Security Directory

The Greens/EFA in the European Parliament website represents a political group focused on human rights, democracy, and climate justice within the EU. The site offers comprehensive information about their policies, members, publications, and campaigns, targeting European citizens and stakeholders interested in green politics. The website is well-structured, multilingual, and professionally designed, reflecting a mature digital presence. Technically, the site uses the Contao CMS with modern frontend frameworks like Bootstrap 4 and jQuery. It employs privacy-conscious analytics (Matomo) with cookies disabled, indicating a strong commitment to user privacy. The site is mobile-optimized and accessible, with good SEO practices. Security-wise, the site enforces HTTPS and avoids exposing sensitive data. However, no explicit security headers were detected, and no dedicated security or incident response pages are present. The WHOIS data is unavailable due to privacy protection, which is typical and justified for political organizations. Overall, the security posture is solid but could be enhanced with additional headers and transparency. The website poses low risk, is trustworthy, and serves as a credible source for political advocacy. Strategic recommendations include adding security headers, publishing incident response information, and implementing a vulnerability disclosure policy to further strengthen trust and security.

The Rosa-Luxemburg-Stiftung is a well-established non-profit political education foundation affiliated with the German Left Party. The website serves as a comprehensive platform for political education, events, publications, and scholarship information targeting politically engaged individuals and activists. The organization maintains a strong presence with consistent branding and a broad range of services focused on social justice and left-wing political discourse. Technically, the website is built on TYPO3 CMS with Elasticsearch for search functionality and uses Matomo for analytics, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and well-structured, providing an excellent user experience. Security posture is solid with HTTPS and secure form handling, though improvements can be made by adding security headers and explicit incident response information. Privacy compliance is good with a comprehensive privacy policy, but the absence of a cookie consent mechanism is a minor gap. Overall, the site is trustworthy, professional, and safe for general audiences.

N

nd - Journalismus von links

neues-deutschland.de

49

nd - Journalismus von links is a German left-wing news media outlet providing political, cultural, and social news and analysis. The website offers multiple subscription models, podcasts, newsletters, and voluntary donation options, reflecting a cooperative ownership business model. It targets a general audience interested in leftist perspectives on current affairs. The site is well-branded and professionally maintained with consistent content quality and clear navigation.

S

Stadtwerke Halle GmbH

swh.de

62

Stadtwerke Halle GmbH is a large municipal utility company serving the city of Halle (Saale) and surrounding region in Germany. The company provides a broad range of essential services including electricity, natural gas, district heating, water supply, waste management, public transportation, and leisure facilities. It operates through multiple subsidiaries and partner organizations, reflecting a diversified municipal service portfolio. The website presents these services clearly and professionally, targeting local residents and businesses. Technically, the website uses a modern technology stack including jQuery, Slick Carousel, FontAwesome, and a consent management platform (Usercentrics) alongside Matomo analytics for privacy-conscious user tracking. The site is mobile optimized and structured for good SEO and accessibility, though some accessibility features could be enhanced. Hosting and CMS appear stable and appropriate for the business scale. From a security perspective, the site enforces HTTPS and uses consent management for cookies, indicating good privacy practices. However, no explicit security policy, incident response contacts, or vulnerability disclosure mechanisms are publicly available, which could be improved. No vulnerabilities or suspicious content were detected in the analysis. Overall, the website is trustworthy, professionally maintained, and aligned with the business's public utility role. Strategic improvements in transparency around security policies and GDPR compliance documentation would enhance trust and compliance posture.

T

TMF - Technologie- und Methodenplattform für die vernetzte medizinische Forschung e.V.

toolpool-gesundheitsforschung.de

55

The ToolPool Gesundheitsforschung website is a professional German-language portal operated by TMF e.V., providing IT solutions and consulting services tailored for medical research projects. It serves as a collaborative platform for researchers to find, share, and contribute tools and experiences, positioning itself as a niche but important resource in the healthcare research sector in Germany. The site is supported by reputable organizations such as the Bundesministerium für Forschung and the Deutsche Forschungsgemeinschaft, enhancing its credibility. Technically, the website is built on Drupal 10 CMS with modern frontend technologies including jQuery, Slick Carousel, and Blazy for lazy loading images. It employs Matomo analytics with a GDPR-compliant cookie consent mechanism, reflecting a mature digital infrastructure. The site is mobile-optimized and accessible, with good SEO practices and moderate performance. From a security perspective, the site enforces HTTPS and respects user privacy with opt-in analytics tracking. However, explicit security headers like CSP and X-Frame-Options are not evident, and no published security or incident response policies exist. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is minimal but consistent with the business purpose, showing no suspicious patterns. Overall, the website demonstrates a solid balance of content quality, technical implementation, privacy compliance, and business credibility, scoring an overall AI rating of 81. Strategic improvements in security policy transparency and header implementation could further enhance its posture.

P

PrivacyLab

privacylab.it

69

PrivacyLab is an Italian privacy consulting firm specializing in GDPR compliance and data protection advisory services. The website presents a professional image with a focus on privacy-related services, targeting businesses and professionals in Italy. The technical infrastructure includes modern JavaScript libraries and Google Tag Manager for marketing and analytics purposes. Security posture is adequate with HTTPS enabled and no visible sensitive data exposure, but lacks advanced security headers and incident response disclosures. Privacy compliance is limited due to absence of explicit privacy and cookie policies in the analyzed content. Overall, the website is functional and professional but could improve transparency and compliance documentation.

