Security Directory

B

Boutique Interne CentraleSupélec

boutiqueinternecs.com

66

Boutique Interne CentraleSupélec operates an internal e-commerce platform dedicated to the services of CentraleSupélec, offering textiles, accessories, and goodies. The platform is built on Shopify and targets internal university departments, providing a controlled environment for ordering and quote requests. The website is professionally designed with consistent branding and clear navigation, supporting French language users primarily in France. Technically, the site leverages Shopify's infrastructure hosted on Google Cloud, with modern web technologies and good mobile optimization. Security posture is solid with HTTPS, domain locking, and cookie consent mechanisms, though DNSSEC is not enabled and no explicit security or incident response policies are published. Overall, the site is trustworthy and compliant with GDPR, but could improve transparency on security policies and vulnerability disclosures.

U

Mapa uzavírek v Benešově – Uzavírky, havárie,…

uzavirky-city.cz

53

The website www.uzavirky-city.cz serves as a local informational platform focused on providing real-time and planned road closure and traffic incident data for the city of Benešov, Czech Republic. It targets residents and visitors who need up-to-date traffic information to navigate the city effectively. The site leverages Google Maps API to deliver an interactive map experience, enhancing usability and engagement. The business model appears to be a public or municipal service, offering essential transportation-related updates without commercial intent. From a technical perspective, the site is built on WordPress with custom theming and uses modern web technologies including JavaScript and CSS. The integration of Google Maps API is a key feature, though no advanced frameworks or analytics tools are detected. The site performs moderately well with good mobile optimization and basic accessibility features, but lacks comprehensive SEO and privacy compliance elements. Security posture is adequate with HTTPS enabled, but the absence of security headers and privacy policies indicates room for improvement. No critical vulnerabilities or exposed sensitive data were found, but the lack of WHOIS data and registrant information reduces domain trustworthiness. The site does not display contact information or incident response details, which could impact user trust and compliance with data protection regulations. Overall, the website is a functional and useful local service with a safe content profile. However, it would benefit from enhanced privacy compliance, improved security headers, and clearer business and contact information to strengthen trust and regulatory adherence.

M

Město Benešov

benesov-bezpecnemesto.cz

49

The website 'Benešov - Bezpečné město' serves as an official municipal portal focused on public safety initiatives in Benešov, Czech Republic. It supports a regional project aimed at improving citizen safety and trust in local and national police forces. The site provides news, contact information, and links to related government and safety organizations, positioning itself as a trusted community resource. The business model is public sector oriented, with a medium-sized municipal entity operating the site since 2016. Technically, the site is built on the Vismo CMS platform, utilizing standard web technologies including HTML5, CSS, JavaScript, Google reCAPTCHA for form security, and Google Translate for accessibility. The site is served over HTTPS with a good SSL configuration but lacks some advanced security headers. Performance and mobile optimization are moderate, with room for improvement in accessibility and SEO. From a security perspective, the site demonstrates basic best practices such as HTTPS and CAPTCHA protection on forms but lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. Privacy compliance is partially met with linked privacy and cookie policies, though no active cookie consent mechanism is present. Contact information is clearly provided, enhancing business credibility. Overall, the website is safe, professional, and trustworthy, with no adult or questionable content. Recommendations include enhancing security headers, implementing cookie consent, and adding dedicated security and incident response information to improve compliance and user trust.

A

Associates in Anesthesia

aiamd.com

56

Associates in Anesthesia, Inc. is a well-established anesthesia services provider operating primarily in Pennsylvania, serving hospitals, ambulatory surgery centers, and office-based care. The company emphasizes clinical expertise and personalized patient care, positioning itself as a premier anesthesia practice with a history dating back to 1961. Their website reflects a professional healthcare service provider with clear service offerings and patient resources. Technically, the website is built on WordPress with modern SEO and analytics tools integrated, providing a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS and no visible vulnerabilities, though some security headers and policies could be improved. The absence of WHOIS data is a notable concern for domain legitimacy, but the website content and business information appear credible. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and transparency.

W

Wuppertal Institut für Klima, Umwelt, Energie gGmbH

wupperinst.org

11

The Wuppertal Institut für Klima, Umwelt, Energie gGmbH is a well-established German research institute specializing in sustainability, climate, energy, and environmental research. The website reflects a mature organization with a strong focus on scientific research, policy advice, and public engagement through events, publications, and podcasts. The institute targets a broad audience including policymakers, businesses, academia, and the general public interested in sustainable development. The domain age and WHOIS data confirm the legitimacy and long-standing presence of the organization. Technically, the website is built on TYPO3 CMS, featuring modern web design, responsive layouts, and good SEO practices. The site is performant with good mobile optimization and accessibility. Security posture is solid with HTTPS enabled and cookie consent mechanisms in place, though some security headers and DNSSEC are missing. No critical vulnerabilities or exposed sensitive data were detected. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. However, explicit contact information and security policies are not prominently published, which could be improved to enhance transparency and incident response readiness. Strategic recommendations include enabling DNSSEC, publishing a security policy and incident response contacts, and implementing additional security headers to strengthen the security posture further.

U

Univention GmbH

univention-summit.com

56

Univention GmbH organizes the Univention Summit, a prominent open source event focused on digital sovereignty in government, education, and business sectors. The summit attracts IT service providers, software vendors, and users primarily from Germany and Europe, offering keynotes, panels, workshops, and an exhibition with numerous IT partners. The website is professionally designed, mobile-optimized, and rich in relevant content, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and uses Matomo analytics with user consent, indicating a good level of digital maturity. Security posture is strong with HTTPS and security headers, though explicit security policies and incident response information are not published. The absence of WHOIS data is a notable anomaly but does not detract from the overall professionalism and trustworthiness of the site. Strategic recommendations include publishing security and incident response policies and verifying domain registration status.

