Security Directory

BVFI operates as a professional real estate association in Germany, providing networking, training, and marketplace services to real estate professionals including brokers and investors. The website is well-structured, professionally designed, and integrates modern web technologies such as PWA features and service workers. Marketing and analytics tools like Google Tag Manager, Facebook Pixel, and Zoho SalesIQ are actively used, supported by a cookie consent mechanism to comply with privacy regulations. However, explicit privacy policy and terms of service pages are not found, which is a compliance gap. Security posture is solid with HTTPS and some best practices, but could be improved by adding security headers and incident response information. Overall, the domain registration is consistent and trustworthy, aligning with the business's German real estate focus.

S

SIGIC - The Slovenian Music Information Center

musicslovenia.si

41

Music Slovenia is a consortium of Slovenian musical institutions dedicated to promoting Slovenian music both nationally and internationally. The website serves as a platform to connect various stakeholders in the Slovenian music scene, offering news, event information, playlists, tours, and showcases. The organization targets musicians, cultural institutions, and music enthusiasts interested in Slovenian music. The business model focuses on cultural promotion and collaboration facilitation within the music industry niche. Technically, the website employs a modern but somewhat dated technology stack including jQuery 2.2.4, Bootstrap, and various UI libraries. It uses HTTPS with good SSL configuration but lacks security headers. The site is moderately optimized for performance and mobile devices, with basic accessibility and SEO features. Analytics are handled via Plausible Analytics, indicating a privacy-conscious approach but lacking cookie consent mechanisms. From a security perspective, the site benefits from HTTPS and absence of exposed sensitive data but misses important security headers and formal security policies such as privacy, cookie, and incident response disclosures. No vulnerability disclosure or security contact information is provided, which could be improved to enhance trust and compliance. The domain registration data is consistent and appropriate for the business, supporting legitimacy. Overall, the website is professional and trustworthy with good content quality and business credibility but requires improvements in privacy compliance and security best practices to reach higher maturity levels.

S

Stopline

stopline.at

70

Stopline is an Austrian governmental/non-profit online reporting center specializing in illegal internet content, specifically child sexual abuse material and endorsement of National Socialist ideology. The website provides anonymous reporting services and aims to facilitate rapid removal of such content, particularly when hosted in Austria. It maintains a professional web presence with clear navigation, partner affiliations, and public transparency through annual reports and statistics. Technically, the site uses modern web technologies including jQuery and Matomo analytics, with a cookie consent mechanism that complies with GDPR standards. Security posture is strong with HTTPS enforced and CSRF protections, though explicit security headers and incident response policies are not publicly detailed. Overall, the site demonstrates high trustworthiness and business credibility appropriate for its governmental/non-profit role.

A

Acquirente Unico S.p.A.

consumienergia.it

56

The website consumienergia.it/portaleConsumi is an official Italian government-backed portal managed by Acquirente Unico S.p.A. It provides consumers with free access to their electricity and gas consumption data, leveraging secure authentication methods such as SPID and the electronic identity card (CIE). The portal is positioned as a trusted public service, offering detailed information, FAQs, and tools to empower consumers in managing their energy usage. The site is well-branded with consistent use of official logos and clear navigation tailored to its target audience of Italian energy consumers. Technically, the site employs a modern yet straightforward technology stack including jQuery, Bootstrap, and Matomo analytics. It is mobile-optimized and accessible, though some security enhancements such as DNSSEC and Content Security Policy headers could be implemented. The site uses HTTPS and enforces cache control headers to protect user data. No blocking or WAF mechanisms interfere with content access. From a security perspective, the portal demonstrates good practices with strong user authentication and no visible vulnerabilities in the provided content. However, it lacks explicit incident response contacts and vulnerability disclosure mechanisms. Privacy compliance is strong with comprehensive privacy and cookie policies, though the cookie consent mechanism could be improved. Overall, the portal is a credible, secure, and user-friendly platform serving an essential public function. Strategic improvements in security headers and transparency would further enhance trust and resilience.

M

Münsterland e.V.

muensterland.com

60

Münsterland e.V. operates as a regional development and promotional organization focused on enhancing the quality of life, economic opportunities, cultural engagement, and tourism in the Münsterland region of Germany. The website serves as a comprehensive portal for residents, businesses, tourists, and cultural participants, offering detailed information about living, working, and visiting the region. The organization positions itself as a key regional player fostering community, innovation, and sustainable growth. Technically, the website is built on a ProcessWire CMS platform, utilizing modern JavaScript libraries such as jQuery, Google Tag Manager, and Bing UET for analytics and marketing. Accessibility features are well implemented, including WCAG options and cookie consent mechanisms, reflecting a mature digital infrastructure. The site is mobile-optimized and SEO-friendly, with structured data enhancing search engine visibility. From a security perspective, the site enforces HTTPS and employs cookie consent for privacy compliance. However, it lacks explicit security headers and a published security.txt file, which are recommended for improved security posture. The absence of WHOIS registration data raises concerns about domain legitimacy, though the website content and branding appear professional and trustworthy. Overall, the site presents a low-risk profile with strong content quality and technical implementation but would benefit from enhanced transparency in domain registration and security incident response information.

The Bundeskriminalamt website serves as the official online presence of Austria's Federal Criminal Police Office, a key government agency under the Federal Ministry of the Interior. It provides comprehensive information on crime prevention, investigations, international cooperation, and public awareness initiatives. The site targets the general public, law enforcement professionals, and victims of crime, positioning itself as a trusted national authority in law enforcement. Technically, the website employs a mature technology stack including ASP.NET Web Forms, jQuery, Bootstrap, and various UI libraries, delivering a responsive and well-structured user experience. Security-wise, the site uses HTTPS and implements privacy-conscious social media embeds, but lacks visible security headers and explicit cookie consent mechanisms. The absence of WHOIS data is due to NIC.AT restrictions rather than suspicious activity, and the site exhibits strong trust indicators consistent with a government entity. Overall, the site is professional, secure, and compliant with GDPR, though improvements in security headers and cookie consent would enhance its posture.