S

S optic spol. s r. o.

soptic.cz

49

S optic spol. s r. o. operates a well-established private optical retail business in Prague, Czech Republic, with over 30 years of tradition. The company offers comprehensive eye care services including eyeglasses, contact lenses, eye examinations, and repairs, targeting consumers seeking professional and personalized optical solutions. The website reflects a mature digital presence with modern technologies such as Cookiebot for consent management, Google Tag Manager for analytics, and slick interactive UI components. The business demonstrates strong customer trust through detailed team profiles and positive customer reviews. Security posture is solid with HTTPS and consent mechanisms, though explicit security headers and formal privacy policies are missing, representing areas for compliance improvement. Overall, the website is professional, user-friendly, and trustworthy, supporting the company’s market position as a leading local optical retailer.

E

eduflat.de

eduflat.de

61

Eduflat.de is a specialized German educational media platform offering a large catalog of over 11,000 educational films, e-learning content, and interactive learning platforms targeted primarily at schools, teachers, and media centers. The business model revolves around licensing educational films via streaming, downloads, and film flat subscriptions, catering to various school levels and subjects. The company has a strong market position supported by partnerships with major educational publishers and TV stations, and it emphasizes legal compliance and ease of use for educational institutions. Technically, the website employs modern web technologies including jQuery, Font Awesome, and Slick Carousel for UI components, alongside Google Tag Manager and Google Analytics for marketing and analytics. The site is mobile-optimized with good navigation and SEO practices, though no specific CMS or hosting provider was identified. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site uses HTTPS and implements a cookie consent mechanism aligned with GDPR requirements. However, explicit security headers and incident response policies are not evident, suggesting areas for enhancement. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear policies and user consent options. Overall, the website is professional, trustworthy, and well-suited for its educational audience. The domain registration data aligns with the business claims, reinforcing legitimacy. Strategic recommendations include adding security headers, publishing incident response contacts, and enhancing accessibility to further strengthen security and compliance posture.

G

Golden Books srl Società Benefit

macrolibrarsi.it

65

Macrolibrarsi is a well-established Italian e-commerce platform specializing in natural and organic products including food, cosmetics, supplements, and books. Operated by Golden Books srl Società Benefit since 2000, it holds a leading position in Italy's ethical wellness market. The website offers a comprehensive product catalog with over 80,000 items, supported by strong customer service and clear business transparency. The company emphasizes sustainability and ethical business practices, targeting health-conscious consumers primarily in Italy and Europe. Technically, the site employs modern web technologies such as Bootstrap, jQuery, Google Tag Manager, and integrates trusted third-party services for reviews and personalization. It is mobile-optimized and SEO-friendly, providing a smooth user experience. Security posture is solid with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers could be enhanced. Overall, the site is trustworthy, compliant with GDPR, and demonstrates strong business credibility.

M

Münchener Hypothekenbank eG

meindarlehen.de

50

Münchener Hypothekenbank eG operates the website www.meindarlehen.de as a digital customer portal for mortgage loan management. The portal offers services such as personal data updates, payout requests, repayment options, contract adjustments, and membership management, targeting loan customers primarily in Germany. The website reflects an established financial institution with a medium-sized market presence and a focus on customer self-service through a modern web interface. Technically, the site is built on Drupal CMS, utilizing common libraries such as jQuery, Bootstrap, FontAwesome, and Slick Carousel for UI components. The site is mobile-optimized and accessible, with moderate performance characteristics. Security posture is good with HTTPS enforced and cookie consent managed via Cookiebot, but lacks explicit security headers and published security policies. Analytics are handled via Matomo, indicating a privacy-conscious approach. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

M

MyGiftCard

mygiftcard.it

68

MyGiftCard is an established Italian e-commerce platform specializing in the sale of gift cards from major brands across various sectors including retail, food, electronics, and travel. The website offers services such as online activation and balance verification of gift cards, targeting Italian consumers seeking convenient gifting solutions. The platform also features MyGiftCardPlus, a loyalty or enhanced service program. Technically, the site is built on Magento with a mix of modern and legacy JavaScript libraries, and integrates Google Analytics and Tag Manager with privacy-conscious configurations like IP anonymization. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though improvements in security headers and explicit security policies are recommended. WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, the site scores well on content quality, privacy compliance, and business credibility, making it a trustworthy platform for gift card purchases.

The website www.niedersachsen.de is the official portal of the Lower Saxony state government in Germany. It serves as a comprehensive information hub for residents, government officials, and other stakeholders, providing detailed content on politics, state administration, culture, energy, emergency monitoring, integration, and public services. The site is well-structured, multilingual, and professionally designed, reflecting its authoritative government status. The business model is purely informational and service-oriented, targeting the general public and specific groups such as refugees and local citizens. Technically, the site uses a mature technology stack including jQuery, Video.js, FancyBox, Slick Carousel, DataTables, and Matomo analytics, managed via the Powerslave Liveserver CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks some security headers and explicit cookie consent mechanisms. Overall, the security posture is good with no detected vulnerabilities or suspicious content. The domain WHOIS data is privacy-protected as per DENIC policies, consistent with a government domain. The site lacks explicit security policies or incident response contacts, which could be improved. Privacy compliance is generally good, though cookie consent mechanisms should be enhanced. The risk assessment is low, with recommendations focusing on improving security headers, cookie consent, and publishing security policies to enhance trust and compliance. The site is trustworthy, professional, and safe for general audiences.

