Security Directory

J

junge Welt

jungewelt.de

46

junge Welt is a German left-wing daily newspaper established in 1947, operating as a cooperative with over 3000 members. The website offers comprehensive news coverage with a focus on political and social issues, supported by subscription services, newsletters, and event information. Technically, the site uses a custom CMS (KONTEXT-CMS), Bootstrap, jQuery, and Piwik analytics, providing a modern and mobile-optimized experience. Security posture is moderate with HTTPS implied but lacks explicit security headers and cookie consent mechanisms. No direct contact emails or phone numbers are visible, but a login form and contact pages exist. Overall, the site is professional, content-rich, and trustworthy, serving a niche audience interested in leftist political news.

D

DNStination Inc.

polyfill-fastly.io

63

The website 'Fastly Polyfill' provides a specialized service that dynamically delivers only the necessary JavaScript polyfills required by a user's browser, optimizing web application compatibility and performance. The service is targeted primarily at web developers and technology users who need to ensure cross-browser functionality. The business is relatively new, founded in 2024, and operates under DNStination Inc., a US-based organization. The website branding and content are consistent and professional, with clear navigation and a modern design using Pico CSS. The presence of links to Fastly's corporate privacy and terms pages suggests affiliation or infrastructure usage by Fastly, a recognized CDN provider. Technically, the site employs modern web standards and technologies, including JavaScript and a lightweight CSS framework, ensuring good performance and mobile optimization. The domain is hosted likely on Fastly's infrastructure, contributing to fast load times and reliable service delivery. The site includes interactive forms allowing users to customize polyfill bundles, reflecting a mature technical implementation. From a security perspective, the site uses HTTPS and does not expose sensitive data. However, it lacks explicit security headers and a published security policy or incident response contacts, which are areas for improvement. Privacy compliance is partial; while a privacy policy is linked, there is no cookie consent mechanism implemented. No direct contact information such as emails or phone numbers are provided on the site, which may impact user trust. Overall, the website presents a low-risk profile with a solid technical foundation and clear business purpose. Strategic recommendations include enhancing security headers, implementing cookie consent, publishing security and incident response policies, and providing direct contact information to improve trust and compliance.

F

Flou.cz - Informační systém pro malé firmy a OSVČ

flou.cz

50

Flou.cz is a Czech Republic-based SaaS platform providing an intelligent information system tailored for small businesses, craftsmen, and sole proprietors (OSVČ). The platform centralizes management of offers, orders, invoices, contacts, and financial documents in a cloud environment accessible from multiple devices. Its business model focuses on subscription services with a free 30-day trial, targeting a niche market of small enterprises seeking to streamline administrative tasks. The website content is professionally presented in Czech, with clear navigation and consistent branding, supporting a trustworthy user experience. Technically, the website employs modern web technologies including Google Analytics for traffic analysis, Smartsupp Live Chat for customer support, and Google reCAPTCHA for bot protection. The site is responsive and optimized for mobile devices, though accessibility features are basic. Performance is moderate, with bundled CSS and JavaScript resources. Security best practices include HTTPS enforcement and cookie consent mechanisms, though HTTP security headers are not explicitly detected. From a security perspective, the site demonstrates a solid posture with encrypted communications and user privacy considerations. However, the absence of explicit incident response contacts and vulnerability disclosure mechanisms suggests room for improvement in transparency and readiness. The lack of WHOIS data limits domain registration trust analysis, but the professional presentation and contact information mitigate concerns. Overall, the site is low risk with good privacy compliance and business credibility. Strategically, Flou.cz should enhance its security headers, publish a security.txt file, and provide clearer incident response contacts to strengthen trust and compliance. Continued focus on accessibility and performance optimization will improve user experience and broaden market appeal.

N

NEXTERA tech s.r.o.

inventarizuj.cz

51

Inventarizuj is a Czech-based technology company specializing in RFID-enabled asset inventory solutions. Their platform integrates with existing ERP systems to provide automated, efficient, and accurate inventory management. The company targets businesses and institutions requiring streamlined asset tracking, offering mobile applications and real-time discrepancy alerts. Their client base includes reputable universities and public sector organizations, supported by partnerships with hardware providers such as Zebra and Honeywell. Technically, the website employs modern web technologies including JavaScript and Google Tag Manager, with a mobile-optimized design and integration with Android platforms via a Google Play app. The site is secured with HTTPS and includes GDPR-compliant cookie consent mechanisms, reflecting a moderate level of digital maturity. However, some security best practices such as explicit security headers and published security policies are absent. From a security perspective, the site demonstrates a good baseline with encrypted communications and user privacy considerations. The absence of WHOIS data for the domain is a notable concern, reducing domain trustworthiness and raising questions about registration legitimacy. No critical vulnerabilities or malicious content were detected on the site itself. Overall, Inventarizuj presents a professional and trustworthy business front with room for improvement in security transparency and domain registration clarity. Strategic enhancements in security policies, WHOIS data availability, and accessibility compliance would strengthen their risk posture and stakeholder confidence.

