Security Directory

K

Københavns Kommune

kk.dk

64

Københavns Kommune operates an official municipal website serving the residents of Copenhagen, Denmark. The site provides comprehensive information and services related to citizen services, environment, housing, employment, health, education, and social welfare. It is positioned as the primary digital portal for municipal government interactions and public information dissemination. The website targets local citizens and residents, offering a broad range of public service resources and contact points. Technically, the website is built on Drupal 10, leveraging modern web technologies including JavaScript and CSS. It demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. The site employs HTTPS and cookie consent mechanisms aligned with GDPR requirements, reflecting a mature digital infrastructure suitable for a government entity. From a security perspective, the site enforces HTTPS and uses cookie consent banners with categorized cookies. However, explicit security headers are not detected, and no dedicated security or incident response policies are published. No vulnerabilities or exposed sensitive data were found in the content. The WHOIS data is unavailable or privacy protected, which is common for government domains, but the domain legitimacy is supported by consistent branding and official content. Overall, the website presents a low-risk profile with strong trust indicators and compliance with privacy regulations. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a vulnerability disclosure mechanism to further strengthen security posture and transparency.

N

Nikodémova noc - Slovo biskupa

nikodemovanoc.cz

43

Nikodémova noc is a small-scale religious non-profit initiative based in the Czech Republic, focused on organizing spiritual events that offer unique encounters with Jesus. The website serves as a platform for program registration and dissemination of spiritual messages, supported by the Brno bishopric and the Pallotini order. The target audience is primarily Christian communities and church attendees in the region. Technically, the website uses basic web technologies including HTML, CSS, JavaScript with jQuery and Mapy.cz API for maps. However, it relies on outdated JavaScript libraries which pose security risks. The site lacks modern security headers and visible privacy or cookie policies, indicating compliance gaps. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website is functional with good content quality but requires improvements in security and privacy compliance to enhance trust and protection.

M

My-chess

my-chess.com

47

My-chess.com is an educational platform focused on teaching and practicing chess through interactive quizzes and gamified rewards such as virtual currencies and collectible chess cards. The platform targets a broad audience including children and adults, ranging from beginners to intermediate players. The website is built using modern frontend technologies including Vuetify and integrates Google Analytics and Tag Manager for user tracking and analytics. Hosting is provided by Websupport.cz, a known hosting provider. Security posture is moderate with HTTPS enabled but lacks DNSSEC and security headers, and no explicit security or privacy policies are published on the landing page. The domain registration is consistent and appropriate for the business age, indicating legitimacy. Overall, the platform offers a good user experience and content quality but would benefit from improved privacy and security disclosures.

E

EEX Group

eex-transparency.com

68

The EEX Transparency Platform is a professional and comprehensive online portal operated by the EEX Group, providing inside information and transparency services for European energy markets including power, natural gas, emissions, and hydrogen sectors. The platform targets market participants, regulatory bodies, and the general public interested in energy market data. The website demonstrates a mature digital infrastructure using TYPO3 CMS and modern JavaScript libraries such as Highcharts for interactive data visualization. It features GDPR-compliant privacy and cookie policies with user consent mechanisms, reflecting a strong commitment to privacy and regulatory compliance. Security posture is solid with HTTPS enforcement and basic security headers, though there is room for improvement in advanced security headers and accessibility. The absence of WHOIS data suggests privacy protection or recent domain registration, but the website's branding and content align with the reputable EEX Group, supporting legitimacy. Overall, the platform is a trustworthy and valuable resource for energy market transparency.

K

Kreativwirtschaft Sachsen-Anhalt e.V.

kwsa.de

41

Kreativwirtschaft Sachsen-Anhalt e.V. (KWSA) is a regional industry association representing cultural and creative professionals and companies in the German state of Sachsen-Anhalt. The organization focuses on supporting creative entrepreneurs through networking, knowledge transfer, events, and workshops, positioning itself as a key regional player in the creative economy. The website reflects this mission with clear information about services, events, and membership opportunities. Technically, the site is built on TYPO3 CMS, hosted by agenturserver, and demonstrates good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and no exposed sensitive data, though it lacks some advanced security headers and explicit incident response policies. Privacy compliance is adequate with a privacy policy and cookie information present, but no active consent mechanism is detected. Overall, the site is professional, trustworthy, and well-aligned with its business goals.

Activia.fr is the official French website for the Activia brand, a well-known dairy product line specializing in probiotic yogurts and digestive health. The site offers rich content including product information, health advice, and a wide range of recipes, targeting general consumers interested in wellness and nutrition. The website is professionally designed, mobile-optimized, and hosted on Adobe Experience Manager Cloud, indicating a mature digital infrastructure. Security posture is strong with HTTPS and security headers implemented, though explicit security policies and incident response information are not published. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. WHOIS data is unavailable, which slightly impacts domain trust but the overall brand presence and technical setup support legitimacy. The site integrates marketing and analytics tools such as TagCommander and Adobe Helix RUM for performance and user tracking.

S

SCM Hänssler

scm-haenssler.de

67

SCM Hänssler operates as a Christian-focused e-commerce retailer specializing in books, music, and related products. The website serves a German-speaking audience with a broad catalog of Christian literature and media, positioning itself as a trusted provider within this niche. The business model centers on online retail with a strong emphasis on customer service and compliance with European data protection regulations. Technically, the site is built on the Magento platform, leveraging modern web technologies and analytics tools such as Google Analytics and Matomo. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though there is room for improvement in security headers and incident response transparency. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

LitVideo, operated by qub media GmbH, provides a specialized online platform for distributing book trailers to online shops and websites, targeting publishers, authors, bloggers, and online retailers. The website serves as a niche marketing tool provider within the German media sector, focusing on enhancing product visibility through video content. The business model centers on B2B services facilitating video marketing content placement, with a consistent brand presence and basic but relevant content quality. Technically, the website employs standard web technologies including HTML5, CSS, JavaScript, and jQuery 1.x, alongside Google Analytics for visitor tracking. While the site is accessible and functional, it shows signs of technical debt such as the use of an outdated jQuery version and lacks advanced SEO, accessibility, and mobile optimization features. The hosting provider is not explicitly identified, and no CMS is detected. From a security perspective, the site uses HTTPS but lacks visible security headers and a cookie consent mechanism, which are important for GDPR compliance and overall security posture. The outdated jQuery version poses a potential vulnerability risk. No incident response or security policy information is provided, limiting transparency in security management. Overall, the website is moderately secure and professionally credible but would benefit from technical modernization and enhanced privacy compliance measures. Strategic improvements in security headers, updated libraries, and cookie consent implementation are recommended to strengthen trust and regulatory adherence.

