Security Directory

L

Live DMA

live-dma.eu

56

Live DMA is a well-established European non-profit network founded in 2012 that represents live music venues, clubs, and festivals across multiple countries. The organization focuses on strengthening the live music sector through cooperation, advocacy, and knowledge sharing. Their website reflects a professional and consistent brand image, providing information about their membership, projects, and tools such as mentorship programs and audience development resources. The target audience includes live music associations and event organizers in Europe. Technically, the website is built on WordPress with modern plugins and analytics integrations, hosted by OVH SAS. While the site is performant and mobile-optimized, there is room for improvement in accessibility and security headers. Security posture is solid with HTTPS and no visible vulnerabilities, but lacks explicit incident response or security policy disclosures. Privacy compliance is partially met with a comprehensive privacy policy but no cookie consent mechanism. Overall, the website is trustworthy and professional, with a strong market position in the live music advocacy sector.

Skrivbord.se is a Swedish e-commerce website specializing in the sale of office desks, including height-adjustable and fixed desks for home and workplace offices. The site leverages the Shopify platform, integrating modern payment methods such as Klarna and Apple Pay, and targets consumers and businesses in Sweden seeking quality office furniture. The website is professionally designed with good content quality and user experience, optimized for mobile devices and SEO. However, the absence of WHOIS registration data for the domain raises concerns about domain legitimacy and ownership transparency. Security posture is generally good with HTTPS and secure payment integrations, but lacks explicit security headers and a visible cookie consent mechanism. Contact information including phone and physical address is provided, enhancing business credibility.

Sherpas TECH, s.r.o. is a Czech-based technology and marketing company specializing in retention marketing, email marketing strategies, CRM data engineering, and advanced customer analytics. The company targets B2B clients seeking to integrate technology with marketing to improve campaign performance and customer engagement. Their website reflects a professional and consistent brand image, showcasing client references and a clear service portfolio. Technically, the site employs modern tools such as Google Analytics, Google Tag Manager, and Google reCAPTCHA Enterprise, ensuring a secure and data-driven user experience. Security posture is strong with HTTPS and form protections, although explicit security policies and incident response information are absent. Overall, the website is well-structured, GDPR-compliant with cookie consent mechanisms, and provides multiple contact channels, supporting trust and credibility.

O

OKsystem a.s.

checkbot.com

74

Checkbot is a specialized software solution developed by OKsystem a.s. for real-time monitoring and management of Yaskawa robotic production lines. The product offers comprehensive features including remote monitoring, automated backups, predictive maintenance, troubleshooting alerts, and customizable dashboards. The business model is subscription-based SaaS with options for on-premise deployment, targeting manufacturing companies and automation professionals globally. The website demonstrates a strong market position supported by client testimonials, ISO certifications, and integration within the Yaskawa ecosystem. Technically, the site is built with modern web standards, employs Google Analytics and Tag Manager for analytics, and uses reCAPTCHA for form security. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is solid with HTTPS, penetration testing claims, and encrypted communications, though it lacks some explicit security headers and published incident response contacts. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. However, the absence of WHOIS domain registration data reduces domain trustworthiness and should be investigated. Overall, Checkbot presents as a professional, secure, and credible industrial software offering with room for minor security and transparency improvements.

A

Altisima software SE

dorsys.cz

46

Dorsys.cz is a professional website representing Altisima software SE's access control system offering tailored solutions for schools, hotels, residential buildings, and attendance tracking. The company positions itself as a niche technology provider with agile development capabilities, targeting businesses and institutions primarily in the Czech Republic. The website demonstrates a modern technical infrastructure using Vue.js and Quasar Framework, integrated with common analytics and retargeting tools. Security posture is moderate with cookie consent implemented but lacks published privacy policies and explicit security frameworks. Contact information is clearly provided, enhancing business credibility. Overall, the site is well-designed and functional but would benefit from enhanced privacy and security disclosures.

A

Altisima software SE

jidelnasql.cz

10

JídelnaSQL is a specialized software solution developed by Altisima software SE, focused on managing food service operations including diner evidence, meal ordering, payment processing, and point-of-sale functionalities. The company targets gastronomic businesses of various sizes, including schools and commercial entities, offering modular and scalable software solutions. The website demonstrates a professional digital presence with clear product offerings and contact channels, supported by a modern technical stack based on Vue.js and PostgreSQL. Security posture is moderate with cookie consent implemented but lacks explicit privacy and security policies. WHOIS data confirms domain legitimacy and consistent business registration. Overall, the website is functional and trustworthy but would benefit from enhanced privacy and security disclosures.

A

Altisima software SE

altisima.cz

46

Altisima.cz is a Czech software supplier specializing in software solutions for catering, stock management, access control, and attendance systems. They provide comprehensive service support, implementation, training, integration, customization, and development services. Their products include JídelnaSQL, Gekon, and Dorsys.