U

Univention GmbH

software-univention.de

38

Univention GmbH operates a software update repository website for its Univention Corporate Server (UCS) product line, providing downloads of software versions, network installation files, and virtual machine images. The website is primarily targeted at IT professionals and organizations using Univention's enterprise Linux solutions. The business is positioned as an established player in the technology sector, focusing on software development, distribution, and support services. The website content is technical and functional, serving as a resource for software updates rather than marketing or customer engagement. Technically, the website uses basic HTML, CSS, and JavaScript, with Piwik analytics for user tracking. The site lacks advanced frameworks or CMS platforms and shows moderate performance and basic mobile optimization. The presence of PGP signatures for archive keys demonstrates a commitment to software integrity and security. However, the site does not implement advanced security headers or explicit privacy and cookie policies, indicating room for improvement in compliance and security best practices. From a security perspective, the website benefits from HTTPS and cryptographic signatures but lacks visible security headers and formal incident response or vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent with the company's identity and domain usage, supporting the legitimacy of the site. Overall, the security posture is moderate but could be enhanced by adopting additional security controls and compliance documentation. The overall risk assessment is low, with the main recommendations focusing on improving privacy compliance, security headers, and user transparency regarding data collection. Enhancing mobile optimization and accessibility would also improve user experience and SEO. The website serves its purpose as a software update portal effectively but would benefit from modernization and stronger security and privacy practices.

G

GoFox - Tecnologias de Informação

gofox.pt

54

GoFox - Tecnologias de Informação is a Portuguese technology company specializing in web design, development, and digital marketing services. With over 20 years of experience and a portfolio exceeding 1200 projects, GoFox positions itself as a trusted partner for businesses seeking tailored web solutions, including mobile applications, e-commerce platforms, and SEO optimization. The company emphasizes strategic vision and technical expertise to deliver measurable results for its clients. Technically, the website demonstrates a mature digital infrastructure leveraging modern technologies such as PHP, Django, React, and mobile development frameworks, hosted likely within the PTisp Partners Network. The site is well-optimized for performance, mobile responsiveness, and SEO, reflecting a high level of digital maturity. Security-wise, the website employs HTTPS, secure forms with CAPTCHA, and cookie consent mechanisms, though it lacks a publicly stated security policy or incident response contacts. Overall, GoFox exhibits a strong security posture with room for improvement in formal security disclosures. The domain registration data aligns well with the company's claims, reinforcing legitimacy. The website is professional, trustworthy, and compliant with GDPR requirements, making it a reliable digital presence for the business.

Flexit.fr is the official website for the Flexit CMS, a flexible and dynamic content management system designed primarily for French-speaking users. The CMS targets small to medium businesses and e-commerce merchants seeking an easy-to-use platform for website creation and management. The website is professionally designed, mobile responsive, and emphasizes simplicity, security, and flexibility. The business behind Flexit is NEFTIS, which also provides support and maintenance services for the CMS. The website content is rich and well-structured, providing clear information about the product's features and benefits. Technically, the website uses modern web technologies including JavaScript and Google Tag Manager for analytics. It is served over HTTPS with a good SSL configuration, and the site is mobile optimized. However, some security best practices such as explicit security headers and published security policies are missing. The site includes a cookie consent banner indicating GDPR compliance, but lacks direct contact emails or phone numbers, relying instead on a contact form. From a security perspective, the site shows a moderate security posture with HTTPS enabled and automatic update claims for the CMS. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is unavailable, likely due to privacy protection, which is common and justified for this type of business. No WAF or blocking mechanisms were detected, allowing full content access. Overall, the website is trustworthy and professional with a moderate to good security posture. Strategic improvements include adding security headers, publishing a security policy and incident response contacts, and providing direct contact information to enhance trust and compliance.

The analyzed website autostore.com is a parked domain page managed by GoDaddy, LLC, a well-known domain registrar and parking service provider. The page contains no active business content, products, or services, and is primarily designed to offer the domain for sale. The presence of a Trustpilot widget and TrustArc cookie consent banner indicates some level of trust and privacy compliance, but the overall content is minimal and targeted at domain buyers rather than end consumers. Technically, the site uses standard web technologies including JavaScript, CSS, and third-party widgets for consent management and reviews. It is hosted on GoDaddy's infrastructure and shows basic mobile optimization and accessibility features. However, no advanced CMS or frameworks are detected, and SEO optimization is poor due to lack of meaningful content. From a security perspective, the site lacks visible security headers and detailed security or incident response policies. The domain is registered with Tucows Domains Inc. and managed by GoDaddy, with no suspicious WHOIS patterns. DNSSEC is not enabled, which is a minor security gap. Overall, the security posture is basic but acceptable for a parked domain. The overall risk is low given the lack of active content or user interaction, but the site offers limited business credibility or user engagement. Strategic recommendations include improving security headers, enabling DNSSEC, and providing clearer business or contact information if the domain is to be developed into an active site.

G

Global Sign and Design, Inc.

global-sign.com

47

Global Sign and Design, Inc. is a small business specializing in digital signage and LED display solutions primarily serving the Pennsylvania region. The company acts as a premier distributor and installer for top manufacturers in the visual communication industry, offering products such as outdoor and indoor LED displays, scoreboards, and custom signage. Their market position is regional with a focus on retail and manufacturing sectors requiring digital signage solutions. Technically, the website infrastructure is outdated, relying on deprecated Flash technology and lacking modern security features such as HTTPS enforcement and security headers. The site is hosted by Bluehost Inc. and uses basic JavaScript and CSS without modern frameworks or CMS. Performance and mobile optimization are poor, and accessibility features are minimal. From a security perspective, the website shows significant gaps including absence of privacy and cookie policies, no visible security headers, and no DNSSEC enabled on the domain. The use of Flash presents security and compatibility risks. Contact information is provided but limited, and no incident response or security policies are disclosed. Analytics tools like StatCounter and Google Analytics are used without clear privacy compliance disclosures. Overall, the website presents moderate business credibility but requires urgent technical and security improvements to enhance user experience, compliance, and trustworthiness. Strategic recommendations include modernizing the website technology stack, implementing HTTPS and security headers, adding privacy and cookie policies, and removing deprecated Flash content.

