Security Directory

C

Chráníme mořské želvy z.s.

morskezelvy.cz

9

Chráníme mořské želvy z.s. is a Czech Republic based non-profit organization dedicated to the protection and conservation of marine turtles, primarily in Indonesia and Sri Lanka, with educational outreach in the Czech Republic. The organization focuses on protecting turtle nesting sites, relocating eggs to safety, releasing hatchlings, and educating local communities and children about environmental stewardship. Their market position is niche within marine conservation, supported by partnerships with governments, universities, and volunteers. The website demonstrates a good level of content quality and user engagement through social media and donation transparency. Technically, the site uses common web technologies such as jQuery, Google Analytics, and MailChimp, with moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled and some privacy consent mechanisms, but lacks advanced security headers and detailed privacy policies. WHOIS data is unavailable, which reduces domain trustworthiness, but the website content and social presence support legitimacy. Overall, the site is professional and trustworthy for its non-profit mission, though improvements in security and compliance documentation are recommended.

M

Meteored

theweather.com

69

Theweather.com, operated under the Meteored brand, is a professional weather information service providing 14-day forecasts, hourly updates, meteorological news, and videos primarily targeting the US market and global users. The site offers extensive weather data for over 200,000 cities worldwide and supports multiple languages and regional partner sites. It also provides weather widgets and mobile applications across major platforms including Android, iOS, Huawei, and Windows. The business model is advertising-supported, leveraging multiple ad networks and tracking technologies integrated with a GDPR-compliant consent management platform. Technically, the website employs modern JavaScript frameworks, Google Tag Manager, header bidding with Prebid.js, and integrates video content via Dailymotion. The site is well-optimized for performance and mobile responsiveness, with good SEO and accessibility basics. Hosting appears to be managed via Meteored's own services or trusted CDNs. Privacy and cookie policies are comprehensive and prominently linked, with active consent mechanisms. Security posture is strong with HTTPS enforced, security headers implemented, and no visible vulnerabilities or exposed sensitive data. However, the site lacks explicit published security policies or incident response contacts, and no vulnerability disclosure or security.txt files were found. The WHOIS data for the domain is unavailable, indicating privacy protection or recent registration, which slightly reduces trust but is mitigated by the professional site presentation and brand recognition. Overall, theweather.com is a credible and professionally managed weather information platform with good technical and security practices. Strategic recommendations include publishing explicit security policies and incident response contacts, adding vulnerability disclosure mechanisms, and enhancing accessibility features to further improve trust and compliance.

E

European Association of Zoos and Aquaria (EAZA)

eaza.net

68

The European Association of Zoos and Aquaria (EAZA) operates a professional and comprehensive website serving as a hub for over 400 member zoos and aquariums across Europe and Western Asia. The organization focuses on species conservation, animal welfare, education, research, and advocacy. The website is built on modern technologies including Gatsby and React, with a headless CMS (Strapi) backend, ensuring fast performance and excellent mobile optimization. Privacy and cookie policies are present and indicate GDPR compliance, though direct contact emails and phone numbers are not publicly listed, relying instead on contact forms. Security posture is generally good with HTTPS enforced, but lacks some advanced security headers and explicit incident response information. The WHOIS data for the domain is missing, which raises some concerns about domain registration transparency, but the website content and branding strongly indicate a legitimate and established non-profit entity. Overall, the site scores well on content quality, technical implementation, and privacy compliance, with recommendations to improve security headers and domain registration transparency.

F

FaniMani

fanimani.pl

72

FaniMani.pl is a well-established Polish platform founded in 2014 that enables users to support social organizations through their online shopping activities. The website acts as an affiliate donation platform, partnering with over 1800 online stores and more than 12,500 charitable organizations. It offers browser extensions and mobile applications to facilitate user participation seamlessly. The platform enjoys a strong market position in Poland's charitable e-commerce niche, supported by a professional, well-designed website and extensive partner network. Technically, the site leverages a modern technology stack including Django backend, WordPress CMS, and integrates multiple analytics and marketing tools such as Google Analytics, Microsoft Clarity, TikTok Pixel, and Facebook Pixel. Cookie consent is managed via CookieYes, ensuring GDPR compliance with granular user consent options. Hosting is provided by OVH SAS, a reputable provider, and the site uses HTTPS with good SSL configuration. From a security perspective, the platform demonstrates good practices including CSRF protection, secure cookies, and use of reCAPTCHA. However, some security headers are not explicitly detected and DNSSEC is not enabled, which are areas for improvement. No critical vulnerabilities or exposed sensitive data were found. Privacy compliance is strong with clear policies and consent mechanisms. Overall, FaniMani.pl presents a low-risk profile with a high level of professionalism, compliance, and technical maturity. Strategic recommendations include enhancing security headers, enabling DNSSEC, and publishing explicit security and incident response policies to further strengthen trust and resilience.

K

Krajowy Integrator Płatności S.A.

tpay.com

70

Tpay is a well-established Polish payment service provider specializing in online payments and fast bank transfers, serving primarily e-commerce businesses in Poland. The company is legally registered as Krajowy Integrator Płatności S.A., founded in 2009, and operates with a strong market position supported by a partnership with Bank Pekao and PCI DSS level 1 certification. Their website reflects a mature digital presence with comprehensive service offerings including payment gateways, marketplace settlements, and integration modules for popular e-commerce platforms. Technically, the site uses modern analytics, tracking, and accessibility tools, hosted on OVH with Cloudflare DNS and CDN services, ensuring good performance and security. Security posture is strong with HTTPS, cookie consent, and bank-grade standards, though DNSSEC is not enabled and explicit security headers are not evident. Privacy compliance is basic but includes a cookie policy with consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional, trustworthy, and well-optimized for its target audience.

