Security Directory

The website www.welterbe-bernau.de serves as the official online presence for the UNESCO World Heritage Bauhaus site in Bernau, Germany. It provides comprehensive visitor information including guided tours, workshops, exhibitions, podcasts, and a merchandise shop. The business operates under BeSt Bernauer Stadtmarketing GmbH, focusing on cultural heritage promotion and tourism services. The site targets tourists, educators, and cultural enthusiasts with a clear and professional presentation. Technically, the website is built on the Contao CMS platform using Bootstrap for responsive design and jQuery for interactivity. It employs Matomo analytics for user tracking, indicating a privacy-conscious approach. The site is mobile-optimized with lazy loading images and structured navigation, though accessibility features are basic. Hosting appears stable with multiple authoritative nameservers. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks security headers and a cookie consent mechanism, which are recommended for enhanced protection and GDPR compliance. No incident response or vulnerability disclosure policies are published, representing an area for improvement. Overall, the website is trustworthy, professionally maintained, and serves its cultural mission well. Strategic enhancements in security policies and privacy compliance would further strengthen its posture and user trust.

Galerie Bernau is a small, regionally focused art gallery operated under the BeSt Bernauer Stadtmarketing GmbH umbrella. It provides cultural services including exhibitions, artist ateliers, community events, and an art shop, targeting local art enthusiasts and visitors. The website is professionally designed with clear navigation and good mobile optimization, leveraging modern technologies such as Contao CMS, Bootstrap, and analytics tools like Google Analytics and Matomo. Security posture is solid with HTTPS and anonymized tracking, though improvements are recommended in security headers and cookie consent mechanisms. The domain registration and hosting setup appear legitimate and consistent with the business profile. Overall, the site reflects a trustworthy and community-oriented cultural institution with room for enhanced privacy compliance and security transparency.

BeSt Bernauer Stadtmarketing GmbH operates the website www.bernau-besuchen.de as an official tourism and city marketing platform for Bernau bei Berlin, Germany. The site provides comprehensive information on sightseeing, accommodations, events, and cultural activities targeting tourists and visitors. The business model focuses on promoting local tourism and supporting visitor engagement through event promotion, guided tours, and a souvenir shop. The company maintains a consistent brand presence with clear contact information and active social media channels. Technically, the website is built on the Contao Open Source CMS with Bootstrap framework and uses jQuery and Matomo analytics for privacy-conscious visitor tracking. The site is mobile-optimized, accessible, and SEO-friendly, delivering a good user experience with moderate performance. Hosting appears to be managed via your-server.de and related nameservers, indicating a professional hosting environment. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks advanced security headers and does not provide a public security policy or vulnerability disclosure mechanism. Privacy compliance is partially met with a privacy policy present but no visible cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the website scores well on content quality, technical implementation, and business credibility, with room for improvement in security posture and privacy compliance. No WAF or blocking mechanisms were detected, and the domain appears legitimate and consistent with the business purpose.

W

Wald Allianz

wald-allianz.de

60

Wald Allianz is a small non-profit environmental initiative based in Germany, focused on promoting sustainable forest management and conservation. The website provides educational resources, information about forest ecosystem services, and encourages engagement from forest owners, professionals, and consumers. The initiative appears to be relatively new, founded around 2020, with a clear mission to foster a future for forests through collaboration and awareness. Technically, the website is built on WordPress using the Astra theme and several plugins including Yoast SEO and Borlabs Cookie for privacy compliance. The site is well-structured, mobile-optimized, and uses HTTPS, but lacks some compliance pages such as privacy policy and terms of service. Security posture is generally good with HTTPS and cookie consent, but could be improved by adding security headers and publishing security policies. Overall, the website is professional and trustworthy, though it would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

N

Naturwald Akademie gGmbH

waldmonitor-deutschland.de

56

Waldmonitor Deutschland is a small, specialized organization providing free satellite-based forest monitoring services across Germany. The platform offers detailed maps on forest condition, tree species distribution, and forest fire occurrences, targeting forest owners, municipalities, and governmental bodies. The business operates in partnership with Remote Sensing Solutions and is managed by Naturwald Akademie gGmbH. The website is professionally designed with clear navigation and good content relevance, supporting its mission to provide accessible environmental data. Technically, the website employs modern frontend technologies such as Bootstrap and Font Awesome, ensuring good mobile responsiveness and user experience. The site uses HTTPS and implements a cookie consent mechanism with opt-in, reflecting a commitment to privacy compliance. However, no advanced security headers or incident response policies are published, indicating room for improvement in security posture. Security-wise, the site shows a good baseline with HTTPS and minimal tracking, but lacks explicit security policies and vulnerability disclosure mechanisms. No critical vulnerabilities or suspicious WHOIS patterns were detected, and the domain registration aligns well with the business purpose. Overall, the site is trustworthy and secure for its intended audience. The overall risk is low, but strategic improvements in security headers, incident response transparency, and terms of service publication would enhance trust and compliance. The site’s minimal tracking and clear contact information support a positive privacy stance.