CodePen is a well-established online platform founded in 2012 that serves as a social development environment for front-end developers and designers. It offers an online code editor, project building, testing, and a vibrant community for sharing and discovering front-end code snippets and projects. The platform operates on a freemium business model with PRO accounts and team subscriptions, positioning itself as a leader in the front-end development community. The website is professionally designed, mobile-optimized, and provides clear navigation and rich content that caters to its target audience of front-end developers and designers. Technically, CodePen employs modern web technologies including React, SCSS, and JavaScript, hosted and protected by Cloudflare services. The site demonstrates good performance, accessibility, and SEO optimization. Security measures include HTTPS enforcement and CSRF protection in forms, although DNSSEC is not enabled and some security headers are not explicitly detected. Privacy policies and terms of service are comprehensive and publicly accessible, though a cookie consent mechanism and explicit security policies are absent. From a security perspective, CodePen maintains a strong posture with encrypted communications and domain registration consistency. However, improvements can be made by enabling DNSSEC, publishing a security policy, and implementing cookie consent to enhance GDPR compliance. No critical vulnerabilities or blocking mechanisms were detected, and the site is safe for general audiences. Overall, CodePen is a credible, professional, and secure platform with minor areas for enhancement in privacy compliance and DNS security. Strategic recommendations include enabling DNSSEC, adding cookie consent, publishing security and incident response policies, and enhancing security headers to further strengthen trust and compliance.

A

Acronym Finder

acronymfinder.com

63

Acronym Finder operates as a comprehensive online dictionary specializing in acronyms, abbreviations, and initialisms with over 4 million entries and more than 1 million human-edited definitions. The website serves a broad audience including professionals, students, and the general public seeking to decode acronyms across various sectors such as technology, government, business, science, and pop culture. It maintains a strong market position as the largest and most trusted resource in its niche, supported by a long domain history dating back to 1998 and notable press coverage. Technically, the website employs a modern tech stack including Bootstrap for responsive design, JavaScript libraries, and is hosted via Cloudflare, ensuring good performance and mobile optimization. Advertising is integrated through Google Adsense and Amazon Ads, with tracking via Cloudflare Insights and Facebook SDK. SEO and accessibility are adequately addressed, though some improvements could be made in security headers and GDPR compliance. From a security perspective, the site benefits from HTTPS and domain transfer protections but lacks DNSSEC and explicit security policies. No incident response or vulnerability disclosure information is publicly available, and cookie consent mechanisms are absent, indicating partial privacy compliance. No critical vulnerabilities or suspicious content were detected. Overall, Acronym Finder presents a professional, trustworthy, and content-rich platform with moderate technical maturity and a solid security baseline. Strategic enhancements in privacy compliance and security policies would further strengthen its posture.

W

WIPO - World Intellectual Property Organization

wipo.int

69

The World Intellectual Property Organization (WIPO) is a globally recognized intergovernmental organization dedicated to intellectual property services, policy, and data. The website serves as a comprehensive portal offering access to international IP systems such as patents, trademarks, industrial designs, and geographical indications. It targets innovators, creators, governments, and IP professionals worldwide, positioning itself as the authoritative source for IP information and services. The site is well-branded, consistent, and professionally designed, reflecting its enterprise-level stature and long history since 1996. Technically, the website employs modern web technologies including Bootstrap, jQuery, and web components, with integration of analytics tools like Google Tag Manager, Matomo, and CrazyEgg. The site is mobile-optimized, accessible, and SEO-friendly, hosted likely on Geneva-based infrastructure. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are not published. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a low-risk profile with high trustworthiness, supported by consistent WHOIS data and official domain usage. The absence of direct contact emails or phone numbers on the homepage is mitigated by dedicated contact pages. Strategic recommendations include publishing explicit security and incident response policies and adding a security.txt file to enhance vulnerability disclosure transparency.

Andrei Polgar's website serves as a professional personal brand platform showcasing his expertise as a PhD economist, entrepreneur, investor, YouTuber, and best-selling author. The site highlights his consulting services, speaking engagements, interviews, and educational content primarily focused on economics, finance, and investing in exotic assets such as cryptocurrencies and premium domains. The business model revolves around personal branding, content creation, and consulting services targeting individuals and organizations interested in economic insights and investment strategies. Technically, the website employs basic HTML, CSS, and JavaScript with older libraries like jQuery 1.7.1 and Cufon font replacement, hosted on StableHost servers. Performance and mobile optimization are basic, with room for modernization and improved accessibility. Security posture is moderate but lacks modern security headers, DNSSEC, and visible HTTPS enforcement details. No privacy or cookie policies are present, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the site is trustworthy and professional but would benefit from technical and compliance improvements.

B

Base Site - Bricks

buildingconnected.com

59

BuildingConnected operates as a leading preconstruction software platform that connects general contractors, subcontractors, and owners through a large real-time construction network. The platform facilitates bid management, risk mitigation, and opportunity tracking, positioning itself as a critical tool in the North American construction industry. Owned by Autodesk, BuildingConnected benefits from strong brand association and integration within a broader construction technology ecosystem. The website reflects a mature digital presence with professional design, comprehensive content, and multimedia testimonials that reinforce trust and market leadership. Technically, the website is built on WordPress with modern JavaScript libraries and integrates advanced marketing and analytics tools such as Marketo, Qualified, and Sentry. The site is optimized for performance and mobile responsiveness, with good SEO practices and structured data implementation. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although explicit security policies and incident response information are not publicly disclosed. Overall, the risk assessment indicates a trustworthy and professionally managed platform with minor concerns related to the absence of publicly available WHOIS data, which may be due to privacy protection or registry issues. Strategic recommendations include enhancing transparency around security policies and incident response, implementing security headers, and publishing a vulnerability disclosure policy to further strengthen trust and compliance.

