Security Directory

A

Allgemeine Unfallversicherungsanstalt (AUVA)

auva.at

67

The Allgemeine Unfallversicherungsanstalt (AUVA) is a key Austrian government institution providing accident insurance, prevention, treatment, rehabilitation, and financial compensation services. The website serves as the official portal for AUVA, targeting Austrian residents and workers who require accident-related social insurance services. The site is professionally designed, primarily in German, and uses modern web technologies including Vue.js and the Umbraco CMS platform. It demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, though explicit security policies and incident response contacts are not found in the provided content. WHOIS data confirms the domain's legitimacy and consistency with the institution's government affiliation. Overall, the website is trustworthy and serves its public service function effectively.

O

OstWestfalenLippe GmbH

startklar-owl.de

60

OstWestfalenLippe GmbH operates a professional and well-structured website promoting the startklar Businessplan-Wettbewerb, a biennial business plan competition aimed at supporting startups and entrepreneurs in the Ostwestfalen-Lippe region of Germany. The competition offers workshops, mentoring, and prizes to foster innovation and regional economic development. The website is built on TYPO3 CMS, uses Matomo for analytics, and demonstrates good SEO and mobile optimization. Contact information is clearly provided with anti-spam measures. Security posture is adequate with HTTPS and obfuscated emails, though improvements in security headers and cookie consent mechanisms are recommended. The domain WHOIS data aligns with the website's regional and organizational claims, indicating legitimacy and consistency. Overall, the site reflects a credible, government-affiliated entity focused on regional startup support.

A

ARTe Kunstmessen GmbH

arte-kunstmesse.de

59

ARTe Kunstmessen GmbH is a small German company specializing in organizing contemporary and classical modern art fairs across multiple cities in Germany. Their website presents a professional and well-structured platform showcasing upcoming events, galleries, and artists, targeting art collectors and enthusiasts. The business model revolves around event organization and ticket sales, positioning them as a regional leader in art fair hosting. Technically, the website is built on WordPress using the Bricks builder theme, hosted by Raidboxes, and employs modern web technologies with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enforced but lacks advanced security headers and cookie consent mechanisms, indicating room for improvement in GDPR compliance and security best practices. Overall, the domain registration and hosting details align well with the business claims, supporting legitimacy and trustworthiness.

T

Turn10

turn10.at

49

Turn10 is a specialized platform dedicated to apparatus gymnastics (Gerätturnen) primarily serving clubs and schools in Austria and Germany. The website provides news, training programs, event schedules, results, and contact information, positioning itself as a key resource within the regional gymnastics community. It maintains partnerships with several recognized sports organizations, enhancing its credibility and reach. The business model appears to be non-profit or association-based, focusing on education and community support rather than commercial sales, although a shop is available for gymnastics-related products. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with some use of external libraries such as iframe-resizer. The site is mobile-optimized and offers a clear navigation structure. Performance is moderate with no major technical issues detected. The absence of heavy analytics or tracking scripts suggests a privacy-conscious approach. However, no CMS or hosting provider details are evident from the content. From a security perspective, the site uses HTTPS and implements a cookie consent banner, indicating GDPR awareness. No advanced security headers or explicit security policies were found, and no incident response contacts are provided. The lack of visible vulnerabilities or exposed sensitive data is positive, but security posture could be improved by adding security headers and formal policies. Overall, the website is trustworthy and professional, with a high degree of content relevance and user experience quality. The lack of WHOIS data due to EURid privacy restrictions limits domain age and registrant verification, but the alignment of domain and content with known gymnastics organizations supports legitimacy. Strategic recommendations include enhancing security headers, publishing incident response information, and adding terms of service for legal completeness.

O

Ombud-PostCom

ombud-postcom.ch

64

Ombud-PostCom is a neutral arbitration service operating under the Swiss Federal Post Commission (PostCom) to resolve civil disputes related to postal services in Switzerland. The website serves as an official platform providing information, dispute submission forms, and annual reports in multiple languages (German, French, Italian, English), targeting both private and business customers within Switzerland. The business model is non-profit and government-affiliated, focusing on avoiding costly and lengthy court proceedings through mediation.

DIABASS PRO 6 is a mature, GDPR-compliant diabetes data management software solution targeting medical practices and clinics primarily in Europe. The product emphasizes local data storage to ensure patient privacy and avoid cloud-related risks. The company mediaspects GmbH operates the website and provides comprehensive support and integration options, including telemedicine and AI-assisted data analysis. The website is professionally designed with detailed product information and device compatibility lists, supporting multiple languages and offering a free trial license. Technically, the site uses standard web technologies with moderate performance and good mobile optimization. Security practices focus on data privacy and encrypted telemedicine data transfer, though some modern security headers and cookie consent mechanisms are missing. The domain registration is consistent with the business claims, showing a long-standing presence in the healthcare software market. Overall, the website and business present a trustworthy and professional image with strong compliance to GDPR and data protection standards.

C

CMSimple

cmsimple.org

44

CMSimple.org is the official website for CMSimple, an open source PHP-based content management system that uniquely operates without requiring a database. Founded in 2004 and based in Germany, CMSimple targets users seeking a lightweight, provider-independent CMS solution. The website offers extensive documentation, plugins, templates, and community support, positioning itself as a niche player in the CMS market. The business model revolves around open source distribution supplemented by partner services and sponsorships. Technically, the site uses PHP, JavaScript, and CSS with a focus on simplicity and responsiveness. The site is well-structured, mobile-optimized, and SEO-friendly, though it lacks some advanced accessibility features.

The website familiennamenbuch.ch is an academic and historical resource operated by the Stiftung Historisches Lexikon der Schweiz (HLS). It provides a searchable online database of Swiss family names and citizenship data from 1962, serving genealogists, historians, and researchers interested in Swiss heritage. The site is positioned as a trusted, authoritative reference with a non-commercial, educational mission. Technically, the site uses standard HTML, CSS, and JavaScript with Matomo analytics for visitor tracking. The design is basic but functional, with multilingual support and clear navigation. Security posture is moderate with HTTPS usage but lacks visible security headers and formal privacy or cookie policies. No incident response or vulnerability disclosure information is published. Overall, the site is safe, trustworthy, and well-aligned with its academic purpose, though improvements in privacy compliance and security best practices are recommended.

