Security Directory

F

FirstHost

firsthost.lv

59

FirstHost is a Latvia-based technology company specializing in high-performance web hosting, dedicated servers, and cloud VPS solutions primarily targeting European businesses. With over 18 years of experience and a client base exceeding 9,000, the company positions itself as a reliable and scalable IT infrastructure provider. Their services include dedicated servers, cloud hosting, domain registration, SSL certificates, and virtual desktop infrastructure, catering to enterprises seeking robust and flexible hosting solutions. The website reflects a mature digital presence with multilingual support and multiple currency options, indicating a broad regional focus. Technically, the website leverages modern web technologies including Bootstrap, jQuery, and various JavaScript libraries for enhanced user experience and performance. Integration with analytics and marketing tools such as Google Tag Manager, Facebook Pixel, and Yandex Metrika demonstrates a data-driven approach to customer engagement. The site is mobile-optimized and exhibits good SEO practices, contributing to its accessibility and reach. From a security standpoint, the site enforces HTTPS and uses reputable third-party services for live chat and analytics. However, explicit security policies, incident response details, and vulnerability disclosure mechanisms are absent, representing areas for improvement. The lack of WHOIS data due to query limits restricts full domain trust verification, though the website content and business indicators suggest legitimacy. Overall, FirstHost presents a solid business and technical profile with room to enhance transparency around security and compliance. Strategic improvements in security documentation and WHOIS data availability would strengthen trust and compliance posture.

D

DDSTUDIO

ddstudio.com

54

DDSTUDIO is a boutique design consultancy specializing in industrial design, user experience (UX), and user interface (UI) design. Established in 1997, the company positions itself as a premier partner for industry innovators seeking strategic, business-driven design solutions that empower people, influence positive change, and drive commercial success. Their services focus on human-centered design methodologies to create compelling, market-ready products. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content including case studies and client testimonials, indicating a strong market position in the technology sector. Technically, the website is built on WordPress using the Enfold theme and Avia framework, incorporating modern JavaScript libraries such as Swiper.js and Tippy.js, and integrates analytics tools like HubSpot and Google Analytics. The site is mobile-optimized and accessible, with good SEO practices and performance rated as moderate. Security posture is adequate with HTTPS enforced and use of reCAPTCHA, but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is strong, with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, DDSTUDIO demonstrates a solid security and compliance posture with no critical vulnerabilities detected. The domain registration is consistent with the business history, enhancing trustworthiness. Strategic recommendations include enhancing DNS security, publishing a security.txt file, and improving security header implementation to further strengthen the security posture.

ARCO REAL ESTATE is a Latvian real estate agency established in 1992, offering brokerage, property valuation, consulting, and marketing services primarily focused on residential and commercial properties within Latvia. The website presents a professional and content-rich platform targeting property buyers, sellers, renters, and investors in the Latvian market. The company maintains an active social media presence and provides clear contact information, enhancing trust and accessibility. Technically, the website employs modern web technologies including jQuery, Foundation CSS framework, Leaflet.js for maps, and integrates Google Analytics for user tracking. The site is mobile-optimized with good navigation and content structure, though accessibility features are basic. Security practices include HTTPS usage and a cookie consent mechanism, but explicit security headers and incident response policies are not evident from the HTML content. The security posture is moderate with no visible vulnerabilities or exposed sensitive data, but improvements are recommended in security header implementation and incident response transparency. Privacy compliance is basic with GDPR-related cookie consent and a privacy policy page available. WHOIS data could not be retrieved due to query limits, limiting domain legitimacy verification, but website content and business information appear consistent with a legitimate real estate business. Overall, the website is professional and trustworthy with room for enhanced security and compliance measures. Strategic recommendations include strengthening security headers, publishing incident response and terms of service documents, and improving accessibility compliance to further solidify the company's digital maturity and trustworthiness.

N

Norbulk

norbulkshipping.com

61

Norbulk is a well-established ship management company with over four decades of experience managing a diverse fleet engaged in worldwide trade. The company offers a comprehensive range of services including technical ship management, crew management and training, consultancy, quality assurance, marine travel, and commercial services. The website reflects a professional and consistent brand presence targeting ship owners and maritime industry stakeholders. Technically, the site is built on the Squarespace platform, leveraging modern web technologies and hosted with Cloudflare DNS services, ensuring good performance and mobile optimization. Security posture is strong with HTTPS and HSTS enabled, though DNSSEC is not configured. However, the site lacks explicit privacy, cookie, and terms of service policies, and does not provide direct contact information or incident response details, which are areas for improvement. Overall, the domain registration data supports the legitimacy and longevity of the business.

S

SIA ARKOLAT

arkolat.lv

58

SIA ARKOLAT operates a professional e-commerce platform specializing in kitchenware and household goods, serving primarily the Baltic region. The company positions itself as a leading provider in this sector, offering a wide range of products for cooking, serving, and household needs. The website supports multiple languages and provides a comprehensive catalog with pricing, user accounts, and shopping cart functionality. Technically, the site uses modern web technologies including JavaScript libraries and Google Fonts, with a moderate performance profile and good mobile optimization. Security measures include HTTPS enforcement and CSRF token usage, though some security headers are missing and no vulnerability disclosure or privacy policy pages were found. Overall, the website is functional and professional but could improve in privacy compliance and security transparency.

H

Homoecos.lv

homoecos.lv

53

Homoecos.lv is an independent Latvian-language informational website focused on online gambling, providing detailed guides, reviews, and explanations about online casinos, games, bonuses, and legal regulations in Latvia. The site targets Latvian online gambling players ranging from beginners to experienced users, offering comprehensive content to help users navigate the online gambling environment responsibly. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts, with a responsive design optimized for mobile devices. The website is accessible without any WAF or security blocking mechanisms detected. Security posture is moderate with HTTPS implied but lacking explicit security headers and cookie consent mechanisms. WHOIS data could not be retrieved due to query limits, limiting domain trust verification. Overall, the site presents a professional and consistent brand image with good content quality and user experience but could improve privacy compliance and security best practices.

