Security Directory

C

Crafton

crafton.eu

66

Crafton is a well-established UX-driven software house and web agency founded in 2010, specializing in user experience, web development, and mobile applications. The company serves a diverse clientele including major banks, government ministries, and large enterprises, with a strong presence in Poland and the Middle East. Their services focus on improving usability, digital transformation, and business process automation. Technically, the website is built on modern JavaScript frameworks (Vue.js, Nuxt.js) and uses popular CMS platforms such as WordPress and Adobe Experience Manager. Hosting is provided by home.pl S.A., a reputable registrar and hosting provider. The website demonstrates excellent design quality, mobile optimization, and SEO practices. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers and incident response information are absent. Privacy compliance is well addressed with clear cookie consent mechanisms and privacy policy references. Overall, Crafton presents a professional, trustworthy, and technically mature digital presence.

C

Crafton

crafton.pl

67

Crafton is a well-established UX/UI design and software development agency founded in 2010, headquartered in Poland with an international presence including a Middle East office. The company specializes in creating user-centric web and mobile applications, combining design, technology, and user experience to deliver measurable business results. Their client portfolio includes major corporations in banking, energy, transportation, and government sectors, positioning them as a leading agency in Poland and beyond. The website reflects a mature digital presence with rich content, multilingual support, and strong branding consistency. Technically, the site leverages modern JavaScript frameworks such as Vue.js and Nuxt.js, alongside CMS platforms like WordPress, Drupal, and Adobe Experience Manager, ensuring a robust and scalable infrastructure. Security posture is strong with HTTPS enforcement and security headers, though explicit security and privacy policies are absent, representing an area for improvement. Overall, Crafton demonstrates a high level of professionalism, trustworthiness, and digital maturity suitable for enterprise clients.

M

MBH Befektetési Bank Zrt.

mbhbefektetesibank.hu

55

MBH Befektetési Bank Zrt. is a Hungarian investment bank offering a broad range of financial services including investment account management, bonds, structured products, shares, and private banking. The bank leverages the combined expertise of Budapest Bank, Takarékbank, and MKB Bank, positioning itself as a significant player in the Hungarian financial market. The website is professionally designed, mobile-optimized, and provides comprehensive information and tools for retail and corporate investors. Technically, the site uses modern JavaScript frameworks like Vue.js and integrates Google Tag Manager and reCAPTCHA for analytics and security. Security posture is strong with HTTPS, cookie consent, and secure forms, though explicit security policies and incident response contacts are not published. Overall, the site is trustworthy, compliant with GDPR, and provides multiple contact channels.

K

Koning Boudewijnstichting / Fondation Roi Baudouin

kbs-frb.be

62

The King Baudouin Foundation is a well-established Belgian non-profit organization founded in 1997, focused on philanthropy and social impact both locally and internationally. It operates as part of the Myriad alliance, connecting donors with trusted charities worldwide. The website reflects a mature digital presence with multilingual support, rich content, and clear navigation aimed at donors, NGOs, and social actors. Technically, the site is built on Drupal 9 with modern JavaScript frameworks and includes accessibility and SEO best practices. Security posture is strong with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not found. Overall, the domain registration and website content align well, indicating high legitimacy and trustworthiness.

N

nazwa.pl sp. z o.o.

automarket.pl

57

Automarket.pl is an established Polish online platform specializing in automotive leasing and long-term rental services, offering a wide selection of new and used vehicles to both individual and corporate customers. The website presents a professional and user-friendly interface built on modern technologies such as Nuxt.js and Vue.js, ensuring good mobile optimization and SEO practices. The platform emphasizes flexible financing options including leasing, long-term rental, and cash loans, positioning itself as a comprehensive automotive financial service provider in Poland. Security-wise, the site benefits from HTTPS and DNSSEC, but lacks explicit security headers and formal privacy or cookie policies, which are areas for improvement. Contact information is limited to a phone number, with no visible email or physical address in the provided content. Overall, the website is trustworthy and well-established, but could enhance its compliance and security posture by adding privacy policies, cookie consent mechanisms, and incident response disclosures.

O

Orange Warsaw Festival

orangewarsawfestival.pl

57

Orange Warsaw Festival is a well-established music and cultural event based in Warsaw, Poland, with a domain age dating back to 2008. The website serves as the official platform for festival information, artist line-ups, ticket sales, and media relations. It targets music festival attendees and cultural event participants, positioning itself as the largest music festival in Warsaw. The technical infrastructure leverages modern web technologies including Vue.js and Nuxt.js, with integration of Google Tag Manager for analytics and marketing. The site is mobile-optimized, accessible, and SEO-friendly, providing a professional user experience. Security posture is good with HTTPS enabled and cookie consent mechanisms in place, though some security headers and DNSSEC are missing. Privacy compliance is basic but includes a privacy policy and cookie banner. No direct contact emails or phone numbers were found, and no explicit security or incident response policies are published. Overall, the website is trustworthy, professional, and safe for general audiences.

R

Respond.io

respond.io

74

Respond.io is a well-established AI-powered customer conversation management platform founded in 2012, offering SaaS solutions that unify multi-channel communications including WhatsApp, email, social media, and calls. The company targets B2C businesses aiming to capture, convert, and retain customers through automation and AI-driven tools. Their market position is strong, supported by a professional website with excellent content quality and consistent branding. Technically, the website leverages modern frameworks such as Astro and Vue.js, is hosted behind Cloudflare DNS, and integrates multiple analytics and marketing tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and domain protections in place, though DNSSEC is not enabled and explicit security policies are not published. Privacy compliance is partially addressed with cookie consent mechanisms but lacks visible privacy and terms of service pages. Overall, the website is professional, trustworthy, and technically sound, with room for improvement in transparency and formal security disclosures.

H

hmmh Poland sp. z o.o.

hmmh.pl

39

hmmh Poland sp. z o.o. is a professional software house specializing in web design, WordPress development, and e-commerce solutions. The company offers a comprehensive range of services including SEO, marketing automation, analytics, and outsourcing, targeting businesses seeking robust digital presence and e-commerce platforms. Recognized as a Shopware Gold Partner and awarded multiple industry accolades, hmmh Poland holds a strong market position in the technology and e-commerce sectors within Poland. The website reflects a mature digital infrastructure with modern technologies such as WordPress, Symfony, Laravel, React, and Vue.js, integrated with leading e-commerce platforms like Shopware, WooCommerce, and Salesforce Commerce Cloud. The site is well-optimized for mobile and SEO, featuring clear navigation and professional content. Security posture is solid with HTTPS enforcement and reCAPTCHA integration, though formal security policies and incident response contacts are not publicly documented. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. Overall, hmmh Poland demonstrates a credible, trustworthy, and technically competent online presence.