F

FINE

wearefine.com

68

FINE is a digital branding agency specializing in planning, creating, and evolving brand expressions for companies. Positioned as a top agency with offices in San Francisco and Portland, it targets businesses seeking modern digital branding solutions. The website is built using modern JavaScript frameworks such as Vue.js and Nuxt.js, indicating a contemporary technical infrastructure. The site includes multiple third-party marketing and analytics tools, including Google Tag Manager, Microsoft Clarity, Facebook Pixel, LinkedIn Insight Tag, and Reddit Pixel, reflecting a moderate level of digital maturity. Security posture is generally good with HTTPS enabled and no exposed sensitive data detected; however, the absence of security headers and privacy policies indicates room for improvement. The WHOIS data is unavailable, which raises some legitimacy concerns about domain registration, though the professional website content suggests a legitimate business. Overall, the website scores well in content quality and technical implementation but needs enhancements in privacy compliance and security best practices.

S

SPINX Digital

spinxdigital.com

69

SPINX Digital is a Los Angeles-based web design and development agency with over 18 years of experience serving leading brands. The company positions itself as a top digital agency specializing in creating professional websites and digital solutions for businesses. Their website reflects a mature and professional business model targeting companies seeking high-quality web design and development services. Technically, the website is built on WordPress CMS, utilizing modern frameworks such as Bootstrap and performance optimization tools like NitroPack. The site is mobile-optimized, fast-loading, and SEO-friendly, indicating a strong digital maturity. Security-wise, the site enforces HTTPS and includes standard security headers, but lacks publicly available privacy, cookie policies, and incident response contacts, which are areas for improvement. Overall, the website is trustworthy and professional, but the absence of WHOIS data and privacy compliance documentation slightly reduces the trust score. Strategic recommendations include publishing comprehensive privacy and cookie policies, adding a vulnerability disclosure page, and enhancing incident response transparency.

C

College Board

collegeboard.org

80

College Board is a prominent non-profit organization dedicated to providing educational services, including the AP Program, SAT Suite, and college planning tools such as BigFuture. The organization serves students, educators, and professionals in the education sector, maintaining a leading position in standardized testing and college admissions support in the United States. The website reflects a mature digital presence with a professional design, comprehensive content, and a broad ecosystem of related subdomains supporting various services. Technically, the site is built on Drupal CMS, employs modern JavaScript libraries, and integrates privacy and consent management tools like OneTrust. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly detailed. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, making it a reliable resource for its target audience.

The analyzed content corresponds to an internal Chrome browser error page displayed when a website is inaccessible or offline. It features the Chrome offline dinosaur game and contains no actual website content, business information, or user interaction elements. The page is not a public website but a browser-generated error page, thus no commercial or organizational data is present. The technical infrastructure is based on standard web technologies including HTML5 Canvas, JavaScript, and CSS, optimized for fast loading and mobile responsiveness within the browser environment. Security posture is basic with no forms or inputs, but lacks security headers and privacy compliance elements due to its nature as an error page. Overall, this content is not representative of a real website and cannot be evaluated for business credibility or privacy compliance.

S

Skynet Technologies USA LLC

skynettechnologies.com

74

Skynet Technologies USA LLC is a well-established IT services company specializing in web development, digital accessibility, ecommerce, digital marketing, and digital transformation services. With nearly 23 years of experience and multiple offices across the USA, India, and Australia, the company serves a diverse clientele including startups, SMEs, corporates, and government agencies. Their strong partnerships with major technology providers like IBM, Microsoft, Amazon, and Google position them as a credible player in the technology services market. The website reflects a professional and comprehensive service offering with a strong emphasis on accessibility and compliance standards.

L

LiveSession

livesession.io

75

LiveSession is a mature SaaS company founded in 2017, offering an all-in-one product analytics platform designed for product teams including managers, designers, developers, and marketers. The platform combines qualitative and quantitative analytics such as session replays, funnels, heatmaps, and developer tools to provide comprehensive user behavior insights. The company positions itself strongly in the technology sector with a medium-sized business footprint and a consistent, professional web presence. Technically, the website is built on Webflow with integrations to major analytics and marketing tools like Google Analytics, Facebook Pixel, Bing Ads, and Intercom, demonstrating a modern and well-maintained digital infrastructure. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and privacy-first features like content anonymization. However, explicit security policies and incident response contacts are not prominently published, representing an area for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR and CCPA standards, with a high AI-assessed quality score of 87.

The website xg4ken.com is a domain registered under Kenshoo inc., a well-established technology company specializing in digital marketing and advertising technology solutions. The site content is minimal and primarily serves as a placeholder referencing the parent brand Kenshoo, which has a strong market presence with major clients and global agency partnerships. The technical infrastructure is based on WordPress with standard JavaScript libraries and hosted on AWS infrastructure. While HTTPS is enabled and domain registrar locks are in place, the site lacks advanced security features such as DNSSEC and security headers. No privacy or cookie policies are present, and no contact or incident response information is provided, indicating limited compliance and transparency. Overall, the site appears legitimate but underdeveloped in terms of content and security posture.

P

Prinsh | Tips & Tricks Seputar Teknologi

prinsh.com

69

Prinsh.com is a technology-focused blog primarily targeting Indonesian-speaking audiences, offering tutorials, tips, and hacking-related content. The website is built on the Blogger platform, hosted by Google, and employs HTTPS for secure communication. The content is well-structured with good SEO practices and mobile optimization, making it accessible and user-friendly for its target audience. However, the absence of WHOIS registration data raises concerns about domain legitimacy and ownership transparency. Security headers are minimal, and there is a lack of formal privacy, terms of service, and contact information pages, which impacts the overall trust and compliance posture. Advertising is managed through Google Adsense, with no advanced tracking or analytics detected beyond this.

