Security Directory

L

L'Occitane en Provence

loccitane.com

72

L'Occitane en Provence operates a global e-commerce platform specializing in premium beauty and skincare products inspired by the Provence region. The website demonstrates a mature digital infrastructure leveraging Salesforce Commerce Cloud, React, and modern web technologies to deliver a responsive and accessible user experience. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a strong commitment to user data protection. Security posture is robust with HTTPS enforcement and standard security headers, though explicit security policies and incident response contacts are not prominently disclosed. Overall, the website presents a professional and trustworthy front for a large retail brand, with minor gaps in transparency around security and contact information.

M

Mikrosvín

mikrosvin.cz

56

Mikrosvín Mikulov is a well-established winery based in the Czech Republic, specializing in producing high-quality wines from the Mikulov wine region. The company emphasizes tradition, terroir, and craftsmanship, with a strong focus on heritage and quality. Their website showcases their history, production methods, key personnel, and numerous prestigious awards, positioning them as a reputable player in the regional wine market. The target audience includes wine consumers, hospitality businesses, and distributors primarily within the Czech Republic. Technically, the website uses modern JavaScript libraries such as jQuery, Google Tag Manager, and Google reCAPTCHA v3, indicating a moderate level of digital maturity. The site is mobile-optimized, accessible, and SEO-friendly, with a cookie consent mechanism supporting GDPR compliance. Security posture is good with HTTPS enforced and spam protection on forms, but lacks visible security headers and explicit security policies. The absence of WHOIS data reduces domain trustworthiness, though the website content and social media presence support legitimacy. Overall, the site is professional and trustworthy but could improve transparency and security practices.

O

OREON

somelierskepotreby.cz

61

The website somelierskepotreby.cz operates as an e-commerce platform specializing in sommelier supplies and wine accessories, targeting consumers and professionals interested in wine-related products primarily in the Czech Republic and EU. The business offers a range of products including wine cooling containers, racks, serving accessories, glassware, bottles, and gift sets, with additional services such as product branding. The site is professionally designed with clear navigation and multi-language support, enhancing user experience and accessibility. Technically, the website is built on the Shoptet CMS platform, utilizing common web technologies such as jQuery, Google Tag Manager, Google Analytics, Microsoft Clarity, and Facebook SDK. It leverages Amazon Cloudfront CDN for content delivery and integrates modern payment APIs like Google Pay and Apple Pay. Performance is moderate with good mobile optimization and basic accessibility features. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR requirements. However, it lacks explicit security headers such as Content-Security-Policy and X-Frame-Options, and uses an outdated jQuery version which could pose vulnerabilities. No critical security issues or exposed sensitive data were detected. Overall, the website presents a trustworthy and professional front for its niche retail business, though the absence of WHOIS data limits domain transparency and trust assessment. Strategic improvements in security headers and technology updates are recommended to enhance security posture and compliance.

M

MojeLahve.cz

lahvoteka.cz

47

MojeLahve.cz operates a specialized e-commerce marketplace called Lahvotéka, aggregating over 192 e-shops of Czech and Moravian winemakers offering more than 3600 wines. The platform supports local producers by enabling direct sales to consumers with free shipping across the Czech Republic. The website is well-established since 2010 and targets wine enthusiasts in the Czech market. Technically, the site uses modern web technologies including jQuery, Bootstrap, Google Fonts, and integrates Google Tag Manager and Tawk.to for analytics and live chat support. The platform is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate with HTTPS enabled and secure script usage, but lacks visible security headers and explicit privacy or cookie policies. No WAF or blocking mechanisms were detected, and the domain registration data is consistent and trustworthy.

M

Modus Medical Devices

modusqa.com

58

Modus Medical Devices, operating under the Modus QA brand, is a medium-sized Canadian company specializing in quality assurance products for medical physics, particularly in radiation therapy and medical imaging. The company is a subsidiary of IBA Dosimetry and offers a range of QA phantoms, software, and dosimetry tools designed to ensure accurate and effective patient treatment. Their market position is strong within the healthcare sector, targeting medical physicists and OEMs with a focus on precision and innovation. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery, Particles.js, and Slick Carousel. It uses Azure DNS hosting and integrates Google Tag Manager and Google Analytics for tracking. The site is mobile optimized with good SEO practices and a professional design, though some accessibility features could be improved. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and has domain transfer protections in place. However, DNSSEC is not enabled, and no explicit security headers were detected. There is no visible incident response or security policy published on the site. Privacy compliance is partial, with a clear privacy policy but no cookie consent mechanism despite the use of tracking scripts. Overall, the website is trustworthy and professional, with strong business credibility and good content quality. Strategic improvements in security headers, DNSSEC, and cookie consent would enhance the security posture and privacy compliance, further strengthening user trust and regulatory adherence.

H

Domovská stránka

helago-sk.sk

45

Helago SK operates as a specialized e-commerce platform serving the Slovak market with a focus on educational, healthcare, and laboratory products. The website offers a broad catalog of simulators, anatomical models, laboratory instruments, and technical teaching aids, targeting educational institutions, healthcare providers, and laboratories. The presence of sister sites in Czech and English indicates a regional market approach. Technically, the site employs modern web technologies including jQuery, Bootstrap 5, Google Tag Manager, and reCAPTCHA, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security policies and vulnerability disclosures are absent. Privacy compliance is basic, lacking a visible privacy policy or terms of service on the main page. Overall, the site is professionally designed with good navigation and content relevance but could improve transparency and contact information availability.

