Security Directory

B

Bureau Veritas Eesti

bureauveritas.ee

68

Bureau Veritas Eesti is a well-established branch of the global Bureau Veritas Group, specializing in certification, inspection, and sustainability services. The company offers a broad portfolio of services including ISO management system certifications, food safety, information security, and sustainability consulting, targeting businesses in Estonia. The website reflects a professional and consistent brand image with clear navigation and relevant content for its audience. Technically, the site is built on Drupal 10, uses modern consent management tools (Didomi), and integrates Google Analytics and Tag Manager for tracking. Security posture is strong with HTTPS enforced and standard security headers present, though explicit security and incident response policies are not found. Privacy compliance is partially addressed via cookie consent but lacks a clearly accessible privacy policy page. Overall, the website demonstrates a mature digital presence with room for improvement in privacy transparency and incident response communication.

K

Keskkonnaagentuur

keskkonnaportaal.ee

53

Keskkonnaportaal.ee is an Estonian government environmental data portal managed by Keskkonnaagentuur. It consolidates key environmental datasets and information to provide quality and up-to-date data for environmental stakeholders and the public. The portal uses Drupal 10 CMS and integrates modern frontend libraries and Google Tag Manager for analytics. The website is well-structured, mobile-optimized, and provides clear navigation through extensive environmental themes and data sources. Security posture is solid with HTTPS enforced, but lacks advanced security headers and published security policies. Privacy compliance is partial with a cookie consent mechanism but no explicit privacy policy or terms of service found. Overall, the site is credible, professional, and trustworthy, serving as a key government resource for environmental information in Estonia.

K

Keskkonnaagentuur

loodusveeb.ee

55

Loodusveeb is an official Estonian governmental environmental information portal managed by the Estonian Environment Agency (Keskkonnaagentuur). It provides comprehensive information on Estonia's nature, biodiversity, ecological themes, citizen science projects, and environmental education. The website targets Estonian residents, environmental enthusiasts, researchers, and volunteers, serving as a trusted source for nature-related data and public engagement. Technically, the site is built on Drupal 10 with modern libraries and includes a cookie consent mechanism compliant with EU regulations. The site is mobile optimized and accessible, with good SEO practices. Security posture is solid with HTTPS and cookie consent, but lacks explicit security headers and published security policies. WHOIS data confirms domain legitimacy and consistency with the governmental nature of the site. Overall, the website is professional, trustworthy, and well-positioned as a governmental environmental resource.

The website kaitsealad.ee is an official Estonian government-related portal managed by Keskkonnaamet (Environmental Board) providing comprehensive information about Estonia's protected areas. It serves as an educational and informational resource for the public, nature enthusiasts, landowners, and youth conservation groups. The site offers news, events, maps, and educational content related to nature conservation and sustainable tourism. Technically, the site is built on Drupal 10 CMS with modern frontend libraries and is hosted via Zone Media OÜ. It features a cookie consent mechanism compliant with EU regulations and uses Matomo for analytics. Security posture is good with HTTPS enforced and no visible vulnerabilities, though explicit security headers and policies could be improved. Contact information is clearly provided, enhancing trust and credibility. However, privacy policy and terms of service pages are not explicitly found, which is a gap in compliance. Overall, the site is professional, accessible, and trustworthy, supporting its government mission effectively.

Z

Zone Media OÜ

vaktsineeri.ee

63

vaktsineeri.ee is a public health information website focused on vaccination awareness and education in Estonia. It provides comprehensive information on immunization schedules, vaccine safety, travel vaccinations, and related news. The site targets the general Estonian population including parents, adults, and travelers, positioning itself as an official or semi-official government-affiliated resource. The business model is informational and supported by partnerships with Estonian health and government institutions. Technically, the site is built on Drupal 10 with modern web technologies, offering good mobile optimization and accessibility features. Security posture is solid with HTTPS and no visible vulnerabilities, though some security headers and policies could be improved. Privacy compliance is weak due to missing privacy and cookie policies and lack of consent mechanisms. Overall, the site is trustworthy and professional but would benefit from enhanced privacy and security disclosures.

K

Koigi Kool

koigikool.ee

49

Koigi Kool is a small educational institution located in Koigi village, Estonia, providing primary and kindergarten education services. The website serves as an information portal for students, parents, and staff, offering news, event updates, school life details, and contact information. The site is built on Drupal 10 and incorporates modern web technologies and accessibility features, reflecting a moderate to good level of digital maturity. The presence of Matomo analytics indicates a privacy-conscious approach to user tracking. Security posture is adequate but could be improved by enabling DNSSEC and implementing security headers. No privacy policy or explicit security policies are published, which is a gap in compliance. Overall, the domain is legitimate and stable, with clear contact details and partner affiliations.