S

Sense4code s.r.o.

scormium.com

65

Scormium is a Czech-based company operating under Sense4code s.r.o., providing a modern, scalable learning management system (LMS) and learning experience platform (LXP) designed for corporate training and customer education. The platform emphasizes personalized, multimedia-rich content delivery, actionable reporting, and seamless integration with enterprise systems. It holds recognized certifications such as ISO 27001, ISO 9001, and GxP validation, underscoring its commitment to security and compliance. The company is part of the OKsystem Group, enhancing its market credibility. Technically, the website is built on Webflow CMS and leverages modern web technologies including Google Tag Manager, Facebook Pixel, Bing Ads, and LinkedIn Insight Tag for analytics and marketing. The site is well-optimized for performance, mobile responsiveness, and accessibility, with a comprehensive cookie consent mechanism ensuring GDPR compliance. Hosting and security are supported by Cloudflare services, including bot management. Security posture is strong with HTTPS enforced, penetration testing mentioned, and adherence to international standards. However, the absence of WHOIS registration data raises concerns about domain legitimacy and ownership transparency. No explicit incident response or vulnerability disclosure information is provided, which could be improved to enhance trust. Overall, Scormium presents as a professional, trustworthy educational technology provider with robust technical and security foundations. Strategic recommendations include improving domain registration transparency, publishing incident response contacts, and enhancing security header implementation to further strengthen its security posture.

O

OKsystem a.s.

okskoleni.cz

10

OKškolení, operated by OKsystem a.s., is a well-established certified training center specializing in authorized IT courses including Microsoft, Cisco, and Linux. The company targets IT professionals, corporate clients, and government institutions, offering both standard and tailored training solutions. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content that supports their market position as a trusted education provider in the Czech Republic. The site integrates multiple marketing and analytics tools with user consent mechanisms, demonstrating compliance with GDPR and modern privacy standards. Security posture is solid with HTTPS and reCAPTCHA protections, though there is room for improvement in HTTP security headers and explicit security policies. Overall, the domain and website present a credible and professional business with strong trust indicators.

O

OKsystem a.s.

okmzdy.cz

10

OKsystem a.s. operates the website www.okmzdy.cz, offering the OKmzdy accounting software focused on basic payroll processing for businesses ranging from small entrepreneurs to large companies with hundreds of employees. The company is transitioning customers to a modern HR solution called OKbase, reflecting a strategic shift to updated technology and enhanced security. The website provides detailed information about this transition, including timelines, FAQs, and contact points for support. Technically, the website employs modern web standards with responsive design, uses JavaScript frameworks, and integrates Google Tag Manager for analytics and marketing. The site is well-structured with clear navigation and includes GDPR-compliant cookie consent mechanisms. However, no advanced security headers were detected, and no explicit security or incident response policies are published. From a security perspective, the site uses HTTPS and cookie consent but lacks visible security policies or vulnerability disclosure information. The absence of WHOIS data reduces domain registration transparency, but the website content and contact details support legitimacy. Overall, the site presents a professional and trustworthy front with room for improvement in security disclosures. Strategically, the company should enhance its security posture by publishing clear security policies, adding security headers, and providing incident response contacts. Maintaining GDPR compliance and transparent communication during the software transition will support customer trust and regulatory adherence.

O

OKsystem a.s.

checkbot.cz

69

Checkbot is a specialized software solution developed by OKsystem a.s. for real-time monitoring and management of Yaskawa industrial robots. The platform offers comprehensive features including remote access, automated backups, predictive maintenance, alarm notifications, and detailed analytics, targeting manufacturing and automation professionals. The company maintains strong partnerships with major industrial players and emphasizes continuous improvement and security compliance. The website is professionally designed, mobile-optimized, and provides extensive client references and support resources. However, the absence of WHOIS registration data for the domain www.checkbot.com raises concerns about domain legitimacy that should be addressed. The technical infrastructure leverages modern web technologies, Google Analytics, and reCAPTCHA for security and user tracking, with GDPR-compliant privacy and cookie policies in place. Security posture is solid with HTTPS and penetration testing mentioned, but could be improved by adding explicit security headers and incident response disclosures.

O

OKsystem a.s.

okbase.cz

47

OKsystem a.s. operates the OKbase platform, a comprehensive HR digitalization system targeting companies seeking to streamline HR processes such as attendance, payroll, personnel management, and catering. The company holds a strong market position in the Czech Republic and Slovakia with over 350 large implementations and more than 330,000 users. The website reflects a mature, professional B2B SaaS business model with additional outsourcing services. Technically, the site employs modern JavaScript frameworks, integrates multiple analytics and advertising tools, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS and reCAPTCHA protections, though explicit security headers and policies could be improved. Overall, the site is well-designed, mobile-optimized, and trustworthy, though the absence of WHOIS data slightly reduces domain trust. Strategic recommendations include enhancing security headers, publishing security policies, and adding vulnerability disclosure information to further strengthen trust and compliance.

P

Predsjednik Republike Hrvatske - Zoran Milanović

predsjednik.hr

53

The website represents the official online presence of the President of the Republic of Croatia, Zoran Milanović. It serves as a government portal providing official information, news, announcements, and contact mechanisms for citizens and stakeholders. The site is positioned as a trusted source of governmental communication and public service. Technically, the site is built on WordPress CMS with common plugins such as Yoast SEO and integrates Google Analytics and Facebook SDK for analytics and social media engagement. The hosting is managed by CARNET, a reputable Croatian academic network, which aligns with the governmental nature of the site. Security posture is adequate with HTTPS enforced and use of reCAPTCHA on forms; however, some security headers are missing and no explicit security or vulnerability disclosure policies are present. Privacy compliance is limited due to the absence of visible privacy and cookie policies. Overall, the site is professional, trustworthy, and safe for general audiences, but could improve in privacy transparency and security hardening.

