Security Directory

F

Flüchtlingsrat RLP e.V.

civi-kune-rlp.de

46

civi kune RLP is a non-profit project operated by Flüchtlingsrat RLP e.V., focusing on refugee support, community engagement, and volunteer coordination in the German state of Rheinland-Pfalz. The website serves as an informational hub providing news, event updates, and resources for volunteers and refugees. It maintains a consistent brand identity aligned with its parent organization and regional government partners. Technically, the site is built on WordPress, leveraging standard web technologies and hosted by Manitu GmbH. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though it lacks some advanced security headers and formal security policies. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professionally maintained, serving its community-focused mission effectively.

The Liturgy Office website serves as the official online presence for the Department for Christian Life and Worship under the Catholic Bishops' Conference of England and Wales. It provides liturgical resources, calendars, prayers, and news relevant to the Catholic community in England and Wales. The site targets clergy, church members, and those interested in Catholic liturgy, positioning itself as a trusted non-profit religious resource provider with a long-standing domain since 2001. Technically, the website employs basic web technologies including HTML5, CSS, Google Fonts, and Google Analytics for tracking. The site lacks a modern CMS and advanced frameworks, indicating a simple but functional technical infrastructure. Performance and mobile optimization are basic, with room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS (implied but not explicitly confirmed), but lacks visible security headers and published privacy or cookie policies, which are compliance gaps especially under GDPR. No forms collecting sensitive data are present, reducing attack surface. The WHOIS data confirms domain legitimacy and consistency with the organization's history, supporting trustworthiness. Overall, the website is a credible, safe, and content-relevant resource for its audience but would benefit from enhanced privacy compliance, security hardening, and technical modernization to improve user trust and regulatory adherence.

N

Naturpark Barnim

barnim-naturpark.de

44

Naturpark Barnim operates as a regional nature park jointly managed by Brandenburg and Berlin, focusing on nature conservation, environmental education, and tourism. The website serves as an informational portal for visitors and stakeholders, providing rich content about the park's landscapes, flora, fauna, and cultural heritage. Technically, the site is built on TYPO3 CMS, hosted by a professional hosting provider, and uses HTTPS for secure communication. However, it lacks explicit privacy and cookie policies, as well as visible contact information, which are important for compliance and user trust. Security posture is moderate with HTTPS enabled but missing security headers and vulnerability disclosure mechanisms. Overall, the site is professional, trustworthy, and well-branded but could improve in privacy compliance and security best practices.

Bazar de Noël is a community-driven event organizer hosting an annual Christmas market at the Walzwerk industrial area in Switzerland. The event showcases local artisans, cultural activities, and social engagement, attracting a general audience interested in holiday festivities and local craftsmanship. The website is built on WordPress with Elementor, reflecting a moderate level of digital maturity with good design and mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and explicit security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site is trustworthy and professional but could improve in compliance and security transparency.

V

VisionConnect GmbH

visionconnect.de

68

VisionConnect GmbH is a well-established digital media agency based in Hannover, Germany, founded in 1995. The company specializes in providing comprehensive digital solutions including TYPO3 CMS, Wordpress, e-commerce shops, SEO, and web marketing services. Their market position is strong with over 25 years of experience and a portfolio of reputable clients across various sectors. The website reflects a professional and consistent brand image, targeting businesses and institutions seeking digital transformation and web development services. Technically, the site is built on TYPO3 CMS with integrations of Wordpress and uses Matomo for privacy-conscious analytics. The site is mobile-optimized, accessible, and SEO-friendly, demonstrating a mature digital infrastructure. Security posture is good with HTTPS enforced and privacy-respecting analytics, though some security headers could be improved and a formal security policy is absent. Overall, the website is trustworthy, professional, and compliant with GDPR, with clear contact information and transparent cookie consent mechanisms.

D

dotart.blog

dotart.blog

57

dotart.blog is a small, community-focused blogging platform that serves as a sister site to mastodon.art, targeting users interested in longer form creative writing such as poetry, stories, and blogs. It leverages the WriteFreely platform to provide decentralized, markdown-based blogging capabilities with features like drafts, scheduled posts, and RSS feeds. The website is well-structured and provides clear information about its purpose and how to join the community, although it lacks explicit contact information and formal policies beyond a basic privacy page. Technically, the site uses modern web technologies and is hosted with Namecheap, but lacks advanced security features such as DNSSEC and security headers. The domain registration is recent but consistent with the business age, and privacy protection on WHOIS is justified for this type of small community platform. Overall, the site is functional, trustworthy, and safe for general audiences.

Produktgenuss GmbH is a small technology company based in Germany specializing in the development, marketing, and operation of web platforms, with a strong focus on podcast-related services. Their key offerings include LetsCast.fm, a podcast hosting platform; podcasten.de, a podcast production support service; and Speedrank, a website performance auditing tool. The company targets podcasters ranging from hobbyists to power users, providing streamlined solutions to manage and distribute podcast content effectively. The website presents a professional and consistent brand image, emphasizing service quality and user engagement through clear calls to action and project showcases. Technically, the website is built with modern HTML5, CSS, and JavaScript technologies, hosted on variomedia.de servers. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. However, there is room for improvement in accessibility and SEO optimization. No CMS or advanced frameworks are detected, indicating a likely custom or lightweight implementation. Performance is moderate, with deferred scripts and optimized images enhancing load times. From a security perspective, the site uses HTTPS but lacks visible security headers and a cookie consent mechanism, which are important for GDPR compliance and overall security posture. No incident response or security policy information is published, and no vulnerability disclosure or security.txt files are found. The WHOIS data shows standard hosting provider name servers without privacy protection, consistent with a small business setup. No suspicious patterns or exposed sensitive data are detected, but security best practices could be enhanced. Overall, Produktgenuss GmbH presents a trustworthy and professional online presence with a clear business focus. Strategic improvements in security policies, privacy compliance, and contact information transparency would strengthen their credibility and reduce risk. The AI score reflects a good but improvable website, with recommendations to address cookie consent, security headers, and expanded contact details to enhance trust and compliance.