E

endboss GmbH

endboss.eu

48

Endboss GmbH is a small creative agency specializing in urban development and cultural storytelling projects. They position themselves as partners rather than traditional service providers, focusing on collaborative and inclusive urban projects. The website reflects a niche market presence with a clear emphasis on partnership and creative urban solutions. Technically, the site is built on a modern SvelteKit framework, delivering a good user experience with mobile optimization and modular JavaScript assets. Security posture is solid with HTTPS enforced, but lacks some security headers and cookie consent mechanisms. Privacy compliance is basic but present with a privacy policy and terms of service. Overall, the site is professional and trustworthy, though it could improve transparency by adding contact details and enhancing security headers.

S

Scottish and Southern Electricity Networks

ssen.co.uk

67

Scottish and Southern Electricity Networks (SSEN) operates as a major electricity distribution network operator in the United Kingdom, serving customers primarily in Scotland and southern England. The company provides essential services including electricity distribution, power cut reporting, and customer support. SSEN is a subsidiary of SSE plc, a well-established energy company. The website reflects a professional and customer-focused approach, offering 24/7 contact centers and real-time power outage information. The target audience includes residential and business electricity consumers within their service regions. From a technical perspective, the website leverages modern technologies such as Episerver CMS, Microsoft Azure Application Insights for analytics, Google Tag Manager, and OneTrust for cookie consent management. The site is hosted likely on Microsoft Azure infrastructure, ensuring reliable performance and scalability. The website demonstrates good mobile optimization and basic accessibility features, with a moderate performance profile. Security posture is strong with HTTPS enforcement, appropriate security headers, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies, GDPR adherence, and consent mechanisms. However, the site lacks a publicly available security policy and incident response contact details, which could enhance transparency and trust. Overall, SSEN's website is a trustworthy and professional platform that effectively supports its business operations and customer engagement. Strategic improvements in security transparency and accessibility could further strengthen its digital maturity and risk management.

F

Fiskars

fiskars.com

64

Fiskars is a well-established international retail brand specializing in gardening tools, cookware, craft supplies, and scissors. The website presents a professional and consistent brand image targeting consumers interested in home and garden products. The business model is primarily e-commerce with a global presence, supported by localized country sites. Technically, the site uses modern JavaScript frameworks, analytics, and marketing tools such as Datadog RUM, Google Tag Manager, Exponea, and Klarna for payment services. The site is hosted behind Cloudflare, ensuring good performance and security. Security posture is solid with HTTPS enforced and user input masking in analytics, though explicit security headers and policies are not evident in the provided content. Privacy compliance is basic with consent mechanisms but lacks visible privacy and cookie policies in the analyzed HTML snippet. WHOIS data is missing or unavailable, which reduces transparency but does not contradict the legitimacy of the brand. Overall, the site is professional, secure, and trustworthy with room for improvement in explicit privacy disclosures and security documentation.

The RWE Foundation website represents a corporate social responsibility initiative by RWE AG, a major energy company based in Germany. The foundation focuses on sustainable social change through funding charitable projects, supporting education, and providing humanitarian aid. The website is professionally designed, multilingual (German and English), and provides clear navigation to key sections such as funding principles, projects, application forms, and contact information. The presence of an annual report and CEO statement adds to the trustworthiness and transparency of the foundation. Technically, the website is built on the Sitecore CMS platform, utilizing modern web technologies including JavaScript, CSS, and HTML5. It integrates Usercentrics for cookie consent management and Etracker for analytics, demonstrating compliance with GDPR and privacy best practices. The site is mobile-optimized and accessible, with good SEO and performance characteristics. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms effectively. However, it lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data for the domain is unusual but the website's professional presentation and corporate backing mitigate concerns. Overall, the site demonstrates a solid security posture with room for improvement in transparency and security policy publication. The overall risk assessment is low, with recommendations to enhance security headers, publish a security policy and incident response contacts, and consider adding a vulnerability disclosure or security.txt file to improve trust and security culture.

R

RWE Turcas Güney Elektrik Üretim A.Ş.

rwe-turcas.com

64

RWE Turcas Güney Elektrik Üretim A.Ş. is a joint venture between the German utility RWE AG and Turkish energy company Turcas, operating a large, efficient, and environmentally friendly gas-fired combined-cycle power plant in Denizli, Turkey. The company holds a significant market position supplying approximately 1.2% of Turkey's electricity and operates from multiple locations including Ankara, Istanbul, and Denizli. The website presents a professional and comprehensive overview of the business, its mission, and its operations, targeting stakeholders in the energy sector and the general public. Technically, the website uses modern web technologies including JavaScript, CSS, SVG, and UIkit framework, with integration of Google Tag Manager and Usercentrics for consent management. The site is mobile optimized, accessible, and SEO friendly, with good performance metrics. Security posture is solid with HTTPS enforced and cookie consent mechanisms, though explicit security headers and incident response policies are not published. The security evaluation shows no critical vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a clear privacy policy and cookie consent. However, the WHOIS data for the domain is missing or unavailable, which raises concerns about domain registration transparency and reduces overall trustworthiness. Despite this, the website content and branding align with a legitimate corporate entity. Overall, the site is professional, secure, and compliant with privacy regulations, but the lack of WHOIS data and explicit security policies suggests areas for improvement to enhance trust and security posture.

