Security Directory

C

City of Saint John

saintjohn.ca

63

The City of Saint John website serves as the official digital presence for the municipal government of Saint John, New Brunswick. It provides residents, businesses, and visitors with comprehensive information on city services, transit, community events, public safety, and governance. The site positions itself as a trusted source for local news, emergency alerts, and civic engagement platforms, targeting a broad audience within the city and surrounding areas. Technically, the website is built on Drupal 10, leveraging modern web technologies including Google Analytics for user tracking and Google Maps API for transit and location services. The site is hosted behind Cloudflare DNS and CDN services, ensuring reliable performance and security. Mobile optimization and accessibility features are well implemented, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs domain transfer protections. However, it lacks advanced security headers and does not provide publicly accessible security or incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. No vulnerabilities or suspicious content were detected. Overall, the website demonstrates a solid business credibility and technical foundation suitable for a government entity, but could improve in privacy compliance and security transparency to enhance trust and regulatory adherence.

R

Royal Armouries

royalarmouries.org

57

The Royal Armouries website represents a national museum dedicated to arms and armour, showcasing the national collection and serving a broad audience including museum visitors and history enthusiasts. The institution is positioned as a government or non-profit cultural entity based in the United Kingdom, with a domain age consistent with its established history. The website is built on Drupal 10 CMS and integrates modern technologies such as Google Tag Manager and Cookiebot for analytics and privacy compliance. The site demonstrates good mobile optimization, accessibility, and SEO practices, providing a professional user experience with clear navigation and relevant content. Security posture is solid with HTTPS enforced and clientTransferProhibited domain status, though improvements could be made by enabling DNSSEC and adding security headers. Privacy compliance is supported by a detailed cookie consent mechanism, but explicit privacy policy and terms of service pages were not detected in the provided content. Overall, the website is trustworthy and professionally maintained, with no signs of blocking or WAF interference.

D

Deutsche Herzstiftung e.V.

herzstiftung.de

65

Deutsche Herzstiftung e.V. is Germany's largest independent non-profit organization dedicated to providing information and support to patients and interested parties in the field of heart diseases. The website serves as a comprehensive resource for patient education and awareness, positioning itself as a trusted authority in cardiology-related health information. The organization operates primarily in the healthcare and non-profit sectors, targeting patients and the general public seeking reliable heart health information. Technically, the website is built on Drupal 10, leveraging modern web technologies including Cloudflare for DNS and CDN services, Google Tag Manager for analytics, Cookiebot for cookie consent management, and Eye-Able for accessibility enhancements. The site demonstrates good mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure suitable for its audience. From a security perspective, the site enforces HTTPS, employs cookie consent with granular user controls, and integrates bot protection via hCaptcha. While explicit security headers are not fully visible in the HTML, the overall posture is solid with no evident vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR-aligned cookie management. Overall, the website presents a professional, trustworthy, and user-friendly platform aligned with its mission. Strategic recommendations include enhancing security headers, maintaining up-to-date third-party libraries, and expanding contact information transparency to further strengthen user trust and compliance.

F

Forschungsinstitut für Nachhaltigkeit (RIFS)

rifs-potsdam.de

60

The Forschungsinstitut für Nachhaltigkeit (RIFS) is a medium-sized research institute affiliated with the GFZ Helmholtz Zentrum Potsdam, focusing on sustainability and societal transformation research. The website is professionally designed using Drupal 10 and incorporates modern web technologies such as Bootstrap 5, Matomo analytics, and lazy loading for performance optimization. It offers comprehensive content including news, dossiers, and research results targeted at academics, policymakers, and sustainability stakeholders. Privacy and cookie policies are well implemented with GDPR compliance and user consent mechanisms. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security policies and incident response contacts are absent. Overall, the website presents a trustworthy and authoritative digital presence for the institute.

T

Talk Online Panel GmbH

talkonlinepanel.com

60

Talk Online Panel GmbH operates a reputable online survey platform targeting European users, primarily in Germany, offering paid participation in market research surveys with rewards redeemable for cash or vouchers. The company is well-established since 2014, with a strong market presence and over 1.3 million members. The website is built on Drupal 10, employs modern analytics and marketing tools, and demonstrates good technical and privacy compliance maturity. Security posture is solid with HTTPS and client transfer protection, though DNSSEC and some security headers could be improved. Overall, the platform presents a trustworthy and professional service with clear privacy and cookie policies, supported by recognized certifications and trust seals.

E

Envision Saint John: The Regional Growth Agency

envisionsaintjohn.com

10

Envision Saint John: The Regional Growth Agency is a government-affiliated organization focused on promoting economic growth, investment, and quality of life in the Saint John region of Canada. The website serves as a comprehensive portal for investors, residents, visitors, and businesses, offering detailed information on regional advantages, services, and community highlights. The agency positions itself as a key regional player facilitating growth through strategic initiatives in real estate, workforce development, and destination marketing. Technically, the website is built on Drupal 10, leveraging modern web technologies including jQuery, Slick Carousel, and various tracking pixels for analytics and marketing. The site is mobile-optimized, accessible, and well-structured with clear navigation and professional design. However, some security best practices such as security headers and cookie consent mechanisms are missing, which could be improved to enhance compliance and user trust. From a security perspective, the site uses HTTPS and integrates secure forms with CAPTCHA, but lacks visible security headers and explicit incident response or vulnerability disclosure information. The absence of WHOIS data for the domain reduces transparency and trustworthiness, although the website content and branding suggest legitimacy. Overall, the website is a well-executed regional growth platform with strong business credibility and user experience. Strategic improvements in privacy compliance, security headers, and domain transparency would further strengthen its security posture and trust signals.

