Security Directory

I

iakoe

carrot.is

53

iakoe is a specialized Shopify agency focused on delivering design-led e-commerce solutions, balancing brand identity, user experience, and store optimization to create effective shopping experiences. Founded in 2019, the company targets design-conscious brands seeking Shopify development, UX design, SEO, CRO, and migration services. The website demonstrates a strong market position with notable client logos and positive testimonials, indicating trust and professionalism. Technically, the website employs a modern tech stack including Bootstrap, jQuery, Splide.js, and integrates analytics and marketing tools such as Google Analytics, HubSpot, and Crazy Egg. The site is mobile-optimized, accessible, and SEO-friendly, hosted via GoDaddy with a Craft CMS backend. Performance is moderate with good responsiveness and user experience. Security posture is solid with HTTPS enforced, CSRF protection on forms, and no exposed sensitive data. However, the absence of DNSSEC, security headers, and published security or privacy policies indicates room for improvement. Privacy compliance is limited due to missing privacy and cookie policies, which could pose regulatory risks. Overall, the website is professional, trustworthy, and technically competent but would benefit from enhanced security policies and privacy compliance to strengthen its risk posture and regulatory adherence.

P

Praxishelden

zfa-beruf.com

73

The website www.zfa-beruf.com serves as an informational and job placement platform focused on the career path of Zahnmedizinische Fachangestellte (ZFA) in Germany. It provides detailed information about the profession, training opportunities, continuing education, and a job board for relevant positions. The site targets individuals interested in dental assistant careers, offering practical resources and testimonials to engage prospective trainees. Technically, the site is built on WordPress using the GeneratePress theme and includes modern web technologies such as jQuery, FontAwesome, Google Tag Manager, and Cookiebot for privacy compliance. The site demonstrates good mobile optimization and basic accessibility features, with moderate performance. Security posture is solid with HTTPS enforced and standard security headers present, alongside a comprehensive cookie consent mechanism ensuring GDPR compliance. No critical vulnerabilities or blocking mechanisms were detected, and the domain registration data aligns well with the website's business claims, indicating legitimacy. Overall, the site is professional, trustworthy, and well-positioned within its niche market.

D

Deutsche Säge- und Holzindustrie Bundesverband e.V. (DeSH)

saegewerke.de

58

The website saegewerke.de is the official platform of the Deutsche Säge- und Holzindustrie Bundesverband e.V. (DeSH), a German sawmill and wood industry association. It provides a comprehensive directory of wood suppliers, types of wood, and assortments, targeting industry professionals and businesses in the manufacturing and wood processing sectors. The platform facilitates connections between suppliers and buyers, offering detailed supplier profiles and industry news. The website is well-branded, consistent, and professionally designed, reflecting its role as an industry association hub. Technically, the site uses a modern tech stack including Bootstrap, jQuery, Popper.js, FontAwesome, and Google Maps API. It employs a custom CMS backend and includes a consent management system for GDPR compliance. The site is mobile-optimized and performs moderately well, with basic SEO and accessibility features implemented. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms. However, it lacks explicit published security policies and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is good, with clear privacy and cookie policies present. The WHOIS data is minimal but consistent with the business's German identity. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include publishing a formal security policy, adding security headers, and providing incident response contact information to enhance trust and security posture.

O

Out the Box

outtheboxthemes.com

44

Out the Box is a small technology company specializing in the development and sale of WordPress themes. Their website showcases a portfolio of responsive, well-designed themes aimed at WordPress users and developers seeking professional and customizable website solutions. The company emphasizes plugin compatibility, clear coding, and personal support, positioning itself as a niche provider in the WordPress theme market. Technically, the website is built on WordPress with common plugins such as Easy Digital Downloads and uses modern web technologies including jQuery and Google Analytics. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Security posture is generally good with HTTPS enabled and no obvious vulnerabilities, but the absence of security headers and privacy policies indicates room for improvement. The lack of WHOIS registration data raises concerns about domain legitimacy, although the active and professional nature of the website mitigates some risk. Overall, the site is trustworthy for its business purpose but would benefit from enhanced transparency and compliance documentation.

K

Kuoni Reisen

kuoni.at

64

Kuoni Reisen is a prominent Austrian travel agency offering a wide range of travel services including package holidays, flights, hotels, cruises, and car rentals. The website targets travelers primarily in Austria, providing comprehensive travel options with a focus on luxury and affordability. Kuoni maintains a strong market position supported by customer trust, evidenced by awards and positive reviews. Technically, the website is built on TYPO3 CMS with modern frontend technologies like Vue.js, ensuring a responsive and user-friendly experience. Security measures include HTTPS enforcement, consent management via Usercentrics, and error monitoring with Sentry, though some security headers could be improved. Overall, the site demonstrates a mature digital infrastructure with good privacy compliance and a professional online presence.

S

Sportjugend Hessen

bildungsstaette-wetzlar.de

52

The Bildungsstätte Wetzlar website represents a well-established educational and sports facility operated under the Sportjugend Hessen umbrella. It serves a diverse audience including sports clubs, educational groups, and social organizations by providing accommodation, seminar spaces, and pedagogical programs. The site reflects a medium-sized non-profit entity with a clear focus on regional sports and education in Germany. Technically, the website is built on TYPO3 CMS, enhanced with accessibility tools and modern analytics, indicating a mature digital infrastructure. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security policies or incident response contacts. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, making it a reliable resource for its target audience.

S

Sportjugend Hessen

camp-edersee.de

61

Das Camp Edersee is a youth sports and nature camp operated by Sportjugend Hessen, offering group accommodations and educational outdoor activities in the Nationalpark Kellerwald-Edersee region of Germany. The website is built on TYPO3 CMS and integrates modern privacy and accessibility tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS and cookie consent mechanisms, though lacking explicit security policies and incident response contacts. Overall, the site is professional, trustworthy, and well-suited for its target audience of youth groups and sports organizations.