J

Järva-Jaani Gümnaasium

jjaanikool.ee

47

Järva-Jaani Gümnaasium is a public secondary educational institution located in Estonia, providing comprehensive educational services and community engagement. The website serves as an information portal for students, parents, and staff, offering details on school life, teaching schedules, admissions, and extracurricular activities. The institution maintains a strong local presence with partnerships and certifications that enhance its educational offerings. Technically, the website is built on Drupal 10, leveraging modern web technologies such as Swiper.js for interactive elements and Matomo for privacy-conscious analytics. The site demonstrates good mobile optimization and accessibility features, including adjustable font sizes and contrast settings, supporting inclusive access. From a security perspective, the site uses HTTPS and respects Do Not Track signals in analytics, but lacks advanced security headers and published security policies. The domain registration is consistent with the Estonian Ministry of Education, reinforcing legitimacy. No blocking or WAF interference was detected, allowing full content access. Overall, the website presents a professional and trustworthy digital presence for the school, with room for improvement in security policy transparency and enhanced security headers to further protect users and data.

D

Digi- ja väestötietovirasto

avoindata.fi

58

The website avoindata.fi serves as the official Finnish government open data portal managed by Digi- ja väestötietovirasto. It consolidates all open data published in Finland, providing datasets, APIs, producer information, and showcases of applications leveraging open data. The portal targets developers, public sector entities, and citizens interested in accessing and utilizing open data. Its business model is that of a public service, offering free and centralized access to government data resources. Technically, the site is built on Drupal 10 with Bootstrap and FontAwesome for UI components, and it integrates Matomo for privacy-conscious analytics. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Hosting appears to be government-managed with external analytics hosted on suomi.matomo.cloud. From a security perspective, the site enforces HTTPS and employs secure form handling with CSRF tokens. However, it lacks explicit security headers and does not publicly disclose a security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information is limited to email and contact forms, with no phone or physical address listed. Overall, avoindata.fi is a trustworthy, well-maintained government portal with good technical and privacy standards. Strategic improvements include publishing a security policy, adding security headers, and providing incident response contacts to enhance transparency and security posture.

T

Tervise Arengu Instituut

tai.ee

48

Tervise Arengu Instituut (TAI) is a leading Estonian national research and development institution focused on public health, disease prevention, and health promotion. The website reflects a well-established government-affiliated organization with a strong market position in healthcare research and public health services. It offers extensive resources including research publications, statistics, training events, and health registries, targeting health professionals, policymakers, and the general public. The site is professionally designed, content-rich, and well-structured, supporting multiple languages with a focus on Estonian.

P

Palmako AS

palmako.com

56

Palmako AS is a well-established Estonian manufacturing company specializing in wood processing products such as garden log cabins, glulam timber, machine-rounded timber, pre-fabricated houses, and premium wood pellets. It operates under the Lemeks Group umbrella and exports the majority of its production globally, serving environmentally conscious customers. The website is professionally designed using Drupal 10, with good mobile optimization and accessibility features. It integrates modern analytics and cookie compliance tools, reflecting a mature digital presence. Security posture is solid with HTTPS and secure forms, though some security headers and policies could be improved. The absence of WHOIS registration details slightly impacts trust but is mitigated by comprehensive business information and certifications. Overall, Palmako AS presents a credible and professional online presence with room for enhanced security transparency.

M

Mohawk College

mohawkcollege.ca

65

Mohawk College is a well-established Canadian educational institution offering a wide range of programs including certificates, diplomas, degrees, apprenticeships, and continuing education. The website targets a diverse audience including future and current students, indigenous and international students, alumni, and industry partners. The institution positions itself as a comprehensive provider of post-secondary education with strong community and industry ties. Technically, the website is built on Drupal 10 and incorporates a modern technology stack including various analytics and marketing tools such as Google Tag Manager, Facebook Pixel, TikTok Pixel, and CrazyEgg. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate rather than fast. From a security perspective, the site uses HTTPS with good SSL configuration and follows several best practices including privacy and security policy disclosures. However, it lacks a visible cookie consent mechanism and explicit incident response contact details. The absence of WHOIS data reduces transparency but does not detract significantly from the site's legitimacy given the institutional nature and content quality. Overall, Mohawk College's website reflects a mature digital presence with strong business credibility and a good security posture. Enhancements in privacy compliance and transparency around domain registration would further strengthen trust and compliance.

S

Sault College

saultcollege.ca

63

Sault College is a medium-sized educational institution based in Sault Ste. Marie, Ontario, Canada, offering a wide range of diploma, degree, and certificate programs. The college targets prospective and current students seeking post-secondary education and continuing education opportunities. The website reflects a professional and consistent brand presence with clear navigation and relevant content tailored to its audience. Technically, the site is built on Drupal 10 CMS and integrates multiple modern analytics and marketing tools, indicating a mature digital infrastructure. Security-wise, the site enforces HTTPS and employs standard security practices but lacks some advanced security headers and explicit security policies. Privacy and cookie policies are present, though GDPR compliance indicators are basic. The absence of WHOIS data is notable but does not detract significantly from the site's legitimacy given the professional presentation and contact transparency. Overall, the website is well-maintained, trustworthy, and serves its educational mission effectively.

P

Palmako AS

construct.ee

48

Construct, operated by Palmako AS, is a specialized manufacturer of glued laminated timber products serving the construction industry with a focus on sustainability and quality. As part of the Lemeks Group, it benefits from a strong supply chain and international presence, exporting to over 30 countries. The website reflects a mature digital presence built on Drupal 10, with good mobile optimization and clear navigation. Privacy and cookie compliance are well implemented, supporting GDPR requirements. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. However, explicit security policies and incident response information are absent, which could be improved. Overall, the site projects professionalism and trustworthiness aligned with the company's market position.

