, with room for improvement in hosting and caching strategies. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks visible advanced security headers and a public security policy or incident response information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Overall, the website is professional, trustworthy, and well-maintained, with minor recommendations to enhance security headers and publish security policies. The domain registration data aligns well with the organisation's claims, supporting legitimacy and trustworthiness.

S

Siemens Digital Industries Software

mentor.com

49

Siemens Digital Industries Software operates a comprehensive and professional website dedicated to Electronic Design Automation (EDA) solutions. The company offers a broad portfolio of software, hardware, and services aimed at streamlining the design, verification, and manufacturing of integrated circuits and electronic systems. Siemens holds a strong market position as a leading provider in the technology and manufacturing sectors, supported by its parent company Siemens AG. The website targets professionals in electronic design, manufacturing, and related industries, providing detailed product information, training, and consulting services. Technically, the website employs modern web technologies including custom web components, advanced video players, and a robust content delivery network. It demonstrates excellent performance, mobile optimization, and accessibility features. The use of structured data and Open Graph metadata enhances SEO and social media integration. Consent management is implemented via Usercentrics, reflecting a commitment to privacy compliance. From a security perspective, the site enforces HTTPS and integrates security best practices such as trusted script sources and consent management. However, explicit security headers and a public security policy are not evident, suggesting areas for improvement. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is highly professional, trustworthy, and well-aligned with Siemens' corporate identity. It effectively serves its target audience with rich content and a strong technical foundation. Strategic recommendations include enhancing security headers, publishing a security policy, and improving privacy policy visibility to further strengthen compliance and trust.

V

Version 1

version1.com

59

Version 1 is a large, established technology consulting and managed services provider focused on digital transformation, cloud, AI, and business transformation frameworks. The company positions itself as a strategic partner for businesses seeking to modernize applications, optimize cloud infrastructure, and leverage AI-driven insights. Their website reflects a mature digital presence with comprehensive content, strong SEO, and professional design. Technically, the site is built on WordPress with modern fonts, SVG icons, and Google Tag Manager for analytics. Security posture is good with HTTPS enabled and no visible vulnerabilities, though some security headers and explicit incident response policies are absent. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its target audience of enterprise clients.

H

Horst Brandstätter Group

playmobil.fr

52

PLAYMOBIL® France operates as the official e-commerce platform for the Playmobil brand in France, offering a wide range of toys and related products targeting children and families. The website is well-branded, consistent with the parent company Horst Brandstätter Group, and provides comprehensive product information, promotions, and customer engagement features such as newsletters and wishlists. The platform leverages modern e-commerce technologies including Salesforce Commerce Cloud, Amplience for media management, and OneTrust for privacy compliance. Security measures such as CSRF tokens and HTTPS are implemented, and the site includes a robust cookie consent mechanism aligned with GDPR requirements. While explicit security policies and incident response contacts are not found, the overall security posture is strong with no critical vulnerabilities detected. The website demonstrates a high level of professionalism, good user experience, and compliance with privacy regulations, positioning it as a trustworthy and credible retail platform.

H

HealthPartners

healthpartners.com

49

HealthPartners is a large, top-rated healthcare and insurance provider serving Minnesota and Wisconsin. The company offers a comprehensive range of services including health insurance plans, clinics, hospitals, pharmacy services, and wellness programs. Their market position is strong regionally, supported by a professional and well-branded website that clearly communicates their offerings and mission. The technical infrastructure leverages modern web technologies such as Web Components and Adobe Experience Manager, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though there is room for improvement in security headers and explicit cookie consent mechanisms. Overall, the website reflects a mature digital presence aligned with industry standards and compliance requirements.

Z

Zalando

zalando.lv

50

Zalando.lv is a leading online fashion retail platform targeting Latvian consumers with a wide assortment of clothing, footwear, and accessories for women, men, and children. The website showcases a strong brand presence with multiple well-known fashion brands and offers key services such as free delivery and returns, personalized recommendations, and a user-friendly shopping experience. The platform is part of the larger Zalando SE group, a major European e-commerce player. Technically, the site employs modern web technologies including React, RequireJS, and a consent management platform, ensuring a fast, mobile-optimized, and accessible user experience. Security posture is solid with HTTPS enforced and service workers implemented, though explicit security headers and incident response information are not publicly detailed. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism. Overall, the website is professional, trustworthy, and well-positioned in the e-commerce fashion market.