Daniel Kurth's website serves as a personal portfolio for an artist specializing in various media including sculpture, video, installation, sound, text, and drawing. The site is modest in scope, focusing on showcasing artwork with minimal additional business or contact information. The market position is that of an individual artist presenting their work to a broad audience without commercial e-commerce or transactional features. Technically, the website is built with basic HTML and CSS, hosted by Hoststar, and lacks modern CMS or frameworks. The site is accessible and moderately optimized for mobile, but lacks advanced SEO and accessibility features. Security posture is basic; while the domain uses HTTPS, it lacks DNSSEC and security headers, and no privacy or cookie policies are present. No forms or contact details are embedded in the HTML, limiting direct engagement. Overall, the site is safe and suitable for general audiences but would benefit from enhanced security and compliance features.

The website zapalote.com serves as a photography and design portfolio primarily showcasing travel photography, wallpapers, and website design projects. The business appears to be a small-scale creative portfolio operated by an individual or small team, with a focus on visual content and design. The domain has been registered since 2006, indicating a stable presence, but the website content is minimal and lacks comprehensive business or contact information. Technically, the site uses basic HTML, CSS, and JavaScript without any detected CMS or advanced frameworks. The performance and mobile optimization are basic, with no detected accessibility or SEO enhancements beyond standard meta tags. There is no evidence of analytics or tracking technologies, which suggests minimal data collection and user tracking. From a security perspective, the site lacks critical security headers and does not have DNSSEC enabled. There is no visible privacy or cookie policy, nor any incident response or security contact information. The domain registration is consistent and legitimate, but the absence of security best practices and compliance documentation reduces the overall security posture. Overall, the site is low risk due to its limited functionality and content but would benefit from improved security measures, privacy compliance, and enhanced business transparency to increase trust and professionalism.

A

Anne Schwalbe

anneschwalbe.de

57

Anne Schwalbe operates a professional photography portfolio website primarily targeting art enthusiasts and potential buyers in Berlin and beyond. The site features a curated gallery of photographic works, an online shop for art sales, and a newsletter subscription to engage visitors with updates on exhibitions and new works. The business is positioned as a niche artist portfolio with a small-scale operation, founded at least since 1995, reflecting a mature presence in the art community. Technically, the website is built with standard HTML, CSS, and JavaScript without reliance on major CMS platforms or advanced frameworks. The site demonstrates good content quality, clear navigation, and basic mobile optimization. However, it lacks modern security headers and cookie consent mechanisms, which are important for compliance and user trust. Hosting is managed via UI-DNS name servers, indicating a stable but modest infrastructure. From a security perspective, the site uses secure form inputs with consent checkboxes for newsletter subscriptions but does not exhibit advanced security policies or incident response information. No blocking or WAF mechanisms are detected, and the domain WHOIS data aligns well with the website's claims, indicating legitimacy and consistent registration history. The absence of exposed sensitive data and minimal tracking enhances privacy compliance, though cookie consent should be improved. Overall, the website scores well in content quality and business credibility but has room for improvement in security posture and privacy compliance. Strategic enhancements in security headers, cookie consent, and incident response transparency would strengthen trust and compliance.

P

Palazzina

palazzina.ch

63

Palazzina is a small cultural venue based in Switzerland specializing in contemporary art exhibitions and cultural events. The website serves as a platform to showcase recent and upcoming exhibitions, book launches, and other artistic activities primarily located in Basel. The target audience includes art enthusiasts, local visitors, and artists. The business model appears to be non-profit or cultural organization focused on community engagement through art. Technically, the website is built with standard HTML, CSS, and JavaScript, likely using a custom CMS. It is mobile optimized with moderate performance and basic SEO and accessibility features. The site uses HTTPS and includes CSRF tokens in forms, indicating some security awareness. However, it lacks security headers and privacy/cookie policies, which are important for compliance and security. From a security perspective, the site has a good SSL configuration and no visible vulnerabilities or exposed sensitive data. The absence of privacy and cookie policies and security headers are notable gaps. No incident response or vulnerability disclosure information is provided. The site does not appear to use analytics or tracking services, minimizing privacy risks. Overall, the website is professional and trustworthy with a moderate security posture. Strategic improvements in privacy compliance, security headers, and incident response readiness would enhance its security and compliance standing.

HUMBUG is a cultural venue based in Basel, Switzerland, focusing on queer, feminist, and alternative cultural events. The website provides a comprehensive program of past and current events, showcasing a vibrant community engagement. Technically, the site uses standard web technologies including Google Analytics and Tag Manager for tracking, but lacks advanced security headers and privacy policies. The absence of WHOIS data limits domain trust assessment, though the content and event listings indicate a legitimate operation. Security posture is moderate with room for improvement in privacy compliance and security best practices.

