Security Directory

A

Arbeitskreis für Jugendliteratur e.V.

jugendliteratur.org

58

Arbeitskreis für Jugendliteratur e.V. is a German non-profit organization dedicated to promoting youth literature through awards such as the Deutscher Jugendliteraturpreis, publications, and various cultural activities. The website serves as an information hub for these initiatives, targeting educators, authors, publishers, and youth literature enthusiasts. The organization appears established within its niche, offering specialized services and community engagement opportunities. Technically, the website employs modern JavaScript libraries including Matomo for analytics and a cookie management system that respects user consent, particularly for marketing cookies. The site is mobile-optimized with good navigation and SEO practices, although no specific CMS or hosting provider was identified. Performance is moderate, and accessibility is basic but functional. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms to manage tracking. However, no explicit security headers were detected, and there is no public incident response or vulnerability disclosure information. The absence of WHOIS data limits domain trust verification, but the website content and structure suggest legitimacy. No adult or inappropriate content is present, making the site safe for general audiences. Overall, the site scores well in content quality, privacy compliance, and business credibility but could improve in security best practices and transparency. Strategic recommendations include implementing security headers, publishing incident response details, and enhancing accessibility features to strengthen trust and compliance.

G

Gerstenberg Verlag GmbH & Co. KG

die-kleine-raupe-nimmersatt.de

61

Gerstenberg Verlag GmbH & Co. KG is a reputable German publishing company specializing in children's literature, notably the internationally acclaimed 'Die kleine Raupe Nimmersatt' by Eric Carle. The website serves as a blog and information portal for their publications, events, and educational content, targeting parents, educators, and children. Their market position is that of an established niche publisher with a strong brand presence and consistent content quality. Technically, the website is built on WordPress with Bootstrap framework, enhanced by Matomo analytics for user tracking. The site is hosted likely by Deutsche Telekom, uses HTTPS with good SSL configuration, and demonstrates moderate performance and good mobile optimization. SEO and accessibility are adequately addressed, though some accessibility features could be improved. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms, and avoids exposing sensitive data. However, it lacks some advanced security headers and does not publish a formal security policy or incident response contacts. No vulnerabilities or suspicious patterns were detected in the content or WHOIS data, indicating a solid security posture. Overall, the website is professional, trustworthy, and compliant with GDPR and privacy standards. It provides a safe environment focused on children's educational content. Strategic recommendations include enhancing security headers, publishing security policies, and continuous monitoring of third-party scripts to maintain security and compliance.

A

Altimax

altimax.com

49

Altimax is a French digital agency specializing in strategy, web development, social media, SEO, and audiovisual production. Based in Annecy, France, the company serves both BtoB and BtoC clients nationally and internationally. The website demonstrates a mature digital presence with a professional design, comprehensive service offerings, and active client case studies. Technically, the site is built on WordPress with modern JavaScript libraries and analytics tools, ensuring good performance and user experience. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. The absence of WHOIS registration data is a notable anomaly that slightly impacts trust but does not outweigh the professional presentation and compliance indicators. Overall, Altimax presents as a credible and established digital agency with room for minor security enhancements.

M

Montpellier Méditerranée Métropole et ville de Montpellier

montpellier.fr

68

Montpellier Méditerranée Métropole and the city of Montpellier operate an official government website serving residents, visitors, and stakeholders with comprehensive information on local governance, public services, urban projects, and citizen participation. The website is well-structured, professionally designed, and targets a broad audience including citizens and businesses within the metropolitan area. Technically, the site is built on Drupal 10, employs modern JavaScript libraries, and integrates Matomo analytics with privacy considerations such as Do Not Track. Security posture is good with HTTPS enforced and no exposed sensitive data, though explicit security headers and privacy policies are not clearly present in the analyzed content. The absence of WHOIS data limits domain registration trust analysis, but the official .fr domain and consistent branding support legitimacy. Overall, the site demonstrates a mature digital presence appropriate for a large government entity.

V

Ville de Tours

tours.fr

55

The website www.tours.fr is the official digital presence of the city of Tours, France, serving as a comprehensive portal for municipal information, citizen services, news, and events. It targets residents, visitors, businesses, and community organizations, providing access to administrative procedures, cultural activities, and participatory governance platforms. The site is well-branded with official logos and consistent design, reflecting its government entity status. Technically, the site is built on WordPress 6.7.2, leveraging modern web technologies such as jQuery, Matomo analytics, and a cookie consent framework (Tarteaucitron). The site demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. Security is robust with HTTPS enforced and privacy compliance evident through GDPR-aligned cookie consent and a detailed privacy policy. Security posture is strong, though the absence of explicit security headers and incident response contacts suggests areas for improvement. No vulnerabilities or suspicious content were detected. The lack of WHOIS data limits domain registration trust assessment, but the official nature and content quality strongly support legitimacy. Overall, the site presents a trustworthy, professional, and user-friendly government portal with minor technical and security enhancements recommended to further strengthen its posture.

Tours Métropole Val de Loire is the official metropolitan government entity serving the Tours metropolitan area in France. The website provides comprehensive information about local government services, urban projects, ecological initiatives, and citizen services. It targets residents and stakeholders within the metropolitan region, offering online access to administrative procedures and event information. The site is well-positioned as a regional authority with a clear public service mission. Technically, the website is built on Drupal 7 CMS with a modern JavaScript stack including jQuery, Slick carousel, and Matomo analytics. It demonstrates good mobile optimization, accessibility, and SEO practices. The presence of a cookie consent banner and privacy policy indicates compliance with EU data protection regulations. However, the site lacks some advanced security headers and explicit security or incident response policies. Security posture is generally good with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. The use of Matomo analytics with DoNotTrack enabled shows privacy-conscious tracking. The absence of WHOIS data is a concern but likely due to AFNIC or privacy settings rather than malicious intent. Overall, the site appears trustworthy and professionally maintained. Recommendations include adding security headers, publishing a security policy and incident response contact, and ensuring regular CMS and module updates to maintain security. Enhancing transparency with a vulnerability disclosure policy would further improve trust. The domain WHOIS gap should be investigated to confirm registration legitimacy.