V

Vision Australia Limited

visionaustralia.org

75

Vision Australia Limited is a well-established Australian non-profit organization founded in 2005, specializing in providing personalized services, technology, and support for individuals experiencing blindness and low vision. The organization holds a leading national position in the healthcare sector focused on vision impairment, offering a broad range of services including therapy, mobility, technology assessments, and support for healthcare professionals and businesses. Their website reflects a professional and comprehensive digital presence with clear navigation and extensive content tailored to their target audience. The technical infrastructure is robust, leveraging Drupal 10 CMS with integrations of modern analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, Facebook Pixel, and Crazy Egg. Hosting and DNS services are managed via Cloudflare, providing good performance and security. The website is mobile-optimized and accessible, with good SEO practices in place. From a security perspective, the site enforces HTTPS, employs multiple security headers, and maintains domain registration protections such as clientDeleteProhibited status. However, DNSSEC is not enabled, and there is no visible cookie consent mechanism, which are areas for improvement. No critical vulnerabilities or exposed sensitive data were detected, indicating a strong security posture overall. Overall, Vision Australia demonstrates a high level of business credibility and digital maturity, with a trustworthy online presence. Strategic recommendations include enabling DNSSEC, implementing a cookie consent banner for privacy compliance, and publishing explicit security policies and incident response contacts to further enhance trust and compliance.

P

Puppet

puppet.com

78

Puppet, a Perforce company, is a leading provider of infrastructure automation software designed to empower DevOps teams and enterprises to automate, manage, and secure their IT infrastructure across hybrid environments. The company offers a comprehensive platform including Puppet Enterprise, Puppet Core, and integrations, supported by professional services and training. The website reflects a mature enterprise with strong branding, clear navigation, and a focus on security and compliance. Technically, the site is built on Drupal 10, employs modern JavaScript libraries, and integrates consent management tools to ensure privacy compliance. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not publicly detailed. WHOIS data for the domain is unavailable, which is unusual but does not detract significantly from the site's legitimacy given the strong external trust signals and parent company association. Overall, Puppet's digital presence is professional, secure, and well-optimized, supporting its market position as a leader in infrastructure automation.

T

The Medical Journal of Australia

mja.com.au

67

The Medical Journal of Australia (MJA) is a prominent healthcare publication serving medical professionals and researchers primarily in Australia. It offers a wide range of medical research articles, editorials, guidelines, and educational content. The website is professionally designed and well-structured, reflecting its position as a leading medical journal affiliated with the Australian Medical Association. The business model relies on subscriptions, advertising, and content dissemination to healthcare audiences. Technically, the site is built on Drupal 10, leveraging modern web technologies including Google Analytics, Google Tag Manager, and Stripe for payment processing. The site is mobile-optimized and accessible, with moderate performance. Security posture is strong with HTTPS enforced and no visible sensitive data exposure, though some security headers could be improved. The WHOIS data is privacy protected by a reputable Australian registrar, which is typical for professional organizations. No signs of malicious activity or suspicious domain registration patterns were found. Privacy compliance is basic with a privacy policy present but lacking explicit cookie consent mechanisms. Overall, the site demonstrates a mature digital presence with strong business credibility and good security hygiene, though improvements in privacy compliance and security headers are recommended to enhance trust and regulatory adherence.

T

Tehy

tehy.fi

68

Tehy is Finland's largest trade union representing over 160,000 professionals in social, health, and education sectors. The organization provides advocacy, collective bargaining, member benefits, training, and legal support to its members. The website reflects a mature digital presence with comprehensive content tailored to its target audience of Finnish social and healthcare professionals. Technically, the site is built on Drupal 10 and integrates modern analytics and cookie consent tools, indicating a good level of digital maturity. Security posture is strong with HTTPS enforced and likely security headers, though explicit security policies and incident response information are absent. Privacy compliance is partial, with cookie consent mechanisms present but no clear privacy or data protection officer information. Overall, the site is professional, trustworthy, and well-structured, supporting Tehy's position as a leading trade union in Finland.

E

Eesti Kirjandusmuuseum

er500.ee

55

The website www.er500.ee is an educational and cultural platform managed by the Estonian Literary Museum (Eesti Kirjandusmuuseum). It focuses on presenting the 500-year history of Estonian books, including important publications, literary works, and historical events. The platform offers thematic content, timelines, and allows users to create and share stories, targeting literature enthusiasts, researchers, and the general public interested in Estonian cultural heritage. Technically, the site is built on Drupal 10 CMS, utilizing modern JavaScript libraries such as Zoomist and FontAwesome, and integrates Google Analytics for user tracking. The site is mobile-optimized with a clear navigation structure and professional design. Security-wise, the site uses HTTPS and asynchronous script loading but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. Overall, the domain registration aligns well with the website's cultural mission, indicating legitimacy and trustworthiness.