E

Etsy

etsy.com

77

Etsy is a leading global e-commerce platform specializing in handmade, vintage, custom, and unique gifts. The website targets consumers interested in personalized and artisanal products, offering a marketplace connecting buyers and sellers worldwide, with localized content for Finland. The platform demonstrates a mature digital infrastructure with modern JavaScript frameworks, performance optimizations, and integration of consent management tools. Security posture is strong with HTTPS enforcement, CSRF protections, and error monitoring via Sentry, though explicit security headers and policies could be more visible. Privacy compliance is basic, with no explicit privacy or cookie policies found in the provided content, but consent mechanisms are implemented. Overall, Etsy presents a professional, trustworthy, and user-friendly online marketplace with enterprise-level scale and branding consistency.

D

Digitální a informační agentura

gov.cz

67

The website portal.gov.cz serves as the official Czech government portal for public administration, providing a comprehensive range of digital services and information to citizens and businesses. It acts as a central hub linking to various government services such as data mailboxes, electronic documents, identity management, and more. The portal is positioned as a primary digital gateway for accessing government services in the Czech Republic, targeting both individual citizens and business entities. Technically, the site employs modern web technologies including JavaScript frameworks, Google reCAPTCHA for form security, Matomo analytics for user behavior tracking, and Google Tag Manager for marketing and analytics management. The design is responsive and accessible, with a strong emphasis on user experience and navigation clarity. Security best practices are observed with HTTPS enforcement, comprehensive security headers, and cookie consent mechanisms. From a security perspective, the portal demonstrates a mature security posture with no visible vulnerabilities or exposed sensitive data. However, explicit security policies and incident response information are not publicly detailed, and no vulnerability disclosure or security.txt file is present. The WHOIS data is unavailable, likely due to registry policies, but the site’s official nature and trust signals mitigate concerns about legitimacy. Overall, portal.gov.cz is a well-maintained, secure, and user-friendly government portal that effectively supports digital public services. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and providing data protection officer contact details to enhance transparency and trust.

The website joneslafuente.com is currently a parked domain with minimal content, primarily serving a placeholder page powered by SedoParking scripts. There is no visible business information, contact details, or user engagement features. The domain is registered with IONOS SE since 2004, indicating a long registration history, but the lack of active content suggests the domain is not currently used for an operational business website. Technically, the site uses basic HTML and JavaScript with no advanced frameworks or CMS detected. Security posture is weak due to absence of HTTPS information, security headers, and privacy policies. Overall, the site lacks essential elements for trust, compliance, and user interaction.

D

Datamart

dtm.io

57

Datamart is a US-based global software development company founded in 2013, specializing in custom software solutions and IT consulting services. Their key offerings include AI integration, software development, cloud solutions, and quality assurance, targeting businesses seeking to leverage technology for innovation and efficiency. The company positions itself as a reliable and strategic partner with a portfolio of recognized global partners. Technically, the website employs modern JavaScript frameworks, Google Analytics, Tawk.to live chat, and Cloudflare DNS services, indicating a mature digital infrastructure with moderate performance and good mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though improvements are needed in DNSSEC adoption and security headers. Privacy compliance is limited by the absence of explicit privacy and cookie policies. Overall, the website is professional, trustworthy, and business-focused, with clear contact information and active user engagement tools.

S

Práce, která vás posune vpřed | StartupJobs.cz

startupjobs.cz

41

StartupJobs.cz is an online job portal specializing in startup job opportunities within the Czech Republic. The platform targets job seekers interested in the startup ecosystem and startups looking to recruit talent. The business model revolves around providing a niche job board service connecting startups and candidates. The website's content and design are basic but functional, focusing on relevant job listings and career advancement in the startup sector. Technical infrastructure includes modern JavaScript frameworks such as Nuxt.js, and analytics tools like Matomo and Google Tag Manager, indicating a moderate level of digital maturity. However, the absence of WHOIS data and registrant information limits the ability to fully verify domain legitimacy. Security posture shows room for improvement, with no detected security headers and unknown SSL configuration. Privacy compliance is weak, with no visible privacy or cookie policies. Overall, the website appears legitimate and safe for general audiences but would benefit from enhanced security and compliance measures.

R

Reticulum

reticulum.eu

57

Reticulum is a well-established investment company focused on real estate, agriculture, food, and technology sectors. With over 33 years of market presence and operations spanning 11 countries, it offers investment opportunities and business support including mentorship. The company maintains offices in Prague and Olomouc, Czech Republic, and showcases a diverse portfolio of subsidiaries and partner companies. The website reflects a professional and consistent brand image with comprehensive business information and clear contact details. Technically, the website employs modern web technologies including Alpine.js, Google Tag Manager, and YouTube iframe API, ensuring a fast, mobile-optimized, and accessible user experience. SEO and structured data are well implemented, enhancing discoverability and content clarity. Analytics usage is moderate with privacy compliance evidenced by GDPR and cookie policies with consent mechanisms. From a security perspective, the site uses HTTPS and implements cookie consent but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or suspicious content were detected. The domain registration aligns well with the business claims, enhancing trustworthiness. Overall, Reticulum's digital presence is strong, professional, and secure with minor recommendations to enhance security headers and incident response transparency. The risk profile is low, supporting its credibility as a reputable investment firm.