W

WOMAN.AT

womanbalance.at

65

The website www.woman.at/balance is a professional online magazine focused on mindful lifestyle topics including health, spirituality, and personal development, targeting a primarily female German-speaking audience in Austria. It offers content such as columns, podcasts, guides, and events curated by Kristin Pelzl-Scheruga and others. The site is part of a larger media group, likely VGN Medien Holding GmbH, indicating a strong market position in Austrian women's media. Technically, the site uses modern web technologies including Next.js, React, and integrates advertising and analytics services such as Adition and Fathom Analytics. The site is well-optimized for mobile and SEO, with good design and navigation clarity. Security posture is solid with HTTPS and some security best practices, though explicit security policies and headers could be improved. Privacy compliance is basic with a cookie consent mechanism but lacks visible privacy and terms of service pages. No direct contact information or incident response contacts are found, which could be improved for trust and compliance. Overall, the site is trustworthy, professional, and safe for general audiences.

Z

Zürcher Rotpunktverlag

wanderweb.ch

54

Wanderweb is a German-language community forum and publishing platform focused on hiking books by the Zürcher Rotpunktverlag. The website serves hiking enthusiasts by providing updated hiking book information and a forum for feedback and discussion. The platform is built on the Discourse forum software, leveraging modern web technologies such as Ember.js and JavaScript, delivering a good user experience with mobile optimization and accessibility features. Security posture is strong with HTTPS and security headers properly implemented, although privacy and cookie policies are absent, which is a compliance gap. No contact information or incident response channels are explicitly provided, limiting direct communication avenues. Overall, the website is professional, trustworthy, and focused on a niche market segment in Switzerland.

Zürich liest is a well-established non-profit cultural festival focused on literature, hosting over 100 events annually in Zurich and surrounding regions. The website serves as an information hub for festival programming, author events, workshops, and community engagement, targeting literature enthusiasts and the general public interested in cultural activities. The festival has a strong regional presence with a 15-year history and partnerships with reputable cultural and governmental organizations. Technically, the website uses a straightforward tech stack including jQuery and standard web technologies, with moderate performance and good mobile optimization. The site features a newsletter subscription integrated via CreateSend, but lacks advanced SEO structured data and visible security headers. Accessibility and navigation are well implemented, providing a good user experience. From a security perspective, the site enforces HTTPS and uses secure form submission for newsletter signups. However, it lacks visible security policies, incident response information, and cookie consent mechanisms, which are important for GDPR compliance and user trust. No critical vulnerabilities or exposed sensitive data were detected. The domain registration aligns well with the festival's history and location, supporting legitimacy. Overall, the website is professional and trustworthy but could improve its privacy compliance and security posture by adding cookie consent, security headers, and publishing security policies.

D

Deutscher Gewerkschaftsbund

dgb.de

56

The Deutscher Gewerkschaftsbund (DGB) is a major German trade union confederation representing 5.7 million members across eight unions. The website serves as an information hub for labor rights, political advocacy, campaigns, and union services. It targets workers, union members, and political stakeholders in Germany, positioning itself as a leading non-profit organization in the labor sector. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, reflecting a modern and privacy-aware infrastructure. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enabled and asynchronous script loading, but lacks visible security headers and published security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy and professional but would benefit from enhanced privacy disclosures and security transparency.

E

Edkimo

edkimo.com

58

Edkimo is an education technology company founded in 2014, providing a SaaS platform that enables educators and schools to create surveys and collect anonymous feedback to improve lessons and school development. The platform emphasizes GDPR compliance and data privacy, hosting servers in Germany and offering a user-friendly, device-agnostic experience. Technically, the website is built using modern frameworks like SvelteKit, delivering fast performance and excellent mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though some improvements are recommended such as enabling DNSSEC and publishing explicit security policies. Overall, the website is professional, trustworthy, and well-aligned with its business goals.

P

Pilates Babes GmbH

pilatesbabes.com

67

Pilates Babes GmbH operates a professionally designed e-commerce website focused on Pilates fitness classes, events, retreats, and merchandise primarily targeting the Austrian and German markets. The company leverages the Shopify platform to deliver a mobile-optimized, fast-loading website with integrated social media presence and customer testimonials, positioning itself as a niche wellness brand. Technically, the site uses modern web technologies including Shopify's Dawn theme, JavaScript, CSS, and hCaptcha for form security. The security posture is solid with HTTPS enforced and domain locking, though explicit security policies and incident response contacts are absent. Privacy compliance is limited due to missing privacy and cookie policies. Overall, the website is trustworthy and professional but could improve transparency and compliance documentation.

M

Mastodon.ART

mastodon.art

65

Mastodon.ART is a community-driven Mastodon instance dedicated to creatives and artists, providing a safe, ad-free social media platform within the fediverse. It emphasizes inclusivity, safety for marginalized groups, and prohibits AI-generated content and NFTs. The platform is supported by donations and managed by a transparent moderation team. Technically, it runs Mastodon 4.4.8 with React and modern web technologies, hosted by Masto.host. The website is well-designed, mobile-optimized, and accessible, with clear navigation and professional content. Security posture is good with HTTPS and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Privacy compliance is moderate with a comprehensive privacy policy but no cookie consent mechanism. Overall, the site is trustworthy, legitimate, and well-positioned within its niche.