P

Przelewy24

przelewy24.pl

74

Przelewy24 is a well-established Polish online payment service provider offering a variety of payment methods including BLIK, Google Pay, and Apple Pay. The website targets businesses seeking to integrate efficient and diverse payment solutions into their e-commerce platforms. The company positions itself as a key player in the Polish online payments market, providing reliable and fast payment processing services. The website content is professional, well-structured, and localized in Polish, indicating a mature digital presence. Technically, the site employs modern JavaScript libraries, Google Tag Manager, Microsoft Clarity, and Cookiebot for consent management, reflecting a good level of digital maturity and compliance with privacy regulations. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms effectively, though it lacks some advanced security headers and explicit security policies. No WHOIS data is available due to privacy protection, which is justified for a financial services provider. Overall, the site demonstrates a strong security posture and compliance with GDPR, with room for improvement in transparency and incident response readiness.

N

National Theatre

narodni-divadlo.cz

51

The National Theatre in Prague is a prestigious cultural institution representing the Czech Republic's national identity and European cultural heritage. The website provides comprehensive information about upcoming theatre performances across various genres including drama, ballet, opera, and multimedia shows. It offers ticket sales, subscriptions, and an e-shop for related merchandise. The institution maintains partnerships with prominent companies and media outlets, reinforcing its market position as a leading national theatre. Technically, the website is built using modern web technologies such as React and Next.js, with integration of Google Analytics, Google Tag Manager, and Cookiebot for analytics and privacy compliance. The site is mobile-optimized and provides a good user experience with clear navigation and rich content. However, some areas such as explicit privacy policy and security headers could be improved. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks visible security headers and explicit incident response or vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data limits the ability to fully verify domain registration legitimacy, but the presence of official partners and professional content supports trustworthiness. Overall, the website is a well-maintained digital presence for a major cultural institution, with moderate to good security posture and privacy compliance. Strategic improvements in transparency, security headers, and contact information would enhance trust and compliance.

B

Botnation AI

botnation.ai

63

Botnation AI is a well-established technology company specializing in no-code chatbot creation platforms enhanced with AI capabilities. Founded in 2017 and registered in Switzerland, the company offers a SaaS model targeting businesses and agencies seeking to deploy conversational AI solutions across multiple channels such as websites, social media, and messaging apps. Their platform emphasizes ease of use, integration with CRM and APIs, and includes live chat features for seamless human handover. The website demonstrates a mature digital presence with comprehensive content, strong branding, and multiple certifications including GDPR, PCI-DSS, and ISO standards, reinforcing their commitment to security and compliance. Technically, the website is hosted on AWS infrastructure with a modern tech stack including JavaScript and jQuery, optimized for performance and mobile responsiveness. SEO and accessibility are well addressed with structured data and meta tags. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though improvements could be made by enabling DNSSEC and adding security headers. Privacy compliance is mostly met, but the absence of a cookie consent mechanism and incident response contacts are notable gaps. Overall, Botnation AI presents a trustworthy and professional online presence with a clear business model and strong market positioning in the chatbot technology sector. The site is safe for general audiences and free from adult or questionable content. Strategic recommendations include enhancing privacy controls, improving DNS security, and publishing incident response details to further strengthen trust and compliance.

O

Otipass

otipass.com

57

Otipass is a French company specializing in the digitization of territorial and cultural passes, including tourist and multiservice passes. The company positions itself as a market leader in France with a strong presence in public procurement catalogs and a network of city clients. The website is built on Joomla CMS using modern frameworks and includes integrations with analytics and marketing tools such as Matomo and Google Tag Manager. Security posture is good with HTTPS and cookie consent mechanisms, though explicit privacy policies and terms of service are not clearly found. WHOIS data is missing, which raises concerns about domain registration legitimacy, but the website content and client testimonials support a credible business presence. Overall, the site is professional, well-branded, and targets local governments and tourism sectors.

E

EKLEKTIK design & shop

eklekticky.cz

55

EKLEKTIK design & shop is a small Czech Republic based business specializing in interior design services and retail of unique home decorations and vintage furniture. The company operates both a physical store in Šumperk and an online e-shop, targeting customers interested in personalized interior design and stylish home accessories. The website is professionally designed, consistent in branding, and provides clear contact information and customer testimonials, indicating a trustworthy local boutique business. Technically, the website is built on the Shoptet CMS platform, utilizing common JavaScript libraries such as jQuery and Slick Carousel, and integrates Google Analytics and Facebook SDK for marketing and tracking purposes. The site is served over HTTPS with valid SSL, but lacks some security headers and up-to-date libraries, which could be improved to enhance security posture. Privacy and cookie policies are not explicitly present, representing a compliance gap with GDPR requirements. Overall, the website is accessible, functional, and presents a positive user experience with moderate technical maturity and a good security baseline.

A

ANCV Cheque-Vacances

cheque-vacances.com

57

ANCV Cheque-Vacances operates a well-established French government-backed program providing holiday vouchers to individuals and organizations, facilitating access to tourism, leisure, and cultural activities. The website reflects a mature digital presence with a strong brand, extensive partner network, and multiple user segments including public agents, enterprises, and tourism professionals. Technically, the site is built on WordPress with modern plugins and frameworks, optimized for SEO and mobile use, though some accessibility and security header improvements are recommended. Security posture is solid with HTTPS and bot protection, but lacks some advanced DNS and header configurations. Privacy compliance is minimal on the homepage, with no visible privacy or cookie policies, which should be addressed to meet GDPR standards. Overall, the domain registration and WHOIS data confirm legitimacy and consistency with the business claims.