F

Förderverein der katholischen Schulen St. Marien in Berlin e.V.

st-marien-foerderverein.de

39

The Förderverein der katholischen Schulen St. Marien in Berlin e.V. is a small non-profit association dedicated to supporting Catholic schools in Berlin through fundraising, organizing events, and providing school-related support services. The website serves as a community hub for parents, students, alumni, and supporters, offering information about membership, donations, school clothing orders, and upcoming events. The organization maintains a consistent and professional online presence with clear branding and regular content updates. Technically, the website is built on WordPress 5.4 with common plugins such as FooBox and Team Members Pro, hosted on a German hosting provider (kasserver.com). The site is moderately optimized for performance and mobile devices, with basic accessibility and SEO features. However, some modern security best practices like security headers and cookie consent mechanisms are missing. From a security perspective, the site uses HTTPS and avoids exposing sensitive data, but lacks explicit security headers and a vulnerability disclosure policy. Privacy compliance is partially addressed with a GDPR privacy policy, but no cookie consent banner is present. Contact information is clearly provided, enhancing business credibility. Overall, the website presents a low-risk profile with good trust indicators appropriate for a local non-profit educational association. Strategic improvements in security headers, cookie consent, and incident response transparency would further strengthen its posture.

B

Behinderten- und Rehabilitations-Sportverband Berlin

bsberlin.de

47

The Behinderten- und Rehabilitations-Sportverband Berlin (BS Berlin) is a non-profit sports association dedicated to promoting inclusive sports and rehabilitation sports in Berlin. The website serves as a platform to inform about events, campaigns, and educational offerings related to inclusive sports, targeting people with disabilities, sports clubs, and partners in politics and associations. The organization holds a strong regional position with established programs and partnerships. Technically, the website is built on TYPO3 CMS with Bootstrap 4, uses Matomo for analytics, and implements accessibility and privacy best practices including cookie consent mechanisms. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security policies and incident response contacts are not published. Overall, the website is professional, trustworthy, and compliant with GDPR, but could improve transparency by adding terms of service and security-related policies.

E

eniky GmbH

eniky.com

53

eniky GmbH is a small Berlin-based web agency specializing in Joomla and WordPress web development, SEO, and maintenance services. The company offers tailored web solutions from concept to deployment, targeting businesses seeking professional CMS-based websites. The website is well-structured, professionally designed, and compliant with GDPR and cookie regulations, reflecting a mature digital presence. Technically, the site uses WordPress with modern plugins and frameworks, ensuring good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are absent. The lack of WHOIS registration data is a notable risk factor, reducing domain trustworthiness and requiring further verification. Overall, the site presents a credible and professional business with minor gaps in transparency and security documentation.

B

Berliner Stadtmission

berliner-stadtmission.de

58

Berliner Stadtmission is a well-established non-profit organization founded in 1877, providing extensive social services and community support across Berlin with over 90 facilities. Their website is professionally designed using TYPO3 CMS, featuring modern technologies such as Leaflet.js for maps and Matomo for analytics, reflecting a mature digital infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though some advanced security headers and incident response details are absent. Overall, the domain registration aligns well with the organization's identity, indicating legitimacy and trustworthiness.

S

Schützenverband Berlin-Brandenburg e.V.

svbb.org

63

Schützenverband Berlin-Brandenburg e.V. is a regional non-profit sports association focused on sports and archery shooting activities within the Berlin-Brandenburg area. The organization provides information, coordination, and event management services for its member clubs and the broader sports shooting community. The website serves as an information hub with event calendars, contact forms, and embedded media to support its members and interested parties. Technically, the website is built on WordPress using popular plugins such as Yoast SEO and Modern Events Calendar Lite, indicating a moderate level of digital maturity. The site is mobile-optimized and includes privacy and cookie consent mechanisms, reflecting compliance with GDPR requirements. Security posture is adequate with HTTPS enabled and cookie consent implemented, though additional security headers and incident response information could enhance the security maturity. Overall, the website presents a professional and trustworthy front for the association with clear business information and consistent branding.

A

Arendal Næringsforening

arendalchamber.no

55

Arendal Næringsforening is a regional business association established in 2005, focused on promoting the interests of businesses in the Arendal region of Norway. The organization operates membership services, organizes business events including the Arendal Business Summit, and engages young professionals through its ANF UNG initiative. The website reflects a medium-sized organization with a consistent brand and a clear focus on local business networking and advocacy. Technically, the website employs modern web technologies such as Google Tag Manager, Facebook SDK, and cookie consent mechanisms, providing a good user experience with mobile optimization and accessibility features. Security posture is solid with HTTPS enforcement and basic security best practices, though it lacks advanced security headers and formal incident response disclosures. Privacy compliance is partial, with a cookie consent banner present but no explicit privacy policy or terms of service pages. Overall, the domain age and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.

V

Volt Power Analytics

voltrystad.com

58

Volt Power Analytics is a specialized energy analytics company focused on providing advanced power market modeling solutions for the European market. Leveraging Rystad Energy's data, they offer daily updated Forward Horizon Reports and customizable market simulations. The company targets professionals and organizations in the energy sector, including utilities, investors, and government entities. Their business model centers on delivering SaaS-based analytics and forecasting tools with a strong emphasis on data accuracy and market insights. Technically, the website is built on WordPress with Elementor and integrates modern SEO and analytics tools, reflecting a moderate to high digital maturity. Security posture is solid with HTTPS, domain transfer lock, and cookie consent mechanisms, though DNSSEC is not enabled and some security headers could be improved. Overall, the site is professional, trustworthy, and compliant with GDPR, though direct contact details are limited to a web form. Strategic recommendations include enhancing DNS security, publishing security policies, and expanding contact options to improve trust and compliance.