N

NBank

nbank.de

67

NBank is the official investment and development bank of the German state of Niedersachsen, providing a broad range of funding programs, consulting, and support services to individuals, companies, municipalities, and institutions within the region. The website reflects a strong government affiliation with clear communication of its mission to foster growth and quality of life in Niedersachsen. The digital infrastructure is modern and well-implemented, featuring responsive design, accessibility considerations, and integration with consent management and analytics tools. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response information are not publicly disclosed. Overall, the website presents a trustworthy and professional front for a large government entity.

D

Damen Shipyards Group

damen.com

77

Damen Shipyards Group is a globally recognized family-owned maritime company established in 1927, specializing in shipbuilding, ship repair, and marine equipment supply. The company positions itself as a leader in sustainable and connected shipbuilding, serving diverse markets including defense, offshore energy, public transport, and dredging. Damen operates a large network of shipyards and service hubs worldwide, emphasizing client-driven innovation and lifecycle support services. Technically, the Damen website employs modern web technologies such as React and Next.js, ensuring a responsive and accessible user experience. The site features comprehensive content, multimedia elements, and clear navigation, reflecting a mature digital infrastructure. Privacy and cookie compliance are well implemented, with consent mechanisms and GDPR-aligned policies. From a security perspective, the website enforces HTTPS, utilizes robust security headers, and avoids exposing sensitive data. No critical vulnerabilities were detected in the visible content or scripts. However, the absence of WHOIS registration details is notable and warrants caution, although the website's professional presentation and extensive business information support its legitimacy. Overall, Damen Shipyards Group presents a strong business and digital presence with a high level of trustworthiness and security maturity. Continued vigilance on domain registration transparency and public vulnerability disclosure would further enhance their security posture.

A

AMOS KamPoMaturite.cz, s.r.o.

stredniskoly.com

45

StredniSkoly.com is a Czech Republic-based educational portal operated by AMOS KamPoMaturite.cz, s.r.o., providing a comprehensive directory of secondary schools along with educational resources such as articles, exam preparation materials, and tutoring services. The site targets students, parents, and educators seeking detailed information about secondary education options in the Czech Republic. It maintains a strong market position through multiple related educational project sites and advertising partnerships. Technically, the website uses a custom CMS (ANAWEb) with JavaScript libraries including jQuery 1.9.1, Slippry slider, and Fancybox, along with Google Fonts. The site is moderately optimized for performance and mobile devices, with good SEO practices and basic accessibility features. However, the use of an outdated jQuery version and lack of explicit security headers indicate areas for improvement. From a security perspective, the site implements cookie consent with granular user options and uses HTTPS, but lacks visible security headers and uses older JavaScript libraries that may pose vulnerabilities. No critical security issues or vulnerabilities were detected in the content. Privacy compliance is good, with a clear privacy policy and cookie banner, and contact information is prominently displayed. Overall, the site is a professional, trustworthy educational resource with moderate technical maturity and a solid privacy posture. The absence of WHOIS registration data is a concern that warrants further investigation to confirm domain legitimacy. Strategic improvements in security headers and library updates would enhance the security posture and trustworthiness of the platform.

T

Tuesday.cz

eventworld.cz

65

Tuesday.cz is a Czech-based company specializing in organizing professional events ranging from training sessions to large full-day conferences, both online and offline. The website targets professionals seeking educational and networking opportunities in their respective fields. The business operates in the education sector with a focus on event management and training services. The website presents a professional design with consistent branding and relevant content, although it lacks explicit contact details and comprehensive privacy documentation. Technically, the website employs modern web technologies including Google Tag Manager, Google Analytics, and Facebook Pixel for marketing and analytics purposes. The site is mobile-optimized and performs moderately well, but there is room for improvement in accessibility and SEO. Security measures include HTTPS enforcement and frame busting scripts, but the absence of security headers and vulnerability disclosure mechanisms suggests potential gaps in security maturity. The security posture is adequate but could be enhanced by implementing recommended headers and publishing clear privacy and terms policies. The lack of WHOIS data due to privacy protection slightly reduces trustworthiness but is understandable for a small business. Overall, the site is safe for general audiences and does not contain any adult or questionable content. Strategic recommendations include enhancing privacy compliance, improving security headers, publishing contact and incident response information, and establishing a vulnerability disclosure policy to strengthen trust and security culture.

M

Mesh Digital Limited

chess-results.com

54

Chess-Results.com is a specialized online platform dedicated to hosting and archiving chess tournament results globally. Established in 2006, it serves a niche audience of chess players, tournament organizers, and enthusiasts by providing access to over 40,000 tournaments. The platform's business model revolves around offering a dedicated service for chess results management and archival, supported by advertising revenue. The website demonstrates consistent branding and good content relevance within its domain.

P

Pax-Bank für Kirche und Caritas eG

pax-bank.de

63

Pax-Bank für Kirche und Caritas eG is a specialized financial institution serving church and charitable organizations primarily in Germany. The website reflects a professional banking service provider with a clear niche market focus. The digital infrastructure is built on modern web technologies such as Angular and Material Design, with integration of analytics tools like eTracker. The website is mobile optimized and presents a good user experience with consistent branding. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in security headers and explicit privacy documentation. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

PayZen, operated by Lyra Network, is a payment processing platform targeting primarily German-speaking markets, with a focus on businesses requiring payment gateway services. The website content is minimal and primarily serves as a documentation or informational portal without visible user interaction elements such as forms or contact details. The technical infrastructure includes modern JavaScript modules and trusted external libraries, but lacks comprehensive SEO metadata and structured data. Security posture is basic with no visible security headers or DNSSEC enabled, and no explicit privacy or cookie policies are present, indicating potential compliance gaps. Overall, the domain registration data supports legitimacy with consistent registrant information and appropriate domain age. Strategic improvements in privacy compliance, security headers, and content richness are recommended to enhance trust and user experience.