T

Terminland GmbH

terminland.de

59

Terminland GmbH is a well-established German company specializing in online appointment booking solutions, serving a broad range of industries such as healthcare, automotive, legal, and beauty services. The company positions itself as a market leader in Germany with over 15,000 deployed appointment plans and more than 90 million booked appointments. Their platform offers 24/7 online booking capabilities, enhancing customer satisfaction and operational efficiency for service providers. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive service descriptions tailored to their target B2B audience. Technically, the website employs a modern technology stack including jQuery, Bootstrap, and FontAwesome, hosted securely in German data centers operated by Equinix. The site is mobile-optimized and accessible, with good SEO practices and performance. Google Tag Manager and Google Analytics are used for tracking, with a GDPR-compliant cookie consent mechanism in place. However, explicit security headers are not visibly declared, and no dedicated security or incident response policies are published. From a security perspective, the site uses TLS encryption and is hosted in a reputable carrier-neutral data center, ensuring good baseline security. The absence of explicit security headers and vulnerability disclosure policies suggests room for improvement in security posture. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Privacy compliance is strong, with clear privacy and cookie policies aligned with GDPR requirements. Overall, Terminland GmbH demonstrates a high level of professionalism, trustworthiness, and compliance suitable for its business domain. Strategic recommendations include enhancing security header implementation, publishing a formal security policy and incident response contacts, and considering a vulnerability disclosure program to further strengthen trust and security maturity.

S

Sportson International Oy

babolat.com

60

Sportson International Oy operates a Finnish e-commerce platform specializing in tennis, padel, and badminton sports equipment and apparel. Founded in 1982 and based in Kaarina, Finland, the company represents well-known brands such as Babolat and Fila. The website targets both retail consumers and B2B customers, offering a comprehensive product range with fast delivery and free shipping over a threshold. Technically, the site employs modern web technologies including jQuery, Google reCAPTCHA, and Google Analytics, ensuring a functional and user-friendly experience with good mobile optimization and accessibility. Security posture is solid with HTTPS enforced and spam protection via reCAPTCHA, though improvements are recommended in cookie consent and security headers. Overall, the website presents a professional and trustworthy digital presence aligned with its business operations and market position.

N

NetZone AG

netzone.ch

78

NetZone AG is a Swiss-based hosting provider specializing in web hosting, email services, domain registration, managed vServers, SMS, and security solutions. The company positions itself as a pioneer in Swiss hosting with a strong emphasis on Swiss server location, high availability, and security features such as spam and malware filtering and application firewalls. The website reflects a professional and consistent brand image targeting businesses and individuals seeking reliable hosting services in Switzerland. Technically, the site uses a modern but somewhat dated tech stack including Bootstrap 3.3.7 and jQuery 2.2.4, with integrations for Google reCAPTCHA and cookie consent mechanisms, indicating a moderate level of digital maturity. Security posture is solid with HTTPS enforced and secure forms, but lacks explicit security headers and a published security policy. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent. Overall, the site is trustworthy and professionally maintained, with room for improvement in security transparency and SEO.

R

RBA

serienegra.es

66

RBA Libros is a well-established Spanish publishing group specializing in various literary genres, including the crime-focused 'Serie Negra' imprint. The website serves as a digital storefront and informational portal for their crime genre books, offering features such as book listings, author information, and newsletter subscriptions. The site is professionally designed with consistent branding and targets readers interested in crime novels, essays, and biographies. Technically, the website employs a modern JavaScript stack including RequireJS, jQuery, and lazy loading libraries, hosted partially on Microsoft Azure Blob Storage, ensuring moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and GDPR-compliant consent management via Didomi, though security headers are not explicitly detected and could be improved. The absence of WHOIS data limits domain trust verification, but the website's content and external references strongly indicate legitimacy. Overall, the site presents a trustworthy and professional digital presence for RBA's crime literature segment.

E

Econocom Products & Solutions GmbH

energy-net.de

64

Energy Net, operating under Econocom Products & Solutions GmbH, is a well-established Apple reseller and digital transformation service provider targeting businesses and public institutions primarily in Germany and Europe. The company offers a broad portfolio of services including Apple Enterprise Services, collaboration solutions, device management, financing, and repair services. As part of the publicly listed Econocom Group, Energy Net benefits from a strong market position and extensive experience in technology and service delivery. The website reflects a professional and consistent brand image with clear service offerings and business information. Technically, the site is built on TYPO3 CMS with modern JavaScript modules and includes GDPR-compliant privacy and cookie policies with a consent mechanism. Security posture is solid with HTTPS enforced and secure forms, though some security headers and explicit security policies are missing. Overall, the site is trustworthy, well-maintained, and business-focused.

TonSPuR.org is a niche website dedicated to providing spiritual care and audio content for police and rescue personnel, primarily in the German-speaking region of Switzerland. The site serves as a resource especially during pandemic-related event cancellations, offering an archive of audio contributions. The business model is non-commercial and focused on community support rather than profit. The website is built on WordPress, utilizing common plugins such as Podlove Podcasting and standard web fonts, hosted by Hostpoint AG. The technical infrastructure is moderate with good mobile optimization but lacks advanced SEO and accessibility features. Security posture is adequate with HTTPS enabled but lacks important security headers and DNSSEC. No privacy or cookie policies are present, indicating compliance gaps. Contact information is minimal, limiting direct communication channels. Overall, the site is functional and serves its intended audience but requires improvements in privacy, security, and transparency to enhance trust and compliance.

A

Agirc-Arrco

agirc-arrco.fr

58

Agirc-Arrco is a French government-related organization managing supplementary pension schemes for private sector employees. The website provides information and services related to retirement and pension rights, targeting private individuals and retirees. The organization holds a leading position in the French pension market, offering key services such as pension management and online account access. Technically, the website is built on Drupal 11 with modern web technologies and is mobile-optimized, providing a good user experience. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though security headers and explicit privacy policies are missing. The absence of WHOIS data limits domain ownership verification but does not detract from the site's professional appearance and trustworthiness. Overall, the site is safe, well-structured, and serves its audience effectively.