F

Fleetback

fleetback.com

65

Fleetback is a Luxembourg-based company founded in 2015 that provides a comprehensive digital platform for automotive dealerships to streamline and digitalize their sales, after-sales, self-service, audits, and parking processes. The company serves over 2,000 customers across 26 countries, positioning itself as a key player in the automotive digital solutions market. The website reflects a professional and consistent brand image, targeting automotive professionals such as technicians, salespeople, and service advisors. Technically, the website is built on WordPress with modern libraries and frameworks including jQuery, Bootstrap, and various analytics and marketing tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. The site is hosted with Amazon Registrar and uses AWS DNS services. It features a cookie consent mechanism compliant with GDPR and employs Google reCAPTCHA v3 for bot protection. The site is mobile optimized and SEO friendly, though accessibility features are basic. From a security perspective, the site uses HTTPS with good SSL configuration and implements best practices like bot protection and cookie consent. However, it lacks explicit security headers and does not publicly disclose a security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Overall, Fleetback's website demonstrates a mature digital presence with strong business credibility and privacy compliance. Recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further strengthen trust and security posture.

A

Arved Fuchs Expeditionen

arved-fuchs.de

56

Arved Fuchs Expeditionen is a German-based non-profit organization focused on environmental and climate expeditions, primarily using the sailing ship Dagmar Aaen since 1988. The organization engages in scientific expeditions, youth education, lectures, and publishes related content such as podcasts and books. Their market position is niche but well-established in the environmental expedition and education sector. The website is built on Joomla CMS with modern frontend frameworks, providing a good user experience with mobile optimization and accessibility. Security posture is solid with HTTPS and obfuscated emails, though some security headers could be improved. Privacy compliance is strong with clear policies and cookie consent mechanisms. Contact information is transparent and professional, enhancing business credibility. Overall, the website is trustworthy and professionally maintained.

D

DVV Media Group GmbH

schiffundhafen.de

67

Schiff & Hafen is a German maritime industry media platform operated by DVV Media Group GmbH, providing specialized news, publications, events, and career information for maritime professionals and companies. The website is built on TYPO3 CMS, hosted by PlusServer, and integrates modern analytics and advertising technologies including Google Tag Manager, Google Ad Manager, Matomo, and Usercentrics for privacy compliance. The site features a subscription paywall for premium content and offers newsletters and event information. Security posture is solid with HTTPS and consent management, though security headers and incident response policies are not publicly detailed. Overall, the website demonstrates a mature digital presence with good content quality, professional design, and strong business credibility in the maritime media sector.

O

Ocean Technology Council of Nova Scotia

otcns.ca

56

The Ocean Technology Council of Nova Scotia (OTCNS) operates as a regional industry council dedicated to promoting the ocean technology sector within Nova Scotia, Canada. The organization provides a platform for industry news, events, member services, career opportunities, and partnerships, targeting businesses, professionals, and government stakeholders in the ocean technology domain. The website reflects a focused business model centered on membership and industry collaboration, positioning OTCNS as a key regional player in ocean technology advocacy and networking. Technically, the website is built using the Ember.js framework, indicating a modern single-page application architecture. It employs Google Analytics for user tracking and demonstrates moderate performance and good mobile optimization. However, the site lacks advanced SEO and accessibility features, and no CMS is explicitly identified, suggesting a custom-built solution. Hosting details beyond the registrar are not evident. From a security perspective, the site benefits from HTTPS encryption and domain registration protections but lacks DNSSEC and important security headers, which are recommended to enhance security posture. No privacy, cookie, or terms of service policies are present, indicating compliance gaps with GDPR and other privacy regulations. The absence of a vulnerability disclosure policy or security.txt file further limits transparency in security incident handling. Overall, the website is professional and trustworthy with good business credibility but requires improvements in privacy compliance and security best practices to reduce risk and enhance user trust. Strategic recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and establishing a vulnerability disclosure process.

N

Norlengs

norlengs.com

64

Norlengs operates the MV Ulla Rinman, an ice-strengthened research vessel chartered for scientific expeditions, environmental research, and educational field courses in the Arctic. The company targets universities, NGOs, and creatives seeking a mobile basecamp for Arctic exploration. The website is professionally designed using Squarespace, featuring clear navigation, rich content about research capabilities, and a gallery showcasing the vessel and expeditions. Technical infrastructure includes HTTPS with HSTS, Google Analytics, and reCAPTCHA for form security. However, the absence of a privacy policy, terms of service, and explicit contact details limits privacy compliance and business credibility. WHOIS data is unavailable, raising concerns about domain registration legitimacy. Overall, the site demonstrates moderate digital maturity with room for improvement in compliance and transparency.

I

INTEC Industrie-Technik GmbH

inteckg.de

50

INTEC Industrie-Technik GmbH is a German-based company specializing in tailored industrial technology solutions, focusing on product engineering, software and systems, and product support. The company targets industrial clients seeking innovative and flexible technical services. Their market position is that of a niche B2B service provider within the manufacturing and technology sectors. The website is professionally designed using WordPress with Elementor and Astra theme, reflecting a modern and responsive digital presence. Social media integration includes LinkedIn, Instagram, and Xing, enhancing their business outreach. Technically, the website employs a robust CMS infrastructure with modern libraries and frameworks, ensuring moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in security headers and incident response transparency. Privacy compliance is strong, with accessible privacy and cookie policies aligned with GDPR requirements. Overall, the security posture is solid with no visible vulnerabilities or exposed sensitive data. The domain registration data is consistent with the business claims, indicating legitimacy and trustworthiness. The website content is safe for general audiences, with no adult or questionable material detected. Strategic recommendations include enhancing security headers, publishing a security policy, and improving accessibility features to further strengthen compliance and trust.