V

Ville de Vandœuvre

vandoeuvre.fr

52

The website www.vandoeuvre.fr serves as the official digital presence for the city of Vandœuvre-les-Nancy in France, providing residents and visitors with access to municipal news, event agendas, and a variety of online administrative services. The site targets a broad audience including families, seniors, students, and local businesses, positioning itself as a comprehensive resource for community engagement and public service delivery. The business model is typical of government websites, focusing on information dissemination and facilitating citizen interactions with municipal services. Technically, the site is built on WordPress CMS, leveraging popular plugins such as Yoast SEO for search optimization and Matomo for privacy-conscious analytics. The inclusion of libraries like jQuery, PhotoSwipe, and Leaflet indicates a moderately modern tech stack aimed at enhancing user experience with interactive elements such as maps and image galleries. The site demonstrates good mobile optimization and accessibility features, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR principles, allowing users granular control over tracking. However, the absence of explicit security headers and lack of visible privacy policy or terms of service pages represent areas for improvement. The WHOIS data is notably missing, which is unusual for an official municipal domain and slightly detracts from the domain's trustworthiness. Overall, the site is a well-structured, professional municipal portal with solid technical foundations and a focus on user privacy. Strategic enhancements in security policy transparency and domain registration clarity would further strengthen its credibility and compliance posture.

V

Ville de Nancy

nancy.fr

69

The website www.nancy.fr is the official digital portal for the Ville de Nancy, France, providing comprehensive information and services related to municipal administration, cultural events, public services, and citizen engagement. It serves a broad audience including residents, visitors, families, students, and local businesses. The site is well-positioned as the authoritative source for city-related information and services, leveraging a public service business model focused on transparency and accessibility. Technically, the site is built on TYPO3 CMS with modern front-end technologies such as Bootstrap, jQuery, Vue.js, and Swiper for interactive components. It employs Matomo for analytics and uses a robust cookie consent management system (tarteaucitron) to comply with GDPR. The site is mobile-optimized, accessible, and demonstrates good SEO practices. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but could improve by adding additional security headers and publishing explicit security policies or incident response contacts. No vulnerabilities or WAF blocking were detected, indicating a mature security posture suitable for a government website. Overall, the site is professional, trustworthy, and compliant with privacy regulations, making it a reliable resource for its users. Strategic recommendations include enhancing security headers, publishing a security policy, and maintaining regular audits of third-party scripts to sustain security and compliance.

M

Métropole du Grand Nancy

grandnancy.eu

69

The Métropole du Grand Nancy website serves as the official digital presence for the metropolitan government of the Grand Nancy region in France. It provides comprehensive information about metropolitan governance, urban planning, public transportation, cultural events, and citizen services. The site targets residents, visitors, and local businesses, offering a broad range of public sector services and information. The website is well-positioned as a trusted government resource with a consistent brand and professional content. Technically, the site is built on TYPO3 CMS with modern front-end frameworks including Bootstrap and Vue.js, ensuring a responsive and user-friendly experience. It integrates analytics via Matomo and manages cookie consent effectively with the Tarteaucitron tool. The site demonstrates good mobile optimization and SEO practices, although some accessibility improvements could be made. From a security perspective, the website enforces HTTPS and employs cookie consent mechanisms, but lacks some advanced security headers and a published security policy or vulnerability disclosure program. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy-protected, which is typical for government-related domains, and no suspicious patterns were found. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation. Strategic recommendations include enhancing security headers, publishing a security policy, and improving accessibility compliance to further strengthen trust and security posture.

The Mecklenburg-Prignitzer Elektrogemeinschaft (m-peG) is a regional professional community focused on the electrical trade sector in Mecklenburg-Vorpommern, Germany. It serves as a platform for electrical installation companies and related stakeholders to collaborate, access training, and participate in industry events. The website reflects a well-structured, professional presence with clear navigation and relevant content tailored to its target audience of trade professionals and members. The business model centers on membership and event-based revenue streams, supported by partnerships with regional industry associations and companies. Technically, the website is built on Django CMS with modern frontend technologies including Bootstrap 5 and Swiper.js for interactive elements. It employs Matomo for analytics, indicating a preference for privacy-conscious tracking. The site is mobile-optimized and performs moderately well, though some accessibility features could be enhanced. Security practices include HTTPS enforcement and CSRF protection on forms, but lack explicit security headers and cookie consent mechanisms. From a security perspective, the site demonstrates a solid baseline posture with no evident vulnerabilities or exposed sensitive data. However, the absence of a cookie consent banner and security policy documentation suggests room for improvement in GDPR compliance and transparency. The WHOIS data is minimal but consistent with the website's regional focus, supporting legitimacy. Overall, the site is trustworthy and professional but would benefit from enhanced privacy and security disclosures. Strategically, the organization should prioritize implementing cookie consent mechanisms, publishing security policies, and adding vulnerability disclosure information to strengthen compliance and user trust. Enhancing accessibility and security headers will further improve the site's robustness and reputation.

D

Deutsche Bahn AG

deutschebahn.com

71

Deutsche Bahn AG operates as Germany's leading railway company, offering comprehensive passenger and freight transportation services, infrastructure management, and innovative mobility solutions. The website reflects a mature digital presence with a professional design, clear navigation, and extensive content covering corporate information, sustainability, digitalization, and business units. The company targets a broad audience including customers, investors, and partners, positioning itself as a key player in the European transportation sector. Technically, the site leverages modern technologies such as CoreMedia CMS, Matomo analytics, and Usercentrics for consent management, ensuring compliance with GDPR and providing a good user experience across devices. The security posture is strong with HTTPS enforcement and security headers, although explicit security policies and incident response contacts are not published. Overall, the website is trustworthy and professionally maintained, though the WHOIS data for the queried domain variant is missing, which warrants verification. The site does not exhibit any adult or questionable content and maintains good privacy compliance. Strategic recommendations include publishing detailed security policies, incident response information, and vulnerability disclosure mechanisms to enhance transparency and trust.