Z

Zweckverband eGo-Saar

vergabe.saarland

57

The website vergabe.saarland serves as the official electronic procurement platform for the Saarland region in Germany, operated by Zweckverband eGo-Saar. It provides public sector entities such as cities, municipalities, and state administration with a centralized platform to publish tenders and manage electronic submissions. The platform targets businesses and contractors interested in public procurement within Saarland, offering services like digital download of tender documents and electronic bid submission. The site is well-branded with official logos and maintains a professional appearance consistent with government standards. Technically, the website is built on WordPress 6.8.3 with common web technologies such as jQuery and Slick Carousel for UI components. Hosting is provided by plusserver.com, and the site uses HTTPS with a valid SSL certificate. Cookie consent is implemented with an opt-in mechanism for Google Analytics and Facebook Ads, reflecting a good level of privacy compliance. However, some security headers are missing or misconfigured, such as an empty Content-Security-Policy and lack of DNSSEC, which slightly reduce the security posture. From a security perspective, the site enforces HTTPS and uses clientTransferProhibited status on the domain to prevent unauthorized transfers. The WHOIS data aligns well with the website's governmental purpose, showing consistent registration details. No signs of malware, phishing, or suspicious activity were detected. The cookie consent mechanism and privacy policy indicate GDPR compliance, but no explicit security policy or incident response information is published. Overall, vergabe.saarland is a legitimate, regionally focused government procurement platform with good content quality and business credibility. Security practices are adequate but could be improved by enabling DNSSEC, configuring security headers properly, and publishing security policies. The site is safe for general audiences and does not contain any adult or questionable content.

N

nd - Journalismus von links

dasnd.de

49

nd-aktuell.de is a German left-wing political news media website operated under a cooperative business model. It offers news articles, podcasts, newsletters, and subscription services targeting politically engaged readers interested in progressive perspectives on politics, society, culture, and sports. The website is well-branded, professionally designed, and provides rich content with clear navigation and multiple engagement channels including social media and donation options. Technically, the site runs on a custom CMS (KONTEXT-CMS) with legacy jQuery and modern consent management tools, hosted by SINMA. It uses Matomo analytics for privacy-friendly tracking and implements GDPR-compliant cookie consent. Security posture is good with HTTPS enforced, but lacks explicit security headers and published security policies. Contact information is primarily via web forms and cooperative site links, with no direct emails or phone numbers found. Advertising is present but limited to programmatic ads and Facebook Pixel tracking. Overall, the site is trustworthy, safe, and well-positioned in its niche media market.

D

Deniz, Gebauer, Junk, Langhammer GbR

warenform.de

51

WARENFORM GbR is a small, established German agency founded in 2001 specializing in communication solutions, design, and custom software development primarily for NGOs, political entities, unions, and media organizations. Their service offerings include consulting, corporate design, website development, print materials, event communication, and bespoke software applications. The company maintains a professional online presence with a well-structured website built on the KONTEXT-CMS platform, leveraging modern JavaScript libraries and Matomo analytics with privacy-conscious configurations. Security posture is solid with HTTPS and Content-Security-Policy headers, though improvements are recommended in cookie consent and formal security policies. Contact information is transparent and complete, including a published PGP key for secure communication. Overall, the website reflects a trustworthy and credible business with a moderate technical maturity and good compliance with privacy regulations.

D

Deniz, Gebauer, Junk, Langhammer GbR

warenform.net

10

WARENFORM GbR is a small German agency founded in 2001 specializing in communication solutions, design, and custom software development. Their client base includes political representatives, NGOs, unions, media, and companies, positioning them as a niche provider with a strong portfolio and trusted reputation. The website reflects a professional and consistent brand image with comprehensive service descriptions and client references. Technically, the site uses a custom CMS (KONTEXT-CMS) with a modern but somewhat dated JavaScript stack including jQuery and various plugins. Hosting appears to be managed by a partner IT company, o.open.de. Security posture is strong with HTTPS, Content-Security-Policy headers, and privacy-conscious Matomo analytics implementation. However, the site lacks an explicit cookie consent mechanism and formal incident response contact details. Overall, the site is well-maintained, trustworthy, and compliant with GDPR requirements.

Z

Zukunftsorte Berlin

zukunftsorte.berlin

71

Zukunftsorte Berlin is a well-established platform founded in 2014 that connects economic and scientific stakeholders across 11 innovation locations in Berlin. The website serves as an informational and networking hub, showcasing companies, research institutes, and events that drive Berlin's future-oriented economy. Technically, the site is built on WordPress with a modern tech stack including accessibility and multilingual support, and uses Matomo for analytics, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS and employs domain transfer protections, but could improve by enabling DNSSEC and adding advanced security headers. Privacy compliance is strong with a comprehensive privacy and cookie policy and consent mechanisms in place. Overall, the website is professional, trustworthy, and well-positioned as a regional innovation promoter.