S

SMART Design | Gregic Advisory

digital-adviser.eu

49

SMART Design | Gregic Advisory operates as a specialized provider of advanced SMART web solutions based in Zagreb, Croatia. The company offers a range of services including customized web shops, web pages, and web applications designed with a focus on performance, security, and user experience. Their market position is that of a leader in SMART web solutions, targeting businesses and professionals seeking innovative digital presence. The website reflects a professional and modern approach with strong branding and client references including government entities. Technically, the site is built on WordPress using Elementor and OceanWP theme, integrating modern analytics and marketing tools such as Google Analytics, Hotjar, and HubSpot. The site is GDPR compliant with a detailed cookie consent mechanism and privacy policy. Security posture is good with HTTPS enforced and secure forms, though explicit security headers and incident response policies are not evident. The domain WHOIS data is missing, which raises some concerns about domain registration legitimacy, but the website content and business information support a credible operation. Overall, the site demonstrates a mature digital infrastructure with room for security enhancements and domain registration verification.

I

IQM Destination

iqmdestination.com

64

IQM Destination is a medium-sized project focused on integrated quality management systems for tourism destinations. It aims to enhance service quality, provide education for tourism workers, and strengthen destination branding through a comprehensive, data-driven approach involving stakeholders and guests. The website is professionally designed using WordPress and Elementor, with good SEO and mobile optimization. Security posture is adequate with HTTPS and cookie consent mechanisms, though additional security headers and policies could improve resilience. The domain registration is consistent with the business history, supporting legitimacy. Overall, the site presents a trustworthy and professional image in the hospitality sector.

I.M. Matters from ACP is a professional medical news and information website targeting internal medicine physicians. It is affiliated with the American College of Physicians (ACP), providing news, clinical newsletters, and updates on medical policies and practices. The website serves as a trusted source for healthcare professionals with a focus on internal medicine. Technically, the site uses a modern technology stack including jQuery, Google Tag Manager, Google Analytics, and various marketing automation and tracking tools. Hosting is via Amazon AWS DNS infrastructure, and the site is mobile optimized with good navigation and content structure. Security posture is solid with HTTPS enabled and domain transfer protection, though DNSSEC is not enabled and security headers are not evident. Privacy compliance is strong with a clear privacy policy and cookie consent mechanism. Business credibility is supported by ACP affiliation and award recognition. Overall, the site is professional, trustworthy, and well maintained.

A

American College of Physicians

acpjournals.org

65

The American College of Physicians (ACP) operates the ACP Journals website, a professional platform hosting multiple medical journals including the Annals of Internal Medicine and Clinical Cases. The site serves physicians, healthcare professionals, and researchers by providing peer-reviewed medical content and educational resources. It holds a strong market position as a leading publisher in internal medicine with a large audience and a subscription-based business model complemented by open access content. Technically, the website employs modern web technologies, including Google Tag Manager, Google Analytics, and Cloudflare services, ensuring good performance, mobile optimization, and accessibility. Security posture is strong with HTTPS enforcement, secure forms, and script nonce usage, though explicit security headers and cookie consent mechanisms could be improved. The absence of WHOIS data due to privacy protection is typical for such organizations and does not detract from the site's legitimacy. Overall, the website is professional, trustworthy, and well-maintained, with minor recommendations for enhanced privacy compliance and security transparency.

FOTOma.sk is a Slovak-language photography portal operated by PRO.Laika, offering a comprehensive range of content including news, reviews, galleries, forums, contests, and workshops. The site targets photography enthusiasts and professionals within Slovakia and Slovak-speaking communities. It maintains a consistent brand presence and provides regular content updates, supported by active social media channels and a newsletter subscription service. Technically, the website employs a custom CMS with modern JavaScript libraries and tracking tools such as Google Analytics, Facebook Pixel, and Hotjar, ensuring good user experience and mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although explicit security policies and incident response contacts are absent. Overall, the site demonstrates a mature digital presence with moderate tracking and advertising practices, aligned with GDPR compliance. WHOIS data confirms legitimacy and consistency with the business profile.

I

International Contrast Ultrasound Society

icus-society.org

56

The International Contrast Ultrasound Society (ICUS) operates a professional website dedicated to promoting the safe and effective use of contrast-enhanced ultrasound (CEUS) globally. The organization functions as a non-profit medical society providing education, advocacy, and resources to medical professionals and sonographers. Their market position is unique as the only global society exclusively focused on CEUS, offering webinars, training, protocols, and safety information. The website is built on WordPress with Elementor and integrates modern SEO and analytics tools, reflecting a moderate level of digital maturity. The site is mobile-optimized and professionally designed, facilitating good user experience and navigation. Security posture is adequate with HTTPS and domain registrar protections, but lacks DNSSEC and explicit security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and credible but would benefit from enhanced privacy and security disclosures.

V

Verband der Veranstaltungsorganisatoren e.V.

vdvo.de

59

The website vdvo.de represents the Verband der Veranstaltungsorganisatoren e.V., a German industry association focused on innovation within the MICE (Meetings, Incentives, Conferences, and Exhibitions) sector. The organization provides startup support, education, political advocacy, and sustainability initiatives tailored to the event industry. The site positions itself as a niche player supporting MICE innovation with a clear target audience of industry professionals and startups. The business model revolves around membership, education, and sector advocacy, with a small organizational size and a strong German regional focus. Technically, the website is built on the Squarespace platform, leveraging modern web technologies such as Google Fonts, Google Tag Manager, and reCAPTCHA for security and analytics. The site demonstrates good mobile optimization, a professional design, and clear navigation, although accessibility features are basic. Performance is moderate, typical for a CMS-based site. Structured data in JSON-LD format enhances SEO and provides clear organization and local business information. From a security perspective, the site enforces HTTPS with HSTS enabled, uses Google reCAPTCHA to protect forms, and includes security headers. However, it lacks explicit security policies, vulnerability disclosure mechanisms, and comprehensive privacy and cookie consent implementations, which are areas for improvement. No critical vulnerabilities or suspicious patterns were detected. The WHOIS data is minimal but consistent enough with the website's claims, supporting legitimacy. Overall, vdvo.de is a professionally presented, secure, and credible website for a specialized industry association. Strategic recommendations include adding explicit privacy and cookie consent policies, implementing a security.txt file, enhancing accessibility, and maintaining regular security audits to uphold compliance and trust.