H

Homepage

helago-cz.com

48

Helago-cz.com operates as an e-commerce platform specializing in educational, healthcare, and laboratory equipment, targeting institutions and professionals in these sectors. The website offers a broad catalog of products including simulators, training kits, and laboratory instruments, positioning itself as a niche provider in the education and healthcare markets. Technically, the site employs modern web technologies such as jQuery, Bootstrap 5, and Google Tag Manager, indicating a moderate level of digital maturity. The presence of HTTPS and reCAPTCHA enhances security, though the absence of explicit security headers and privacy policies suggests room for improvement in compliance and security posture. The lack of WHOIS data for the domain is a notable anomaly that impacts trust and legitimacy assessments. Overall, the site is functional and professional but would benefit from enhanced transparency and security practices.

I

Izzy Trading, s.r.o.

foxii.cz

39

FOXii is a specialized cloud-based service software targeting companies with field service operations, primarily in the Czech and Slovak markets. The platform enables digitalization of service workflows including planning, protocol creation, and technician tracking. The company behind FOXii, Izzy Trading, s.r.o., founded in 2019, presents a professional and consistent online presence with clear contact information and GDPR compliance. Technically, the website uses modern JavaScript libraries and cloud hosting on DigitalOcean, with good mobile optimization and SEO practices. Security posture is solid with HTTPS and reCAPTCHA protections, though some security headers are missing. The site employs comprehensive cookie consent mechanisms and integrates multiple analytics and marketing tools with user consent.

C

CNC

cnc.cz

51

CNC is a Czech Republic-based company specializing in video communication and collaboration solutions, offering a broad portfolio of videoconferencing and teleconferencing equipment and services. With over 25 years of experience and more than 600 installations, CNC serves small to large companies across various sectors, emphasizing tailored solutions, ergonomic design, and comprehensive support including installation and training. The website is professionally designed, mobile-optimized, and provides clear contact channels and GDPR-compliant privacy and cookie policies. Technically, the site employs modern web technologies such as Bootstrap, jQuery, and Google Tag Manager, with secure HTTPS and reCAPTCHA protections on forms. Security posture is strong with no visible vulnerabilities or exposed sensitive data, though the site lacks a dedicated security policy or incident response page. Overall, CNC presents a trustworthy and credible business with a solid digital presence.

J

Jan Becher – Karlovarská Becherovka, a.s.

becherovka.cz

50

Jan Becher – Karlovarská Becherovka, a.s. operates a professional and well-branded website promoting its iconic Czech herbal bitter liqueur, Becherovka. The company has a strong market position as a traditional and internationally recognized brand with a history dating back to 1807. The website offers product information, cocktail recipes, company history, and visitor experiences, targeting adult consumers with appropriate age verification. Technically, the site is built on WordPress with modern plugins and tracking tools, providing a good user experience with multilingual support and mobile optimization. Security measures include HTTPS, cookie consent management, and an age gate, although no explicit incident response or vulnerability disclosure policies are published. WHOIS data is missing, which slightly impacts trust but the overall digital presence and compliance indicate a legitimate and professional operation.

E

Ektaco AS

ektaco.ee

53

Ektaco AS is an established Estonian technology company specializing in point-of-sale (POS) systems and workforce management solutions, with over 35 years of market presence. Their flagship products, CompuCash and CompuAccess, cater primarily to retail, hospitality, and manufacturing sectors, offering integrated hardware and software solutions. The company maintains a strong local market position supported by ISO 9001 certification and positive customer testimonials. Technically, the website is built on WordPress with modern integrations such as Google Analytics, Facebook Pixel, and Tawk.to live chat, complemented by a robust cookie consent mechanism ensuring GDPR compliance. Security posture is solid with HTTPS enforcement and reCAPTCHA protection on forms, though some security headers could be enhanced. Overall, the digital infrastructure supports a professional and trustworthy online presence.

The Local Europe AB operates a professional English-language news website focused on European news, travel, politics, and practical guides. Established in 2010 and headquartered in Stockholm, Sweden, it targets English-speaking residents and expatriates across Europe. The business model combines advertising, membership subscriptions, and job listings, positioning it as a reputable media outlet in its niche. The website features a modern, responsive design with comprehensive content and clear navigation, supported by a robust technical infrastructure including CMS, analytics, and membership management platforms. Technically, the site employs a variety of modern web technologies such as Google Tag Manager, Piano.io for membership/paywall, Cxense for content personalization, and MailerLite for newsletters. The site is well-optimized for mobile devices and SEO, though some accessibility features could be enhanced. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, but explicit security headers and incident response information are not publicly detailed. The absence of WHOIS domain registration data is a notable anomaly that impacts domain trustworthiness, although the website content and business information appear legitimate and professional. Privacy policies and cookie consent comply with GDPR, reflecting a commitment to user data protection. Overall, the site presents a low risk profile but would benefit from improved transparency in domain registration and security policies.

The Yes Men website represents a small, established activist collective founded in 2000, focusing on creative tactics and partnerships with other activist groups to further social campaigns. The organization provides educational resources, workshops, and media content such as movies and talks. The website is built on Drupal 9, indicating a modern CMS infrastructure, and integrates Google Analytics and Tag Manager with IP anonymization to track user engagement. While the site is professionally designed with good navigation and mobile optimization, it lacks explicit privacy, cookie, and terms of service policies, which are important for compliance and user trust. Security posture is moderate with HTTPS enabled but missing key security headers and incident response information. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the organization.