N

NJ TRANSIT

njtransit.com

69

NJ TRANSIT is the primary public transportation corporation serving New Jersey, offering a comprehensive range of transit services including trains, buses, light rail, and ADA paratransit services. The website reflects a mature, enterprise-level public service entity with a strong market position in the transportation sector. It targets commuters and travelers within New Jersey and neighboring regions, providing trip planning tools, fare information, and real-time service status updates. The business model is focused on public transit operations and customer service facilitation. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, leveraging Google Fonts, Google Analytics, and various marketing and tracking tools like HubSpot and Facebook Pixel. The site is well-optimized for performance, mobile responsiveness, and accessibility, with a clean and professional design. SEO practices are adequately implemented with proper meta tags and structured data. From a security perspective, the site enforces HTTPS with strong SSL configuration and employs multiple security headers to protect users. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response contacts are not publicly available, which could be improved to enhance transparency and trust. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. The absence of WHOIS data is noted but likely due to privacy or registry protection rather than malicious intent. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and enhancing incident response visibility to further strengthen security posture and user trust.

B

Biedrība “Sabiedrība par atklātību – Delna”

delna.lv

59

Biedrība “Sabiedrība par atklātību – Delna” is a Latvian non-profit organization dedicated to promoting transparency and combating corruption. Established in 1998 as the Latvian chapter of Transparency International, Delna operates primarily in Latvia with a focus on public sector and civil society engagement. The organization offers services including advocacy, public awareness campaigns, whistleblowing support, and educational initiatives. Their market position is that of a recognized NGO with international ties, targeting government, NGOs, and the general public. Technically, the website is built on WordPress with modern web technologies such as Google Tag Manager, reCAPTCHA v3, and Mailchimp integration for newsletters. The site is mobile-optimized and provides multilingual support. Performance is moderate with good SEO and accessibility basics in place. Security posture is solid with HTTPS enforced and use of reCAPTCHA on forms. However, explicit security headers like CSP and X-Frame-Options are not clearly present, and no dedicated security or incident response policies are published. The site includes a cookie consent banner and privacy policy indicating GDPR compliance. Overall, the website is professional, trustworthy, and well-maintained, though WHOIS data is unavailable due to query limits, slightly reducing trust score. Strategic recommendations include enhancing security headers, publishing incident response contacts, and maintaining up-to-date CMS and plugins to mitigate vulnerabilities.

COGEN Europe is a well-established European association dedicated to promoting cogeneration technologies and policies across Europe. The organization collaborates with EU institutions and industry stakeholders to advocate for energy efficiency and emission reduction through cogeneration. The website reflects a medium-sized association with a solid membership base of national associations and corporate members, positioning itself as a key player in the energy sector focused on cogeneration. Technically, the website is built on WordPress using popular page builders and plugins, indicating a moderate level of digital maturity. The site is mobile-optimized, uses HTTPS, and includes structured data for SEO enhancement. However, some technical improvements are possible, such as adding security headers and fully configuring analytics tools. From a security perspective, the site benefits from HTTPS and does not expose sensitive data. However, it lacks visible security headers and formal privacy and cookie policies, which are important for GDPR compliance and user trust. The absence of incident response and vulnerability disclosure information suggests room for improvement in security governance. Overall, the website is professional and credible but would benefit from enhanced privacy compliance and security best practices to strengthen trust and regulatory adherence.

A

Armstrong Fluid Technology

armstrongfluidtechnology.com

64

Armstrong Fluid Technology is a well-established manufacturer specializing in intelligent fluid flow equipment such as pumps, valves, and heat exchangers, targeting commercial and industrial HVAC markets globally. The company emphasizes energy efficiency and sustainability, supported by a comprehensive website offering detailed product information, case studies, and resources. The technical infrastructure is modern, leveraging ASP.NET, Bootstrap, and various JavaScript libraries, with good mobile optimization and accessibility. Security posture is solid with HTTPS enforcement and domain transfer protection, though improvements like DNSSEC and enhanced security headers are recommended. Privacy policies are comprehensive and GDPR compliant, reflecting a mature approach to data protection. Overall, the website projects a professional and trustworthy image aligned with its business objectives.

E

EAURKA

eaurka.fr

56

EAURKA is a French commercial agency specializing in multi-brand representation within the energy sectors of HVAC (génie climatique), plumbing, and sanitary services, focusing on the Centre, Auvergne, and Limousin regions. The website presents a professional and regionally targeted business with clear service offerings and a consistent brand identity. The technical infrastructure is based on the Squarespace platform, leveraging its CMS and hosting capabilities, with moderate performance and good mobile optimization. Security posture is solid with HTTPS and HSTS enabled, though it lacks some advanced security headers and explicit privacy and terms policies. The absence of WHOIS registrant data reduces domain trustworthiness and suggests a need for improved transparency. Overall, the site is functional and professional but would benefit from enhanced compliance and security disclosures.

L

Loxam

loxam.de

70

Loxam is a leading company specializing in the rental and sale of professional equipment for construction, industrial, and landscaping sectors. The company targets both private customers and business clients, offering a wide range of machinery including mini excavators, chainsaws, aerial work platforms, and more. Their market position is strong in Germany and internationally, supported by a large network of branches and a comprehensive online presence. The website reflects a mature digital infrastructure built on SAP Hybris Commerce, with responsive design and integrated search capabilities. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though some security headers are missing and incident response details are not publicly disclosed. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, supporting a large enterprise business model.