I

isdv e.V.

isdv.net

52

isdv e.V. is a professional association representing self-employed and freelance service providers in the event industry in Germany. The organization serves as a lobby and voice for various professions within the event sector, including technical, logistical, and creative roles. The website is well-structured, professionally designed, and provides comprehensive information about the association's mission, services, and news updates. Technically, the site is built on WordPress with Elementor, uses HTTPS, and integrates Google Analytics and Tag Manager for visitor tracking. Privacy and cookie policies are detailed and GDPR-compliant, with active consent mechanisms. However, no explicit security or incident response policies are publicly available, and WHOIS data for the domain is missing, which raises some concerns about domain registration transparency. Overall, the site demonstrates a solid digital presence with room for improvement in security transparency and domain legitimacy verification.

S

SENS eRecycling

erecycling.ch

67

SENS eRecycling is a Swiss non-profit foundation specializing in the sustainable recycling of electrical and electronic equipment. The organization operates a well-established take-back system that facilitates environmentally friendly disposal for both private individuals and business partners across Switzerland. Their website reflects a mature market position with comprehensive services including collection, recycling, awareness campaigns, and a partner network. The content is professionally presented, multilingual, and targets a broad audience concerned with environmental sustainability. Technically, the website employs modern web technologies including Magnolia CMS, JavaScript frameworks, and integrates multiple analytics and marketing tools such as Google Tag Manager, Facebook Pixel, TikTok Pixel, and Intercom. The site is mobile-optimized, fast-loading, and accessible, with good SEO practices. Security posture is solid with HTTPS enforced and secure form handling, though some improvements are recommended in security headers and explicit policies. The security evaluation shows no critical vulnerabilities or blocking mechanisms, indicating a trustworthy and stable platform. However, the absence of a cookie consent mechanism and formal security policies suggests room for compliance enhancement. Overall, the website demonstrates a high level of professionalism and trustworthiness suitable for its non-profit environmental mission. Strategic recommendations include implementing cookie consent banners, publishing security and incident response policies, adding vulnerability disclosure information, and enhancing security headers to further strengthen the security posture and regulatory compliance.

C

CFL

cfl.lu

19

CFL is the national railway company of Luxembourg, providing passenger and freight transport services along with mobility solutions such as carsharing, bicycles, tram, and funicular. The website serves as a comprehensive travel portal offering timetable searches, ticket bookings (both national and international), travel packages, and customer services. The company holds a strong market position in Luxembourg's transportation sector with a large operational scale and multiple subsidiaries. Technically, the website employs modern frameworks like Bootstrap and FontAwesome, integrates Google Tag Manager and Matomo for analytics, and is optimized for mobile and accessibility. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response contacts are not found. Privacy compliance is good with privacy and cookie policies and consent mechanisms in place. Overall, the website is professional, trustworthy, and user-friendly, though the lack of WHOIS data slightly reduces trustworthiness from a domain registration perspective.

J

Joonbot

joonbot.com

47

Joonbot is a technology company offering a no-code chatbot builder platform designed to help businesses improve lead generation, sales, and customer engagement. The website positions Joonbot as an easy-to-use SaaS solution with pre-built templates, integrations, and analytics capabilities, trusted by over 5,000 companies. The digital infrastructure is built on WordPress with Elementor and Yoast SEO, hosted on DigitalOcean, and integrates modern marketing and analytics tools such as Google Analytics, Google Tag Manager, Facebook Pixel, and FirstPromoter. The website is well-optimized for SEO, mobile responsive, and provides a professional user experience. Security posture is good with HTTPS enforced and domain registration consistent with business claims, though some security headers and privacy compliance elements are missing. Overall, the website is trustworthy and professionally maintained but would benefit from publishing privacy and cookie policies and enhancing security headers.

G

GECKO.DK ApS

geckobooking.dk

65

GECKO.DK ApS operates a professional and flexible online booking and administration system primarily targeting Danish businesses across various sectors. The company offers modular SaaS solutions that integrate booking, payment, marketing, and document management functionalities. With over 1000 customers and more than 20 million bookings processed, GECKO holds a solid market position in Denmark. The website reflects a mature digital presence with comprehensive content, customer testimonials, and clear contact information, supporting its credibility. Technically, the website employs modern web technologies including Google Tag Manager, Cookiebot for consent management, Bootstrap for responsive design, and analytics tools such as Google Analytics. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Security best practices are observed with HTTPS enforced and cookie consent mechanisms in place, though some HTTP security headers could be improved. The security posture is strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with detailed privacy and cookie policies, indicating GDPR adherence. However, the absence of WHOIS data limits domain trust analysis. Overall, the website presents a low-risk profile with professional security and privacy practices. Strategically, GECKO should consider enhancing transparency by resolving WHOIS data visibility and implementing additional security headers. Continued focus on security, privacy, and customer support will sustain trust and competitive advantage in the SaaS booking market.