W

Womble Bond Dickinson

cph.com

69

Womble Bond Dickinson is a large international law firm operating primarily in the UK and US markets, offering a broad range of legal services across multiple sectors including energy, healthcare, finance, and technology. The website is professionally designed using Drupal 10 CMS and integrates modern front-end libraries and Google Tag Manager for analytics and marketing. Privacy and cookie policies are well implemented with clear consent mechanisms, indicating good compliance with GDPR and related regulations. Security posture is moderate with HTTPS enforced but lacking explicit security headers and published incident response policies. The WHOIS data is missing or indicates the domain may not be registered under the queried name, which is unusual for a firm of this stature and warrants further verification. Overall, the website presents a trustworthy and professional digital presence with room for improvement in security transparency and domain registration clarity.

C

Centraal Justitieel Incassobureau

cjib.nl

64

The Centraal Justitieel Incassobureau (CJIB) is a Dutch government agency under the Ministry of Justice and Security responsible for collecting fines and organizing the enforcement of penalties. The website serves as an official portal for Dutch citizens and legal entities to manage fines, view related information, and access government services. The site is well-branded, consistent, and provides multilingual support, reflecting a mature digital presence. Technically, the website is built on Drupal 10, uses modern web standards including SVG graphics, and offers good mobile optimization and accessibility. Security posture is solid with HTTPS enabled and no visible sensitive data exposure, though the absence of explicit security headers and published security policies suggests room for improvement. Privacy compliance is moderate due to missing explicit privacy and cookie policies in the provided content. Overall, the website is trustworthy and professional, aligned with its government function.

G

Global Game Jam, Inc.

globalgamejam.org

61

Global Game Jam, Inc. operates the Global Game Jam website, which serves as the central hub for the world's largest game creation event. The organization facilitates tens of thousands of participants worldwide, providing event registration, educational resources, and community engagement. The website reflects a mature and well-established non-profit entity with a strong global presence and reputable sponsors. Technically, the site is built on Drupal 10, integrates modern marketing and analytics tools, and is hosted with Cloudflare DNS services, ensuring reliable performance and security. However, there are minor gaps in privacy compliance, such as the absence of a cookie consent mechanism and no visible GDPR-specific policies. Security posture is solid with HTTPS and domain registration protections, but could be improved by enabling DNSSEC and publishing explicit security policies. Overall, the website is professional, trustworthy, and well-positioned in its niche, with recommendations to enhance privacy compliance and DNS security to further strengthen its digital maturity.

B

Bangor University

bangor.ac.uk

73

Bangor University is a well-established higher education institution in the United Kingdom, offering undergraduate and postgraduate education alongside world-leading research. The website reflects a professional and consistent brand presence, targeting prospective and current students as well as the academic community. The technical infrastructure is modern, leveraging Drupal 10 CMS and integrating multiple analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, and TikTok Pixel. The site is mobile optimized and demonstrates good SEO and accessibility practices, although accessibility could be further improved. From a security perspective, the website enforces HTTPS and implements cookie consent mechanisms, indicating awareness of privacy regulations. However, the absence of explicit security headers, security policies, incident response contacts, and vulnerability disclosure information suggests room for improvement in security transparency and maturity. The lack of WHOIS data limits the ability to fully verify domain legitimacy, but the website content and technical indicators support a generally trustworthy profile. Overall, Bangor University's website is functional, professional, and secure at a basic level, with extensive user tracking and marketing integrations. Strategic enhancements in privacy policy visibility, security disclosures, and WHOIS transparency would strengthen trust and compliance posture.

S

Sindicato Unión General de Trabajadoras y Trabajadores de España

ugt.es

61

The Sindicato Unión General de Trabajadoras y Trabajadores de España (UGT) is a prominent Spanish trade union organization dedicated to representing workers and providing labor-related services. The website serves as a comprehensive platform offering information about the union's structure, services, news, and communication channels. It targets workers, union members, and affiliates, positioning itself as a leading labor organization in Spain. The business model is non-profit, focusing on advocacy, social dialogue, and member services. Technically, the website is built on Drupal 10, leveraging modern web technologies including Font Awesome for icons, Google Tag Manager, and Matomo for analytics. The site demonstrates good mobile optimization, accessibility features, and SEO practices, contributing to a positive user experience. The presence of cookie consent mechanisms and privacy policies indicates compliance with GDPR and related privacy regulations. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes standard security headers. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response information are not publicly available, suggesting room for improvement in transparency and security communication. Overall, the website is professional, trustworthy, and well-maintained, reflecting the organization's credibility and commitment to its audience. Strategic recommendations include publishing detailed security policies, establishing a vulnerability disclosure program, and providing clear contact information for data protection and security matters to enhance trust and compliance further.

N

National Cancer Institute

cancer.gov

69

The National Cancer Institute (NCI) website serves as the authoritative U.S. government source for comprehensive cancer information, research, and resources. It targets a broad audience including patients, caregivers, researchers, and healthcare professionals. The site offers extensive content on cancer types, treatments, clinical trials, and funding opportunities, positioning NCI as a leading entity in cancer research and public health education. The website reflects the stature of a large government enterprise with a long history dating back to 1980 and operates under the National Institutes of Health umbrella. Technically, the website is built on Drupal 10, leveraging modern web technologies and analytics tools such as Adobe DTM, CrazyEgg, and Google Tag Manager. It demonstrates excellent performance, mobile optimization, accessibility, and SEO practices. The site integrates multiple tracking and marketing tools while maintaining good privacy compliance and transparency. From a security perspective, the site enforces HTTPS and follows best practices in form security and data protection. However, explicit security headers are not evident in the provided data, and a formal security.txt file is absent. Privacy and security policies are comprehensive and publicly accessible, supporting GDPR compliance. No vulnerabilities or suspicious activities were detected, and the domain is a trusted .gov domain, reinforcing legitimacy. Overall, the website exhibits a high level of professionalism, trustworthiness, and technical maturity. It effectively balances user experience, content quality, and security, making it a reliable resource for cancer-related information. Strategic recommendations include enhancing security headers, implementing cookie consent mechanisms, and publishing a security.txt file to further strengthen security posture and compliance.