S

senserobotchess

senserobotchess.com

67

SenseRobot is an e-commerce business specializing in AI-powered robotic board games including Chess, Go, Gomoku, and Xiangqi. The company positions itself as the official AI provider of the European Chess Union, targeting enthusiasts, learners, and educational institutions. Their products feature advanced robotics and AI capabilities to enhance learning and play experiences. Technically, the website is built on the Shopify platform, leveraging modern web technologies and third-party marketing tools such as Klaviyo and Facebook Pixel. The site is well-structured, mobile-optimized, and includes privacy and cookie consent mechanisms, reflecting a good level of digital maturity. Security posture is solid with HTTPS enforced and no exposed sensitive data, though explicit security headers and incident response information are lacking. The absence of WHOIS registration data is a notable concern, potentially indicating a very new domain or privacy protection, which slightly impacts trust. Overall, the website is professional and functional, but improvements in transparency and security policies are recommended.

E

European Powerlifting Federation (EPF)

epfmalta.com

53

The website epfmalta.com serves as the official platform for the European Open, Sub-Junior, Junior & Masters Equipped & Classic Bench Press Championships scheduled in Malta in September 2025. It provides comprehensive event information, accreditation processes, booking options for accommodation, transportation, and banquet tickets, targeting athletes, coaches, officials, and powerlifting enthusiasts. The site is positioned as a key communication channel for the European Powerlifting Federation's event, showcasing partner logos and official messages to build trust and engagement. Technically, the site is built on WordPress using the Divi theme, hosted with domain registration via GoDaddy and DNS managed by Cloudflare. The site is secured with HTTPS and domain status locks, but lacks DNSSEC and advanced security headers. Performance and mobile optimization are moderate to good, with basic accessibility and SEO practices in place. From a security perspective, the site demonstrates fundamental protections such as HTTPS and domain locking but lacks comprehensive security headers, vulnerability disclosure mechanisms, and privacy compliance documentation. No privacy or cookie policies were found, indicating compliance gaps with GDPR and related regulations. Contact information is limited to an email address for sponsorship inquiries, with no phone numbers or physical addresses clearly provided. Overall, the website is functional and professional for its event purpose but requires improvements in privacy compliance, security best practices, and transparency to enhance trustworthiness and regulatory adherence.

M

Material para Crossfit®, Gimnasio y Fitness | Maniak Fitness

maniakfitness.com

51

Maniak Fitness operates a professional e-commerce website specializing in Crossfit®, gym, and fitness equipment primarily targeting the Spanish market and European customers. The site offers a broad catalog of products including Cross Training gear, Functional training equipment, Weightlifting and Powerlifting accessories, Cardio machines, and Apparel. The business appears established with a domain age of over 10 years and consistent registration data. Technically, the website uses modern JavaScript libraries, Google Tag Manager for analytics, and is mobile optimized with good SEO practices. Security posture is moderate with HTTPS enforced and cookie consent implemented, but lacks explicit privacy policy, terms of service, and security headers. No blocking or WAF mechanisms were detected, allowing full content access. Overall, the site demonstrates a solid business presence with room for improvement in privacy and security transparency.

F

Falcony

incy.io

72

Falcony is a technology company specializing in mobile-first incident reporting and compliance solutions. Their flagship product, Observe, enables users to report incidents directly from their mobile devices, streamlining compliance processes. Recently, Falcony joined the WeKomply family, enhancing its market position and expanding its compliance solution offerings. The website is professionally designed using Webflow CMS, with good mobile optimization and clear navigation. It employs modern technologies including Google Tag Manager and Cookiebot for analytics and consent management. Security posture is strong with HTTPS enforced and comprehensive cookie consent mechanisms in place. However, the absence of visible contact information and security incident response details suggests areas for improvement. Overall, the website reflects a legitimate and professional SaaS business with a focus on compliance and user privacy.

R

Rugby Europe

rugbyeurope.eu

78

Rugby Europe is the governing body responsible for the administration and promotion of rugby union across European countries outside the Six Nations Championship. The organization focuses on organizing competitions, developing rugby at various levels, and serving the rugby community in Europe. The website serves as the official digital presence, providing information and resources related to European rugby activities. Technically, the website employs modern web technologies including Google Tag Manager for analytics and Cookiebot for cookie consent management, hosted on a reliable Azure CDN platform. The site is mobile-optimized and includes structured data for enhanced SEO. Security-wise, the site enforces HTTPS and implements a comprehensive cookie consent mechanism, though lacks some advanced security headers and explicit security policies. Overall, the website is professional and trustworthy, but could improve privacy compliance and transparency by publishing privacy and terms of service policies and providing clear contact information. The domain WHOIS data is protected by EURid privacy services, which is common and justified for this type of organization.

T

Two Daughters Entertainment Ltd.

moleyofficial.com

59

Moleyofficial.com is a children’s entertainment website operated by Two Daughters Entertainment Ltd., offering games, videos, quizzes, and activities related to the Moley TV show. The site targets children and families, providing engaging content and linking to official merchandise and broadcast partners. The business operates in the media sector with a small company size and a recent founding date of 2021. Technically, the website uses modern web fonts, Google Tag Manager, and Mailchimp for marketing, with a moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled but lacking advanced security headers and DNSSEC. Privacy compliance is addressed with a children-focused privacy policy and cookie consent banner, though terms of service and incident response policies are absent. Overall, the site is professional and trustworthy but could improve security and compliance transparency.

L

Latvijas Hokeja Federācija

lhf.lv

53

Latvijas Hokeja Federācija (LHF) is the national governing body for ice hockey in Latvia, providing comprehensive information about Latvian ice hockey including news, statistics, tournaments, teams, referees, and organizational details. The website targets ice hockey players, fans, coaches, and officials within Latvia and offers a centralized platform for updates and resources related to the sport. The business model is non-profit and focused on sports federation activities, supported by multiple sponsors and partners. Technically, the website employs modern JavaScript frameworks such as Vue.js and jQuery, integrates social media SDKs, and uses Google Analytics for visitor tracking. The site is mobile-optimized with good navigation and content relevance, though accessibility features are basic. Security posture is solid with HTTPS enforced and cookie consent implemented, but lacks some security headers and explicit privacy and terms policies. WHOIS data is unavailable due to query limits, but website content and contact details indicate legitimacy. Overall, the site is professional and trustworthy with room for improvement in privacy compliance and security best practices.