D

Deutsche Bahn AG

db-ersatzverkehr.de

61

The website 'Ersatzverkehr bei Generalsanierungen' is an official informational portal operated by Deutsche Bahn AG, focusing on replacement bus services during major rail infrastructure renovations in Germany. It serves travelers and freight customers by providing timely updates, travel alternatives, and detailed information about ongoing and upcoming construction projects. The site leverages a modern technical infrastructure including CoreMedia CMS, Usercentrics for cookie consent, and Matomo for privacy-conscious analytics. The design is professional, mobile-optimized, and accessible, reflecting Deutsche Bahn's strong brand identity and commitment to user experience. Security posture is solid with HTTPS enforced and no exposed sensitive data, though explicit security policies and incident response contacts are not published. Overall, the domain registration and website content are consistent and trustworthy, supporting a high legitimacy score.

G

GL events

gl-events.com

65

GL events is a large, internationally active event management company based in France, offering integrated services across event conception, venue management, and exhibitions. The website is professionally designed using Drupal 8, with modern technologies such as YouTube API, Matomo analytics, and accessibility tools. Privacy and cookie policies are comprehensive and GDPR compliant, with an active consent mechanism. Security posture is good with HTTPS and no exposed sensitive data, but lacks explicit security headers and published security policies. WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional appearance and content quality of the site. Overall, the website presents a strong digital presence but would benefit from improved transparency in domain registration and security disclosures.

N

NordSüd Verlag AG

nord-sued.com

50

NordSüd Verlag AG is a well-established Swiss children's book publisher with a strong market presence and a comprehensive digital platform. The website showcases a rich catalog of children's books, events, and related materials, targeting a general audience including parents, educators, and book enthusiasts. The company leverages modern web technologies including WordPress, WooCommerce, and Matomo analytics to provide a performant and user-friendly experience. Security posture is solid with HTTPS enforced and reCAPTCHA implemented, though DNSSEC is not enabled, representing an area for improvement. Privacy compliance is robust with clear cookie consent and a comprehensive privacy policy. Overall, the website reflects a professional and trustworthy business with consistent branding and high-quality content.

G

Gerstenberg Verlag GmbH & Co. KG

gerstenberg-verlag.de

10

Gerstenberg Verlag GmbH & Co. KG is a well-established German publishing house specializing in children's literature, including iconic titles such as Eric Carle's 'Die kleine Raupe Nimmersatt' and Rotraut Susanne Berners Wimmelbücher. The company also publishes adult books focusing on culture, nature, lifestyle, and culinary topics, complemented by a range of papeterie products. The website serves as an e-commerce platform for these offerings and maintains a strong market position in the German and international children's book market. Technically, the website is built on the OXID eShop CMS platform, employs modern JavaScript libraries, and integrates Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized with clear navigation and professional design. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers and explicit security policies are absent. Overall, the site is trustworthy, professional, and compliant with GDPR requirements.

R

Regentalbahn GmbH

alex.info

57

The website www.laenderbahn.com/alex/ represents the alex regional train service operated by Regentalbahn GmbH, a subsidiary of the Netinera group. It offers daily direct train connections between Germany and the Czech Republic, targeting commuters and travelers in this region. The site provides comprehensive travel information, ticket sales, real-time updates, and customer service resources. The business model focuses on regional transportation services with a strong emphasis on customer convenience and cross-border connectivity. Technically, the website is built on Craft CMS and employs modern JavaScript libraries and frameworks such as jQuery and Mmenu for mobile navigation. It integrates multiple analytics and tracking tools including Matomo, Google Tag Manager, Facebook Pixel, and Hotjar, all managed with a cookie consent mechanism to comply with privacy regulations. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. From a security perspective, the website enforces HTTPS and uses CSRF tokens to protect forms. While explicit HTTP security headers were not detected in the provided data, the site follows best practices in data protection and privacy compliance, including a comprehensive privacy policy and cookie management. No vulnerabilities or exposed sensitive data were found. However, the absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website branding and content strongly indicate a legitimate business. Overall, the site is professional, trustworthy, and well-maintained, serving its target audience effectively. The main risk lies in the missing WHOIS registration data, which should be verified externally. Strategic recommendations include enhancing HTTP security headers, publishing a vulnerability disclosure policy, and providing explicit incident response contacts to further strengthen security posture.

R

Regentalbahn GmbH

vogtlandbahn.de

57

The website www.laenderbahn.com/vogtlandbahn/ represents the Vogtlandbahn, a regional passenger rail service operating in the Vogtland region of Germany. It is part of Regentalbahn GmbH and affiliated with the parent company Netinera. The site offers comprehensive information on train schedules, ticketing options, real-time departure data, and customer services, targeting regional travelers and commuters. The business model focuses on providing reliable and comfortable regional rail transport connecting multiple cities and towns. The website is professionally designed with consistent branding and clear navigation, supporting a positive user experience. From a technical perspective, the site employs modern web technologies including JavaScript libraries, Matomo analytics, Google Tag Manager, and Facebook Pixel for tracking and marketing. It is built on Craft CMS and demonstrates good mobile optimization and accessibility features. Security is well addressed with HTTPS enforcement, security headers, and CSRF protection, though there is room for improvement in publishing explicit security policies and incident response information. The security posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy compliance is robust, featuring a comprehensive privacy policy and cookie consent mechanisms aligned with GDPR requirements. Contact information is clearly provided, including phone numbers and physical addresses, enhancing business credibility. Overall, the website is a trustworthy and professional digital presence for a regional transportation provider. However, the absence of WHOIS registration details introduces some uncertainty about domain legitimacy, warranting further verification. Strategic recommendations include publishing a dedicated security policy, establishing a vulnerability disclosure program, and enhancing incident response transparency to further strengthen trust and compliance.