P

Panattoni Development Europe sp .z o.o.

panattoni.cz

64

Panattoni Development Europe sp .z o.o. is a leading industrial real estate developer in Europe, with a strong presence in the Czech Republic since 2007. The company specializes in logistics and industrial property development, offering comprehensive services including project design, construction, capital investment, and property management. Their market position is reinforced by recognized sustainability certifications such as BREEAM and LEED, and a portfolio of high-profile clients like Amazon and DHL. The website reflects a mature business with a clear focus on sustainability and investor relations. Technically, the website employs modern web technologies including Google Tag Manager for analytics and Sentry for error monitoring, hosted behind Cloudflare DNS services. The site is well-optimized for mobile devices, has good SEO practices, and includes a comprehensive cookie consent mechanism compliant with GDPR, CCPA, and LGPD. The domain age and WHOIS data align with the company's claimed history, enhancing trustworthiness. From a security perspective, the site uses HTTPS with a clientTransferProhibited domain status, indicating domain transfer protection. However, DNSSEC is not enabled, and security headers are not explicitly detected in the provided data, suggesting room for improvement. No vulnerabilities or exposed sensitive data were found in the content. Privacy policies and cookie consent are well implemented, supporting compliance. Overall, the website presents a professional, trustworthy, and compliant digital presence for a large real estate developer. Strategic recommendations include enabling DNSSEC, publishing a security policy and incident response contacts, and adding a vulnerability disclosure program to further enhance security posture and stakeholder trust.

N

Nadace O2

nadaceo2.cz

52

Nadace O2 is a well-established corporate foundation affiliated with the telecommunications operator O2, operating since 2006. The foundation focuses on supporting the younger generation, providing technology for community benefit, and engaging O2 employees in social activities. It holds a strong market position in the Czech Republic's non-profit sector with a medium-sized organizational footprint. The website reflects a professional and modern digital presence, leveraging contemporary web technologies such as Alpine.js, Google reCAPTCHA, and a consent management platform to ensure compliance and user experience. Security posture is robust with HTTPS enforcement and privacy compliance mechanisms in place, although explicit security headers could be further verified. Overall, the site demonstrates high trustworthiness and professionalism with clear business information and active social media engagement.

M

Masarykova univerzita

muni.cz

67

Masarykova univerzita is a prominent public university based in Brno, Czech Republic, offering a wide range of educational programs including bachelor, master, doctoral, and lifelong learning. The website reflects a mature digital presence with comprehensive content targeting prospective students, researchers, academic staff, and the general public. It maintains a consistent brand identity and provides multiple official channels for engagement including social media and partner sites. The technical infrastructure leverages modern analytics and tracking tools such as Matomo, Microsoft Clarity, and Google Analytics, integrated via Google Tag Manager, ensuring effective data collection and user behavior insights. The site is well-optimized for mobile and accessibility, with clear navigation and professional design.

N

NEXTERA tech s.r.o.

anything.cz

65

NEXTERA tech s.r.o. is a Czech technology company specializing in digital transformation solutions for manufacturing firms. Their offerings include custom enterprise information systems, mobile and web application development, production technology measurement, asset inventory management, and data analytics. The company targets manufacturing businesses seeking automation and digitalization to improve efficiency and competitiveness. The website demonstrates a mature digital presence with modern technologies such as React, Node.js, and Docker, and is well optimized for mobile devices. Security posture is good with HTTPS and cookie consent mechanisms in place, though some security headers and policies are not explicitly published. The absence of WHOIS data is a notable gap that impacts domain trustworthiness, but the detailed contact information and client references support legitimacy. Overall, the site is professional, content-rich, and compliant with GDPR requirements.

R

represent.network

represent.network

53

Represent.network is a niche online platform dedicated to highlighting the work of BPOC and (post)migrant visual communicators living and working in Germany. The website serves as a cultural and creative network, providing visibility and connection opportunities for this community. The platform uses modern web technologies including Vue.js and Nuxt.js, and employs privacy-focused analytics via Plausible. The site is accessible and uses HTTPS, but lacks comprehensive contact information, cookie consent mechanisms, and security headers, which are areas for improvement. The WHOIS data is privacy protected, which is common for small niche sites but limits transparency. Overall, the site is functional and safe but could enhance trust and compliance by improving security and privacy features.

M

Mathias Krebser

mathiaskrebser.de

55

Mathias Krebser operates a professional portfolio website showcasing multidisciplinary visual art services including graphic design, video/animation, and illustration. The site targets a general audience interested in creative visual arts and is positioned as an independent artist from Stuttgart, Germany. The business model appears to be service and portfolio presentation oriented, with an additional shop hosted externally on Squarespace. The website is well-branded and consistent in design, reflecting a small creative business.

The website deutscheurlauber.eu serves as a news aggregation platform focusing on incidents involving German tourists and cruise ships, particularly highlighting tragic maritime events and migration-related news. The site compiles headlines and links from various reputable German news outlets, targeting a general audience interested in these topics. The business model appears to be informational, without direct commercial services or e-commerce functionalities. Technically, the site employs modern web technologies including ES modules and CSS, delivering a moderately optimized and mobile-friendly experience. However, it lacks advanced SEO and accessibility features. From a security perspective, the site is accessible without WAF or blocking mechanisms but shows significant gaps. There is no evidence of HTTPS enforcement or security headers, no privacy or cookie policies, and no contact or incident response information. These deficiencies reduce the site's trustworthiness and compliance posture. No analytics or advertising scripts were detected, indicating minimal user tracking. The WHOIS data shows the domain is registered via a reputable registrar but lacks detailed registrant information, which slightly impacts legitimacy assessment. Overall, the site provides relevant and well-structured content but requires improvements in security, privacy compliance, and business transparency to enhance trust and professional standing. The risk level is moderate due to missing security best practices and lack of user data protection disclosures.