B

brand MARINE CONSULTANTS GmbH

brand-marine.com

51

brand MARINE CONSULTANTS GmbH is a specialized marine consultancy founded in 2014, offering a broad range of services including salvage operations, casualty management, surveys, and expert witness services. The company targets shipowners, law firms, insurance companies, and offshore contractors globally. The website is professionally designed, mobile optimized, and uses modern web technologies including Contao CMS and various JavaScript libraries. Privacy and cookie policies are implemented with GDPR compliance. However, the WHOIS data for the domain is missing, which raises concerns about domain registration legitimacy. No direct contact emails or phone numbers are present on the services page, which could impact user trust. Overall, the security posture is moderate with room for improvement in security headers and incident response transparency.

O

Oshkosh Corporation

oshkoshsseries.com

64

Oshkosh S-Series is a specialized product line under the established Oshkosh Corporation, focusing on front discharge concrete mixers. The website serves as a product and support portal targeting construction and industrial customers, offering detailed product information, parts and service support, and innovation features. The site is professionally designed using HubSpot CMS and integrates modern marketing and analytics tools, reflecting a mature digital presence. Security posture is adequate with HTTPS and domain protections, though improvements like DNSSEC and security policies are recommended. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site demonstrates strong business credibility and technical implementation, suitable for an enterprise-level industrial manufacturer.

O

Oshkosh Corporation

oshkoshairport.com

62

Oshkosh Airport Products is a division of Oshkosh Corporation specializing in the design and manufacture of Airport Rescue and Firefighting (ARFF) vehicles for airports worldwide. The company holds a strong market position as a leading manufacturer with a comprehensive dealer network and aftermarket support, offering high-performance ARFF trucks and innovative solutions such as electric ARFF vehicles. The website reflects a professional and consistent brand presence aligned with Oshkosh Corporation's corporate identity. Technically, the website is built on the HubSpot CMS platform, leveraging modern marketing and analytics tools including Google Analytics, Google Tag Manager, Hotjar, and Facebook Pixel. The site is mobile-optimized with good SEO and accessibility features, though some improvements in accessibility and security headers could be made. Performance is moderate, with a well-structured navigation and rich content. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism compliant with GDPR. However, explicit security headers are not fully implemented, and no dedicated security or incident response policies are visible. The WHOIS data is unavailable, which limits domain registration trust analysis, but the website content and branding strongly support legitimacy. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic improvements in security headers, accessibility, and visible policy links would enhance trust and compliance further.

O

Oshkosh AeroTech

oshkoshaerotech.com

65

Oshkosh AeroTech is a specialized provider of ground support equipment and comprehensive airport solutions, leveraging the strength and legacy of its parent company, Oshkosh Corporation. The company focuses on delivering technology-driven products and aftermarket customer care to airports, airlines, ground handlers, and military clients. Their product portfolio includes electric ground support equipment, gate equipment, defense aviation ground equipment, and airport operational services. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their target audience. Technically, the website is built on the HubSpot CMS platform, utilizing modern JavaScript libraries such as Swiper.js and jQuery, and integrates Google Tag Manager and HubSpot Analytics for tracking. Hosting is managed via AWS infrastructure, ensuring reliable performance and scalability. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. From a security perspective, the site enforces HTTPS and employs domain status locks to prevent unauthorized changes. However, it lacks DNSSEC and explicit security headers, and does not provide visible security policies or incident response information. Privacy compliance is partial, with a comprehensive privacy policy linked to the parent company but no cookie consent mechanism detected. Contact information is primarily via web forms, with no explicit emails or phone numbers listed. Overall, the website demonstrates a solid business credibility and technical foundation but could improve in privacy compliance and security transparency to enhance trust and regulatory adherence.

M

MAXIMETAL

maximetal.com

61

MAXIMETAL is a Canadian manufacturing company specializing in custom fire apparatus and utility trucks with over 40 years of industry experience. The company serves major fire departments and utility companies across Canada and the United States, leveraging partnerships with industry leaders such as Oshkosh Corporation and Pierce Manufacturing. Their website reflects a mature business with a clear market position and professional branding. Technically, the website is built on WordPress with modern plugins and technologies including Google Analytics, reCAPTCHA, and SEO optimizations. The site is mobile-friendly and provides a good user experience with clear navigation and relevant content. Security practices include HTTPS enforcement and CAPTCHA on forms, though some security headers are missing. The security posture is generally strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms. However, the absence of WHOIS registration data introduces some uncertainty about domain registration legitimacy, which slightly impacts trust. Overall, MAXIMETAL presents a credible and professional online presence with solid business and technical foundations. Strategic recommendations include enhancing security headers, verifying domain registration details, and adding explicit security policies to further strengthen trust and compliance.

K

Kewaunee

kewauneefabrications.com

62

Kewaunee Fabrications is a specialized heavy fabrication company operating under the parent company Oshkosh Corporation. The company offers a comprehensive range of manufacturing services including welding, finishing, assembly, machining, fabrication, and quality inspection, supported by ISO 9001 certification and certified weld inspectors. Their market position is that of a trusted industrial fabricator serving B2B clients in manufacturing sectors. The website is professionally designed using WordPress, with good SEO and mobile optimization, hosted on AWS infrastructure. Security posture is solid with HTTPS and domain EPP protections, though DNSSEC is not enabled and security headers are missing. Privacy compliance is basic but includes a cookie consent mechanism and a privacy policy hosted on the parent company domain. Overall, the site is trustworthy and professionally maintained, reflecting a mature business presence.