E

ESC Olomouc

escolomouc.cz

46

ESC Olomouc operates as a modern equestrian center in the Czech Republic, specializing in hosting show jumping and dressage competitions. The website positions the center as the most exclusive equestrian venue in the country, targeting equestrian sports enthusiasts and competitors. Key services include event hosting, live streaming, and hospitality offerings such as a restaurant. The business is small-sized, founded in 2012, and maintains partnerships with local financial institutions and sports organizations. Technically, the website uses modern frontend technologies like Alpine.js and Swiper.js, with a responsive design and moderate performance. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal privacy or cookie policies, indicating room for compliance improvement. No forms or direct contact details are visible, which may impact user engagement and trust. Overall, the site is professional and content-rich but could enhance privacy compliance and security transparency.

J

Jacob Stoy

jacobstoy.de

50

Jacob Stoy's website serves as a personal portfolio for a German musician and graphic designer, showcasing artistic projects including performances, books, installations, and websites. The business operates in a niche creative market with a small scale and targets a general audience interested in arts and culture. The website is built using modern technologies such as SvelteKit and Sanity CMS, indicating a contemporary digital infrastructure with moderate performance and good mobile optimization. However, the site lacks advanced SEO and accessibility features. Security posture is minimal with no detected HTTPS confirmation or security headers, and privacy compliance is basic with only a privacy policy page present but no cookie consent mechanism. No contact information or social media links are provided, limiting direct engagement and trust signals. Overall, the site is functional and professionally designed but requires improvements in security, privacy, and contact transparency to enhance credibility and compliance.

E

EOPSA

eopsa.eu

54

EOPSA is an industry association serving as the unified voice of the European Onshore Power Supply sector, promoting collaboration and sustainable prosperity. The website is built on the Wix platform, leveraging Wix Thunderbolt framework and standard web technologies. The technical infrastructure is moderate in performance and mobile optimization but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing important security headers and policies. The absence of privacy, cookie, and terms of service policies, as well as contact information, limits compliance and trust. Overall, the website is safe and professional but would benefit from enhanced security and compliance measures.

T

triangl web

triangl-web.cz

37

The website triangl-web.cz represents a small Czech web design and development company offering services including website creation, e-commerce solutions, CMS integration, SEO optimization, and custom internet applications. The business appears to be established since 2007 and targets local businesses and individuals seeking professional web services. The site content is primarily in Czech and provides a clear overview of services but lacks detailed contact information and compliance documentation. Technically, the website uses basic HTML, CSS, and JavaScript without modern frameworks or CMS platforms detected. The site performance and mobile optimization are basic, and no advanced accessibility features are evident. Google Analytics is used for visitor tracking, but no privacy or cookie policies are present, indicating potential compliance gaps. From a security perspective, the site lacks HTTPS enforcement and security headers, which significantly lowers its security posture. The partner login form is present but no visible security measures are implemented. The absence of WHOIS data reduces domain trustworthiness, although the website content itself appears legitimate and professional. Overall, the site scores moderately on content and business credibility but poorly on security and privacy compliance. Strategic improvements in HTTPS implementation, privacy policies, and contact transparency are recommended to enhance trust and compliance.

L

La Boge

laboge.fr

58

La Boge is a French government-supported digital platform dedicated to providing young people aged 13 to 29 in Saint-Étienne with access to discounts, event information, and social support resources. The website offers a comprehensive guide to aids, events, and youth services, positioning itself as a trusted local resource. Technically, the site is built on Drupal 9, leveraging modern web technologies and analytics tools such as Matomo and Google Tag Manager, ensuring a responsive and user-friendly experience. Security posture is adequate with HTTPS enforced and cookie consent implemented, though improvements in security headers are recommended. The absence of WHOIS data slightly impacts trust but is likely due to registry restrictions common in French domains. Overall, the site is professional, content-rich, and serves its target audience effectively.

P

Prodej ledu Vysočina

prodej-ledu.cz

42

Prodej ledu Vysočina is a small Czech company specializing in the production and distribution of packaged ice, including cube and crushed ice, primarily serving the Vysočina region with additional branches in Prague, Brno, and Havlíčkův Brod. Their business model focuses on both B2B and B2C markets, providing ice products and rental of cooling and freezing equipment for gastronomy, private events, and large cultural occasions. The company emphasizes quality and customer service, with a production capacity of approximately 5,000 kg of ice daily and a portfolio that includes ice art and custom ice products. Technically, the website is built with standard web technologies including HTML5, CSS, and JavaScript, and integrates Google Analytics and Google Tag Manager for visitor tracking. The site is mobile-optimized and SEO-friendly with structured data markup enhancing search engine visibility. Performance is moderate, with room for improvement in accessibility and security headers. From a security perspective, the site uses HTTPS and includes spam protection on contact forms, but lacks visible security headers such as Content Security Policy or HSTS. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with cookie consent and a privacy policy present, but no explicit incident response or security policy pages. WHOIS data is unavailable, which reduces domain trustworthiness, though the website content and contact information support legitimacy. Overall, the website presents a professional and trustworthy business front with good content quality and technical implementation. Strategic improvements in security headers, privacy transparency, and WHOIS data availability would enhance trust and compliance.

A

Absolutum Group

absolutumgroup.com

64

Absolutum Group is a hospitality business operating a portfolio of wellness hotels, resorts, restaurants, and villas primarily in the Czech Republic, Slovakia, and Seychelles. The company positions itself as a provider of original and unique locations with high-quality services and stylish facilities. The website reflects a medium-sized hospitality group with multiple subsidiaries, targeting general consumers seeking wellness and leisure experiences. Technically, the website uses modern web technologies such as lazy loading for images and Google Fonts, hosted likely on a Czech hosting provider. However, it lacks advanced SEO and accessibility features and does not use structured data or Open Graph tags. Security posture is minimal with no visible security headers or privacy policies, and no cookie consent mechanisms are present. The domain registration is consistent with the business profile, registered since 2021 without privacy protection, indicating transparency. Overall, the website is functional and professional but lacks critical compliance and security features.