The VDA-DGHT Sachkunde GbR website provides specialized educational and certification services for private and commercial animal keepers in the fields of aquaristics and terraristics. It serves a niche market focused on compliance with German animal protection laws, offering recognized certifications and training courses. The business is positioned as a trusted provider with ISO 9001:2015 certification and partnerships with reputable organizations such as VDA and DGHT. Technically, the website is built on a modern CMS platform with standard web technologies including jQuery and service workers, ensuring moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent implemented, though some security headers and explicit policies could be improved. Overall, the site is professional, trustworthy, and compliant with basic privacy regulations, though contact information is not prominently displayed. No blocking or WAF interference was detected, allowing full content access.

E

Esittävän taiteen vapaat yhteisöt ry

teatterikeskus.fi

59

Esittävän taiteen vapaat yhteisöt ry is a Finnish national non-profit organization representing professional communities in the performing arts sector, including circus, dance, and theatre. The website serves as an information and service portal for its approximately 50 member communities, focusing on advocacy, events, and member services. The organization positions itself as a key actor in the Finnish performing arts landscape, providing support and representation for independent performing arts groups. Technically, the website is built on the Squarespace platform, leveraging standard web technologies such as jQuery and Typekit fonts, with integration of Mailchimp for marketing and communication. The site is well-structured, mobile-optimized, and uses HTTPS with HSTS for secure communications. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance and user trust. Contact information is primarily via social media channels, with no direct email or phone contacts visible. Security posture is strong with no visible vulnerabilities or exposed sensitive data. Overall, the site is professional and trustworthy but could improve compliance and transparency aspects.

Salon Bien Etre & Bio Strasbourg is a regional event platform focused on wellness, natural health, organic products, and alternative therapies. The website presents a professional and content-rich experience targeting visitors interested in health, ecology, and personal development. The event offers exhibitors, conferences, workshops, and organic food markets, positioning itself as a niche but established player in the Strasbourg wellness event market. Technically, the site is built on the IONOS Website Editor platform, leveraging modern JavaScript libraries and CDNs, with good mobile optimization and moderate performance. Security posture is adequate with HTTPS and cookie consent but lacks advanced security headers and incident response information. The WHOIS data is unavailable or indicates the domain may not be registered, which is a concern for domain legitimacy and trust. Overall, the site is trustworthy and safe for general audiences but would benefit from improved transparency on domain registration and enhanced security practices.

O

Oční tkáňová banka Gemini Zlín

tkanovabanka.cz

41

Oční tkáňová banka Gemini Zlín is a specialized healthcare entity focused on corneal tissue transplantation, operating as part of the largest Czech eye clinic network. Established in 2022, it aims to reduce waiting times for corneal transplants in the Czech Republic, serving patients with serious eye damage and collaborating with other transplant centers. The website reflects a professional healthcare service with clear contact information and trust signals such as membership in the European Eye Bank Association. Technically, the site is built on WordPress with common plugins and modern security features like HTTPS and Google reCAPTCHA, though it lacks explicit privacy and cookie policies, which is a compliance gap. The absence of WHOIS data reduces domain trust from a registration perspective but does not detract from the professional presentation and legitimacy of the business. Overall, the site is well-structured, secure, and trustworthy for its intended audience.

M

My Somfy Showroom

mysomfyshowroom.co.uk

48

My Somfy Showroom is a specialized digital platform showcasing Somfy motorized window treatment products and smart home integration solutions. The website targets Somfy customers, home automation enthusiasts, and Somfy experts, providing interactive product galleries, educational content, and resource downloads. The business operates primarily in the UK market and was established in 2022, reflecting a focused niche showroom model. Technically, the site employs AngularJS, jQuery, Bootstrap, and modern JavaScript libraries to deliver an interactive and mobile-optimized user experience. While the site uses HTTPS and DNSSEC for domain security, it lacks visible security headers and formal privacy or cookie policies, which are areas for improvement. The login and password reset forms indicate controlled access for Somfy experts, but no explicit contact information or incident response channels are provided. Overall, the site is professional and functional but would benefit from enhanced privacy compliance and security best practices.

M

MS Group

wemakespaces.archi

49

MS Group operates the website 'We Make Spaces - MS Architekti', an established architectural studio based in the Czech Republic since 1990. The company specializes in architectural design, urban planning, and realization of various projects including residential, commercial, and public spaces. The website presents a professional image with a clear focus on their services and portfolio, targeting clients seeking architectural and urban planning expertise. Technically, the site uses a moderate technology stack including Bootstrap, jQuery, Google Analytics, and Hotjar for analytics and user behavior tracking. The site is mobile optimized and has good SEO practices but lacks visible privacy and cookie policies, which is a compliance concern. Security posture is moderate with HTTPS usage but no detected security headers or explicit security policies. WHOIS data is unavailable due to privacy protection and malformed WHOIS response, limiting domain registration transparency. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security best practices.

O

OMAX Holding s.r.o.

befity.cz

56

Befity.cz is a Czech online magazine dedicated to promoting an active lifestyle through fitness, health, nutrition, and psychological well-being content. Operated by OMAX Holding s.r.o., the site maintains a strong market position within the Czech media landscape, supported by partnerships with related media brands such as bety.cz and prostreno.cz. The platform offers a mix of editorial content, product testing, and advertising services, targeting a general adult audience interested in health and fitness. Technically, the site employs modern JavaScript libraries and ad technologies, with a custom CMS backend. It demonstrates good mobile optimization and SEO practices, though some accessibility features could be enhanced. Security posture is solid with HTTPS and cookie consent mechanisms, but could benefit from additional security headers and explicit incident response documentation. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, making it a reliable source for its audience.