The website e-lir.ch serves as an online historical lexicon focused on the Romansh-speaking region and the history of Graubünden, Switzerland. It provides access to approximately 3200 articles including biographies, geographic, thematic, and family history entries. The project is editorially completed as of 2012 and is linked to the official Swiss historical lexicon project (HLS/DHS). The target audience includes researchers, historians, and cultural enthusiasts interested in regional history and languages. The business model is non-commercial, likely supported by cultural or governmental institutions. Technically, the website is built with basic HTML, CSS, and JavaScript without modern CMS or frameworks. The site shows moderate performance but lacks mobile optimization and advanced accessibility features. SEO is basic with meta tags present but no structured data or Open Graph tags detected. No analytics or tracking technologies are used, indicating a privacy-respecting approach. From a security perspective, the site lacks visible security headers and explicit HTTPS confirmation in the content. Forms have basic JavaScript validation but no advanced security measures like CSRF tokens. No privacy or cookie policies are present, which is a compliance gap. Contact information is clearly provided, enhancing trust. No WAF or blocking mechanisms were detected, and the site content is fully accessible. Overall, the website is a trustworthy, niche cultural resource with good business credibility but basic technical and security implementations. Strategic improvements in security headers, HTTPS verification, and privacy compliance would enhance its posture and user trust.

S

Schwabe

schwabe.ch

61

Schwabe is an established Swiss academic publisher specializing in humanities and social sciences, offering a broad range of scholarly books, e-books, journals, and databases. The website targets academics, researchers, libraries, and authors, providing a professional platform for content discovery and purchase. The business model centers on publishing and distributing academic content with a focus on quality and scholarly relevance. The company maintains a consistent brand presence and good content quality, positioning itself as a reputable player in its niche market. Technically, the website employs modern web technologies including Google Analytics, Google Tag Manager, and Algolia Search integrated within a Shopware CMS platform. The site is mobile-optimized with good SEO and basic accessibility features. Performance is moderate, with room for improvement in accessibility and loading speed. Privacy considerations are evident through cookie consent mechanisms and IP anonymization in analytics. From a security perspective, the site enforces HTTPS and includes standard security headers, reflecting a good security posture. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. No critical vulnerabilities or exposed sensitive data were detected. Overall, Schwabe's website is professional, secure, and compliant with GDPR principles, though it could benefit from publishing more comprehensive security and legal policies. The risk level is low, with strategic recommendations focusing on improving transparency and accessibility to further strengthen user trust and regulatory compliance.

O

OstWestfalenLippe GmbH

ostwestfalenlippe.de

58

OstWestfalenLippe GmbH is a regional development agency focused on promoting the OstWestfalenLippe region in North Rhine-Westphalia, Germany. The company supports sustainable transformation, workforce development, regional marketing, and innovation through various projects and events. The website is professionally designed, content-rich, and targets stakeholders including businesses, academia, government, and citizens of the region. Technically, the site uses TYPO3 CMS and Matomo analytics, indicating a modern and privacy-aware infrastructure. Security posture is good with HTTPS and spam-protected emails, though additional security headers and explicit policies could improve it. Overall, the website is trustworthy, well-maintained, and compliant with GDPR, though it lacks a cookie consent mechanism. Strategic recommendations include enhancing security headers, publishing security policies, and implementing cookie consent to improve compliance and trust.

S

SWB Regional

swb-regional.de

63

SWB Regional is a regional public utility company specializing in modern and environmentally friendly drinking water supply services within the Eifel-Ahr region of Germany. It operates as part of the Stadtwerke Bonn group, serving approximately 30,000 customers and supporting local municipalities. The website provides comprehensive online customer services including contract management and information dissemination, targeting residential and commercial customers in the region. The company maintains a solid market position as a trusted regional utility provider with strong group affiliation.

Z

Z-AG Engineering

z-ag.ch

71

Z-AG Engineering, represented by Oeschgen AG, specializes in thermal process engineering with a focus on steam systems including planning, construction, and service of steam plants and boilers. The company targets industrial clients requiring expert solutions in energy and steam generation. The website is professionally designed, multilingual, and employs modern web technologies such as service workers and cookie consent mechanisms, reflecting a moderate to advanced digital maturity. Security posture is strong with HTTPS, security headers, and privacy compliance via Cookiebot. However, the absence of explicit security policies, incident response contacts, and terms of service pages suggests areas for improvement. Overall, the website presents a trustworthy and professional image with a low risk profile.

M

Just a moment...

madeindesign.de

52

The website www.madeindesign.de is currently inaccessible due to a Cloudflare security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content, metadata, or business information. As a result, no direct insights into the company's business model, services, or contact details can be derived from the provided HTML content. The site appears to be protected by Cloudflare's security infrastructure, indicating an intent to mitigate automated threats or abuse. However, this also limits the ability to perform a full security and compliance analysis. The domain WHOIS data shows privacy protection and Cloudflare name servers, which is common for legitimate businesses but reduces transparency. Overall, the website's digital presence is currently blocked, resulting in a low AI score and limited visibility into its operations or security posture.

S

Stadtwerke Bonn

bewerbung-fahrdienst-swb.de

59

The website bewerbung-fahrdienst-swb.de serves as a recruitment portal for SWB Bus und Bahn, a subsidiary of Stadtwerke Bonn, focusing on hiring bus and tram drivers in the Bonn region. The company operates a large public transportation network with extensive services and a significant workforce. The site provides detailed information about the business, job requirements, and links to application portals, reflecting a well-established municipal transport operator. Technically, the site uses standard web technologies with external font hosting and JavaScript for UI and cookie management. The site is mobile-optimized and presents a professional user experience with clear navigation and consistent branding. Security posture is adequate with HTTPS and cookie consent mechanisms, though it lacks explicit security headers and published security policies. No vulnerabilities or tracking scripts were detected in the provided content. Overall, the domain registration and website content align well, indicating a legitimate and trustworthy entity. Strategic improvements could focus on enhancing security headers, publishing incident response information, and adding vulnerability disclosure mechanisms.