O

Osthannoversche Eisenbahnen Aktiengesellschaft

ohe-ag.de

53

Osthannoversche Eisenbahnen Aktiengesellschaft (OHE) is a well-established transportation company based in Germany, specializing in regional rail and bus services primarily in Niedersachsen. Founded in 1944, OHE operates workshops and infrastructure services, positioning itself as a key regional player with a strong focus on reliability and customer satisfaction. The website reflects a professional digital presence with clear business information and a user-friendly interface. Technically, the site uses modern web technologies including Craft CMS, jQuery, and FontAwesome, hosted behind Cloudflare DNS services, and integrates Matomo for privacy-conscious analytics. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though formal security policies and incident response contacts are absent. Overall, the site is trustworthy, compliant with GDPR, and well-optimized for users.

D

Die Länderbahn GmbH DLB

laenderbahn.com

59

Die Länderbahn GmbH DLB is a well-established private railway company operating regional passenger transport services in Germany and the Czech Republic. With a history spanning over 130 years and multiple regional brands such as alex, trilex, and vogtlandbahn, the company holds a strong market position in the transportation sector. It is a subsidiary of NETINERA Deutschland GmbH, indicating a solid corporate backing. The website provides comprehensive information about the company’s services, history, and career opportunities, targeting both customers and potential employees. Technically, the website is built on a modern CMS platform (Craft CMS) and employs various analytics and marketing tools including Matomo, Google Tag Manager, Facebook Pixel, and Hotjar. The site is mobile-optimized with good SEO practices and a clear navigation structure. Security measures such as HTTPS and CSRF tokens are implemented, though some security headers and explicit incident response policies are absent. From a security and compliance perspective, the website includes a detailed privacy policy and cookie consent mechanism compliant with GDPR. However, the absence of WHOIS data for the domain raises questions about domain registration transparency, although the website content and branding strongly support legitimacy. No critical vulnerabilities or adult content were detected, and the site maintains a professional and trustworthy online presence. Overall, the website reflects a mature digital presence for a transportation company with good technical and privacy practices. Strategic improvements in security headers and public incident response information could further enhance trust and compliance.

M

Mediactive Events

mediactive-events.com

63

Mediactive Events is a French-based company specializing in event technology, digital platforms, and network infrastructure for corporate and large-scale events. With over 30 years of experience, they serve a prestigious client base including major corporations and public institutions. Their key services include corporate events, trade shows and congresses, and event venue connectivity solutions. The company positions itself as a technology expert in the event industry, offering premium digital and network services to demanding brands. Technically, the website employs modern JavaScript libraries, uses Matomo for privacy-conscious analytics, and is hosted on a dedicated CDN. The site is well-structured with rich metadata and structured data, supporting SEO and user experience. Security posture is good with HTTPS and cookie-less analytics, but lacks some security headers and public security policies. The absence of WHOIS registrant data is a concern but the professional presentation and client list support legitimacy. Overall, the website is a strong digital asset for the company but would benefit from enhanced privacy and security disclosures.

F

Foire de Marseille

foiredemarseille-lavitrine.com

50

The website www.foiredemarseille-lavitrine.com serves as the official exhibitor platform for the Foire de Marseille event scheduled from September 26 to October 6, 2025. It provides visitors and exhibitors with essential information including exhibitor listings and product promotions. The platform is positioned as a regional event tool, operated under the umbrella of GL Events, a recognized event organizer. The website demonstrates a good level of content quality and user experience, with clear navigation and mobile optimization. Technically, it is built on WordPress CMS, utilizing standard libraries such as FontAwesome and Matomo for analytics, and incorporates GDPR-compliant cookie consent mechanisms. Security posture is adequate with HTTPS enforced, but lacks some advanced security headers and explicit incident response information. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website content and branding suggest a legitimate business presence. Overall, the site is functional and professional but would benefit from enhanced security practices and clearer contact information.

S

S-Bahn Berlin GmbH

sbahn-ebe.de

68

S-Bahn Berlin GmbH operates a dedicated online portal for managing the increased fare enforcement payments (Erhöhtes Beförderungsentgelt - EBE). The portal facilitates secure and quick payment of fines, submission of personalized tickets for review, and customer support for related inquiries. The website is professionally designed, mobile-optimized, and provides comprehensive FAQs and contact options, reflecting a mature digital presence for a public transportation entity. Technically, the site uses Drupal CMS, integrates UserCentrics for consent management, and employs Matomo for analytics, indicating a focus on privacy and compliance. Security measures include HTTPS, Content Security Policy with nonce, and CAPTCHA protections, contributing to a strong security posture. The domain WHOIS data is privacy protected but consistent with legitimate business use. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance with GDPR and other regulations.

C

Commission de Surveillance du Secteur Financier

cssf.lu

76

The Commission de Surveillance du Secteur Financier (CSSF) is a public institution responsible for supervising professionals and products within the Luxembourg financial sector. It serves both professionals and consumers by providing regulatory frameworks, publications, and guidance. The CSSF holds a key market position as Luxembourg's financial regulatory authority, offering services such as supervision of financial entities and dissemination of financial data. The website targets financial sector stakeholders and consumers seeking authoritative information and regulatory updates. Technically, the website is built on WordPress, utilizing modern web technologies including jQuery and Font Awesome, and integrates Matomo for analytics. The site demonstrates good digital maturity with responsive design, accessibility features, and a cookie consent mechanism compliant with GDPR. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and employs cookie-based security measures. However, explicit HTTP security headers are not detected, and no public security or incident response policies are found. No vulnerabilities or exposed sensitive data are evident. The absence of WHOIS data limits domain trust verification, but the official nature and content quality support legitimacy. Overall, the CSSF website is a professional, secure, and compliant platform serving as a trusted source for financial regulation in Luxembourg. Strategic recommendations include enhancing HTTP security headers, publishing security policies, and improving WHOIS transparency to strengthen trust and security posture.