M

Magistrát města Karlovy Vary

mmkv.cz

53

The website mmkv.cz is the official online presence of the City Hall of Karlovy Vary, Czech Republic. It serves as a comprehensive portal for municipal services, citizen information, news, and administrative resources. The site targets residents and visitors, providing access to various public services such as permits, registrations, and local government information. The business model is that of a government public service portal, with a medium-sized organizational footprint and a well-established domain since 2002. Technically, the site is built on Drupal 10 CMS, leveraging Bootstrap for responsive design, Leaflet.js for mapping, and Google Analytics for visitor tracking. The infrastructure is hosted by a Czech registrar and hosting provider, REG-ZONER, ensuring regional consistency. The website demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. From a security perspective, the site enforces HTTPS and implements a detailed cookie consent mechanism compliant with GDPR. However, it lacks explicit security policy documentation and incident response contact information. No critical vulnerabilities or exposed sensitive data were detected. The site integrates third-party scripts responsibly but could improve by adding security headers and a vulnerability disclosure policy. Overall, mmkv.cz presents a trustworthy, professional, and user-friendly government portal with solid technical foundations and privacy compliance. Strategic enhancements in security transparency and incident readiness would further strengthen its posture.

A

Ajuntament de Barcelona

bcn.cat

66

The website www.barcelona.cat serves as the official digital portal for the Ajuntament de Barcelona, providing comprehensive information and services for residents and visitors of Barcelona city. It offers a wide range of resources including news, cultural events, public services, transport information, and business support, positioning itself as a key government communication channel. The site is well-branded, professionally designed, and targets a broad audience interested in city life and governance. Technically, the site is built on Drupal 10, leveraging modern web technologies such as Bootstrap for responsive design, and integrates multiple analytics platforms including Google Analytics, Matomo, and Plausible. Cookiebot is used for cookie consent management, ensuring GDPR compliance. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the site enforces HTTPS, uses security headers, and implements anti-CSRF tokens. However, explicit security policies and incident response contacts are not published, and no security.txt file is found. The WHOIS data is unavailable, likely due to registry policies, but the domain and content strongly indicate legitimacy. Overall, the security posture is solid but could benefit from enhanced transparency and formalized vulnerability disclosure mechanisms. The overall risk assessment is low, with the site representing a trustworthy government resource. Strategic recommendations include publishing detailed security and incident response policies, adding a security.txt file, and maintaining vigilance on third-party scripts. These steps will further strengthen trust and compliance in the evolving regulatory landscape.

I

International Transport Workers' Federation (ITF)

itfafrica.org

59

The International Transport Workers' Federation (ITF) operates a comprehensive website focused on its Africa regional activities, advocating for transport workers' rights and union coordination across the continent. The site demonstrates a mature digital presence with multilingual support, modern CMS technology (Drupal 10), and integration of analytics and translation services. Contact information is clearly provided with physical offices in Nairobi and Abidjan, supporting its global federation status. However, the absence of a visible privacy policy and terms of service pages, along with incomplete WHOIS data, slightly detracts from its overall trustworthiness. Security posture is adequate with HTTPS and anonymized analytics but lacks explicit security headers and vulnerability disclosure mechanisms. Overall, the website is professional, content-rich, and well-structured, serving its target audience effectively while leaving room for improvements in privacy and security transparency.

L

Lectra

lectra.com

33

Lectra is a leading provider of Industry 4.0 transformative technologies and premium solutions targeting the fashion, automotive, and furniture manufacturing sectors. The company focuses on enabling digital transformation, operational excellence, and sustainability through software, equipment, data, and services. The website reflects a mature digital presence built on Drupal 10, integrating modern analytics and marketing tools. Security posture is strong with HTTPS and no evident vulnerabilities, though some security headers could be improved. Privacy compliance is good with a clear privacy policy but lacks explicit cookie consent mechanisms. The absence of WHOIS data for the domain introduces a minor trust concern but does not detract significantly from the overall credibility. Strategic recommendations include enhancing security headers, adding vulnerability disclosure information, and implementing cookie consent to improve compliance.

A

AS Alexela

220energia.ee

55

AS Alexela is a prominent Estonian energy company specializing in electricity, natural gas, and liquid fuels. The recent merger with 220 Energia expands its customer base and enhances its service offerings, including a customer loyalty program and mobile app for service management. The website reflects a mature digital presence with a modern Drupal 10 CMS, integrated analytics, and mobile optimization. Security posture is strong with HTTPS and cookie consent mechanisms, though explicit privacy and security policies are not found on the analyzed page. Overall, the company demonstrates a solid market position in the energy sector with good technical infrastructure and user experience.

P

Perforce Software, Inc.

zeroturnaround.com

76

JRebel, a product of Perforce Software, Inc., is a leading Java development productivity tool designed to accelerate coding by eliminating the need for redeploys. The website positions JRebel as an enterprise-grade solution trusted by major global companies such as Bosch, Deloitte, and Oracle. The platform targets Java developers and teams seeking to improve development velocity and application performance. The site is professionally designed, mobile-optimized, and provides comprehensive resources including case studies and product information. Technically, the site is built on Drupal 10 and integrates modern libraries and consent management tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response details are not published. Privacy compliance is well addressed with visible cookie consent mechanisms and detailed privacy policies. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the strong branding and enterprise presence. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure information to enhance trust and compliance. Overall, JRebel's website demonstrates a high level of professionalism, technical maturity, and business credibility suitable for its enterprise audience.