P

Prose London

prose.london

60

Prose London is a small, London-based full-service creative agency and publishing house specializing in identity and culture. The website presents a professional and visually appealing design, targeting creative professionals and businesses seeking branding and creative services. The technical infrastructure leverages modern technologies such as SvelteKit, Sanity CMS, and is hosted on Vercel, ensuring fast performance and good mobile optimization. Analytics are implemented via Plausible Analytics, reflecting a privacy-conscious approach with minimal user tracking. Security posture is generally good with HTTPS enforced and no exposed sensitive data; however, the absence of security headers and security policy documentation indicates room for improvement. Privacy compliance is weak due to missing privacy and cookie policies and lack of consent mechanisms. Overall, the website is legitimate and trustworthy but would benefit from enhanced privacy and security transparency.

K

Kobalt Music Group

kobaltmusic.com

64

Kobalt Music Group operates as a global music rights management and services company focused on empowering creators through creative A&R, sync licensing, payment administration, and transparency enabled by technology. The website reflects a mature digital presence with modern video embedding, a responsive design, and comprehensive privacy and cookie policies. The technical infrastructure leverages Alpine.js, Vimeo, Spotify embeds, and Cookiebot for consent management, indicating a commitment to user experience and privacy compliance. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and incident response policies are not published. The absence of WHOIS data introduces some uncertainty about domain registration legitimacy, but the professional branding and content quality support a trustworthy business profile. Strategic recommendations include enhancing security headers, publishing security policies, and adding contact information to improve transparency and trust.

A

ACRE | A Creative Endeavour Ltd

acre.studio

60

ACRE Studio, operating under A Creative Endeavour Ltd, is a London-based creative design agency specializing in brand identities, motion, and digital design services for forward-thinking clients. The company positions itself as a niche creative studio with a professional and consistent brand presence. The website employs modern frontend technologies such as SvelteKit and integrates privacy-conscious analytics via Plausible. The site is well-optimized for mobile and desktop, featuring rich multimedia content and clear navigation. However, it lacks visible privacy and cookie policies, security headers, and incident response contact information, which are important for compliance and security transparency. The domain WHOIS data is limited due to TLD restrictions and privacy protection, but the website content and structured data support legitimacy. Overall, the site demonstrates a strong digital maturity with room for improvement in privacy and security disclosures.

A

Art for You

artforyou.ch

68

Art for You is a Swiss-based e-commerce business specializing in selling posters and art prints created by Swiss artists. The company emphasizes sustainable and ecological production, targeting art enthusiasts and customers interested in unique Swiss art. The website is built on the Shopify platform, leveraging modern web technologies and integrations such as Facebook Pixel and Mailchimp for marketing and analytics. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and professional design. Security posture is strong with HTTPS enforced and appropriate security headers, though explicit security policies and incident response contacts are not published. Privacy and cookie policies are present and indicate GDPR compliance. Overall, the business appears legitimate and trustworthy with consistent WHOIS data and a clear market niche.

S

Some Place Studio

someplace.studio

57

Some Place Studio is a small architectural practice operating out of Berlin and Vienna, specializing in buildings, interiors, and exhibitions with a strong commitment to sustainability and cultural engagement. The firm emphasizes collaboration and diversity, positioning itself as a woman-owned business within the German architecture market. Their service offerings include comprehensive architectural design, project management, and construction supervision, targeting clients who value sustainable and contextually aware design solutions. Technically, the website is built on the Cargo CMS platform, utilizing modern web standards and custom typography, with good mobile optimization and moderate performance. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal privacy or cookie policies, indicating room for compliance improvement. No forms or direct contact details are provided, which may impact user engagement and trust. Overall, the domain appears legitimate with privacy-protected WHOIS data, consistent with the professional nature of the business. Strategic recommendations include enhancing security headers, adding privacy and cookie policies, and providing clear contact information to improve compliance and user trust.

D

Dinamo Typefaces

abcdinamo.com

70

Dinamo Typefaces is a Berlin-based specialized type design studio offering a range of retail and bespoke typefaces, design software, research, and consultancy services. The company targets design professionals and clients seeking custom font solutions, positioning itself as a niche player with a strong international presence. The website reflects a professional and modern digital presence with excellent design quality, clear navigation, and mobile optimization. Technically, the site uses modern JavaScript frameworks (Vue.js), lazy loading, and secure HTTPS connections, supported by strong security headers and CSRF protections on forms. However, there is room for improvement in privacy compliance, particularly regarding cookie consent mechanisms and publishing explicit security policies or incident response information. Overall, the security posture is strong with no evident vulnerabilities or exposed sensitive data. The domain registration data is consistent with the business claims, enhancing trustworthiness. Strategic recommendations include enabling DNSSEC, adding cookie consent, publishing security and incident response policies, and establishing a vulnerability disclosure process.

D

Diamond Schmitt

dsai.ca

60

Diamond Schmitt is a well-established architecture firm founded in 2001, specializing in designing cultural, educational, and research facilities. The company has a strong market position with a portfolio of notable projects and serves clients primarily in Canada and the United States. Their website reflects a professional and consistent brand image, targeting institutional clients and stakeholders seeking architectural services. Technically, the website is built on WordPress with modern JavaScript libraries and demonstrates good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and domain registration transparency, but lacks DNSSEC and security headers, and does not publish explicit security or incident response policies. Privacy compliance is basic, with no clear cookie consent mechanism or detailed privacy policy found. Overall, the website is trustworthy and professional but could improve in privacy and security transparency.