C

COMPLET a.s.

complet.cz

48

COMPLET a.s. is a well-established Czech company specializing in the sale, service, and system solutions for office printing and copying equipment. Founded in 1992, it serves primarily the Czech Republic, Slovakia, Austria, and neighboring countries. The company is an official distributor and service partner for notable brands such as Olivetti, Kyocera, Kodak Moments, and Pantum. It is part of the Ovision Group, a larger conglomerate with several subsidiaries in related sectors. The website reflects a professional business presence with detailed contact information and references to its partnerships and services.

Technické služby Votice s.r.o. is a small municipal utility company based in the Czech Republic, founded in 2023. The company provides essential water supply and sewage services to the town of Votice. The website serves as a basic informational portal with limited content, primarily displaying company name, address, and service description. The site was created using Web4u s.r.o.'s page editor, indicating a simple technical infrastructure with no advanced CMS or frameworks detected. From a technical perspective, the website uses basic HTML and CSS without modern frameworks or CMS platforms. There is no evidence of HTTPS or security headers, which poses a security risk. The site lacks privacy, cookie, and terms of service policies, indicating low privacy compliance. No analytics or tracking technologies are present, suggesting minimal user tracking. Security posture is weak due to missing HTTPS and security headers, absence of incident response contacts, and no vulnerability disclosure mechanisms. The domain registration is consistent with the business founding date, lending legitimacy to the site. However, the lack of contact emails and phone numbers reduces business credibility and user trust. Overall, the website is functional but minimalistic, with significant room for improvement in security, privacy compliance, and user engagement. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, providing clear contact information, and enhancing technical SEO and accessibility.

W

WEBHOUSE, s.r.o.

mkcvotice.cz

45

The website mkcvotice.cz serves as the official municipal information center for the town of Votice in the Czech Republic. It provides residents and tourists with comprehensive information about local culture, events, accommodation, and news. The site is well-structured, professionally designed, and targets a local audience seeking municipal and tourist information. The business model is public service-oriented, focusing on community engagement and information dissemination. Technically, the website is built on the vismo CMS platform, utilizing standard web technologies such as HTML5, CSS, and JavaScript. It incorporates Google reCAPTCHA for form security and Google Maps for location embedding. The site demonstrates good mobile optimization, accessibility, and SEO practices, although some modern security headers are missing. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms, indicating a reasonable security posture. However, it lacks explicit security policies, incident response contacts, and advanced security headers, which could be improved to enhance trust and compliance. No vulnerabilities or suspicious activities were detected. Overall, mkcvotice.cz is a trustworthy, well-maintained municipal website with a solid foundation in content quality and technical implementation. Strategic improvements in security policies and headers would further strengthen its security posture and compliance standing.

P

PRO-DOMA

pro-doma.cz

62

PRO-DOMA is a traditional Czech family-owned business specializing in the retail and wholesale of building materials, roofing, and metal products. It operates the largest network of building material stores and rental services in the Czech Republic, targeting construction professionals and retail customers. The website reflects a professional and consistent brand presence with clear contact information and a broad product catalog. Technically, the site uses modern web technologies and integrates multiple analytics and marketing tools, including Google Tag Manager, Microsoft Clarity, Smartlook, and Facebook Pixel. Security posture is solid with HTTPS enforced and a Content-Security-Policy header present, though additional security headers could enhance protection. Privacy compliance is weak due to the absence of visible privacy and cookie policies, which is a notable gap given the extensive tracking scripts in use. WHOIS data is unavailable, which raises concerns about domain registration legitimacy and should be investigated further. Overall, the website is functional, professional, and secure but would benefit from improved privacy transparency and WHOIS data clarity.

M

Mosaic

mosaicbuilder.com

59

Mosaic is a specialized technology company offering an advanced WordPress theme builder and design system aimed at enhancing website design, speed, and functionality. The company targets WordPress users, developers, and designers seeking to overcome design limitations inherent in standard WordPress page builders. The website presents a professional and modern digital presence with excellent design quality and SEO optimization, leveraging WordPress CMS and Yoast SEO plugin technologies. Hosting and domain registration are managed via Cloudflare, ensuring reliable infrastructure and security. Security posture is solid with HTTPS enabled and domain transfer protection, though DNSSEC is not enabled and security headers are absent. Privacy and cookie policies are not found, indicating compliance gaps. No contact information or incident response details are published, limiting direct communication channels. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and security transparency.

H

HFO Health Facility Operations Services GmbH

vamed-care.com

45

VAMED care operates a network of over 60 healthcare facilities across Germany, Austria, Switzerland, and the Czech Republic, specializing in acute medical care, rehabilitation, nursing, and prevention. With a workforce exceeding 13,000 employees, the organization emphasizes medical and therapeutic excellence, aiming to improve patient well-being and quality of life. The website reflects a professional healthcare provider targeting patients, medical professionals, and potential employees, offering detailed information about services and career opportunities. Technically, the website employs modern web technologies including jQuery 3.6.0 and custom JavaScript for interactive features such as cookie consent management and image sliders. The site is mobile-optimized with good SEO practices and a clear navigation structure. However, no CMS or hosting provider details are evident, and no advanced frameworks are detected. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism aligned with GDPR requirements. However, it lacks visible security headers and explicit incident response or security policy disclosures. The absence of WHOIS registration data raises concerns about domain legitimacy, although the website content and business information appear consistent and professional. Overall, the website presents a trustworthy and professional healthcare service provider but would benefit from enhanced transparency in domain registration, improved security headers, and clearer contact information for security and compliance inquiries.