M

Maritime Launch Services

maritimelaunch.com

60

Maritime Launch Services operates Canada's first commercial spaceport, Spaceport Nova Scotia, focusing on satellite launch services into low-earth orbit. The company positions itself as a key player in the North American space industry, leveraging Nova Scotia's geographic advantages. The website is professionally designed using Drupal 10 and modern web technologies, providing rich multimedia content and clear navigation. However, the absence of WHOIS registration data raises concerns about domain legitimacy. Security posture is generally good with HTTPS and anonymized analytics, but lacks security headers and explicit security policies. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is trustworthy and professional but would benefit from improved transparency in domain registration and enhanced security and privacy practices.

H

Hydor AS

hydor.no

70

Hydor AS is a specialized maritime insurance provider based in Norway, focusing on Protection and Indemnity (P&I) and marine liability insurance with fixed premium offerings. The company targets shipowners, charterers, and operators, providing tailored insurance solutions backed by strategic partnerships with top-tier insurers and reinsurers. Hydor holds a strong market position supported by an AA rating from Standard & Poor’s and is a founding member of the Association of Commercial P&I Insurers (ACPII). Technically, the website is built on Drupal 10, leveraging modern libraries such as Bootstrap 5.2, jQuery, and Video.js for multimedia content. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Hosting appears to be supported by Cloudflare services, enhancing availability and security. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR requirements. However, explicit security headers like CSP and HSTS are not visibly configured, and no public incident response or vulnerability disclosure policies are present. No critical vulnerabilities or exposed sensitive data were detected. Overall, Hydor’s website demonstrates a professional and trustworthy digital presence appropriate for its niche maritime insurance market. Strategic recommendations include enhancing security headers, publishing incident response policies, and adding vulnerability disclosure mechanisms to further strengthen security posture and compliance.

Remeselnícky inkubátor Gemer is a Slovak regional non-profit organization dedicated to supporting traditional folk craftsmen and folk-art producers in the Košice region. The website serves as a platform to promote cultural heritage through education, certification, and facilitation of sales and exhibitions. It is backed by regional government and cultural institutions, positioning itself as a key regional incubator for crafts. Technically, the website is built on Drupal 10, featuring a modern but basic design with good mobile optimization and clear navigation. Security posture is moderate with HTTPS implied but lacking explicit security headers and cookie consent mechanisms. No visible vulnerabilities or exposed sensitive data were found. Overall, the site is professional and trustworthy but could improve privacy compliance and security transparency.

I

IRWIN

irwin.com

72

IRWIN is a professional brand specializing in hand tools and power tool accessories, targeting tradesmen and tool users. The website is branded under Stanley Black & Decker, a large and reputable manufacturing company. The site is built on Drupal 10 and integrates modern marketing and analytics tools such as Google Tag Manager, Bazaarvoice, and Acquia Lift, indicating a mature digital infrastructure. Privacy and cookie compliance are well implemented, with a comprehensive cookie consent mechanism and an accessibility statement. However, the WHOIS data for the domain is unavailable or unregistered, which raises concerns about domain legitimacy and registration transparency. Security posture is strong with HTTPS and security best practices observed, but the absence of explicit security policies and contact information for incident response limits full trust. Overall, the website is professional and trustworthy in content and design but requires verification of domain registration and enhanced transparency in security and contact policies.

M

MUSIKFONDS E.V.

musikfonds.de

50

Musikfonds e.V. is a German non-profit organization dedicated to supporting contemporary music projects through funding programs, events, and networking. The website reflects a well-established cultural institution with governmental backing, targeting musicians, composers, and cultural organizations within Germany. The business model focuses on grant-making and fostering the contemporary music scene. Technically, the site is built on Drupal 10, leveraging modern libraries such as jQuery and UIkit, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements could be made by adding security headers and a cookie consent mechanism. Overall, the site is professional, trustworthy, and content-rich, with clear contact information and social media presence. No adult or questionable content is present, making it safe for general audiences.

F

Fagskolen Viken

fagskolen-viken.no

60

Fagskolen Viken is a Norwegian higher vocational college established recently in 2024, providing a wide range of vocational study programs across multiple campuses in the Viken region. The institution targets students seeking practical and career-oriented education to enhance their employability. The website is professionally designed using Drupal 10, featuring good mobile optimization, accessibility, and clear navigation. It integrates modern analytics and marketing tools while maintaining GDPR compliance through a consent management platform. Contact information and social media presence are clearly provided, enhancing trust and engagement. Security posture is solid with HTTPS and privacy policies, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site reflects a credible, well-managed educational institution with a strong regional collaboration network.

F

Fagskolene på Østlandet

fagskolene.no

52

Fagskolene på Østlandet is a consortium of four vocational colleges in Eastern Norway, providing over 150 vocational education programs tailored to meet future labor market demands. The website serves as an information portal for prospective students, offering study guidance, application instructions, and news about the vocational education sector. The organization positions itself as a key regional educational provider with strong ties to industry and municipalities, emphasizing practical and project-based learning. Technically, the website is built on Drupal 10 with modern front-end frameworks like Bootstrap Sass and integrates common analytics and marketing tools such as Google Tag Manager, Google Analytics, and Facebook Pixel. The site is mobile-optimized, accessible, and demonstrates good SEO practices. However, some security headers are not explicitly visible in the HTML content, and no dedicated security or incident response policies are published. From a security perspective, the site enforces HTTPS and implements a GDPR-compliant cookie consent mechanism with opt-in. No critical vulnerabilities or exposed sensitive data were detected. The domain is newly registered in 2024, consistent with the organization's founding date, and uses an official Norwegian domain, enhancing trustworthiness. Overall, the site exhibits a solid security posture but could improve transparency by publishing security policies and contact information for incident response. The overall risk is low, with recommendations focusing on enhancing security headers, publishing formal security policies, and improving contact transparency to strengthen trust and compliance.