E

Eesti Kaubandus-Tööstuskoda

koda.ee

40

Eesti Kaubandus-Tööstuskoda is a well-established Estonian chamber of commerce and industry organization dedicated to supporting and representing the interests of Estonian businesses. The website reflects a mature digital presence with comprehensive content, including detailed information about services, membership, events, and news. The organization targets Estonian entrepreneurs and companies, offering services such as export development, partner search, tender monitoring, legal advice, and arbitration. The site is built on Drupal 10 with modern analytics and marketing integrations, demonstrating a good level of digital maturity and user experience. Security posture is strong with HTTPS enforced, privacy compliance evident through cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. The WHOIS data aligns with the organization's legitimacy, showing consistent registration details and no privacy protection. Overall, the website is professional, trustworthy, and well-optimized for its audience.

P

Palmako AS

palmako.ee

53

Palmako AS is a well-established Estonian manufacturer specializing in high-quality wooden garden products, including playgrounds, garden houses, furniture, and saunas. As part of the Lemeks Group, it benefits from a strong supply chain and international presence with branches in multiple countries and exports to over 30 countries worldwide. The website reflects a mature digital presence with comprehensive product information, multilingual support, and clear contact channels. Technically, the site is built on Drupal 10 with modern JavaScript libraries and integrates Google Analytics, Google Tag Manager, and Facebook Pixel for marketing and analytics purposes. Security posture is strong with HTTPS enforced and cookie consent implemented, though some security headers could be improved. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

AP Hogeschool Antwerpen is a well-established higher education institution based in Antwerp, Belgium, offering a wide range of educational programs including bachelor degrees, teacher training, and arts education. The website reflects a professional and comprehensive educational service provider targeting students, professionals, and society at large. Technically, the site is built on Drupal 10, uses modern web technologies, and implements cookie consent mechanisms, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. The lack of explicit privacy policy and contact information for security or incident response are areas for improvement. Overall, the domain appears legitimate despite WHOIS data restrictions imposed by DNS Belgium, which is common for .be domains. Strategic recommendations include publishing clear privacy and security policies, enhancing security headers, and providing direct contact channels for compliance and incident reporting.

T

Telia Eesti AS (Registrar)

kinosoprus.ee

29

Kino Sõprus is a well-established cinema business based in Estonia, offering a diverse range of movie screenings, special events, and venue rental services. The website reflects a professional and consistent brand presence targeting local cinema-goers and cultural audiences. The business operates multiple screening locations in Tallinn and maintains partnerships with cultural and industry organizations, enhancing its market position. Technically, the site is built on Drupal 10, leveraging modern web technologies and standard analytics tools, providing a good user experience with mobile optimization and accessibility features. Security posture is adequate with HTTPS enabled, but lacks some advanced security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and credible but would benefit from enhanced privacy and security disclosures.

Lennuliiklusteeninduse AS operates as the national air navigation service provider in Estonia, ensuring safe and efficient air traffic management within Estonian and European airspace. The organization offers core services including air traffic control, aeronautical information services, technical system management, and ongoing development activities to modernize aviation infrastructure. The website reflects a mature digital presence built on Drupal 10, with multilingual support and integration of modern APIs such as Google Maps and Facebook SDK for enhanced user engagement. Security posture is strong with HTTPS enforcement, security headers, and GDPR-compliant cookie consent mechanisms, although explicit security policies and incident response details are not publicly disclosed. Overall, the domain registration and website content align well, indicating a trustworthy and established entity in the transportation sector.

L

L3Harris Technologies, Inc.

harris.com

74

L3Harris Technologies, Inc. is a leading global aerospace and defense technology company focused on delivering mission-critical solutions across multiple domains including air, land, sea, space, and cyber. The company provides advanced technologies such as missile warning and defense, command and control, electronic warfare, ISR and SIGINT, and resilient communications. Their market position is strong, supported by a professional and comprehensive website that targets government agencies, defense contractors, and commercial sectors. The business model is primarily B2B, serving national security and civil markets. Technically, the website is built on Drupal 10, leveraging modern analytics and monitoring tools like Google Tag Manager and New Relic. The site demonstrates good performance, mobile optimization, and accessibility features. Security posture is robust with HTTPS, security headers, and secure form handling, though explicit security policies and vulnerability disclosures are not found. Overall, the security posture is strong with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR indicators. The domain WHOIS data is missing, which is unusual for a large enterprise but the website content and external references strongly support legitimacy. The overall risk is low, but verification of domain registration details is recommended. Strategic recommendations include publishing explicit security and incident response policies, adding vulnerability disclosure mechanisms, and ensuring all security headers are explicitly documented to enhance trust and compliance.