G

GOLFiGO

golfigo.com

47

GOLFiGO appears to be a small technology-oriented business, likely focused on golf-related systems or services, as suggested by the website title and keywords. The website is built using modern frontend technologies such as Vue.js and Vuetify, hosted behind Cloudflare DNS, indicating a moderate level of digital maturity. However, the website content is minimal with no detailed business descriptions, contact information, or privacy-related policies, which limits transparency and user trust. Security posture is basic with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Overall, the site is accessible and functional but requires improvements in content richness, privacy compliance, and security best practices to strengthen its credibility and user trust.

A

Audemars Piguet

aplb.ch

80

Audemars Piguet is a prestigious Swiss luxury watchmaker with a rich heritage dating back to 1875. The company operates a sophisticated and visually rich website that showcases its products, brand story, and latest novelties. The site targets affluent consumers and watch enthusiasts globally, emphasizing craftsmanship and exclusivity. Technically, the website leverages modern JavaScript frameworks such as Vue.js, integrates Google Tag Manager for analytics, and uses OneTrust for privacy compliance, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response contacts are not publicly disclosed. The WHOIS data for the domain is unavailable, likely due to privacy protection, which is common for luxury brands. Overall, the website is professional, secure, and compliant with privacy regulations, supporting the brand's high trustworthiness and market position.

N

Novo Nordisk

novonordisk.pl

73

Novo Nordisk Polska is the Polish branch of Novo Nordisk, a leading global healthcare company specializing in innovative therapies for chronic diseases such as diabetes, obesity, haemophilia, and menopause. The website serves Polish patients, healthcare professionals, and job seekers, providing comprehensive information about the company's scientific approach, heritage, and business activities. The company holds a strong market position with over 100 years of history and operates as an enterprise-level pharmaceutical business.

V

Valencia Kommunikation AG (bisher: cab services ag)

cabag.ch

59

cab.digital is a Swiss digital agency based in Basel, operating under the legal entity Valencia Kommunikation AG (formerly cab services ag). The company specializes in web development, user experience design, digital strategy consulting, and agile coaching. Their market position is that of a trusted regional digital partner with a strong emphasis on customer relationships and pragmatic digital solutions. The website showcases detailed case studies and a professional design that reflects their expertise and client focus. Technically, the site uses modern JavaScript frameworks including Vue.js and CMS platforms like TYPO3 and Craft CMS, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and cookie consent implemented, though the site lacks a dedicated security policy or incident response information. WHOIS data is privacy protected, which is justified for this business type, and no suspicious patterns were detected. Overall, the website is professional, trustworthy, and well-structured, supporting the company's credibility in the digital services market.

H

home.pl S.A.

publio.pl

62

Publio.pl is a well-established Polish online bookstore specializing in digital content such as ebooks, audiobooks, and e-press. The platform targets Polish-speaking readers and offers a wide range of digital books in multiple formats including epub, mobi, pdf, and mp3. The business operates under the parent company home.pl S.A., with a domain registered since 2011, indicating a mature market presence. The website features a modern technical infrastructure built on Vue.js and Nuxt.js frameworks, integrating third-party search and autocomplete services to enhance user experience. Social media presence on YouTube, Facebook, and Instagram supports marketing efforts and customer engagement. However, explicit privacy and cookie policies are not readily found, which may impact compliance and user trust.

R

Roparun Loterij 24-25

roparunloterij.nl

53

The Roparun Loterij website is a Dutch charity lottery platform supporting the Roparun event, which raises funds for good causes. The site offers lottery ticket sales with an age restriction of 18+, providing users with information about lottery results and terms. The business operates in the non-profit sector with a clear focus on charitable fundraising through lottery activities. The domain is mature, registered since 2009, and hosted by a reputable provider, indicating a stable presence in the market. Technically, the website is built using modern JavaScript frameworks Vue.js and Nuxt.js, ensuring a responsive and user-friendly experience across devices. The site loads moderately fast and has basic SEO and accessibility features. However, it lacks some advanced security headers and cookie consent mechanisms, which could be improved to enhance compliance and security posture. From a security perspective, the site uses HTTPS and includes invisible reCAPTCHA on forms to prevent abuse. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website content, supporting legitimacy. However, the absence of explicit security policies and incident response contacts suggests room for improvement in transparency and preparedness. Overall, the website presents a trustworthy and professional front for a charity lottery, with good business credibility and technical implementation. Strategic enhancements in privacy compliance and security best practices would further strengthen its position and user trust.

M

Merck & Co., Inc.

msdclinicaltrials.com

67

The website www.msdclinicaltrials.com serves as an official platform for Merck & Co., Inc. (known as MSD outside the US and Canada) to provide information about clinical trials and medical research. It targets patients, caregivers, healthcare professionals, and potential clinical trial volunteers globally. The site offers comprehensive resources on various therapeutic areas, including cardiovascular diseases, oncology, infectious diseases, and vaccines, reflecting MSD's long-standing commitment to healthcare innovation. The business model focuses on pharmaceutical research and development with a strong emphasis on clinical trials to advance medical science. Technically, the website is built on WordPress with modern technologies such as Vue.js and integrates tools like Google Tag Manager and OneTrust for cookie consent management. The site is well-optimized for mobile devices, accessible, and SEO-friendly, with multilingual support for global reach. Performance is moderate, with room for improvement in explicit security header implementation. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks visible advanced security headers and publicly available security or incident response policies. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS domain registration data is a notable concern, impacting domain legitimacy trust scores, though the website content and branding strongly suggest it is an official MSD resource. Overall, the website presents a professional, trustworthy, and user-friendly experience with strong content quality and privacy compliance. Strategic recommendations include enhancing security headers, publishing security policies, and verifying domain registration details to improve trustworthiness and compliance posture.