W

Webbpartner AB

mediapaper.se

44

MediaPaper is a Swedish company specializing in converting traditional print materials such as PDFs into interactive digital publications. Their platform offers an easy-to-use SaaS solution that enables users to quickly digitize and distribute content optimized for multiple devices. The company targets businesses and individuals seeking to enhance their print materials with interactive features like clickable links and embedded videos. The website is professionally designed, mobile-optimized, and provides clear contact information, reflecting a credible and customer-focused business. Technically, the site is built on ASP.NET WebForms with modern JavaScript libraries and integrates third-party marketing and analytics tools such as Google Analytics and Leadfeeder. Security posture is good with HTTPS enabled and secure form handling, though some security headers could be improved. Privacy compliance is basic with a cookie consent mechanism and a cookie policy page, but no explicit privacy or security policies are found. WHOIS data for the exact domain is unavailable, suggesting the domain may be a subdomain or registered differently, which slightly impacts trust but does not detract from the overall legitimacy. Strategic recommendations include enhancing security headers, publishing security and privacy policies, and improving accessibility features.

A

Ask Any Difference

trackduck.com

71

Ask Any Difference is a small technology-focused informational website founded in 2019, providing a broad range of articles, guides, and tutorials related to computer software and technology. The site targets individuals interested in improving their computer skills and understanding software programs. The business model centers on content publishing with monetization likely through affiliate marketing and advertising. Technically, the site is built on WordPress with common performance and SEO optimizations, including caching and structured data markup. The hosting and domain registration are consistent and legitimate, with no privacy protection used, indicating transparency. Security posture is basic with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. The site integrates multiple third-party marketing and analytics tools, including Google Tag Manager and JourneyMV scripts. Overall, the website is functional, content-rich, and moderately secure but would benefit from enhanced security practices and privacy compliance improvements.

A

AERMEC

aermec.fr

50

AERMEC is a well-established French company specializing in HVAC solutions, particularly terminal units and chillers. With over 55 years of experience and a strong market position, it serves diverse sectors including residential, commercial, industrial, and data centers. The website reflects a mature digital presence with detailed regional contacts and product information. Technically, the site uses Joomla CMS with modern front-end frameworks and includes standard security measures such as HTTPS and CAPTCHA-protected forms. However, there is room for improvement in security headers and explicit security policies. Privacy compliance is addressed with cookie consent and a privacy policy accessible via legal mentions. Overall, the site demonstrates good business credibility and technical implementation, suitable for its industry and audience.

T

Tartumaa Omavalitsuste Liit

tartumaa.ee

51

Tartumaa Omavalitsuste Liit is a regional governmental association representing municipalities in Tartu County, Estonia. The organization focuses on local governance, regional cooperation, education, welfare, culture, and strategic development. Their website serves as an information hub for residents, officials, and partners, providing news, event updates, and resources relevant to the county's municipalities. The association operates as a non-profit entity with a clear regional focus and a small organizational size. Technically, the website is built on the Voog CMS platform and utilizes modern web technologies including jQuery, Vue.js, Axios, Google Fonts, and Google Maps API. The site is mobile-optimized with a clear navigation structure and moderate performance. Security measures include HTTPS enforcement and Google reCAPTCHA integration on the contact form, though additional security headers and policies could enhance the security posture. From a security perspective, the site shows good baseline practices but lacks comprehensive privacy and cookie policies, as well as vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's governmental nature, supporting legitimacy and trustworthiness. Overall, the website is professional, trustworthy, and serves its intended audience effectively. However, improvements in privacy compliance and security hardening are recommended to align with best practices and regulatory requirements.

C

CoreIT

coreit.se

65

CoreIT is a Swedish IT company providing a comprehensive range of IT services targeting businesses and organizations. The website is built on a modern WordPress platform using Elementor, indicating a moderate level of digital maturity. The site features good design quality, mobile responsiveness, and SEO optimization, supporting a positive user experience. However, the absence of WHOIS data for the exact domain queried limits the ability to fully verify domain legitimacy and business registration details. Security posture is moderate with no visible advanced security headers or policies, and privacy compliance is weak due to missing privacy and cookie policies. Tracking technologies such as Facebook Pixel and LinkedIn Insight are used, indicating moderate user tracking. Overall, the website presents a professional front but would benefit from enhanced transparency and security practices.

Cuper.se is a Swedish online platform serving as the country's largest and most comprehensive cup register for sports tournaments, primarily targeting sports clubs and event organizers. The service offers free registration of cups, tournaments, and series, enhancing visibility for organizers both within the platform and via search engines. The website is operated by CoreIT, a Swedish technology company, and integrates with partner services such as CupOnline for tournament administration and live result reporting. The platform holds a strong market position within its niche in Sweden, supported by a domain with a long history dating back to 2005. Technically, the website is custom-built, leveraging modern web technologies such as Material Icons, Google Fonts, and JavaScript libraries including Modernizr. The site is mobile-optimized with good navigation and SEO practices, though it lacks a CMS and some advanced accessibility features. Performance is moderate, and the site uses Google Tag Manager and Google Analytics for user tracking, with a cookie consent mechanism in place to comply with GDPR requirements. From a security perspective, the site uses HTTPS but lacks DNSSEC and advanced security headers, which could be improved to enhance DNS and web security. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a published security policy, incident response contacts, and Terms of Service pages indicates room for maturity in security governance and compliance documentation. Overall, Cuper.se presents a trustworthy and functional service with a solid business foundation and technical implementation. Strategic improvements in security policies, DNS security, and compliance documentation would further strengthen its risk posture and user trust.