I

Iowa Mold Tooling Co., Inc.

imt.com

64

Iowa Mold Tooling Co., Inc. is a well-established manufacturing company specializing in the design and production of mechanics trucks, lube trucks, tire trucks, air compressors, and truck mounted cranes. The company operates as a subsidiary of Oshkosh Corporation, indicating a strong market position and corporate backing. Their website reflects a professional and consistent brand image, targeting industrial customers and distributors with detailed product information and support resources. The business model focuses on manufacturing and distribution through a network of partners and direct sales. Technically, the website is built on WordPress using Elementor, with integrations for Google Analytics and social media feeds, hosted on AWS infrastructure. The site is mobile-optimized and SEO-friendly, providing a good user experience.

F

Frontline Communications

frontlinecomm.com

65

Frontline Communications is a specialized manufacturer of custom command and communication vehicles serving government and emergency response sectors. The company operates as a division of Pierce Manufacturing Inc., itself part of Oshkosh Corporation, indicating strong corporate backing and market presence. Their product range includes mobile command centers, EOD vehicles, SWAT trucks, and other specialty communication vehicles designed for high reliability and operational efficiency. The website reflects a professional and consistent brand image with clear business focus and target audience alignment. Technically, the website is built on the HubSpot CMS platform, leveraging modern web technologies including jQuery, Google Analytics, and Facebook SDK for marketing and analytics purposes. The site is mobile optimized with good SEO and accessibility basics, though some accessibility features could be enhanced. Performance is moderate, typical for CMS-driven marketing sites. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the site lacks some security best practices such as security headers, a published security policy, and vulnerability disclosure mechanisms. Privacy compliance is well addressed through a comprehensive privacy policy linked to the parent company and a cookie consent mechanism. Overall, the website presents a trustworthy and professional front for Frontline Communications, though the absence of WHOIS registration data and direct contact information slightly reduces transparency. Strategic improvements in security disclosures and contact availability would enhance trust and compliance.

F

FUNK eyewear

funk.de

71

FUNK eyewear is a German-based eyewear manufacturer and retailer operating both physical optical stores and an online e-commerce platform. Established in 2004, the company emphasizes traditional craftsmanship and sustainability by recycling acetate materials in-house. The website is built on the Shopify platform, leveraging modern e-commerce technologies and third-party marketing and analytics tools. The site is well-designed with good mobile optimization and clear navigation, targeting a general audience interested in quality eyewear products. However, the absence of explicit privacy policy and terms of service pages, as well as missing direct contact information, slightly detracts from the overall user trust and compliance posture. Security-wise, the site uses HTTPS and domain transfer protections but lacks DNSSEC and security headers, indicating room for improvement in hardening the security posture. The domain registration data aligns well with the business claims, supporting legitimacy. Overall, the website presents a professional and trustworthy front with moderate technical maturity and compliance gaps that should be addressed.

D

Deutsche Lutherweg-Gesellschaft e. V.

lutherweg.de

10

The Deutsche Lutherweg-Gesellschaft e. V. operates the Lutherweg website, a non-profit cultural and spiritual tourism project focused on the Reformation and Martin Luther's legacy in Germany. The site provides detailed route information, pilgrimage materials, and community engagement through newsletters. Technically, the website is built on WordPress with modern plugins and themes, hosted professionally with webgo.de nameservers. The site is well-optimized for mobile and accessibility, with good SEO practices. Security posture is solid with HTTPS, cookie consent, and form protections, though lacking explicit security policies or incident response contacts. Overall, the website is trustworthy, compliant with GDPR, and professionally maintained, serving a niche audience interested in religious and cultural heritage tourism.

N

Netzwerk Kleinkunst der Evangelischen Kirche in Mitteldeutschland

kleinkunst-ekm.de

45

The website www.kleinkunst-ekm.de serves as a cultural networking platform for the Evangelische Kirche in Mitteldeutschland, connecting artists and church communities across the region. It offers a curated portal for artists and venues, supporting cultural events such as Kirchenkino and providing resources like documents and workshops. The site is positioned as a small, non-profit entity with a clear regional focus and strong church affiliation. Technically, the website employs a modern front-end stack including Bootstrap, jQuery, and popular carousel and slider libraries. Hosting is provided by Eastlink, a German hosting provider, with HTTPS enabled ensuring secure communication. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Analytics are handled via Matomo, indicating some privacy consideration. From a security perspective, the site uses HTTPS but lacks visible security headers and published security or incident response policies. No cookie consent mechanism is present, which is a GDPR compliance gap. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is minimal but consistent with a small non-profit organization, with no suspicious patterns. Overall, the website is professional, trustworthy, and serves its community well, but could improve privacy compliance and security posture by adding cookie consent, security headers, and formal policies.

E

ezra. Opferberatung Thüringen

opferhilfe-thueringen.de

57

ezra. Opferberatung Thüringen is a specialized non-profit organization providing counseling and support services to victims of right-wing, racist, and antisemitic violence in the German state of Thüringen. The organization targets affected individuals, their relatives, and witnesses, offering victim assistance, incident documentation, and a victim aid fund. The website is professionally designed, multilingual, and well-structured, reflecting a clear mission and strong regional presence. It is supported by official funding bodies and partners, enhancing its credibility and trustworthiness. Technically, the site is built on WordPress, hosted by Raidboxes, and uses common plugins and libraries such as Contact Form 7 and Font Awesome. The site is mobile-optimized and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and a cookie consent mechanism, which are recommended for GDPR compliance. Overall, the site is trustworthy and serves an essential social function with a strong regional focus.