S

Statistikaamet

stat.ee

64

Statistikaamet is the official national statistics agency of Estonia, providing comprehensive statistical data and analysis to the public, researchers, and policymakers. The website is well-branded, consistent, and primarily serves the Estonian audience with content in the Estonian language. It operates as a government entity with a medium-sized organizational footprint, founded in 2010, and maintains a professional online presence. The technical infrastructure is based on Drupal 10 CMS, leveraging modern JavaScript libraries such as Highcharts and Moment.js for interactive data visualization. The site demonstrates good mobile optimization and basic accessibility features, with moderate performance characteristics. Cookie consent mechanisms are implemented with GDPR compliance in mind, including an opt-in banner. Security posture is solid with HTTPS enforced and cookie consent in place, though there is room for improvement by enabling DNSSEC, adding security headers, and publishing explicit security policies or vulnerability disclosure information. No WAF or blocking mechanisms were detected, and WHOIS data confirms domain legitimacy and consistency with the organization's identity. Overall, the website is trustworthy and professional, with a strong focus on privacy compliance and user experience. Strategic recommendations include enhancing DNS security, improving security headers, and formalizing incident response and vulnerability disclosure processes to further strengthen security and compliance.

O

Olerex

olerex.ee

46

Olerex is an established energy company based in Estonia, primarily engaged in fuel sales and energy solutions targeting private clients and businesses. The website is built on Drupal 10 CMS and incorporates modern analytics tools such as Google Tag Manager and Facebook Pixel, indicating a moderate level of digital maturity. The website content is primarily in Estonian and focuses on providing information to its customer base. Security-wise, the site uses HTTPS and some tracking technologies but lacks explicit security headers and formal privacy or cookie policies, which are critical for compliance and trust. Overall, the site is functional but would benefit from enhanced privacy and security measures to improve compliance and user trust.

T

Trinidad Wiseman OÜ

trinidad.ee

69

Trinidad Wiseman OÜ is a well-established Estonian technology company specializing in human-centric digital services including software development, business analytics, user experience design, accessibility, and training. With over 20 years of experience and a large team of specialists, the company holds a strong market position, particularly in the public sector. Their business model focuses on consulting, software solutions, and training services, supported by a subsidiary Intelex Insight OÜ. The website reflects a mature digital presence with comprehensive content and consistent branding. Technically, the site is built on Drupal 10, uses modern libraries like Font Awesome 6 Pro, and integrates Google Maps and Cookiebot for enhanced user experience and compliance. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers are missing and no explicit security policy or incident response contacts are published. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

R

Riigi Kinnisvara AS

rkas.ee

60

Riigi Kinnisvara AS is a state-owned enterprise responsible for managing and developing Estonia's public real estate portfolio. The company focuses on efficient property management, environmental sustainability, and supporting public sector clients through various services including leasing, sales, and technical requirements for buildings. The website reflects a professional government entity with clear communication and comprehensive service offerings. Technically, the site is built on Drupal 10 with modern libraries ensuring good performance and accessibility. Security posture is strong with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. Overall, the domain registration and website content align well, indicating a trustworthy and legitimate online presence.

H

Hogarth

hogarthww.com

70

Hogarth Worldwide is a global enterprise specializing in creative, commerce, and media content production at scale. The company integrates human craftsmanship with advanced technology to deliver innovative content experiences, positioning itself as a leader in the media production industry. Their website showcases a professional and modern digital presence, leveraging Drupal 10 CMS, Vimeo for video content, and Google Tag Manager for analytics. The site is mobile-optimized and includes a cookie consent mechanism, reflecting awareness of privacy compliance requirements. However, the absence of a visible privacy policy and terms of service pages, as well as the lack of WHOIS domain registration data, introduces some trust and compliance concerns. Security posture is generally good with HTTPS enabled, but could be improved by adding explicit security headers and publishing incident response information. Overall, Hogarth Worldwide demonstrates a mature digital infrastructure and strong market positioning, but should enhance transparency and security documentation to strengthen trust and compliance.

C

CLdN

cldn.com

61

CLdN is a well-established logistics company specializing in integrated maritime and multimodal transport solutions across Europe. Founded in 1929, it operates a large fleet of RoRo ships and maintains a network of terminals and transport units, serving major economic regions including the UK, Ireland, Iberia, and Scandinavia. The company emphasizes sustainability with a low CO2 footprint and employs around 3,000 staff. The website reflects a professional and comprehensive digital presence built on Drupal 10, featuring modern web technologies and good mobile optimization. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. However, the absence of WHOIS registration data for the domain www.cldn.com is a notable anomaly that slightly impacts trust. Security posture is generally good with HTTPS enforced, but lacks visible security headers and explicit incident response or vulnerability disclosure information. Overall, the website is functional, professional, and trustworthy, but could improve transparency and security documentation to enhance confidence further.

S

Stad Hasselt

hasselt.be

60

Stad Hasselt is the official municipal government website for the city of Hasselt, Belgium, providing residents and visitors with comprehensive information about city services, governance, events, and local news. The website is well-structured, professionally designed, and targets Dutch-speaking users primarily within the Hasselt region. It offers key services such as document requests, traffic and parking information, waste management, education, leisure, healthcare, and business support. The site uses Drupal 10 CMS with modern front-end technologies and integrates Piwik PRO for analytics, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforced and secure form handling, though some security headers and incident response information are absent. Privacy and cookie policies are present and appear GDPR compliant. WHOIS data is restricted due to domain policy, but the official branding and domain usage confirm legitimacy. Overall, the website demonstrates a good balance of usability, security, and compliance suitable for a government entity.