L

LOGISTA d.o.o.

tehnologista.hr

34

Tehnologista.hr is an e-commerce platform operated by LOGISTA d.o.o., a Croatian company founded in 2022. The website focuses on selling technology products with services such as free delivery within Croatia and a 14-day return policy. The company targets Croatian consumers interested in technology retail, positioning itself as a local player in the e-commerce sector. The website demonstrates a good level of digital maturity, employing modern tracking and consent management tools including Google Analytics, Microsoft Clarity, Facebook Pixel, and Cookiebot for GDPR compliance. Hosting and DNS services are professionally managed, with transparent WHOIS data matching the business claims. Security posture is solid with HTTPS enforced and anti-CSRF cookies in use, though some security headers could be improved. Privacy compliance is strong, with comprehensive cookie and privacy policies and a designated Data Protection Officer contact provided. Overall, the website is professional, trustworthy, and compliant with relevant regulations.

Ö

Österreichischer ReiseVerband

oerv.at

39

The Österreichischer ReiseVerband (ÖRV) is a well-established Austrian travel industry association representing major travel agencies, tour operators, and tourism companies. It serves as a neutral platform for industry networking, lobbying, and the development of future-oriented solutions. The website reflects a professional and consistent brand presence, targeting tourism professionals and stakeholders in Austria. Technically, the site is built on WordPress with modern plugins like Elementor and Rank Math SEO, ensuring good SEO and mobile responsiveness. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. Privacy compliance is strong with a comprehensive privacy policy and GDPR-aligned cookie consent. Overall, the site is trustworthy and professionally maintained, supporting the association's mission effectively.

S

SACKA

sacka.eu

41

SACKA (Slovenská Asociácia Cestovných Kancelárií a Cestovných Agentúr) is a Slovak non-profit association representing travel agencies and tour operators. The organization focuses on supporting its members by providing industry news, legal guidance, consumer information, and advocacy to promote tourism development in Slovakia. The website serves as a portal for members and travelers, offering verification services, event calendars, and a free infoline. Technically, the website uses modern JavaScript libraries such as FullCalendar, Popper.js, and integrates Google Tag Manager and Smartsupp Live Chat for analytics and customer support. The site is hosted by WebSupport s.r.o., a known Slovak registrar and hosting provider. Security posture is good with HTTPS enforced, cookie consent implemented, and no visible vulnerabilities or exposed sensitive data. However, the site lacks explicit privacy policy and terms of service pages, as well as a security policy or vulnerability disclosure mechanism. Overall, the website is professional, trustworthy, and well-structured, serving its target audience effectively.

I

Italieonline s.r.o

ita.travel

36

Ita.travel is an established online travel agency specializing in holidays in Italy, offering a wide range of accommodations including apartments, hotels, and campsites. The company has been operating since 1997 and is a member of several reputable European travel associations, which enhances its market credibility. The website targets travelers interested in Italian destinations, providing services such as booking, travel insurance, and group trips. The business model focuses on direct online bookings with a strong emphasis on Italian holiday experiences. Technically, the website employs modern web standards including responsive design, WebP images, and JavaScript frameworks. It integrates Google Tag Manager and Google Analytics for marketing and analytics purposes, with a clear cookie consent mechanism indicating GDPR compliance. The site is well-structured with good SEO and accessibility features, providing a positive user experience across devices. From a security perspective, the site uses HTTPS and has a cookie consent banner, but lacks explicit security headers and incident response policies. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is limited due to TLD restrictions, but the domain appears consistent with the business claims. Overall, the security posture is solid but could be improved with additional headers and published security policies. The overall risk assessment is low, with the website demonstrating professionalism, compliance, and trustworthiness. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and maintaining transparency in privacy practices to further strengthen user trust and security posture.

E

Exevio Ltd.

exevio.com

41

Exevio Ltd. is a Croatia-based small technology company specializing in corporate IT solutions including web development, loyalty platforms, app and game development, and quality assurance services. Founded in 2013, the company positions itself as a trusted partner for corporate clients seeking tailored IT solutions. The website reflects a professional and consistent brand image with clear service offerings and client partnerships. Technically, the site uses modern JavaScript libraries such as jQuery and integrates Google Analytics and Tag Manager for user tracking. The site is mobile optimized and has good SEO practices, though accessibility features could be improved. Security posture is solid with HTTPS enforced and domain transfer protection enabled, but lacks DNSSEC and explicit security headers. Privacy compliance is well addressed with accessible privacy, cookie, and terms policies, including a cookie consent mechanism and GDPR indicators. Business credibility is supported by ISO certifications and EU funding acknowledgments. Overall, the website is trustworthy and professionally maintained with moderate user tracking and good content quality.

S

SchemaRabbit

schemarabbit.com

54

SchemaRabbit is a specialized SaaS platform providing AI-driven schema markup generation and maintenance services to improve website visibility across traditional and AI-powered search engines. The company targets businesses and website owners aiming to enhance SEO performance with structured data. The platform offers a free audit and paid subscription tiers, positioning itself as a leader in future-proofing search visibility. Technically, the website is built on modern frameworks such as Next.js and React, with integrations for Google Analytics, Google Tag Manager, Hotjar, and Google reCAPTCHA, indicating a mature digital infrastructure. Performance and mobile optimization are excellent, supporting a high-quality user experience. Security posture is good with HTTPS enforced and anti-bot measures in place, though the absence of security headers and explicit security policies suggests room for improvement. The WHOIS data reveals an unusual future domain creation date, which slightly impacts trust but does not detract from the professional presentation and business legitimacy. Overall, the website scores well on content quality, technical implementation, and business credibility, with moderate privacy compliance due to missing cookie policies.