N

NVL B.V. & Co. KG

luerssen-defence.com

56

NVL B.V. & Co. KG is a well-established, independent group of northern German shipyards specializing in naval and coastguard vessel construction and related maritime services. With over 145 years of experience, NVL serves a global clientele including the German Navy and fleets in more than 50 countries. Their comprehensive service portfolio spans new builds, maintenance, repair, upgrades, and digital transformation, supported by a network of four shipyards and multiple international subsidiaries. The company emphasizes quality, innovation, and customer-centric solutions, positioning itself as a leader in the naval shipbuilding industry. Technically, the NVL website is built on Drupal 10, leveraging modern web technologies including jQuery and FontAwesome, and is hosted on AWS infrastructure. The site is mobile-optimized, accessible, and employs privacy-conscious analytics via Matomo alongside a robust cookie consent mechanism. The digital presence reflects a mature and professional infrastructure with good SEO and user experience. From a security perspective, the site enforces HTTPS and uses cookie consent tools to comply with GDPR. However, explicit security policies and incident response contacts are not prominently published, and security headers are not visibly configured. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the business claims, showing consistent domain registration and DNS setup. Overall, NVL demonstrates a strong business credibility and digital maturity with a secure and privacy-aware web presence. Strategic improvements in publishing security policies and enhancing security headers would further strengthen their security posture.

L

Letiště Praha, a. s.

aeroparking.cz

62

AeroParking is the official covered parking service directly at Prague Airport, offering secure and comfortable parking options for travelers. The website is professionally designed using Drupal 10 and integrates multiple modern analytics and marketing tools such as Google Analytics, Microsoft Clarity, and Cookiebot for GDPR-compliant cookie management. The site demonstrates good mobile optimization and SEO practices, providing a user-friendly experience. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers and policies could be improved. WHOIS data is unavailable, likely due to privacy protection, but the website's affiliation with Prague Airport and professional presentation support its legitimacy. Overall, the site is a reliable digital presence for the parking service with room for enhanced transparency in contact and security policies.

D

Den norske legeforening

tidsskriftet.no

64

Tidsskriftet.no is the official medical journal of Den norske legeforening (The Norwegian Medical Association), serving as a key platform for publishing medical articles, clinical overviews, debates, and podcasts targeted at healthcare professionals in Norway. The website demonstrates a mature digital presence with a well-structured content offering and consistent branding aligned with its parent organization. The business model is primarily based on professional content delivery supported by advertising and subscription services. Technically, the site is built on Drupal 10, leveraging modern web technologies and analytics tools such as Matomo and Google Analytics with user consent management via Klaro. Security posture is strong with HTTPS enforcement, security headers, and bot protection mechanisms in place, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site is trustworthy, professionally maintained, and compliant with GDPR regulations, making it a reliable resource for its target audience.

N

NVL Egypt

nvlegypt.com

61

NVL Egypt is a medium-sized, important entity in the naval shipbuilding and maritime services sector, operating as a joint venture founded in 2022 and linked to the established German parent company NVL B.V. & Co. KG. The company focuses on designing, manufacturing, and supporting naval and coastguard vessels, with a strong emphasis on the Egyptian market and national shipbuilding strategy. The website is professionally designed using Drupal 10, with modern technologies and good mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though improvements are recommended in security headers and DNSSEC. The domain registration is consistent with the business timeline and transparent, enhancing trustworthiness. Overall, the site presents a credible and professional image suitable for its target audience.

N

NVL d.o.o.

nvl.hr

61

NVL d.o.o. is a Croatian maritime company specializing in naval and coast guard vessel solutions, operating as part of the larger NVL maritime network. The company focuses on innovation, sustainability, and delivering bespoke maritime technology solutions to global navies and coast guards. Their business model centers on B2B engagements, offering services from early business development to complex program execution. The website reflects a professional and consistent brand image with clear contact channels and trust indicators such as ISO 9001 certification and corporate social responsibility commitments. Technically, the site is built on Drupal 10, uses modern JavaScript libraries, and integrates privacy-compliant analytics and cookie consent mechanisms. Security posture is strong with HTTPS, anti-bot measures, and no visible vulnerabilities, though security headers could be improved. Overall, the site is well-optimized for mobile and accessibility, providing a good user experience. The domain registration is consistent with the business claims and location, enhancing trustworthiness.

N

Naval Technology Bulgaria EOOD

ntb.bg

56

Naval Technology Bulgaria EOOD is a Bulgarian subsidiary of the German naval shipbuilding group NVL, specializing in naval vessel design and engineering services. Established in 2021, it operates from Varna, Bulgaria, focusing on the Multipurpose Modular Patrol Vessel (MMPV) program for the Bulgarian Navy. The company offers design, technical surveillance, integrated logistics support, and warranty engineering. The website is professionally designed, mobile-optimized, and rich in relevant content, reflecting a strong business presence in the naval transportation sector. Technically, the site uses Drupal 10 CMS, integrates Matomo for analytics, and employs a cookie consent mechanism, demonstrating good digital maturity and privacy compliance. Security posture is solid with HTTPS and no exposed sensitive data, though security headers and incident response information are lacking. WHOIS data is privacy protected but consistent with the business claims, supporting legitimacy. Overall, the site scores well on content quality, technical implementation, security, privacy, and business credibility.

R

RTI International

rti.org

70

RTI International is a well-established independent scientific research institute focused on improving the human condition through diverse research and consulting services. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content targeting government agencies, academic institutions, and industry partners. The technical infrastructure is modern, leveraging Drupal 10 CMS and standard web technologies, with good mobile optimization and accessibility features. Security posture is strong with HTTPS enforced and standard security headers, although explicit security policies and incident response information are not publicly available. Privacy compliance is robust, featuring a comprehensive privacy policy and cookie consent mechanism. Overall, the website presents a trustworthy and credible digital front for RTI International.