M

Mettler-Toledo International Inc.

mt.com

65

Mettler-Toledo International Inc. operates a professional and comprehensive website targeting B2B customers in laboratory, industrial, and process analytics sectors. The company provides precision instruments and services globally, with a strong market position as a leader in weighing, measuring, and analytical technologies. The website reflects a mature digital presence with multiple business units and detailed contact information. Technically, the site uses Adobe Experience Manager CMS, integrates modern marketing and analytics tools such as Google Tag Manager and Adobe DTM, and implements cookie consent via OneTrust. Security posture is solid with HTTPS and secure forms, though explicit security headers and incident response information are absent. WHOIS data is unavailable, which is unusual but does not detract from the site's legitimacy given the professional content and branding. Overall, the site is well-structured, compliant with privacy regulations, and trustworthy for its target audience.

P

Pan Europe

low-impact-farming.info

47

The website www.low-impact-farming.info is an advocacy and informational platform operated by Pan Europe, a non-profit organization focused on promoting sustainable agriculture practices, specifically low impact farming and Integrated Pest Management (IPM) across Europe. The site provides educational resources, policy position papers, and multimedia content to support pesticide reduction and environmentally friendly farming methods. It targets farmers, policymakers, environmental advocates, and the general public interested in sustainable agriculture. The business model is centered on advocacy and education rather than commercial sales, positioning itself as a niche player in the European sustainable agriculture sector. Technically, the website is built on Drupal 10 CMS, leveraging modern web technologies including Google Analytics and Google Tag Manager for user tracking and AddToAny for social sharing. The site is mobile optimized with good accessibility and SEO practices, though performance is moderate. The technical infrastructure appears maintained and up to date, but lacks some advanced security headers and formal privacy/cookie policies. From a security perspective, the site uses HTTPS and anonymizes IPs in analytics, but does not implement key security headers or publish security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The absence of privacy and cookie policies represents a compliance gap, especially under GDPR. WHOIS data is unavailable due to privacy protection, which is reasonable for this non-profit entity. Overall, the security posture is moderate but could be improved with better policy transparency and technical controls. The overall risk assessment is low to moderate. The site is legitimate and trustworthy for its advocacy purpose but should enhance privacy compliance and security best practices to strengthen user trust and regulatory adherence. Strategic recommendations include publishing privacy and cookie policies with consent mechanisms, implementing security headers, adding a security.txt file, and improving incident response visibility.

L

Loire-Atlantique Développement

boxloireatlantique.com

54

LA Box Loire-Atlantique is a French regional e-commerce platform specializing in local and responsible tourism gift boxes, offering curated weekend stays and activities in the Loire-Atlantique region. The company, represented by Loire-Atlantique Développement, targets consumers interested in authentic local experiences and sustainable tourism. The website is professionally designed with good content quality, clear navigation, and mobile optimization, supported by modern WordPress and WooCommerce technologies. SEO and structured data are well implemented, enhancing discoverability and user engagement. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though some security headers are missing and no explicit contact information or incident response details are visible. The absence of WHOIS data for the domain raises some concerns about domain registration legitimacy, suggesting a need for further verification. Overall, the website presents a trustworthy and professional front for a niche hospitality business, with room for improvement in security and transparency.

L

Les Enfoirés

enfoires.fr

60

Les Enfoirés is a prominent French non-profit organization focused on social aid and fundraising through charity concerts and merchandise sales. The website serves as the official platform to engage supporters, partners, and the general public with information about events, news, and donation opportunities. The organization leverages a modern WordPress-based infrastructure with integrations such as Google Tag Manager and OneTrust for cookie consent, reflecting a moderate level of digital maturity. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, though improvements in security headers and explicit privacy policies are recommended. The absence of WHOIS data limits domain trust verification but does not detract from the site's apparent legitimacy and professional presentation.

R

Rtone

rtone.fr

61

Rtone is a French product development studio specializing in end-to-end product lifecycle services, from conception to development and management. The company targets businesses and product developers seeking specialized product development expertise. The website is built on WordPress and employs modern digital tools such as Cookiebot for consent management, Matomo and Hotjar for analytics, and Google Tag Manager for marketing integration. The domain is mature, registered since 2007 with OVH, indicating a stable business presence. Technically, the site uses a standard WordPress CMS with Yoast SEO for optimization and includes several third-party scripts for analytics and marketing. Performance is moderate with good mobile optimization and basic accessibility features. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers are not explicitly detected and could be improved. From a security and compliance perspective, the site lacks explicit privacy policy and terms of service pages, and no direct contact information is found on the homepage, which slightly reduces privacy compliance and business credibility scores. No WAF or blocking mechanisms are detected, and no suspicious WHOIS patterns are present, supporting the legitimacy of the domain and business. Overall, Rtone presents a professional and trustworthy online presence with room for improvement in transparency and security best practices. Strategic enhancements in published policies and security headers would strengthen compliance and trust.

P

Paris Saint-Germain

psg.fr

69

Paris Saint-Germain's official website serves as a comprehensive digital platform for fans and stakeholders to access the latest news, live match updates, and exclusive content related to the club's various sports activities including men's and women's football, handball, judo, and esports. The site is professionally designed with consistent branding and targets a global audience of sports enthusiasts and PSG supporters. Technically, the website leverages modern frameworks such as Next.js and React, ensuring fast performance and excellent mobile optimization. Security-wise, the site enforces HTTPS and implements cookie consent mechanisms, though it lacks explicit security policies and incident response information. Overall, the website demonstrates a mature digital presence with room for improvement in transparency and security disclosures.