S

Sportovní zařízení města Příbram

juniorklubpribram.cz

39

Junior Klub Příbram is a local multi-genre cultural club located in Příbram, Czech Republic, offering a variety of events including concerts, lectures, theatre, and children's activities. The club also provides venue rental services for corporate and private events. The website reflects a community-focused business model targeting a broad audience including families and local residents. The site is professionally designed with good content quality and clear navigation, supporting mobile responsiveness and basic accessibility. Technically, the site uses jQuery and custom JavaScript with CSS styling, served over HTTPS with a valid SSL certificate, but lacks advanced security headers and detailed security policies. Privacy compliance is addressed with a cookie consent mechanism and a basic privacy policy page, indicating awareness of GDPR requirements. However, the absence of WHOIS data and explicit company contact emails or phone numbers slightly reduces business credibility. Overall, the site is trustworthy and functional but could improve in security posture and transparency.

B

Bc. Jiří Trnka

musicgate.cz

44

MUSICGATE.cz is a Czech Republic-based media portal specializing in music-related content including news, event invitations, press releases, photo and video reports, interviews, and reviews. Founded in 2016 and operated by Bc. Jiří Trnka, the site targets music enthusiasts primarily within the Czech Republic. The business model revolves around content publishing supported by advertising partnerships and sponsored banners. The portal maintains a consistent brand presence and offers a comprehensive range of music-related services, positioning itself as a niche leader in the Czech music media space. Technically, the website employs a custom CMS with a technology stack including jQuery, jQuery UI, Google Fonts, and standard web technologies. Hosting is linked to the registrar REG-GRANSY and nameserver svethostingu.eu. The site is moderately performant, mobile-optimized, and SEO-friendly, though accessibility features are basic. Advertising is managed primarily through the Sklik network, with transparent ad placements and cookie consent mechanisms in place. From a security perspective, the site uses HTTPS with good SSL configuration but lacks explicit security headers such as CSP or HSTS. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. However, the site lacks a formal security policy or vulnerability disclosure mechanism. Overall, the security posture is adequate but could be improved with additional headers and incident response documentation. The overall risk assessment is low, with no signs of malicious content or blocking mechanisms. The site is trustworthy, professionally maintained, and compliant with relevant privacy regulations. Strategic recommendations include enhancing security headers, implementing a security.txt file, and formalizing incident response policies to further strengthen the security posture and user trust.

N

Neher Systeme GmbH & Co. KG

neher.de

60

Neher Systeme GmbH & Co. KG operates a professional website focused on high-quality insect protection products including custom-fit fly screens for windows, doors, and light shafts. The company positions itself as a market leader in Germany with patented technology and a strong dealer network. The website is built on WordPress with modern plugins and frameworks, showing good technical maturity and SEO optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. No critical vulnerabilities or privacy issues were detected. Overall, the site reflects a trustworthy and professional business with clear customer engagement channels.

ALARIS Czech Republic s.r.o. is a Czech company specializing in manufacturing and retailing high-quality shading systems including bioclimatic pergolas, screen roller blinds, aluminum sunshades, and carports. The company positions itself as a modern, design-focused brand serving residential and commercial customers seeking aesthetic and functional outdoor shading solutions. The website content is well-structured, professionally designed, and provides detailed product information and company background. Technically, the website uses modern web technologies including JavaScript, CSS, and a chatbot widget, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though the absence of security headers and explicit incident response information suggests room for improvement. The lack of WHOIS data for the domain is a notable concern, reducing trust in domain legitimacy despite the professional appearance and business information presented. Overall, the website is safe, compliant with GDPR, and trustworthy for general users.

M

Město Benešov

benesov-city.cz

50

The website benesov-city.cz serves as the official digital portal for the city of Benešov, Czech Republic. It provides residents and visitors with comprehensive municipal information, including news, events, public services, and administrative contacts. The site is well-positioned as a government entity portal, offering key services such as online citizen services, event calendars, and official announcements. The target audience primarily consists of local citizens and visitors seeking city-related information and services. From a technical perspective, the website employs a traditional web stack with HTML5, CSS, and JavaScript, leveraging the Vismo CMS platform. It integrates modern tools such as Google Analytics for visitor tracking and Google reCAPTCHA for form security. The site is hosted under a Czech registrar with a domain age dating back to 1998, indicating a mature and stable online presence. Mobile optimization and accessibility features are well implemented, contributing to a positive user experience. Security posture is solid with HTTPS enforced and reCAPTCHA protecting forms. Cookie consent mechanisms comply with GDPR requirements, enhancing privacy compliance. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not detected, representing an area for improvement. No vulnerabilities or exposed sensitive data were found in the analysis. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations. It effectively serves its role as a municipal information hub with good technical and security practices. Strategic recommendations include enhancing security headers, publishing a formal security policy, and considering a vulnerability disclosure program to further strengthen security posture.

N

NEXT REALITY GROUP a.s.

nextreality.cz

61

NEXT REALITY GROUP a.s. operates a professional real estate website targeting clients and partners across the Czech Republic. The company emphasizes honesty, quality client care, and professional service, offering property sales, rentals, and franchise opportunities. The website is well-structured, with clear navigation and a professional design that supports its market position as a significant player in the Czech real estate sector. Technically, the site employs modern web technologies including Google Analytics, Microsoft Clarity, and CookieHub for analytics and cookie management, alongside a chatbot for customer interaction. The site is mobile-optimized and uses HTTPS to secure communications. Security posture is generally good with enforced HTTPS and cookie consent mechanisms; however, the absence of visible security headers and explicit security policies suggests room for improvement. The WHOIS data is missing, which impacts trust and transparency, but the website content and business information appear legitimate and professional. Overall, the site is safe, GDPR compliant, and provides a positive user experience.

A

úvod

amateurjumptour.cz

50

Amateurjumptour.cz is a Czech-language website focused on amateur jumping tours or events, likely serving a niche community of sports enthusiasts. The site appears to be small-scale and community-oriented, with basic content and limited business information. Technically, the website is built using Sitebuilderhost CMS and hosted by Websupport, employing standard web technologies such as JavaScript and CSS. The site is mobile-optimized and moderately performant but lacks advanced SEO and accessibility features. Security posture is minimal with no visible security headers or explicit policies, though HTTPS is presumed given external resource loading from secure domains. Privacy compliance is basic, with a cookie consent banner present and a linked privacy policy, but no terms of service or incident response information is found. Overall, the domain registration is consistent with the website's profile, showing legitimacy and appropriate domain age. The site does not contain adult or explicit content and is accessible without WAF or blocking mechanisms.