The Outdoor Industries Association (OIA) CIC is a UK-based non-profit membership organization representing over 200 entities in the outdoor recreation sector. It provides advocacy, representation, promotion, and leadership services to unite the industry with a common voice. The website is professionally designed using WordPress with modern plugins for SEO, performance, and membership management. It targets industry members, retailers, NGOs, and related organizations in the UK outdoor recreation market. The site features comprehensive content including news, events, membership information, and resources. Technically, the site uses a modern tech stack with performance optimizations and is mobile responsive. Security posture is good with HTTPS enforced and some security headers present, though explicit privacy and cookie policies are missing. Analytics tracking is implemented with Google Analytics and PixelYourSite, with moderate user tracking. WHOIS data for the queried domain 'www.theoia.co.uk' is unavailable due to domain naming rules, indicating a possible misconfiguration or incorrect domain query, which slightly impacts trust. Overall, the site is credible and professional but would benefit from enhanced privacy compliance and published security policies.

NEXTING s.r.l. is an Italian media company specializing in TV content production, broadcast services, OTT solutions, communication, and innovative technologies such as AR and VR. The company operates internationally with ENG crews and offers multimedia OTT platforms focused on cultural heritage. Their business model is service-oriented, supported by European and regional funding for research and development projects. The website presents a professional image with clear contact information and social media presence, targeting media and broadcast clients. Technically, the website uses common web technologies including jQuery, FontAwesome, and Google Fonts. The site is mobile-optimized with good navigation and content relevance. However, no CMS or hosting provider information is evident. Performance is moderate, and accessibility is basic. No analytics or tracking scripts were detected, indicating minimal user tracking. From a security perspective, the website lacks visible security headers and published privacy or cookie policies, which impacts compliance and trust. The WHOIS data is missing or indicates the domain is unregistered, which is a significant concern for legitimacy. No forms or incident response contacts are present, limiting data protection and security readiness. Overall, the site is functional and professional but requires improvements in security posture, privacy compliance, and domain registration transparency to enhance trust and reduce risk.

V

Visit Talsi

visittalsi.com

44

Visit Talsi is a regional tourism information center website dedicated to promoting the Talsi region in Latvia. The site provides comprehensive information about local attractions, events, accommodations, and dining options, targeting tourists and visitors interested in exploring the area. The business operates as a small entity focused on hospitality and regional tourism promotion, with a clear market position as a trusted local information source. The website is multilingual, primarily in Latvian, with options for English, German, Estonian, Lithuanian, and French, enhancing accessibility for international visitors. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, Google Maps API, and Google Fonts. It uses common plugins such as MonsterInsights for Google Analytics tracking. The site is mobile-optimized and accessible, with good SEO practices and clear navigation. Hosting is via name servers cloudns1.hostnet.lv and cloudns2.hostnet.lv, though the exact hosting provider is not explicitly identified. From a security perspective, the site uses HTTPS with a valid SSL configuration and has domain transfer protection enabled. However, DNSSEC is not enabled, and no advanced security headers were detected. There is no visible privacy policy, cookie policy, or terms of service, and no consent mechanism for tracking cookies, which poses compliance risks under GDPR. Incident response and security policies are not published, indicating a low maturity in security governance. Overall, the website is professional, trustworthy, and serves its business purpose well but requires improvements in privacy compliance and security best practices to reduce risk and enhance user trust. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enabling DNSSEC, adding security headers, and publishing incident response contacts.

E

ENGSO Youth

engsoyouth.eu

70

ENGSO Youth is a European non-profit organization dedicated to empowering youth in grassroots sports. Founded in 2002, it serves as the independent youth body of the European Sports NGOs, advocating for youth rights and inclusion in sports. The organization operates through multiple working groups and projects focusing on education, employability, sport diplomacy, health, social inclusion, and sustainable development. It maintains partnerships with prominent European and international institutions, enhancing its credibility and influence. Technically, the website is built on WordPress with Elementor, leveraging modern web technologies such as jQuery and Font Awesome. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Performance is moderate, with room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks some recommended security headers and a cookie consent mechanism, which are important for compliance and protection. No critical vulnerabilities or suspicious activities were detected. Overall, ENGSO Youth presents a trustworthy and professional online presence with a solid business model and technical foundation. Strategic improvements in privacy compliance and security hardening would further enhance its posture.

T

The European Organisation for Grassroots Sport (ENGSO)

engso-education.eu

60

The European Organisation for Grassroots Sport (ENGSO) operates a dedicated education portal aimed at supporting the development of grassroots sport across Europe. The website offers a comprehensive range of educational resources, research publications, seminars, and e-courses focused on equality, governance, and the societal role of sport. ENGSO positions itself as a leading voice in voluntary grassroots sport, supported by EU funding and partnerships. The target audience includes sport professionals, voluntary organizations, and stakeholders involved in grassroots sport development. Technically, the website is built on WordPress using the Enfold theme and Elementor page builder, leveraging modern web technologies such as Google Tag Manager and Cloudflare Zaraz for analytics and performance. The site is mobile-optimized with good SEO and accessibility practices, although some accessibility features could be enhanced. Performance is moderate, with a well-structured and professional design. From a security perspective, the site enforces HTTPS and includes a Content Security Policy header, indicating a solid baseline security posture. However, additional security headers and formal security policies are absent. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanisms, aligning with GDPR requirements. Overall, the website presents a trustworthy and professional front for ENGSO's educational mission. The main limitation is the absence of WHOIS data, which restricts domain trust verification. Despite this, the presence of EU funding disclosures and consistent branding supports legitimacy. Strategic recommendations include enhancing security headers, publishing incident response and security policies, and verifying domain registration details to improve trustworthiness.