L

Lever Architecture

leverarchitecture.com

67

Lever Architecture is a professional architectural design firm operating primarily in Portland, Oregon, and Los Angeles, California. The company offers architectural, interior design, and research services, targeting clients seeking innovative and impactful building solutions. Their market position is supported by a mature domain age and media recognition for notable projects, indicating a stable and reputable presence in the architecture sector. Technically, the website employs modern web technologies including JavaScript, Turbolinks, and Google Analytics for tracking. The hosting infrastructure leverages Google Cloud DNS services, and the site is secured with HTTPS and CSRF protections. While performance and mobile optimization are good, there is room for improvement in accessibility and security headers. From a security perspective, the site demonstrates a solid baseline with HTTPS and CSRF tokens but lacks advanced security headers and published security policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a cookie consent banner and privacy policy present but no explicit GDPR compliance statements or data retention policies. Overall, the website is professional, trustworthy, and secure for its business purpose. Strategic improvements in security headers, privacy compliance, and incident response transparency would enhance its security posture and user trust.

Stiftung Buchkunst is a well-established non-profit organization based in Germany that promotes exemplary book design through prestigious competitions such as 'Die Schönsten Deutschen Bücher', 'Förderpreis für junge Buchgestaltung', and 'Best Book Design from all over the World'. The organization targets the book industry, designers, publishers, and the general public interested in book arts. Their business model centers on cultural promotion and recognition of design excellence rather than commercial sales. The website reflects a mature digital presence with clear navigation, multilingual support, and a focus on content quality. Technically, the site uses standard web technologies with a moderate performance profile and good mobile optimization. Security posture is adequate with HTTPS and cookie consent mechanisms in place, though additional security headers and policies could enhance protection. Overall, the site is trustworthy and professional, with transparent contact information and GDPR compliance.

Affichage Public is a small Swiss cultural association founded in 2015 dedicated to promoting Swiss graphic design as a cultural heritage through exhibitions and events primarily in the French-speaking region of Switzerland. The website serves as an informational platform highlighting upcoming exhibitions, partner organizations, and the association's mission. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript with jQuery, without advanced CMS or analytics integrations. Mobile optimization and accessibility are basic but functional. Security posture is minimal with no visible security headers or policies, and no HTTPS verification data available. Privacy and cookie policies are absent, which impacts compliance and user trust. The WHOIS data is consistent with the association's profile, showing no privacy protection and appropriate domain age. Overall, the website is professional and trustworthy but would benefit from enhanced security and privacy compliance measures.

N

Netflix

netflix.com

75

Netflix is a leading global streaming entertainment service offering unlimited films, series, and more via subscription. The website targets a general audience in Finland with localized language options and provides a seamless user experience for streaming content across multiple devices. The business model is subscription-based, positioning Netflix as a dominant player in the media industry with a strong brand presence and consistent global branding. Technically, the site employs modern web technologies including JavaScript and React, with cookie consent managed by OneTrust, ensuring compliance with privacy regulations such as GDPR. The site is well-optimized for mobile and desktop platforms, delivering fast performance and good accessibility. Security posture is strong with HTTPS enforced and secure form handling, though explicit security headers and incident response information are not publicly detailed. Overall, the website demonstrates high professionalism, trustworthiness, and compliance, though WHOIS data is unavailable likely due to registry restrictions. Strategic recommendations include enhancing transparency around security policies and vulnerability disclosures to further strengthen trust.

G

GitHub

github.blog

71

GitHub Blog is a professionally maintained content platform operated by GitHub, Inc., a leading technology company specializing in software development and collaboration tools. The blog serves as a key communication channel to deliver updates, insights, and educational content to developers worldwide, reinforcing GitHub's market position as a premier developer platform. The site targets software developers, engineers, and technology professionals, offering resources on AI, security, enterprise software, and developer skills. Technically, the website is built on WordPress with modern SEO and accessibility optimizations, ensuring fast performance and a responsive user experience across devices. Security posture is strong with HTTPS enforcement and standard security headers, although explicit security policies and vulnerability disclosure mechanisms are not prominently published on the blog. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms. Overall, the website demonstrates high business credibility, technical maturity, and content quality, supporting GitHub's brand and community engagement objectives.

G

GitHub

githubuniverse.com

60

GitHub Universe 2025 is a flagship global developer event hosted by GitHub, a leading technology company and subsidiary of Microsoft. The event focuses on innovation, collaboration, and AI-powered software development, targeting developers, engineers, and technology professionals worldwide. The website provides comprehensive event details including dates, location, agenda, speakers, ticketing options, and highlights from previous years. The business model centers on ticket sales for in-person attendance and free virtual participation, positioning GitHub Universe as a premier industry event with strong brand recognition and market presence. Technically, the website is built using modern web technologies such as React and Next.js, ensuring fast performance, mobile optimization, and good accessibility. The site is hosted with reputable DNS and registrar services, and employs HTTPS with strong domain registration security flags. However, there is room for improvement in DNS security (DNSSEC not enabled) and in publishing comprehensive privacy and security policies. From a security perspective, the site demonstrates good baseline practices including HTTPS enforcement and domain locking. No vulnerabilities or exposed sensitive data were detected in the analyzed content. The absence of explicit privacy, cookie, and security policies, as well as contact information for incident response, represents a compliance gap that should be addressed to enhance trust and regulatory adherence. Overall, GitHub Universe 2025's website is professional, trustworthy, and technically sound, supporting its role as a major industry event. Strategic improvements in privacy compliance and security transparency will further strengthen its security posture and user confidence.