I

IHK Frankfurt am Main

startup-pilot.online

74

IHK Frankfurt am Main operates as a regional chamber of commerce and industry, providing a comprehensive platform called Startup-Pilot FrankfurtRheinMain that aggregates over 300 regional support offerings for startups. These include networking opportunities, financing, talent activation, accelerator programs, incubators, and competitions, targeting startups and innovation-driven enterprises in the FrankfurtRheinMain region. The website serves as a key resource for startups, investors, and academic institutions, positioning IHK Frankfurt am Main as a central facilitator in the regional startup ecosystem. Technically, the website is built on the CoreMedia CMS platform, utilizing modern web technologies including JavaScript, CSS, and HTML5. It integrates third-party services such as eTracker for analytics, Userlike for chat support, and CCM19 for cookie consent management, reflecting a mature digital infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, ensuring a positive user experience across devices. From a security perspective, the site enforces HTTPS, employs cookie consent mechanisms with granular user control, and uses secure forms with CSRF tokens. While explicit security policies and incident response information are not published, no vulnerabilities or exposed sensitive data were detected. The domain and WHOIS data align with the official branding and regional chamber identity, supporting legitimacy and trustworthiness. Overall, the website presents a professional, secure, and privacy-compliant digital presence that effectively supports its business mission. Strategic improvements could include publishing detailed security policies, incident response contacts, and vulnerability disclosure information to enhance transparency and trust further.

M

Mittner & Partner

mittner-partner.ch

47

Mittner & Partner is a well-established Swiss financial services firm specializing in fiduciary services, auditing, tax consulting, and business advisory primarily serving clients in Chur, Zurich, the Eastern Switzerland region, and Liechtenstein. With over 30 years of experience, the company positions itself as a trusted partner for both corporate and private clients, emphasizing professional and competent service delivery. The website reflects a focused business model with clear service offerings and regional expertise, supported by memberships in relevant professional associations.

S

Spezial Tourenwagen Trophy

spezial-tourenwagen-trophy.de

55

Spezial Tourenwagen Trophy (STT) is a well-established German motorsport racing series founded in 1986, catering to both professional and amateur racing drivers. The website serves as a central hub for news, event schedules, race results, and media galleries related to the racing series. It maintains a professional and consistent brand presence with a focus on delivering relevant content to motorsport enthusiasts. Technically, the site employs modern web technologies including HTTPS, JavaScript, and cookie consent management tools, hosted on resellerinterface.de infrastructure. The site demonstrates good digital maturity with moderate performance and mobile optimization. Security-wise, the website enforces HTTPS and includes a comprehensive cookie consent mechanism, but lacks some advanced security headers and formal security policies. Privacy compliance is strong with GDPR-aligned cookie management and a detailed privacy policy. Overall, the site is trustworthy, professionally maintained, and serves its niche audience effectively.

The website www.hotel-in-gstaad.com serves as a regional hospitality and tourism platform focused on the Gstaad area in Switzerland. It provides hotel booking services, restaurant listings, event information, and sightseeing guides tailored to tourists and travelers seeking accommodation and leisure activities in the Swiss Alps. The business model centers on facilitating bookings and promoting regional tourism, positioning itself as a specialized local service provider. The website content is professionally presented with good design quality, clear navigation, and relevant information for its target audience. Technically, the site is built on the MASCH CM Studio CMS platform, utilizing standard web technologies such as JavaScript, CSS, and jQuery UI components. While the site is moderately optimized for performance and mobile use, there is room for improvement in accessibility and mobile responsiveness. The presence of a TripAdvisor conversion pixel indicates integration with third-party marketing tools, but no extensive analytics or tracking services are detected. From a security perspective, the website enforces HTTPS and implements a cookie consent banner compliant with GDPR. However, no explicit security headers are detected in the HTML source, and no dedicated security or incident response policies are published. The absence of WHOIS registration data for the domain is a notable concern, as it reduces transparency and trust in domain ownership. Despite this, the website itself appears legitimate and professional, with no signs of malicious activity or vulnerabilities visible in the content. Overall, the site demonstrates a solid foundation for a regional hospitality platform but would benefit from enhanced security practices, improved domain registration transparency, and clearer contact information to strengthen trust and compliance.

R

Rheinischer Sparkassen- und Giroverband

rsgv.de

48

The Rheinischer Sparkassen- und Giroverband (RSGV) is a regional financial association based in Düsseldorf, Germany, representing 27 Sparkassen in the Rheinland region. It provides advisory services and represents the interests of its member savings banks, aligning with the Deutscher Sparkassen- und Giroverband. The website reflects a professional and consistent brand image, targeting financial institutions and the public. The business model focuses on regional financial collaboration and policy coordination. Technically, the site is built on TYPO3 CMS, uses Matomo for analytics, and implements a cookie consent mechanism compliant with GDPR. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is solid with HTTPS enforced and no exposed sensitive data, though explicit security policies and incident response contacts are absent. WHOIS data confirms domain legitimacy and consistency with the organization's claims. Overall, the site is trustworthy and well-maintained, supporting the organization's credibility and digital presence.

T

Turn10

turn10.eu

49

Turn10 is a specialized platform dedicated to apparatus gymnastics (Gerätturnen) targeting clubs, schools, trainers, and gymnastics associations primarily in Austria and Germany. The website provides news, training programs, event schedules, results, and an online shop, positioning itself as a niche regional sports information hub. The presence of partner logos from recognized sports organizations enhances its credibility and trustworthiness. Technically, the website employs standard web technologies including HTML5, CSS, and JavaScript, with some use of external libraries such as iframe-resizer. The site is mobile-optimized with good navigation and SEO practices, though no CMS or hosting provider details are evident. Performance is moderate with no major technical issues detected. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism indicating GDPR compliance. However, it lacks explicit security headers and published security or incident response policies. No vulnerabilities or tracking analytics were detected, suggesting a low-risk profile but with room for improvement in security best practices. Overall, the website is professionally maintained, trustworthy, and compliant with privacy regulations. The absence of WHOIS data due to privacy restrictions limits domain registration insights but does not detract from the site's legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and considering a vulnerability disclosure program to further strengthen trust and security posture.