Ö

Öserix

oeserix.ch

47

Öserix is a regional Swiss initiative focused on producing and promoting local agricultural food products from Appenzell Innerrhoden. The website serves as a platform to showcase the regional value chain, including producers, product information, and an online shop. The business targets consumers interested in sustainable, regional, and seasonal food products, emphasizing quality and local economic support. Technically, the site is built on WordPress with modern plugins and tracking tools such as Google Analytics and Tag Manager, showing moderate digital maturity. Security posture is adequate with HTTPS and IP anonymization but lacks advanced security headers and explicit incident response information. Privacy compliance is partial with a privacy policy present but missing cookie consent mechanisms. Overall, the site is professional and trustworthy but could improve in security and privacy transparency.

E

European Society for Vascular Surgery

esvs.org

10

The European Society for Vascular Surgery (ESVS) operates a professional website focused on vascular surgery education and professional development. The site targets vascular surgeons and healthcare professionals across Europe, providing resources, events, and membership services. The domain is well-established, created in 1997, and hosted by OVH sas, indicating a stable and legitimate presence in the healthcare sector. Technically, the website is built on WordPress with WooCommerce and uses modern web technologies including Google Tag Manager and reCAPTCHA for security and analytics. The site demonstrates good SEO practices and moderate performance with mobile optimization. However, there is room for improvement in accessibility and security headers. Security posture is adequate with HTTPS enabled and domain status protections, but the absence of DNSSEC and some security headers suggests potential enhancements. Privacy compliance is weak due to missing privacy and cookie policies, which should be addressed to meet GDPR and other regulations. Overall, the website is professional and trustworthy with a solid business model as a non-profit medical society. Strategic recommendations include implementing comprehensive privacy and cookie policies, enabling DNSSEC, and enhancing security headers to improve trust and compliance.

S

Splitsko-dalmatinska županija

dalmacija.hr

56

Splitsko-dalmatinska županija operates as the official regional government authority for the Split-Dalmatia County in Croatia, providing public administration, regional development, tourism promotion, and social services. The website serves as a comprehensive portal for citizens and stakeholders, offering news, public procurement information, official documents, and contact avenues. The organization maintains a consistent brand presence and leverages social media channels to engage with the public. Technically, the website is built on the DNN (DotNetNuke) CMS platform using ASP.NET WebForms, Bootstrap, and modern JavaScript libraries such as Swiper.js and Mmenu.js. It integrates Google Tag Manager, Google Analytics, and Facebook Pixel for analytics and marketing purposes. The site is mobile-optimized and demonstrates good SEO and accessibility practices, although some accessibility features could be enhanced. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious activities were detected in the content or scripts. The domain WHOIS data aligns with the official government entity, confirming legitimacy. Overall, the website presents a professional, trustworthy, and functional digital presence for the regional government, with room for improvement in security header implementation and incident response transparency.

Š

Šibensko-kninska županija

sibensko-kninska-zupanija.hr

65

Šibensko-kninska županija operates as the official regional government authority for the Šibenik-Knin County in Croatia, providing a comprehensive digital platform for citizens, investors, and tourists. The website offers news, public tenders, administrative documents, and information about the county's organizational structure and services. The site is well-structured and professionally designed, reflecting its role as a government entity with a focus on transparency and public service.

H

Naslovnica - Hrvatski vaterpolski savez

hvs.hr

50

The website hvs.hr represents a Croatian entity with a domain registered since 2000, indicating a well-established presence. The site uses standard web technologies such as jQuery and Google Analytics, and is hosted behind Cloudflare DNS, suggesting a modern infrastructure. However, the site lacks explicit privacy and cookie policies, as well as clear contact information, which impacts its privacy compliance and user trust. The security posture is moderate with HTTPS enabled but missing important security headers and vulnerability disclosure mechanisms. Overall, the site is professional and safe for general audiences but would benefit from enhanced privacy and security practices to improve compliance and trustworthiness.

A

American Chamber of Commerce in Croatia

amcham.hr

69

The American Chamber of Commerce in Croatia is a well-established non-profit organization founded in 1999, serving as the leading international business advocacy group in Croatia. The website reflects its role as a membership organization providing advocacy, networking events, business delegations, and public policy representation. The content is professionally presented in Croatian and English, targeting business professionals and international companies. The organization maintains a strong market position as a trusted voice for international businesses in Croatia.

T

TOKIĆ d.d.

tokic-alati.hr

54

TOKIĆ d.d. operates the website tokic-alati.hr as an e-commerce platform specializing in tools and service equipment, targeting professional and retail customers primarily in Croatia. The company holds a strong market position as a regional distributor and retailer, offering a broad portfolio of over 20 brands. The website is built on WordPress with WooCommerce, integrating modern analytics and tracking tools such as Google Analytics and Hotjar, and is hosted by POSLUH HOSTING d.o.o. The site demonstrates good digital maturity with responsive design and clear navigation. Security posture is solid with HTTPS enforced and secure form handling, though improvements in security headers and anti-CSRF protections are recommended. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms. Overall, the website reflects a professional and trustworthy business presence with clear contact and company information.