T

Ton

ton.com.br

64

Ton is a Brazilian fintech company specializing in payment processing solutions including card machines, mobile payment apps, and digital banking services. Positioned as a competitive player in the Brazilian market, Ton offers low transaction fees and integrated financial products targeting small and medium businesses, individual microentrepreneurs (MEI), and legal entities (PJ). The website demonstrates a professional and modern digital presence with comprehensive product information and customer testimonials. Technically, the site leverages modern frameworks such as Next.js and integrates multiple analytics and marketing tools, hosted on AWS infrastructure. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, although explicit security and incident response policies are not publicly available. Overall, Ton presents a trustworthy and well-structured online presence suitable for its target audience.

T

Tschudi Shipping Company AS

eml.ee

69

Tschudi Shipping Company AS is a well-established, family-owned Norwegian shipping and logistics group with a history dating back to 1883. The company offers a broad range of integrated services including shipping, ship management, transshipment, energy advisory, ocean industries support, offshore wind support, logistics, and financial services. With offices in 12 countries and a strong presence in the Nordics, Baltic, and Continental Europe, Tschudi Group positions itself as a reliable partner for maritime and logistics solutions worldwide. Technically, the website is built on the Webflow platform, utilizing modern web technologies such as jQuery, Google Analytics, and Google Tag Manager. The site is well-optimized for performance, mobile responsiveness, and SEO, providing an excellent user experience. Privacy and cookie policies are clearly presented with consent mechanisms, reflecting good privacy compliance practices. From a security perspective, the site uses HTTPS with good SSL configuration and anonymizes IPs in analytics. However, it lacks explicit security headers and does not provide a dedicated security policy or incident response contact information. The WHOIS data for the domain is incomplete or missing, which raises some concerns about domain registration transparency but does not directly contradict the legitimacy of the business given the strong branding and consistent subsidiary domains. Overall, the website demonstrates a high level of professionalism, trustworthiness, and technical maturity. The main risks relate to domain registration transparency and the absence of detailed security policies. Strategic recommendations include enhancing security headers, publishing incident response contacts, and verifying domain registration details to improve trust and compliance.

C

CSL Computer Service Langenbach GmbH d/b/a joker.com

visitnovalja.net

35

visitnovalja.net is an established Croatian hospitality platform specializing in private accommodation listings on the island of Pag. The website offers a comprehensive catalog of apartments, rooms, villas, and family hotels with direct contact options for travelers. It targets tourists seeking affordable and diverse lodging options in popular destinations such as Novalja, Stara Novalja, and surrounding areas. The business model focuses on connecting travelers directly with property owners, avoiding intermediaries. Technically, the site uses a custom CMS with common web technologies including jQuery, Bootstrap, and Google services for analytics and bot protection. The site is mobile optimized and provides a user-friendly search experience. Security posture is moderate with HTTPS enabled and reCAPTCHA integration, but lacks advanced security headers and has minor form input issues. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or GDPR explicit statements. Overall, the domain registration is consistent and supports the legitimacy of the business. Strategic improvements in security and privacy compliance would enhance trust and user safety.

C

CSL Computer Service Langenbach GmbH d/b/a joker.com

visitpag.net

35

Visitpag.net is an established Croatian online accommodation platform specializing in private rentals on the island of Pag, particularly in Novalja and surrounding areas. The website offers a comprehensive catalog of apartments, rooms, villas, and family hotels with direct booking contact forms, targeting tourists seeking affordable and direct accommodation options. The business operates with a mature domain registered since 2014 and maintains a consistent brand presence with a focus on local hospitality services. Technically, the site uses a custom CMS with common web technologies such as jQuery, Bootstrap, and Google Analytics, providing a moderately optimized user experience including mobile responsiveness. Security posture is basic with HTTPS implied but lacking advanced security headers and best practices, and privacy compliance is minimal with no cookie consent mechanisms despite GDPR applicability. Overall, the site is functional and credible but would benefit from enhanced security and privacy features to improve trust and compliance.

W

WMD HOSTING

wmd.hr

53

WMD HOSTING is a Croatian-based web hosting and domain registration provider offering a range of services including web development, SEO marketing, SSL certificates, and internet marketing. The company targets businesses and individuals seeking comprehensive web solutions, positioning itself as a regional player with promotional offers such as 'Hosting AKCIJA 1+1'. The website demonstrates a good level of digital maturity with modern technologies like Craft CMS, Bootstrap, jQuery, and integration of analytics and chat services. Security posture is solid with HTTPS, CSRF protection, and cookie consent mechanisms, although some security headers and explicit privacy policies are missing. Overall, the site is professional and trustworthy but could improve compliance transparency and contact accessibility.

B

BRAINZ STUDIOS

brainzstudios.cz

44

Brainz Studios is a medium-sized independent group of creative studios based in Prague, Czech Republic, founded in 2018. They offer a broad range of new media services including digital innovation, strategic communication, VR and AR immersive experiences, and brand building. The company operates multiple specialized studios and incubates startups and platforms, positioning itself as a creative and technological leader in the media industry. The website is professionally designed, mobile-optimized, and rich in content, reflecting a mature digital presence. Technically, the site uses modern frameworks such as Webflow, Vue.js, and GSAP, with integrated analytics and cookie consent mechanisms, indicating good digital maturity. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security headers and policies are absent. Overall, the site demonstrates high professionalism and trustworthiness, with clear contact information and client endorsements. Recommendations include publishing privacy and security policies and enhancing security headers to further improve compliance and security.