L

Landesnahverkehrsgesellschaft Niedersachsen mbH

lnvg.de

46

The Landesnahverkehrsgesellschaft Niedersachsen mbH (LNVG) is a government-affiliated organization responsible for planning, financing, and managing public transportation services in the German state of Niedersachsen. The website serves as an information hub for passengers, transport operators, and stakeholders, providing comprehensive details on regional rail and bus services, funding programs, infrastructure projects, and regulatory frameworks. The company holds a significant market position as a key public transport authority in the region. Technically, the website is built on TYPO3 CMS, a robust and widely used content management system, ensuring maintainability and scalability. The site employs Matomo analytics with an opt-out mechanism, reflecting a moderate level of privacy awareness. The site is mobile-optimized, accessible, and SEO-friendly, with a clear navigation structure and professional design. From a security perspective, the site uses HTTPS with a Content-Security-Policy header, indicating good baseline security practices. However, it lacks explicit cookie consent mechanisms and published security or incident response policies, which are areas for improvement. No vulnerabilities or suspicious content were detected. Overall, the website is trustworthy, professional, and well-aligned with its public service mission. Strategic enhancements in privacy compliance and security transparency would further strengthen its posture.

Q

Qube AG

itds.ch

64

Qube AG operates as a web and advertising agency based in Switzerland, specifically targeting the Aarau and Bern regions. Their website presents a professional image focused on branding, corporate communication, and digital strategy services. The company appears to serve businesses and organizations seeking creative and digital marketing solutions. The website is well-structured with modern design elements and uses technologies such as FontAwesome, Vimeo player, and analytics tools like Matomo and Google Tag Manager. However, the absence of visible privacy and cookie policies and lack of explicit contact information limit the transparency and compliance posture of the site. Security headers are not detected, indicating room for improvement in security hardening. The WHOIS data is unavailable or privacy protected, which is common for small agencies but reduces trust signals. Overall, the site is functional and professional but could benefit from enhanced privacy, security, and contact transparency to improve trust and compliance.

Q

Qube AG

qube.ag

64

Qube AG operates as a web and advertising agency based in Aarau and Bern, Switzerland, offering services including branding, corporate communication, digital strategy, and web design. The company targets business clients seeking professional digital and advertising solutions within the Swiss market. The website reflects a small, regionally focused agency with consistent branding and good content quality. The technical infrastructure includes modern web technologies such as Vimeo for video content, FontAwesome for icons, and analytics tools like Matomo and Google Tag Manager, indicating a moderate level of digital maturity. However, the absence of visible privacy and cookie policies, as well as lack of security headers, suggests room for improvement in compliance and security posture. The WHOIS data is privacy protected or unavailable, which is typical for small businesses but slightly reduces trustworthiness. Overall, the website is professional and functional but would benefit from enhanced security and privacy transparency to improve user trust and compliance.

H

Hagstofa Íslands

hagstofa.is

58

Hagstofa Íslands is the official national statistical institute of Iceland, providing comprehensive statistical data and services related to population, society, economy, environment, and more. The website serves a broad audience including researchers, government entities, and the general public, offering open data access and custom statistical services. The domain is well-established since 1998, reflecting a stable government entity with a strong market position as Iceland's authoritative statistics provider. Technically, the website employs modern web technologies including jQuery, Matomo analytics for privacy-conscious tracking, and embedded interactive charts via Datawrapper. Hosting is managed by a local Icelandic provider, 1984 Hosting, with a moderate performance profile and good mobile optimization. Security posture is generally good with HTTPS enforced and no exposed sensitive data, though improvements are recommended such as enabling DNSSEC and implementing security headers. Privacy compliance is partially met with a clear privacy policy and GDPR adherence, but lacks a cookie consent mechanism. Overall, the website is professional, trustworthy, and serves its public mission effectively.

D

Digital Freedom Foundation

documentfreedom.org

49

The Digital Freedom Foundation is a non-profit organization dedicated to promoting digital freedoms through global events such as Software Freedom Day, Hardware Freedom Day, and Document Freedom Day. Their website serves as a hub for event information, resources, and advocacy for open standards and user control over digital data. The organization targets individuals and groups interested in open source, open standards, and digital rights advocacy worldwide. Technically, the website is built on Joomla CMS with modern frameworks like Bootstrap and uses Matomo for privacy-conscious analytics. The site is mobile-optimized and provides multilingual support, reflecting a mature digital presence. Security-wise, the site enforces HTTPS and uses domain transfer protection but lacks DNSSEC and security headers, indicating room for improvement in hardening. Privacy compliance is basic, with cookie consent but no detailed privacy or security policies visible. Overall, the site is professional, trustworthy, and well-aligned with its mission, though it could enhance security and compliance transparency.

H

H2G Internetagentur AG

h2g.ch

46

H2G Internetagentur AG is a Swiss-based web agency located in Aarau, specializing in consulting, design, development, and hosting of websites and web applications. The company targets businesses and institutions seeking innovative and user-centric digital solutions. Their market position is that of a reputable regional agency with a diverse client base, including international companies and local institutions. The website reflects a professional and modern digital presence with clear service offerings and client references. Technically, the website employs modern web technologies including JavaScript, SVG graphics, and Matomo for privacy-conscious analytics. The site is well-optimized for mobile devices and demonstrates good SEO and accessibility practices. Hosting appears to be managed internally or via trusted providers, with HTTPS enforced and minimal tracking. From a security perspective, the site uses HTTPS and respects user privacy by disabling cookies in analytics and honoring Do Not Track signals. However, it lacks some advanced security headers and explicit security or incident response policies. No vulnerabilities or suspicious activities were detected. Overall, the website is trustworthy, professional, and compliant with GDPR requirements. The risk profile is low, with recommendations to enhance security headers and add explicit cookie consent mechanisms to further improve privacy compliance and security posture.

C

Cilvēktiesību gids

cilvektiesibugids.lv

44

The website www.cilvektiesibugids.lv is a Latvian human rights guide providing educational content on various human rights topics and everyday situations. It targets the general public interested in human rights education and operates as a non-profit entity. The platform offers thematic articles, rights information, court practice summaries, and interactive tests in Latvian, Russian, and English. Technically, the site uses modern web technologies including self-hosted Matomo analytics for privacy-conscious tracking, Google Fonts, and cookie consent mechanisms. The design is professional, mobile-optimized, and accessible, with clear navigation and multilingual support. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and published security policies. No vulnerabilities or suspicious content were detected. Overall, the site is trustworthy and serves as a valuable educational resource in the human rights domain.