C

Centar Velike Zvijeri

centar-velikezvijeri.eu

40

Centar Velike Zvijeri is a Croatian public institution visitor center dedicated to the education and conservation of large carnivores in the Gorski kotar region. The center operates under EU-funded projects and regional partnerships, providing educational services, research dissemination, and public engagement. The website is professionally designed using WordPress with modern plugins and offers bilingual content in Croatian and English. Technically, the site is well-structured, mobile-optimized, and integrates Google Tag Manager and reCAPTCHA for security and analytics. Security posture is solid with HTTPS and some best practices, though it lacks explicit security policies and vulnerability disclosures. Privacy compliance is limited due to missing privacy and cookie policies. Overall, the site is trustworthy and serves its niche audience effectively.

B

Beli Visitor Centre

belivisitorcentre.eu

41

Beli Visitor Centre is a specialized non-profit organization focused on the conservation and rehabilitation of griffon vultures in Cres, Croatia. The center provides educational exhibits, workshops, volunteer programs, and operates a rehabilitation facility for these birds. It serves both local visitors and international nature enthusiasts, positioning itself as a key regional conservation hub. The website is professionally designed using WordPress, with good mobile optimization and accessibility features, reflecting a mature digital presence. Security measures include HTTPS and Google reCAPTCHA, though some improvements in security headers and privacy compliance are recommended. Overall, the site is trustworthy and well-aligned with its mission, with clear contact information and partner affiliations.

SGS is a globally recognized leader in testing, inspection, and certification services, with a dedicated website for its Greece operations. The company positions itself as the world's leading provider in its sector, targeting a broad audience requiring quality assurance and compliance services. The website demonstrates a professional and consistent brand presence with good content quality and user experience. Technically, the site leverages modern frameworks such as Next.js and Tailwind CSS, and integrates multiple Google Tag Manager scripts for analytics and marketing purposes, indicating a mature digital infrastructure. However, the absence of visible privacy and cookie policies, as well as missing WHOIS data, limits the assessment of compliance and domain legitimacy. Security posture is moderate with no detected security headers or explicit security policies, suggesting room for improvement in hardening the website. Overall, the site is accessible, safe, and professional but would benefit from enhanced transparency and security measures.

B

Bureau Veritas

bureauveritas.hr

66

Bureau Veritas Croatia is a local branch of the global Bureau Veritas group, a leader in testing, inspection, and certification services since 1828. The website presents a professional and comprehensive overview of their services across multiple industries including energy, transport, manufacturing, finance, and government sectors. The company targets businesses requiring compliance and certification services, offering a broad portfolio including management system certification, product certification, inspection, and training. Technically, the website is built on Drupal 10, uses modern consent management tools, and integrates Google Tag Manager for analytics. The site is well-structured, mobile-optimized, and includes GDPR-compliant cookie consent mechanisms. Security posture is strong with HTTPS enforced and appropriate security headers, though explicit security policy and incident response information are not published. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

The website 'restauracevkapse.cz' represents Kukátko, a smart application designed to provide hospitality businesses with real-time insights into their operations including sales, costs, inventory, shifts, and reservations. The platform targets restaurant and hospitality operators in the Czech Republic, offering a SaaS model that facilitates mobile and desktop access to operational data. The site demonstrates a professional design with consistent branding and good content relevance, aimed at a niche market within the hospitality sector. Technically, the website employs modern technologies such as Google Tag Manager, Hotjar, Cookiebot for cookie consent, and is protected by Cloudflare. The site is mobile optimized and uses HTTPS with appropriate security headers, reflecting a good security posture. Analytics and tracking are implemented with user consent, indicating compliance with privacy regulations such as GDPR. Security-wise, the site shows strengths in HTTPS enforcement, cookie consent mechanisms, and use of reputable third-party services. However, there is a lack of explicit security policy and incident response contact information, which could be improved. The WHOIS data presents a significant anomaly with a domain creation date set in the future, which undermines trust and credibility despite the legitimate appearance of the website content. Overall, the website is functional, secure, and privacy compliant, but the suspicious WHOIS data and absence of direct contact information pose risks to business credibility. Strategic recommendations include clarifying domain registration details, adding comprehensive security and incident response policies, and publishing clear contact information to enhance trust and compliance.

Q

Qerko

gastropodnikroku.cz

55

Gastropodnikroku.cz is a Czech Republic-based online platform that hosts the largest public gastro survey in the country, allowing users to nominate and vote for their favorite gastronomy businesses such as restaurants, cafes, and bistros. The platform is operated by Qerko, a company specializing in payment solutions, which also acts as the parent company. The website is well-branded, mobile-optimized, and integrates modern web technologies including Webflow CMS, Google Tag Manager, Facebook Pixel, and Cookiebot for consent management. It features interactive forms protected by Cloudflare Turnstile captcha to prevent spam. However, the absence of a publicly accessible privacy policy and terms of service pages limits its compliance transparency. The WHOIS data for the domain is unavailable, which reduces trustworthiness from a domain registration perspective. The site includes multiple official partners and media collaborators, enhancing its credibility and market position in the hospitality sector.