H

Human interaction company

burza.hr

55

Human interaction company is a specialized technology service provider focusing on AI and human-computer interaction solutions. The company positions itself as an end-to-end AI partner, offering services from concept through implementation. Their market presence is supported by global awards and a professional online presence, targeting businesses seeking advanced AI integration with human-centric design. Technically, the website is built on modern frameworks such as Next.js and integrates multiple analytics and tracking tools, indicating a mature digital infrastructure. The site is mobile-optimized and demonstrates good SEO practices. Security-wise, the site uses HTTPS and modern analytics scripts but lacks explicit security headers and published security policies, suggesting room for improvement in security posture. The WHOIS data is missing or privacy protected, which slightly reduces trust but is not uncommon for tech companies. Overall, the website is professional, secure, and compliant with privacy regulations, though it could benefit from enhanced transparency in security and terms of service documentation.

E

Eesti E-kaubanduse Liit

e-kaubanduseliit.ee

53

Eesti E-kaubanduse Liit is a well-established non-profit association uniting over 530 reputable e-commerce businesses in Estonia, operating for more than 16 years. The organization focuses on fostering collaboration, trust, and growth within the Estonian e-commerce sector by providing education, events, legal guidance, and a recognized trustmark certification called 'Turvaline ostukoht'. The website reflects a mature market position with strong community engagement and a clear mission to improve the e-commerce ecosystem in Estonia. Technically, the site is built on Webflow, leveraging modern web technologies and Google Tag Manager for analytics and consent management. The site is mobile-optimized, accessible, and professionally designed, providing a positive user experience. Security posture is strong with HTTPS enforced and a comprehensive cookie consent mechanism integrated with Google Consent Mode, although some security headers could be improved. No critical vulnerabilities or suspicious patterns were detected. Overall, the website and business demonstrate high credibility and trustworthiness.

P

Printshop • Digitalni tisak

printshop.hr

54

Printshop.hr is a Croatian digital printing service provider established in 2014, offering a wide range of business and promotional printing products such as business cards, flyers, posters, and canvas prints. The company operates an e-commerce platform allowing customers to calculate prices and order online, targeting businesses and individuals within Croatia. The website is professionally designed with good navigation, mobile optimization, and relevant content focused on its core services. Technically, the site uses modern web technologies including Bootstrap, Google Analytics, Microsoft Clarity, and October CMS, hosted likely within Croatia under the CARNET registrar. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is good with visible privacy and cookie policies aligned with GDPR requirements. No critical vulnerabilities or suspicious indicators were found. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

Zakon.hr is a well-established Croatian legal information portal operated by cyber_Folks d.o.o., providing comprehensive access to laws, regulations, and legal documents. The website targets legal professionals, businesses, and the general public seeking reliable legal information. It maintains a strong market position as a leading legal resource in Croatia, supported by updated content and a related AI legal assistant service, Zakon.ai. The business model appears to be a combination of subscription and advertising revenue streams.

R

Runa Capital

runacap.com

68

Runa Capital is a well-established global venture capital firm specializing in early-stage investments in software and deep tech startups. With over $600 million in assets under management and a presence in multiple countries, the firm targets deeptech, enterprise software, and fintech infrastructure sectors. The website reflects a professional and consistent brand image, supported by a modern WordPress infrastructure and comprehensive SEO optimization. The firm maintains multiple global offices, reinforcing its international market position. Technically, the website employs a modern tech stack including Google Analytics, HubSpot, and Cloudflare DNS services, ensuring good performance and mobile optimization. The site is secured with HTTPS and domain registration protections, although DNSSEC is not enabled. Privacy compliance is partially addressed with a clear privacy policy, but lacks a cookie consent mechanism and explicit security policies. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but could be improved by adding security headers, vulnerability disclosure policies, and incident response contacts. Overall, the website is trustworthy and professional, with moderate user tracking and good advertising transparency. Strategically, Runa Capital should focus on enhancing privacy compliance and security transparency to align with evolving regulatory requirements and improve user trust further.

Y

Yufe

yufe.hr

70

YUFE (Young Universities for the Future of Europe) is a European University Alliance comprising 10 partner universities, focused on providing innovative educational opportunities, civic engagement activities, and staff development across Europe. The alliance is recognized by the European Commission and aims to add a European dimension to studies and careers. The website is professionally designed, content-rich, and well-structured, targeting students, researchers, academic staff, citizens, and organizations. It leverages modern web technologies including WordPress, Google Tag Manager, and multimedia embeds to deliver an engaging user experience. Security posture is good with HTTPS and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is evident with GDPR-aligned policies and cookie management. The domain is privacy-protected under EURid, which is typical for .eu domains and justified for this type of organization. Overall, the website presents a trustworthy and credible digital presence for an educational alliance.

Y

Yufe

yufe.eu

70

YUFE (Young Universities for the Future of Europe) is a European University Alliance comprising 10 partner universities. The organization focuses on providing innovative educational programs, including on and offline university-level courses, civic engagement activities, language courses, and staff development opportunities across Europe. The website presents a professional and well-structured digital presence, targeting students, researchers, academic staff, citizens, and organizations interested in European higher education collaboration. Technically, the site is built on WordPress with modern integrations such as Google Tag Manager, Mailchimp, and video embeds from Vimeo and YouTube, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and privacy compliance mechanisms in place, although no explicit security policy or incident response contacts are published. Overall, the site is trustworthy, well-branded, and compliant with GDPR, supporting its role as a reputable educational alliance.