D

Der Holzring GmbH

holzring-lieferanten.de

44

Der Holzring GmbH operates a specialized network platform focused on enhancing collaboration between its shareholders and suppliers in the wood industry. The company offers services such as market analyses, framework agreements, sales promotion, and competence transfer to optimize processes and foster growth. The website reflects a professional and consistent brand presence targeting business partners and suppliers within Germany. Technically, the site is built on TYPO3 CMS, employs modern web technologies, and includes a cookie consent mechanism aligned with GDPR requirements. Security posture is solid with HTTPS enforced and privacy-conscious analytics configurations, though explicit security policies and incident response contacts are absent. Overall, the site is trustworthy, well-structured, and compliant, supporting the company's business credibility and digital maturity.

L

Leyendecker bastelstube GmbH & Co. KG

leyendecker-bastelstube.de

51

Leyendecker bastelstube GmbH & Co. KG is a well-established retail business specializing in arts, crafts, and hobby supplies, serving the Trier and Luxembourg regions. With over 61 years of operation, the company offers a broad product range both in-store and online, complemented by services such as an Abhol-Service and event hosting. The website reflects a professional and consistent brand image, targeting creative hobbyists and local customers. Technically, the site is built on WordPress with modern plugins and libraries, ensuring good SEO and mobile responsiveness. Security posture is solid with HTTPS and GDPR-compliant cookie management, though some security headers could be improved. Overall, the site is trustworthy and well-maintained, supporting the company's market position as a leading local retailer in its niche.

M

MaxFun Sports GmbH

maxfunsports.com

46

MaxFun Sports GmbH operates a leading Austrian running sports platform focused on providing comprehensive content, event registration, race results, multimedia, and community engagement for runners and sports enthusiasts primarily in Austria and German-speaking regions. The website is well-structured, content-rich, and professionally designed, offering a broad range of services including news, training plans, and event calendars. The platform integrates modern web technologies such as jQuery, Bootstrap, and Google Tag Manager, and employs a custom CMS likely based on the Yii framework. Privacy compliance is robust with a comprehensive privacy policy and cookie consent mechanism implemented via CookieFirst. Security posture is good with HTTPS and CSRF protections, though some security headers are missing and no explicit security policy or incident response information is provided. The domain WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional appearance and active business presence. Overall, the website scores well on content quality, technical implementation, and privacy compliance but is penalized for the lack of verifiable domain registration data.

KATES Tennisanlagenbau Kamer & Kujtim Kabashi GbR is a small, family-run business specializing in tennis court construction and maintenance services in Hamburg, Germany. The company offers a comprehensive range of services including new construction, renovation, seasonal preparation, winter services, and training seminars. Their market position is that of a niche regional specialist with decades of experience in the industry. The website is professionally designed, mobile-optimized, and provides clear navigation and contact options, including a contact form with CAPTCHA to prevent spam. Technically, the website is built on the Contao Open Source CMS platform and uses legacy jQuery 1.11.3 along with modern UI components like Slick Slider and FontAwesome. While the site performs moderately well and is mobile-friendly, the use of outdated JavaScript libraries and absence of security headers indicate areas for improvement. No analytics or tracking scripts were detected, suggesting minimal user tracking and a privacy-conscious approach, although no cookie consent mechanism was found. From a security perspective, the site uses HTTPS (assumed from base href), but lacks explicit security headers and uses an outdated jQuery version, which could expose it to vulnerabilities. The contact form includes CAPTCHA, which is a positive security measure. No incident response or security policies are publicly available. WHOIS data is minimal but does not raise immediate concerns, though registrant details do not fully match the business name, slightly reducing trust. Overall, the website is safe, professional, and trustworthy for its target audience, but could benefit from technical and compliance enhancements to improve security posture and GDPR adherence.

O

O'zbekiston Savdo-sanoat palatasi

chamber.uz

55

The website represents the Chamber of Commerce and Industry of Uzbekistan, a key governmental institution supporting trade and industry sectors within Uzbekistan. It provides services such as trade facilitation, business registration, and information dissemination to businesses and government entities. The domain is well-established since 2007, reflecting a mature presence in the market. Technically, the site uses modern frontend frameworks like Bootstrap and Vue components, ensuring a responsive and professional user experience. However, there is a lack of explicit privacy and cookie policies, and no visible security headers, which are areas for improvement. The security posture is moderate, with no detected vulnerabilities but missing best practices. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and security measures.

C

Civic Voice

civicvoice.org.uk

69

Civic Voice is a UK-based national charity dedicated to supporting the civic movement in England. The organization focuses on making places more attractive and distinctive by promoting civic pride and supporting local civic societies through training, networking, and policy advocacy. Their website reflects a mature non-profit with a clear mission and active engagement with their community. Technically, the site is built on WordPress with modern plugins and includes a comprehensive cookie consent mechanism, indicating good digital maturity. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is professional, trustworthy, and compliant with privacy regulations, making it a reliable resource for its audience.

C

Cheltenham Civic Society

cheltenham-battlefield-crosses.org

53

Cheltenham Battlefield Crosses is a small non-profit museum dedicated to preserving and exhibiting WWI battlefield crosses commemorating fallen servicemen from Cheltenham. Managed by Cheltenham Civic Society, the museum offers historical insights and conservation efforts for these fragile artifacts. The website serves as an informative platform for visitors and researchers, providing stories and background on the crosses and soldiers. Technically, the site is built on WordPress with modern plugins for SEO and GDPR compliance, featuring a responsive design and basic accessibility. Security posture is good with HTTPS and cookie consent mechanisms, though improvements could be made by enabling DNSSEC and adding security headers. Overall, the site is trustworthy, well-branded, and professionally maintained, though it lacks explicit contact details and formal security policies.