Z

ZoomDesign

zoomdesign.ch

48

ZoomDesign is a Swiss agency specializing in design, web development, and communication services based in Geneva. The website presents a professional image with a modern tech stack including Vue.js and popular JavaScript libraries, indicating a contemporary digital infrastructure. However, the site lacks explicit privacy, cookie, and terms of service policies, which are critical for compliance and user trust. Security posture is moderate with no visible security headers or incident response information, and no vulnerability disclosure mechanisms are present. Overall, the site is functional and professional but would benefit from enhanced privacy and security features to improve compliance and trustworthiness.

G

Gesellschaft für Innovation und Unternehmensförderung mbH

ewerk-sb.de

48

E Werk Saarbrücken operates as a specialized event location housed in a historic industrial building, offering a large versatile hall for various event types including concerts, congresses, and corporate functions. The company is positioned regionally with a unique ambiance that appeals to event organizers seeking a distinctive venue. The website is professionally designed, leveraging WordPress CMS with modern plugins and technologies to provide a responsive, accessible, and SEO-optimized user experience. Security posture is strong with HTTPS enforcement and cookie consent mechanisms, though some security headers could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie management. Overall, the site reflects a credible and trustworthy business with clear contact information and professional branding.

T

TMF – Technologie- und Methodenplattform für die vernetzte medizinische Forschung e.V.

tmf-ev.de

63

TMF e.V. is a German non-profit organization dedicated to advancing medical research by developing concepts, infrastructures, and methods. The website reflects a professional and well-structured digital presence, targeting medical researchers, healthcare professionals, and policy makers. It offers comprehensive information about their working groups, products, events, and publications, supporting their mission to facilitate connected medical research. Technically, the site is built on Drupal 10, uses Matomo for privacy-conscious analytics, and implements a robust cookie consent mechanism. The site is mobile-optimized and accessible, with clear navigation and professional design. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security policies and incident response contacts are not published. Overall, TMF e.V. presents a trustworthy and credible online presence consistent with its role in the healthcare research sector.

D

DATEV eG

datev.de

78

DATEV eG operates a professional website focused on providing software, services, and knowledge primarily for tax consulting, auditing, legal advice, companies, and the public sector in Germany. The company positions itself as a leading provider in these sectors, offering tailored solutions and support. The website demonstrates a mature digital presence with modern JavaScript libraries, a clear navigation structure, and a cookie consent mechanism compliant with GDPR standards. However, explicit privacy policy and terms of service documents were not detected in the provided content, which could be improved for transparency and compliance. Security posture is solid with HTTPS and cookie consent but lacks visible advanced security headers or published security policies. The domain WHOIS data is minimal but consistent with the brand, indicating legitimacy. Overall, the website is professional, trustworthy, and well-structured, serving a large enterprise audience in the finance and public sectors.

A

AIPS - Associazione Installatori Professionali di Sicurezza

aips.it

40

AIPS (Associazione Installatori Professionali di Sicurezza) is a well-established non-profit association founded in 1998, representing companies specialized in the installation and maintenance of security systems in Italy. It serves as a key reference point for professional security system installers, offering membership services, training, events, and industry news. The website reflects a professional and consistent brand presence targeting Italian security professionals and companies. The association maintains partnerships with multiple industry sponsors and provides a member login area and installer search functionality.

F

Fiera Milano S.p.A.

fieramilano.it

11

Fiera Milano S.p.A. is a well-established Italian company specializing in organizing, hosting, and managing international-level events, trade fairs, and congresses since 1920. The company operates a comprehensive business platform that serves exhibitors, visitors, suppliers, and investors, positioning itself as a leading event organizer in Italy with a strong emphasis on promoting Made in Italy sectors. The website reflects a professional and consistent brand image, providing rich content and clear navigation tailored to its diverse audience segments. Technically, the website employs modern web technologies including jQuery, Bootstrap, and advanced cookie consent management via Iubenda, integrated with Google Tag Manager and Google Consent Mode for privacy-aware analytics. The CMS appears to be Adobe Experience Manager, indicating a mature digital infrastructure. The site is mobile-optimized with good performance and basic accessibility features, supporting a positive user experience. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR requirements. While some security headers are not explicitly detected, the overall posture is solid with no visible vulnerabilities or exposed sensitive data. The presence of a whistleblowing channel and comprehensive legal disclosures further enhance governance and compliance. Overall, the website demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, supporting Fiera Milano's business credibility and market position. Strategic improvements in security headers and incident response transparency could further strengthen the security posture.

M

MiCo DMC S.r.l.

micodmc.it

65

MiCo DMC S.r.l. is a specialized hospitality service provider focused on the MICE sector in Milan, Italy. The company acts as an official agency and organizational secretariat for congresses, exhibitions, and private events, offering tailored, high-quality services including accommodation, train bookings, and unique experiences. The website reflects a professional and consistent brand image aligned with its market position as a leading reference in Milan's event hospitality sector. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries and frameworks, ensuring good mobile optimization and user experience. Security posture is solid with HTTPS and consent management implemented, though security headers are lacking and could be improved. Privacy compliance is strong with comprehensive policies and consent mechanisms. Overall, the domain registration and WHOIS data align well with the business claims, supporting legitimacy and trustworthiness.