WBS.LEGAL is a well-established German law firm specializing in media, internet, e-commerce, and related legal fields with over 30 years of experience. The firm operates nationwide with a strong digital presence, offering comprehensive legal services and free initial consultations. Their website reflects a professional and trustworthy brand with extensive content, client testimonials, and active social media engagement. Technically, the site is built on WordPress with modern frameworks and integrates multiple analytics and marketing tools, ensuring good performance and user experience. Security posture is solid with HTTPS and consent management, though explicit security headers could be enhanced. Overall, the domain's WHOIS data is privacy-protected, which is typical for professional legal entities, and no suspicious indicators were found.

Ž

Žmogaus teisių gidas

zmogausteisiugidas.lt

42

Žmogaus teisių gidas is a Lithuanian educational website dedicated to human rights and civic education. It offers thematic articles, tests, court practice summaries, and resources to educate the public on human rights issues. The site targets a general audience interested in learning about human rights in everyday situations. The platform is supported by reputable European and Baltic organizations, indicating a non-profit educational mission. Technically, the website employs modern web technologies including Matomo analytics with privacy-respecting default settings, Google Fonts, and cookie consent mechanisms. The site is mobile optimized and accessible, with a clear navigation structure. Security posture is moderate, with HTTPS enforced but lacking explicit security headers and vulnerability disclosures. WHOIS data for the domain is unavailable, which reduces trustworthiness from a domain registration perspective. Overall, the website is a credible educational resource with room for improvement in privacy policy transparency and security best practices.

A

ATR International AG

dev-atr.de

45

ATR International AG operates as a global trade cooperation platform for leading distributors in the independent automotive aftermarket. Founded in 1967 and headquartered in Denkendorf, Germany, ATR facilitates collaboration among automotive spare parts distributors, manufacturers, suppliers, and independent multi-brand garages. The company focuses on purchasing coordination, digitisation, sustainable aftermarket development, and strategic steering committees, positioning itself as a key player in the automotive aftermarket sector with a strong shareholder base and international presence. The website reflects a professional and consistent brand image with clear communication of business purpose and services.

Børsen is Denmark's leading business newspaper and media outlet, established in 1998, providing comprehensive business news, financial market data, and investor information primarily targeting business professionals and investors. The website demonstrates a mature digital presence with a well-structured, professional design optimized for both desktop and mobile users. The technical infrastructure includes modern JavaScript frameworks, analytics via Matomo, and robust consent management through Didomi and Sleeknote, reflecting a strong commitment to privacy and compliance. Security posture is solid with HTTPS enforced and multiple security headers, though DNSSEC is not enabled. No critical vulnerabilities or blocking mechanisms were detected, indicating reliable accessibility and trustworthiness. Overall, Børsen presents a secure, compliant, and professional online presence consistent with its market position as a leading Danish business media entity.

A

Abion AB

spelpaus.se

10

Spelpaus.se is a Swedish government-backed online service that enables individuals to self-exclude from all licensed gambling operators in Sweden. The service is operated by Abion AB and closely affiliated with Spelinspektionen, the Swedish Gambling Authority. It provides a critical public health function by helping users control gambling addiction through a legally binding exclusion period verified by secure identity methods such as BankID and Freja eID+. The website is professionally designed, mobile-optimized, and offers multilingual support including Swedish, English, and Arabic. It includes educational content about gambling addiction and support for relatives of problem gamblers. Technically, the website uses a modern tech stack including Umbraco CMS, Bootstrap framework, and Matomo analytics for user tracking. The site is served over HTTPS with secure forms implementing anti-forgery tokens, ensuring a strong baseline security posture. However, DNSSEC is not enabled and security headers are not explicitly detected, representing areas for improvement. Privacy compliance is supported by clear GDPR documentation, although no cookie consent mechanism is present despite analytics usage. From a security perspective, the site demonstrates good practices such as secure identity verification and no visible vulnerabilities or exposed sensitive data. The domain registration is consistent and transparent, registered to Abion AB since 2015, aligning with the service's operational timeline. No WAF or blocking mechanisms interfere with content access. Overall, the site is trustworthy, safe, and serves an essential government function with a high level of professionalism. Strategically, the site would benefit from implementing cookie consent, publishing explicit security and incident response policies, enabling DNSSEC, and adding security headers to further enhance trust and compliance. These improvements would strengthen the security posture and privacy compliance, supporting the site's critical role in responsible gambling in Sweden.

Teplo Přerov a.s. is a municipal utility company based in Přerov, Czech Republic, specializing in the production and distribution of heat and hot water for residential and commercial sectors. Founded in 1997 following the transformation of a former municipal housing enterprise, it is fully owned by the Statutory City of Přerov. The company operates with a medium-sized business model focused on local energy supply and related services including maintenance, electrical installations, and limited transport operations. The website reflects a professional municipal service provider with clear business information and contact details. Technically, the website employs a legacy jQuery stack alongside Google reCAPTCHA and Matomo analytics for user tracking and security. The site uses a proprietary CMS system (IPO Redakční systém) and implements a cookie consent mechanism compliant with EU regulations. However, the site shows room for improvement in mobile optimization, accessibility, and modern security practices such as security headers and HTTPS enforcement verification. From a security perspective, the site lacks visible security headers and a published security policy or incident response contacts. The absence of WHOIS data limits domain trust analysis, although the business information and municipal ownership provide strong legitimacy signals. The site does not present any adult or questionable content, targeting a general audience in the local community. Overall, the website is functional and professional but would benefit from enhanced security measures, improved privacy disclosures, and updated technical infrastructure to strengthen trust and compliance.