M

Media Borough

mediaborough.com

64

Media Borough's official website serves as a comprehensive portal for municipal government services, community engagement, and business resources. It targets residents, local businesses, and visitors, providing key services such as trash and recycling schedules, meeting agendas, permits, and public safety information. The site maintains a consistent brand presence and includes social media integration to enhance community outreach. Technically, the website leverages established JavaScript libraries like jQuery and AlpineJS, integrates Google Tag Manager and Microsoft Application Insights for analytics, and is built on the CivicPlus CMS platform. While performance and mobile optimization are adequate, there is room for improvement in accessibility and SEO. Security posture is solid with HTTPS enforcement and anti-forgery tokens, but lacks DNSSEC and some security headers. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite tracking usage. Overall, the domain registration is consistent and trustworthy, reflecting a legitimate government entity.

G

Gewerbeverein Muhen

gewerbe-muhen.ch

52

Gewerbeverein Muhen is a local business association based in Muhen, Canton Aargau, Switzerland, representing trade, crafts, services, and industry sectors. The website serves as an information hub for members and the local community, providing news, event listings, member directories, and resources to support local businesses. The association appears well-positioned within its local market, focusing on community engagement and business networking. Technically, the website uses a custom CMS by naviti GmbH, leveraging common JavaScript libraries such as jQuery and Font Awesome for UI elements. While the site is functional and provides essential features like cookie consent and privacy policy, there is room for improvement in mobile optimization and accessibility. Security posture is moderate with HTTPS implied but lacking explicit security headers and incident response information. Overall, the site is trustworthy and professional, with a clear focus on local business support.

F

Fumedica Deutschland

fumedica.de

45

Fumedica Deutschland operates in the healthcare sector, providing medical-related products or services primarily targeted at the German market. The website presents basic information with limited interactive features and lacks comprehensive privacy, cookie, or terms of service policies. The technical infrastructure relies on older technologies such as jQuery 2.2.4 and Font Awesome 6 Pro, hosted on servers associated with kreativmedia.ch. Security posture is minimal with no evident security headers or advanced protections, and no contact or incident response information is available. Overall, the website serves as a basic informational platform with moderate digital maturity but requires improvements in security, privacy compliance, and user engagement features.

W

webo-facto

webo-facto.com

56

Webo-facto is a French professional SaaS platform established in 2011, offering an all-in-one solution for creating, managing, and hosting websites. It targets digital agencies, freelancers, and educational institutions, providing services such as web hosting, domain management, SSL certificates, CMS solutions, and maintenance. The platform emphasizes ease of use, centralized management, and expert support, boasting over 6,000 users and nearly 3,800 hosted sites. Technically, the website employs a mix of proprietary and open source CMS technologies, integrates modern JavaScript libraries, and uses recognized analytics and cookie consent tools. Hosting is provided by OVH, a reputable French provider. Security posture is solid with HTTPS and domain protections, though DNSSEC is not enabled and security headers are not evident. Privacy compliance is basic with cookie consent but lacks detailed policies or GDPR-specific disclosures. Contact is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, the website is professional, trustworthy, and well-branded, with room for improvement in security policies and transparency.

A

ANAG, spol. s r.o.

anag.cz

10

ANAG, spol. s r.o. is a Czech publishing and educational company specializing in legal, economic, health, and leisure publications and seminars. The company offers a broad range of products including books, magazines, audiobooks, e-books, and organizes seminars both in-person and online. Their website is professionally designed, targeting professionals and individuals seeking educational materials in their fields of interest. The company maintains a strong presence on social media platforms and provides clear navigation and content relevant to their audience. Technically, the website employs modern JavaScript libraries such as jQuery, integrates Google Tag Manager for analytics, uses Smartsupp for live chat support, and Cookiebot for cookie consent management, indicating a mature digital infrastructure. The site is mobile optimized and performs moderately well, with good SEO practices and basic accessibility features. From a security perspective, the website enforces HTTPS and uses cookie consent mechanisms, but lacks explicit security headers and publicly available security policies or incident response information. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data is unavailable, likely due to privacy protection, but the website's professionalism and consistency suggest legitimacy. Overall, ANAG's website presents a trustworthy and professional digital presence with room for improvement in security header implementation and transparency of security policies. The risk level is low, and the site is suitable for its intended audience.

P

ppwork | employee management system

ppwork.cz

42

The website ppwork.cz presents a specialized employee management system tailored for personnel agencies, primarily targeting the Czech Republic market. The platform offers comprehensive workforce management features including attendance tracking, payroll calculation, and administrative support. The business model is SaaS-based, focusing on small to medium-sized personnel agencies, with customization options for client-specific needs. The website content is professional and well-structured, providing clear information about the system's capabilities and benefits. Technically, the website employs a modern front-end stack including Bootstrap, jQuery, and various JavaScript libraries for animations and UI enhancements. The site is mobile-optimized and demonstrates good design quality and user experience. However, there is no evidence of advanced SEO or accessibility features, and no CMS or hosting provider information is discernible. Performance is moderate, with no major issues detected. From a security perspective, the site lacks visible security headers and published security policies. The absence of HTTPS verification data and WHOIS information raises concerns about domain legitimacy and security posture. No privacy or cookie policies are present, indicating potential compliance gaps with GDPR or other data protection regulations. Contact information is minimal, limited to a single email address, with no phone or physical address provided. Overall, the website is functional and business-focused but would benefit from enhanced security measures, transparency in domain registration, and improved privacy compliance. Strategic recommendations include implementing HTTPS with strong SSL, publishing privacy and cookie policies, adding security headers, and providing clearer contact and incident response information to build trust and compliance.