U

Uma Mekk

umamekk.ee

44

Uma Mekk is a regional food brand based in Estonia, specifically targeting the Vana-Võromaa area. The website serves as a platform for local food and beverage producers to obtain branding and certification under the Uma Mekk trademark. The business model focuses on promoting local food products and supporting regional producers. The website is built on WordPress using the Divi Builder and Bootstrap framework, indicating a modern and maintainable technical infrastructure. SEO is enhanced with Yoast SEO and structured data, improving search visibility. The site is mobile optimized and includes cookie consent mechanisms, reflecting awareness of privacy regulations. Security posture is solid with HTTPS and security headers implemented, though explicit privacy and security policies are absent. Tracking via Google Analytics and Facebook Pixel is present, indicating moderate user data collection. Overall, Uma Mekk presents a credible and professional online presence for a small regional food brand.

K

kalateave.ee

kalateave.ee

42

The website kalateave.ee serves as the Fisheries Information Centre for Estonia, focusing on enhancing knowledge and sustainability in fisheries, aquaculture, and aquatic resource utilization. It targets industry professionals, non-profits, research institutions, and the general public interested in fisheries. The site offers informational content, research publications, educational materials, and event announcements, positioning itself as a central knowledge hub in the Estonian fisheries sector. Technically, the site is built on Joomla CMS with modern web technologies including jQuery, Bootstrap, and FontAwesome, and integrates Google Analytics for visitor tracking. The site is mobile-optimized and has good SEO practices but lacks some accessibility features and security headers. Security posture is solid with HTTPS enforced and CSRF protections, but there is room for improvement in privacy compliance and explicit security policies. Overall, the site is professional and trustworthy but should enhance privacy transparency and security headers to align with best practices.

The website www.norway-hei.com is a personal informational site focused on Norwegian culture, history, food, and language, created by a native author. It serves a niche audience interested in authentic Norwegian experiences and provides rich content including stories, recipes, and cultural insights. The business model appears to be primarily advertising-based, leveraging Google Adsense and related ad networks. Technically, the site is built on the SBI! CMS platform with standard HTML, CSS, and JavaScript, but lacks advanced frameworks or modern infrastructure. Performance and mobile optimization are basic, with room for improvement in accessibility and SEO. Security posture is moderate with HTTPS enabled but missing important security headers and policies. No privacy, cookie, or terms of service policies are present, and no contact information is provided, which impacts privacy compliance and business credibility. Critically, WHOIS data for the domain is missing or unavailable, raising concerns about domain legitimacy and trustworthiness. Overall, the site is functional and content-rich but requires significant improvements in security, compliance, and transparency to enhance trust and professionalism.

Global Water Partnership (GWP) is an established international organization focused on water resource management and investment initiatives. The website serves primarily as a landing page announcing a transition to a new phase called the Global Transformation Agenda On Water Investments and directs users to a new website (gwpo-gwp.org). The organization appears to be a non-profit or partnership entity with a global focus on water-related projects. The domain has a long history dating back to 1996, supporting its legitimacy and established presence. Technically, the website uses common web technologies including Google Analytics, Google Tag Manager, and Facebook SDK for tracking and marketing purposes. The hosting provider appears to be Loopia based on DNS nameservers. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. No CMS or major frameworks are detected from the provided data. From a security perspective, HTTPS is enabled, but no DNSSEC or security headers are present, which reduces the overall security posture. There are no visible forms or data collection points on the landing page, limiting attack surface but also limiting user engagement. Privacy and cookie policies are absent, indicating poor privacy compliance. No contact information or incident response details are provided, which may impact user trust and compliance. Overall, the website is functional but minimalistic, with room for improvement in privacy compliance, security hardening, and content richness. The domain registration data aligns well with the organization's identity, supporting trustworthiness. Strategic improvements in security headers, privacy policies, and user engagement features are recommended to enhance the website's credibility and compliance.

E

Eesti Kirjanduse Selts

raamatuaasta.ee

56

The website raamatuaasta.ee is a professionally designed cultural and educational platform dedicated to celebrating 500 years of Estonian books and language. It is supported by key Estonian governmental and cultural institutions and targets a broad audience including the general public, educators, students, and cultural enthusiasts. The site offers extensive event listings, exhibitions, and educational programs, reflecting a strong national cultural initiative. Technically, the site uses modern frameworks like SvelteKit, integrates Google Maps API for event locations, and is hosted with Cloudflare DNS, ensuring good performance and security basics. However, it lacks published privacy and cookie policies, which are critical for GDPR compliance. Security posture is solid with HTTPS but could be improved with additional security headers and incident response information. Overall, the site is trustworthy and credible, with a clear business model as a government-supported cultural project.

T

Tallinna Vesi

tallinnavesi.ee

42

Tallinna Vesi is a well-established water utility company based in Estonia, primarily serving the Tallinn region with water supply and wastewater treatment services. The company demonstrates a strong market position supported by comprehensive service offerings including water purification, meter installation, and customer self-service portals. Their website reflects a professional digital presence with multilingual support and investor relations, indicating a mature business model focused on transparency and customer engagement. Technically, the site is built on WordPress with modern plugins and scripts, ensuring good performance and SEO optimization. Security posture is robust with HTTPS enforcement and ISO certifications, although improvements can be made in security headers and incident response transparency. Privacy compliance is mostly adequate but lacks a visible cookie consent mechanism, which should be addressed to fully comply with GDPR requirements. Overall, the website and domain data indicate a trustworthy and credible organization with a solid digital infrastructure.

S

Sisevete festival

sisevetefestival.ee

47

The Sisevete festival website represents a regional cultural event focused on Estonia's largest inland water bodies, offering a 12-day program of activities, workshops, and concerts. The site targets watercraft enthusiasts and cultural visitors, providing detailed event information and a newsletter subscription. Technically, the website is built on the Voog CMS platform, utilizing modern web technologies such as jQuery and Facebook Pixel for marketing and tracking. The site is mobile-optimized with good navigation and content relevance. Security posture is solid with HTTPS enabled and no exposed sensitive data, though it lacks security headers and a cookie consent mechanism, which are recommended for enhanced protection and GDPR compliance. Overall, the website is trustworthy and professional, with room for improvement in privacy and security transparency.