I

International Transport Workers’ Federation (ITF)

itfglobal.org

58

The International Transport Workers’ Federation (ITF) operates a professional and comprehensive website serving as the global voice for 16.5 million transport workers across 150 countries. The organization focuses on union representation, workers' rights, equality, and justice within the transport sector. The website is built on Drupal 10, leveraging modern web technologies and includes multilingual support and social media integration. Privacy and cookie policies are prominently implemented with consent mechanisms, reflecting good privacy compliance. Security posture is generally strong with HTTPS enforced, though security headers are not evident and no explicit security or incident response policies are published. WHOIS data is unavailable due to malformed responses, but the website's professional presentation and organizational scope indicate legitimacy. Overall, the site is well-designed, accessible, and trustworthy, serving a large international non-profit federation.

I

International Transport Workers' Federation

itfshipbesure.org

54

The ITFShipBeSure website is an informational platform operated by the International Transport Workers' Federation, focusing on guiding seafarers through the recruitment process, helping them find registered recruitment agents, and raising awareness about recruitment scams. The site targets maritime workers primarily from countries like Bangladesh, India, Indonesia, Myanmar, and the Philippines. It serves as a trusted resource within the maritime labor sector, providing directories, scam reporting mechanisms, and educational content aligned with international labor conventions. Technically, the website is built on Drupal 10 CMS, leveraging modern web technologies including Google Analytics for user tracking and Facebook SDK for social media integration. The site is mobile-optimized, accessible, and demonstrates good SEO practices. However, it lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement to enhance compliance and security posture. From a security perspective, the site enforces HTTPS and does not expose sensitive data or vulnerable libraries. The absence of WHOIS data due to privacy protection is justified given the non-profit nature of the organization. No signs of WAF or content blocking were detected, allowing full content accessibility. Overall, the site maintains a good security posture but would benefit from enhanced transparency around privacy and security policies. The overall risk assessment is low, with the site presenting as a credible and professional resource for its target audience. Strategic recommendations include implementing comprehensive privacy and cookie policies, adding security headers, and publishing incident response contacts to further strengthen trust and compliance.

F

Fundacao Getulio Vargas

fgv.br

65

Fundação Getulio Vargas (FGV) is a well-established Brazilian educational institution focused on socio-economic development through excellence in teaching, research, consultancy, and leadership training. The website serves as a portal for their extensive educational offerings including undergraduate, master's, and doctoral programs, as well as consultancy services. FGV holds a strong market position as a reference in education both in Brazil and internationally. Technically, the website is built on Drupal 10 and integrates multiple analytics and marketing tools such as Google Analytics, Crazy Egg, Hotjar, and Visual Website Optimizer, indicating a mature digital infrastructure. The site is mobile-optimized, well-structured, and professionally designed, providing a positive user experience. Security-wise, the site enforces HTTPS and includes security contact information in WHOIS, but lacks explicit security headers and a public vulnerability disclosure policy. Overall, the site demonstrates a strong security posture with room for improvement in transparency and incident response readiness. The domain registration data is consistent with the business identity, reinforcing trustworthiness. Strategic recommendations include enhancing security headers, publishing a vulnerability disclosure policy, and expanding contact information to improve user trust and compliance.

I

Institut français

institutfrancais.com

63

Institut français is a key governmental cultural operator under the French Ministry of Europe and Foreign Affairs and the Ministry of Culture. It implements France's external cultural policy by supporting and animating the French cultural cooperation network abroad, assisting creators and cultural industries internationally, and promoting the French language and plurilingualism. The website reflects a professional and comprehensive digital presence with rich content, clear navigation, and strong branding consistent with its governmental affiliation. Technically, the site is built on Drupal 10, uses Matomo for analytics with privacy-respecting settings, and implements a cookie consent mechanism. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers are missing. WHOIS data is unavailable, which is unusual but likely due to query or server issues rather than malicious intent. Overall, the site is trustworthy, well-maintained, and compliant with privacy regulations.

I

International Transport Workers’ Federation (ITF)

itfseafarers.org

57

The International Transport Workers’ Federation (ITF) Seafarers website serves as a comprehensive resource and advocacy platform dedicated to the rights, welfare, and support of seafarers worldwide. It provides a wide range of resources including news, directories, apps, and guidance on employment rights and wellbeing. The organization holds a strong global position as a non-profit leader in maritime labor rights. Technically, the website is built on Drupal 10, leveraging modern web technologies and third-party integrations such as Facebook SDK and Google Translate for multilingual support. The site demonstrates good mobile optimization, accessibility, and SEO practices, though some improvements in security headers and cookie consent mechanisms are recommended. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but explicit security policies and incident response information are absent. Overall, the domain WHOIS data is unavailable, likely due to privacy protection, which is common and justified for such organizations. The website is trustworthy, professional, and safe for general audiences.

G

Government of Nova Scotia

novascotia.ca

66

The Government of Nova Scotia's official website serves as a comprehensive portal for provincial government services, information, and news. It targets residents, businesses, and stakeholders within Nova Scotia, Canada, providing access to programs, government departments, and public service job opportunities. The site is well-branded, consistent, and reflects its authoritative government status with clear trust indicators such as official social media accounts and Crown copyright notices. Technically, the website is built on Drupal 10, leveraging modern web technologies and analytics tools like Google Analytics and Cloudflare Insights. It is mobile-optimized and accessible, offering a positive user experience with clear navigation and relevant content. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security headers and policies could be improved. Privacy compliance is basic, with a privacy policy present but lacking a cookie consent mechanism. Overall, the site is highly legitimate and trustworthy, though it would benefit from enhanced transparency around security and privacy practices.