M

Mulhouse Alsace Agglomération - m2A

mulhouse-alsace.fr

10

Mulhouse Alsace Agglomération (m2A) is a regional government entity serving 39 communes in the Mulhouse Alsace area of France. The website serves as an official portal providing information on territorial development, public services including water, waste management, mobility, energy, culture, tourism, social services, and environmental initiatives. The organization positions itself as a key regional authority with a broad scope of services aimed at residents and stakeholders in the region. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO Premium, Elementor, AngularJS, and various performance and UI enhancement plugins. It integrates Google Analytics and Google Tag Manager for analytics and uses a chatbot service for user interaction. The site is mobile-optimized and features good SEO and accessibility practices, although some legacy technologies like AngularJS 1.4.14 may pose security concerns. From a security perspective, the site enforces HTTPS and includes a GDPR-compliant cookie consent mechanism. However, explicit security headers are not clearly detected, and the use of an older AngularJS version suggests a need for review and upgrade. No exposed sensitive data or critical vulnerabilities were found in the HTML content. The WHOIS data is unavailable, which slightly reduces domain trust but the official social media presence and content quality support legitimacy. Overall, the website is professional, well-structured, and serves its public service mission effectively. Strategic recommendations include enhancing security headers, upgrading legacy frameworks, and improving transparency in domain registration information to strengthen trust and security posture.

I

ilévia

ilevia.fr

63

ilévia operates as the primary public transportation provider for the Métropole Européenne de Lille, offering comprehensive bus, metro, tram, and bike-sharing services. The website serves residents and visitors with route planning, schedules, ticketing, and news about local events, positioning ilévia as a key mobility facilitator in the region. The digital presence is modern, leveraging Next.js and React frameworks, ensuring a responsive and accessible user experience. Security posture is strong with HTTPS, security headers, and script nonce usage, though the absence of WHOIS data and explicit security policies slightly reduce transparency. Overall, ilévia's website reflects a professional, trustworthy, and user-centric platform supporting urban mobility.

E

E-BAAN,SE

hapra.cz

49

HAPRA Design is a Czech digital agency specializing in web design, e-commerce development, SEO, social media management, and online marketing services. With over 20 years of experience, the company offers comprehensive digital solutions aimed at businesses seeking to enhance their online presence. Their service portfolio includes website and e-shop creation, content management, PPC advertising, and technical maintenance, positioning them as a full-service digital partner. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their target audience. Technically, the site employs a modern technology stack including PHP, MySQL, JavaScript libraries such as jQuery, Bootstrap framework, and integrates marketing and analytics tools like Google Tag Manager and Facebook SDK. The site is mobile-optimized and uses a custom CMS named publishWEB. Performance is moderate with good SEO practices and basic accessibility features. From a security perspective, the website enforces HTTPS and includes a cookie consent mechanism aligned with GDPR requirements. However, no explicit security headers were detected, and no public security or incident response policies are available. The WHOIS data is missing, which limits domain trust verification, but the website content and business information appear legitimate and professional. Overall, the site scores well on content quality, technical implementation, privacy compliance, and business credibility, with recommendations to enhance security headers, publish security policies, and improve accessibility compliance to further strengthen their security posture and trustworthiness.

E

e-BAAN Internet s.r.o.

ostravski.cz

40

e-BAAN Internet s.r.o., operating under the brand 'Ostravski', is a Czech Republic-based small technology company specializing in web design, e-commerce solutions, and related digital services. With over 20 years of experience and a customer base exceeding 500 clients, the company offers comprehensive web development services including domain registration, hosting, SEO, graphic design, and content management. Their market position is focused on small businesses, freelancers, schools, and municipalities primarily within the Moravian-Silesian region and broader Czech Republic. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the website employs a variety of modern web technologies such as jQuery, Bootstrap modals, Owl Carousel, and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly, with structured data enhancing search engine visibility. However, some technical improvements are recommended, including the implementation of security headers and enhanced accessibility features. From a security perspective, the site uses HTTPS and has a cookie consent mechanism compliant with GDPR. However, the absence of WHOIS data raises concerns about domain registration transparency. No explicit security or incident response policies are published, and security headers are missing, which could expose the site to certain risks. No vulnerabilities or exposed sensitive data were detected in the content. Overall, the security posture is moderate but could be improved with best practices. The overall risk assessment suggests the website is legitimate and professionally maintained but would benefit from enhanced transparency in domain registration and improved security practices. Strategic recommendations include adding security headers, publishing security policies, and verifying domain registration details to strengthen trust and compliance.

K

Kulturní středisko Omega, příspěvková organizace

ksomega.cz

47

Kulturní středisko Omega is a municipal cultural center serving the Brno-sever district in the Czech Republic. It organizes a wide range of cultural, educational, and social events, including concerts, theater performances, exhibitions, and courses. The organization manages multiple venues across Brno and aims to provide quality cultural experiences to a broad audience. Technically, the website uses modern frontend technologies such as Bootstrap and Swiper.js, and integrates Google Tag Manager for analytics. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS and includes CSRF tokens in forms, but lacks some security headers and explicit privacy and terms of service pages. WHOIS data is unavailable, which slightly reduces trust but does not negate the legitimacy indicated by the website content. Overall, the site is safe, professional, and focused on community cultural engagement.

I

International Animal Rescue

internationalanimalrescue.org

67

International Animal Rescue is a well-established non-profit organization dedicated to saving and protecting animals worldwide. Their website reflects a professional and comprehensive approach to animal rescue, rehabilitation, conservation, and community engagement. The organization targets animal welfare supporters, donors, volunteers, and the general public interested in wildlife protection. Their business model relies on donations, adoptions, fundraising, and merchandise sales, positioning them as a reputable charity in the animal welfare sector. Technically, the website is built on Drupal 10 with Commerce 2, integrating modern analytics and tracking tools such as Google Analytics and Google Tag Manager. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. Security measures include HTTPS enforcement and reCAPTCHA v3 on forms, though some security headers could be improved for enhanced protection. The security posture is solid with no detected vulnerabilities or exposed sensitive data. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. However, no explicit security policies or incident response contacts are found, which could be areas for improvement. WHOIS data is privacy protected, common for non-profits, and does not raise immediate concerns. Overall, the website demonstrates a high level of professionalism, trustworthiness, and digital maturity, making it a reliable platform for supporters and stakeholders. Strategic recommendations include enhancing security headers, publishing security policies, and improving transparency around incident response to further strengthen trust and compliance.