V

Verkehrsbetriebe Biel

vb-tpb.ch

61

Verkehrsbetriebe Biel (VB) operates as a regional public transportation provider in Switzerland, primarily serving the Biel area with bus, trolleybus, and cable car services. The website offers comprehensive information on schedules, tickets, and current operational updates, targeting local commuters and residents. The company maintains a consistent brand presence and active social media channels to engage its audience. Technically, the website employs modern JavaScript frameworks such as Vue.js and jQuery, alongside libraries like Axios and Slick Carousel, indicating a contemporary and interactive user experience. The use of Wagtail CMS is evident, supporting content management and digital maturity. Performance and mobile optimization are good, though accessibility features could be enhanced. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism aligned with GDPR requirements. However, explicit security headers and incident response policies are not visible, and no vulnerability disclosure or security.txt files are present. Tracking technologies include Google Analytics and Facebook Pixel, with moderate user tracking levels balanced by privacy compliance. Overall, the website is professional, trustworthy, and well-suited for its public transportation business model. Strategic improvements in security headers, incident response transparency, and accessibility would further strengthen its posture and user trust.

G

GIU Gesellschaft für Innovation und Unternehmensförderung mbH

giu.de

49

GIU Gesellschaft für Innovation und Unternehmensförderung mbH is a medium-sized real estate project development company based in Saarbrücken, Germany, operating for approximately 40 years. It focuses on sustainable and energy-efficient real estate projects, including commercial and residential developments, with a strong emphasis on quality and environmental considerations. The company serves investors, tenants, and public sector clients, leveraging its municipal ties to the city of Saarbrücken. The website reflects a professional and well-structured digital presence, utilizing WordPress CMS with modern plugins such as Yoast SEO and Borlabs Cookie for GDPR compliance. The technical infrastructure is solid, with good mobile optimization, SEO, and accessibility features. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. The WHOIS data aligns with the business claims, showing consistency and legitimacy. Overall, the website and business demonstrate a high level of professionalism, trustworthiness, and compliance with privacy regulations.

M

Münchener Hypothekenbank eG

muenchenerhyp.de

53

Münchener Hypothekenbank eG is a well-established cooperative bank specializing in long-term real estate financing for private and commercial clients, with a strong emphasis on sustainability and member benefits. The bank operates primarily in Germany with additional presence in Western Europe and the USA. Their website reflects a mature digital presence built on Drupal 10, incorporating modern web technologies and analytics tools such as Matomo and Google Tag Manager. The site is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content including press releases, career opportunities, and investor information. Security posture is solid with HTTPS enforced and cookie consent managed via Cookiebot, though some security headers and explicit security policies could be improved. WHOIS data aligns well with the business claims, indicating a trustworthy and legitimate domain. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations.

D

DZ PRIVATBANK S.A.

dz-privatbank.com

50

DZ PRIVATBANK S.A. is a specialized financial institution focusing on private banking, fund services, and currency loans within the cooperative banking group Volksbanken Raiffeisenbanken. With headquarters in Luxembourg and multiple locations in Germany and Switzerland, it offers tailored wealth management and asset servicing solutions. The website reflects a professional and consistent brand presence, targeting private banking clients, fund initiators, and institutional investors. Technically, the site employs modern tracking and consent management tools, ensuring GDPR compliance and a good user experience across devices. Security posture is strong with HTTPS and no visible vulnerabilities, though some security headers and explicit policies could be improved. However, the domain WHOIS data is missing, raising concerns about domain registration legitimacy that should be further investigated. Overall, the site is trustworthy and professionally maintained, but domain registration inconsistencies reduce the trust score.

W

Wellbeing Economy Alliance

weall.org

53

Wellbeing Economy Alliance (WEAll) is a UK-registered non-profit organization established in 2011, focused on transforming the economic system towards a wellbeing economy that prioritizes people and planet. The website serves as a hub for changemakers, governments, businesses, and organizations to collaborate, access resources, and participate in advocacy and education efforts. WEAll maintains a strong market position with over 500 member organizations and multiple national governments involved. Technically, the website is built on WordPress with modern JavaScript frameworks and libraries, offering a good user experience with mobile optimization and moderate performance. Security practices include HTTPS, GDPR-compliant cookie consent, and use of reCAPTCHA, though improvements such as DNSSEC and security headers are recommended. Overall, the site is professional, trustworthy, and compliant with privacy regulations, though it lacks explicit terms of service and direct contact emails or phone numbers.

H

Helmholtz KLIMA

helmholtz-klima.de

58

Helmholtz KLIMA operates as a Helmholtz-wide dialogue platform focused on climate-relevant research, bridging the Helmholtz community and political stakeholders. The platform provides expert networks, climate knowledge dissemination, and organizes events to foster dialogue on climate issues. It holds a recognized position within the German climate research ecosystem and targets policymakers, researchers, and the interested public. Technically, the website is built on Drupal 10, employs Matomo Analytics with privacy-conscious settings, and uses modern web technologies for performance and accessibility. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security headers and published security policies. Overall, the site is professional, trustworthy, and compliant with GDPR, with clear contact information and active social media presence.

N

nd - Journalismus von links

nd-aktuell.de

49

nd-aktuell.de is a German left-wing news media website operated under a cooperative funding model. It provides political, cultural, and social news, podcasts, and newsletters targeting left-leaning audiences in Germany. The site is professionally designed, content-rich, and offers multiple subscription and donation options to sustain its operations. Technically, the site uses a custom CMS (KONTEXT-CMS by WARENFORM), integrates modern JavaScript libraries, and employs a consent management platform to comply with GDPR. Hosting is provided by SINMA, and analytics are handled via privacy-respecting Matomo. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. No explicit security policies or incident response contacts are published. WHOIS data is minimal but consistent with the CMS and hosting providers, indicating legitimacy. Overall, the site is trustworthy, well-maintained, and compliant with privacy regulations.