B

Blackpearl Group Limited

pearldiver.io

65

Pearl Diver, operated by Blackpearl Group Limited, is a New Zealand-based B2B SaaS company specializing in intent data and prospect identification solutions for marketers and sales teams. The platform leverages real-time buyer signals beyond traditional ad platforms to improve targeting accuracy, reduce wasted ad spend, and increase conversion rates. The company is well-positioned in the marketing technology sector with a strong user base and positive market reputation, supported by numerous customer testimonials and G2 reviews. Technically, the website is built on Webflow CMS and integrates advanced marketing and analytics tools such as HubSpot, Microsoft Clarity, and Google Tag Manager. The site demonstrates excellent design quality, mobile optimization, and SEO practices, ensuring a smooth user experience and effective digital presence. Security-wise, the site enforces HTTPS and uses controlled third-party scripts, though it lacks some advanced security headers and a published security policy. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including GDPR and CCPA considerations. However, the WHOIS data is privacy protected, limiting transparency on domain registration details, though this is common and justified for commercial SaaS providers. Overall, Pearl Diver presents a professional, trustworthy, and technically mature online presence with minor recommendations to enhance security headers and incident response transparency. The business is credible and well-aligned with its market claims, making it a reliable partner for marketers seeking intent data solutions.

N

NewDefinition GmbH

nd-politik.de

52

NewDefinition GmbH operates ND-Politik, a specialized politics management system tailored for politicians and political parties primarily in Germany. The platform offers a comprehensive suite of tools including website content management, online communication via newsletters, member and supporter community features, event and ticket management, CRM, and campaign management. The company targets political organizations from local to federal levels, with a SaaS subscription business model that includes hosting, maintenance, and support. The website demonstrates a consistent brand presence and strong trust signals through references and ISO-certified hosting. Technically, the platform is web-based with a proprietary CMS, leveraging standard web technologies (HTML, CSS, JavaScript). The site is mobile-optimized and SEO-friendly, though some accessibility features are basic. Hosting is performed on ISO-certified German servers with secure data storage and daily backups. While HTTPS is implemented with strong SSL encryption, the site lacks visible security headers and a cookie consent mechanism, which are recommended for enhanced security and compliance. From a security perspective, ND-Politik shows a mature posture with GDPR and BDSG compliance, secure data handling, and ISO-certified hosting. However, incident response and vulnerability disclosure policies are not publicly documented, and no security.txt file is present. No critical vulnerabilities or exposed sensitive data were detected. Overall, the site is trustworthy and professionally maintained, with room for improvement in security headers and privacy consent mechanisms. The overall risk assessment is low, with the platform well-suited for its political clientele. Strategic recommendations include implementing cookie consent, enhancing security headers, and publishing incident response policies to further strengthen compliance and trust.

V

Volkswagen Belegschaftsstiftung

volkswagen-belegschaftsstiftung.de

55

Volkswagen Belegschaftsstiftung is a non-profit foundation established in 2011 by Volkswagen AG to support disadvantaged children, youth, and young adults around the global Volkswagen locations through sustainable aid projects. The website serves as an informational and navigational platform presenting the foundation's goals, projects, and a dedicated Förderportal for funding applications. Technically, the site is built on TYPO3 CMS with a moderate performance profile and good mobile optimization. Security posture is solid with HTTPS enforced and cookie consent implemented, though it lacks advanced security headers and published incident response policies. The domain registration data aligns well with the foundation's identity, indicating a trustworthy and legitimate online presence.

C

Úvod | CIVOP - bezpečnost práce (BOZP) pro firmy

civop.cz

55

The website civop.cz represents a small business specializing in occupational safety (BOZP) services targeted at companies in the Czech Republic. The site is built on WordPress using the GeneratePress theme and incorporates Google Tag Manager for analytics and marketing purposes. The content is professional and relevant to its business domain, focusing on safety consulting and compliance services. Technical infrastructure appears standard for a small business website with moderate performance and good mobile responsiveness. Security posture is basic, with no advanced security headers detected and no visible privacy or cookie policies, indicating room for improvement in compliance and security transparency. The absence of WHOIS data limits the ability to fully verify domain legitimacy, which slightly reduces overall trustworthiness. Strategic recommendations include enhancing security headers, publishing privacy and cookie policies, and verifying domain registration details to improve business credibility and compliance.

S

Stadt Wittenberg

wittenberg.de

9

The website www.wittenberg.de serves as the official digital presence of the city of Lutherstadt Wittenberg, Germany. It provides comprehensive information about city life, administration, culture, tourism, and public services. The site targets residents, tourists, and local businesses, offering structured navigation and links to partner organizations. The business model is that of a government municipal portal, focusing on information dissemination and citizen engagement. The website is well-branded and consistent with its municipal identity. Technically, the site uses a proprietary CMS (NOLIS) with standard web technologies such as HTML5, CSS, and JavaScript. It is mobile-optimized and accessible, with moderate performance. SEO practices are good, with proper meta tags and structured navigation. However, no advanced frameworks or analytics services were detected. From a security perspective, the site enforces HTTPS and uses a cookie consent mechanism, but lacks visible security headers and published security policies or incident response information. No vulnerabilities or exposed sensitive data were found in the analyzed content. The WHOIS data is minimal but consistent with the municipal nature of the domain. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance documentation, security headers, and incident response transparency to improve its security posture and user trust.

K

Kindermissionswerk Die Sternsinger e.V.

sternsinger.de

54

Kindermissionswerk Die Sternsinger e.V. operates a professional and well-established German non-profit website dedicated to supporting children worldwide through fundraising, educational materials, and awareness campaigns. The organization holds recognized certifications such as the DZI Spendensiegel, enhancing its credibility and trustworthiness. The website targets a broad audience including donors, schools, and children, providing clear donation pathways and educational content. Technically, the site is built on TYPO3 CMS with modern web technologies, good SEO, and mobile optimization, though some security header enhancements could be made. The security posture is solid with HTTPS enforced and no visible vulnerabilities, but lacks explicit security policies or incident response contacts. Privacy compliance is strong with GDPR-aligned cookie consent and privacy policies. Overall, the site presents a trustworthy and professional digital presence for a charitable organization.