B

Boutique CentraleSupélec

boutique-centralesupelec.com

64

Boutique CentraleSupélec is an official e-commerce merchandise store serving the CentraleSupélec community, including students, alumni, faculty, and partners. The website offers branded textiles, accessories, and goodies to reinforce the institution's identity and community belonging. The site is built on the Shopify platform, leveraging standard Shopify technologies and integrations, hosted on Google Cloud infrastructure. It features a cookie consent mechanism and privacy policy compliant with GDPR, presented in French. However, no explicit contact information or terms of service pages are found, which could be improved for transparency and trust. The domain WHOIS data shows an anomalous future creation date, which may be a data error but warrants attention. Security posture is generally good with HTTPS and domain transfer protections, but lacks DNSSEC and security headers. Overall, the site is professional, accessible, and trustworthy for its niche audience.

D

Online procvičování DRILL & SKILL

drillandskill.com

40

The website 'Online procvičování DRILL & SKILL' is an educational platform primarily targeting Czech-speaking students and teachers. It offers ready-made and customizable drills across various subjects including math, chemistry, natural sciences, and geography. The platform aims to save schools money on paper and teachers time by providing efficient online practice tools. The market position is niche, focusing on educational institutions in the Czech Republic with a small-scale operation. Technically, the website uses standard web technologies such as HTML5, CSS, JavaScript with jQuery and Shadowbox.js for video content. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. There is no detected CMS or hosting provider information. The site is functional with a login form but lacks modern security headers and visible HTTPS confirmation. From a security perspective, the site shows basic security hygiene with POST method login forms but lacks critical security headers like Content-Security-Policy and anti-CSRF protections. No privacy or cookie policies are present, indicating poor privacy compliance. The WHOIS data is missing or unavailable, which raises concerns about domain legitimacy and trustworthiness despite the professional and safe content. Overall, the website is a functional educational tool with moderate technical quality but significant gaps in security, privacy compliance, and domain registration transparency. Strategic improvements in security posture, privacy policies, and domain legitimacy verification are recommended to enhance trust and compliance.

Č

Česká lingvistická olympiáda

lingol.cz

43

The website www.lingol.cz represents the Česká lingvistická olympiáda, a Czech national educational competition focused on linguistics for high school students. It is co-organized by faculties of Charles University and supported by the Ministry of Education and Palacký University. The site provides information about the competition, its structure, and participation details, targeting students and educators interested in linguistic problem-solving. The business model is non-profit and educational, with a small organizational size and a clear focus on academic collaboration. Technically, the website uses standard web technologies including jQuery, Highcharts, and DataTables for interactive content presentation. The site is moderately optimized for performance and mobile use but lacks advanced accessibility features and modern frameworks. No CMS or hosting provider details are evident. The site is well-branded and professionally designed with consistent navigation and clear content structure. From a security perspective, the site lacks visible security headers and published privacy or cookie policies, which impacts compliance and trust. The WHOIS data is missing, which reduces transparency and trustworthiness, although the site’s academic affiliations mitigate some concerns. No WAF or blocking mechanisms were detected, and no vulnerabilities or exposed sensitive data were found in the provided content. Overall, the website is a credible educational resource with good content quality and business credibility but requires improvements in security posture, privacy compliance, and transparency to enhance trust and compliance with modern standards.

A

Naučná audiostezka v Teplicích

audioteplice.cz

50

Audioteplice.cz is a small-scale educational project offering an audio trail experience in Teplice, Czech Republic. It provides free downloadable MP3 audio guides and maps to visitors, spa guests, and locals, supported by donations through multiple payment gateways. The website content is primarily in Czech with options for German and English. Technically, the site uses basic HTML, CSS, and JavaScript with Google Analytics for tracking. The design and navigation are functional but basic, with limited mobile optimization and accessibility features. Security posture is moderate with HTTPS implied but lacking explicit security headers and privacy compliance mechanisms such as cookie consent or privacy policies. WHOIS data is inconsistent, showing a domain creation date in the future, which undermines domain legitimacy confidence. Overall, the site is safe, family-friendly, and focused on cultural education.

A

ART ECON

artecon.cz

38

ART ECON is a Czech-based educational organization with a website focused on promoting educational services or institutions, as indicated by the slogan 'Školy plné talentu'. The site uses WordPress CMS with the Divi theme and includes common tracking technologies such as Facebook Pixel, Microsoft Clarity, and Google Tag Manager. The technical infrastructure is moderate with basic mobile optimization and SEO practices. However, the site lacks critical privacy and security policies, contact information, and security headers, which lowers its overall security posture and privacy compliance. No WAF or blocking mechanisms were detected, and the content is safe for general audiences.

Základní škola Sušice, Lerchova ulice, is a primary educational institution serving the local community in the Czech Republic. The website provides information about school activities, projects, events, and educational resources primarily targeting students, parents, and school staff. The school holds a recognized certification from Scio, indicating a commitment to educational quality. The website content is well-structured with regular updates and photographic documentation of school events, reflecting active community engagement. Technically, the website employs a basic but functional technology stack including HTML, CSS, JavaScript, and a third-party cookie consent library. Hosting is provided by Active24, a known Czech hosting provider. The site lacks advanced CMS or modern frameworks and shows basic mobile optimization and accessibility features. SEO is minimal but sufficient for the target audience. From a security perspective, the site implements a cookie consent banner but lacks visible HTTPS enforcement confirmation, security headers, or published security policies. No forms or sensitive data collection mechanisms are present, reducing immediate risk exposure. However, the absence of explicit privacy and security policies and lack of incident response contacts indicate room for improvement in compliance and security posture. Overall, the website is a functional, community-focused educational portal with moderate technical maturity and basic security measures. Strategic improvements in HTTPS enforcement, security headers, privacy policy clarity, and accessibility would enhance trust and compliance.