R

Report Antisemitism

report-antisemitism.de

51

The website 'Report Antisemitism' serves as a platform dedicated to reporting and raising awareness about antisemitism incidents, primarily focused on Germany. It targets the general public, victims, researchers, and policymakers interested in antisemitism data and reporting. The business model appears non-commercial and informational, with no evident monetization or advertising. The website uses a modern static site generator (Gatsby) and is hosted on Hetzner, a reputable German hosting provider, indicating a solid technical infrastructure. The site is mobile-optimized and has a good design quality, but lacks comprehensive privacy and cookie policies, which is a compliance gap. Security posture is strong with a strict Content-Security-Policy, but additional security headers could enhance protection. No contact information or social media links were found, limiting direct communication channels. Overall, the site is safe, professional, and trustworthy but would benefit from improved privacy compliance and contact transparency.

D

German TV in Thailand - streaming, download, Apps

deutsches-fernsehen-weltweit.de

49

The website deutsches-fernsehen-weltweit.de offers a subscription-based streaming and cloud DVR service providing access to 44 German TV channels worldwide, targeting German expatriates and German-speaking audiences, especially in Thailand. The business model centers on providing easy access to German TV content without hardware requirements, leveraging cloud recording technology. The site is well-branded and consistent, with clear service descriptions and pricing, positioning itself as a niche media provider in the German expatriate market. Technically, the site uses modern web technologies including Google Analytics, Google Tag Manager, and Google Fonts, hosted on AWS infrastructure. The site is mobile-optimized and SEO-friendly, with moderate performance and basic accessibility features. However, no CMS or advanced frameworks are detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks important security headers and does not publish privacy, cookie, or security policies, which reduces its privacy compliance posture. No incident response or vulnerability disclosure information is provided, limiting transparency. The WHOIS data aligns with the website content and hosting, indicating a legitimate domain. Overall, the website is functional and professional but would benefit from enhanced privacy and security disclosures to improve trust and compliance. There are no indications of malicious or adult content, making it safe for general audiences.

M

Malheur&Fortuna

malheur-fortuna.ch

62

Malheur&Fortuna is a small Swiss architectural and urban planning firm based in Basel, specializing in projects, research, and publications related to urban infrastructure, architecture, and city planning. The company is founded by three architects with Master of Science degrees from ETH Zürich, indicating a high level of professional expertise. Their website reflects a niche market position targeting professionals and academics interested in urban design and infrastructure. Technically, the website uses modern JavaScript modules and Google Analytics with IP anonymization, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly but lacks some accessibility features and security headers. Security posture is generally good with HTTPS enforced and cookie consent implemented, but the absence of privacy policy and terms of service pages represents a compliance gap. No critical vulnerabilities or suspicious elements were detected. Overall, the website is professional, trustworthy, and safe for general audiences.

The Studer/Ganz Stiftung website represents a small Swiss non-profit foundation focused on promoting literature and cultural initiatives, as evidenced by the mention of the CHRYSALIDE Binding Förderpreis für Literatur. The site is multilingual, targeting German, French, and Italian speakers, reflecting Switzerland's linguistic diversity. The business model centers on cultural sponsorship and foundation activities, positioning it as a niche player within the Swiss cultural sector. Technically, the website employs basic web technologies including HTML5, CSS, JavaScript, and jQuery. The site is moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. There is no evidence of a CMS or modern frameworks, indicating a simple, possibly static site architecture. From a security perspective, the site lacks visible security headers and cookie consent mechanisms, which are important for GDPR compliance and user trust. No forms or direct contact information are present on the homepage, limiting user engagement and transparency. The WHOIS data aligns well with the website's claims, showing consistent registration details without privacy protection, appropriate for a non-profit entity. Overall, the website is functional but basic, with room for improvement in privacy compliance, security posture, and user engagement. Strategic enhancements in these areas would strengthen trust and regulatory adherence.

A

Arbeit und Leben Niedersachsen e.V.

aul.app

44

Arbeit und Leben Niedersachsen e.V. operates the platform aul.app, which serves as a hub for their websites and apps. The organization is a regional non-profit based in Germany, focusing on providing digital platform services. The website content is minimal but clearly communicates the platform's purpose. The business model centers on supporting digital presence for their initiatives. The site is built on WordPress with custom theming, indicating moderate digital maturity. Technical infrastructure is basic with room for improvement in performance and mobile optimization. Security posture is average; HTTPS is assumed but no explicit security headers or policies are detected. Privacy compliance is partially met with a privacy policy present but lacking cookie consent mechanisms. Overall, the site is trustworthy but could benefit from enhanced security and compliance measures.

F

Outlook

fmp-berlin.de

45

The website fmp-berlin.de hosts a Microsoft Outlook Web Access (OWA) login portal, providing email access services to authorized users, likely employees or members of an organization based in Germany. The site is focused on secure email access and does not provide public-facing business information or marketing content. The technical infrastructure is based on Microsoft OWA technology with standard web technologies such as JavaScript, HTML, and CSS. The site shows moderate digital maturity with basic mobile optimization and accessibility features but lacks advanced SEO and modern web frameworks. Security posture is moderate; HTTPS is used, and the login form uses POST with autocomplete disabled, but there is an absence of explicit security headers and privacy policies. No contact or business information is provided on the page, limiting transparency and trust signals. Overall, the site is functional for its purpose but could improve in security best practices and compliance documentation.