The website aquaparkplovarnahranice.cz serves as an informational and promotional platform for Plovárna Hranice and highlights eight notable water parks in the Czech Republic. Operated by EKOLTES Hranice, a.s., the site targets families and leisure seekers interested in aquatic recreational facilities. The business operates in the hospitality sector with a focus on swimming and water park services. The website is built on WordPress using the Astra theme and incorporates SEO best practices via the Yoast plugin. Visitor analytics are managed through Matomo, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, but lacks advanced security headers and formal privacy or cookie policies, which are compliance gaps. The absence of WHOIS data reduces transparency and trustworthiness, though the site content and contact information appear legitimate. Overall, the site is functional, user-friendly, and content-rich but would benefit from enhanced privacy compliance and security practices.

L

Lightbulb s.à r.l.

lightbulb.lu

47

Lightbulb s.à r.l. is a Luxembourg-based digital design and software development agency founded in 2013. The company specializes in transforming complex problems into user-friendly software solutions, offering services such as custom development, UX-focused design, and innovative digital solutions. Their client portfolio includes notable organizations, and they maintain an active social media presence to engage with their audience. The website is professionally designed, mobile-optimized, and provides clear navigation and contact information, positioning Lightbulb as a credible and trustworthy service provider in the technology sector. Technically, the website is built on WordPress, leveraging modern JavaScript and CSS technologies, with performance optimized through caching and preload strategies. Hosting is managed via EuroDNS, consistent with the Luxembourg location. The site employs Matomo analytics with a cookie consent mechanism, reflecting a moderate level of digital maturity and privacy awareness. Accessibility and SEO optimizations are well implemented, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and uses cookie consent to comply with GDPR requirements. However, explicit security headers are absent, and no formal privacy policy or security incident response information is published, indicating areas for improvement. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the security posture is good but could be enhanced by adopting additional best practices and transparency measures. The overall risk assessment is low, with the website demonstrating professionalism, legitimacy, and compliance with basic privacy standards. Strategic recommendations include publishing a comprehensive privacy policy, implementing security headers, and providing clear incident response contacts to strengthen trust and compliance.

F

Foire de Metz

foiredemetz.com

61

Foire de Metz is a regional event organizer hosting a prominent fair in Metz, France, providing exhibition spaces and entertainment to a broad public audience. The website is professionally designed using Drupal 10, integrating modern analytics and marketing tools such as Matomo and Google Tag Manager. The site demonstrates good mobile optimization, accessibility, and SEO practices, supporting a positive user experience. Security posture is solid with HTTPS enforcement and standard security headers, although explicit security policies and incident response contacts are not published. The WHOIS data is notably absent or unregistered in the queried database, which raises concerns about domain legitimacy despite the professional appearance and content of the website. Overall, the site is safe, trustworthy, and compliant with GDPR, but the domain registration inconsistency warrants further verification.

F

Foire Internationale de Marseille

foiredemarseille.com

48

Foire Internationale de Marseille is a well-established event organizer hosting the annual international fair in Marseille, France, attracting hundreds of thousands of visitors and numerous exhibitors. The website provides comprehensive information about the event, including themes, schedules, and exhibitor details, targeting a broad audience of visitors and participants. Technically, the site is built on WordPress with a modern tech stack including jQuery, Font Awesome, and Google Fonts, and integrates analytics and consent management tools. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and privacy policies are lacking. The absence of WHOIS data for the domain raises concerns about domain registration transparency, which impacts trustworthiness despite the professional presentation and content quality. Overall, the site is functional, informative, and user-friendly but would benefit from enhanced transparency and compliance documentation.

F

Accueil | Foire St-Etienne

foiredesaintetienne.com

56

The website www.foiredesaintetienne.com represents the Foire de Saint-Etienne, an event held at Parc Expo from September 19 to 29, 2025. The site is built on Drupal 10 and uses modern web technologies including FontAwesome, Leaflet for maps, Slick Carousel for UI elements, and Matomo for analytics. It is targeted primarily at a French-speaking audience interested in attending the event. The website is professionally designed with good mobile optimization and accessibility features, providing a positive user experience. However, the absence of WHOIS data raises concerns about domain legitimacy and ownership transparency. Security posture is moderate with HTTPS enabled and cookie consent implemented, but lacks comprehensive security headers and published security policies. Privacy compliance is basic, with no explicit privacy or terms of service pages found. Overall, the site is functional and informative but would benefit from enhanced transparency and security documentation.

F

Foire de Savoie

foiredesavoie.com

61

Foire de Savoie is a well-established regional event organizer hosting the 97th edition of a family-friendly fair in Chambéry, France. The website presents a professional and content-rich platform showcasing event details, exhibitors, programs, and promotions. The digital infrastructure is based on WordPress CMS with modern SEO and analytics tools, including Google Analytics and Matomo, and a GDPR-compliant cookie consent mechanism. Security posture is good with HTTPS enabled, though some security headers could be improved. The absence of WHOIS data slightly reduces domain trust but does not detract from the overall professionalism of the site. Contact is primarily via a contact form, with no direct emails or phone numbers publicly listed. Social media presence is strong, supporting community engagement and event promotion.

F

Accueil | Foire Européenne de Strasbourg

foireurop.com

59

The website www.foireurop.com represents the Foire Européenne de Strasbourg, a European fair event held in Strasbourg, France. The site provides information about the event, targeting visitors and exhibitors interested in attending. The business model revolves around event organization and promotion, catering primarily to the general public and regional visitors. The website is built on Drupal 10, leveraging modern web technologies such as FontAwesome, Leaflet.js for maps, and Slick Carousel for UI components. Analytics are handled via Matomo and Google Tag Manager, with cookie consent managed through tarteaucitron.io, indicating some level of GDPR compliance awareness. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks visible security headers and explicit privacy or terms of service pages in the provided content. No contact information or incident response channels are clearly presented, which may hinder user trust and compliance. The WHOIS data is unavailable, raising concerns about domain registration legitimacy and reducing overall trustworthiness. No WAF or blocking mechanisms were detected, and the site content is accessible and safe for general audiences. Overall, the website demonstrates moderate digital maturity with good technical implementation and content quality but requires improvements in transparency, security best practices, and business credibility to enhance trust and compliance. Strategic recommendations include publishing clear privacy and terms policies, adding contact and security incident information, and improving security headers and monitoring of third-party scripts.