V

Vasárnap.hu

vasarnap.hu

29

Vasárnap.hu is a Hungarian Christian conservative news portal established in 2020, providing news, opinion pieces, and multimedia content targeted at a Hungarian-speaking conservative Christian audience. The website leverages WordPress CMS with a modern tech stack including Bootstrap, Vue.js, and various plugins for analytics, polls, and newsletters. It maintains an active social media presence across major platforms such as Facebook, YouTube, Instagram, Spotify, and TikTok. The site enforces HTTPS and uses Google Analytics with opt-out capabilities, but lacks a cookie consent mechanism and comprehensive security headers. Privacy and legal pages are present, indicating basic GDPR compliance, though no explicit security or incident response policies are published. Overall, the website demonstrates a good level of professionalism and content quality suitable for its niche audience.

T

The American Society of Mechanical Engineers

asme.org

69

The American Society of Mechanical Engineers (ASME) is a globally recognized non-profit professional organization dedicated to advancing multidisciplinary engineering and allied sciences. Founded in 1880, ASME offers a broad range of services including engineering standards development, certification and accreditation programs, professional training courses, publications, and industry events. The organization serves a diverse audience of mechanical engineers, students, and industry professionals worldwide, maintaining a strong market position as a trusted source for engineering standards and professional development. Technically, the ASME website demonstrates a mature digital infrastructure utilizing modern JavaScript frameworks such as React and Vue.js, integrated with multiple analytics and marketing tools including Google Tag Manager, Microsoft Clarity, Mouseflow, HubSpot, and Facebook Pixel. The site is well-optimized for mobile devices, accessible, and SEO-friendly, with a professional design and clear navigation structure. From a security perspective, the website enforces HTTPS with strong SSL configuration and implements key security headers. It includes privacy and cookie policies with consent mechanisms, indicating good compliance with GDPR and related regulations. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policy and incident response disclosures are not found, suggesting room for improvement in transparency. Overall, ASME's website reflects a high level of professionalism, trustworthiness, and compliance suitable for a large, established non-profit organization. The domain WHOIS data is privacy protected, which is justified given the organization's profile. The site integrates multiple related service domains for career services, e-commerce, digital publications, and certification management, enhancing its ecosystem. Strategic recommendations include enhancing security policy transparency, publishing incident response and vulnerability disclosure information, and maintaining vigilant third-party script audits to sustain security posture.

The Software Engineering Institute's CERT Division, hosted under the domain insights.sei.cmu.edu, is a leading cybersecurity research and operational organization affiliated with Carnegie Mellon University. It provides advanced cybersecurity services including vulnerability research, incident response, workforce development, and risk management. The division collaborates extensively with government, industry, law enforcement, and academia to enhance cybersecurity resilience. The website reflects a mature, professional digital presence with comprehensive content, leadership profiles, case studies, and vulnerability disclosures, positioning it as a trusted authority in cybersecurity. Technically, the website employs modern web technologies such as Vue.js, MathJax, and Font Awesome, and integrates analytics tools like Google Tag Manager and Silktide Analytics. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. Security posture is strong with HTTPS enforced and secure forms, but could be improved by adding security headers and explicit cookie consent mechanisms. Privacy compliance is supported by a comprehensive privacy policy linked from the main SEI site. Overall, the security posture is robust with no detected vulnerabilities or exposed sensitive data. The lack of WHOIS data for the subdomain is typical and not concerning given the affiliation with Carnegie Mellon University. The site maintains high trustworthiness and professionalism, with clear contact information and active social media engagement. Strategically, the CERT Division should enhance privacy compliance by implementing cookie consent banners and publish explicit security policies or security.txt files to facilitate vulnerability reporting. These steps will further strengthen user trust and regulatory compliance.

G

Grupa Morizon-Gratka Sp. z o.o.

gratka.pl

55

Gratka.pl is a well-established Polish online real estate marketplace operated by Grupa Morizon-Gratka Sp. z o.o., founded in 2002. The platform offers comprehensive listings for buying, selling, and renting various property types including apartments, houses, plots, commercial properties, and garages. It targets individuals and businesses in Poland seeking real estate opportunities. The website is supported by mobile applications for iOS and Android, enhancing accessibility and user engagement. The partnership with Onet.pl, a major Polish web portal, further strengthens its market presence. Technically, the site is built using modern JavaScript frameworks such as Nuxt.js and Vue.js, providing a responsive and user-friendly experience across devices. The site demonstrates good SEO practices and moderate performance, although some accessibility features could be improved. Security is implemented with HTTPS and reCAPTCHA v3, but lacks visible security headers and published security policies, which are areas for enhancement. From a security and compliance perspective, the site does not explicitly display privacy or cookie policies in the provided content, which may impact GDPR compliance. The WHOIS data confirms the domain's legitimacy and long-standing registration consistent with the business history. No critical vulnerabilities or suspicious indicators were found. Overall, the site presents a professional and trustworthy platform with room for improvement in privacy transparency and security hardening. Strategic recommendations include publishing comprehensive privacy and cookie policies with consent mechanisms, enabling DNSSEC, implementing security headers, and establishing a vulnerability disclosure process to enhance trust and compliance.

Y

Yump

yump.com.au

64

Yump Digital is a Melbourne-based UX design agency specializing in serving not-for-profit organizations and social enterprises. The company focuses on delivering inclusive, accessible, and user-centered digital experiences that drive positive social change. Positioned as one of Australia's most awarded cause-based UX agencies, Yump offers services including UX strategy, design, and accessible web development. The business operates under the parent company Bright Labs and targets clients primarily in Australia, emphasizing social impact and engagement.

The website county-taxes.net serves as an online platform for managing and making payments related to government services, specifically bill payments. The site is relatively new, established in 2021, and uses modern web technologies such as Vue.js and Google Tag Manager. The content is minimal but focused on providing a convenient payment service. The lack of detailed business information, contact details, and policies limits the transparency and trustworthiness of the site. From a technical perspective, the site employs a modern JavaScript framework and is hosted with Cloudflare DNS services. However, there is no evidence of DNSSEC, security headers, or comprehensive privacy and cookie policies, which are important for security and compliance. The site is accessible without WAF or security challenge blocks, indicating no immediate access restrictions. Security posture is moderate but could be improved by implementing security headers, enabling DNSSEC, and publishing privacy and cookie policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The domain registration is consistent and appropriate for the business type, registered with a reputable registrar, Cloudflare, Inc. Overall, the site presents a basic but functional government payment service with room for improvement in security, privacy compliance, and business transparency.