M

Mediapilote

mediapilote.com

57

Mediapilote is a French communication and advertising agency with multiple regional offices across France. The company offers a broad range of services including brand strategy, communication strategy, digital strategy, creative campaigns, social media management, employer branding, and CSR communication. They also provide certified training programs under the Qualiopi label. The website presents a professional and consistent brand image with comprehensive service descriptions and client references, positioning Mediapilote as a reputable regional player in the media and communication sector. Technically, the website uses a mix of legacy and modern JavaScript libraries, integrates Google Tag Manager for analytics, and employs Axeptio for cookie consent management, reflecting a moderate to good digital maturity. Security posture is adequate with HTTPS enforced and reCAPTCHA implemented, though some improvements in security headers and library updates are recommended. The absence of WHOIS data reduces domain trustworthiness, but the professional content and branding mitigate concerns. Overall, the site is well-designed, user-friendly, and compliant with GDPR requirements.

C

Copylot Group

copylot.com

57

Copylot Group is a French communication consulting group that unites multiple communication agencies under a collaborative and growth-oriented business model. The group focuses on advising and supporting brands and professionals in communication through shared tools, agile methods, and collective intelligence. Their services span branding, marketing, digitalization, audiovisual communication, and marketing studies. The website is professionally designed, mobile-optimized, and uses modern technologies including Google Tag Manager, Google reCAPTCHA, and Axeptio for cookie consent management. However, the domain WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy. Security posture is moderate with HTTPS and reCAPTCHA implemented but lacks explicit security headers and published privacy policies. Contact is primarily via a web form and LinkedIn. Overall, the website presents a professional image but would benefit from improved transparency and security practices.

J

Janus s.r.l.

amamusei.it

55

AmaMusei is a specialized Italian company providing digital audioguide solutions for museums and cultural territories. Their platform enables museums to autonomously create and manage official guides accessible via a dedicated mobile app for iOS and Android. The company targets cultural institutions and local territories aiming to enhance visitor engagement and expand cultural experiences beyond museum walls. The business operates in a niche market with a small company profile and strong regional partnerships.

V

VAŠE LIGA z.s.

vaseliga.cz

61

VAŠE LIGA z.s. operates a Czech Republic-based sports league platform offering monthly organized matches across multiple sports including squash, badminton, tennis, ping-pong, beach volleyball, and padel. The platform targets active sports enthusiasts in various Czech cities, providing a structured and community-driven sports experience. The website demonstrates a solid market niche with a medium-sized operation and partnerships with local sponsors and foundations. Technically, the site employs a modern JavaScript stack with frameworks like Svelte and jQuery, integrates Google Maps and social media SDKs, and uses Google Tag Manager for analytics and marketing. The site is mobile-optimized and features a cookie consent mechanism aligned with GDPR requirements. Security posture is good with HTTPS enforced and secure login forms, though it lacks some HTTP security headers and explicit incident response contacts. The absence of WHOIS data reduces domain trustworthiness, but the website content and partner references support legitimacy. Overall, the site is professional, user-friendly, and trustworthy for its target audience.

O

ONF Vegetis

onf-vegetis.fr

52

ONF Vegetis is a French company specializing in sustainable management and maintenance of natural spaces, vegetation control, and wooden furniture for natural and urban environments. The company targets professionals seeking expert services in arboriculture, vegetation management, and infrastructure maintenance. The website reflects a mature digital presence with modern technologies such as Vue.js, jQuery, and GSAP, and integrates analytics tools like Matomo and Google Analytics via Google Tag Manager. Privacy and cookie policies are well implemented with a consent mechanism, demonstrating GDPR compliance. However, the site lacks a dedicated security policy and incident response information, which are recommended for enhanced trust and compliance. Overall, the website is professional, secure with HTTPS, and provides clear navigation and relevant content for its audience.

O

ONF-Agir pour la forêt

onf-agirpourlaforet.fr

54

ONF-Agir pour la forêt is a French non-profit organization dedicated to raising funds to support projects of general interest in public forests managed by the Office National des Forêts (ONF) and its partners. The website presents a professional and well-structured platform aimed at individuals and enterprises interested in sustainable forest management and biodiversity preservation. The organization positions itself as a key player in environmental conservation within France, leveraging public engagement and corporate sponsorships to finance its initiatives. Technically, the website employs a modern technology stack including Vue.js, jQuery, GSAP, and integrates analytics tools such as Matomo and Google Tag Manager. It uses a proprietary or custom CMS platform and implements cookie consent mechanisms compliant with GDPR. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. From a security perspective, the site enforces HTTPS and uses cookie consent tools, but lacks explicit security policies or incident response information. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms the domain's legitimacy and consistency with the organization's profile. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations, making it a reliable source for donors and partners interested in forest conservation efforts in France.

O

Office national des forêts

onf.fr

60

The Office national des forêts (ONF) is a major French government-related organization focused on sustainable forest management, environmental protection, and public engagement. The website reflects a well-established entity with a domain registered since 1996, consistent with its long-standing public service role. The site offers a variety of services including forest management, risk management, and services for local authorities and businesses. It targets a broad audience including public officials, enterprises, forest professionals, and the general public. Technically, the website employs modern JavaScript frameworks such as Vue.js, uses analytics tools like Matomo and Facebook Pixel, and integrates Google Tag Manager for marketing and tracking purposes. The site is mobile-optimized with good navigation and professional design. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. No critical vulnerabilities or suspicious patterns were detected. Privacy policies and terms of service are clearly presented, supporting GDPR compliance. Overall, the website is trustworthy, professional, and aligns well with the organization's mission and public service nature.