E

Evangelische Kirche in Mitteldeutschland (EKM)

kirchenlandkarte.de

10

The website www.kirchenlandkarte.de is an official online project of the Evangelische Kirche in Mitteldeutschland (EKM), providing a comprehensive interactive map and detailed information about over 4000 churches, monasteries, and chapels in Central Germany. It serves as a cultural and religious tourism portal targeting visitors interested in church architecture, history, and spiritual sites. The platform offers detailed descriptions, opening hours, and contact information, enhancing visitor engagement and community outreach. Technically, the site employs a modern tech stack including Bootstrap, jQuery, Leaflet for mapping, and Matomo for analytics, hosted on Eastlink servers. The site is mobile-optimized with good SEO practices and a professional design, ensuring a positive user experience. The content is rich, well-structured, and consistent with the church's branding. From a security perspective, the site uses HTTPS and implements secure form handling with CSRF tokens. However, it lacks explicit security headers and a published security policy or incident response contacts. Privacy compliance is strong, with a comprehensive privacy policy aligned with GDPR and DSG-EKD standards, though no explicit cookie consent mechanism is present. Overall, the website is trustworthy, professionally maintained, and fulfills its mission effectively. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance its security posture and user trust.

F

Ferienhaus "Brückenhaus Naumburg"

brueckenhaus-naumburg.de

55

Ferienhaus "Brückenhaus Naumburg" is a small hospitality business offering a lovingly restored historic holiday home located in Naumburg, Germany. The website provides detailed information about the rental property, pricing, availability, and booking options, targeting tourists seeking accommodation in the Saale-Unstrut region. The business positions itself as a niche provider of heritage vacation rentals with a focus on comfort and local charm. Technically, the website is built on WordPress using popular plugins such as Yoast SEO and Slider Revolution, with a booking system integrated for user convenience. The site is mobile-optimized and well-structured, providing a good user experience and clear navigation. Security-wise, the site uses HTTPS and a cookie consent mechanism but lacks some advanced security headers and explicit privacy or security policies. Overall, the website is professional and trustworthy, though it could improve privacy compliance and security posture by adding missing policies and headers.

Blickpunkt α is a German-language website focused on modern beauty and cosmetics products, targeting a general audience interested in skincare and innovative beauty trends. The site presents itself as a niche player in the retail cosmetics sector, offering high-quality products and content related to beauty. The technical infrastructure is based on WordPress with the Astra theme and Ultimate Addons for Gutenberg, hosted on servers associated with kasserver.com. The website is mobile-optimized and performs moderately well, with good SEO and accessibility basics. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Business credibility is moderate but would benefit from clearer contact information and trust signals. Overall, the site is safe for general audiences and does not contain adult or explicit content.

F

Förderverein Moritzkirche Naumburg (Saale) e.V.

moritzkirche-naumburg.de

49

The website represents the Förderverein Moritzkirche Naumburg (Saale) e.V., a non-profit organization dedicated to preserving and promoting the cultural and religious heritage of the St. Moritz church in Naumburg, Germany. It offers information about church services, exhibitions, concerts, and historical lectures, targeting local visitors and cultural enthusiasts. The site is well-branded and provides clear contact and donation information, reflecting a trustworthy community institution. Technically, the website uses modern front-end technologies such as Bootstrap, jQuery, and slick carousel, delivering a good user experience with mobile optimization and clear navigation. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. Security-wise, HTTPS is used, but no security headers or vulnerability disclosures are present, indicating room for improvement in security posture. Overall, the site is safe, professional, and credible but would benefit from enhanced privacy and security measures.

The website www.evangelischejugend.de represents the official online presence of the Kinder- und Jugendpfarramt der Evangelischen Kirche in Mitteldeutschland (EKM), focusing on youth work within the church community. It provides information, resources, and event announcements targeted at children, youth, and church workers engaged in evangelical youth activities. The organization operates as a non-profit entity with a regional focus in Germany. The site is well-branded, consistent, and maintains a professional tone suitable for its audience. Technically, the website employs modern front-end technologies including Bootstrap 5 and FontAwesome, with additional JavaScript libraries for layout and media handling. Hosting is provided by Eastlink, as indicated by the nameservers. The site is mobile-optimized and performs moderately well, though some improvements in accessibility and SEO could be made. Analytics are handled via Piwik, reflecting moderate user tracking with some privacy considerations. From a security perspective, the site uses HTTPS and secure forms but lacks visible security headers and a cookie consent mechanism, which are recommended for enhanced compliance and protection. No critical vulnerabilities or exposed sensitive data were detected. WHOIS data aligns with the organizational identity, supporting legitimacy. Overall, the website is a credible, safe, and functional platform for its intended audience, with room for improvement in privacy compliance and security best practices.

E

Evangelische Schulstiftung in Mitteldeutschland St. Johannes

schulstiftung-ekm.de

39

The Evangelische Schulstiftung in Mitteldeutschland St. Johannes operates as a large non-profit educational foundation managing 42 educational institutions across the German states of Saxony, Saxony-Anhalt, and Thuringia. It serves over 7,000 students with a staff of approximately 900, offering a broad range of school types including primary, secondary, and special education. The foundation also provides career opportunities and professional development programs, positioning itself as a key regional player in evangelical education. Technically, the website employs a modern front-end stack including Bootstrap, jQuery, and various UI libraries, delivering a responsive and well-structured user experience. While performance is moderate, the site is mobile-optimized and SEO-friendly. Analytics are handled via Matomo/Piwik, reflecting a moderate level of user tracking with some privacy considerations. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and published security policies or incident response contacts, which are areas for improvement. Privacy compliance is strong regarding GDPR with a comprehensive privacy policy, but the absence of a cookie consent mechanism is a notable gap. Overall, the website is professional, trustworthy, and well-aligned with its educational mission. Strategic enhancements in security headers, cookie consent, and incident response transparency would further strengthen its security posture and compliance.