A

Ajuntament de Barcelona

barcelona.cat

67

Ajuntament de Barcelona operates the official municipal website for the city of Barcelona, providing residents and visitors with comprehensive information about city services, news, cultural events, transport, and business resources. The website is positioned as a key digital gateway for public services and community engagement in Barcelona. The site targets a broad audience including residents, businesses, and tourists, offering multilingual support and extensive navigation options. Technically, the site is built on Drupal 10 with modern frontend frameworks like Bootstrap, and integrates multiple analytics platforms including Matomo and Plausible, alongside marketing and tracking tools such as Adobe Visitor Tracking and Google Analytics. The site demonstrates a mature digital infrastructure with good mobile optimization and accessibility features. Security posture is strong with HTTPS enforced and anti-CSRF protections evident, though explicit security headers are not visible in the provided content and should be verified. Privacy compliance is well addressed with a detailed cookie consent mechanism and granular cookie categorization, although no explicit privacy policy or terms of service URLs were found in the provided content. WHOIS data is privacy protected by puntCAT, which is typical for government domains under the .cat TLD, and does not raise legitimacy concerns. Overall, the website is a professional, secure, and trustworthy government portal with extensive content and good user experience.

N

NVL B.V. & Co. KG

nvl.de

56

NVL B.V. & Co. KG is a well-established German shipbuilding group specializing in naval and coastguard vessels, with over 145 years of experience. The company operates multiple shipyards and docks, serving navies and maritime clients worldwide. Their business model focuses on new builds, repairs, and lifecycle services, supported by a network of subsidiaries in Bulgaria, Croatia, Brunei, and Egypt. The website reflects a mature digital presence built on Drupal 10, with modern technologies and privacy-conscious analytics. Security posture is solid with HTTPS and consent mechanisms, though explicit security policies and incident response contacts could be improved. Overall, NVL demonstrates strong business credibility and technical maturity with a professional, user-friendly website.

C

Connect4Climate

connect4climate.org

65

Connect4Climate is a globally recognized partnership platform dedicated to fostering climate action through youth engagement, innovative campaigns, and community storytelling. The website serves as a hub for connecting organizations and individuals to co-create sustainable solutions and amplify climate awareness. The platform targets a diverse audience including youth, creatives, business leaders, and climate advocates worldwide. Technically, the site is built on Drupal 10 with Bootstrap 5, leveraging modern web technologies and analytics tools such as Google Analytics and Adobe DTM, ensuring a responsive and accessible user experience. Security posture is solid with HTTPS and IP anonymization in analytics, though it lacks explicit security headers and formal privacy/cookie policies. The absence of WHOIS data due to privacy protection is common for non-profit entities and does not detract significantly from the site's legitimacy. Overall, Connect4Climate presents a professional, trustworthy, and content-rich platform with room for improvement in privacy compliance and security best practices.

B

Budapesti Műszaki és Gazdaságtudományi Egyetem (BME)

bme.hu

55

Budapesti Műszaki és Gazdaságtudományi Egyetem (BME) operates a comprehensive and professionally designed website serving students, faculty, researchers, and partners. The site provides extensive information on academic programs, research initiatives, international collaborations, and campus life. The university holds a strong market position as a leading technical institution in Hungary with a history dating back to 1782. Technically, the website is built on Drupal 10 with Bootstrap and integrates Google Tag Manager for analytics. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. No critical vulnerabilities or suspicious content were detected. Overall, the website reflects a mature digital presence aligned with the university's stature.

R

ROBIN WOOD e.V.

robinwood.de

47

ROBIN WOOD e.V. is a German non-profit environmental organization dedicated to nature and climate protection through activism, campaigns, and public engagement. The website serves as a platform to inform supporters, promote campaigns, and solicit donations and memberships. It maintains a strong presence on multiple social media platforms and regularly publishes press releases and reports. The organization targets environmentally conscious individuals and activists. Technically, the website is built on Drupal 10 CMS, utilizing modern front-end libraries such as Bootstrap and Swiper.js for responsive design and interactive elements. Hosting is provided by Hostsharing, inferred from the nameservers. The site implements HTTPS with a good SSL configuration and includes a cookie consent banner with an opt-in mechanism, reflecting good privacy compliance practices. Matomo analytics is used for tracking with minimal user tracking. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the site lacks published security policies, incident response contacts, and a security.txt file, which are recommended for improved transparency and security readiness. Overall, the website is professional, trustworthy, and well-maintained, with good content quality and user experience.

R

Reporters Without Borders

rsf.org

66

Reporters Without Borders (RSF) is a well-established international non-profit organization dedicated to promoting and defending press freedom worldwide. The website serves as a comprehensive platform for news, reports, advocacy, and resources related to media freedom. RSF maintains a strong global presence with offices in multiple countries and a network of over 150 correspondents. The site is professionally designed, multilingual, and regularly updated, reflecting a mature digital presence. Technically, the website is built on Drupal 10, leveraging modern web technologies and hosted behind Cloudflare DNS services. It includes cookie consent management and uses analytics tools responsibly with privacy considerations. The site is mobile-optimized and accessible, with good SEO practices. From a security perspective, the website enforces HTTPS and employs domain transfer protections. However, DNSSEC is not enabled, and explicit security headers are not clearly visible. There is no publicly available security policy or incident response contact, which could be improved. The WHOIS data aligns well with the organization's profile, showing a long-standing domain registration without privacy protection, enhancing trust. Overall, RSF's website demonstrates a high level of professionalism, security, and compliance suitable for a reputable NGO. Strategic improvements in security headers, DNSSEC, and publishing security policies would further strengthen its posture.