T

Thinwhite - Tim Hack & Phil Daniels

thinwhite.co.uk

52

Thinwhite, operated by Tim Hack and Phil Daniels, is a small, established graphic design and web development agency based in Gloucestershire, UK. With over 20 years of experience, the company offers creative solutions in print, branding, web design, and SEO, targeting artisan and niche businesses. The website reflects a professional and client-focused approach, emphasizing transparency and quality service without retainers. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and WPBakery Page Builder, ensuring good SEO and user experience. The site is mobile-optimized and uses standard web technologies including jQuery and FontAwesome. Hosting is provided by 123-Reg Limited, consistent with the UK location. Security posture is solid with HTTPS enforced, CAPTCHA on contact forms, and a GDPR-compliant cookie consent mechanism. However, explicit security headers are not detected and could be improved. No vulnerabilities or exposed sensitive data were found. Privacy policies are present and comprehensive enough for GDPR compliance. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation. Strategic recommendations include enhancing security headers, conducting regular security audits, and publishing a formal security policy to further strengthen trust and compliance.

M

Ministerium für Wirtschaft, Arbeit und Tourismus Baden-Württemberg

gut-ausgebildet.de

57

gut-ausgebildet.de is an official educational and vocational training information portal supported by the Ministry of Economy, Labor and Tourism Baden-Württemberg. It serves as a comprehensive resource for students, trainees, parents, and educators in the Baden-Württemberg region, providing detailed information on apprenticeship opportunities, career guidance, and related initiatives such as Praktikumswoche and AzubiCardBW. The platform is well-positioned as a trusted government-backed source with strong partnerships across regional economic and labor organizations. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including Bootstrap and Matomo analytics for privacy-conscious user tracking. The site demonstrates good mobile optimization, accessibility, and SEO practices, ensuring a positive user experience. The use of no-cookie YouTube embeds and a clear cookie consent mechanism reflects a commitment to privacy compliance. From a security perspective, the site enforces HTTPS and implements cookie consent but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data aligns with the website's official nature, showing consistent domain registration without privacy protection, supporting legitimacy. Overall, gut-ausgebildet.de presents a secure, professional, and trustworthy platform with excellent content quality and strong business credibility. Strategic improvements could include enhancing HTTP security headers and publishing explicit security and incident response policies to further strengthen security posture and user trust.

W

W3Schools

w3schools.com

76

W3Schools is a globally recognized online educational platform specializing in web development and programming tutorials. It offers a comprehensive range of free tutorials, references, exercises, and quizzes covering popular technologies such as HTML, CSS, JavaScript, Python, SQL, and more. The platform also provides paid certification programs and premium plans to enhance learning experiences. W3Schools targets a broad audience including students, educators, and professional developers, maintaining a strong market position as a leading resource for web development education. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with integration of Google Tag Manager and reCAPTCHA for analytics and security. The site is mobile-optimized, fast-loading, and accessible, with a consistent and professional design. Security best practices are observed, including HTTPS enforcement and security headers, though explicit security policies and incident response information are not publicly detailed. The security posture is strong with no detected vulnerabilities or exposed sensitive data. Privacy compliance is robust, featuring comprehensive privacy and cookie policies with GDPR adherence and user consent mechanisms. However, direct contact information for security incidents or general inquiries is not readily available, which could be improved to enhance trust and incident handling. Overall, W3Schools presents a low-risk profile with high trustworthiness, excellent content quality, and solid technical implementation. Strategic recommendations include publishing explicit security and incident response policies, adding vulnerability disclosure mechanisms, and providing clearer contact channels for security and support inquiries to further strengthen the platform's security culture and user trust.

B

Blauring Binningen-Bottmingen

blauringbibo.ch

63

Blauring Binningen-Bottmingen is a small Swiss non-profit organization focused on youth and community activities, including group meetings, summer camps, and local events. The website serves as an informational platform for members and interested community participants. The technical infrastructure is based on the BaseKit CMS and hosted by Hoststar AG, utilizing common web technologies such as jQuery and FontAwesome. The site is accessible, mobile-optimized, and moderately performant but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing important security headers and policies. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the website reflects a modest community organization with room for improvement in security and compliance.

D

Deutsche Gesellschaft für Hämatologie und Medizinische Onkologie e.V.

onkopedia.com

65

Onkopedia is a well-established German-language medical guideline portal specializing in hematology and oncology. It serves healthcare professionals by providing up-to-date clinical guidelines, drug assessments, and educational webinars. The platform is affiliated with reputable medical societies in Germany, Austria, and Switzerland, reinforcing its credibility and market position as a leading oncology guideline resource in the German-speaking region. The business model is non-profit and focused on knowledge dissemination within the healthcare sector. Technically, the website is built on the Plone CMS, uses modern web technologies including HTML5, CSS3, JavaScript, and jQuery, and is hosted by Hetzner Online GmbH. The site is mobile optimized with good navigation and professional design, though accessibility features are basic. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and explicit incident response information. Privacy compliance is good with a comprehensive privacy policy, but the absence of a cookie consent mechanism is a minor gap. Overall, the domain registration data is consistent and trustworthy, supporting the legitimacy of the site. Strategic recommendations include enhancing security headers, implementing cookie consent, and publishing security policies to improve compliance and trust.

R

Revive.Digital

revive.digital

70

Revive.Digital is a well-established digital marketing agency based in Essex, UK, offering a comprehensive suite of services including SEO, PPC, web design, creative branding, and bespoke software development. The company positions itself as one of the largest agencies in the Southeast UK with over 15 years of experience and a team of more than 30 in-house experts. Their client base exceeds 200 businesses, emphasizing local and nationwide reach. Technically, the website employs modern web technologies such as Matomo analytics, Google Tag Manager, and popular JavaScript libraries, ensuring a responsive and user-friendly experience. Security-wise, the site uses HTTPS and cookie consent mechanisms but lacks explicit security headers and published security policies. The WHOIS data is privacy protected, which is typical for this business type and does not raise immediate concerns. Overall, the website is professional, trustworthy, and compliant with GDPR and cookie regulations.