B

Bibliotheksgesellschaft Celle

lese-experten.de

45

The website www.lese-experten.de represents a regional educational initiative managed by the Bibliotheksgesellschaft Celle, aimed at promoting reading skills among 5th and 6th grade students in the Celle area of Germany. The project collaborates with local public libraries, schools, and sponsors to provide curated book selections, quizzes, and events to encourage children's engagement with reading. The website content is well-structured, informative, and targeted primarily at students, educators, and parents within the region. Technically, the site is built on TYPO3 CMS with Bootstrap, ensuring responsive design and moderate performance. Security posture is adequate with HTTPS enforced and cookie consent implemented, though additional security headers and explicit policies could enhance protection. WHOIS data aligns with the website's regional and organizational claims, indicating legitimacy and transparency.

Kirchedirekt.at is a German-language website focused on providing church-related information and community services in Austria. The site offers advice, FAQs, and cultural heritage information related to church buildings, targeting a general audience interested in church and social institution topics. The website is built on TYPO3 CMS and features a professional design with clear navigation and mobile optimization. However, the absence of WHOIS data and domain registration details limits full trust verification. Security posture is moderate with no detected security headers or cookie consent mechanisms, and no analytics or tracking scripts are present, indicating a privacy-conscious approach. Overall, the site is functional and informative but would benefit from enhanced security and compliance features.

The Liturgy Office website serves as the official online presence for the Department for Christian Life and Worship under the Catholic Bishops' Conference of England and Wales. It provides liturgical resources, calendar information, prayers, and news relevant to the Catholic community in England and Wales. The site targets clergy, church members, and religious scholars, positioning itself as a trusted resource within the religious non-profit sector. The business model is non-commercial, focusing on service and information dissemination. Technically, the website employs basic web technologies including HTML5, CSS, Google Fonts, and Google Tag Manager for analytics. The site lacks a modern CMS and advanced frameworks, indicating a relatively simple infrastructure. Performance and mobile optimization are basic, with room for improvement in accessibility and SEO. No forms or user input fields reduce complexity and security risks. From a security perspective, the site uses HTTPS (assumed but not explicitly confirmed), but lacks DNSSEC and security headers, which are recommended for enhanced protection. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. The WHOIS data is transparent and consistent with the organization's identity, supporting legitimacy. No critical vulnerabilities or suspicious patterns were detected. Overall, the website is a reliable and safe resource with good business credibility but requires improvements in privacy compliance, security hardening, and technical modernization to enhance user trust and regulatory adherence.

S

Secret Intelligence Service (SIS) / MI6

sis.gov.uk

57

The website www.sis.gov.uk represents the UK Secret Intelligence Service (SIS), commonly known as MI6. It serves as the official digital presence of the UK's foreign intelligence agency, providing detailed information about its mission, history, leadership, recruitment opportunities, and partnerships. The site targets potential recruits, government partners, and the general public interested in intelligence services. The business model is that of a government agency focused on intelligence gathering and national security. The website is well-branded, professionally designed, and consistent with government standards, reflecting a high level of trustworthiness and authority. Technically, the site is built on the Drupal CMS platform and employs Matomo for privacy-conscious analytics. It demonstrates good mobile optimization, accessibility, and SEO practices. The site uses HTTPS with strong SSL configuration, though no explicit security headers were detected in the provided data. Privacy compliance is robust, with clear privacy and cookie policies and a consent mechanism in place. Contact information is limited to a contact form, with no direct emails or phone numbers publicly listed, which aligns with the sensitive nature of the organization. From a security perspective, the site shows good practices such as HTTPS enforcement and privacy-respecting analytics. However, it lacks publicly visible security policies or incident response contacts, and no security.txt file was found. The WHOIS data is unavailable, which is typical for sensitive government domains and is justified in this context. Overall, the site presents a strong security posture with room for improvement in transparency around security policies. The overall risk assessment is low given the official nature of the site, its consistent branding, and government affiliation. Strategic recommendations include enhancing security header implementation, publishing a dedicated security policy and incident response information, and adding a security.txt file to facilitate vulnerability disclosures. These steps would further strengthen trust and security culture while maintaining operational security.

G

GCHQ

gchq.gov.uk

71

GCHQ is the United Kingdom's official intelligence, security, and cyber agency, tasked with protecting the country from threats both in the physical and digital realms. The website clearly communicates its mission, key services, and organizational culture, targeting UK citizens, government stakeholders, and cybersecurity professionals. The site is well-branded and professionally designed, reflecting its authoritative government status. Technically, the website employs modern web technologies including React and JSON-LD structured data for SEO and accessibility. The site is mobile-optimized and provides a smooth user experience with clear navigation and relevant content. While no explicit CMS or hosting provider is identified, the site demonstrates good performance and technical maturity. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and a public security policy or vulnerability disclosure program. No contact information for security incidents is provided, which is common for government sites but could be improved for transparency. The absence of WHOIS data is typical for UK government domains, and the domain's legitimacy is supported by its .gov.uk TLD and consistent official content. Overall, the website is trustworthy, secure, and professionally maintained, with minor recommendations to enhance security headers and incident response transparency. The risk level is low, and the site effectively serves its purpose as a government intelligence agency portal.