B

BWH Hotels

bwh.de

55

BWH Hotels operates as a hotel brand offering individual freedom and a strong worldwide network, targeting hotel owners and operators. The website is professionally designed using TYPO3 CMS and Bootstrap, with moderate performance and good mobile optimization. Consent management scripts indicate GDPR awareness, though explicit privacy and terms of service pages are not found. Security posture is adequate with HTTPS enabled but lacks explicit security headers and visible incident response contacts. Overall, the site is trustworthy and safe with no adult or questionable content detected.

M

Mer et Marine

meretmarine.com

10

Mer et Marine is a French maritime news media organization providing continuous updates on maritime defense, merchant marine, shipbuilding, cruises, fishing, ports, and energy sectors. The website targets maritime professionals and enthusiasts, offering news articles, interviews, and reports. The site uses Drupal 10 CMS and integrates modern digital marketing and consent management tools such as Google Tag Manager and Didomi. The technical infrastructure is modern and supports good mobile optimization and accessibility. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The WHOIS data is missing or unavailable, which raises some concerns about domain registration legitimacy, but the website content and branding appear professional and trustworthy. Overall, the site is a reliable source of maritime news with good digital maturity but would benefit from clearer privacy policies and WHOIS transparency.

L

Le Télégramme

letelegramme.fr

63

Le Télégramme is a prominent regional news media organization serving the Brittany region in France. The website provides comprehensive local news coverage, digital newspaper editions, and subscription services, targeting residents and readers interested in Brittany's current events. The business model relies on advertising and subscriptions, positioning it as a leading regional news provider with a strong brand presence and consistent content quality. Technically, the website employs modern web technologies including JavaScript, CSS, and privacy management SDKs, with a responsive design optimized for mobile devices. The security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response policies could be improved. Overall, the site is professional, trustworthy, and compliant with GDPR, with no signs of blocking or malicious activity.

M

město Dobříš

mestodobris.cz

47

The website mestodobris.cz serves as the official online presence of the town of Dobříš, Czech Republic. It provides comprehensive information about the municipality, including local government activities, public services, events, and community resources. The site targets residents, visitors, and stakeholders interested in municipal affairs and local culture. The business model is that of a government entity providing public information and services digitally, with a well-established market position supported by a domain registered since 2003. Technically, the website employs a modern CMS platform (vismo), integrates Google Analytics and Google Tag Manager for analytics, and uses LimeTalk for live chat support. The site is mobile-optimized, accessible, and includes cookie consent mechanisms aligned with GDPR requirements. Hosting is provided by REG-ZONER, a reputable registrar and hosting provider. From a security perspective, the site enforces HTTPS and uses consent-based analytics tracking. However, explicit security headers are not clearly visible in the HTML source, and no published security policy or incident response contacts were found. No vulnerabilities or suspicious content were detected, and the WHOIS data confirms the domain's legitimacy and consistency with the municipal identity. Overall, the website demonstrates a solid digital presence with good privacy compliance and user engagement features. Strategic improvements could include publishing a formal security policy, enhancing security headers, and providing incident response contact information to strengthen trust and security posture further.

G

GoDaddy Operating Company, LLC

arawa.com

71

This website is a professional domain sales landing page operated by GoDaddy, offering the premium domain 'arawa.com' for purchase. It targets individuals and businesses interested in acquiring premium domain names, providing secure transactions, multiple payment options, and customer support. The site is well-branded and consistent with GoDaddy's domain aftermarket business model. Technically, the site uses modern web technologies including React and Next.js, hosted on GoDaddy infrastructure, and demonstrates good performance and mobile optimization. Security posture is strong with HTTPS, security headers, and reCAPTCHA integration, although explicit incident response and vulnerability disclosure information are not present. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting good privacy compliance. Overall, the site is trustworthy and professionally maintained, serving as a reliable platform for domain sales.

A

Adfinis

adfinis.com

63

Adfinis is a well-established open source IT solutions provider with over 25 years of experience, offering a broad range of services including cloud infrastructure, security, system automation, and digital sovereignty. The company operates globally with multiple locations and strong partnerships with industry leaders such as Red Hat, SUSE, GitLab, and HashiCorp. Their website reflects a mature digital presence with professional design, clear navigation, and comprehensive content focused on business transformation through open source technologies. Technically, the site is built on modern frameworks like Next.js and React, hosted on DigitalOcean, and optimized for performance and mobile devices. Security posture is strong with HTTPS, security headers, and secure forms, though some security policies and incident response information are not publicly disclosed. Privacy compliance is good with a detailed privacy policy, but lacks a cookie consent mechanism. The absence of WHOIS data for the domain is a notable concern, potentially indicating privacy protection or registration issues, which slightly impacts trustworthiness. Overall, the website and business present a credible and professional image with room for improvement in transparency and privacy controls.

U

Univention GmbH

univention.com

59

Univention GmbH is a German-based company specializing in open source Identity and Access Management (IAM) solutions primarily targeting the education sector and public administration. With over 20 years of experience and managing 35 million identities, Univention offers scalable, secure, and user-friendly IAM products such as Nubus, UCS@school, and UCS. Their business model focuses on providing software solutions, integration packages, and support services to organizations seeking digital sovereignty and efficient IT management. The company maintains a strong market position with a medium-sized footprint and a clear focus on open source transparency and reliability. Technically, the website is built on WordPress CMS with modern plugins like WPBakery Page Builder, Matomo Analytics for privacy-respecting tracking, and Borlabs Cookie for consent management. The site is well-optimized for performance, mobile responsiveness, and SEO, reflecting a mature digital infrastructure. Security best practices are observed with HTTPS enforcement, security headers, and no visible vulnerabilities. However, explicit security policies and incident response information are not publicly disclosed. The security posture is strong with good SSL configuration and privacy compliance, including GDPR-aligned privacy and cookie policies. Contact information is available via phone and contact forms, enhancing business credibility. The absence of WHOIS data for the domain reduces trust slightly but does not detract significantly from the overall legitimacy given the professional presentation and consistent branding. Overall, Univention GmbH presents a trustworthy and professional online presence with a focus on secure, open source IAM solutions for institutional clients. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure mechanisms to further enhance trust and compliance.