B

BIOTRONIK SE & Co. KG

biotronik.com

64

BIOTRONIK SE & Co. KG is a globally recognized healthcare company specializing in advanced medical devices for cardiac rhythm management, electrophysiology, and neuromodulation. Founded in 1963 in Germany, the company has a strong market position as a pioneer and leader in life-changing therapies and digital health innovations. Their website reflects a mature digital presence with comprehensive product information, clinical studies, and corporate responsibility content targeting patients, healthcare professionals, and partners. Technically, the website is built on Drupal 10, leveraging modern JavaScript frameworks and consent management tools like Usercentrics. The site is mobile-optimized, accessible, and SEO-friendly, with good performance and structured navigation. Security posture is strong with HTTPS enforced and privacy compliance evident through detailed policies and consent mechanisms, although explicit security headers and incident response information could be improved. Overall, the website demonstrates a high level of professionalism and trustworthiness, supported by consistent branding and active social media engagement. However, the absence of WHOIS data for the domain is unusual and should be further investigated to confirm domain registration legitimacy. No critical vulnerabilities or suspicious content were detected, making the site safe for general audiences.

T

TRIOPS Ökologie & Landschaftsplanung GmbH

triops-consult.de

47

TRIOPS Ökologie & Landschaftsplanung GmbH is a specialized ecological and landscape planning consultancy based in Germany. Their website presents a comprehensive portfolio of environmental services including species protection, environmental impact assessments, management plans, and ecological construction supervision. The company targets municipalities, developers, and environmental planners requiring expert consulting in ecological and landscape matters. The website is professionally designed using Drupal 10 with Bootstrap and jQuery, offering good mobile optimization and clear navigation. Cookie compliance is implemented with an opt-in banner, reflecting awareness of GDPR requirements. However, no explicit privacy officer or security policies are published on the site. Security posture is adequate with HTTPS enabled but lacks advanced security headers and incident response information. No advertising or tracking beyond cookie compliance is detected, indicating a privacy-conscious approach. WHOIS data is limited but shows no suspicious patterns, supporting legitimacy. Overall, the website is a good representation of a small specialized consultancy with solid technical implementation and privacy compliance.

W

Waldreport

waldreport.de

57

Waldreport is a German non-profit environmental initiative dedicated to protecting forests by raising awareness of forest threats, networking nature enthusiasts, and collecting data on forest damage. The website is well-structured, professionally designed, and targets environmentally conscious individuals and organizations in Germany. It leverages partnerships with reputable environmental groups such as Greenpeace and Robin Wood to enhance its credibility and outreach. Technically, the site is built on Drupal 10 with Bootstrap 5.2 and uses Matomo for privacy-conscious analytics. The site is mobile-optimized and accessible, with a cookie consent mechanism compliant with GDPR. Security posture is moderate with room for improvement in security headers and incident response transparency. No critical vulnerabilities or suspicious content were detected, and the domain registration data aligns with the website's purpose, indicating legitimacy.

C

Cassini

cassini.eu

63

Cassini is an official European Commission initiative aimed at fostering entrepreneurship in the space sector across the EU from 2021 to 2027. It supports startups, SMEs, and entrepreneurs with funding, hackathons, mentoring, business acceleration, and matchmaking services. The initiative is positioned as a key enabler for the EU space economy, leveraging a €1 billion fund and various programs to stimulate innovation and market uptake of space technologies and services. The website reflects a professional and consistent brand aligned with EU standards and space industry stakeholders. Technically, the website is built on Drupal 10, employing modern web technologies and analytics tools such as Matomo and Google Tag Manager. The site is mobile optimized, accessible, and SEO friendly, providing a good user experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though it lacks some advanced security headers and explicit incident response information. From a security and compliance perspective, the site respects GDPR principles with a comprehensive privacy policy and cookie policy, though it lacks a cookie consent mechanism. No direct contact emails or phone numbers are published, relying on contact forms. WHOIS data is privacy protected by EURid, typical for .eu domains, and consistent with the official nature of the initiative. No suspicious or malicious indicators were found. Overall, Cassini's website is a trustworthy, well-maintained platform supporting EU space entrepreneurship. Strategic recommendations include enhancing security headers, publishing incident response contacts, implementing cookie consent, and providing more direct contact information to improve transparency and user trust.

B

Brightly

brightlysoftware.com

75

Brightly is an established enterprise software company specializing in asset management and operational efficiency solutions, serving over 12,000 clients globally. Their product suite includes CMMS, EAM, energy management, and sustainability software, positioning them as a leader in technology-driven operational solutions. The recent acquisition by Siemens further strengthens their market position. Technically, the website is built on Drupal 10 with modern analytics and marketing integrations, demonstrating a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and GDPR compliance, though explicit security policies and incident response contacts are absent. Overall, the website reflects a professional and trustworthy business but is slightly diminished by missing WHOIS transparency and direct contact details.

S

SWARCO

swarco.com

72

SWARCO is a globally active enterprise specializing in mobility management and road safety solutions with over 50 years of industry experience. The company offers a broad portfolio of products and services aimed at improving traffic management and connected driving technologies. The website reflects a mature digital presence built on Drupal 10, integrating modern analytics and marketing tools such as Google Tag Manager and Cookiebot for privacy compliance. While the site is professionally designed and mobile optimized, explicit privacy policies and contact information are not readily visible in the provided content, which may impact user trust and compliance transparency. Security posture is strong with HTTPS and cookie consent mechanisms, but could be enhanced by adding security headers and incident response disclosures. WHOIS data for the domain is unavailable, which slightly reduces trustworthiness but may be due to privacy protection or domain registration under a different TLD. Overall, the website demonstrates a solid technical foundation and business credibility in the transportation sector.