M

make it fly bv

makeitfly.group

61

Make it fly bv is a Belgium-based technology service provider specializing in customer experience-driven IT solutions. The company leverages open-source technologies such as Drupal, Symfony, Java, Next.js, and Flutter to deliver custom digital platforms, e-commerce solutions, and operational tools. Positioned as a medium-sized enterprise with over 80 in-house experts, make it fly serves businesses aiming to optimize customer service, digital efficiency, and communication. The company is part of the Dynamate group, which broadens its IT expertise and market reach. Technically, the website is built on Drupal 10 with modern frameworks and demonstrates good mobile optimization, accessibility, and SEO practices. The presence of Google Tag Manager and Plausible Analytics indicates moderate user tracking balanced with privacy compliance. Cookie consent mechanisms and comprehensive privacy policies reflect GDPR adherence. However, explicit security headers are not detected, suggesting room for improvement in security hardening. The security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. The lack of a published security policy or incident response page is noted, as is the absence of a security.txt file for vulnerability disclosure. WHOIS data is privacy protected, which is typical for professional IT firms, and no suspicious patterns are detected. Overall, make it fly bv presents a professional, trustworthy, and technically mature digital presence with strong business credibility. Strategic recommendations include enhancing security headers, publishing security policies, and adding vulnerability disclosure mechanisms to further strengthen trust and compliance.

W

Willy Naessens Swimming Pools

zwembad.be

60

Zwembad.be is a well-established Belgian retailer specializing in swimming pool products and accessories, operating both online and through multiple physical stores. The company leverages a modern Drupal 10 e-commerce platform integrated with various marketing and analytics tools such as Google Analytics, Klaviyo, and Trustpilot to enhance customer engagement and trust. The website demonstrates good content quality, clear navigation, and mobile optimization, supporting a positive user experience. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. WHOIS data is unavailable due to registry restrictions, limiting domain ownership transparency but the business presence and trust indicators mitigate concerns. Overall, Zwembad.be presents a credible and professional online presence in the retail sector.

W

Willy Naessens Swimming Pools

swimmingpools.be

60

Willy Naessens Swimming Pools is a well-established Belgian company specializing in the design, construction, and maintenance of high-end indoor and outdoor swimming pools. With a legacy of 60 years, the company targets both private and public clients seeking custom, durable concrete pools. Their market position is strong, supported by consistent branding, testimonials, and partnerships such as being an official distributor of Aqualift movable floor pools. The website reflects a professional and trustworthy business with clear navigation and relevant content. Technically, the website is built on Drupal 10, leveraging modern analytics and consent management tools like Google Analytics, Hotjar, and CookieHub. The site is mobile-optimized, accessible, and SEO-friendly, with good performance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers could be explicitly confirmed or enhanced. Privacy compliance is well addressed with clear policies and consent mechanisms. The WHOIS data is restricted due to registry policies, which limits transparency but is typical for .be domains. Despite this, the domain and website content align with the company's claimed history and legitimacy. No WAF or blocking mechanisms were detected, allowing full content access and analysis. Overall, the website and business demonstrate a mature digital presence with strong security and privacy practices, suitable for their market and audience.

Bridge Michigan is a nonprofit, nonpartisan news organization focused on delivering original, fact-driven reporting and analysis on Michigan state issues including politics, environment, education, and quality of life. The website serves Michigan residents and stakeholders seeking trustworthy local news and insights. The business model relies on donations, memberships, and sponsorships, positioning Bridge Michigan as a respected regional media entity with a strong digital presence and community engagement. Technically, the site is built on Drupal 10, leveraging modern analytics and advertising technologies such as Google Tag Manager, Adsense, and Facebook Pixel. The site is mobile optimized, accessible, and SEO friendly, providing a professional user experience. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security headers and published security policies are absent. The WHOIS data is missing or unavailable, which is unusual but does not detract significantly from the site's credibility given its nonprofit status and professional presentation. Overall, Bridge Michigan demonstrates a mature digital infrastructure and trustworthy content delivery, with room for improvement in security transparency and WHOIS data clarity.

W

Willem II

willem-ii.nl

65

Willem II is a Dutch football club operating an official website that serves as a hub for fans and stakeholders to access club news, ticketing, and merchandising information. The website is built on Drupal 10, indicating a modern and maintainable technical infrastructure. The site integrates multiple analytics and marketing tools such as Google Analytics, Hotjar, Facebook Pixel, and LinkedIn Insight Tag, demonstrating a mature digital marketing approach. The presence of a comprehensive cookie consent mechanism compliant with GDPR reflects a strong commitment to privacy regulations. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the absence of explicit security policies, incident response contacts, and terms of service pages suggests areas for improvement in transparency and compliance documentation. Overall, the website presents a professional and trustworthy digital presence aligned with the club's brand and audience expectations.