C

Controladoria-Geral da União

portaltransparencia.gov.br

69

The Portal da Transparência do Governo Federal is an official Brazilian federal government transparency portal managed by the Controladoria-Geral da União. It provides comprehensive public access to government spending data, contracts, social benefits, employee remuneration, bidding processes, sanctions, and other fiscal information. The portal targets Brazilian citizens and stakeholders interested in government transparency and social control. It operates as an enterprise-level government service, offering open data downloads and APIs to facilitate public analysis and oversight. Technically, the website employs a modern technology stack including jQuery, Bootstrap, Google Tag Manager, and AWS hosting infrastructure. It uses the govbr design system ensuring consistent branding and accessibility. The site is mobile optimized and includes accessibility features, with good SEO and performance characteristics. The use of AWS WAF scripts indicates a security-aware hosting environment. From a security perspective, the portal enforces HTTPS with excellent SSL configuration and manages cookie consent in compliance with LGPD (Brazilian data protection law). While explicit security headers are not fully visible in the HTML, best practices are implied. No vulnerabilities or exposed sensitive data were detected. However, the site lacks a published security policy, incident response contacts, and a security.txt file, which are recommended for enhanced transparency and vulnerability management. Overall, the portal demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations. It serves as a critical tool for public accountability in Brazil. Strategic recommendations include formalizing security policies, publishing incident response contacts, enhancing security headers, and expanding transparency on data retention and privacy practices.

C

CreativeMornings

creativemornings.com

71

CreativeMornings is a globally recognized breakfast lecture series and community platform serving the creative sector. Founded in 2008, it operates in over 250 cities worldwide, offering free monthly events and online talks to foster creativity and networking. The platform targets creative individuals and companies, providing a blend of in-person and digital engagement. Technically, the website employs a modern tech stack including jQuery, Font Awesome, Google Fonts, and is hosted on Amazon AWS infrastructure. The use of Ruby on Rails is implied by the presence of authenticity tokens and CSRF protections. Security posture is solid with HTTPS, secure login mechanisms, and domain transfer protections, though DNSSEC is not enabled and no explicit security policies or incident response contacts are published. Privacy compliance is partial, lacking a cookie consent mechanism despite GDPR indicators. Overall, the site is professional, trustworthy, and well-optimized for SEO and accessibility, with room for improvement in security transparency and privacy controls.

The European Space Agency (ESA) is a well-established intergovernmental organization dedicated to space exploration, science, and technology development in Europe. The website www.esa.int serves as the official portal providing comprehensive information about ESA's missions, news, educational resources, and multimedia content. It targets a broad audience including the general public, researchers, students, and media professionals. The site demonstrates a high level of professionalism, with consistent branding and rich, relevant content that is regularly updated. Technically, the website employs modern web technologies including jQuery, FontAwesome, and Matomo analytics for user tracking. It uses HTTPS with strong SSL configuration and includes cookie consent mechanisms, indicating good privacy practices. The site is mobile-optimized and performs well with fast loading times and clear navigation. From a security perspective, the site follows best practices such as HTTPS enforcement and cookie consent but lacks explicit published security policies, incident response information, or vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. The domain WHOIS data confirms the legitimacy and long-standing presence of ESA, enhancing trustworthiness. Overall, the website is a reliable and authoritative source for space-related information from ESA, with strong business credibility and good technical and privacy compliance. Strategic improvements could include publishing detailed security policies and incident response contacts to further enhance transparency and trust.

F

Friedhelm Loh Group

friedhelm-loh-group.com

10

The Friedhelm Loh Group is a well-established, family-owned enterprise founded in 1961, specializing in manufacturing, energy, and innovative system solutions. With a global presence through 95 subsidiaries and over 12,000 employees, the group positions itself as an innovation leader and global player. The website reflects a professional corporate image with clear navigation and relevant business content targeting industrial clients and partners. Technically, the site uses legacy and modern JavaScript libraries, is hosted behind Cloudflare, and implements privacy-conscious features such as cookie consent with opt-in and conditional Google Analytics loading. Security posture is solid with HTTPS and domain transfer protection, though improvements are recommended in DNSSEC deployment and security headers. Overall, the site is trustworthy and compliant with GDPR, but lacks explicit contact and security policy information on the homepage. Strategic recommendations include enhancing security headers, enabling DNSSEC, and publishing incident response contacts to improve transparency and security readiness.

S

Studio Ploc, s.r.o.

studio-ploc.cz

62

Studio Ploc, s.r.o. is a specialized retailer of ergonomic office furniture based in the Czech Republic, offering a wide range of ergonomic chairs, desks, and conference furniture. The company emphasizes quality, user testing, and customer experience, providing additional services such as 3D visualization and consulting for office and commercial space design. Their market position is that of a niche ergonomic furniture provider with a strong local presence and a showroom in Prague. Technically, the website employs modern JavaScript libraries and tracking tools, including Google Analytics and Tag Manager, with a robust cookie consent mechanism ensuring GDPR compliance. Security posture is generally good with HTTPS enforced, though the absence of some security headers suggests room for improvement. The lack of WHOIS data is a concern for domain trust but does not detract from the professional presentation and business legitimacy. Overall, the website is well-designed, user-friendly, and compliant with privacy regulations, targeting both businesses and individual consumers seeking ergonomic solutions.

R

Rentalia

rentalia.cz

52

Rentalia is a Czech Republic based small business specializing in the rental of professional film and photography equipment, positioning itself as the largest rental service of its kind in Zlín. The company targets filmmakers, photographers, and students, offering a broad range of equipment including cameras, lighting, sound, and grip gear. The website is built on WordPress with modern technologies and includes SEO and privacy compliance features. The business model includes direct rentals and a partner platform for equipment owners to list their gear. Technically, the site is well-structured, mobile-optimized, and uses reputable third-party services such as Google Analytics and Facebook Pixel for marketing and analytics. Security posture is good with HTTPS and cookie consent mechanisms, though some security headers and explicit policies are missing. Overall, the site is professional, trustworthy, and compliant with GDPR, with clear contact information and active social media presence.