N

NaturZoo Rheine

naturzoo.de

48

NaturZoo Rheine operates as a medium-sized zoological park in Germany, hosting over 1,500 animals across approximately 100 species. The website serves as an informative platform targeting families, school groups, and animal enthusiasts, offering details about the zoo's exhibits, educational programs, and visitor information. The business model is non-profit, focusing on conservation, education, and recreation. The site is well-branded and consistent, with clear trust signals including affiliations with recognized zoo associations and transparent contact information. Technically, the website is built on TYPO3 CMS, leveraging modern frontend libraries such as Slick Slider and FontAwesome. It integrates Google Tag Manager and Google Analytics for visitor tracking, with a GDPR-compliant cookie consent mechanism in place. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate and could benefit from further optimization. From a security perspective, the site enforces HTTPS and employs cookie consent for privacy compliance. However, it lacks visible security headers and a published security policy or incident response contact, which are recommended for enhanced security posture. No vulnerabilities or suspicious content were detected. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. Strategic improvements in security headers and incident response transparency would further strengthen its security maturity.

S

Selectra

selectra.info

57

Selectra is a French comparison platform specializing in energy, internet, mobile, insurance, and banking services. It offers consumers tools and advisory services to reduce their bills by comparing providers and facilitating switching. The website is well-established with a strong market presence in France, supported by extensive customer reviews and multiple sector coverage. Technically, the site is built on Drupal 10, uses modern analytics and tracking tools, and implements good privacy and cookie consent mechanisms. Security posture is solid with HTTPS and Content Security Policy in place, though explicit security policies and incident response information are not published. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

I

iSport.cz

isport.cz

63

iSport.cz is a prominent Czech sports news portal providing up-to-date sports news, live results, videos, and premium subscription content. It serves a broad audience of sports enthusiasts primarily in the Czech Republic and is part of the larger Deník Sport media group. The website offers comprehensive coverage of football, hockey, tennis, MMA, and other sports, with a strong focus on live event updates and multimedia content. Technically, the site employs modern web technologies including advanced analytics, consent management, and advertising frameworks, ensuring a responsive and user-friendly experience across devices. Security posture is robust with HTTPS enforcement and consent compliance, although explicit security policies and incident response contacts are not publicly disclosed. Overall, the site demonstrates a mature digital presence with strong business credibility and compliance adherence.

B

BIKEMAX

bikemax.cz

59

BIKEMAX.cz operates as the largest bicycle and electric bike gallery in the Czech Republic, offering a wide range of bicycles, accessories, and related services including bike servicing and franchise opportunities. The company targets cycling enthusiasts and general consumers within the Czech market, leveraging a medium-sized e-commerce retail business model. The website reflects a professional and consistent brand presence with clear navigation and comprehensive product categories. Technically, the website is built on the Shoptet e-commerce platform, utilizing modern JavaScript libraries and tracking tools such as Google Analytics, Facebook SDK, and Microsoft Clarity. The site demonstrates good mobile optimization and SEO practices, although some accessibility features could be enhanced. Performance is moderate, with a well-structured technical stack supporting the business operations. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms aligned with GDPR compliance. While basic security headers are likely present, explicit security policies and incident response contacts are absent, representing areas for improvement. No critical vulnerabilities or exposed sensitive data were detected during analysis. Overall, the website presents a trustworthy and professional front for BIKEMAX's retail operations. However, the absence of WHOIS registration data introduces some uncertainty regarding domain legitimacy. Strategic recommendations include enhancing security header implementation, publishing a security policy, and providing incident response contact information to strengthen trust and compliance.

S

Singula soft s.r.o.

singula.cz

39

Singula soft s.r.o. is a Czech Republic based small technology company specializing in custom software development and process automation using modern low-code and no-code platforms, notably as a partner of Tabidoo. Their website presents a professional image with clear business descriptions, team contacts, and service offerings focused on digital transformation for small businesses and entrepreneurs. The technical infrastructure is modern, leveraging JavaScript and Google Tag Manager for analytics, with a responsive design and cookie consent mechanisms in place. Security posture is good with HTTPS enforced and no visible vulnerabilities, though the absence of security headers and privacy policy are notable gaps. The WHOIS data is unavailable, which impacts domain trust but the website content and business information appear legitimate. Overall, the site scores well on content quality, technical implementation, and business credibility, with room for improvement in privacy compliance and security best practices.

M

MegaMax24

megamax24.cz

45

MegaMax24 is a well-established Czech retailer specializing in automotive and motorcycle tires, wheels, and spare parts, with a physical store and tire service center near Prague. The company targets vehicle owners and enthusiasts primarily in the Czech Republic and Slovakia, offering a broad product range and professional services. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content relevant to its audience. Technically, the site uses modern JavaScript libraries and integrates with major advertising and analytics platforms, ensuring a robust digital presence. Security-wise, the site enforces HTTPS and cookie consent but lacks some security headers and explicit incident response information. The absence of WHOIS data is a concern but does not outweigh the positive trust signals from certifications and contact transparency. Overall, the site presents a trustworthy and professional e-commerce platform with room for security enhancements.