D

Deutscher Turner-Bund e.V.

frankfurt26.de

45

The website frankfurt26.de serves as the official digital platform for the 2026 Rhythmic Gymnastics World Championships hosted in Frankfurt, Germany. It is operated by Deutscher Turner-Bund e.V., the German Gymnastics Federation, and provides comprehensive event information, ticket sales links, volunteer recruitment, and social media engagement. The site targets sports fans, athletes, volunteers, and ticket buyers, positioning itself as a central hub for this major international sporting event. The business model revolves around event promotion and community engagement rather than direct sales or e-commerce.

D

DTB-Shop

dtb-shop.de

62

DTB-Shop is a professional e-commerce platform serving as the official online store for the Deutscher Turner-Bund, offering gymnastics apparel, accessories, and exercise materials primarily targeting gymnastics enthusiasts in Germany. The website leverages the Shopify platform with a modern Dawn theme, ensuring a fast, mobile-optimized, and accessible user experience. The presence of privacy and cookie policies with consent mechanisms demonstrates compliance with GDPR requirements. Security posture is strong with HTTPS enforced and appropriate security headers, although explicit security policies and incident response contacts are absent. Overall, the site presents a trustworthy and professional digital storefront with strong branding and social media integration.

K

Kneipp-Bund e.V.

kneippvisite.de

38

Kneipp-Visite is the official health guidance platform of the Kneipp-Bund e.V., a well-established German non-profit association representing over 660 Kneipp clubs and 160,000 members. The website serves as a comprehensive health advisor focusing on natural therapies based on the Kneipp principles, including water therapy, nutrition, movement, plants, and lifestyle. It supports affiliated organizations such as Kneipp-Verlag and Sebastian-Kneipp-Akademie, offering educational and publishing services. The target audience includes individuals interested in natural health and wellness, particularly within Germany.

K

Kneipp-Verlag GmbH

kneippverlag.de

45

Kneipp-Verlag GmbH is a specialized publishing company focused on health and natural healing methods, particularly those related to the Kneipp tradition. Established in 1975 as part of the Kneipp-Bund, it publishes the Kneipp-Journal, various Fachbücher, and operates an online shop offering health products. The company targets Kneipp association members and health-conscious individuals, positioning itself as a niche publisher and retailer within Germany. The website is professionally designed, content-rich, and consistent with the company's branding and mission. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies with good mobile optimization and SEO practices. The site is served over HTTPS with a cookie consent mechanism in place, indicating a good level of digital maturity. However, some security headers are missing, and no explicit security or incident response policies are published, which could be improved. From a security perspective, the site shows no signs of vulnerabilities or malicious content. Privacy compliance is strong with clear privacy and cookie policies aligned with GDPR. Contact information is complete and transparent, enhancing trustworthiness. Overall, the site presents a low-risk profile with room for security policy enhancements. Strategically, the company should focus on implementing security headers, publishing a security policy, and possibly a vulnerability disclosure program to further strengthen its security posture and trust with users.

B

BTFB Sport Events GmbH

btfb-services.berlin

50

BTFB Sport Events GmbH operates a niche sports event and service platform primarily serving the Berlin region. The company focuses on marketing and distributing BTFB activities, managing events such as FEUERWERK DER TURNKUNST and NIGHT OF SPORTS, and supporting brand development within DTB brands. Their business model includes ticket sales, rental services, and a specialized shop for sports and club merchandise. The website is built on the SIQUANDO Shop 12 CMS and uses standard web technologies like jQuery and JavaScript. While the site is accessible and provides a good user experience with clear navigation and relevant content, it lacks advanced technical SEO and accessibility features. Security posture is basic with HTTPS enabled but missing DNSSEC and security headers, which should be addressed to improve resilience. Privacy compliance is partially met with cookie consent but lacks detailed GDPR indicators and contact information. Overall, the site is functional and trustworthy but would benefit from enhanced security and compliance measures.

C

Culturescapes

culturescapes.ch

10

Culturescapes is a Swiss-based cultural festival and platform dedicated to international cultural exchange, with a focus on thematic editions such as Sahara 2025 that explore North African culture and its political ties with Switzerland. The website offers a rich array of content including event programs, magazines, books, and archives, targeting cultural enthusiasts, academics, and the general public interested in intercultural dialogue. The business operates primarily as a non-profit cultural organization, leveraging events and publications to engage its audience. Technically, the website employs modern web technologies including Vue.js, ES modules, and Swiper.js for interactive content presentation. It integrates Mailchimp for newsletter subscriptions and maintains a responsive design optimized for mobile devices. While the site performs moderately well, there is room for improvement in accessibility and SEO optimization. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism, but lacks explicit security headers and publicly available security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic, with a privacy policy and cookie banner present but no terms of service or vulnerability disclosure policy. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements in security policies, contact transparency, and compliance documentation would enhance its security posture and user trust.

i-Run is a well-established French e-commerce retailer specializing in sports shoes, apparel, and equipment for running, trail, hiking, and fitness. The website targets French-speaking sports enthusiasts and offers a wide range of products from major brands with fast delivery options. The digital infrastructure incorporates modern web technologies, including JavaScript frameworks, consent management via Didomi, and analytics tools such as Realytics and Ab Tasty, indicating a mature digital presence. Security posture is strong with HTTPS enforced and multiple security headers present, though the absence of a public security policy and incident response contacts suggests room for improvement in transparency. Privacy compliance is robust with clear cookie consent mechanisms and a comprehensive privacy policy in French. Overall, the website presents a professional, trustworthy, and user-friendly experience with no signs of malicious activity or content blocking.