P

Programming Language Group at Delft University of Technology

webdsl.org

57

WebDSL is an academic project developed by the Programming Language Group at Delft University of Technology, providing a domain-specific language for modeling web applications with a rich data model. The website serves as a documentation hub with tutorials, references, and source code links, targeting developers and researchers interested in domain-specific languages and web application modeling. The project is positioned as a niche academic tool with a small but focused audience. Technically, the site is built using MkDocs with the Material theme, hosted likely on GitHub Pages, and employs modern web standards including HTTPS and responsive design. Security posture is generally good with HTTPS enforced and no exposed sensitive data, but lacks DNSSEC and security headers which could enhance protection. Privacy compliance is minimal with no visible privacy or cookie policies and no contact information for incident response or data protection officers. Overall, the site is trustworthy and professional for its academic purpose but could improve compliance and security transparency.

T

Team Tito

tito.io

61

Tito is a small technology company offering a simple and powerful event registration software platform. Their website presents a professional and modern design focused on event organizers seeking fast and flexible ticketing solutions. The technical infrastructure leverages modern JavaScript frameworks such as Vue.js and BootstrapVue, with deferred script loading and privacy-conscious analytics integration. Security posture is adequate with HTTPS enforced and minimal tracking, but lacks explicit security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies and consent mechanisms. Overall, the website is functional and trustworthy but would benefit from enhanced transparency and security documentation.

L

LaunchDarkly

launchdarkly.com

77

LaunchDarkly is a leading feature management platform founded in 2014, providing developers and enterprises with tools to safely deliver software through feature flags, experimentation, and AI-driven configurations. The company positions itself as a critical enabler for modern software delivery, emphasizing reliability, automation, and data-driven decision making. Their platform integrates deeply into developer workflows and supports a wide range of SDKs and integrations, targeting developers, DevOps, SREs, and product managers. Technically, the website leverages modern frameworks such as Gatsby and React, hosted on Netlify with AWS DNS, and employs comprehensive analytics and marketing tools including Segment, Google Analytics, and Cookiebot for privacy compliance. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and reputable third-party services, though explicit security headers could be more visible. The WHOIS data confirms domain legitimacy with consistent registration details and a long-term expiry. Overall, the site demonstrates high professionalism, technical maturity, and compliance readiness.

The website younesklouche.com serves as a personal portfolio for photographer Younès Klouche, showcasing photographic projects under categories such as 'Personnal' and 'Comissions'. The site targets a general audience interested in photography and artistic commissions. The business model is primarily personal branding and portfolio display, with no direct e-commerce or transactional features evident. The domain is registered since 2017 with OVH sas, a reputable hosting and registrar provider, indicating a stable and legitimate online presence. Technically, the website employs standard web technologies including HTML5, CSS3, JavaScript, jQuery, and Swiper.js for UI elements. Google Analytics is integrated for visitor tracking, but no cookie consent mechanism or privacy policies are present, which is a compliance gap. The site is hosted on OVH infrastructure with basic SSL configuration and no DNSSEC enabled. Performance and mobile optimization are basic but functional. From a security perspective, the site uses HTTPS but lacks security headers such as Content-Security-Policy or X-Frame-Options, which could improve protection against common web attacks. No vulnerability disclosures or incident response contacts are provided. The absence of privacy and cookie policies and lack of GDPR compliance indicators reduce trust and compliance posture. No suspicious or malicious content was detected. Overall, the website is a straightforward personal portfolio with moderate technical implementation and basic security posture. Strategic improvements include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and enhancing GDPR compliance. These steps will improve trustworthiness, security, and legal compliance, benefiting both the site owner and visitors.

S

SavvyCal, Inc.

savvycal.com

68

SavvyCal, Inc. operates a professional SaaS scheduling platform designed to simplify meeting bookings for individuals and teams. The company positions itself as a niche player with innovative features such as calendar overlays, team scheduling modes, and round robin scheduling. Their market focus is on professionals and teams seeking efficient and user-friendly scheduling solutions. The website reflects a mature digital presence with modern technologies including Inertia.js, Cloudflare CDN, Stripe for payments, and privacy-conscious analytics via Fathom. Security is well-implemented with HTTPS, security headers, and CSRF protections, although DNSSEC is not enabled. Privacy policies and terms of service are comprehensive and GDPR compliant, supporting trust and compliance. Overall, the site is professional, fast, and user-friendly, with strong branding and clear business information.

D

Diplom-Designer Jonas List

jonaslist.de

48

Jonas List operates as a freelance communication designer and full stack web developer based in Germany, specializing in creative coding and advanced web technologies such as WebGL and Web 3D. The business targets clients seeking innovative and boundary-pushing web design solutions. The website serves as a professional portfolio showcasing selected projects and providing clear contact information. Technically, the site is built using modern frameworks like Next.js and React, hosted behind Cloudflare DNS services, and includes minimal but effective analytics via plausible.io. The design is responsive and user-friendly, with good content relevance and navigation clarity. Security posture is moderate, with HTTPS implied but no explicit security headers detected, and no privacy or cookie policies present, indicating compliance gaps. Overall, the site is legitimate and professional but would benefit from enhanced security and privacy measures.

H

Handshake®

handshake.fun

51

Handshake® is a small creative media and publishing studio based in Spain, specializing in artistic publications and studio projects. The website showcases their key publication 'The Chromatics of Flowers' by Paula Codoner and offers e-commerce capabilities for book sales. The business targets art enthusiasts and creative professionals, positioning itself as a niche player in the media industry. Technically, the website is built on the Cargo Collective platform, utilizing modern web technologies including JavaScript frameworks and analytics tools. The site is mobile-optimized and presents a professional design with good user experience. Security posture is adequate with HTTPS enabled but lacks advanced security headers and visible security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the domain registration is consistent and legitimate, supporting the business credibility. Strategic improvements in privacy compliance and security hardening are recommended.