O

one4vision GmbH

one4vision.de

72

one4vision GmbH is a well-established IT consulting and service provider based in Saarbrücken, Germany, with nearly 30 years of experience. The company specializes in TYPO3 CMS web development, network and security solutions, cloud services, and remote support. Their market position is strong regionally, particularly in the Saarland and Luxembourg areas, with a focus on delivering flexible and secure IT solutions to businesses. The website reflects a professional and consistent brand image with clear service offerings and contact information. Technically, the site is built on TYPO3 CMS, uses Matomo for privacy-conscious analytics, and demonstrates good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though there is room for improvement in security headers and formal security policies. Overall, the website is trustworthy, compliant with GDPR, and provides a positive user experience.

O

one4vision GmbH

14v.de

72

one4vision GmbH is a well-established IT consulting and service provider based in Saarbrücken, Germany, with nearly 30 years of experience. The company specializes in TYPO3 CMS web development, network and security solutions, and cloud services, targeting businesses seeking flexible and secure IT infrastructure and digital presence. Their market position is strong regionally, supported by a consistent brand and multiple related service domains. Technically, the website is built on TYPO3 CMS with a modern tech stack including PHP, MySQL, and Matomo analytics, and demonstrates good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though lacking explicit security headers and published security policies. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

F

FormPro Angola

formpro-angola.org

44

FormPro Angola is a vocational training and workforce development project focused on Angola, resulting from cooperation between Angola and Germany. The website provides educational resources, event information, and publications related to professional training. It targets professionals, trainees, and institutions involved in Angola's labor market development. The project is positioned as a niche non-profit educational initiative supported by reputable partners such as BMZ and GIZ. Technically, the website uses an older CMS (KONTEXT-CMS) and includes legacy technologies like jQuery 1.7.1, indicating moderate digital maturity. The site is accessible and well-structured but lacks modern security and privacy features. Security posture is moderate with no visible HTTPS enforcement or security headers and outdated JavaScript libraries posing potential risks. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is safe and professional but requires updates to improve security and compliance.

The website schoenearbeit.de represents a small-scale design service operated by Christine Massuthe, a diploma designer based in Berlin, Germany. The site provides basic contact information and a simple presentation of the business but lacks comprehensive business or security policies. The business appears to be a freelance or consultancy service targeting local clients seeking design expertise. Technically, the website is built with basic HTML, CSS, and a small JavaScript file for image swapping. There is no evidence of a CMS or modern frameworks, and the site shows minimal mobile optimization and SEO efforts. Hosting is likely provided by the nameserver operator Warenform.de. No analytics or tracking technologies are detected, indicating a low digital maturity level. From a security perspective, the site lacks HTTPS information and security headers, which are critical for protecting user data and ensuring trust. No privacy, cookie, or incident response policies are present, which raises compliance concerns especially under GDPR. The contact information is clearly displayed, but no formal security or data protection measures are evident. Overall, the website is functional but basic, with moderate trustworthiness due to clear contact details but limited security and compliance features. Strategic improvements in security posture, privacy compliance, and technical modernization are recommended to enhance business credibility and user trust.

D

Deutscher Bundestag

bundestag.de

63

The Deutscher Bundestag website serves as the official online presence of the German Parliament, providing comprehensive information about parliamentary activities, members, schedules, and live streams. The site targets the general public and stakeholders interested in German governmental affairs. It demonstrates a high level of content quality, professional design, and clear navigation, reflecting its role as a government information portal. Technically, the site uses standard web technologies including JavaScript and CSS, with moderate performance and good mobile optimization. However, there is a lack of visible security headers and explicit privacy or cookie policies, which are areas for improvement. The security posture is moderate due to missing explicit security best practices and incident response information. Overall, the domain and website are legitimate and consistent with official government use, with no suspicious indicators detected.

S

Schauspiel Frankfurt

schauspielfrankfurt.de

56

Schauspiel Frankfurt is a cultural institution specializing in theatrical performances and related services such as guided tours, ticket sales, and subscriptions. The website presents a professional and consistent brand image targeting theater enthusiasts and the general public in Frankfurt, Germany. It maintains a digital magazine and active social media presence to engage its audience. The business model is focused on live cultural events and audience engagement through subscriptions and ticketing. Technically, the website is built on the spiritec WebCMS platform tailored for theaters and opera houses. It uses modern web technologies including JavaScript and CSS, with video integration for promotional content. The site is mobile-optimized and provides a good user experience with clear navigation and structured content. Hosting is provided by spiritec-server.de, indicating a specialized hosting environment. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms compliant with GDPR. However, explicit security headers and policies are not evident, and no incident response or vulnerability disclosure information is provided. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Privacy compliance is well addressed with a clear privacy policy and cookie banner. Overall, the website is trustworthy and professional with a solid digital presence. Strategic improvements in security headers, incident response transparency, and accessibility could enhance its security posture and compliance maturity.

N

Neptun Verlag

neptunverlag.ch

52

Neptun Verlag is a well-established Swiss publishing house founded in 1946, specializing in a diverse range of literary works including novels, biographies, children’s books, and regional literature. The company operates a professional website with an integrated webshop, targeting readers primarily in Switzerland and the German-speaking market. Their market position is that of a niche regional publisher with a strong historical presence and a focus on Swiss culture and literature. Technically, the website is built on a custom HESCOM Web Framework, featuring modern web technologies and good mobile optimization, though some improvements in accessibility and security headers are recommended. Security posture is solid with HTTPS enabled and no visible vulnerabilities, but lacks published security policies and cookie consent mechanisms, which are important for GDPR compliance. Overall, the site is professional, trustworthy, and content-rich, supporting the company’s credibility and business goals.