S

Septim

septim.cz

67

Septim operates as a specialized provider of point-of-sale (POS) and management systems tailored for the restaurant and hospitality industry. The company emphasizes its comprehensive software capabilities that extend beyond simple cash registers to include financial, warehouse, and human resource management. Their clientele includes Michelin-starred restaurants, prominent restaurant chains, and renowned chefs, positioning Septim as a niche leader in the hospitality technology sector within the Czech Republic. The website content reflects a professional and focused business model targeting restaurant operators seeking integrated management solutions. Technically, the website is built on the solidpixels CMS platform and leverages modern web technologies including Google Tag Manager, Cookiebot for cookie consent management, and Cloudflare services for security and performance. The site is well-optimized for mobile devices and incorporates standard SEO and accessibility features, although some advanced security headers are not explicitly detected. The presence of multiple tracking and analytics tools indicates a moderate level of user data collection, balanced with GDPR-compliant cookie consent mechanisms. From a security perspective, the site enforces HTTPS and uses Cloudflare protections, but lacks visible security.txt files, vulnerability disclosures, or explicit security policies. The absence of WHOIS data due to privacy protection reduces transparency but is not uncommon for commercial entities. No critical vulnerabilities or security issues were detected in the accessible content. Overall, the security posture is solid but could be enhanced with additional headers and published policies. The overall risk assessment is moderate with a good balance of professionalism and technical maturity. Strategic recommendations include publishing comprehensive privacy and security policies, enhancing security headers, and providing clear contact information to improve trust and compliance. These steps will strengthen the company's digital presence and security culture while maintaining its strong market position in hospitality technology.

P

protel systems s.r.o.

protelsystems.cz

60

Protel Systems s.r.o. operates a professional hotel management software platform targeting Czech and Slovak hospitality businesses. The website presents a comprehensive suite of hotel management tools including PMS, online check-in/out, payment solutions, and housekeeping management, positioning itself as a trusted and established player in the regional market. The site is well-designed, mobile-optimized, and includes multiple customer testimonials and certifications, enhancing its credibility. Technically, the website leverages modern technologies such as Google Tag Manager, reCAPTCHA v3, and Cookiebot for privacy compliance, built on the Solidpixels CMS platform. The site demonstrates good SEO and accessibility practices, with fast loading and responsive design. Security measures include HTTPS enforcement, security headers, and spam protection on forms, though explicit security policies and incident response contacts are absent. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong with clear cookie consent and a detailed privacy policy. However, the absence of WHOIS registration data raises concerns about domain legitimacy and ownership transparency, which impacts overall trust. Overall, the website is professional and trustworthy from a business and technical perspective but would benefit from improved transparency in domain registration and explicit security governance documentation.

Barclays Investment Bank operates as a global financial institution providing a comprehensive range of strategic advisory, financing, and risk management solutions to corporate, government, and institutional clients. The website reflects a mature enterprise with consistent branding and professional content tailored to its target audience. The business model centers on investment banking services, positioning Barclays as a key player in the finance sector with a strong market presence. Technically, the site leverages modern technologies including Adobe Experience Manager CMS, jQuery, Bootstrap, and integrates advanced analytics and marketing tools such as Google Tag Manager and Adobe DTM. The site is mobile optimized and demonstrates good SEO and accessibility practices. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and published security policies are absent. WHOIS data is privacy protected, which is typical for large financial institutions, and no suspicious patterns were detected. Overall, the site is trustworthy, professional, and compliant with privacy regulations, serving as a credible digital presence for Barclays Investment Bank.

W

WPVIP Inc

wordpressvip.com

74

WordPress VIP is an enterprise-grade content platform specializing in WordPress hosting and content management solutions tailored for large organizations and enterprises. The company positions itself as a leading provider delivering speed, security, and scalability to meet the demands of enterprise clients. Their services include managed WordPress hosting, security enhancements, and flexible content publishing capabilities. The website reflects a mature digital presence with professional design, clear branding, and comprehensive content targeting enterprise customers. Technically, the site is built on WordPress CMS, enhanced with modern frameworks such as Bootstrap and JavaScript libraries including jQuery. It integrates multiple third-party services like HubSpot for forms and marketing automation, Google Tag Manager for analytics, and Vimeo for video content. The site is hosted on a robust infrastructure likely managed by WordPress VIP/Automattic, ensuring fast performance and mobile optimization. SEO and accessibility best practices are well implemented. From a security perspective, the website enforces HTTPS, employs Cloudflare Bot Management cookies, and implements a detailed cookie consent mechanism compliant with GDPR. While explicit security headers are not fully visible in the HTML, the overall posture is strong with no evident vulnerabilities or exposed sensitive data. The domain WHOIS data corroborates the legitimacy and long-standing operation of the business. Overall, WordPress VIP demonstrates a high level of professionalism, technical maturity, and compliance with privacy regulations. The risk profile is low, with recommendations focusing on enhancing DNS security via DNSSEC, publishing a security.txt file, and making incident response contacts more explicit.

C

Coface

coface.com.tw

58

Coface Taiwan is a regional branch of the global Coface group, a leader in trade credit insurance, debt collection, and business information services. The company leverages over 75 years of experience to support businesses in managing credit risks and ensuring timely payments, helping companies grow safely in domestic and international markets. The website targets corporate clients in Taiwan, providing comprehensive solutions to mitigate bad debt risks and improve trade confidence. Technically, the site uses modern web technologies including Google Tag Manager and a consent management platform to comply with privacy regulations. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers and explicit policies are missing. Overall, Coface Taiwan presents a trustworthy and professional online presence aligned with its global brand.