F

Faromedia

faromedia.be

57

Faromedia is a Belgian digital agency specializing in Drupal website development, API integrations, and online marketing services tailored for small and medium enterprises (KMO's) and government entities. Established since 2001, the company positions itself as a trusted partner for digital growth in Belgium, offering personalized and expert solutions. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive service offerings. Technically, the site leverages modern JavaScript libraries and frameworks such as Vue.js and Axios, alongside Google Tag Manager for analytics and Iubenda for cookie consent management. Security posture is solid with enforced HTTPS and cookie consent mechanisms, though some security headers are not visibly implemented. Privacy compliance is well addressed with clear privacy and cookie policies. The WHOIS data is restricted, indicating privacy protection, which is justified for this business type. Overall, Faromedia demonstrates a credible and professional digital footprint with room for minor security enhancements.

W

Webhero Billing - Facturatieprogramma voor KMO's en zelfstandigen

webhero-billing.com

55

Webhero Billing is a specialized invoicing software provider targeting small and medium-sized enterprises (SMEs) and self-employed professionals in Belgium. The company offers a SaaS platform that enables users to create and send invoices and quotes quickly, with compliance to the Peppol e-invoicing standard. The website is professionally designed, multilingual (Dutch and French), and includes comprehensive support resources such as FAQs, tutorials, and demo scheduling. Technically, the site uses modern JavaScript frameworks like Vue.js and Axios, integrates Google Tag Manager for analytics, and provides a responsive user experience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though security headers and explicit security policies are absent. The WHOIS data is missing, indicating potential issues with domain registration legitimacy, which lowers the trust score despite the professional appearance and business focus. Overall, the site is functional, compliant with GDPR, and serves its niche well but requires domain registration verification to fully establish trust.

N

Nova Medical Finance

novamedical.co.nz

65

Nova Medical Finance is a New Zealand-based medical finance provider specializing in flexible payment plans for a variety of medical procedures including plastic surgery, bariatric surgery, laser eye surgery, dentistry, and fertility treatments. The company emphasizes its doctor ownership and close relationships with leading specialists, positioning itself as a trusted partner for patients seeking financing for life-changing medical treatments. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content tailored to its target audience in New Zealand. Technically, the website employs modern web technologies such as Vue.js, Bootstrap, Google Tag Manager, Google Analytics, and Google reCAPTCHA to enhance user experience, tracking, and security. The site is served over HTTPS with no visible security vulnerabilities in the content. However, some security best practices like security headers and explicit cookie consent mechanisms are missing, which could be improved to enhance compliance and security posture. From a security perspective, the site shows good use of HTTPS and anti-bot measures but lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms. The absence of WHOIS data for the domain raises concerns about domain registration transparency and legitimacy, although the website content and professional presentation suggest a legitimate business. Overall, the site maintains a moderate to good security posture but would benefit from enhanced transparency and compliance features. Strategically, the business should focus on verifying and publishing domain registration details, implementing comprehensive privacy and cookie policies with user consent, adding security headers, and establishing clear incident response and vulnerability disclosure policies to build greater trust and compliance with data protection regulations.

Rollforming Services Ltd is a New Zealand-based manufacturer specializing in precision light gauge steel roll-formed components for the construction sector. The company offers contract manufacturing services for a variety of steel profiles including framing, trusses, floor joists, purlins, and custom profiles. Backed by Howick Ltd, a notable New Zealand roll forming machine producer, Rollforming Services positions itself as a provider of efficient, accurate, and locally made steel construction solutions. The website reflects a professional and well-branded presence targeting construction businesses seeking smart building materials. Technically, the website employs modern web technologies such as Vue.js, Google Analytics, and marketing automation tools, with good mobile optimization and SEO practices. Security posture is solid with HTTPS and reCAPTCHA usage, though lacks some security headers and explicit incident response policies. The absence of WHOIS data for the domain is a notable concern, impacting domain legitimacy verification. Overall, the site is trustworthy and professional but would benefit from enhanced transparency and compliance features.

Garador is a New Zealand-based manufacturer and supplier of garage doors and openers, targeting residential and industrial customers across the country. The company emphasizes reliability, security, and custom-built solutions, supported by a dealer network and warranty services. The website reflects a mature digital presence with modern technologies such as Vue.js, Google Tag Manager, and reCAPTCHA integrated for user interaction and security. Privacy and cookie policies are clearly presented, indicating compliance with data protection standards. However, the absence of WHOIS data raises questions about domain registration transparency, which should be verified for full trust assurance. Security posture is generally good with HTTPS and form protections, but could be enhanced with additional security headers and incident response information. Overall, the site is professional, user-friendly, and well-optimized for SEO and mobile devices.

G

Generus Living

generus.co.nz

57

Generus Living is a New Zealand-based company specializing in the development and management of premium retirement villages and aged care facilities. The company positions itself as a leader and innovator in senior living environments, targeting discerning retirees seeking high-quality lifestyle and care. Their business model includes real estate development, operational management, and investment partnerships. The website reflects a professional and consistent brand image with clear contact information and social media presence. Technically, the website employs modern web technologies including Vue.js, Google Tag Manager, Google Analytics, Facebook Pixel, and Google reCAPTCHA, indicating a mature digital infrastructure. The site is mobile-optimized with good SEO practices, though accessibility features are basic. Performance is moderate, with asynchronous loading of scripts and optimized media. From a security perspective, the site enforces HTTPS and uses reCAPTCHA for form protection, but lacks visible security headers and a published security policy or incident response plan. The absence of a cookie consent mechanism is a privacy compliance gap, especially given the use of tracking technologies. The WHOIS data is unavailable, which raises questions about domain registration transparency, though the website content and presentation suggest legitimacy. Overall, the website is professional and trustworthy with moderate technical and security maturity. Strategic improvements in privacy compliance, security headers, and domain registration transparency would enhance trust and reduce risk.