S

ShopMania

shop-mania.cz

69

ShopMania.cz is a Czech Republic-based e-commerce price comparison and product review platform established since 2005. It aggregates millions of products from hundreds of online stores, providing users with detailed product information, price comparisons, reviews, and promotional offers. The website targets general consumers in the Czech market seeking informed shopping decisions. Technically, the site employs modern JavaScript libraries including Swiper.js for UI components, Google Tag Manager, Google Analytics, and Facebook SDK for marketing and analytics. The site is mobile-optimized with good navigation and content quality. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and incident response information are not publicly disclosed. WHOIS data is privacy-protected, which is common for commercial sites, but no registrant details are available for verification. Overall, the site is professional, trustworthy, and compliant with GDPR, making it a reliable resource for Czech online shoppers.

G

Genesii

genesii.fr

52

Genesii is a French technology company specializing in bespoke web application development, custom websites, and AI integration services. Positioned as a small but innovative agency, it serves businesses seeking digital transformation solutions. The company holds the 'Jeune Entreprise Innovante' certification, highlighting its commitment to innovation and research, particularly in machine learning and e-learning platforms. The website is professionally designed, mobile-optimized, and provides clear contact information, supporting its business credibility. Technically, the website is built on WordPress with modern JavaScript libraries such as jQuery, Owl Carousel, and Swiper. It integrates Google Analytics, Google Tag Manager, and Calendly for marketing and scheduling. Security measures include HTTPS enforcement and Google reCAPTCHA on forms, alongside a GDPR-compliant cookie consent mechanism. However, additional security headers and a published security policy would enhance its security posture. The security evaluation shows a good baseline with no detected vulnerabilities or exposed sensitive data. Privacy compliance is strong with visible policies and consent mechanisms. The absence of WHOIS data limits domain trust analysis, but the website content and certifications support legitimacy. Overall, the site is safe, professional, and trustworthy, with recommendations to improve security headers and incident response transparency. Strategically, Genesii should focus on enhancing its security documentation, expanding accessibility compliance, and maintaining transparency in data protection to strengthen trust and compliance in the evolving regulatory landscape.

NIPPON CEC operates an e-commerce website focused on retailing vacuum cleaner accessories, household appliances, kitchen gadgets, pet care products, and Japanese-themed gifts primarily targeting the Czech market. The website provides a broad catalog of products with clear categorization and includes customer trust signals such as ratings from Heureka.cz and dTest. Technically, the site uses legacy JavaScript libraries like jQuery 1.7.2, along with modern marketing tools such as Google Tag Manager and Google Analytics. While the site implements cookie consent mechanisms and basic privacy policies, it lacks advanced security headers and uses outdated libraries that may pose security risks. The absence of WHOIS data reduces domain trustworthiness, though the website content and business information appear legitimate. Overall, the site is functional but would benefit from technical and security improvements.

M

M+H

mh.cz

58

M+H is a Czech Republic based small business specializing in automotive services including chiptuning, decarbonization, and car media systems. The company claims 28 years of experience, positioning itself as an established player in the automotive enhancement sector. The website is built on WordPress with modern SEO and analytics tools, indicating a moderate level of digital maturity. Security posture is good with HTTPS enforced and use of reCAPTCHA and cookie consent, but lacks visible security policies and incident response information. The absence of WHOIS data reduces domain trustworthiness, though the website content and branding appear professional and consistent. Overall, the site is safe and suitable for general audiences with no adult or questionable content detected.

H

Hawaj.cz • ověřený český e-shop • 17 let s vámi | Hawaj.cz

hawaj.cz

49

Hawaj.cz is a Czech e-commerce retailer specializing in garden furniture, pools, whirlpools, solar showers, toys, pet supplies, and related leisure products. The website positions itself as an established player with 17 years of market presence, targeting Czech consumers seeking home and garden products. The site features a professional design with clear navigation and a broad product catalog. Technically, the site uses modern JavaScript libraries, Bootstrap 4, and integrates multiple marketing and analytics tools such as Facebook Pixel, Google Tag Manager, Hotjar, and Biano Pixel. HTTPS is enforced, and cookie consent mechanisms are in place, indicating a baseline of security and privacy awareness. However, the absence of explicit privacy policy and terms of service pages, as well as missing WHOIS registrant data, reduce overall trust and compliance posture. No WAF or content blocking was detected, and the content is safe for general audiences.

H

Hydro

hydro.com

75

Hydro is a global leader in aluminium production and renewable energy, operating in over 40 countries with a workforce of 32,000 employees. The company focuses on sustainable business practices, offering low-carbon and recycled aluminium products alongside renewable energy solutions. Their website reflects a mature digital presence with comprehensive global office information and professional branding. Technically, the site employs modern JavaScript frameworks, telemetry via Microsoft Application Insights, and cookie consent management through Cookiebot, indicating a commitment to user privacy and performance monitoring. Security posture is strong with HTTPS enforced and telemetry for error tracking, though explicit security policies and vulnerability disclosures are absent. The WHOIS data for the domain www.hydro.com is missing, which is unusual for a corporate domain and slightly reduces trustworthiness. Overall, the website is professional, secure, and compliant with privacy norms, but could improve transparency around security policies and domain registration details.

B

BIMobject

bimobject.com

73

BIMobject is a leading technology platform specializing in providing free BIM (Building Information Modeling) objects and content for architects, engineers, and construction professionals. The website offers a comprehensive catalog of BIM objects from over 2,000 manufacturers, supporting multiple design software platforms such as Revit, SketchUp, and ArchiCAD. The platform also enables manufacturers to publish their products, positioning BIMobject as a key player in the digital construction ecosystem. Technically, the website is built on a modern Angular framework with integrations for Google Tag Manager and OneTrust for privacy compliance, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement and standard security headers, although explicit security policies and incident response contacts are not publicly detailed. Overall, the site demonstrates high professionalism, good privacy compliance, and a trustworthy user experience, though the absence of WHOIS registration data slightly reduces transparency. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and providing direct contact channels for security and business inquiries.