O

Octadesk

octadesk.com

52

Octadesk is a Brazilian technology company providing a comprehensive SaaS platform for omnichannel customer service and sales automation. The platform integrates AI chatbots, ticketing, workflow automation, and analytics to optimize customer interactions and operational efficiency. With over 4000 companies using its services, Octadesk holds a strong market position in Brazil's customer service technology sector. The website demonstrates a mature digital infrastructure leveraging Webflow CMS, HubSpot marketing tools, and multiple analytics and advertising pixels, indicating advanced digital marketing and user engagement strategies. Security posture is robust with HTTPS, security headers, and secure forms, although explicit security policies and incident response information are not publicly detailed. The absence of WHOIS domain registration data is a notable concern but does not detract significantly from the overall trustworthiness given the professional website and business presence. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and enhancing transparency around data protection roles. Overall, Octadesk presents as a credible and professional technology provider with a strong digital presence and good security hygiene.

A

AMBEST

am-best.com

53

AMBEST is a well-established, member-owned network of independent truck stops and service centers operating nationwide since 1988. The company focuses on providing quality facilities, competitive fuel pricing, expert maintenance, and a loyalty rewards program (AMBUCK$) targeted at drivers and fleets in the transportation sector. The website reflects a professional and consistent brand image emphasizing family-owned values and service excellence. Technically, the site uses modern JavaScript frameworks (Vue.js, Quasar) and is hosted with Cloudflare DNS, delivering moderate performance and good mobile optimization. Security posture is adequate with HTTPS and domain registration protections but lacks important security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies and no consent mechanisms. Contact information is minimal and no incident response or vulnerability disclosure policies are published, which could be improved to enhance trust and compliance. Overall, the website is safe, professional, and credible but would benefit from enhanced privacy and security practices.

A

Antagus

antagus.de

47

Antagus is a German-based company specializing in domain reseller services, cloud and V-Server hosting, server rental, and server housing. Established since 1996, it operates multiple data centers and partners with companies like Vautron Rechenzentrum AG and NetBeat to provide infrastructure and end-customer services. The website targets business customers such as domain resellers and web hosting providers, offering competitive pricing and a range of hosting solutions. The company demonstrates trustworthiness through ISO/IEC 27001 certification and positive customer references. Technically, the website uses standard web technologies with Matomo analytics for privacy-conscious tracking. Security posture is moderate, with room for improvement in security headers and explicit security policies. Privacy compliance is strong, featuring a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and trustworthy, though technical modernization and enhanced security practices are recommended.

D

DJK Landesverband NRW e.V.

djk-vernetzt.de

46

DJK Landesverband NRW e.V. is a non-profit sports association based in Germany, focused on promoting values in sports through seminars, community projects, and educational initiatives. The organization targets sports clubs, childcare facilities, and sports enthusiasts primarily in the North Rhine-Westphalia region. Their offerings include projects like #WERTEkeeper, KiTa aktiv, and vollWERTsport, emphasizing respect, fair play, and human dignity in sports. The website reflects a consistent and professional brand image with clear navigation and relevant content for its audience. Technically, the website is built on TYPO3 CMS with a Bootstrap package, incorporating modern frontend technologies such as Slick Slider for interactive content. The site is mobile-optimized, accessible, and performs moderately well. It employs HTTPS with a good SSL configuration and includes a cookie consent mechanism compliant with GDPR. However, no advanced security headers or incident response information are published. From a security perspective, the site demonstrates good practices like HTTPS enforcement and cookie consent but lacks explicit security policies and vulnerability disclosure mechanisms. No vulnerabilities or exposed sensitive data were detected. The domain registration data is consistent and trustworthy, supporting the legitimacy of the organization. Overall, the website presents a low-risk profile with a solid business credibility and privacy compliance posture. Strategic improvements could focus on enhancing security transparency and incident response readiness to further strengthen trust and compliance.

Accelerator.net presents a minimalistic website with very limited content, primarily a heading and a brief tagline describing a "Lightning-fast global delivery network." The domain is well-established, created in 2004, and registered through Amazon Registrar, Inc., indicating a legitimate registration history. However, the website lacks essential business information, contact details, privacy policies, and security disclosures, which limits its credibility and user trust. The technical infrastructure appears basic, leveraging Google Fonts and AWS DNS services, but lacks modern SEO, accessibility, and security enhancements. Security posture is minimal with no detected security headers or DNSSEC enabled, and no evidence of privacy or cookie compliance mechanisms. Overall, the site is accessible without WAF or blocking mechanisms but requires significant improvements in content, security, and compliance to meet professional standards.

A

Agder fylkeskommune

agderfk.no

68

Agder fylkeskommune is a regional government entity in Norway focused on improving living conditions and reducing greenhouse gas emissions in the Agder region. The website serves as an official portal providing information and services to residents and stakeholders. The digital infrastructure employs a mixed technology stack including legacy jQuery libraries and modern JavaScript modules, with analytics tools such as Microsoft Clarity and Monsido Heatmaps integrated for user behavior insights. The site demonstrates good design quality, mobile optimization, and accessibility, reflecting a mature digital presence for a government organization. Security posture is moderate with HTTPS usage implied, but lacks explicit security headers and published security policies. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy or terms of service pages. WHOIS data confirms domain legitimacy and consistency with the entity's founding in 2020. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures.