M

Museum Allschwil – Haus für Kultur und Geschichte

museumallschwil.ch

61

Museum Allschwil is a local cultural and historical institution based in Allschwil, Switzerland, dedicated to preserving and showcasing regional culture and history. The website serves as an informational portal for visitors, providing details about the museum and its offerings. The business model is typical for a small museum, focusing on exhibitions and cultural education for the general public. The website is built on the Wix platform, leveraging Wix's Thunderbolt framework and standard web technologies such as HTML5, CSS, and JavaScript. It includes multilingual support and basic SEO metadata but lacks comprehensive privacy and terms of service documentation. Security measures include HTTPS enforcement and cookie consent mechanisms, with some security hardening scripts in place. However, there is no visible incident response or vulnerability disclosure information, which could be improved to enhance trust and compliance. Overall, the website is professionally designed and functional, suitable for its purpose but with room for improvement in privacy and security transparency.

P

Paul Mellon Centre for Studies in British Art

richardwilsononline.ac.uk

65

Richard Wilson Online is a scholarly digital catalogue raisonné dedicated to the works of the 18th-century British landscape artist Richard Wilson. Funded by the Paul Mellon Centre for Studies in British Art, the site serves as an evolving research tool for academics, collectors, and the public interested in British art history. The platform offers comprehensive access to paintings, drawings, prints, biographies, exhibitions, and bibliographical resources, supported by advanced search and interactive features. The project is non-commercial and positioned as a specialized educational resource with strong academic credibility. Technically, the website employs modern web technologies including ES modules and CSS with a custom CMS solution developed by iBase Ltd. The site is mobile optimized, accessible, and performs moderately well. It uses Google Tag Manager for analytics and implements GDPR-compliant privacy and cookie policies with user consent mechanisms. However, no explicit security policies or vulnerability disclosures are published. From a security perspective, the site enforces HTTPS and uses secure login forms. While no security headers were detected in the HTML content, no vulnerabilities or exposed sensitive data were found. The lack of WHOIS data due to privacy protection is typical for academic projects and does not detract from the site's legitimacy. Overall, the site demonstrates a good security posture but could improve by adding explicit security policies and headers. The overall risk assessment is low given the academic nature, absence of suspicious content, and professional presentation. Strategic recommendations include enhancing security headers, publishing incident response contacts, and adding vulnerability disclosure information to further strengthen trust and compliance.

E

e-pixler GmbH

patientenberatung-der-zahnaerzte.de

44

The website 'Zahnärztliche Patientenberatung' provides a comprehensive, nationwide, and free dental patient advisory service in Germany. It is operated by the (Landes-)Zahnärztekammern and Kassenzahnärztlichen Vereinigungen, offering expert, independent advice on dental health, treatments, and costs to both statutory and private insured patients. The site is professionally designed and well-structured, targeting patients and their families with clear navigation and relevant content. It also links to authoritative health organizations and provides video resources to enhance user understanding. Technically, the website is built on TYPO3 CMS, hosted on sldomains.de nameservers, and uses modern web technologies including JavaScript and CSS. The site is mobile-optimized and performs moderately well, with good SEO practices and accessibility features. No blocking or WAF mechanisms interfere with content access, ensuring full availability. From a security perspective, the site uses HTTPS with excellent SSL configuration but lacks explicit security headers and incident response contact information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is adequate with a clear privacy policy, though no cookie consent mechanism was found. Contact information is present but limited, and no social media or tracking scripts are used, indicating minimal user tracking. Overall, the website is trustworthy, professional, and serves an important public health function. Strategic improvements include implementing cookie consent, adding security headers, and publishing incident response details to enhance security posture and compliance.

CIRS dent operates as a specialized error reporting and learning platform targeted at dental practices in Germany. The website provides anonymous and sanction-free reporting of undesired events in dental practice workflows, aiming to improve patient safety and professional learning. The project is supported by reputable German dental organizations BZÄK and KZBV and collaborates with medical experts, enhancing its credibility and niche market position. The platform offers services such as report creation, database search, publications, and user feedback mechanisms, positioning itself as a valuable resource in healthcare quality management for dentists. Technically, the website employs a traditional web stack with jQuery and Matomo analytics, hosted on German infrastructure (netcologne.de). The site is mobile-optimized with clear navigation and a cookie consent mechanism, reflecting moderate digital maturity. Security posture is adequate but could be improved by implementing security headers and explicit incident response policies. Privacy compliance is basic but present, with a GDPR-compliant privacy policy and cookie banner. Overall, the website is professional, trustworthy, and aligned with its healthcare mission.

T

Timber Construction Europe

timber-construction.eu

43

Timber Construction Europe is a well-established European umbrella association representing the carpentry and timber construction trades across multiple countries including Germany, Italy, Luxembourg, Switzerland, and Austria. The organization focuses on networking, education, advocacy, and promoting sustainable timber construction practices. The website is professionally designed using TYPO3 CMS, providing multilingual content primarily in German with English and French options. It offers clear navigation, relevant industry information, and educational resources, targeting professionals and organizations in the timber construction sector. Technically, the website employs a modern CMS platform with JavaScript and CSS for interactivity and styling. It uses HTTPS with a valid SSL configuration ensuring secure communications. The presence of a cookie consent banner and privacy policy indicates GDPR compliance. Analytics are implemented via Piwik, reflecting moderate user tracking with privacy considerations. However, no explicit security headers were detected, and no published security or incident response policies were found. From a security perspective, the site shows good baseline practices such as HTTPS enforcement and cookie consent but could improve by implementing additional security headers and publishing incident response information. The WHOIS data is unavailable due to EURid privacy restrictions, but the website content and contact details support legitimacy. Overall, the site presents a trustworthy and professional digital presence for a non-profit industry association. Strategically, the organization should enhance its security posture by adding security headers, publishing security policies, and maintaining transparency about data protection officers and incident response. These steps will strengthen trust and compliance in the evolving regulatory landscape.