Howick Ltd is a New Zealand-based manufacturer and designer of precision light steel roll-forming machines used globally in the construction industry. With nearly 50 years of experience, the company holds a strong market position as a pioneer in cold formed steel technology, serving developers, builders, and offsite construction companies in over 80 countries. Their product portfolio includes a range of roll-forming machines, custom builds, and software solutions tailored for steel framing applications. The website reflects a mature digital presence with professional design, comprehensive content, and multiple trust indicators such as certifications and awards. Technically, the site employs modern web technologies including Vue.js, Google Analytics, and marketing automation tools, with good mobile optimization and SEO practices. Security posture is solid with HTTPS, reCAPTCHA on forms, and no exposed sensitive data, though some security headers could be improved. The absence of WHOIS domain registration data is a notable concern but does not detract significantly from the overall legitimacy given the professional business presence. Overall, Howick Ltd demonstrates a strong business and digital maturity with minor areas for security and compliance enhancement.

F

Filterpro

filterpro.co.nz

54

Filterpro is a New Zealand-based supplier specializing in automotive, light and heavy commercial, and industrial filters, including oil, fuel, air, and cabin filters, as well as lubricants and workshop chemicals. The company operates multiple physical locations across New Zealand, indicating a solid regional presence and a medium-sized business model targeting both B2B and B2C customers in the transportation and manufacturing sectors. The website reflects a professional and consistent brand image with clear contact information and a satisfaction guarantee, supporting its market position as a trusted supplier. Technically, the website employs modern web technologies such as Vue.js, Bootstrap, Google Tag Manager, and Google Analytics, ensuring a responsive and user-friendly experience across devices. While the site is well-structured and optimized for SEO, there is room for improvement in accessibility and performance tuning. The absence of detected CMS suggests a custom or proprietary platform. From a security perspective, the site enforces HTTPS and includes secure login forms with CSRF tokens, but lacks important security headers like Content-Security-Policy and X-Frame-Options. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected, which may expose the company to GDPR compliance risks. The lack of WHOIS data for the domain is unusual but does not currently impact the legitimacy of the business given the professional website and clear contact details. Overall, Filterpro presents a credible and professional online presence with moderate technical maturity and a good security posture. Strategic improvements in security headers, privacy compliance, and WHOIS transparency would enhance trust and reduce risk.

A

Aluro Healthcare NZ Ltd

aluro.co.nz

56

Aluro Healthcare NZ Ltd is a well-established dental products and equipment supplier serving the New Zealand dental industry for over 25 years. The company operates an e-commerce platform offering a wide range of dental consumables, equipment, and professional training courses. Their market position is strong within the local dental sector, supported by professional branding and customer-focused services. The website is designed to cater to dental professionals and consumers, providing educational content and product promotions. Technically, the website employs modern web technologies including Vue.js, Google Analytics, Facebook Pixel, and reCAPTCHA for security. The site is mobile-optimized with good navigation and SEO practices. Security posture is solid with HTTPS enforced and secure forms, though additional security headers could enhance protection. Privacy compliance is basic with a privacy policy likely present but no explicit cookie consent mechanism detected. WHOIS data for the domain is missing, which raises some concerns about domain registration transparency but does not detract significantly from the business credibility based on website content. Overall, the site is professional, trustworthy, and safe for general audiences.

K

Kiwi Office

kiwioffice.co.nz

56

Kiwi Office is a New Zealand-based e-commerce retailer specializing in stationery, office supplies, furniture, and related products. Established since 1975 and 100% Kiwi owned, the company targets both businesses and individual consumers with a comprehensive product range and trade pricing options. The website offers NZ-wide free shipping over $75 and emphasizes customer service and ease of ordering. Technically, the site employs modern web technologies including Vue.js, Bootstrap, and integrates Google Analytics and HubSpot for marketing and analytics. The site is mobile optimized and provides a good user experience with clear navigation and professional design. Security posture is strong with HTTPS, CSRF protection, and no exposed sensitive data, though HTTP security headers could be improved. Privacy and cookie policies are present and indicate GDPR compliance. However, WHOIS data for the domain is missing, which raises transparency concerns about domain registration. Overall, the website is trustworthy and professional, but domain registration details should be clarified to enhance legitimacy.

E

Enterprise Motor Group (RMVT)

enterprisecars.co.nz

61

Enterprise Motor Group (RMVT) operates a professional and comprehensive used car sales and finance website targeting customers in New Zealand, specifically in Auckland, Hamilton, and Gisborne. The company offers a wide range of used vehicles, flexible finance options, and multiple physical branches, positioning itself as a significant player in the New Zealand used car market. The website is well-structured with clear navigation, multiple interactive features, and detailed vehicle listings, supporting a positive user experience. Technically, the site employs modern technologies including Vue.js, Google Analytics, Facebook and TikTok pixels, and Google reCAPTCHA, indicating a mature digital infrastructure. Security practices are generally strong with HTTPS, CSRF tokens, and CAPTCHA protections; however, some security headers are not explicitly detected, and no dedicated security or incident response policies are published. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism. The absence of WHOIS data for the domain is a notable concern, reducing trust in domain legitimacy despite the professional website presence. Overall, the site demonstrates good business credibility and technical maturity but would benefit from enhanced transparency and privacy compliance.

D

Dominator

dominator.co.nz

66

Dominator is a New Zealand-based company specializing in manufacturing and distributing high-quality garage doors and openers. The company operates a network of 30 distributors nationwide, providing comprehensive door-to-door services including selection, installation, and after-sales support. Their website reflects a professional and consistent brand image, targeting homeowners and businesses seeking durable garage door solutions. Technically, the website employs modern frameworks such as Vue.js and Bootstrap, integrates multiple analytics and marketing tools, and uses HTTPS with reCAPTCHA for form security. However, the absence of WHOIS data for the domain raises some concerns about domain registration transparency. Security headers are not explicitly detected, suggesting room for improvement in security hardening. Overall, the site is well-structured, mobile-optimized, and provides clear contact channels, but could enhance trust by publishing security policies and incident response information.