S

Sparkasse Lüneburg

sparkasse-lueneburg.de

70

Sparkasse Lüneburg is a regional financial institution based in Germany, providing a broad range of banking and financial services to private and corporate customers. The website serves as a comprehensive online banking portal offering services such as account management, loans, credit cards, investments, insurance, and real estate services. The bank positions itself as a trusted local partner with a strong emphasis on customer service and accessibility. The site is well-structured to cater to different customer segments with clear navigation and dedicated sections for private and business clients. Technically, the website is built on a modern CMS platform, likely Adobe Experience Manager, and employs standard web technologies including JavaScript and CSS. It demonstrates good mobile optimization, accessibility features, and SEO practices. The site uses HTTPS and includes cookie consent mechanisms compliant with GDPR, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, uses secure forms, and has a cookie consent banner indicating awareness of privacy regulations. While explicit security headers are not fully confirmed, the overall posture is strong with no visible vulnerabilities or exposed sensitive data. The absence of a published security policy or incident response contact is noted as an area for improvement. Overall, the website is professional, trustworthy, and compliant with relevant privacy laws. It effectively supports the bank's business model and customer engagement strategies. Strategic recommendations include enhancing security header implementation, publishing a security policy, and adding a vulnerability disclosure mechanism to further strengthen trust and security posture.

A

Ausbildungsverbund Lüneburg e.V.

xn--al-yka.de

43

Ausbildungsverbund Lüneburg e.V. is a regional non-profit organization dedicated to coordinating apprenticeship training for young people in the Lüneburg area of Germany. The organization collaborates with numerous partner companies to offer up to 30 apprenticeship positions annually, providing services such as candidate pre-selection, apprentice support, and coordination with vocational schools and chambers. Their website reflects a professional and consistent brand image, targeting both prospective apprentices and companies seeking to train new talent. Technically, the website employs modern web technologies including JavaScript libraries like Swiper.js and integrates Google Analytics and Tag Manager for tracking, while maintaining GDPR compliance through cookie consent mechanisms. Security posture is adequate with HTTPS enforced and IP anonymization in analytics, though there is room for improvement in implementing security headers and publishing explicit security policies. Overall, the website is accessible, well-structured, and trustworthy, supporting the organization's mission effectively.

Netsite.app is a professional control panel platform operated by Netsite A/S, a Danish company specializing in domain, DNS, email, and website management services. The website serves as a login portal for customers to access and manage their digital assets. The business is positioned as a niche technology service provider with a clear focus on domain and hosting management. The platform targets existing Netsite customers requiring centralized control over their domains and hosting services. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript. The design is professional and mobile-optimized with a clear and user-friendly login interface. However, the site lacks advanced technical features such as structured data, Open Graph metadata, and visible security headers. Performance appears moderate with no evident technical debt but opportunities exist for improved accessibility and SEO. From a security perspective, the site uses secure password input fields but lacks explicit security headers and documented security policies. No incident response or vulnerability disclosure information is provided, which could be improved to enhance trust and compliance. The absence of privacy and cookie policies indicates a gap in GDPR compliance, which is critical given the nature of the services offered. Overall, the website is trustworthy and professionally presented but would benefit from enhanced security practices, privacy compliance, and transparency measures. Strategic improvements in these areas will strengthen the platform's security posture and regulatory adherence.

The website represents an educational portal for the Sdružení pro dopravní telematiku, a Czech association focused on transport telematics and intelligent transport systems. It provides information about workshops, conferences, and projects related to transport telematics, targeting professionals and stakeholders in this sector. The site content is primarily in Czech and includes extensive listings of past and upcoming events, indicating an active role in the transport telematics community. Technically, the website uses basic HTML, CSS, and JavaScript without modern frameworks or CMS, and lacks mobile optimization and advanced accessibility features. Security posture is weak due to the absence of HTTPS and security headers, and there are no visible privacy or cookie policies, which raises compliance concerns. The WHOIS data is unavailable, limiting domain legitimacy verification. Overall, the site serves as an informational and educational resource but requires significant improvements in security, privacy compliance, and technical modernization.

O

Oracle Corporation

openjdk.org

60

OpenJDK.org serves as the official community site for the OpenJDK project, an open-source implementation of the Java Platform, Standard Edition. The site is maintained under the auspices of Oracle Corporation, which provides both free GPL-licensed JDK binaries and commercially licensed versions. The platform targets Java developers, open-source contributors, and the broader technology community interested in Java development and innovation. The website offers resources for downloading the JDK, learning about active projects, and contributing to the codebase, positioning itself as a central hub for Java platform collaboration. Technically, the website is built on a custom static site architecture using standard web technologies including HTML, CSS, and JavaScript. It leverages GitHub and Mercurial for source code hosting and integrates privacy-focused analytics via Fathom. Hosting is supported by Akamai CDN infrastructure, ensuring fast content delivery. The site demonstrates good SEO and basic mobile optimization, though accessibility features are moderate. No major CMS or frameworks are detected, indicating a lightweight and stable technical implementation. From a security perspective, the site enforces HTTPS and employs domain registration protections such as clientDeleteProhibited status. However, DNSSEC is not enabled, and security headers are not explicitly detected, representing areas for improvement. Privacy compliance is strong with clear privacy and terms of use policies, though no cookie consent mechanism is present despite analytics usage. No direct contact information or incident response contacts are published, which could be enhanced to improve transparency and trust. Overall, OpenJDK.org is a professional, trustworthy, and well-maintained site supporting a critical open-source technology project. The security posture is solid but could benefit from additional hardening measures. Privacy practices are good but could be improved with cookie consent. The site is free of adult or questionable content and serves a general technology audience. Strategic recommendations include enabling DNSSEC, adding security headers, publishing a security.txt file, and implementing cookie consent to further strengthen compliance and security.