The CISPA Helmholtz Center for Information Security is a prominent German national research institution specializing in cybersecurity, privacy, and trustworthy artificial intelligence. It operates as a Big Science institution within the Helmholtz Association and collaborates with academic and industry partners, including the Technical University of Munich. The website presents a professional and content-rich platform highlighting research achievements, faculty insights, and technology transfer initiatives, positioning CISPA as a leading global research center in its domain. Technically, the website employs modern web technologies such as JavaScript and CSS with responsive design and good accessibility features. However, there is limited evidence of advanced security configurations such as security headers or explicit SSL/TLS details in the provided data. The absence of visible privacy, cookie, and terms of service policies indicates areas for compliance improvement, especially concerning GDPR requirements. From a security posture perspective, while the site is accessible and professional, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. The WHOIS data is minimal but does not raise significant legitimacy concerns given the institutional context. Overall, the site demonstrates a strong business credibility and content quality but requires enhancements in privacy compliance and security transparency. Strategically, CISPA should prioritize publishing comprehensive privacy and cookie policies, implementing cookie consent mechanisms, and enhancing security headers and incident response information to strengthen trust and compliance. These improvements will support its reputation as a leading cybersecurity research institution and ensure alignment with regulatory standards.

C

Commune de Vandœuvres

vandoeuvres.ch

46

The website www.vandoeuvres.ch serves as the official online presence for the Commune de Vandœuvres, a local government entity in Switzerland. It provides residents and visitors with practical information, news, event announcements, and access to municipal services such as room rental and contact details. The site targets local citizens and stakeholders interested in community affairs. Technically, the site is built on WordPress 6.8.3, leveraging modern libraries such as jQuery, Foundation CSS, and Leaflet.js for mapping. It integrates anti-spam and bot detection tools and uses Piwik for analytics, indicating a moderate level of digital maturity. Security-wise, the site enforces HTTPS and employs anti-spam measures but lacks explicit security headers and published security policies, representing areas for improvement. Privacy compliance is limited due to the absence of privacy and cookie policies, which is a notable gap given GDPR requirements. Overall, the site is professional, trustworthy, and well-maintained but would benefit from enhanced privacy and security disclosures.

E

eMa - Ecole des Musiques Actuelles

ema.school

58

eMa - Ecole des Musiques Actuelles is a Geneva-based educational institution specializing in contemporary music education. The school offers a variety of programs tailored to different age groups and skill levels, including masterclasses, theoretical courses, and pre-professional curricula. It holds certification from the Geneva DIP, underscoring its legitimacy and quality standards. The website serves as a comprehensive portal for prospective and current students, providing detailed information about courses, events, and administrative matters. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery and Slick Carousel for interactive elements. It integrates Google Analytics and Facebook Pixel for analytics and marketing purposes, alongside a robust cookie consent mechanism compliant with GDPR. The site is mobile-optimized and features multilingual support via Google Translate, enhancing accessibility for a diverse audience. From a security perspective, the site enforces HTTPS and employs cookie consent best practices, though it lacks explicit security headers and incident response disclosures. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected, which is justified for this type of institution. Overall, the site demonstrates a solid security posture with room for improvement in header implementation and transparency. The overall risk assessment is low, with the website presenting a trustworthy and professional front for the institution. Strategic recommendations include enhancing security headers, publishing a formal security policy, and maintaining regular audits of third-party scripts to mitigate potential risks.

B

BNP Paribas

histoire.bnpparibas

69

The website 'Source d'Histoire BNP Paribas' serves as a corporate heritage platform showcasing two centuries of BNP Paribas' archives and history through diverse media such as articles, podcasts, videos, and documents. It targets a general audience interested in the bank's historical narrative and brand legacy. The site is professionally designed, well-branded, and consistent with BNP Paribas' corporate identity, reflecting its position as a major player in the global finance industry. Technically, the site is built on WordPress with modern plugins and frameworks, offering good mobile optimization and SEO practices. Security posture is solid with HTTPS and nonce usage, though some advanced security headers and policies are missing. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. No direct contact emails or phone numbers are publicly listed, but contact forms and social media links provide communication channels. Overall, the site is trustworthy, professional, and well-maintained, supporting BNP Paribas' brand storytelling and heritage preservation.

L

Logotel

logotel.it

75

Logotel is an independent design company based in Italy, specializing in service design, communication, change management, and digital solutions. The company targets enterprises and organizations seeking innovative and impactful transformation projects. Their website reflects a mature digital presence built on WordPress, leveraging modern JavaScript libraries and a comprehensive cookie consent mechanism to comply with privacy regulations. The site is multilingual and professionally designed, offering clear navigation and relevant content about their services and projects. Security posture is solid with HTTPS and Cloudflare protection, though explicit security policies and incident response contacts are not found. Overall, Logotel demonstrates a credible and trustworthy online presence aligned with its business focus.