J

Julie Fuchs

juliefuchs.fr

51

Julie Fuchs is a professional artist photographer, accredited trainer in mental health first aid (PSSM), and facilitator in collective intelligence. The business focuses on supporting organizations with relational and mental health challenges at work, combining photography with consulting and facilitation services. The website is built on the Wix platform, leveraging modern web technologies and analytics tools, but lacks comprehensive privacy and cookie policies. Security posture is good with HTTPS and some security hardening scripts, though explicit security headers are missing. WHOIS data is unavailable, which limits domain trust verification. Overall, the site presents a professional image but could improve transparency and compliance aspects.

V

videezy

videezy.com

59

Videezy is an online platform providing free and premium stock video footage, 4K videos, and After Effects templates targeted at videographers and content creators. The site operates a freemium business model, offering a community-driven resource for video content. The platform is well-branded and professionally designed, with a consistent user experience and clear navigation. Technically, the website employs modern JavaScript libraries, analytics tools, and monitoring services, indicating a mature digital infrastructure. However, some technical aspects such as security headers and privacy policies are lacking or not detected in the provided content. The security posture is moderate with HTTPS enforced and CSRF protections, but missing some best practices and incident response information. Overall, the website is safe for general audiences and maintains a moderate trust level, though the absence of WHOIS registration data reduces domain transparency and trustworthiness.

S

Stella Tech BV

marsbahis.com

46

Marsbahis is an established online gambling platform licensed in Curacao, offering a broad range of betting and casino games primarily targeting Turkish-speaking users. The website provides comprehensive information about its services, bonuses, and operational procedures, supported by trust signals such as a Curacao gaming license and DMCA protection. Technically, the site uses modern web technologies including Google Tag Manager and AMP links, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS and some trust badges, but lacks advanced security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy linked externally but no cookie consent mechanism detected. Overall, the site is professional and functional but could improve transparency and compliance aspects.

B

BICZ a.s.

bicz.cz

64

BICZ a.s. is a Czech Republic based real estate investment company specializing in residential housing projects, property reconstruction, and rental services. The company positions itself as a leading specialist in its sector, targeting investors and clients interested in responsible real estate investment. The website reflects a professional business model focused on property development and management within the Czech market. Technically, the website is built on WordPress with modern plugins and analytics tools such as Google Analytics and Cookiebot for GDPR compliance. The site is mobile optimized and presents good SEO practices. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and explicit privacy and terms of service documentation. The absence of WHOIS data for the domain is a concern for domain legitimacy verification, though the website content and technical setup appear professional and trustworthy. Overall, the site is safe for general audiences and does not contain any adult or questionable content.

C

CENTROPOL ENERGY, a.s.

centropol.cz

56

CENTROPOL ENERGY, a.s. operates as a reliable energy supplier in the Czech Republic, providing gas and electricity to households and businesses for over two decades. The company emphasizes fair pricing and additional customer benefits, positioning itself as a trusted player in the energy sector. The website reflects a professional digital presence with clear branding and relevant content tailored to its target audience. Technically, the site is built on WordPress with a modern technology stack including Google Tag Manager, Cookiebot for consent management, and reCAPTCHA for bot protection. While the site is mobile-optimized and SEO-friendly, there is room for improvement in accessibility and security headers implementation. Security posture is solid with HTTPS enforced and consent mechanisms in place, but lacks explicit security policies and incident response information. The absence of WHOIS data raises concerns about domain registration transparency, which slightly impacts overall trust. Strategic recommendations include publishing comprehensive privacy and security policies, enhancing security headers, and verifying domain registration details to improve credibility and compliance.

N

NH HOTEL GROUP, S.A.

nh-collection.com

77

NH Collection Hotels, operated by NH HOTEL GROUP, S.A., is a large international hospitality brand offering premium hotel accommodations across more than 100 hotels in 24 countries. The website targets travelers and business customers seeking quality lodging in major cities such as Madrid, Milan, and Barcelona. The business model focuses on direct online bookings, reservation management, and customer loyalty programs. The brand maintains consistent and professional digital presence with multilingual support and clear navigation.

Protecton HOLDING, a.s. is a well-established Czech security services company founded in 2017, offering a broad range of security-related services including personal protection, monitoring, technical solutions, and event security. The company operates with a large workforce and manages multiple subsidiaries, positioning itself as a significant player in the Czech security market. The website reflects a professional and consistent brand image targeting businesses and individuals seeking reliable security solutions. Technically, the website employs modern JavaScript frameworks such as Alpine.js and Livewire, integrates Google Tag Manager for analytics, and is hosted likely with WEDOS, a Czech hosting provider. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS and implements cookie consent mechanisms, but lacks explicit security policies or incident response contacts. No critical vulnerabilities or suspicious content were detected, and WHOIS data aligns well with the business claims, supporting legitimacy. Overall, the website demonstrates a solid digital presence with room for improvement in security transparency and incident response readiness.

V

Vinofol, s.r.o.

vinofol.cz

52

Vinofol, s.r.o. is a well-established family winery based in the Czech Republic, operating since 1992. The company specializes in producing and selling high-quality wines from the Mikulov and Novosedly regions, leveraging modern technology and traditional winemaking methods. Their market position is strong within the Czech wine retail sector, supported by a broad product range, including award-winning wines, and a multi-channel sales approach via e-shop and physical vinoték stores. The website reflects a mature digital presence with integrated marketing and analytics tools, providing a professional user experience and clear business information. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers could be improved. The absence of WHOIS data is a notable gap in domain transparency but does not detract significantly from the overall legitimacy based on website content. The site targets adult consumers, implementing age verification due to alcohol sales regulations.