Anawe s.r.o. is a Czech small business specializing in comprehensive web presentation services including website creation, SEO optimization, graphic design, and corporate identity development. The company has a strong market presence with over a decade of experience and a broad portfolio of clients across various sectors. Their website reflects professionalism and a consistent brand image, targeting businesses and individuals seeking quality digital presentation solutions. Technically, the website employs standard web technologies with HTTPS and Google Analytics integration, though it lacks advanced security headers and privacy compliance mechanisms. The absence of WHOIS data limits domain trust verification, but the detailed contact and business information on the site support legitimacy. Security posture is moderate with room for improvement in headers and policy disclosures. Overall, Anawe s.r.o. presents a credible and professional digital presence with recommendations to enhance privacy compliance and security best practices.

Obec Mirošovice operates an official municipal website serving the local community in the Středočeský kraj region of the Czech Republic. The site provides essential information about the municipality, including administrative contacts, local news, public services, and official documents. It targets residents and visitors seeking authoritative local government information. The business model is typical for a local government entity, focusing on transparency and public service rather than commercial activities. Technically, the website uses a custom CMS with standard web technologies such as HTML5, CSS, JavaScript, and jQuery. The site includes basic accessibility and SEO features but lacks advanced mobile optimization and modern frameworks. Performance is moderate, with no significant issues detected. The site employs a cookie consent mechanism, indicating some awareness of privacy compliance. From a security perspective, the website uses HTTPS and implements cookie consent but lacks several important security headers and explicit security policies. No incident response or vulnerability disclosure information is provided. The absence of advanced security controls and headers suggests room for improvement in security posture. However, no critical vulnerabilities or exposed sensitive data were detected. Overall, the website is trustworthy and professional, reflecting its role as an official municipal portal. The risk level is low, but strategic improvements in security headers, mobile responsiveness, and privacy documentation would enhance its security and compliance standing.

C

Centrum pro rodinný život Olomouc

rodinnyzivot.eu

40

Rodinný život is a Czech family and spiritual magazine published by Centrum pro rodinný život Olomouc, with a 35-year tradition. The website offers rich content focused on family life, Christian spirituality, and related cultural topics. It provides subscription options, digital editions, and a newsletter signup. The site is well-designed, mobile-optimized, and uses modern web technologies such as React and Next.js. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. No security headers or incident response information are published, representing areas for improvement. The website links to reputable partner domains related to Christian media and cultural organizations, enhancing its credibility.

S

Stadtwerke Böhmetal

swbt.de

65

Stadtwerke Böhmetal is a regional utility company based in Germany, providing essential energy services including electricity, gas, and water supply to residential and commercial customers in the Böhmetal region. The company positions itself as a reliable local energy provider with a focus on customer service and regional presence. Their website is built on the Neos CMS platform using the Flow PHP framework, indicating a modern and maintainable technical infrastructure. The site is well-optimized for mobile devices and accessibility, with good SEO practices and clear navigation. Security measures include HTTPS enforcement, standard security headers, and a GDPR-compliant cookie consent mechanism powered by Cookiebot. However, there is no publicly available security policy or incident response information, which could be improved to enhance trust and transparency. Overall, the website reflects a professional and trustworthy business with moderate technical maturity and compliance with privacy regulations.

T

Tower Health

mytowerhealth.org

65

Tower Health operates the MyTowerHealth patient portal, providing secure online access to healthcare services such as appointment scheduling, prescription refills, test results, and billing management. The portal is built on the Epic MyChart platform, a widely used healthcare IT solution, indicating a mature and robust technical infrastructure. The website demonstrates good digital maturity with responsive design, accessibility features, and integration of modern JavaScript libraries such as React and Handlebars. Security measures include HTTPS enforcement, anti click-jacking scripts, and CSRF tokens, though some security headers are not explicitly detected. Privacy compliance is partially addressed with clear privacy and cookie policies, but lacks an explicit cookie consent mechanism. The absence of WHOIS registrant data suggests privacy protection, which is appropriate for a healthcare service. Overall, the site is professional, trustworthy, and well-positioned to serve its patient audience.

S

STUDIO MAX MEDIA SK, s.r.o.

maxmedia.sk

53

STUDIO MAX MEDIA SK, s.r.o. is a small Slovak technology company specializing in comprehensive web solutions, graphic design, and content management services. Founded in 2005, the company has a strong portfolio including localization and management of websites for major automotive brands and public institutions. Their expertise centers around the MODX CMS platform, multimedia production, and integration of data services. The website reflects a professional and consistent brand image with clear navigation and rich content tailored to a broad audience. Technically, the website employs modern web technologies including HTML5, CSS, JavaScript with jQuery, and integrates Google Analytics and Tag Manager for tracking. The site is mobile optimized and SEO friendly, though accessibility features are basic. Performance is moderate, with asynchronous loading of scripts enhancing user experience. However, no explicit hosting provider or advanced frameworks beyond MODX CMS are identified. From a security perspective, the site uses HTTPS (assumed from domain and modern standards though not explicitly confirmed in data), but lacks visible security headers and published security or privacy policies. No forms or sensitive data collection points are present, reducing immediate risk. The absence of privacy and cookie policies is a compliance gap, especially under GDPR. No vulnerability disclosures or incident response contacts are provided. Overall, the website is trustworthy and professional with a solid business foundation. Strategic improvements in privacy compliance, security headers, and transparency would enhance the security posture and regulatory adherence, supporting long-term business credibility.