C

Commune d'Avully

avully.ch

48

The Commune d'Avully website serves as the official digital portal for the local government of Avully, Geneva, Switzerland. It provides residents and visitors with access to administrative services, community news, event agendas, and practical information about living in the commune. The site is well-structured and professionally designed, targeting local citizens with relevant public service content. Technically, the site is built on WordPress, leveraging common web technologies such as jQuery and Slick Carousel, and integrates Google Tag Manager for analytics. While the site uses HTTPS and has a consistent branding approach, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. Security headers are not evident, and no incident response or vulnerability disclosure information is provided. Overall, the site is trustworthy and functional but could improve its privacy and security posture.

A

Association Out of the Box

biennaleoutofthebox.ch

49

The website biennaleoutofthebox.ch represents the Association Out of the Box, a Swiss cultural organization that organizes the Biennale Out of The Box, an inclusive arts festival scheduled for May 2025. The festival showcases a variety of artistic performances and exhibitions created by artists with disabilities, targeting a broad audience including persons with different forms of handicap. The site is professionally designed with good accessibility features and clear navigation, reflecting a well-established niche cultural event. Technically, the website is built on WordPress and leverages modern JavaScript libraries such as jQuery, Underscore.js, and media players like Plyr, along with a slick carousel for image sliders. The site is mobile-optimized and uses HTTPS with a strong SSL configuration. SEO is enhanced by the Yoast SEO plugin, and accessibility is supported by features like text resizing and easy-to-read content indicators. From a security perspective, the site enforces HTTPS and does not expose sensitive data or use vulnerable libraries. However, it lacks published privacy and cookie policies, terms of service, and incident response information, which are important for GDPR compliance and user trust. No security headers were detected, and no vulnerability disclosure mechanisms are present. The WHOIS data aligns well with the website's claims, indicating legitimacy. Overall, the site is a credible and professional platform for a cultural festival with good technical and security foundations but requires improvements in privacy compliance and security transparency to enhance trust and regulatory adherence.

M

Musikkultur Rheinsberg gGmbH

osterfestspiele-schloss-rheinsberg.de

46

Osterfestspiele Schloss Rheinsberg is a well-established cultural festival and music education organization based in Germany, operating under the parent company Musikkultur Rheinsberg gGmbH. The website showcases a professional and consistent brand presence, offering detailed information about festival programs, visitor info, and related cultural divisions. The technical infrastructure is modern, leveraging WordPress CMS with popular JavaScript libraries and plugins, ensuring good performance and mobile optimization. Privacy compliance is robust, featuring a comprehensive privacy policy, cookie consent mechanism, and GDPR adherence. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Overall, the site reflects a trustworthy and credible cultural institution with clear contact information and active social media engagement.

L

Living Wage Foundation

livingwage.org.uk

59

The Living Wage Foundation is a UK-based non-profit organization dedicated to promoting fair wages through the real Living Wage accreditation. It operates under Citizens UK and has a strong market presence with over 16,000 accredited employers including major corporations. The website is professionally designed using Drupal 10 and Bootstrap, featuring good mobile optimization and accessibility. Security posture is strong with HTTPS and cookie consent mechanisms, though some security headers and policies could be improved. WHOIS data is unavailable due to domain naming rules error, but the website's legitimacy is supported by its content and affiliations. Overall, the site demonstrates a mature digital presence with a focus on social responsibility and employer engagement.

M

MFG Medien- und Filmgesellschaft Baden-Württemberg mbH

mfg.de

55

MFG Medien- und Filmgesellschaft Baden-Württemberg mbH is a regional institution dedicated to promoting film culture and the creative industries in the Baden-Württemberg region of Germany. It operates through two main business areas: film funding and creative industry support, offering financial aid, networking, and educational events. The organization holds a strong market position as a key facilitator for media and cultural projects in the region, targeting creatives, filmmakers, and cultural institutions. The website reflects a professional and well-structured digital presence, leveraging TYPO3 CMS and modern web technologies to deliver content effectively. It includes comprehensive privacy and cookie policies, demonstrating compliance with GDPR and user consent requirements. Social media integration and structured data enhance its outreach and SEO performance.

S

Startup Verband

deutschestartups.org

46

Startup Verband is a prominent German startup association focused on fostering a startup-friendly environment in Germany and Europe. It serves as a large network and research leader with over 1,200 members including startups, scaleups, corporates, and investors. The organization provides advocacy, research reports, events, and member services such as legal templates and educational resources. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries, hosted likely by Schlund Technologies, and demonstrates good performance and mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and policies could be improved. Overall, the site is professional, trustworthy, and well-aligned with its business mission.

T

The International Network for Quality Assurance Agencies in Higher Education (INQAAHE)

inqaahe.org

45

INQAAHE is a globally recognized non-profit network dedicated to quality assurance in higher education, serving over 300 member organizations worldwide. The website reflects a mature digital presence built on WordPress with modern plugins and technologies, offering rich content including membership information, professional development, research, events, and news. The site is well-structured, mobile-optimized, and professionally branded, targeting quality assurance agencies and higher education stakeholders globally. Security posture is solid with HTTPS and secure form handling, though security headers and incident response policies are absent. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. WHOIS data is unavailable, limiting domain trust verification, but the website content and contact information support legitimacy. Overall, the site demonstrates a strong professional and educational focus with room for security and privacy enhancements.