Eesti Paralümpiakomitee is the official Estonian Paralympic Committee, a non-profit organization dedicated to supporting Paralympic athletes and promoting Paralympic sports within Estonia. The website serves as a hub for news, event calendars, athlete information, and organizational details, targeting athletes, supporters, and the general public interested in Paralympic sports. The organization maintains a clear national presence with sponsorships and social media engagement. Technically, the website employs a modern JavaScript stack including jQuery, Google reCAPTCHA, Axios, and sliders for dynamic content presentation. It uses HTTPS with a valid SSL configuration and integrates Google Analytics for visitor tracking. The site is moderately optimized for mobile and accessibility, with room for improvement in SEO and accessibility features. From a security perspective, the site benefits from HTTPS and CSRF token usage in forms, but lacks explicit security headers and detailed security or incident response policies. No privacy or cookie policies are present, which is a compliance gap. Contact information is clearly provided, enhancing trust and user engagement. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security hardening to align with best practices and regulatory requirements.

S

SYNLAB Holding Deutschland GmbH

synlab.fi

66

SYNLAB Suomi operates as a healthcare diagnostics service provider in Finland, offering laboratory testing and related services to individuals, healthcare professionals, companies, and municipalities. The website is part of the SYNLAB group, registered under SYNLAB Holding Deutschland GmbH in Germany, reflecting a mature and established business presence since 2013. The site supports multiple languages and provides online booking and result portals, indicating a customer-centric digital approach. Technically, the website leverages the BigCommerce platform with modern web technologies including asynchronous script loading, Google Fonts, and integration of analytics tools such as Facebook Pixel and Piwik PRO. The site demonstrates good mobile optimization and SEO practices, though accessibility features could be enhanced. Performance is moderate, with room for improvement in loading speed and technical modernization. From a security perspective, the site enforces HTTPS and includes standard security headers, but lacks DNSSEC and explicit security or incident response policies. No privacy or cookie policies were detected, which is a compliance gap given GDPR requirements. Tracking and marketing scripts are present, suggesting moderate user tracking. Overall, SYNLAB Suomi presents a professional and trustworthy online presence with a solid business foundation. However, improvements in privacy compliance, security transparency, and accessibility would strengthen its security posture and regulatory adherence.

The website kose.ee serves as a simple informational portal for Kose vald, a local government municipality in Estonia. It primarily functions as a redirect and contact hub linking users to the official Kose vald website (kosevald.ee) and its Facebook page. The site provides basic contact information including official email addresses and phone numbers but lacks comprehensive privacy, cookie, or terms of service policies. The content is minimal and targeted at residents or stakeholders seeking municipal information. Technically, the site is built on WordPress using common libraries such as jQuery, Bootstrap, and Font Awesome. Hosting appears to be managed by Zone Media OÜ, an Estonian registrar and hosting provider. The site uses HTTPS with good SSL configuration but lacks advanced security headers and modern privacy compliance features. Mobile optimization and accessibility are basic but functional. From a security perspective, the site shows moderate maturity with HTTPS enabled but no visible security policies or incident response contacts. No forms or user data collection mechanisms are present, reducing attack surface but also limiting user engagement. The absence of privacy and cookie policies indicates non-compliance with GDPR best practices, which is a risk for a government entity. Overall, the website is legitimate and consistent with its stated purpose but would benefit from enhanced security practices, privacy compliance, and improved user experience to better serve its audience and meet regulatory requirements.

E

Elkdata OÜ (registrar)

veetee.ee

46

VeeTee.ee is a small Estonian business specializing in outdoor recreational services including ski and snowboard rentals, canoe and rubber boat trips, and accommodation rental at Annemäe Puhkemaja. The company targets tourists and local outdoor enthusiasts seeking guided water and winter sports experiences. The website is built on WordPress with modern plugins and provides clear contact information and service descriptions. Technically, the site uses HTTPS and common WordPress technologies but lacks some security headers and explicit privacy consent mechanisms. Security posture is moderate with no critical vulnerabilities detected but room for improvement in policy transparency and compliance. Overall, the business appears legitimate with consistent domain registration data and a professional web presence.

Maaturism.ee is the official website of MTÜ Eesti Maaturism, a non-profit organization dedicated to promoting rural tourism in Estonia. The website offers comprehensive information about accommodation, active holidays, food services, health tourism, family vacations, themed farms, museums, seminars, weddings, and cooperation networks. It also highlights various projects aimed at developing rural tourism products and services, targeting tourists interested in nature and cultural experiences in Estonia and the Baltic region. The organization has a strong local presence and a network of members, positioning itself as a key player in Estonia's rural tourism sector. Technically, the website employs a modern tech stack including jQuery, Leaflet.js for mapping, Google Tag Manager, and Google Analytics for tracking. It uses HTTPS with a hosting provider Elkdata OÜ, an Estonian registrar and hosting company, ensuring secure connections. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. From a security perspective, the site uses HTTPS and asynchronous script loading, but no explicit security headers were detected. There is no visible vulnerability disclosure or incident response contact information. The WHOIS data is transparent and consistent with the website's business and location, supporting legitimacy. Overall, the site demonstrates a moderate to good security posture but could improve compliance and security best practices. The overall risk assessment is moderate with recommendations to implement privacy and cookie policies, add security headers, and establish vulnerability disclosure mechanisms to enhance trust and compliance.

A

AS Kihnu Veeteed

veeteed.com

56

AS Kihnu Veeteed operates as a regional ferry transportation service provider in Estonia, specializing in ferry routes connecting several islands including Kihnu, Vormsi, Hiiumaa, Saaremaa, and others. The company offers online ticket sales through a modern React-based single-page application, targeting residents and visitors requiring reliable ferry transport. The website is professionally designed with consistent branding and provides essential information such as schedules, routes, and news updates. Technical infrastructure leverages modern web technologies including React, Material-UI, service workers for offline capabilities, and Google Analytics for user behavior tracking. Hosting and DNS services are managed via Google Cloud infrastructure, ensuring reliable uptime and performance. Security posture is adequate with HTTPS enforced and domain transfer protection enabled; however, DNSSEC is not enabled and security headers are not explicitly present, indicating room for improvement. Privacy compliance is addressed with a cookie consent banner and a privacy policy page, though terms of service and security policies are absent. Overall, the website demonstrates a moderate to good level of digital maturity and business credibility, with recommendations to enhance security headers, DNSSEC, and incident response disclosures to strengthen trust and compliance.