Cloudlog.ch provides a basic web portal primarily focused on user login access to Cloudlog services. The website is minimalistic, offering two distinct login options, likely for different user groups or applications. The business appears to be a small technology service provider based in Switzerland, targeting users who require access to Cloudlog's cloud-based services. The site lacks detailed business descriptions, policies, or contact information, limiting the depth of business insights. Technically, the website uses simple HTML and CSS without advanced frameworks or CMS detected. The presence of Matomo analytics indicates some level of user tracking, but no explicit cookie or privacy policies are provided, which is a compliance gap. The site shows basic mobile optimization and accessibility but lacks SEO optimization and security headers, which could impact performance and security. From a security perspective, the site does not show evidence of HTTPS enforcement or security headers, which are critical for protecting user data during login. No incident response or vulnerability disclosure information is available, and no contact channels for security issues are provided. The domain WHOIS data is consistent with the website's Swiss origin and shows no privacy protection, supporting legitimacy. However, the lack of security best practices and compliance documentation suggests a low to moderate security posture. Overall, the website is functional but basic, with significant room for improvement in security, privacy compliance, and business transparency. Strategic enhancements in these areas would improve trustworthiness and user confidence.

T

Togel SDY

dlhpalembang.com

44

The website 'Togel SDY' operates as a niche informational portal providing daily lottery results and historical data for the Togel Sidney (SDY) lottery market, primarily targeting Indonesian lottery players. The business model centers on delivering timely and accessible lottery data to assist bettors in making informed decisions. The site is relatively new, with domain registration in late 2024, and uses Squarespace CMS hosted with Cloudflare DNS services. The technical infrastructure is modern but basic, with moderate performance and mobile optimization. Security posture is adequate with HTTPS and HSTS enabled, but lacks advanced security headers and DNSSEC, and no privacy or cookie policies are published, indicating compliance gaps. The site does not provide contact information or business credentials, which limits trust and credibility. Content is gambling-related, thus age-restricted and considered questionable for general audiences. Overall, the site is functional but requires improvements in privacy compliance, security hardening, and business transparency to enhance trust and regulatory adherence.

D

Live Draw SGP Tercepat Hari Ini – Result Togel Singapore Pools Resmi 2025

dlhhelvetia.com

50

The website dlhhelvetia.com is a small-scale, Indonesia-based informational site focused on providing live draw results and historical data for the Singapore Pools lottery (Togel Singapore) for the year 2025. It targets lottery players and enthusiasts seeking real-time and accurate lottery results. The site is built on the Squarespace platform, leveraging modern web technologies and hosted with Cloudflare DNS services, ensuring basic security and performance standards. However, the site lacks critical privacy and cookie policies, which impacts its compliance posture. Security-wise, HTTPS and HSTS are enabled, but no advanced security policies or incident response information are published. Overall, the site is functional and moderately optimized but requires improvements in privacy compliance and security transparency to enhance trust and regulatory adherence.

S

SED Digital

seddigital.co.uk

60

SED Digital is a UK-based digital agency specializing in web build and development, UI & UX design, and digital marketing services. Founded in 2024, it operates as a division of Steve Edge Design and targets businesses seeking creative and data-driven digital solutions. The company offers a broad range of services including e-commerce, SEO, CRO, paid media, and digital analytics, positioning itself as a comprehensive partner for digital growth across multiple sectors such as real estate, professional services, hospitality, legal, technology, retail, design & architecture, and banking & finance. The website reflects a professional and modern digital presence with excellent design and user experience. Technically, the website is built on a modern stack using Next.js and React, with WordPress likely serving as a headless CMS. It is hosted by Fasthosts Internet Ltd, a reputable provider. The site demonstrates good performance, mobile optimization, and SEO practices. Analytics are implemented via Google Tag Manager, and a cookie consent mechanism is present, indicating attention to privacy compliance. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks explicit security headers and a published security policy or incident response information. No vulnerabilities or exposed sensitive data were detected. The domain registration is recent but consistent with the company's founding date and registrar information, supporting legitimacy. Overall, SED Digital presents a trustworthy and professional digital agency with a strong technical foundation and good privacy practices. Enhancements in security policy transparency and incident response readiness would further strengthen its security posture.

G

GKV-Spitzenverband

gkv-datenaustausch.de

63

The GKV-Datenaustausch website is an official information portal operated by the GKV-Spitzenverband, the central association for statutory health insurance in Germany. It provides comprehensive and up-to-date information on electronic data exchange procedures and technical standards for healthcare providers, employers, and other stakeholders involved in the statutory health insurance system. The portal serves as a trusted resource for technical documentation, procedural guidance, and updates via RSS feeds, positioning itself as a key authoritative source in the healthcare data exchange domain. Technically, the website employs standard web technologies including JavaScript, jQuery, and Matomo analytics hosted on its own domain, reflecting a privacy-conscious approach to user tracking. The site is hosted on servers associated with ITSG, a recognized service provider for statutory health insurance IT services. The site demonstrates moderate performance and basic mobile optimization, with good accessibility and SEO practices. The presence of a cookie consent banner with granular options aligns with GDPR compliance requirements. From a security perspective, the site enforces HTTPS and uses secure cookie attributes, but lacks explicit security headers such as Content-Security-Policy or X-Frame-Options. No vulnerabilities or exposed sensitive data were detected. However, the absence of published security policies or incident response contacts suggests room for improvement in transparency and readiness. Overall, the security posture is solid but could be enhanced with additional best practices. The website is fully accessible without any WAF or blocking mechanisms, and the WHOIS data confirms the domain's legitimacy and consistency with the GKV-Spitzenverband organization. No suspicious patterns or privacy protections obscure the domain registration. The site does not contain any adult or questionable content and is suitable for a general audience. Strategic recommendations include publishing security and incident response policies, improving mobile optimization, and adding advanced security headers to strengthen the security posture further.

G

GKV-Spitzenverband, DVKA

dvka.de

66

The DVKA website represents the Deutsche Verbindungsstelle Krankenversicherung – Ausland, a key department within the GKV-Spitzenverband, Germany's central association for statutory health and nursing care insurance. The site serves as an authoritative portal for international social security coordination, providing comprehensive information and services to insured persons, employers, healthcare providers, and international partners. The content is well-structured, professionally designed, and available primarily in German with English options, targeting a broad audience involved in cross-border social security matters. Technically, the website employs modern web standards with responsive design, accessibility considerations, and uses Matomo analytics hosted on its own domain to ensure privacy compliance. The site enforces HTTPS and implements a clear cookie consent mechanism distinguishing necessary and statistical cookies. However, no explicit security policy or incident response information is published, and security headers beyond HTTPS are not evident. From a security perspective, the site demonstrates good practices such as secure cookie handling and consent management, but could improve by publishing formal security policies and adding security headers. The WHOIS data aligns well with the official German social security infrastructure, reinforcing the site's legitimacy. No suspicious or privacy-protected WHOIS data is present, appropriate for a government entity. Overall, the DVKA website is a trustworthy, professional government resource with strong content quality and privacy compliance. Strategic improvements in security transparency and incident response readiness would further enhance its security posture and user trust.