Z

Zavod za kulturo, turizem in šport Murska Sobota

visitmurskasobota.si

50

Visit Murska Sobota is a regional tourism and cultural promotion website managed by the Zavod za kulturo, turizem in šport Murska Sobota. The site provides comprehensive information about local events, sustainable transport options, accommodation, dining, and cultural experiences targeting tourists and local visitors. The business operates as a small regional institute focused on enhancing the visibility and attractiveness of Murska Sobota and the Pomurje region. Technically, the website is built on WordPress with multilingual support and integrates common marketing and analytics tools such as Google Analytics and Tag Manager. The site is hosted by NEOSERV.si, a Slovenian hosting provider, and uses HTTPS with a good SSL configuration. Security posture is adequate with cookie consent and GDPR compliance, though it lacks some security headers and has an expired Instagram API token causing feed errors. Overall, the website is professional, trustworthy, and well-structured, with clear contact information and partner affiliations. Strategic improvements include renewing third-party API tokens, enhancing security headers, and improving accessibility features.

D

Direktno.hr

direktno.hr

58

Direktno.hr is a Croatian news media website delivering a wide range of news content including politics, local news, sports, and international affairs. The site targets a general Croatian-speaking audience and operates primarily on an advertising-supported business model. It holds a moderate market position as a regional news outlet with a medium-sized operation. The website features a professional design with consistent branding and good content quality, supporting user engagement and trust. Technically, the website employs a modern technology stack including Google Analytics, Google Tag Manager, Facebook SDK, Chartbeat, Hotjar, and New Relic for performance monitoring. It appears to be built on the Newscoop CMS platform, which is common for news organizations. The site is mobile optimized and performs moderately well, with basic accessibility and good SEO practices. From a security perspective, Direktno.hr enforces HTTPS and implements standard security headers such as Content-Security-Policy and Strict-Transport-Security. There is no evidence of exposed sensitive data or vulnerable libraries in the HTML content. However, the site lacks a dedicated security policy page, vulnerability disclosure program, and explicit incident response contacts, which are areas for improvement. Overall, the website is legitimate and trustworthy, with privacy policies and cookie consent mechanisms in place to comply with GDPR. The WHOIS data is privacy protected, which is justified given the EU jurisdiction and media nature of the site. No WAF or blocking mechanisms were detected, allowing full content access. Strategic recommendations include enhancing security transparency, improving accessibility, and maintaining regular audits of third-party scripts to mitigate risks.

H

Hrvatski zavod za zdravstveno osiguranje

hzzo.hr

60

Hrvatski zavod za zdravstveno osiguranje (HZZO) is the Croatian Institute for Health Insurance, a government entity responsible for providing mandatory and supplementary health insurance services to Croatian citizens and business entities. The website serves as a comprehensive portal offering information on health insurance, parental support, e-health services, and access to various forms and contact points. It targets both individual citizens and business partners, positioning itself as the national authority in health insurance within Croatia. Technically, the website is built on Drupal 11 CMS, utilizing modern web technologies including jQuery, Hotjar for user behavior analytics, and Google Tag Manager for marketing and analytics integration. The site is mobile optimized, accessible, and well-structured with clear navigation and professional design. Performance is moderate, with no critical technical issues detected. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. While explicit security headers like Content-Security-Policy are not clearly detected, the site follows good security practices typical for government portals. No vulnerabilities or exposed sensitive data were found in the HTML content. However, incident response and security policy pages are not publicly available, which could be improved. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations. The lack of WHOIS data is due to GDPR restrictions and does not detract from the legitimacy of the domain, which is a Croatian government domain. Strategic recommendations include enhancing security header implementation, publishing security and incident response policies, and adding a vulnerability disclosure policy to improve transparency and security posture.

N

Narodne novine d.d.

nn.hr

56

Narodne novine d.d. is a well-established Croatian company with a 190-year tradition specializing in official government publications, legal books, educational programs, and commercial office supplies. The company serves government entities, legal professionals, and the general public, maintaining a strong market position as the official publisher of Croatia. The website reflects this professional stature with comprehensive content and a consistent brand image. Technically, the site uses legacy technologies such as jQuery 1.8.2 and bxSlider, with Google Analytics and Tag Manager for user tracking. While the site is functional and moderately optimized for mobile, there is room for modernization and improved accessibility. Security posture is good with HTTPS enabled and no visible vulnerabilities, but lacks advanced security headers and updated libraries. Privacy compliance is adequate with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site is trustworthy and professional, with a solid digital presence aligned with the company's business model and sector.

P

Povjerenik za informiranje

pristupinfo.hr

55

The website pristupinfo.hr serves as the official online presence of the Croatian Commissioner for Information, providing comprehensive resources related to the right of access to information. It targets both users seeking information and public authorities, offering legal frameworks, educational webinars, open data initiatives, and event calendars. The site is well-positioned as a government transparency and information access portal with a medium organizational size and a founding date consistent with its domain registration in 2013. Technically, the site is built on WordPress with a modern tech stack including Yoast SEO, Google Analytics, and Fusion Builder. It is hosted by CARNET, a reputable Croatian academic network, ensuring reliable infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. From a security perspective, the site enforces HTTPS and uses reCAPTCHA for form protection. However, it lacks some advanced security headers and does not publish explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is trustworthy, professional, and aligned with its governmental role. Strategic improvements in privacy compliance, security policy transparency, and enhanced security headers would further strengthen its posture.