A

Arisverlag

arisverlag.ch

64

Arisverlag is a small Swiss book publisher and online retailer founded in 2017, specializing in a curated selection of books and literary content targeting German-speaking audiences. The website serves as an e-commerce platform built on Shopify, offering a professional and well-branded user experience with integrated social media channels and a focus on literature and author engagement. Technically, the site is modern, mobile-optimized, and fast, leveraging Shopify's infrastructure and CDN services. Security posture is strong with HTTPS and security headers properly configured, though there is room for improvement in privacy compliance and incident response transparency. Overall, the website is trustworthy and professionally maintained, with no indications of malicious activity or content safety concerns.

K

Korbinian Verlag

korbinian-verlag.de

61

Korbinian Verlag is an independent book publisher based in Berlin, Germany, operating an e-commerce platform primarily through Shopify. The website showcases a curated selection of books and merchandise, targeting literature enthusiasts and general consumers interested in cultural and literary works. The business model focuses on direct online sales and brand building through social media and testimonials. Technically, the site leverages Shopify's robust e-commerce infrastructure, ensuring a modern, mobile-optimized, and accessible user experience with moderate performance. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and formal security policies. Privacy compliance is basic with GDPR-related policies present. Overall, the site is professional, trustworthy, and safe for general audiences.

P

PROLIT Verlagsauslieferung GmbH

prolit.de

61

PROLIT Verlagsauslieferung GmbH is a medium-sized German service provider specializing in book distribution and publishing logistics. The company serves over 170 publishers and offers a broad catalog of approximately 41,000 titles. The website reflects a professional and content-rich platform targeting publishers and the book trade, with regular news updates and a partner program involving over 2,000 bookstores. Technically, the site is built using the Hugo static site generator, ensuring fast performance and good mobile optimization. Security posture is solid with HTTPS enabled, though some security headers and cookie consent mechanisms are missing. Contact information is clearly provided, enhancing trust and credibility.

A

Arbeit und Leben Sachsen-Anhalt gGmbH

aul-lsa.de

47

Arbeit und Leben Sachsen-Anhalt gGmbH is a regional non-profit educational organization based in Magdeburg, Germany, focused on supporting individuals on their educational paths through a variety of programs including political education, workplace education, basic education, and fair employment initiatives. The organization targets adult learners, employees, and youth, offering seminars, educational leave opportunities, and events to foster personal and societal development. The website reflects a well-structured and consistent brand presence with clear navigation and regularly updated content. Technically, the site is built on WordPress with a custom theme, delivering moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and published security policies. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professional, serving its educational mission effectively.

I

Ionic

ionicons.com

62

Ionic's Ionicons website offers a premium open-source icon pack designed primarily for developers and designers working with the Ionic Framework and other platforms. The company, founded in 2014 and headquartered in Portugal, is a subsidiary of OutSystems, a recognized player in the technology sector. The website showcases a comprehensive and well-designed icon set with strong branding and a professional user experience. Technically, the site leverages modern web technologies such as StencilJS and Web Components, hosted behind Cloudflare, ensuring fast performance and mobile optimization. Security posture is solid with HTTPS enforced, though improvements like enabling DNSSEC and adding security headers are recommended. Privacy compliance is moderate, with cookie consent implemented but lacking explicit privacy and terms of service pages. Overall, the domain registration and business information are consistent and trustworthy, supporting a high legitimacy score.

B

Bundesamt für Migration und Flüchtlinge

bamf.de

67

The Bundesamt für Migration und Flüchtlinge (BAMF) is a German federal government agency responsible for migration, asylum, refugee protection, integration, and voluntary return programs. The website serves as an official information and service portal targeting migrants, refugees, government entities, and the general public interested in migration-related topics in Germany. It offers comprehensive content, including thematic areas, news, publications, and service center information. The site is well-branded, professionally designed, and provides multi-language support to cater to diverse audiences. Technically, the website is built on the Government Site Builder CMS, a platform tailored for German federal administration websites. It uses modern web standards including HTML5, CSS, JavaScript, and structured data (JSON-LD) for enhanced SEO and accessibility. The site is mobile-optimized and accessible, with a moderate performance profile. Hosting is managed within the German federal infrastructure, ensuring reliability and compliance with government standards. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism with opt-in for statistical tracking via Matomo. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security headers and a public security policy or incident response contact are not present, representing areas for improvement. The WHOIS data confirms the domain's legitimacy as a government entity with consistent registration and hosting details. Overall, the BAMF website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. It effectively supports its mission to provide migration-related information and services to its target audience while maintaining a secure and user-friendly online presence.

D

Der faire Credit

derfairecredit.at

67

Der faire Credit is an Austrian online consumer credit provider offering fast, paperless loan applications with instant decisions and quick payouts. The website is professionally designed using WordPress and optimized for the Austrian market, targeting consumers seeking convenient financing solutions. The technical infrastructure includes modern web technologies and SEO optimization via Yoast plugin, but lacks visible privacy and cookie policies, which are critical for GDPR compliance. Security posture is adequate with HTTPS enabled, but missing security headers and contact information reduce trust. Overall, the site is legitimate and safe but requires improvements in privacy compliance and security transparency.