T

Turismo Industrial S. João da Madeira

turismoindustrialsjm.pt

50

Turismo Industrial S. João da Madeira is a small tourism promotion entity focused on industrial heritage tourism in São João da Madeira, Portugal. The website serves as a portal to promote the city's industrial past and cultural tourism offerings, targeting tourists interested in industrial and cultural experiences. The business operates primarily as a local/regional tourism promoter with a focus on heritage and visitor engagement. Technically, the website is built on WordPress using Bootstrap and Font Awesome, with moderate performance and good mobile optimization. It integrates Google Analytics and Facebook tracking for visitor insights but lacks comprehensive privacy and cookie policies, which impacts GDPR compliance. Security posture is moderate with HTTPS enabled but missing important security headers and incident response information. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

F

FOSDEM

fosdem.org

55

FOSDEM is a well-established, non-profit event focused on free and open source software development, held annually in Brussels, Belgium. It serves thousands of developers worldwide, providing a platform for collaboration, knowledge sharing, and community building. The website reflects this mission with clear event information, schedules, and sponsor details, targeting software developers and open source enthusiasts. Technically, the website is built using the nanoc static site generator, delivering a simple and maintainable infrastructure. The site is moderately optimized for performance and mobile devices, with good SEO practices evident through meta tags and structured content. However, there is room for improvement in accessibility and modern security practices. From a security perspective, the site uses HTTPS and has domain transfer protections in place, but lacks DNSSEC and security headers such as Content-Security-Policy or Strict-Transport-Security. No privacy or cookie policies are present, which is a compliance gap especially under GDPR. No incident response or vulnerability disclosure information is provided, limiting transparency in security matters. Overall, the website is trustworthy and professional, with strong business credibility supported by long domain age and reputable sponsors. The lack of privacy and security policies lowers the compliance score, but the site poses low risk given its informational nature and minimal data collection. Strategic improvements in security headers, privacy documentation, and DNS security would enhance the site's posture and user trust.

W

Wernigerode am Harz

wernigerode-tourismus.de

58

The website www.wernigerode-tourismus.de serves as a regional tourism portal for Wernigerode am Harz, Germany, providing information about local attractions such as Fachwerkhäuser, the Rathaus, the Schmalspurbahn, and the Brocken in the Nationalpark. The site targets tourists and visitors interested in exploring the Harz region. Technically, the site is built on TYPO3 CMS, a robust and professional content management system, and uses modern web technologies including CSS and JavaScript with Mapbox for mapping features. The hosting is provided by SchlundTech, a reputable hosting provider. Security posture is moderate; HTTPS is assumed but no explicit security headers or advanced security policies were detected. Privacy compliance is low due to the absence of privacy and cookie policies. No contact information or incident response details are present, limiting direct communication channels. Overall, the site is functional and professionally designed but would benefit from enhanced security and privacy compliance measures.

S

Squarewebsites

squarewebsites.org

62

Squarewebsites is a small technology business specializing in providing plugins and Chrome extensions tailored for Squarespace website designers and users. Their offerings focus on enhancing Squarespace sites with easy-to-install tools and expert support, positioning them as a niche provider in the Squarespace ecosystem. The website is professionally designed and hosted on the Squarespace platform, leveraging modern web technologies and third-party tools such as Visual Website Optimizer for analytics and optimization. Security posture is strong with HTTPS and HSTS enabled, though explicit privacy and terms policies are absent, which could be improved for compliance and trust. The domain WHOIS data is unavailable, likely due to privacy protection, which is common for small businesses but slightly reduces trustworthiness from a domain registration perspective. Overall, the business presents a credible and professional front with clear contact information and active social media presence.

H

Holík International, s.r.o.

holik-international.cz

48

Holík International, s.r.o. is a Czech-based manufacturer specializing in protective equipment for firefighters, rescue workers, and defense personnel. Their product portfolio includes firefighting boots, gloves, and specialized defense gloves designed for police and military use. The company positions itself as a trusted regional supplier with a focus on innovation and collaboration with end users such as firefighters. Technically, the website is built with modern web technologies including JavaScript, CSS, and uses Google Analytics for tracking. It is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the site enforces HTTPS and includes cookie consent mechanisms but lacks advanced security headers and explicit security policies. The absence of WHOIS data reduces domain trust slightly, but the overall business credibility remains high based on available company information and social media presence. Strategic recommendations include enhancing security headers, publishing incident response contacts, and improving privacy compliance documentation.

2

2M-IT Oy

hyvis.fi

56

Hyvis.fi is a Finnish regional health and wellbeing portal providing expert-reviewed information, health testing, monitoring, and access to social and health services. The website is operated by 2M-IT Oy and targets the general public seeking reliable health information and regional service access. The site uses a modern Angular 18 framework and presents a clean, professional design optimized for mobile devices. However, it lacks visible privacy and cookie policies, contact emails, and phone numbers, which impacts user trust and compliance. Security headers and incident response information are also absent, indicating room for improvement in security posture. Overall, the site is functional and informative but would benefit from enhanced compliance and security measures.

W

WeselMarketing GmbH

weselmarketing.de

69

WeselMarketing GmbH operates the official tourism and city marketing website for the city of Wesel, Germany. The website provides comprehensive information about cultural attractions, natural sites, events, travel planning, and local services aimed at tourists, visitors, and residents. The business is positioned as a key promoter of Wesel's tourism sector, leveraging digital channels to enhance visitor engagement and city branding. The site is well-structured, professionally designed, and offers multilingual support, reflecting a mature digital presence. Technically, the website is built on the Drupal CMS platform, utilizing modern web technologies including JavaScript libraries and Google Tag Manager for analytics and marketing. The site is mobile-optimized, accessible, and employs a robust cookie consent mechanism compliant with GDPR standards. Performance is moderate with good SEO and accessibility practices. From a security perspective, the site enforces HTTPS and uses session cookies appropriately. However, it lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. No critical vulnerabilities or suspicious content were detected. Overall, the website demonstrates a strong business credibility and privacy compliance posture, with room for improvement in formal security documentation and incident readiness. The domain registration data aligns with the business location and sector, supporting legitimacy. Strategic recommendations include publishing security policies, adding vulnerability disclosure, and enhancing security headers to further strengthen the security posture.