Simpleview is a well-established technology company specializing in marketing solutions and software for Destination Marketing Organizations (DMOs) and the tourism industry. Their offerings include CMS, CRM, digital marketing services, event management, and data insights. The company operates under the parent company Granicus, indicating a strong market position and backing. The website reflects a mature, professional business with a clear focus on B2B services in the tourism technology sector. Technically, the site employs modern frameworks such as Vue.js and RequireJS, uses secure HTTPS protocols, and integrates advanced analytics and marketing tools. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. Security posture is strong with proper headers and no visible vulnerabilities, though explicit security policies and incident response details could be improved. Privacy and cookie policies are present and GDPR compliant, supporting good privacy practices. Overall, the domain WHOIS data is unavailable, likely due to privacy protection, but the website's professionalism and parent company association support its legitimacy.

The International Congress and Convention Association (ICCA) operates a professional global network serving the international association meetings industry. Their website provides comprehensive resources, networking opportunities, and business intelligence services to meeting strategists, associations, and suppliers. The organization positions itself as a global leader and knowledge hub in this niche market. Technically, the website employs a modern technology stack including jQuery, Vue.js, RequireJS, and Google Tag Manager, hosted on a CMS platform likely Simpleview. The site is well-optimized for mobile and accessibility, with good SEO practices and a professional design. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy policies are comprehensive and GDPR compliant, but no explicit security policy or incident response information is publicly available. WHOIS data is unavailable due to privacy protection, which is typical for such organizations and does not detract from the site's legitimacy. Overall, the site is trustworthy, professional, and well-maintained, supporting ICCA's role as a key industry association.

AGROBAC s.r.o. is a Czech manufacturing company specializing in biologically active substances and dietary supplements, notably the low-calorie sweetener DiChrom enriched with trivalent chromium. Founded in 2006 as a transformation of a company with roots back to 1990, it serves a niche market focused on health-conscious consumers including diabetics. The company operates two production sites and emphasizes research and development with modern laboratory equipment. The website reflects a small but professional business with consistent branding and a clear product focus. Technically, the site uses jQuery and Flexslider for UI elements and is mobile optimized, though it lacks advanced SEO and accessibility features. Security posture is minimal with no visible security headers or privacy policies, and no contact emails or phone numbers are provided on the homepage. The domain WHOIS data is privacy protected, which is common for small businesses, but limits verification of registrant details. Overall, the site is functional and informative but could improve in security and compliance transparency.

Č

Česká advokátní komora

advokatiprotitotalite.cz

55

The website 'Advokáti proti totalitě' is an informational and commemorative platform operated by the Czech Bar Association (Česká advokátní komora). It focuses on honoring lawyers who opposed totalitarian regimes in Czech history, providing exhibitions, publications, conferences, and multimedia content. The target audience includes legal professionals, historians, and the Czech public interested in legal history and democratic values. The site holds a niche position within the Czech legal and historical community, operating as a non-profit educational resource. Technically, the website uses a modern but modest technology stack including jQuery, FontAwesome, Magnific Popup, FancyBox, and Google Analytics. It appears to be built on October CMS and uses the Foundation framework for responsive design. The site is mobile-optimized and performs moderately well, though accessibility and SEO optimizations are basic. HTTPS is enforced, but security headers are missing, and privacy and cookie policies are absent, indicating room for compliance improvements. From a security perspective, the site benefits from HTTPS and no visible vulnerabilities or exposed sensitive data. However, the lack of security headers and absence of privacy and cookie policies reduce its security posture and privacy compliance. No WHOIS data was retrievable, which lowers domain trustworthiness, but the official association branding and content quality provide legitimacy. No forms or contact emails are present, limiting direct user engagement and incident response capabilities. Overall, the website is a professionally presented, content-rich resource with moderate technical maturity and security posture. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and compliance. The domain registration status should be verified to ensure legitimacy and reduce risk.

Č

Česká onkologická společnost České lékařské společnosti J. E. Purkyně

linkos.cz

44

The website www.linkos.cz represents the official portal of the Czech Oncology Society (Česká onkologická společnost České lékařské společnosti J. E. Purkyně), a reputable non-profit organization dedicated to oncology education, patient support, and professional collaboration in the Czech Republic. It serves multiple audiences including oncologists, patients, families, and the general public with comprehensive resources on cancer prevention, treatment, and research. The site is well-structured with clear navigation and rich content relevant to its mission. Technically, the website employs standard web technologies such as jQuery and Facebook SDK for social media integration. It uses HTTPS ensuring encrypted communication, and implements a cookie consent mechanism compliant with GDPR requirements. While no advanced security headers were detected in the provided data, the site demonstrates basic security hygiene. The site is mobile-optimized and provides a good user experience with professional design and clear content presentation. From a security perspective, the site shows no signs of vulnerabilities or malicious content. The lack of WHOIS data is likely due to privacy protection common for non-profit entities and does not detract from the site's legitimacy. However, improvements could be made by adding explicit security policies, incident response contacts, and enhancing security headers. Overall, the site maintains a good security posture appropriate for its informational and educational role. The overall risk assessment is low, with the site being a trustworthy source of oncology information in the Czech Republic. Strategic recommendations include enhancing security headers, publishing clear security and incident response policies, and improving accessibility features to meet broader compliance standards.

L

Lviv Travel

lviv.travel

22

Lviv Travel operates as the official tourism website for the city of Lviv, Ukraine, providing comprehensive travel information, event listings, guides, and city services such as the Lviv City Card. The website targets tourists and visitors seeking cultural, historical, and practical information about Lviv. It holds a strong market position as an authoritative source backed by city branding and structured data. Technically, the site employs a modern technology stack including jQuery, Bootstrap, Google Tag Manager, and multiple analytics tools, ensuring a responsive and content-rich user experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and explicit security policies could be improved. Privacy compliance is basic with a cookie consent mechanism and a privacy policy available, but GDPR compliance indicators are minimal. Overall, the site demonstrates good business credibility with clear contact information and professional content.