A

Avoxa - Mediengruppe Deutscher Apotheker GmbH

aponet.de

11

aponet.de is a comprehensive German health portal operated by Avoxa - Mediengruppe Deutscher Apotheker GmbH, serving as the official information platform for pharmacists and health consumers in Germany. The site offers a wide range of health news, pharmacy services, podcasts, and digital health tools, positioning itself as a trusted and authoritative source in the healthcare media sector. The business model centers on content provision supported by advertising and informational services tailored to the healthcare community and general public. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including JavaScript, CSS, and integrated consent management platforms such as Sourcepoint and ContentPass. Hosting is inferred to be with Deutsche Telekom, ensuring reliable infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the website enforces HTTPS, employs GDPR-compliant consent mechanisms, and integrates reputable advertising and tracking services. While explicit security headers are not fully confirmed, the overall posture is strong with no evident vulnerabilities or exposed sensitive data. However, the site could improve by publishing explicit security policies and incident response contacts. Overall, aponet.de presents a low-risk profile with high business credibility, excellent content quality, and solid technical implementation. Strategic recommendations include enhancing security header implementation, publishing vulnerability disclosure information, and expanding transparency around incident response to further strengthen trust and compliance.

K

Kassenärztliche Bundesvereinigung (KBV)

116117-termine.de

34

The website www.116117-termine.de serves as the official appointment booking platform for statutory health insured patients in Germany, operated under the auspices of the Kassenärztliche Bundesvereinigung (KBV). It provides a trusted and user-friendly service for booking, viewing, and canceling medical appointments with general practitioners and specialists. The platform is recognized as a Stiftung Warentest Testsieger in 2021, underscoring its market credibility and user trust. The target audience is primarily German statutory health insured patients seeking quick and reliable access to healthcare appointments. Technically, the website is built on the TYPO3 CMS framework, leveraging modern web technologies including JavaScript and CSS. It integrates Matomo analytics with a clear cookie consent mechanism, ensuring compliance with GDPR and privacy best practices. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Hosting appears to be managed by kv.digital GmbH, a technology partner closely affiliated with the KBV. From a security perspective, the site enforces HTTPS and employs cookie consent for tracking, minimizing privacy risks. However, explicit security headers such as Content Security Policy and HSTS are not evident, and no formal security or incident response policies are published. No vulnerabilities or exposed sensitive data were detected in the analysis. The WHOIS data is limited but does not raise concerns, and the domain appears legitimate and consistent with the official nature of the service. Overall, the website presents a professional, secure, and privacy-conscious platform that effectively supports its public healthcare mission. Strategic improvements could include publishing a security policy, adding security headers, and providing clearer contact information for incident response. These enhancements would further strengthen trust and compliance in an increasingly regulated digital environment.

B

Buzzvil

buzzvil.com

28

Buzzvil is a South Korean technology company specializing in reward-based advertising models that focus on customer acquisition, activation, and monetization. Their website presents a professional and modern interface primarily in Korean, targeting businesses and advertisers interested in innovative advertising solutions. The company positions itself as an innovative player in the advertising technology sector with a unique customer benefit model. Technically, the website is built using modern JavaScript frameworks such as React and Next.js, with good mobile optimization and moderate performance. Security posture is strong with HTTPS enforced and multiple security headers present, although privacy and cookie policies are not clearly visible, indicating room for improvement in compliance. The absence of WHOIS data is a notable concern, suggesting either privacy protection or recent domain registration, which slightly reduces trustworthiness. Overall, the website is professional and functional but would benefit from enhanced transparency and compliance documentation.

University College London's merchandise website is an official e-commerce platform hosted on Shopify, offering branded products such as clothing, accessories, and stationery targeted at students, staff, alumni, and supporters. The site uses a modern Shopify Dawn theme and integrates various Shopify and third-party scripts for analytics and form management. The domain is newly registered, consistent with a recently launched dedicated merchandise store. Security measures include HTTPS enforcement, domain transfer locks, and hCaptcha for bot protection, though DNSSEC is not enabled and no explicit privacy or cookie policies are present. Overall, the site presents a professional and trustworthy front with room for improvement in privacy compliance and DNS security.

(

(주)현신종합건축사사무소

hyunshin.com

61

The website www.hyunshin.com represents (주)현신종합건축사사무소, a specialized architectural firm in Korea focusing on healthcare facility design and construction supervision. The site is built on the Wix platform, leveraging Wix's Thunderbolt framework and standard web technologies such as JavaScript, CSS, and HTML5. The content is primarily in Korean with some English, targeting healthcare and architectural clients in Korea. The business model centers on architectural design and supervision services with a niche in healthcare projects. The website presents a professional design and good user experience but lacks comprehensive privacy, cookie, and contact information pages, which are critical for compliance and trust.

B

Bundesinstitut für Öffentliche Gesundheit (BIÖG)

kindergesundheit-info.de

65

The website kindergesundheit-info.de is an authoritative German government-backed portal operated by the Bundesinstitut für Öffentliche Gesundheit (BIÖG). It provides comprehensive, scientifically grounded information and resources on child health and development for children aged 0 to 6 years. The portal targets parents, healthcare professionals, and community workers, offering materials such as brochures, infographics, films, and practical tools like the U-Termin-Rechner for appointment scheduling. The business model is non-commercial, focusing on public health education and support. Technically, the site is built on TYPO3 CMS, employs Matomo for privacy-conscious analytics, and demonstrates good mobile optimization, accessibility, and SEO practices. The infrastructure appears stable and well-maintained, with local hosting of analytics in Germany and no detected blocking or WAF interference. The site uses HTTPS with excellent SSL configuration, though it lacks some security headers and explicit published security policies. From a security and privacy perspective, the website shows strong GDPR compliance with a clear privacy policy, cookie consent banner, and anonymized data collection. However, it lacks explicit incident response contacts, vulnerability disclosure mechanisms, and security policy documentation. No exposed vulnerabilities or suspicious domains were detected, and no commercial tracking or advertising networks are present. Overall, the site is trustworthy, professional, and safe for general audiences, particularly parents and professionals seeking child health information. Strategic improvements could include publishing security policies, adding security headers, and providing explicit incident response contacts to enhance transparency and security posture.