The website www.rogatec.si serves as the official digital presence for the Zavod za kulturo, turizem in razvoj Rogatec, a local government entity focused on cultural heritage, tourism, and community development in Rogatec, Slovenia. It provides comprehensive information about local attractions, events, visitor programs, and public procurement, positioning itself as a key resource for tourists and residents alike. The site demonstrates a strong commitment to cultural promotion and community engagement through detailed event calendars, virtual tours, and craft center offerings. Technically, the website is built on a modern WordPress platform with a robust tech stack including Yoast SEO, event calendar plugins, and GDPR compliance tools. It integrates well-known marketing and analytics services such as Google Analytics, Google Tag Manager, and Facebook Pixel, indicating a mature digital marketing approach. The site is mobile-optimized, accessible, and SEO-friendly, ensuring a positive user experience across devices. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not fully confirmed, the presence of security plugins and absence of exposed sensitive data suggest a reasonable security posture. No critical vulnerabilities or suspicious activities were detected. The WHOIS data aligns well with the website's claims, showing a consistent and legitimate registration history. Overall, www.rogatec.si is a professionally managed, secure, and compliant website that effectively supports its mission of cultural and tourism promotion. Strategic recommendations include enhancing security headers, maintaining up-to-date software, and improving incident response visibility to further strengthen its security and trustworthiness.

M

MAMFORCE

incq-all.com

51

INC.Q, operated by MAMFORCE, is a recently established company (founded in 2023) specializing in Diversity, Equity, and Inclusion (DEI) certifications, consulting, and training services. The company positions itself as a leader in DEI initiatives across Europe, offering a range of services including DEI certification, equal pay certification, ESG data reporting, and employer branding. The website reflects a professional and consistent brand image, targeting businesses seeking to improve their DEI practices and employee engagement. The digital infrastructure is built on WordPress with modern marketing and analytics integrations, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and some best practices, though improvements such as enabling DNSSEC and publishing security policies are recommended. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the website is trustworthy and professionally maintained, though the domain is very new, aligning with the company's recent founding.

A

Askly OÜ

askly.me

47

Askly OÜ operates a professional SaaS platform providing AI-powered multilingual chat and customer support solutions primarily targeting e-commerce and retail businesses. The website demonstrates a strong market position with numerous notable clients and testimonials, emphasizing ease of use, automation, and enhanced customer engagement. The company leverages modern digital marketing and analytics tools, including Google Analytics, Facebook Pixel, Hotjar, and FullStory, indicating a mature digital infrastructure. The technical implementation is robust, with responsive design, fast performance, and comprehensive SEO and accessibility features. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers and explicit security policies are absent. WHOIS data is unavailable due to privacy protection, which is typical for SaaS providers, but the website content and business presence support legitimacy. Overall, the site is professional, trustworthy, and well-optimized for its target audience.

S

SEO.Domains

seo.domains

57

SEO.Domains operates a leading global marketplace specializing in aged and expired domains, boasting ownership of approximately 70% of the global supply with over 150,000 domains. Their services cater primarily to SEO professionals, digital marketers, and agencies seeking domains for PBNs, 301 redirects, or money sites, alongside backlink offerings and managed SEO services. The company has established a strong market position since its founding in 2014, supported by multiple registrar accreditations and a broad international client base.

WBS.LEGAL is a well-established German law firm specializing in media, internet, e-commerce, and related legal fields with over 30 years of experience. The firm operates nationwide with a strong digital presence, offering comprehensive legal services and free initial consultations. Their website reflects a professional and trustworthy brand with extensive content, client testimonials, and active social media engagement. Technically, the site is built on WordPress with modern frameworks and integrates multiple analytics and marketing tools, ensuring good performance and user experience. Security posture is solid with HTTPS and consent management, though explicit security headers could be enhanced. Overall, the domain's WHOIS data is privacy-protected, which is typical for professional legal entities, and no suspicious indicators were found.

T

Tech Funding News

techfundingnews.com

68

Tech Funding News is a specialized online media platform delivering global technology startup funding news, covering sectors such as AI, fintech, crypto, and venture capital. The website targets technology startup founders, investors, and industry professionals seeking timely funding updates and insights. The platform operates on WordPress with a modern tech stack including Yoast SEO, Mailchimp integration, and Google Analytics for tracking and marketing. Hosting and DNS services involve GoDaddy and Cloudflare respectively, ensuring reliable domain management and performance. Security posture is solid with HTTPS enforced and domain locks in place, though DNSSEC is not enabled and no explicit privacy or security policies are published. The site includes cookie consent mechanisms but lacks a formal privacy policy and terms of service, which are critical for GDPR compliance. Contact is primarily through newsletter subscription forms without direct emails or phone numbers. Overall, the website presents professional content with good design and navigation, but could improve privacy transparency and security disclosures.

T

Tech Nation

technation.io

66

Tech Nation is a prominent UK-based growth platform and industry body dedicated to supporting tech startups and entrepreneurs across the UK. Powered by Founders Forum Group, it offers a comprehensive suite of programmes, events, and policy advocacy initiatives designed to empower startups from seed stage to IPO and beyond. The organization targets ambitious tech founders, providing them with practical knowledge, networking opportunities, and peer communities to scale their ventures effectively. Its market position as a leading UK tech ecosystem enabler is reinforced by partnerships with major entities such as HSBC Innovation Banking and a strong alumni network including notable companies like Revolut and Deliveroo. Technically, the website is built on WordPress and leverages a modern technology stack including jQuery, slick.js, flatpickr, and multiple analytics and marketing tools such as Google Analytics, HubSpot, Facebook Pixel, and CookieHub. The site demonstrates excellent performance, mobile optimization, accessibility, and SEO practices. Hosting is via Amazon AWS, and the domain is secured with HTTPS and domain locking mechanisms, although DNSSEC is not enabled. From a security perspective, the site follows best practices with HTTPS, security headers, and cookie consent mechanisms. However, it lacks a publicly available security policy, incident response contacts, and vulnerability disclosure information. The domain WHOIS data is privacy protected but consistent with a legitimate and mature organization. No critical vulnerabilities or suspicious patterns were detected. Overall, Tech Nation presents a professional, trustworthy, and well-maintained digital presence aligned with its mission to support UK tech entrepreneurship. Strategic recommendations include enabling DNSSEC, publishing a security policy and incident response contacts, and adding a security.txt file to enhance transparency and security posture.