G

GSKlub.cz

gsklub.cz

65

GSKlub.cz is a Czech Republic-based e-commerce platform specializing in the sale of dietary supplements. It positions itself as one of the largest online sellers in its market segment, offering exclusive products for all age groups directly from manufacturers. The website is built on WordPress with WooCommerce, leveraging a range of modern marketing and analytics tools such as Google Analytics, Hotjar, and Meta Pixel. The site implements a comprehensive cookie consent mechanism via Cookiebot, reflecting a commitment to privacy compliance. However, the absence of a visible privacy policy and WHOIS data gaps present some concerns regarding transparency and domain legitimacy. Technically, the site is well-structured, mobile-optimized, and uses HTTPS, but could improve security headers and explicit privacy documentation.

V

Vinotéka Děčín - Domů

vinotekadecin.cz

54

Vinotéka Děčín is a small local wine retailer and event organizer based in the Czech Republic, specializing in wine sales and hosting wine tasting events featuring regional wineries. The website is professionally designed with good content quality and clear navigation, targeting wine enthusiasts and local customers. Technically, the site uses a Mozello CMS platform with jQuery and other JavaScript libraries, hosted on Amazon Cloudfront CDN, providing moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and a privacy policy. The absence of WHOIS data due to privacy protection is typical for small businesses and does not raise immediate concerns. Overall, the site is trustworthy but could improve privacy compliance and security practices.

K

Ráj korálků, perlí, skla a jablonecké bižuterie. Korálková dílna pro děti.

kristalovyraj.cz

52

The website kristalovyraj.cz represents a retail business specializing in Czech glass, jewelry, and related decorative products, including a creative bead workshop for children. It positions itself as the largest Czech glass and jewelry retail center in Central Europe, targeting a general audience primarily within the Czech Republic. The business model focuses on in-person retail sales combined with experiential creative workshops, supported by partnerships with local cultural and tourism organizations. Technically, the website is built on the Mozello CMS platform, utilizing common JavaScript libraries such as jQuery and Fancybox, and is hosted via Amazon CloudFront CDN. The site demonstrates good mobile optimization and basic SEO practices but lacks advanced security headers and explicit privacy and terms of service documentation. Cookie consent mechanisms are implemented, linking to a cookie policy hosted on the Mozello platform. From a security perspective, the site uses HTTPS (assumed from CDN usage), but no security headers were detected in the provided data. There is no exposed sensitive data or known vulnerabilities from the analysis, but the absence of WHOIS data and domain registration details reduces trustworthiness. No contact emails or phone numbers are explicitly provided, limiting direct communication channels. Overall, the security posture is moderate but could be improved with better transparency and security best practices. The overall risk assessment suggests the website is functional and legitimate based on content and partner affiliations but lacks critical domain registration transparency and formal privacy documentation. Strategic recommendations include publishing privacy and terms policies, enhancing security headers, and providing clear contact information to improve trust and compliance.

O

onWebChat

onwebchat.com

67

onWebChat is a technology company specializing in AI-powered live chat and chatbot software designed to enhance customer support and boost sales for businesses. The company offers a SaaS model with free and paid subscription plans, including a Pro AI plan with advanced features. Their platform supports multiple integrations with popular CMS and e-commerce systems and provides native mobile applications for Android and iOS, indicating a mature and versatile product offering. The website is professionally designed, mobile-optimized, and rich in relevant content, targeting businesses seeking to improve customer engagement through AI-driven chat solutions. Technically, the site uses modern web technologies including jQuery, Socket.IO, Bootstrap, and Google Tag Manager, ensuring a responsive and interactive user experience. Security-wise, the site enforces HTTPS with a reputable SSL certificate and implements cookie consent mechanisms, but lacks visible security headers and explicit incident response policies. The absence of WHOIS registration data reduces transparency but does not significantly detract from the site's legitimacy given the professional presentation and trust indicators such as user testimonials and social media presence. Overall, onWebChat demonstrates a solid digital maturity with room for improvement in security policy transparency and WHOIS data availability.

T

TASR administrácia

imporel.com

58

The website imporel.com serves as an administrative login portal for TASR, a media organization likely based in Slovakia. It provides access to various internal modules related to media content management, including polls, politicians, events, emails, and charts. The platform is built as a Single Page Application using AngularJS and integrates several third-party libraries and services such as Google Analytics and Google Maps API. The domain is well maintained with a consistent registration history dating back to 2015. From a technical perspective, the website employs a moderately modern technology stack but relies on AngularJS, which is deprecated and may pose future maintenance and security challenges. The site is served over HTTPS with Cloudflare DNS, but lacks several important security headers such as Content-Security-Policy and X-Frame-Options. Performance and mobile optimization are basic but functional. Security posture is adequate with HTTPS enforced and no visible sensitive data exposure. However, the absence of comprehensive privacy and cookie policies, as well as missing security headers, reduces compliance and security maturity. No WAF or blocking mechanisms are detected, and the site is accessible without restrictions. Overall, the website is a professional internal tool with moderate security and compliance maturity. Strategic improvements in privacy compliance, security headers, and modernization of the technology stack are recommended to enhance security and trustworthiness.