A

AS Medisoft

medisoft.ee

43

AS Medisoft is an Estonian technology company with a domain registered since 2010, indicating a stable business presence. The website is built on WordPress using the Divi theme, reflecting a standard and professional digital infrastructure. The site appears to target a local or regional audience, though explicit business descriptions and contact details are not readily found in the provided content. The technical setup is moderate in performance and mobile optimization, but lacks advanced SEO and accessibility features. Security posture is average, with no detected security headers or explicit SSL/TLS configuration details, and no privacy or cookie policies are present, which may impact compliance and user trust. Overall, the website is functional and professional but would benefit from enhanced security and privacy compliance measures.

S

Spordikoolituse ja -Teabe Sihtasutus

spordiinfo.ee

56

Spordikoolituse ja -Teabe Sihtasutus is an Estonian government-affiliated foundation specializing in sports education, information management, and support services. It operates key national sports registers, administers coach certification and labor cost subsidies, and coordinates EU-funded sports projects. The website is well-structured, content-rich, and primarily targeted at sports organizations, coaches, and sports employees within Estonia. Technically, the site is built on WordPress with modern frameworks like Bootstrap and includes multilingual support and cookie consent mechanisms. Security posture is solid with HTTPS and nonce usage, but lacks advanced security headers and published security policies. The domain is well-established since 2010, registered by a credible Estonian registrar consistent with the organization's profile. Overall, the site demonstrates good professionalism and trustworthiness but could improve privacy compliance and security transparency.

F

Flavors of Livonia

flavoursoflivonia.com

45

Flavors of Livonia is a regional culinary tourism website focused on promoting the food heritage and cultural experiences of the historical Livonia region, covering Estonia and Latvia. The platform provides curated culinary routes, listings of local food producers, and information on traditional recipes and food heritage. The target audience includes tourists and culinary enthusiasts interested in exploring regional cuisine and culture. The business operates as a niche tourism promotion entity with a small-scale footprint and a focus on cultural preservation. Technically, the website uses a combination of jQuery, social media SDKs (Facebook and Twitter), Google Fonts, and various JavaScript libraries for UI and parallax effects. The site is mobile-optimized with a moderate performance profile. However, no explicit CMS or hosting provider information is evident. SEO and accessibility are basic but functional. From a security perspective, the site enforces HTTPS and includes a CSRF token, but lacks visible security headers and published privacy or cookie policies. No contact information or incident response channels are provided, which limits transparency and user trust. The WHOIS data indicates a stable domain registration with no privacy protection, consistent with the website's age and purpose. Overall, the site is professionally designed and serves its niche well but would benefit from enhanced privacy compliance, security hardening, and clearer contact and policy disclosures to improve trust and regulatory adherence.

T

Teeviit

teeviit.ee

56

Teeviit is an Estonian youth information portal affiliated with the Haridus- ja Noorteamet (Education and Youth Board). It provides comprehensive content on education, career, health, relationships, and social topics targeted primarily at young people. The website serves as a central hub for youth-related resources, including news, podcasts, event calendars, and partner portals such as Teeviit Juunior and Infohunt. The platform is well-positioned in the Estonian education and government sector as a trusted information source for youth.

E

Eliis Tarkvara

eliis.eu

55

ELIIS is a specialized online information system designed for pre-school organizations, including kindergartens, local governments, teachers, and parents. It offers a comprehensive suite of features such as curriculum planning, child development analysis, digital diaries, communication tools, and document management. The platform is positioned as a trusted solution across the EU, with over 15,000 teachers and 1,000 institutions relying on it. The business model is subscription-based, charging local governments per child, while teachers and parents have free access. The website is professionally designed, multilingual, and emphasizes GDPR compliance.

S

Sihtasutus Ida-Viru Investeeringute Agentuur (IVIA)

ivia.ee

52

Sihtasutus Ida-Viru Investeeringute Agentuur (IVIA) is a public sector development organization based in Estonia, specializing in the creation and management of modern industrial and business parks in the Ida-Viru region. The agency facilitates investment by offering land plots with established infrastructure and provides free support services to investors, including administrative assistance and networking. The website reflects a well-established regional development entity with a clear focus on industrial real estate and investment promotion. Technically, the site is built on WordPress with modern plugins and frameworks, optimized for SEO and mobile use, and integrates Google Maps and reCAPTCHA for enhanced user experience and security. Security posture is strong with HTTPS, security headers, and consent mechanisms in place, though formal security policies and incident response contacts are absent. Overall, the site presents a credible, professional, and trustworthy digital presence aligned with its public sector mission.

M

MTÜ Lastekaitse Liit

markalast.ee

41

MTÜ Lastekaitse Liit operates the 'Märka Last' web portal, a non-profit platform dedicated to promoting child rights and welfare in Estonia. The website offers a variety of content including opinion articles, podcasts, news updates, and educational resources targeting parents, children, youth, and child protection professionals. The organization is well-established with a domain registered since 2019 and maintains a consistent brand presence online. Technically, the site is built on WordPress using modern themes and plugins, ensuring a good user experience and mobile optimization. Security posture is adequate with HTTPS enforced and basic security practices in place, though improvements such as enabling DNSSEC and publishing a security.txt file are recommended. Privacy compliance is partially addressed with a cookie consent mechanism, but no explicit privacy policy or terms of service pages were found in the provided content. Overall, the website is professional, trustworthy, and serves its non-profit mission effectively.