P

Privacy service provided by Withheld for Privacy ehf

tvguide.asia

60

TVGuide.asia is a specialized online media platform offering detailed TV guide and scheduling information primarily for the Australia ACT, Canberra region, with multi-genre and multi-language support. The website targets TV viewers seeking comprehensive and up-to-date channel listings and program schedules. The business model appears to be advertising-supported, leveraging Google Adsense and other ad networks to monetize traffic. The platform also maintains partnerships with related TV guide services such as tvepg.eu and americatvguide.com. Technically, the website employs modern web technologies including Google Fonts, FontAwesome, Google Tag Manager, and Facebook SDK, hosted behind Cloudflare DNS services. The site is mobile-optimized with good navigation and content relevance, though accessibility features are basic. Security posture is adequate with HTTPS enforced and domain transfer protection enabled, but lacks advanced security headers and DNSSEC. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy or terms of service pages detected. Overall, the website is functional and professional but could improve in security and compliance documentation.

A

AmericaTVGuide.com

americatvguide.com

51

AmericaTVGuide.com is a niche media website providing comprehensive TV guide and schedule listings primarily for the United States, with multi-language and multi-country support. The site aggregates channel and program data from various partners and sources, offering users detailed listings across genres such as movies, sports, music, and documentary. The business model appears to be content aggregation monetized through advertising. Technically, the site uses modern web technologies including FontAwesome, Google Fonts, Google Adsense, and Facebook SDK, hosted behind Cloudflare DNS and CDN services. The website is mobile-optimized and offers a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enabled and domain locks in place, but lacks DNSSEC and security headers, and does not provide privacy or cookie policies, which are compliance gaps. Overall, the domain registration is consistent and legitimate, supporting the business claims. The site is safe for general audiences with no adult or questionable content detected.

A

ASKÖ - Tirol (Arbeitsgemeinschaft für Sport und Körperkultur in Österreich, Landesverband Tirol)

askoe-fit.at

62

ASKÖ Tirol is a regional sports organization in Austria offering a wide range of sports courses, workshops, and health promotion services targeted at individuals and companies in Tirol. Their website demonstrates a mature digital presence with comprehensive content, clear navigation, and professional design. The technical infrastructure leverages modern web technologies including Alpine.js, Tailwind CSS, and Matomo analytics, hosted by a local provider with good performance and mobile optimization. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is strong with a detailed GDPR-compliant privacy policy and terms of service. Overall, the website reflects a trustworthy and credible organization with transparent contact information and legal disclosures.

T

The Quality Assurance Agency for Higher Education

enhancementthemes.ac.uk

68

Enhancement Themes is a well-established educational program managed by The Quality Assurance Agency for Higher Education in Scotland, focusing on collaborative quality enhancement in higher education from 2003 to 2023. The website serves as an information hub for staff, students, and stakeholders, providing news, events, and resources related to educational improvement. The organization holds recognized certifications such as ISO 27001 and Cyber Essentials, reinforcing its commitment to security and quality standards. Technically, the site is built on the Sitefinity CMS platform, leveraging modern JavaScript libraries and Google Analytics for user insights. The design is professional, accessible, and mobile-optimized, ensuring a positive user experience. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is robust with clear policies and cookie consent mechanisms. Overall, the website reflects a credible, trustworthy educational entity with a strong market position in the Scottish higher education sector.

A

ASKÖ Oberösterreich

askoe-ooe.at

52

ASKÖ Oberösterreich is a regional non-profit sports association dedicated to promoting diverse sports activities and supporting sports clubs in Upper Austria. The organization provides a wide range of services including club support, sports education, fitness and health programs, and competitive sports event organization. It serves sports clubs, athletes, and community members, positioning itself as a key regional player in sports promotion. The website reflects a professional and consistent brand image aligned with its mission. Technically, the website uses a moderate technology stack including jQuery, FontAwesome, Owl Carousel, and a proprietary CMS by Internetkonzepte.at. The site is mobile optimized and performs moderately well, with basic SEO and accessibility features. Privacy and cookie policies are present and GDPR compliant, though explicit security policies and incident response contacts are not found. From a security perspective, the site enforces HTTPS and uses secure external scripts but lacks advanced security headers and a vulnerability disclosure policy. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the website's claims, indicating a legitimate and established organization. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations. Strategic improvements in security headers, incident response transparency, and accessibility could enhance its security posture and user trust.

B

BECOMTECH

becomtech.fr

58

BECOMTECH is a French organization dedicated to promoting gender diversity and equality in the IT and digital sectors, where women are underrepresented. The website serves as an advocacy and educational platform targeting a general audience interested in technology and social inclusion. The organization appears to be a small-sized entity founded in 2018, with a clear mission to foster inclusivity in technology fields. Technically, the website is built on WordPress using the Divi theme, incorporating modern web technologies such as Google Analytics for user tracking and Google Fonts for typography. The site is mobile optimized and presents a professional design with good navigation and content relevance. Security-wise, the site enforces HTTPS and implements a cookie consent banner, but lacks advanced security headers and explicit security or incident response policies. WHOIS data confirms the domain's legitimacy and consistency with the organization's profile. Overall, the website is trustworthy and functional but could improve in privacy compliance and security best practices.