Soufflet Agro a.s. is a well-established agricultural company based in the Czech Republic, founded in 2003. The company specializes in providing certified seeds, agricultural machinery, plant nutrition products, technical consulting, and commodity trading services. Their website reflects a professional and consistent brand presence targeting farmers and agribusiness clients. The company maintains active social media channels and regularly updates news and events, reinforcing its market position. Technically, the website employs a mix of legacy and modern web technologies including AngularJS, jQuery, and Django integration. While the site is mobile-optimized and includes cookie consent mechanisms, the use of older AngularJS versions and lack of explicit security headers present potential security risks. Analytics and marketing tools such as Google Analytics and Facebook Pixel are used with user consent. From a security perspective, the site uses HTTPS (implied by external scripts loaded over HTTPS) and cookie consent banners, but lacks visible security policies or incident response contacts. The WHOIS data confirms domain legitimacy with consistent registration details and a long operational history. No WAF or blocking mechanisms were detected, allowing full content access. Overall, the website scores well on business credibility and content quality but could improve in privacy compliance and security posture. Strategic enhancements in security headers, updated frameworks, and published policies would strengthen trust and compliance.

M

Měšťanský pivovar v Poličce, a.s.

pivovar-policka.cz

46

Měšťanský pivovar v Poličce, a.s. is a Czech brewery specializing in the production and sale of various traditional beer types, including light and dark beers, strong beers, and non-alcoholic options. The company also engages in sustainable energy initiatives such as photovoltaic systems. The website targets local consumers and business partners, providing detailed product information, employment opportunities, and contact details primarily via phone. The digital infrastructure includes modern analytics tools like Google Tag Manager and TikTok pixels, indicating a moderate level of digital maturity. Security measures include an age verification gate to comply with alcohol sales regulations, but lack explicit privacy policies and security headers, which are areas for improvement. The absence of WHOIS data reduces transparency and trust, though the website content and business presentation appear professional and consistent with a medium-sized manufacturing entity.

P

PHP7.Hosting

php7.hosting

59

PHP7.Hosting is a small technology company specializing in PHP web hosting services, offering support for PHP versions 5.3 through 7.3 with real-time switching capabilities. The company also provides domain registration, automated SSL certificates via Let's Encrypt, email services, DNSSEC, and URL redirection. Their market position is niche, targeting developers and businesses requiring flexible PHP hosting solutions. The website is professionally designed with good navigation and mobile optimization, leveraging modern frontend technologies such as Bootstrap and jQuery. However, no CMS or hosting provider details are explicitly identified. Security-wise, the site supports HTTPS with automated SSL but lacks visible security headers and published security or incident response policies, indicating room for improvement. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site is functional and trustworthy but would benefit from enhanced compliance and security transparency.

The website tlds.africa operates as a domain registration service specializing in African country code top-level domains (ccTLDs) and a broad range of other domain extensions. It targets individuals and businesses seeking to establish an African online identity through domain registrations. The business is relatively small, founded in 2017, and operates under a privacy-protected domain registration, which is common in this industry. The site provides clear domain pricing, a domain search function, and contact information, positioning itself as a niche regional registrar with a focus on African domains. Technically, the website employs a standard modern web technology stack including jQuery, Bootstrap, Popper.js, and FontAwesome, ensuring a responsive and user-friendly interface. The site is mobile optimized and has a moderate performance profile. However, it lacks advanced SEO and accessibility features, and no CMS is detected. Hosting is provided by Gransy s.r.o., a known registrar and hosting provider. From a security perspective, the site uses HTTPS but lacks DNSSEC and important security headers, which are recommended to enhance domain and web security. There is no visible privacy or cookie policy, which is a compliance gap especially under GDPR. Incident response and vulnerability disclosure mechanisms are not present, indicating room for improvement in security posture and transparency. Overall, the website is functional and professional but would benefit from enhanced security measures, privacy compliance improvements, and better transparency to increase trustworthiness and regulatory adherence.

S

Sirius investiční společnost a.s.

siriusis.cz

48

Sirius investiční společnost a.s. is a Czech investment company specializing in alternative investments for qualified investors. The company manages multiple sub-funds focused on hedge funds, distressed credit, real estate loans, and other alternative strategies, aiming to provide diversified portfolios with attractive risk-return profiles and low correlation to traditional financial markets. The website presents detailed fund performance data, downloadable official documents, and clear contact information, reflecting a professional and trustworthy business presence. Technically, the site uses jQuery, Snap.svg, and Google Maps API, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled but lacks some security headers and explicit privacy or cookie policies. Overall, the site is accessible, content-rich, and targets a niche investor audience in the Czech Republic.

K

Kubík, akciová společnost

kubik.cz

51

Kubík a.s. is a well-established Czech company with a diversified portfolio spanning retail and wholesale food, textile sales, engineering construction, quick service food, travel services, art gallery operations, real estate development, and property rental. The company targets a broad audience including general consumers and business clients within the Czech Republic. The website reflects a medium-sized enterprise with consistent branding and a professional online presence. Technically, the site employs a modern technology stack including Bootstrap, jQuery, Google Analytics, and reCAPTCHA, hosted via WEDOS, a reputable Czech hosting provider. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and uses cookie consent with an opt-in mechanism, indicating GDPR compliance awareness. However, it lacks explicit security headers and published security policies or incident response contacts, which are areas for improvement. Overall, the domain age and WHOIS data support the legitimacy and trustworthiness of the business.

E

EPRAVO.CZ, a.s.

epravo.cz

51

EPRAVO.CZ, a.s. operates a well-established Czech legal information portal providing comprehensive legal content including laws, court decisions, articles, and educational resources. The platform targets legal professionals and the general public interested in law, offering subscription-based premium services and an e-shop for courses and publications. The website demonstrates a mature digital infrastructure utilizing modern web technologies such as jQuery, Bootstrap, and various analytics and marketing tools. Security posture is solid with HTTPS enforcement, bot protection via Cloudflare Turnstile, and cookie consent mechanisms, although some security headers could be improved. The absence of WHOIS data reduces domain registration transparency but does not detract from the professional presentation and trust signals evident on the site. Overall, the site is a credible and valuable resource in the Czech legal domain.