W

WeselMarketing GmbH

wesel-tourismus.de

69

WeselTourismus.de is the official tourism website for the city of Wesel, Germany, managed by WeselMarketing GmbH. The site provides comprehensive information about local culture, nature, events, and travel planning, targeting tourists and local visitors. It features a professional design with clear navigation and multilingual support (German, English, Dutch). The website uses Drupal CMS and integrates Google Tag Manager for analytics and marketing purposes. Cookie consent mechanisms are implemented in compliance with GDPR. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Contact information is clearly provided, including phone, email, and physical addresses. No terms of service or explicit security policies were found. Overall, the site is trustworthy, well-maintained, and serves as a reliable resource for tourism in Wesel.

KRZN – Kommunales Rechenzentrum Niederrhein is a large, well-established municipal IT service provider in Germany, founded in 1971. It serves 46 local government administrations with over 18,000 IT workstations supported by more than 500 employees across two main locations. The organization offers a broad portfolio of IT solutions tailored for public sector needs, including web conferencing systems with official certifications. Technically, the website is built on Drupal CMS, hosted likely by Deutsche Telekom, and uses eTracker for analytics. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is solid with HTTPS and no evident vulnerabilities, though explicit security headers and incident response policies are absent. Privacy compliance is partially met with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the domain registration data aligns well with the business profile, indicating high legitimacy and trustworthiness.

B

Berufsverband der Mitarbeitenden im Pfarrbüro im Bistum Münster (BVMiP)

bvmip-muenster.de

58

The Berufsverband der Mitarbeitenden im Pfarrbüro im Bistum Münster (BVMiP) is a non-profit professional association dedicated to supporting church office staff within the Münster diocese. The website serves as an information hub for members, providing details about the board, professional roles, upcoming events, and training opportunities. Membership is free for eligible church office employees, emphasizing community and professional development. The association holds regular meetings and participates in national gatherings, highlighting its active role in the sector. Technically, the website is built on the Jimdo Creator CMS platform, leveraging Jimdo's hosting and static asset infrastructure. The site employs standard web technologies including JavaScript and CSS, with moderate performance and good mobile responsiveness. SEO and accessibility features are basic but functional. Cookie consent mechanisms are implemented, reflecting attention to privacy compliance. From a security perspective, the site uses HTTPS with good SSL configuration but lacks advanced security headers and explicit incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present and accessible, supporting GDPR compliance. The WHOIS data aligns with the hosting provider and domain purpose, indicating legitimacy. Overall, the website is a trustworthy, well-maintained resource for its niche audience, with room for improvement in security hardening and expanded contact information to enhance trust and compliance.

B

Bistum Münster

stellenmarkt-bistum-muenster.de

43

The website 'Kirchentalente' serves as the official job market platform for the Diocese of Münster, Germany. It provides a specialized employment portal focusing on church-related and social sector jobs within the Münster region. The platform offers job listings, search and filtering capabilities, and employer information, targeting job seekers interested in meaningful roles within the Catholic Church and affiliated organizations. The business model is non-profit and community-focused, supporting recruitment efforts for the Diocese and its partners. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and FontAwesome icons. It integrates Matomo analytics for visitor tracking and CCM19 for cookie consent management, demonstrating a commitment to privacy compliance. The site is hosted on servers indicated by the nameservers, likely associated with Your-Server.de and related providers. Performance and mobile optimization are good, with a clear navigation structure and professional design. From a security perspective, the website enforces HTTPS and includes a cookie consent mechanism aligned with GDPR requirements. While no explicit security headers were detected in the HTML, the site shows no signs of exposed sensitive data or vulnerable libraries. However, there is room for improvement by implementing additional security headers and publishing a security policy or incident response contact. No vulnerability disclosure or security.txt file was found. Overall, the website is trustworthy, professional, and well-aligned with its mission. It maintains good privacy practices and provides clear contact information. The domain registration is consistent with the Diocese of Münster, enhancing legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to further strengthen the site's security posture and compliance.

B

Bistum Münster

kirchentalente.de

43

The website 'Kirchentalente' serves as the official job market portal for the Diocese of Münster, Germany. It provides a platform for job seekers to find employment opportunities primarily within church-related and social service sectors in the Münster region. The site is professionally designed and maintained, leveraging TYPO3 CMS and modern web technologies. It offers categorized job listings, search by location, and additional career-related content, targeting individuals interested in meaningful employment within the Catholic Church community. The platform is positioned as a regional niche service with strong ties to its parent organization, the Diocese of Münster. Technically, the website employs a mature infrastructure with TYPO3 CMS, JavaScript, CSS, and FontAwesome for UI elements. It integrates Matomo Analytics for visitor tracking and CCM19 for cookie consent management, reflecting compliance with GDPR requirements. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features could be enhanced. Hosting appears stable with dedicated nameservers. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms. While explicit security headers like Content-Security-Policy are not evident, no critical vulnerabilities or exposed sensitive data were detected. The absence of a published security policy or incident response contact is noted but not uncommon for this type of non-profit organizational site. Overall, the security posture is solid but could benefit from additional hardening. The overall risk assessment is low, with the site demonstrating high trustworthiness, GDPR compliance, and professional content quality. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility. The site is suitable for its intended audience and business purpose, with no indications of malicious or inappropriate content.

N

NewDefinition GmbH

nd-alumni.de

51

NewDefinition GmbH operates NDAlumni, a comprehensive alumni management system tailored for universities, alumni associations, and companies primarily in German-speaking countries. The platform offers an integrated SaaS solution covering website CMS, communication, community engagement, event and member management, and financial processing. The company positions itself as a customer-focused provider with transparent pricing and strong service support, targeting small to medium-sized alumni organizations. Technically, the website is well-structured, mobile-optimized, and uses modern web technologies with ISO-certified hosting and SSL encryption. Security practices align with GDPR and German data protection laws, though some improvements in security headers and cookie consent are recommended. Overall, the website is professional, trustworthy, and content-rich, supporting a strong market presence in the alumni management niche.