F

FOTBALservis.cz

fotbalservis.cz

54

FOTBALservis.cz is a Czech Republic-based e-commerce retailer specializing in football equipment including balls, boots, clothing, and accessories. The website targets football players, teams, referees, and coaches, offering a comprehensive product catalog and club-specific e-shop services. The business operates on the Shoptet platform, leveraging modern web technologies and marketing tools such as Facebook Pixel and Google Tag Manager. The site demonstrates good content quality, clear navigation, and GDPR-compliant privacy and cookie policies. However, the absence of WHOIS data for the domain raises concerns about domain registration legitimacy, which impacts overall trustworthiness. Technically, the site uses HTTPS and secure login forms but lacks explicit security headers and a published security policy or vulnerability disclosure mechanism.

M

MEDIA MARKETING SERVICES a.s.

hitradiocity.cz

54

Hitrádio City 93,7 FM is a well-established regional radio station based in Prague, Czech Republic, operating since 2005. The website offers multiple live internet radio streams, podcasts, program schedules, contests, and a listener club, targeting a broad audience in the Prague region. The business model centers on media broadcasting and advertising, supported by a professional online presence and active social media channels. The company behind the site is MEDIA MARKETING SERVICES a.s., indicating a medium-sized media entity with a stable market position. Technically, the website employs modern web technologies including Google Tag Manager, Facebook Pixel, jQuery, and CSS frameworks like Foundation. The site is mobile-optimized with good SEO and accessibility features, though some improvements in accessibility could be made. Hosting is managed via Dial Telecom, with secure HTTPS enforced and CSRF protection tokens present, indicating a mature digital infrastructure. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms compliant with GDPR. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not visibly configured, representing an area for enhancement. No vulnerabilities or exposed sensitive data were detected. Privacy policies and terms of service are comprehensive and accessible, supporting regulatory compliance. Overall, the website is professional, trustworthy, and safe for general audiences, with no adult or explicit content. The domain registration data aligns well with the business history and operations, reinforcing legitimacy. Strategic recommendations include enhancing security headers, improving accessibility, and publishing a formal security policy and incident response information to further strengthen trust and compliance.

F

Fotbalová asociace České republiky

gol.cz

56

The website www.fotbal.cz is the official online presence of the Football Association of the Czech Republic (Fotbalová asociace České republiky). It serves as a comprehensive platform for football-related news, official publications such as the Časopis Gól magazine, match calendars, and information about clubs and competitions. The site targets football fans, players, clubs, and stakeholders within the Czech football ecosystem, positioning itself as the authoritative source for football governance and media in the country. The business model is non-profit and government-affiliated, focusing on sports governance and media dissemination. Technically, the website employs a modern technology stack including Google Analytics, Google Tag Manager, Facebook Pixel, Smartlook, and various JavaScript libraries for UI and cookie consent management. The site is well-optimized for mobile devices, has good accessibility features, and demonstrates solid SEO practices. Performance is moderate, with asynchronous loading of analytics and tracking scripts. From a security perspective, the site enforces HTTPS and uses Google reCAPTCHA to protect forms. Cookie consent mechanisms are implemented, indicating awareness of privacy regulations. However, the site lacks a publicly accessible privacy policy and terms of service pages, which are important for full GDPR compliance and user trust. No security incident response or vulnerability disclosure information is published, which could be improved. Overall, the website is professional, trustworthy, and content-rich, with strong branding and partner endorsements. The absence of WHOIS data is consistent with CZ NIC policies and does not detract from the site's legitimacy. Strategic recommendations include publishing privacy and terms policies, enhancing security headers, and formalizing incident response disclosures to improve compliance and security posture.

T

TCL

tcl.com

70

TCL is a global technology company specializing in consumer electronics including TVs, mobile devices, and home appliances. The Finnish localized website showcases a broad product portfolio with clear navigation and professional branding, targeting general consumers interested in innovative technology products. The site is built on Adobe Experience Manager CMS and hosted likely on AWS infrastructure, utilizing modern JavaScript libraries and Google Tag Manager for analytics. Security posture is strong with HTTPS enforcement and multiple security headers, though explicit security policies and incident response contacts are not publicly detailed. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. The absence of WHOIS data reduces transparency but does not detract from the overall legitimacy of the site. Strategic recommendations include enhancing security transparency, adding vulnerability disclosure mechanisms, and providing direct contact information to improve trust and compliance.

UEFA.com is the official digital presence of the Union of European Football Associations, the governing body for football in Europe. The website serves as a comprehensive platform for European football fans, stakeholders, and media, providing news, live scores, video content, and detailed information about UEFA's competitions and initiatives. It holds a strong market position as the authoritative source for European football, supported by consistent branding and extensive content offerings. Technically, the site employs modern web technologies including React, Google Analytics, and Microsoft Application Insights, ensuring a fast, responsive, and accessible user experience across devices. Security posture is robust with HTTPS enforcement, security headers, and cookie consent mechanisms, though the absence of publicly available WHOIS data limits full domain registration verification. Overall, UEFA.com demonstrates a mature digital infrastructure with strong privacy compliance and business credibility, making it a trusted resource in the sports domain.

Č

Český ráj outdoor s.r.o.

sportparadise.sk

71

Český ráj outdoor s.r.o. operates a well-established e-commerce platform specializing in outdoor equipment such as cycling, hiking, camping, and climbing gear. With over 30 years of market presence, the company maintains a strong brand reputation supported by a large physical store and a comprehensive online catalog. The website is professionally designed, localized in Slovak, and offers a seamless user experience with clear navigation and rich content including customer reviews and blog articles. Technically, the site uses a proprietary e-commerce CMS (BSSHOP) with modern JavaScript frameworks and integrates Google Analytics and Tag Manager for marketing and analytics purposes. Security posture is solid with HTTPS enforcement and standard security headers, although explicit security policies and incident response contacts are not publicly available. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR consent mechanisms. Overall, the site demonstrates a mature digital infrastructure and trustworthy business operations.