M

Mégacité Amiens

megacite.fr

57

Mégacité Amiens is a regional event venue in France specializing in exhibitions, congresses, and various events. The website presents a professional image with clear branding and relevant content targeting event organizers and attendees. The business model revolves around venue rental and event hosting services, positioning itself as an important player in the hospitality sector within the Amiens region. The site is built on Drupal 10 and incorporates modern web technologies and analytics tools such as Google Tag Manager and Matomo, indicating a moderate level of digital maturity. Privacy compliance is addressed through cookie consent mechanisms and a privacy policy, reflecting awareness of GDPR requirements. Security posture is generally good with HTTPS enforced and some security best practices observed, though explicit security headers and incident response information are lacking. The absence of WHOIS data limits the ability to fully verify domain legitimacy, but the website content and technical setup suggest a legitimate and trustworthy business. Overall, the site scores well in content quality, technical implementation, and privacy compliance, with room for improvement in security transparency and contact information availability.

F

Foire de Toulouse

foiredetoulouse.com

60

Foire de Toulouse is a regional event organizer focused on the International Fair of Toulouse, providing event information and services to visitors and exhibitors. The website is built on Drupal 10 and integrates modern web technologies such as Matomo analytics, Google Tag Manager, and accessibility tools, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS implied and cookie consent implemented, but lacks visible security headers and formal privacy or incident response policies. The absence of WHOIS registration data raises concerns about domain legitimacy, though the website content and branding appear professional and consistent with a legitimate event. Strategic improvements in security headers, privacy disclosures, and domain registration transparency are recommended to enhance trust and compliance.

F

Foire de Lyon 2026 - du 20 au 30 mars - Lyon Eurexpo

foiredelyon.com

61

Foire de Lyon is a regional event organizer hosting a major fair in Lyon, France, scheduled for March 20-30, 2026. The website provides comprehensive information about the event, including exhibitor details, visitor guides, and partner information. The digital infrastructure is built on Drupal 10 with integrations for video content, analytics, and cookie consent management, reflecting a modern and mature web presence. Security posture is generally good with HTTPS enforced and privacy compliance mechanisms in place, though some improvements in security headers and incident response transparency are recommended. The absence of WHOIS data introduces some uncertainty about domain legitimacy, but the professional content and strong social media presence support trustworthiness. Overall, the site is well-positioned to serve its audience effectively with moderate risk factors to monitor.

E

Exponantes

foiredenantes.fr

48

Foire de Nantes is a well-established regional event organizer based in Nantes, France, specializing in hosting a large annual fair that combines shopping, leisure, and cultural discovery. The event targets families and general visitors interested in home improvement, well-being, and gastronomy. The website reflects a professional and consistent brand presence with clear event information and partner endorsements. Technically, the website uses a custom CMS likely built on Ruby on Rails, incorporating modern JavaScript libraries such as jQuery, Modernizr, and Matomo for analytics. The site is mobile-optimized and includes GDPR-compliant cookie consent mechanisms, indicating a mature digital infrastructure. However, some security best practices like HTTP security headers are not visibly implemented. From a security perspective, the site shows good practices such as CSRF protection and cookie consent but lacks explicit security policy documentation and incident response contacts. The absence of WHOIS data for the domain is a concern that slightly reduces trustworthiness, though the professional site and event legitimacy mitigate this risk. Overall, the website is a credible and professional platform for the Foire de Nantes event, with moderate technical and security maturity. Strategic improvements in security headers, WHOIS transparency, and incident response readiness are recommended to enhance trust and compliance.

F

Page d'accueil | Foire Orléans

foirexpo-orleans.fr

58

The website www.foirexpo-orleans.fr represents an event or expo based in Orléans, France, likely targeting a general audience interested in local exhibitions or fairs. The site is built on Drupal 10, indicating a modern CMS infrastructure, and integrates common web technologies such as FontAwesome for icons, YouTube iframe API for video content, Matomo for analytics, and Google Tag Manager for marketing tags. The presence of a cookie consent mechanism via Tarteaucitron shows some attention to privacy compliance, although no explicit privacy or terms of service pages were detected. Security posture is moderate but lacks visible security headers and detailed policies, and WHOIS data is unavailable, limiting domain legitimacy verification. Overall, the site is functional and accessible but would benefit from enhanced transparency and security practices.

F

Foire de Grenoble

foiredegrenoble.com

44

Foire de Grenoble is a well-established event organizer hosting a major regional fair in Grenoble, France, with a focus on vintage themes for the 2025 edition. The website serves as an information and engagement platform for visitors and exhibitors, offering event details, exhibitor listings, and ticketing links. The business holds a strong regional market position as a key cultural and commercial event. Technically, the site is built on WordPress with Elementor and Yoast SEO, integrating Google Analytics and Matomo for visitor tracking, and implements a comprehensive cookie consent mechanism. Security posture is good with HTTPS and cookie compliance, though some security headers could be improved. No privacy policy or terms of service pages were detected, which is a compliance gap. Overall, the site is professional, user-friendly, and trustworthy, with active social media presence and consistent branding.

E

Enasis

lmsenasis.com

42

Enasis is a French digital learning platform dedicated to fire and rescue services, providing an educational environment tailored to emergency service personnel. The platform is built on Moodle and offers training resources and consortium collaboration tools. The website is professionally designed with consistent branding and targets a specialized audience within the public safety sector. Technically, the site uses a modern tech stack including Moodle, YUI, jQuery, and Matomo analytics, hosted by OVH, a reputable provider. Performance and mobile optimization are adequate, though accessibility could be improved. Security posture is solid with HTTPS and cookie consent implemented, but lacks advanced security headers and published security policies. Privacy compliance is good, with GDPR-aligned policies and cookie mechanisms in place. Overall, the site is trustworthy and well-maintained, with no signs of malicious content or vulnerabilities.