S

Svépomocná společnost Mlýnek, z. s.

klubmlynek.cz

53

Svépomocná společnost Mlýnek, z. s. is a small non-profit organization based in Ostrava, Czech Republic, dedicated to supporting individuals with mental illness. The organization focuses on enabling these individuals to lead meaningful and active lives within their natural environment through various supportive activities and services. The website reflects this mission with clear, relevant content and a consistent brand presence. Technically, the site is built on the Webnode CMS platform, hosted via AWS Cloudfront CDN, and uses Google Tag Manager for analytics. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the website enforces HTTPS and uses Google Tag Manager but lacks important security headers and explicit privacy and terms of service documentation. The absence of WHOIS data for the domain raises concerns about transparency and legitimacy, although the website content and hosting appear legitimate. Overall, the site scores moderately on content quality, technical implementation, security posture, privacy compliance, and business credibility, with room for improvement in transparency and security best practices.

C

Centrum pro dítě s diabetem, z.s.

ditesdiabetem.cz

57

Centrum pro dítě s diabetem, z.s. is a Czech non-profit association established in 2004 to support children with type 1 diabetes and related autoimmune conditions. The organization provides educational services and collaborates with regional medical professionals to improve care and support for affected children and their families. The website reflects a small regional non-profit with a clear mission and target audience focused on healthcare education. Technically, the site is built on the Webnode CMS platform, hosted via AWS Cloudfront CDN, and uses modern web technologies with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced but lacks advanced security headers and privacy compliance mechanisms such as cookie consent and privacy policies. The absence of WHOIS data reduces domain trustworthiness, though the website content and business information appear legitimate. Overall, the site is safe, professional, and serves its niche audience effectively, but improvements in privacy compliance and security best practices are recommended.

R

Renarkon

renarkon.cz

47

Renarkon is a well-established Czech non-profit organization specializing in the prevention and treatment of addiction. Operating since 2003, it serves primarily the Moravian-Silesian region, offering a range of services including addiction treatment, accredited education for professionals, and participation in European projects. The organization maintains a transparent funding model with visible donation options and certifications, positioning itself as a trusted regional leader in healthcare services related to addiction. Technically, the website is built on WordPress with modern plugins such as Spectra Pro and Complianz GDPR for cookie management, ensuring compliance with European privacy laws. The site demonstrates good performance, mobile optimization, and basic accessibility features. Hosting appears to leverage Redis caching for enhanced speed. The technical infrastructure supports a professional online presence with clear navigation and relevant content. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, reflecting a good security posture. However, it lacks explicit security policies, incident response contacts, and advanced security headers, which are recommended for further strengthening. No vulnerabilities or suspicious activities were detected in the content or scripts. Overall, Renarkon’s website reflects a credible, professional, and compliant organization with a strong focus on user privacy and content quality. Strategic improvements in security transparency and incident response readiness would enhance trust and resilience against emerging threats.

Salesiánské hnutí mládeže (SHM) is a Czech Christian non-profit organization dedicated to the education and upbringing of children and youth through various cultural, sports, and educational activities. The organization operates nationwide with over three thousand members across multiple clubs. The website serves as an information hub for events, news, and organizational details, targeting youth and their families. Technically, the site is built on the Vizus CMS platform, with a moderate performance profile and basic mobile optimization. Security measures include HTTPS and a comprehensive cookie consent mechanism, though security headers are not evident, suggesting room for improvement. The absence of WHOIS data reduces domain trust slightly, but the website content and structure indicate a legitimate and established organization. Overall, the site scores well in content quality, privacy compliance, and business credibility, making it a trustworthy resource for its audience.

M

Mozilla

mozilla.com

72

Mozilla operates the Firefox web browser, a leading privacy-focused and open-source browser available across multiple platforms including Windows, Mac, Linux, Android, and iOS. The website serves as a central hub for downloading Firefox, learning about its features, and accessing support resources. Mozilla's non-profit status and commitment to internet health and privacy position Firefox as a trusted alternative to mainstream browsers. The site demonstrates a mature digital presence with excellent content quality, mobile optimization, and user experience. Technically, the site uses modern JavaScript frameworks, Sentry for error monitoring, and Google Tag Manager for analytics, reflecting a robust and well-maintained infrastructure. Security posture is strong with HTTPS enforced and privacy mechanisms like cookie consent banners implemented, though explicit security policies and incident response contacts are not published on the site. WHOIS data for the domain is unavailable, which is unusual but does not detract significantly from the site's legitimacy given Mozilla's global reputation and consistent branding. Overall, the site is professional, secure, and privacy-conscious, serving a broad audience effectively.

D

Dagen

dagen.no

66

Dagen.no is a Norwegian Christian and politically independent daily newspaper offering news, reportages, opinion pieces, podcasts, and digital e-paper services. The website targets Norwegian-speaking audiences interested in religious and general news content. It operates on a subscription and advertising business model, with a paywall and user authentication mechanisms in place. The site is professionally designed with consistent branding and good content quality, positioning it as a reputable media outlet in Norway. Technically, the site uses modern web technologies including Google Fonts, Google Publisher Tags for advertising, and custom paywall and authentication scripts. It integrates multiple advertising networks and tracking services, maintaining good performance and mobile optimization. Security-wise, the site enforces HTTPS, uses paywall authentication, and avoids exposing sensitive data, but lacks some advanced security headers and explicit security policies. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. WHOIS data is unavailable due to Norid's privacy policy, but the domain appears legitimate and consistent with the business. Overall, the site demonstrates a mature digital presence with moderate to high security and privacy posture, suitable for its media business model.