H

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (hbz)

hbz-nrw.de

10

The Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (hbz) is a key regional institution supporting library processes and services across academic institutions in North Rhine-Westphalia, Germany. Their website provides comprehensive information about their products, projects, literature search services, and publications, targeting libraries, researchers, and students. The organization is positioned as an essential service provider in the education sector with a medium-sized operational scale and a founding date consistent with the domain registration. Technically, the website is built on the Plone CMS platform, utilizing modern web technologies such as jQuery, Leaflet.js, and FontAwesome. It is mobile-optimized, accessible, and integrates Matomo analytics for privacy-conscious user tracking. The site is served over HTTPS with no detected blocking or WAF interference, indicating good digital maturity. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and does not publish a dedicated security policy or incident response contacts. Privacy compliance is well addressed with clear privacy and cookie policies, including a consent mechanism. Contact information is available but no direct email addresses are listed in the HTML content. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements include adding security headers, publishing a security policy, and implementing a vulnerability disclosure mechanism to enhance security posture and transparency.

K

Kirchgemeinde Thomas

thomaskirche.ch

46

Thomaskirche is a small, non-profit religious community based in Basel-Stadt, Switzerland, affiliated with the Evangelisch-reformierte Landeskirche Basel-Stadt. The website serves as an information hub for community events, religious services, youth programs, and social engagement projects. It targets local community members and churchgoers, providing schedules, contact information, and event details. Technically, the site is built on WordPress using the Divi theme, with standard web technologies such as FontAwesome and Google Fonts. The site is moderately performant, mobile-optimized, and SEO-friendly, with good content quality and clear navigation. Security posture is adequate with HTTPS enforced, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to missing privacy and cookie policies and no consent mechanisms. Overall, the site is trustworthy and professionally maintained but could improve in privacy and security transparency.

O

OWL Verkehr GmbH

teutoowl.de

57

OWL Verkehr GmbH operates as a regional public transportation service provider and information portal for the TeutoOWL network in Germany. The company offers a range of services including schedule information, ticket sales (such as Deutschlandticket, JobTickets, and SchülerTickets), subscription management, and mobility services like call-collect taxis and night buses. The website targets public transport users in the OWL region, providing comprehensive and accessible information to facilitate mobility. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies such as jQuery, Bootstrap, and FontAwesome. It employs Matomo analytics with a cookie consent mechanism, indicating a privacy-conscious approach. The site is hosted on infrastructure associated with DomainControl, uses HTTPS with strong SSL configuration, and demonstrates good mobile optimization and accessibility. From a security perspective, the website enforces HTTPS and uses privacy-friendly analytics. However, it lacks explicit security policy documentation and incident response contact details. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is limited but consistent with a legitimate regional transportation entity. Overall, the site maintains a good security posture with room for improvement in transparency and security headers. The overall risk assessment is low, with the website presenting a professional, trustworthy, and compliant digital presence. Strategic recommendations include publishing a security policy, adding incident response contacts, enhancing security headers, and maintaining regular security audits to sustain and improve the security posture.

A

Aug. Winkhaus SE

winkhaus.com

71

Winkhaus is a well-established German manufacturer specializing in innovative window technology, door locking systems, and intelligent access control solutions. With a history spanning over 170 years, the company serves a global audience including architects, building owners, manufacturers, and security professionals. Their website reflects a mature digital presence with comprehensive product information, multilingual support, and active engagement through news and press releases. Technically, the site leverages modern web technologies including Google Tag Manager and Usercentrics for consent management, built on the SAP Commerce (Hybris) CMS platform. Security posture is strong with HTTPS enforcement and consent mechanisms, though explicit security headers should be verified. The WHOIS data is incomplete or unavailable, which slightly reduces trust but the overall business credibility remains high due to consistent branding, certifications, and transparent contact information.

T

TMC GmbH

tmc-gmbh.de

38

TMC GmbH is a medium-sized marketing agency based in Germany, specializing in creating emotional brand experiences across digital and analog environments. The company operates multiple specialized agencies under its group, including Amplio®, TMC Brandwork, and TMC Live, offering services such as marketing consulting, brand development, event management, and video production. The website reflects a strong market position as the largest marketing agency in the Ostwestfalen-Lippe region, targeting businesses seeking comprehensive marketing solutions. Technically, the website is built on a modern stack including OctoberCMS, JavaScript libraries like jQuery and Vime.js for video playback, and integrates Google Tag Manager and CookieFirst for analytics and consent management. The site is mobile-optimized with good SEO practices and a professional design, providing a positive user experience. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism, but lacks explicit security headers and documented security policies or incident response information. No vulnerabilities or exposed sensitive data were detected in the HTML content. WHOIS data is consistent with a legitimate business domain, with no privacy protection or suspicious patterns. Overall, the website demonstrates a high level of professionalism, good security posture, and compliance with privacy regulations, making it a trustworthy digital presence for the company.

R

RBA Libros

rbalibros.com

66

RBA Libros is a prominent Spanish publishing house specializing in adult fiction and non-fiction literature, offering a diverse catalog through multiple well-known imprints such as Gredos, Serie Negra, and National Geographic. The company operates under the Grupo RBA umbrella, positioning itself as a key player in the Spanish media and publishing sector. Their website provides comprehensive access to their catalog, news, and social media engagement, targeting general adult readers interested in literary content. Technically, the website employs a modern JavaScript stack including RequireJS, jQuery, and LazySizes for optimized content delivery and lazy loading. It integrates GDPR-compliant consent management via the Didomi SDK and uses Google Tag Manager for analytics and marketing. Hosting of static content is done through Microsoft Azure Blob Storage, indicating a robust infrastructure. The site is mobile-optimized with good SEO and accessibility practices, although some improvements in security headers could be made. From a security perspective, the site enforces HTTPS and uses consent mechanisms aligned with GDPR. However, the absence of explicit security headers and a published security policy or incident response contact reduces the overall security posture. The missing WHOIS domain registration data is a notable concern, as it creates uncertainty about domain legitimacy despite the professional appearance and consistent branding of the website. Overall, RBA Libros presents a trustworthy and professional digital presence with strong content and compliance features. The primary risk lies in the lack of transparent domain registration information and some minor security best practice gaps. Addressing these would enhance trust and security assurance for users and partners.