S

Sportcast GmbH

sportcast.de

50

Sportcast GmbH is a specialized media production company focused on live TV production for the Bundesliga and 2. Bundesliga football leagues. As a subsidiary of the DFL Deutsche Fußball Liga, it holds a leading position in the German sports broadcasting market, producing over 600 games per season. The company leverages modern technology and a skilled workforce to deliver high-quality sports content to millions of fans worldwide. The website reflects a professional and consistent brand image with clear contact information and multilingual support. Technically, the site is built on TYPO3 CMS, hosted likely on AWS infrastructure, and demonstrates good performance and mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though some security headers and policies could be improved. Privacy compliance is adequate with accessible privacy and cookie policies, though no explicit consent mechanism was detected. Overall, the site is trustworthy and well-maintained, supporting the company's business credibility and market presence.

H

hantha. Die Webexperten

hantha.com

50

Hantha. Die Webexperten is a small technology-focused web agency based in South Tyrol, Italy, specializing in web design, programming, SEO, e-commerce, and web applications. The company targets businesses primarily in German-speaking regions, offering professional digital solutions with a strong emphasis on design and innovation. Their market position is supported by a portfolio of notable clients including world market leaders and regional enterprises. Technically, the website is built on TYPO3 CMS with modern JavaScript and CSS technologies, delivering fast performance and excellent mobile optimization. The site includes cookie consent mechanisms and uses analytics tools such as Microsoft Clarity and Google Tag Manager, reflecting a moderate user tracking level with good privacy compliance. Security posture is generally good with HTTPS enforced and no exposed sensitive data, but lacks published security policies, incident response contacts, and security headers, which are areas for improvement. The absence of WHOIS data for the domain is a significant anomaly that lowers the trust score, although the professional website and consistent business information mitigate some concerns. Overall, the website is professional, trustworthy, and well-optimized, but would benefit from enhanced transparency in security and domain registration details.

G

GKV-Bündnis für Gesundheit

gkv-buendnis.de

59

The GKV-Bündnis für Gesundheit website represents a collaborative initiative of statutory health insurance funds in Germany focused on advancing health promotion and prevention across various life settings such as communities, schools, and care facilities. The site provides practical resources and information targeting health professionals and stakeholders involved in these sectors. The business model is non-profit and government-related, emphasizing public health improvement. Technically, the website employs modern web standards with responsive design, accessibility features, and uses Matomo analytics with a consent mechanism, reflecting a privacy-conscious approach. Hosting and DNS infrastructure align with official statutory health insurance IT services, indicating a stable and trustworthy technical foundation. From a security perspective, the site enforces HTTPS, uses cookie consent, and avoids exposing sensitive data. However, it lacks explicit security policy documentation and incident response contacts, which could be improved to enhance transparency and trust. No vulnerabilities or suspicious elements were detected. Overall, the website is professional, trustworthy, and well-aligned with its public health mission. Strategic recommendations include publishing dedicated security and incident response policies, enhancing security headers, and providing clearer contact information to strengthen user trust and compliance.

B

Bundesinstitut für Öffentliche Gesundheit (BIÖG)

j1-info.de

65

The website www.j1-info.de is an official public health information portal managed by the Bundesinstitut für Öffentliche Gesundheit (BIÖG) in Germany. It provides comprehensive information about the J1 health check for adolescents aged 12 to 14, including educational content, appointment scheduling assistance, and a doctor search feature. The site targets youth, their parents, and healthcare professionals, positioning itself as a trusted government resource in the healthcare sector. The content is well-structured, multilingual, and includes accessible media, enhancing user engagement and inclusivity. Technically, the site is built on TYPO3 CMS, employs Matomo for privacy-conscious analytics, and uses modern web technologies including accessible video players and responsive design. The website demonstrates good performance and SEO practices, with strong accessibility features. Hosting details are not explicitly disclosed, but data processing for analytics is localized in Germany, aligning with GDPR requirements. From a security perspective, the site enforces HTTPS, anonymizes IP addresses in analytics, and implements a clear cookie consent mechanism. While some security headers like Content-Security-Policy are not explicitly found, the overall posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy compliance is excellent, with detailed policies and user consent mechanisms in place. Overall, the website presents a low-risk profile with high trustworthiness, serving as a professional and reliable source of health information for its audience. Strategic recommendations include enhancing security headers and publishing explicit security policies to further strengthen trust and compliance.

Unser-stadtplan.de is a German website operated by Städte-Verlag E. v. Wagner & J. Mitterhuber GmbH, providing digital and printed city maps, district maps, and comprehensive business directories. The platform also features job listings, targeting local residents and businesses in Germany. The website content is primarily in German and focuses on delivering detailed geographic and commercial information to its users. The business model revolves around map publishing and local business promotion, positioning itself as a regional leader in city planning and local information services. Technically, the website uses standard web technologies including JavaScript and CSS with custom scripts for UI interactions and animations. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. No CMS or major frameworks are detected. The hosting provider and SSL configuration details are not explicitly available, limiting a full technical assessment. From a security perspective, the site does not explicitly show HTTPS status or security headers in the provided data, indicating potential gaps in security best practices. No privacy or cookie consent banners are present, which is a compliance concern under GDPR. The site includes a privacy policy and contact form but lacks visible incident response or security policies. No vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website is functional and provides valuable local information but would benefit from enhanced security measures, improved privacy compliance, and better technical modernization to strengthen trust and user experience.