Buteline NZ Ltd is a New Zealand-based manufacturer specializing in plumbing systems for potable water and gas applications, serving both domestic and commercial markets. The company operates internationally with dedicated sites for New Zealand, Malaysia, and the United Kingdom, reflecting a solid market presence. Their product portfolio includes PB Plumbing Systems, Pexline, Bute-Gasline, and underfloor heating systems, positioning them as a key player in the plumbing manufacturing sector. The website branding and content consistently reflect their business identity and market focus. Technically, the website employs modern web technologies including Vue.js, Bootstrap, and Google Analytics, ensuring a responsive and user-friendly experience. The site is mobile optimized and includes SEO best practices such as meta tags and structured data. However, some security best practices like security headers are not visibly implemented, and no CMS or hosting provider details are evident. Performance is moderate with room for optimization. From a security perspective, the site uses HTTPS with a good SSL configuration and includes a cookie consent banner indicating privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS registration details raises concerns about domain legitimacy and trustworthiness. The lack of explicit security policies or incident response information suggests an area for improvement in security transparency. Overall, Buteline's website is professional and trustworthy from a content and usability standpoint but would benefit from enhanced security measures and clearer domain registration transparency to improve its risk profile and stakeholder confidence.

L

Lightingplus

lightingplus.co.nz

64

Lightingplus is a well-established New Zealand-based retailer specializing in lighting products, offering a wide range of lighting fixtures, lamps, bulbs, and related accessories both online and through numerous physical stores nationwide. The company emphasizes quality and variety, targeting residential and commercial customers seeking lighting solutions. Their market position is strong within New Zealand, supported by a comprehensive store network and an e-commerce platform. Technically, the website leverages modern web technologies including Vue.js and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, TikTok Pixel, and Adform, indicating a mature digital marketing strategy. Security-wise, the site uses HTTPS with appropriate security headers and CSRF protections, though explicit security policies and incident response information are not published. Overall, the site is professional, user-friendly, and trustworthy, with good privacy compliance and cookie consent mechanisms. The lack of public WHOIS data is typical for .nz domains and does not detract from the site's legitimacy. Strategic recommendations include publishing a dedicated security policy, incident response contacts, and vulnerability disclosure information to enhance trust and transparency.

G

GenTwo AG

gentwo.com

67

GenTwo AG is a fintech company specializing in assetization and financial engineering, aiming to expand the investment universe by making all assets investable. The company targets financial intermediaries such as banks, hedge funds, asset managers, family offices, and digital investors, offering a unique platform called GenTwo PRO along with other financial technology solutions. The website presents a professional and modern digital presence, leveraging advanced web technologies including Nuxt.js and Vue.js, integrated with HubSpot for marketing and analytics. Security measures are robust, with HTTPS enforced and appropriate security headers in place, although explicit security policies and incident response details are not publicly available. The absence of WHOIS registration data is a notable concern, suggesting the need for further verification of domain ownership. Overall, the website demonstrates a high level of professionalism, content quality, and compliance with privacy regulations, positioning GenTwo as a credible player in the fintech sector.

G

Voluntary work for volunteers and organizations

giveaday.be

53

The website www.giveaday.be is a platform dedicated to connecting volunteers with organizations in Belgium, specifically supported by Flemish cities and municipalities. It offers an extensive range of over 4000 volunteering vacancies, targeting individuals interested in voluntary work and organizations seeking volunteers. The site is multilingual, supporting English, Dutch, and French, indicating a broad regional focus. The business model appears to be non-profit or service-oriented, facilitating community engagement and volunteerism. Technically, the website employs modern frontend technologies including Vue.js, PrimeVue, and Tailwind CSS, hosted on Amazon CloudFront CDN, which suggests a contemporary and scalable infrastructure. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. However, SEO is negatively impacted by the use of a 'noindex, nofollow' meta tag, limiting organic search visibility. From a security perspective, the site uses HTTPS but lacks visible security headers and privacy-related policies such as privacy and cookie policies, which are critical for GDPR compliance. No contact information or incident response channels are provided, which reduces transparency and trust. The WHOIS data for the domain is restricted by DNS Belgium, providing no registrar or registrant information, which limits the ability to fully verify domain legitimacy. Overall, the website serves its community-focused purpose well but requires improvements in security posture, privacy compliance, and transparency to enhance trustworthiness and regulatory adherence.

W

Webhero

webhero.be

62

Webhero is a Belgian technology company specializing in providing accessible and affordable digital tools tailored for entrepreneurs and small to medium-sized enterprises (SMEs). Their offerings include website and webshop creation, SEO tools, billing software compliant with Peppol standards, and booking automation services. The company positions itself as a trusted local digital partner with over 2,000 customers and emphasizes personalized five-star support. Technically, the website leverages modern JavaScript frameworks such as Vue.js, integrates multiple analytics and marketing tools including Google Tag Manager, Hotjar, and Facebook Pixel, and implements GDPR-compliant cookie consent mechanisms. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though security headers and explicit incident response policies could be enhanced. Overall, the website is professional, well-branded, and provides comprehensive contact options, supporting a high trust level. The domain WHOIS data is privacy-protected, common for .be domains, but the website content and business information align well with the claimed Belgian presence and business model.

RaD Car Hire is a well-established car rental company operating primarily in Queensland, Australia, with additional presence in New Zealand. The company offers a wide range of rental vehicles including economy, compact, SUVs, and people movers, targeting travelers and tourists in the Sunshine Coast, Brisbane, and Gold Coast regions. Their business model focuses on providing affordable, late-model vehicles with personal service and convenient airport pickup options. The company is part of the Index Group of Companies, which includes Omega Rental Cars and Pegasus Rental Cars, indicating a broader operational footprint in the rental car industry. Technically, the website is built using modern web technologies including Vue.js and Laravel, with progressive web app features and service worker support for enhanced user experience. The site is optimized for mobile devices, has good SEO practices, and integrates Google Analytics and Tag Manager for tracking. Cookie consent mechanisms are implemented, reflecting attention to privacy compliance, although GDPR-specific compliance could be improved. From a security perspective, the site enforces HTTPS, uses CSRF tokens, and implements cookie consent banners. However, explicit security policies, incident response information, and vulnerability disclosure mechanisms are not publicly available, representing areas for improvement. No critical vulnerabilities or exposed sensitive data were detected in the analysis. Overall, the website and business present a trustworthy and professional image with strong customer testimonials and clear contact information. The lack of WHOIS data due to privacy protection is common and justified for this business type. Strategic recommendations include enhancing security transparency, publishing incident response policies, and improving GDPR compliance to further strengthen trust and security posture.