M

Merantix AI Campus

merantix-aicampus.com

59

Merantix AI Campus is a prominent AI innovation hub based in Berlin, hosting over 80 AI teams and organizing more than 300 events annually. It serves as a collaborative workspace and community platform for AI founders, investors, engineers, researchers, and operators, focusing on advancing AI infrastructure and applications across various sectors. The website reflects a professional and modern digital presence, leveraging Webflow CMS, HubSpot forms, and Google Tag Manager for analytics and marketing. The site is well-optimized for mobile and desktop users, with a strong emphasis on community engagement and event promotion. Security posture is generally good with HTTPS enforced and GDPR-compliant data collection via forms, though some security headers and cookie consent mechanisms are missing. The absence of WHOIS data for the domain is a notable anomaly that warrants further investigation to confirm domain legitimacy. Overall, the website presents a trustworthy and professional front for a medium-sized technology entity focused on AI innovation and community building.

M

Merantix Momentum

merantix-momentum.com

66

Merantix Momentum is a German-based technology company specializing in AI and machine learning solutions tailored for businesses across various industries. The company positions itself as a partner for developing and operating customized AI use cases, targeting a broad B2B audience. The website content is professional, well-structured, and localized in German, indicating a focus on the German-speaking market. The digital infrastructure leverages modern web technologies including Webflow CMS, Cookiebot for consent management, HubSpot for marketing and analytics, and Google Tag Manager, reflecting a mature digital presence. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and vulnerability disclosure mechanisms are absent. The WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional website appearance. Overall, the site demonstrates good privacy compliance and marketing transparency but would benefit from enhanced security disclosures and verified domain registration information.

M

Merantix Capital

merantix-capital.com

66

Merantix Capital is a technology-focused venture capital and venture studio firm specializing in AI startups, partnering with visionary AI founders from pre-idea to seed stage since 2016. The company positions itself as an established player in the AI investment ecosystem, offering venture studio services, capital investment, and community building to foster AI innovation. The website reflects a professional and consistent brand image with comprehensive content and active news updates, targeting entrepreneurs and investors in the AI domain. Technically, the website is built on the Webflow CMS platform, utilizing modern JavaScript libraries such as jQuery and Slick Carousel, and integrates Google Tag Manager for analytics. The site is well-optimized for performance, mobile responsiveness, and SEO, with a fast loading experience and good accessibility features. Hosting is provided via Webflow's CDN infrastructure, ensuring reliable delivery. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks certain security headers and a cookie consent mechanism, which are recommended for enhanced security and privacy compliance. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the professional website and active content mitigate some trust issues. No vulnerability disclosure or incident response information is publicly available. Overall, the website presents a low-risk profile with strong business credibility and technical maturity but would benefit from improved transparency in domain registration and enhanced security/privacy practices to bolster trust and compliance.

B

Brainz Narrative s.r.o.

brainznarrative.cz

55

Brainz Narrative s.r.o. is a creative PR studio based in the Czech Republic, specializing in bold communication strategies with a focus on innovative projects, fast-growing technology startups, and the cultural industry. The company is part of the Brainz Studios group, which includes related entities such as Brainz Disruptive and Brainz Immersive. Their business model centers on delivering tailor-made PR solutions emphasizing authenticity, insight, and chemistry with clients. The website reflects a professional and modern digital presence, leveraging Webflow CMS and various JavaScript libraries to provide a responsive and engaging user experience. Contact information and social media links are clearly presented, supporting business credibility.

M

MTÜ Eesti Lasterikaste Perede Liit

perekaart.ee

63

Perekaart is a well-established non-profit organization in Estonia providing a discount card service targeted at large families with three or more children. The website serves as a platform to promote the discount network, which includes over 600 partners offering more than 800 unique discounts across various sectors such as leisure, culture, and food services. The organization is positioned as a key player in supporting family welfare in Estonia, with a strong partnership ecosystem and a clear mission to add value to families' everyday lives. Technically, the website is built using modern web technologies including React and Material-UI, hosted behind Cloudflare DNS services, and integrates Google Tag Manager for analytics and SendSmaily for newsletter management. The site demonstrates moderate performance and good mobile optimization, with basic accessibility and SEO features. Privacy compliance is addressed through a cookie consent mechanism and a privacy policy page, reflecting awareness of GDPR requirements. From a security perspective, the website uses HTTPS and avoids exposing sensitive data in its HTML content. However, it lacks explicit security headers and detailed security or incident response policies on the site. No vulnerabilities or suspicious patterns were detected in the analysis. Overall, the security posture is adequate but could be improved with additional headers and documented policies. The overall risk assessment is low, with the website showing high trustworthiness and professionalism. Strategic recommendations include enhancing security headers, expanding privacy and incident response disclosures, and improving SEO and accessibility features to further strengthen the site's digital maturity and compliance posture.