D

deltacity

deltacity.net

71

deltacity is an independent digital service provider based in Germany specializing in the development of sophisticated digital platforms across digital health, commerce, and content management sectors. The company offers comprehensive services including strategic consulting, creative conception, innovative software development, and technical implementation. Their website reflects a professional and consistent brand presence with clear service offerings and active recruitment efforts, indicating a medium-sized enterprise with a solid market position in the technology sector. Technically, the website is built on Drupal 10 CMS, employs Matomo for analytics with user consent management via CookieFirst, and integrates multimedia content through Vimeo. The site is mobile-optimized with good SEO and accessibility features, although some security headers are not explicitly detected. HTTPS is enforced, and privacy policies are comprehensive and GDPR compliant. From a security perspective, the site demonstrates good practices such as encrypted connections and cookie consent but lacks visible incident response contacts or vulnerability disclosure mechanisms. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website content and branding suggest a legitimate business. This discrepancy warrants further investigation to confirm domain ownership and registration status. Overall, deltacity presents a trustworthy and professional digital agency with a mature digital infrastructure. Strategic recommendations include enhancing security headers, publishing explicit security policies, and resolving WHOIS inconsistencies to strengthen trust and compliance.

G

Greenpeace e. V.

greenpeace.de

70

Greenpeace e. V. is a well-established non-profit environmental organization based in Germany, focused on climate protection, biodiversity, and peace advocacy. The website serves as a comprehensive platform for public education, activism, and fundraising, targeting environmentally conscious individuals and supporters. It maintains a strong market position as a leading environmental NGO with a large audience and consistent branding. Technically, the website is built on Drupal 10, leveraging modern web technologies and third-party tools such as Usercentrics for consent management and Google Tag Manager for analytics. Hosting is provided by Colt Technology Services, indicating a professional infrastructure. The site is mobile-optimized and accessible, with good SEO practices. From a security perspective, the site uses HTTPS and consent management but lacks visible security headers and explicit security policies or incident response contacts. No vulnerabilities or suspicious content were detected. Privacy compliance is partial due to the absence of a clearly linked privacy policy and terms of service. Overall, Greenpeace.de presents a trustworthy, professional, and content-rich website with minor gaps in privacy and security transparency. Strategic improvements in these areas would enhance compliance and user trust.

D+C - Development + Cooperation is a well-established online magazine focusing on global development issues such as poverty reduction, gender equality, governance, and sustainability. The website serves a global audience of development professionals, policymakers, and interested public by providing high-quality articles, interviews, and digital monthly editions. The business operates as a non-profit media entity with a clear mission to inform and engage on development topics. Technically, the site is built on Drupal 10, uses modern web technologies, and integrates a consent management platform to ensure GDPR compliance. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Security-wise, the website enforces HTTPS and uses Google Tag Manager and Usercentrics for analytics and consent management, respectively. However, some security headers are not explicitly detected, and there is no visible security policy or vulnerability disclosure mechanism. Overall, the domain registration details align well with the website's professional and German-based media presence, indicating high legitimacy and trustworthiness.

F

Facts about Germany

tatsachen-ueber-deutschland.de

64

The website 'Facts about Germany' serves as an official multilingual information portal providing comprehensive facts about Germany's politics, economy, culture, and society. It targets a broad international audience including researchers, policy makers, and the general public. The site is government-backed and positions itself as a trusted source of factual information about Germany. Technically, it is built on Drupal 10 CMS, employs modern JavaScript modules, and integrates a Usercentrics Consent Management Platform to ensure GDPR compliance. Google Tag Manager is used for analytics with default consent set to denied, reflecting a privacy-conscious approach. Security-wise, the site enforces HTTPS and uses consent mechanisms but lacks visible security headers and explicit incident response or vulnerability disclosure pages. Overall, the site is professionally designed, mobile-optimized, and accessible, with high content quality and trustworthiness. Recommendations include adding security headers, publishing a security.txt file, and providing clearer incident response contacts to enhance security posture and compliance.

V

Verein Stiftungen für Bildung e.V.

netzwerk-stiftungen-bildung.de

58

Netzwerk Stiftungen und Bildung is a German non-profit organization that facilitates collaboration and knowledge sharing among educational foundations and actors. The website serves as a platform offering a directory of members (Netties), news, events, and educational resources. It targets foundations, educational institutions, and stakeholders interested in local educational development. The organization appears well-established with a medium-sized network and a professional online presence. Technically, the website is built on Drupal 10, leveraging modern JavaScript libraries such as jQuery UI and Klaro for cookie consent management. The site is mobile-optimized, accessible, and implements good SEO practices. Google Analytics is used for visitor statistics with user consent. The site uses HTTPS and shows good security hygiene, although some security headers could be improved. From a security perspective, the site enforces HTTPS and uses a consent manager for privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response contacts are not present, which could be enhanced to improve trust and compliance. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. It provides clear contact information and a comprehensive cookie consent mechanism. The domain WHOIS data is limited but does not raise immediate concerns. Strategic improvements in security headers and incident response transparency are recommended to further strengthen the security posture.

M

Městský úřad Svitavy

svitavy.cz

61

The website www.svitavy.cz serves as the official municipal portal for the city of Svitavy in the Czech Republic. It provides comprehensive information about the city administration, public services, cultural events, and citizen resources. The site targets residents and visitors, offering a well-structured navigation system and multiple language options via external translation links. The business model is that of a government service portal, with a medium-sized organizational footprint and a focus on transparency and public engagement. Technically, the site is built on Drupal 10, leveraging modern web technologies including Bootstrap for responsive design, Google Analytics for traffic monitoring, and various JavaScript libraries for enhanced user experience. The site is mobile-optimized and accessible, with good SEO practices evident in meta tags and structured navigation. Performance is moderate, with no critical errors or broken elements detected. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with EU GDPR regulations. However, it lacks visible security headers such as Content-Security-Policy and X-Frame-Options, which are recommended to enhance security posture. No vulnerabilities or exposed sensitive data were found in the HTML content. The absence of WHOIS data limits the ability to fully verify domain legitimacy, but the official branding and content strongly support authenticity. Overall, the website presents a trustworthy and professional digital presence for the city government, with room for security enhancements and improved transparency in incident response and vulnerability disclosure policies. The risk level is low, and the site is safe for general audiences.