K

KM-Werbemittel GmbH

laprinta.de

66

laprinta.de is a well-established German e-commerce website specializing in promotional products and advertising gifts, operated by KM-Werbemittel GmbH since 1988. The site offers a broad product range including office supplies, USB and tech gadgets, bags, food and beverages, sustainable items, sports and leisure products, seasonal goods, and more. It targets businesses and organizations seeking customized promotional merchandise, positioning itself as a trusted specialist with over 30 years of market presence. The website features professional design, clear navigation, and consistent branding, supporting a positive user experience.

Q

Qwellcode GmbH

qwellcode.de

10

Qwellcode GmbH is a German software development company specializing in custom software solutions for industry and small to medium-sized enterprises (KMUs). Established since 2013, the company offers a broad range of services including web development, e-commerce, mobile applications, virtual reality, and blockchain technologies. Their market position is that of an experienced, innovative agency with international reach and a focus on modern technologies. The website reflects a professional and consistent brand image with clear navigation and relevant content tailored to their target audience. Technically, the site is built on OctoberCMS with modern frontend technologies and is hosted behind Cloudflare DNS, ensuring good performance and security. The site is mobile optimized and SEO friendly, although accessibility features are basic. Security posture is solid with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and publicly available security policies. No critical vulnerabilities or exposed sensitive data were detected. Overall, the domain registration and WHOIS data align well with the business claims, supporting legitimacy and trustworthiness.

I

invitu

invitu.ch

43

invitu.ch is a Swiss-based online platform specializing in stylish and quick event invitations for private, corporate, and public events. The website offers a user-friendly interface with various event categories and customizable invitation templates, targeting individuals and companies in Switzerland. The business operates as a small-sized entity focusing on digital event invitation services with a clear market niche. Technically, the site employs modern web technologies including Bootstrap, jQuery, FontAwesome, and integrates analytics and user behavior tracking tools such as Google Analytics, Google Tag Manager, and Hotjar. The website is mobile-optimized and presents a professional design with good navigation and content relevance. Security-wise, the site uses HTTPS with appropriate security headers, but lacks some advanced security policies and incident response information. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR explicit statements. Overall, the site is legitimate and trustworthy with room for improvement in privacy and security documentation.

S

Sportjugend Nordrhein-Westfalen

sportjugend.nrw

47

Sportjugend Nordrhein-Westfalen is a regional youth sports organization affiliated with the Landessportbund Nordrhein-Westfalen, focusing on youth engagement, sports education, volunteer services, and community programs in the German state of North Rhine-Westphalia. The website serves as a comprehensive portal for information on various youth sports initiatives, qualification programs, and events, targeting young people, sports clubs, and volunteers. Technically, the site is built on the TYPO3 CMS platform, integrating modern web technologies such as Google Tag Manager, Google Analytics, and accessibility tools like ReadSpeaker. The website is well-structured, mobile-optimized, and includes a cookie consent mechanism aligned with GDPR requirements. Security-wise, the site enforces HTTPS and uses cookie consent but lacks explicit security headers and a published security policy or incident response contacts. The WHOIS data is privacy protected, which is typical and justified for a non-profit organization. Overall, the website demonstrates a mature digital presence with good content quality and compliance, supporting its role as a trusted regional youth sports entity.

D

DLRG

dlrg.net

66

DLRG.net serves as the Internet Service Center (ISC) for the Deutsche Lebens-Rettungs-Gesellschaft (DLRG), a German non-profit organization focused on water rescue and safety. The website functions as an intranet portal providing active members with access to documents, news, examination tools, and seminar management applications. The platform targets active DLRG members and supports their operational and administrative needs through a secure login system and member-specific applications. The domain is well-established since 1999, reflecting a mature digital presence aligned with the organization's history. Technically, the website employs standard web technologies including jQuery, FontAwesome, and Bootstrap, hosted on AWS infrastructure. The site is mobile-optimized with responsive design and basic accessibility features. However, there is room for improvement in SEO and accessibility enhancements. Security posture is solid with HTTPS enforced and domain transfer protection, but lacks DNSSEC and explicit security headers, which are recommended to strengthen defenses. From a security and compliance perspective, the site provides secure login forms with input validation but lacks visible cookie consent mechanisms and detailed privacy or security policies on the main site. No incident response or vulnerability disclosure information is published, which could be improved to enhance transparency and trust. The absence of advertising and tracking scripts indicates a privacy-conscious approach, though cookie policy implementation is advised for GDPR compliance. Overall, dlrg.net is a trustworthy and professional portal serving a defined non-profit community with a good balance of functionality and security. Strategic improvements in security headers, cookie consent, and policy transparency would further elevate its compliance and security posture.

D

DLRG DLRG-Jugend Bundesebene

dlrg-jugend.de

70

DLRG-Jugend Bundesebene is a German non-profit youth organization affiliated with the German Life Saving Association (DLRG). It focuses on youth engagement, education, and community activities related to water safety and youth development. The website serves as an information hub for events, campaigns, and volunteer opportunities targeted primarily at German-speaking youth and volunteers. The organization maintains a consistent brand presence and provides comprehensive contact and privacy information, reflecting a mature digital presence. Technically, the website is built on TYPO3 CMS, leveraging modern responsive design frameworks such as Bootstrap and FontAwesome. Hosting is provided via Amazon AWS infrastructure, ensuring reliable performance and scalability. The site incorporates GDPR-compliant cookie consent mechanisms and uses both Google Analytics and Plausible Analytics for visitor tracking, with user opt-in consent. From a security perspective, the site enforces HTTPS and employs cookie consent for analytics tracking, but lacks explicit security headers and publicly available security or incident response policies. No vulnerabilities or suspicious content were detected. Overall, the site demonstrates a good security posture appropriate for a non-profit organization. The overall risk is low, with recommendations focusing on enhancing security headers, publishing incident response information, and considering a vulnerability disclosure policy to further strengthen trust and compliance.