D

Domino dizajn

domino-dizajn.hr

55

Domino dizajn is a Croatian creative studio specializing in graphic design, printing, digital marketing, and modern web solutions including web shops and mobile applications. With nearly two decades of experience, the company serves businesses seeking comprehensive branding and digital presence services. The website is built on WordPress with Elementor, featuring good SEO, accessibility, and mobile optimization. Security posture is solid with HTTPS and cookie consent, though lacks explicit security policies and incident response contacts. Overall, the site reflects a professional and trustworthy business with a clear market position in the technology and creative services sector.

M

MAMFORCE

mamforce.hr

45

MAMFORCE is a Croatian-based organization specializing in Diversity, Equity, and Inclusion (DEI) certifications and consulting services aimed at improving workplace culture for families and women. Their offerings include multiple certification standards such as MAMFORCE Standard, DADFORCE Standard, and INC.Q EQUAL PAY, alongside training and employer branding services. The company positions itself as a leader in promoting fair and inclusive organizational cultures within Croatia. Technically, the website is built on WordPress with a modern tech stack including Google Analytics, Facebook Pixel, and various plugins enhancing user experience and tracking capabilities. The site is mobile-optimized and SEO-friendly, reflecting a good level of digital maturity. Security-wise, the site enforces HTTPS and uses some security best practices but lacks certain headers like Content-Security-Policy and X-Frame-Options, which are recommended for enhanced protection. No privacy policy or terms of service were found, which is a compliance gap. Overall, the domain registration is consistent with the business claims, and no suspicious patterns were detected, supporting a high legitimacy score.

L

LIBUSOFT CICOM d.o.o.

otvorenazupanija.hr

57

LIBUSOFT CICOM d.o.o. operates the website www.spi.hr, offering the LC Platforma Otvoreno software platform and related IT services primarily targeting businesses in Croatia and neighboring countries. The company has been established since 2011 and maintains a medium-sized business profile with a regional market presence. The website reflects a basic but consistent branding and content quality, focusing on business and technology solutions. Technically, the site is built on WordPress, hosted on AWS infrastructure, and integrates modern tools such as Google Tag Manager, Google Analytics, and reCAPTCHA for bot protection. Security posture is adequate with HTTPS enabled and some best practices observed, though security headers and explicit privacy and cookie policies are missing. Contact information is limited to a phone number and social media links, with no email or physical address explicitly provided. Overall, the website is safe, professional, and trustworthy but could improve in privacy compliance and security transparency.

R

Ride & Bike 2

rideandbike.eu

38

Ride & Bike 2 is a regional tourism promotion website focusing on the natural and cultural heritage of several regions in Croatia and Slovenia. It provides information about outdoor activities, cultural sites, and local attractions, targeting tourists and outdoor enthusiasts. The website leverages WordPress CMS with WPBakery Page Builder and integrates Google Tag Manager for analytics. While the site is well-structured and visually consistent, it lacks critical privacy and cookie policies, as well as explicit contact information, which impacts its compliance and trustworthiness. Security posture is moderate with HTTPS enabled but missing security headers and incident response contacts. Overall, the site is functional and serves its tourism promotion purpose but requires improvements in privacy compliance and security best practices.

H

HZHM

hzhm.hr

60

Hrvatski zavod za hitnu medicinu (HZHM) is a Croatian public healthcare institution specializing in emergency medicine and telemedicine services across Croatia. The website serves as an informational portal primarily in Croatian, with an English language option, targeting the general public and healthcare professionals. The institution operates within the healthcare sector, providing essential emergency medical services and telemedicine support, positioning itself as a key national healthcare entity. Technically, the website is built on WordPress using the Divi theme, incorporating Google Tag Manager for analytics. The site demonstrates moderate performance and good mobile optimization, with basic accessibility features and good SEO practices. Security posture is adequate with HTTPS enabled, but lacks several recommended security headers and explicit security policies. Privacy compliance is limited due to the absence of privacy and cookie policies or consent mechanisms. Overall, the domain registration data aligns well with the institution's identity and location, supporting its legitimacy. Strategic improvements in privacy compliance, security headers, and incident response transparency would enhance trust and security maturity.

P

Poliklinika Magdalena

magdalena.hr

48

Poliklinika Magdalena is a well-established healthcare provider specializing in cardiovascular care with over 25 years of experience. The organization operates multiple physical locations in Croatia, including Zagreb and Krapinske Toplice, and offers a comprehensive range of services from diagnostics to surgical interventions and telemedicine. The website reflects a professional and patient-focused approach, targeting individuals seeking specialized cardiovascular healthcare. Technically, the site is built on WordPress with modern tools such as Gravity Forms for data collection, Google Analytics and Facebook Pixel for analytics, and CookieYes for GDPR-compliant cookie consent. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is strong with HTTPS enforced, appropriate security headers, and no visible vulnerabilities. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website and domain registration details indicate a legitimate and trustworthy healthcare provider with a solid digital presence.

K

KB Studios

kbstudios.hr

41

KB Studios is a small business based in Croatia currently undergoing a website redesign to improve clarity and user experience. The company invites potential clients to contact them via phone or email for services, though specific services are not detailed on the homepage. The website uses WordPress with Elementor and integrates Google Analytics and Tag Manager for tracking, along with Google Translate for multilingual support. The technical infrastructure is modern but basic, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal security policies. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is functional but underdeveloped in content and compliance aspects.