Y

YesWeHack

dojo-yeswehack.com

70

YesWeHack Dojo is a cybersecurity training platform launched in 2020 by YesWeHack, a recognized player in the bug bounty and security community. The platform offers free Capture The Flag (CTF) challenges and training modules designed to enhance hacking skills for beginners and experienced security researchers alike. It integrates with the broader YesWeHack ecosystem, providing users opportunities to participate in bug bounty programs and gain recognition. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, styled with Tailwind CSS, and employs Matomo for analytics. The site is hosted under a reputable registrar, Gandi SAS, and uses HTTPS with a good SSL configuration. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. From a security perspective, the platform enforces HTTPS and has domain transfer protections in place. However, it lacks DNSSEC and some recommended security headers. Privacy compliance is partially addressed with a comprehensive privacy policy, but no cookie consent mechanism is present despite tracking usage. No explicit incident response contacts or security.txt file were found. Overall, YesWeHack Dojo presents a trustworthy and professional platform for cybersecurity education with a solid technical foundation. Strategic improvements in security headers, cookie consent, and incident response transparency would further enhance its security posture and compliance.

ZeroDisclo.com is a non-profit platform dedicated to facilitating coordinated vulnerability disclosure by providing a secure and confidential environment for security researchers and organizations. The platform addresses key barriers such as legal uncertainty, lack of proper disclosure channels, and communication inefficiencies by partnering with CERTs and leveraging the expertise of YesWeHack. The website presents a clear focus on security research community needs and coordinated disclosure processes. Technically, the website is built using modern JavaScript frameworks including Vue.js and Quasar, hosted via Gandi SAS. The site demonstrates moderate performance and good mobile optimization, though accessibility and SEO optimizations are basic. No major technical issues or vulnerabilities were detected in the provided content, and HTTPS is enforced with a stable domain registration. From a security perspective, the site benefits from HTTPS and domain transfer protections but lacks advanced security headers and explicit incident response contact details. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. The absence of contact information and security policy details limits transparency. Overall, the security posture is solid but could be improved with additional controls and disclosures. The overall risk is moderate with no critical issues detected. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and security culture. The platform is well-positioned as a trusted facilitator in the vulnerability disclosure ecosystem.

T

Taglayer

taglayer.com

66

Taglayer is a Belgium-based technology company founded in 2015 that offers an AI-driven personalization platform designed to enhance customer experiences across multiple channels. Their platform enables businesses to gain deep customer insights, automate and optimize customer interactions, engage customers omnichannel, and track performance to improve conversions and loyalty. The company targets businesses seeking advanced personalization solutions and positions itself as an all-in-one platform with AI capabilities. Technically, the website is built using modern technologies including Vue.js and is hosted with Cloudflare DNS services, delivering fast performance and excellent mobile optimization. Security posture is good with HTTPS enabled and domain transfer protection, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy and cookie policies are comprehensive and GDPR compliant, with clear contact information provided. The website demonstrates high professionalism, strong branding consistency, and trust indicators such as customer case studies and social media presence. Overall, the website scores highly on content quality, technical implementation, privacy compliance, and business credibility, with minor recommendations to enhance security further.

WMT Digital is a full-service technology firm specializing in web, app, OTT, e-commerce, video, data, subscription, and digital marketing platforms. Established in 2016 and based in the US, the company serves enterprise clients, particularly in sports and entertainment, with a partnership-first approach. Their website reflects a professional and modern digital presence, leveraging advanced JavaScript frameworks and marketing tools such as Nuxt.js, Vue.js, HubSpot, and Google Analytics. The firm demonstrates strong market positioning through partnerships with notable organizations like NFL and LaLiga. Security posture is solid with HTTPS enforcement and domain locking, though improvements are recommended in DNSSEC and security headers. Privacy compliance is basic, lacking cookie consent mechanisms despite tracking scripts. Overall, the website is trustworthy and well-structured, supporting the company's credibility and business goals.

U

Underground Printing

undergroundshirts.com

60

Underground Printing is a well-established custom apparel and promotional products company founded in 2001, operating primarily in the US retail sector. The company offers a wide range of services including screen printing, embroidery, digital printing, and heat transfer, targeting businesses, teams, fundraisers, and individuals. Their market position is strong, supported by a large product catalog, multiple physical locations, and a professional e-commerce platform. The website reflects a consistent brand image with excellent content quality and user experience, catering effectively to their target audience. Technically, the website leverages modern web technologies such as Vue.js and Vuetify, integrates with reputable third-party services like Stripe for payments, Klaviyo for marketing, and HelpScout for customer support. Hosting is provided via Amazon AWS infrastructure, ensuring reliable performance. The site is mobile-optimized and includes SEO best practices, although accessibility features could be improved. From a security perspective, the site enforces HTTPS and employs domain locking mechanisms to prevent unauthorized changes. However, DNSSEC is not enabled, and there is a lack of publicly available security policies or incident response information. The absence of privacy and cookie policies indicates a gap in privacy compliance, which could expose the company to regulatory risks. Overall, the website is professional, trustworthy, and functionally sound but would benefit from enhanced privacy compliance and explicit security disclosures to strengthen its security posture and regulatory adherence.

Afonso Digitalbyrå & Webbyrå is a Stockholm-based digital agency specializing in headless e-commerce, web design, and app development. Established since 2008, the company has served over 100 clients, delivering award-winning digital solutions that drive business value and brand growth. Their key services include UX/UI design, WooCommerce development, backend systems, and mobile app creation, targeting businesses seeking to enhance their online presence and sales capabilities. The agency leverages modern technologies such as WordPress, Next.js, Laravel, and React, demonstrating a mature technical infrastructure with fast performance and excellent mobile optimization. From a security perspective, the website employs HTTPS with a strong SSL configuration and uses Cookiebot for GDPR-compliant cookie consent management. However, it lacks visible security headers and published security policies or incident response contacts, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the business claims, showing a long-standing presence and trustworthy legitimacy. Overall, the website presents a professional, well-structured, and secure digital agency platform with strong business credibility. The absence of privacy and terms of service pages slightly impacts privacy compliance scores. Strategic enhancements in security policy transparency and DNS security would further strengthen their security posture and trustworthiness.