P

Principal® Dental Access Plan

principaldentalaccess.com

65

Principal® Dental Access Plan is a healthcare service offering affordable dental discount plans targeting individuals and families who are uninsured, underinsured, or seeking cost-effective dental care. The service leverages the established Principal® brand, which has been providing dental benefits since 1982, to position itself as a trusted provider in the dental discount market. The website presents clear information about membership plans, savings, and provider access, supported by a professional design and consistent branding. Technically, the website is built on Drupal 10 with modern JavaScript modules and integrates third-party services such as OneTrust for cookie consent and Coveo for search functionality. The site is mobile-optimized and accessible, with moderate performance. Security practices include HTTPS enforcement and domain transfer protection, though some security headers are missing and DNSSEC is not enabled. From a security perspective, the site shows a good posture with no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. Privacy compliance is partial, with cookie consent implemented but no dedicated privacy policy page found. The domain is newly registered, which is consistent with a new product launch under an established parent company. Overall, the website is professional and trustworthy but could improve privacy transparency and security header implementation to enhance compliance and security posture.

U

UAB Diena Media News

diena.lt

59

Diena.lt is a prominent Lithuanian online news portal operated by UAB Diena Media News, offering timely news coverage from Lithuania and around the world. The website serves a broad Lithuanian-speaking audience interested in national, regional, and international news, supported by regional editions such as Kauno diena and Klaipėdos diena. The business model primarily revolves around digital news publishing, subscription services, and advertising revenue. The site demonstrates consistent branding and a professional online presence.

S

SS&C Intralinks

intralinks.com

69

SS&C Intralinks is an enterprise-level provider specializing in AI-powered virtual data rooms and M&A dealmaking solutions. Positioned as a leader in the financial technology sector, the company offers services that enhance due diligence, compliance, and secure management of financial transactions. The website reflects a professional and consistent brand image targeting financial institutions and corporate clients engaged in mergers and acquisitions. The business model is primarily B2B SaaS, leveraging advanced AI technologies to streamline complex financial workflows. Technically, the website is built on Drupal 10, indicating a modern and scalable content management system. It integrates advanced marketing and analytics tools such as Visual Website Optimizer and Google Tag Manager, enabling detailed user behavior tracking and optimization. The site demonstrates good mobile optimization and SEO practices, although accessibility features could be further enhanced. From a security perspective, the site uses HTTPS and employs consent management scripts, but lacks visible security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The absence of WHOIS data for the domain is a notable anomaly, potentially indicating privacy protection or registrar issues, which slightly reduces domain trustworthiness. Overall, the website presents a credible and professional front for a major financial technology provider, but improvements in privacy compliance documentation and security transparency are recommended to strengthen trust and regulatory adherence.

S

Scholar’s Edge 529

scholarsedge529.com

68

Scholar’s Edge 529 is a specialized financial service website offering educational savings plans with state tax advantages, targeting individuals and financial professionals. The site is professionally designed, leveraging Drupal CMS and integrates with Principal Financial Group's infrastructure, indicating a strong market position within the education finance sector. The technical infrastructure includes modern analytics and monitoring tools such as Google Tag Manager and New Relic, ensuring performance and user engagement tracking. Security posture is solid with HTTPS enforcement, domain locks, and monitoring scripts, though DNSSEC is not enabled and some security headers could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website presents a trustworthy and professional digital presence aligned with its business objectives.

P

Principal Financial Group

principal.com

69

Principal Financial Group is a large, established financial services company specializing in retirement, investment, and insurance products for individuals, businesses, and financial professionals. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to its target audiences. Technically, the site is built on Drupal 10, employs modern JavaScript modules, and integrates advanced analytics and tag management tools, indicating a high level of digital maturity. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Privacy compliance is well addressed with clear cookie consent mechanisms and privacy policies. Overall, the site presents a trustworthy and professional front for the Principal Financial Group brand.

P

Principal Asset Management

principalam.com

65

Principal Asset Management operates as a specialized investment management firm under the Principal Financial Group umbrella, offering a broad range of investment strategies and products including equities, fixed income, real estate, and infrastructure. The website targets financial professionals and investors, providing research-driven insights and access to various investment solutions. The digital infrastructure is built on Drupal 10 with integration of multiple analytics and marketing tools, ensuring a modern and responsive user experience. Security posture is strong with HTTPS and secure login portals, though explicit security policies and incident response information are not publicly disclosed. The absence of WHOIS data for the domain introduces some uncertainty about domain registration legitimacy, but the branding and linked domains strongly associate the site with a reputable financial institution. Overall, the website is professional, content-rich, and well-structured, supporting its role as a trusted investment resource.

L

Lietuvos jūrų muziejus

muziejus.lt

45

Lietuvos jūrų muziejus is a prominent maritime museum in Lithuania offering a variety of cultural, educational, and recreational services including exhibitions, dolphinarium shows, and marine animal rehabilitation. The website is built on Drupal 10 and employs modern web technologies, ensuring good performance, mobile optimization, and accessibility. Privacy and cookie policies are comprehensive and GDPR compliant, with a clear cookie consent mechanism in place. Security posture is good with HTTPS enforced and no exposed sensitive data, though some security headers could be improved. WHOIS data is unavailable due to query limits, but the website content and domain usage indicate a legitimate government or public institution. Overall, the site presents a professional and trustworthy online presence.