S

Stadt Mannheim

mannheim.de

68

The website www.mannheim.de serves as the official digital portal for the city of Mannheim, Germany. It provides comprehensive information and services related to municipal administration, citizen services, economic development, culture, education, tourism, and career opportunities. The site targets residents, businesses, tourists, and public service users, positioning itself as a key government resource with a broad service offering. The content is well-structured, multilingual, and accessible, reflecting a mature digital presence for a large municipal entity. Technically, the website is built on Drupal 10, utilizing modern web technologies such as Matomo for analytics, SVG icons, and slick carousel for UI elements. The site demonstrates good performance, mobile optimization, and accessibility features. Security is robust with HTTPS enforced, multiple security headers present, and consent-based tracking mechanisms implemented. However, explicit security policies and incident response contacts are not prominently published, and no vulnerability disclosure or security.txt files were found. Overall, the security posture is strong with no detected vulnerabilities or suspicious activity. Privacy compliance is well addressed with clear privacy and cookie policies and user consent mechanisms. The business credibility is high, supported by official domain registration, consistent branding, and transparent contact information. The site is safe for general audiences with no adult or questionable content. Strategically, the site could enhance trust and security culture by publishing dedicated security policies and incident response information, and by implementing a vulnerability disclosure program. Regular audits of third-party scripts and form input sanitization are recommended to maintain security integrity.

Digitalcourage is a well-established German non-profit organization founded in 1987, dedicated to promoting digital rights, privacy, and democracy in the digital age. The organization operates with a strong community focus, relying on donations and volunteer work, and is known for organizing the annual BigBrotherAwards since 2000. Their website reflects a professional and privacy-respecting approach, with no tracking or cookie consent mechanisms, emphasizing transparency and user respect. Technically, the website is built on Drupal 11, using modern web technologies and is hosted via Schlundtech. It demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is strong with HTTPS enforced and no evident vulnerabilities, though some security headers could be improved. The WHOIS data aligns well with the organization's history and legitimacy. Overall, Digitalcourage's website is a trustworthy, content-rich platform serving activists and the general public interested in digital rights. It maintains high standards of privacy and security, with clear calls to action for membership, donations, and participation. The site integrates several related services and partner domains, enhancing its ecosystem and outreach.

S

Servicestelle der Initiative Klischeefrei

klischee-frei.de

57

The website www.klischee-frei.de represents the Servicestelle der Initiative Klischeefrei, a German non-profit initiative dedicated to promoting gender-neutral career and study choices. It serves a broad audience including youth, parents, educators, and career counselors by providing educational resources, events, and a network of partner organizations. The initiative is supported by government entities and well-established partners, positioning it as a credible and trusted source in the education sector. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and integrates Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized, accessible, and SEO-friendly, with a professional design and clear navigation. Hosting details are not explicit, but the domain uses stable nameservers consistent with a legitimate German educational initiative. From a security perspective, the site enforces HTTPS and uses secure form submissions. However, it lacks visible security headers and explicit incident response or security policy disclosures. Privacy compliance is strong with a comprehensive privacy policy and cookie policy, though no explicit cookie consent mechanism is present. No contact emails or phone numbers are directly listed, relying instead on contact forms. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance suitable for its educational and governmental audience. Strategic improvements in security headers, incident response transparency, and cookie consent would further enhance its security posture and privacy compliance.

K

kdvz Rhein-Erft-Rur

kdvz-frechen.de

62

The kdvz Rhein-Erft-Rur is a German regional IT service provider specializing in supporting public administrations with IT infrastructure, digitalization, and specialized applications. The website presents a professional image with detailed service offerings and active engagement in events and community initiatives. The technical infrastructure is based on a proprietary CMS platform with modern UI components like slick sliders, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC, and the domain is currently expired, which is a critical operational risk. Privacy compliance is weak due to missing explicit privacy and cookie policies. Overall, the website reflects a credible government IT service provider but requires improvements in security and compliance to enhance trust and operational stability.

O

Ozkaya Engineering and Consultancy Ltd (t/a Gourmetica)

gourmetica.co.uk

51

Gourmetica is a UK-based growth marketing agency specializing in the hospitality sector, offering a comprehensive suite of services including branding, SEO, website design, social media management, advertising, and photography. The company is a brand of Ozkaya Engineering and Consultancy Ltd, founded in 2023, and positions itself as a niche player with strong industry knowledge and proven client case studies. Technically, the website is built on the HubSpot CMS platform, leveraging modern JavaScript libraries and Google Analytics for tracking, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks some security headers and formal security policies. Privacy compliance is partial, with a cookie consent mechanism but missing privacy and terms of service pages. Overall, the website presents a professional and trustworthy image with room for improvement in compliance and security transparency.

M

Munich Intellectual Property Law Center (MIPLC)

miplc.de

45

The Munich Intellectual Property Law Center (MIPLC) is a specialized academic institution offering a one-year LL.M. program focused on intellectual property, innovation, and competition law. It operates with strong partnerships including the Max Planck Institute for Innovation and Competition and prominent universities, positioning itself as a niche leader in legal education for innovation-driven economies. The website reflects a high level of professionalism, with comprehensive content, multimedia integration, and clear navigation tailored to prospective students and academic audiences. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and frameworks, ensuring good performance and mobile responsiveness. Security posture is solid with HTTPS enforced and privacy-conscious analytics via Matomo with cookies disabled. However, some security headers and explicit security policies are missing, and no direct contact emails or phone numbers are provided, relying instead on contact forms. Overall, the site is trustworthy, well-maintained, and compliant with GDPR, though improvements in transparency and security documentation could enhance user trust further.