China Law and Practice is a professional legal news and analysis platform specializing in the latest regulatory developments in China and their impact on global business. The website provides in-depth articles, full text translations, law digests, and expert commentary targeted at legal professionals, compliance officers, and business executives. It operates under ALM Global, LLC, a recognized legal media company, and offers subscription-based access with trial options. The platform is well-positioned as a niche authoritative source in the legal media industry focused on China. Technically, the website employs modern JavaScript frameworks such as Nuxt.js and Vue.js, along with analytics and tag management tools like Chartbeat and Tealium. The site is mobile-optimized with good SEO and accessibility basics, delivering a professional user experience. However, some security best practices such as security headers and cookie consent mechanisms are not fully implemented. From a security perspective, the site uses HTTPS and avoids exposing sensitive data, but lacks explicit security policies and incident response information. The absence of WHOIS data for the domain is a notable anomaly, though the professional branding and content quality mitigate concerns about legitimacy. Overall, the site demonstrates a mature digital presence with room for improvement in privacy compliance and security transparency. Strategically, the site should enhance its privacy and security posture by adding cookie consent, publishing security policies, and implementing security headers. Addressing the WHOIS data gap or clarifying domain registration details would also strengthen trust. These improvements will help maintain the platform's authoritative position and ensure compliance with evolving regulatory requirements.

T

Taglayer

tglyr.co

66

Taglayer is a technology company specializing in AI-driven personalization platforms designed to enhance customer experiences across multiple channels. Their SaaS offering enables businesses to gain deep customer insights, automate workflows, and optimize engagement through omnichannel messaging and performance tracking. Positioned as an all-in-one solution, Taglayer targets businesses seeking to boost conversions and customer loyalty through personalized interactions. The company is based in Belgium and has been operational since 2015. Technically, the website employs modern technologies including Vue.js and Cloudflare DNS services, ensuring fast performance and excellent mobile optimization. The site is well-structured with comprehensive content, clear navigation, and professional design. Analytics and marketing tools such as Ahrefs Analytics and DoubleClick are used for tracking and advertising purposes, with moderate user tracking levels and good privacy compliance. From a security perspective, the website enforces HTTPS and has domain transfer protections in place. However, DNSSEC is not enabled, and some recommended security headers are missing. There is no publicly available incident response contact or vulnerability disclosure policy, which could be improved. Overall, the security posture is solid but could benefit from additional hardening. The overall risk assessment is low, with no signs of malicious activity or suspicious domain registration patterns. Strategic recommendations include enabling DNSSEC, publishing an incident response contact, and implementing a vulnerability disclosure policy to enhance trust and security culture. The website demonstrates a high level of professionalism, trustworthiness, and technical maturity suitable for its business domain.

M

Metro Gas Ltd

metrogas.co.nz

64

Metro Gas Ltd operates a regional LPG cylinder delivery and swap service primarily serving residential, hospitality, and commercial customers in Auckland and Hamilton, New Zealand. The company emphasizes convenience by delivering LPG cylinders directly to customers' doors, replacing the traditional gas bottle swap at service stations. Their website reflects a professional and customer-focused approach with clear service descriptions and easy navigation. Technically, the website employs modern web technologies including Vue.js, Google reCAPTCHA, and Google Analytics, ensuring a responsive and user-friendly experience. The site is well-optimized for mobile devices and demonstrates good SEO practices. Security is robust with HTTPS enforced and secure payment processes, although some security headers are missing and no explicit cookie consent mechanism is present. From a security perspective, the site shows good maturity with no visible vulnerabilities or exposed sensitive data. However, the absence of WHOIS data limits domain registration trust analysis, and no formal security or incident response policies are published. Overall, the site is trustworthy and professional but could improve transparency and compliance by adding cookie consent and security policy information. The overall risk is moderate with recommendations to enhance security headers, implement cookie consent, and publish vulnerability disclosure or incident response details to strengthen trust and compliance.

V

vzw Rozemarijn

vzwrozemarijn.be

55

vzw Rozemarijn is a Belgian non-profit organization dedicated to providing care and support services for adults with disabilities in the Vlaams-Brabant region, specifically in Keerbergen and Haacht. Their key offerings include day support, residential support, care purchasing, guided work, enclave work, and semi-industrial work, targeting a niche audience requiring specialized assistance. The website reflects a professional and consistent brand image with clear contact details and structured data enhancing credibility. Technically, the website employs modern JavaScript frameworks such as Vue.js and jQuery, integrates Google Tag Manager for analytics, and uses HTTPS with a cookie consent mechanism, indicating a moderate level of digital maturity. The site is mobile-optimized with good SEO practices but lacks some advanced security headers that could further harden its posture. From a security perspective, the site enforces HTTPS and provides cookie consent aligned with GDPR requirements. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in security transparency and readiness. The WHOIS data is restricted, limiting domain trust verification, but the website content and contact information appear legitimate and consistent with the organization's mission. Overall, the website scores well in content quality, privacy compliance, and business credibility, with moderate technical and security scores. Strategic enhancements in security headers, published policies, and WHOIS transparency would strengthen trust and resilience.

O

Ons Tehuis Brabant

onstehuisbrabant.be

58

Ons Tehuis Brabant is a Belgian non-profit organization dedicated to providing care and support services for adults with mental disabilities. Accredited by the Vlaams Agentschap voor Personen met een Handicap (VAPH), the organization operates multiple facilities offering day support, residential assistance, and personalized care budgets. Their website reflects a professional and consistent brand presence with clear contact information and social media engagement, positioning them as a trusted regional care provider. Technically, the website leverages modern JavaScript frameworks such as Vue.js and Axios, alongside jQuery, and is built on the Webhero CMS platform. The site is mobile-optimized with good SEO practices and includes GDPR-compliant privacy and cookie policies. However, there is room for improvement in security headers and explicit incident response documentation. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, demonstrating a solid baseline for privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. The lack of WHOIS data is due to registry restrictions rather than suspicious activity, and the domain's legitimacy is supported by consistent business information and accreditations. Overall, the website presents a low-risk profile with a strong focus on user privacy and accessibility. Strategic enhancements in security headers and incident response transparency would further strengthen their security posture.