G

Glove Technologies, Inc.

glove.fit

52

Glove Technologies, Inc. operates the website glove.fit, offering a SaaS platform that converts website visitors into qualified leads through real-time AI-driven personalization and visitor tracking. Their technology focuses on understanding visitor behavior, building visitor signal maps, and dynamically personalizing content to optimize lead conversion for B2B SaaS companies and enterprise clients. The platform emphasizes ease of installation with a single script tag and promises significant improvements in inbound lead generation. Technically, the website leverages modern JavaScript frameworks, likely React, and integrates third-party services such as HubSpot forms and Contentsquare for analytics and tracking. The site is hosted on Amazon Cloudfront CDN, ensuring moderate performance and good mobile optimization. However, accessibility and SEO optimizations are basic and could be improved. From a security perspective, the site uses HTTPS and avoids exposing sensitive data in its HTML. However, it lacks visible security headers, a published security policy, incident response contacts, and vulnerability disclosure mechanisms. Privacy compliance is limited, with a privacy policy present but no cookie consent mechanism or explicit GDPR compliance indicators. Overall, the website presents a professional and functional digital presence with moderate security and privacy maturity. Strategic improvements in privacy compliance, security policy transparency, and accessibility would enhance trust and compliance posture.

Upify is a small technology company operating a SaaS behavioral analytics platform that provides comprehensive tools such as heatmaps, session recordings, funnels, surveys, and feedback mechanisms to help businesses understand user behavior and improve conversion rates. The website is professionally designed with clear navigation and mobile optimization, targeting business users and analysts seeking actionable insights. Technically, the site employs modern JavaScript frameworks, integrates with major analytics and marketing platforms like Google Analytics and Facebook Pixel, and uses a cookie consent management system to comply with privacy regulations. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are not published. Overall, the domain registration data aligns well with the business identity, supporting legitimacy and trustworthiness.

S

Sikri AS

ambita.no

73

Ambita, operated by Sikri AS, is a leading Norwegian company specializing in digital solutions for the real estate market. Their website showcases a comprehensive portfolio of services including property information portals, digital registration (tinglysing), and collaborative digital tools aimed at streamlining property transactions and management. The company targets a broad audience including real estate professionals, financial institutions, municipalities, and private individuals, positioning itself as a key technology enabler in the Norwegian property sector. Technically, the website is built on the HubSpot CMS platform, leveraging modern web technologies such as Google Analytics 4, Piwik PRO for analytics, Cookiebot for cookie consent management, and Zendesk for customer support. The site demonstrates good performance, mobile optimization, and accessibility features, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS with strong SSL configuration and implements multiple security headers to protect users. The presence of a detailed cookie consent mechanism and privacy policy indicates compliance with GDPR and related privacy regulations. However, no explicit security policy or incident response information is published, which could be improved. Overall, Ambita's website reflects a professional, trustworthy, and well-managed digital presence with strong business credibility and compliance posture. Strategic recommendations include publishing a dedicated security policy, providing incident response contacts, and adding a vulnerability disclosure mechanism to further enhance trust and security transparency.

M

Magnus Pettersson

statistikkonsulterna.se

40

Statistikkonsulterna Väst AB is a specialized consulting company based in Sweden, focusing on statistical methods, mathematics, and advanced programming. They provide expert statistical guidance and creative solutions primarily to researchers and developers, aiming to deliver high-quality decision support based on quantitative data. The company positions itself as a competence center in its niche market with a small but professional presence since 2017. The website reflects a well-structured and professionally designed digital presence using WordPress with SEO and translation capabilities, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and no visible vulnerabilities, but lacks published security policies and advanced security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy but could improve transparency and compliance to enhance user trust and security.

EasyFill AB is a Swedish publicly listed company specializing in innovative retail shelving solutions designed to optimize store efficiency, reduce food waste, and increase sales. Their flagship products include the TurnLoader™ and RotoShelf® systems, which implement a First In, First Out (FIFO) approach to product replenishment. The company targets retail operators seeking smarter shelving solutions that reduce labor and improve profitability. The website is professionally designed using HubSpot CMS, featuring rich content, customer testimonials, and clear navigation. It is mobile-optimized and incorporates modern web technologies and marketing tools. Security posture is strong with HTTPS enforced and no exposed sensitive data, though some security headers and policies could be improved. Privacy compliance is well addressed with a cookie consent banner and a comprehensive privacy policy. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the website reflects a mature digital presence aligned with the company's market position and business goals.

F

Fellowshop AB

fellowshop.se

43

Fellowshop AB is a Swedish communications agency specializing in strategic and creative communication services including branding, copywriting, and campaign management. The company positions itself as a small but effective agency emphasizing collaboration and impactful communication. The website is professionally designed using Squarespace, with good mobile optimization and clear navigation. Security-wise, the site uses HTTPS with HSTS enabled, indicating strong SSL configuration. However, it lacks explicit privacy, cookie, and terms of service policies, which impacts compliance and trust. No incident response or vulnerability disclosure information is provided. Overall, the site reflects a legitimate small agency with room for improvement in privacy and security transparency.