N

NKRF

nkrf.no

59

NKRF is a well-established Norwegian professional association specializing in municipal auditing and control, founded in 1945. The organization provides a range of services including courses, conferences, publications, and professional resources targeted at municipal auditors and public sector professionals. The website reflects a mature digital presence with consistent branding and relevant content tailored to its audience. Technically, the site uses modern web technologies such as Craft CMS, Google Analytics, and Material Design Icons, and is optimized for mobile and accessibility. Security posture is solid with HTTPS and IP anonymization in analytics, though it lacks some security headers and a cookie consent mechanism. The absence of WHOIS data is typical for .no domains and does not detract from the site's legitimacy. Overall, NKRF's website is professional, trustworthy, and serves its niche audience effectively.

K

KS Digital

ksdigital.no

66

KS Digital is a Norwegian government-affiliated digital service provider delivering sustainable shared digital services tailored to the needs of the municipal sector. The company is relatively new, founded in 2024, and targets Norwegian municipalities with digital solutions that align with sector requirements. The website reflects a professional and consistent brand presence with clear messaging about its mission and services. Technically, the site is built on WordPress with modern plugins and frameworks such as React, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly, leveraging Yoast SEO and structured data for enhanced search visibility. Security posture is adequate with HTTPS implied, but lacks explicit security headers and detailed security or privacy policies. No forms or direct contact information are present on the homepage, which may impact user engagement and trust. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and security transparency.

C

Cloud Security Alliance Norway Chapter

cloudsecurityalliance.no

61

The Cloud Security Alliance Norway Chapter website serves as the local representation of the global Cloud Security Alliance organization, focusing on cloud security education, networking, and community engagement within Norway. Founded in 2015, the chapter provides members with access to events, research, and professional development opportunities in cloud security. The website is hosted on the Higher Logic platform, leveraging ASP.NET WebForms and common web technologies such as jQuery and Bootstrap for its frontend implementation. From a technical perspective, the site employs a moderate technology stack with CDN hosting via Amazon CloudFront, ensuring reasonable performance and availability. While the site is functional and professionally designed, mobile optimization and accessibility are basic, and SEO practices are modest. The site uses HTTPS with good SSL configuration but lacks several recommended security headers, which could enhance its security posture. Security-wise, the website enforces HTTPS and uses Google Tag Manager for analytics and tracking but does not provide explicit security policies, incident response contacts, or vulnerability disclosure mechanisms. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism or GDPR compliance indicators. The absence of direct contact emails or phone numbers on the homepage limits immediate user engagement but aligns with the community-focused nature of the chapter. Overall, the website is trustworthy and legitimate, consistent with the Cloud Security Alliance brand and its Norway chapter mission. Strategic improvements in security headers, privacy compliance, and mobile accessibility would enhance the site's security posture and user experience.

D

Direktoratet for samfunnssikkerhet og beredskap

dsb.no

73

Direktoratet for samfunnssikkerhet og beredskap (DSB) is a Norwegian government agency responsible for civil protection, safety, risk management, and emergency preparedness. The website serves both professionals in safety-related fields and the general public, providing regulatory information, training resources, safety advice, and emergency communication services. The agency holds a strong national position as the authoritative body for societal safety in Norway. The site is well-structured, professionally designed, and offers comprehensive content relevant to its audience.

N

Norwegian University of Science and Technology

ntnu.edu

69

The Norwegian University of Science and Technology (NTNU) operates a comprehensive and professionally designed website serving students, researchers, and the academic community. The site offers detailed information on study programs, research initiatives, student life, and institutional resources, positioning NTNU as a leading educational institution in Norway. The digital infrastructure leverages modern technologies including Liferay CMS, Bootstrap, and various analytics tools, reflecting a mature and well-maintained technical environment. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers could be enhanced. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the website demonstrates high professionalism, trustworthiness, and user-centric design.

N

Nasjonal sikkerhetsmyndighet

nsm.no

10

Nasjonal sikkerhetsmyndighet (NSM) is the Norwegian National Security Authority, a government agency established in 2016 responsible for national security and cybersecurity in Norway. The website serves as the official portal for disseminating security alerts, guidelines, and protective security information to the public sector, businesses, and citizens. It positions itself as the primary national authority in its domain, providing critical services related to cybersecurity and incident response coordination. Technically, the website is built on the Corepublish CMS platform, utilizing standard web technologies such as JavaScript, SVG, CSS, and HTML5. The site is accessible over HTTPS and includes Google site verification, indicating a legitimate and verified presence. The design is professional and mobile-optimized, though accessibility and SEO optimizations are basic. No advertising or tracking technologies were detected, reflecting a focus on information dissemination rather than commercial activity. From a security perspective, the site benefits from HTTPS and some best practices but lacks explicit security headers and formalized privacy or cookie policies. There is no visible vulnerability disclosure or security.txt file, and no direct contact information for incident response was found in the provided content. These gaps suggest room for improvement in transparency and security posture. Overall, the website is trustworthy and professional, consistent with a government entity. The domain registration data aligns well with the agency's profile, supporting legitimacy. However, the absence of privacy and cookie policies and limited contact information slightly reduce the privacy compliance score. Strategic enhancements in these areas would strengthen the site's security and compliance posture.