WInTO GmbH is a regional government-related company focused on economic, innovation, and tourism promotion in the Oberhavel region of Germany. The website primarily serves as an imprint (Impressum) page providing legal and contact information. The business operates in the government sector with a small organizational size and targets local businesses and stakeholders interested in regional development. The website content is minimal and professional but lacks comprehensive privacy, cookie, and security policies, which are important for compliance and trust. Technically, the website uses basic HTML and CSS with no detected CMS or advanced frameworks. Hosting appears to be on generic servers indicated by the nameservers. The site shows basic mobile optimization and accessibility but lacks SEO optimization and security headers. No analytics or tracking scripts are present, indicating minimal user tracking. From a security perspective, the site uses HTTPS (assumed but not explicitly confirmed), but no security headers or incident response contacts are provided. There are no forms or user input fields, reducing attack surface. However, the absence of privacy and cookie policies is a compliance gap under GDPR. WHOIS data is partially consistent but lacks detailed registrant information, slightly reducing trustworthiness. Overall, the website is safe and professional but basic in content and technical sophistication. Strategic improvements in privacy compliance, security headers, and SEO would enhance trust and digital maturity.

S

Sparkasse Göttingen

spk-goettingen.de

67

Sparkasse Göttingen is a regional financial institution providing a broad range of banking and financial services including online banking, loans, credit cards, investments, insurance, and real estate services. The website targets both private and corporate customers with a strong emphasis on secure and user-friendly online banking experiences. The bank maintains a solid market position within the Göttingen region, supported by comprehensive service offerings and a professional digital presence. Technically, the website is built on a modern infrastructure likely powered by Adobe Experience Manager CMS, utilizing JavaScript, CSS, and React components for dynamic content. The site is well-optimized for mobile devices and accessibility, featuring clear navigation and SEO best practices. The presence of cookie consent mechanisms and privacy policies indicates a mature approach to data protection and compliance. From a security perspective, the website enforces HTTPS and includes session management features such as session timeout warnings. While explicit security headers are not fully confirmed, the overall posture is strong with no visible vulnerabilities or exposed sensitive data. However, the absence of a published security policy or incident response contact suggests room for improvement in transparency and readiness. Overall, the site is trustworthy, professionally maintained, and compliant with GDPR requirements. It demonstrates a high level of digital maturity suitable for a financial institution, with recommendations focusing on enhancing security disclosures and incident response transparency.

G

Göttinger Kulturstiftung

kulturstiftung-goettingen.de

57

The Göttinger Kulturstiftung is a small non-profit cultural foundation affiliated with the city of Göttingen, Germany. It focuses on supporting cultural activities through funding and public information. The website serves as an informational portal for cultural funding opportunities and donation options, targeting local cultural organizations and citizens. The business model is centered on non-profit cultural promotion with a clear local focus. Technically, the website is built on a custom CMS platform (NOLIS) using standard web technologies such as JavaScript and CSS. It features a responsive design with accessibility options like font resizing and contrast toggling. The site is well-structured with clear navigation and SEO-friendly metadata. Performance is moderate with no major issues detected. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. However, it lacks advanced security headers and does not publish explicit security policies or incident response contacts. No vulnerabilities or exposed sensitive data were found. The WHOIS data confirms domain legitimacy and consistency with the organization's identity. Overall, the website is professional, trustworthy, and suitable for its target audience. Strategic improvements could include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to strengthen security posture and user trust.

The website www.saarland.de is currently inaccessible due to a 403 Forbidden error page indicating that a security service or WAF is blocking access. The page content is minimal and only displays a block message without any business or contact information. The domain appears to be a legitimate German government domain based on its .de TLD and nameservers pointing to teresto.net, likely a hosting or DNS provider. However, the lack of accessible content prevents a full assessment of the website's business model, services, or compliance posture. Technically, the site uses basic CSS and font resources but no advanced frameworks or analytics are detected. Security headers and SSL configuration cannot be evaluated due to the block. Overall, the site’s security posture is unclear but the presence of a WAF indicates some level of protection. Privacy and compliance documentation are absent from the accessible content.

D

Access to this page has been denied

dreamstime.com

50

The website www.dreamstime.com is currently inaccessible due to a PerimeterX Web Application Firewall (WAF) security challenge page requiring human verification. This prevents access to any meaningful content, metadata, or business information. The WHOIS query for the domain returned no match, indicating either a WHOIS server issue or domain registration anomaly, which limits the ability to verify domain ownership and legitimacy. The site uses modern web technologies such as JavaScript and Google Fonts but lacks visible security headers or privacy compliance information in the accessible content. Overall, the security posture and compliance status cannot be fully assessed due to the blocked content. The domain appears legitimate but lacks publicly available registration data and accessible website content for full evaluation.

Emmaus Innsbruck is a small non-profit organization affiliated with Caritas der Diözese Innsbruck, focused on supporting homeless and unemployed individuals with prior addiction issues. Their services include various labor and integration assistance programs, psychotherapeutic support, and a solidarity-based agricultural project. The website is professionally designed with clear navigation and relevant content tailored to their target audience. Technically, the site uses basic web technologies including an outdated jQuery version, lacks advanced security headers, and does not implement cookie consent mechanisms, indicating room for improvement in security and privacy compliance. Security posture is moderate with HTTPS usage but missing modern security best practices. Overall, the domain registration data aligns well with the organization's profile, supporting legitimacy and trustworthiness.