A

Adda AB

sklkommentus.se

47

Adda AB operates as a specialized service provider supporting the Swedish public sector through framework agreements, procurement support, competence development, and training. The company targets employees within municipalities, regions, and other public organizations, offering both digital and printed resources to facilitate efficient public procurement and workforce development. The website reflects a mature market position with clear service offerings and a professional digital presence. Technically, the website employs modern web technologies including Vue.js, Microsoft Application Insights for telemetry, and Google reCAPTCHA v3 for bot protection. The site is built on the Episerver CMS platform, ensuring structured content management and good SEO practices. Mobile optimization and accessibility are well addressed, contributing to a positive user experience. From a security perspective, the site benefits from HTTPS encryption, cookie consent mechanisms, and monitoring tools. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are absent, representing areas for improvement. No critical vulnerabilities or blocking mechanisms were detected, indicating a solid security posture overall. The overall risk profile is low with recommendations to enhance transparency around security policies and incident handling. Strategic improvements in security headers and vulnerability disclosure would further strengthen trust and compliance.

N

Nacka kommun

nacka.se

38

Nacka kommun operates as the official municipal government website serving over 100,000 residents in Nacka, Sweden. The site provides comprehensive information about municipal services including education, social support, urban development, and local politics. It targets residents, businesses, and visitors seeking municipal resources and engagement opportunities. The business model is public sector focused, delivering essential community services and governance information. Technically, the website is built on the EPiServer CMS platform, leveraging modern JavaScript frameworks, SVG icons, and Azure Application Insights for analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. Hosting appears to be on Microsoft Azure infrastructure, ensuring reliability and scalability. From a security perspective, the site enforces HTTPS with strong SSL configuration and implements cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not fully documented in the HTML, best practices are implied. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a published security policy or incident response contact, which could enhance transparency and trust. Overall, Nacka kommun's website is a professional, trustworthy, and well-maintained digital presence for a government entity. It balances user experience, compliance, and technical robustness effectively, supporting its role as a key information and service portal for the municipality.

V

Västtrafik AB

vasttrafik.se

52

Västtrafik AB operates as the regional public transportation authority for Västra Götaland, Sweden, providing comprehensive travel planning, ticketing, and traffic information services. The website serves a broad audience of public transport users in the region, offering tools and information to facilitate travel across multiple modes including bus, tram, train, and ferry. The business is positioned as a key regional transport provider under the Västra Götalandsregionen umbrella, with a large operational scale and a focus on sustainable and accessible mobility solutions. Technically, the website is built on the EPiServer CMS platform, leveraging modern JavaScript frameworks and libraries, including Matomo for analytics and EPiServer Forms for user feedback and contact forms. The site demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate to fast performance profile. Hosting appears to be managed by the regional government infrastructure, ensuring reliability and alignment with public sector standards. From a security perspective, the site enforces HTTPS, uses secure cookies, and implements cookie consent mechanisms compliant with GDPR. While explicit security policies and incident response contacts are not published, the site shows adherence to best practices with no visible vulnerabilities or exposed sensitive data. The use of nonce attributes in scripts and consent-based tracking further enhance security and privacy. Overall, Västtrafik's website reflects a mature digital presence with strong business credibility, good technical implementation, and a solid security posture. Strategic recommendations include publishing detailed security policies, incident response information, and vulnerability disclosure guidelines to further enhance trust and compliance.

Ö

Östersunds kommun

ostersund.se

44

Östersunds kommun operates as the official municipal government website for the city of Östersund, Sweden, providing comprehensive information and services related to education, care, culture, infrastructure, business, and politics. The website targets residents and visitors, offering e-services, news updates, and contact channels to facilitate community engagement and service delivery. The site holds a strong market position as a trusted government portal with consistent branding and clear communication of municipal functions. Technically, the website is built on the SiteVision CMS platform, utilizing jQuery and standard web technologies. It demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The presence of cookie consent mechanisms and Google site verification indicates a reasonable level of digital maturity. From a security perspective, the site uses HTTPS and includes some security best practices such as CSRF token placeholders and cookie consent. However, it lacks explicit security headers, published security policies, and incident response contacts, which are areas for improvement. Tracking is performed via Vizzit analytics, with moderate user tracking levels. Overall, the website is professional, trustworthy, and well-suited for its public sector role. Strategic enhancements in security policy transparency and technical security controls would further strengthen its posture and compliance.

K

Karlstads universitet

kau.se

47

Karlstads universitet is a well-established Swedish university providing higher education, research, and collaboration services primarily in the education sector. The website targets students, staff, alumni, and the press, offering comprehensive information about programs, research, and university news. The institution maintains a strong market position as a regional university with a focus on quality education and societal collaboration. Technically, the website is built on Drupal CMS, uses Matomo for privacy-conscious analytics, and is well-optimized for mobile and accessibility. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response information are absent. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.