H

Hochschul-IT-Zentrum des Saarlandes

hiz-saarland.de

60

The Hochschul-IT-Zentrum des Saarlandes operates as a regional IT service center supporting higher education institutions in Saarland, Germany. It provides a range of IT services including user account management, network access (WLAN, VPN), email and groupware solutions, hardware procurement, and cloud services. The website is professionally designed using TYPO3 CMS and targets students, employees, guests, and academic facilities. It maintains partnerships with multiple universities in the region, reinforcing its role as a central IT hub for academic institutions. Technically, the website leverages modern web technologies such as TYPO3 CMS, Bootstrap, and jQuery, hosted likely within university or DFN infrastructure. The site is mobile optimized and offers good navigation and content relevance. However, some improvements in accessibility and SEO could be considered. Security posture is moderate with HTTPS usage and secure form handling, but lacks explicit security headers and published security policies. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the security posture is sound for an academic IT service provider, with no visible vulnerabilities or exposed sensitive data. The WHOIS data aligns well with the website's academic context, indicating legitimacy and trustworthiness. The site does not engage in advertising or extensive user tracking, supporting a privacy-conscious approach. Strategic recommendations include implementing security headers, adding cookie consent mechanisms, publishing security and incident response policies, and considering a vulnerability disclosure program to enhance trust and compliance.

T

The Quality Assurance Agency for Higher Education

qaa.ac.uk

72

The Quality Assurance Agency for Higher Education (QAA) is a UK-based independent charity and the expert quality body for tertiary education. It provides impartial regulatory and collaborative quality assurance and enhancement services across the UK and internationally. The organization is trusted by governments, funding bodies, and higher education providers, offering services such as membership, accreditation, training, and sector resources. The website reflects a mature, professional entity with a clear focus on education quality and standards. Technically, the website is built on the Sitefinity CMS platform, leveraging modern analytics tools including Google Analytics and Microsoft Clarity, and employs Google Tag Manager for marketing and tracking. The site is mobile-optimized, accessible, and well-structured with comprehensive navigation and content. Security certifications such as ISO 27001 and Cyber Essentials are prominently displayed, indicating a strong commitment to information security. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place. However, explicit security headers and a public security policy or incident response contact are not found, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is good, with clear privacy and cookie policies aligned with GDPR requirements. Overall, the website and organization present a low-risk profile with high trustworthiness. Strategic recommendations include enhancing security headers, publishing a security policy and incident response details, and implementing a vulnerability disclosure program to further strengthen security and transparency.

S

Statsforvalteren

fylkesmannen.no

66

Statsforvalteren.no is the official website of the Norwegian government agency representing the state at the county level. The agency is responsible for implementing decisions, goals, and guidelines from the Norwegian Parliament and government, acting as a vital link between municipalities and central authorities. The website provides access to public services, complaint handling, forms, news, and job postings relevant to the agency's functions. It targets Norwegian citizens, public sector employees, and municipalities, offering content primarily in Norwegian with language options including English and regional languages. Technically, the website employs modern web technologies including Bootstrap for responsive design, JavaScript libraries, and integrates analytics tools such as Azure Application Insights, Hotjar, Maze Analytics, and Siteimprove Analytics. The site is served over HTTPS with good mobile optimization and accessibility features, though explicit security headers are not evident. The site lacks a cookie consent mechanism despite using tracking scripts, which is a privacy compliance gap. From a security perspective, the site demonstrates a solid posture with HTTPS enforcement and no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security headers and a published security or incident response policy are areas for improvement. The WHOIS data is unavailable due to Norid's privacy policies, but the domain's .no TLD and consistent government-related content strongly indicate legitimacy and trustworthiness. Overall, Statsforvalteren.no is a professionally maintained government website with good content quality and technical implementation. Strategic recommendations include enhancing privacy compliance with cookie consent, publishing security policies, and adding security headers to strengthen the security posture and user trust.

Jobbnorge.no is a Norwegian online recruitment platform focused on connecting job seekers with employers across Norway. The website offers job search functionality and recruitment tools, positioning itself as an important player in the Norwegian recruitment market. The platform targets both job seekers and employers, providing a streamlined experience for finding and posting jobs. The business model revolves around providing digital recruitment services and tools to facilitate hiring processes. Technically, the website employs modern technologies including ASP.NET, Matomo analytics, and Cloudflare for hosting and security. It features a comprehensive cookie consent mechanism compliant with GDPR, enhancing user privacy and transparency. Security posture is strong with HTTPS enforced and device fingerprinting used for security purposes, although some security headers could be improved. Overall, the website is professional, well-branded, and trustworthy, with good mobile optimization and accessibility. However, the lack of publicly available WHOIS data slightly reduces trust but is likely due to privacy protection. Strategic recommendations include publishing a privacy policy page, terms of service, and a vulnerability disclosure policy to further enhance compliance and trust.

P

Pemerintah Sako

dlhsako.com

56

The website dlhsako.com represents the official online presence of the Dinas Lingkungan Hidup Sako, a government environmental agency in Indonesia. It provides information about environmental management services, including waste management, pollution control, and public complaint handling. The site targets the general public and local community, aiming to inform and facilitate environmental governance. The domain is newly registered in 2024, consistent with a new government initiative. Technically, the website uses modern web technologies such as Laravel Livewire, Swiper.js, and FontAwesome, with a responsive design optimized for mobile devices. The site is hosted with Cloudflare DNS but lacks DNSSEC and some security headers, indicating room for security improvements. No analytics or tracking scripts were detected, suggesting minimal user tracking. From a security perspective, HTTPS is properly implemented, and domain transfer protections are in place. However, the absence of privacy and cookie policies, security headers, and vulnerability disclosure mechanisms represent compliance and security gaps. The site does not appear to be blocked by any WAF or security challenge, allowing full content access. Overall, the website is professional and trustworthy as a government entity but would benefit from enhanced privacy compliance and security hardening to improve user trust and regulatory adherence.