Security Directory

J

JAKALA

jakala.com

51

JAKALA is a global data, AI, and experiences company focused on delivering impactful business solutions across multiple industries including consumer goods, financial services, automotive, public sector, and more. The company leverages strategy, technology, and activations to provide tailored, transformative solutions with data and AI at the core. The website demonstrates a professional digital presence built on HubSpot CMS, integrating modern technologies such as Swiper.js and Google Tag Manager for analytics and marketing. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though the absence of security headers and explicit privacy policies indicates room for improvement. The lack of WHOIS data reduces domain trustworthiness, but the overall business credibility and content quality remain high. Strategic recommendations include enhancing privacy compliance, publishing security policies, and improving transparency around incident response and vulnerability disclosures.

H

HearNow

hearnow.com

70

HearNow is a specialized media service focused on providing musicians and artists with an easy-to-use platform to create one-page promotional websites for their CD Baby album releases. The service leverages integration with CD Baby to automatically import album information, streamlining the promotional process. The business operates on a subscription model with affordable monthly and yearly plans, targeting independent musicians seeking effective online promotion tools. Technically, the website is modern, fast, and mobile-optimized, hosted behind Cloudflare with a solid security posture including HTTPS and security headers. Privacy compliance is well addressed with a clear cookie consent mechanism and accessible privacy and cookie policies. However, there is room for improvement in publishing explicit security policies and enabling DNSSEC for enhanced domain security. Overall, the website presents a professional and trustworthy front with strong business credibility and technical maturity.

F

Forschung Burgenland

forschung-burgenland.at

53

Forschung Burgenland is a research and innovation entity affiliated with Hochschule Burgenland, focused on solving problems and improving lives through research. The website is professionally designed using TYPO3 CMS and includes a cookie consent mechanism powered by Cookiebot, reflecting a commitment to privacy compliance. The technical infrastructure is modern and mobile-optimized, though some security headers are not explicitly detected in the provided data. The absence of explicit privacy policy and contact information pages in the analyzed content suggests areas for improvement in transparency and user trust. Overall, the domain and website appear legitimate and aligned with an academic institution in Austria.

W

Wirtschaftskammer Wien

wkw.at

66

Wirtschaftskammer Wien is the official chamber of commerce for Vienna, Austria, providing a wide range of services, information, and consulting to local entrepreneurs and businesses. The website serves as a portal for business support, event information, and sector-specific resources, targeting primarily Vienna-based business owners. The site is well-branded and professionally designed, reflecting its governmental and institutional nature. Technically, the website employs modern web standards including responsive design, JavaScript, CSS, and Google Tag Manager for analytics. The site is accessible and optimized for mobile devices, with good SEO practices evident in meta tags and structured content. However, no explicit CMS or hosting provider information was detected. From a security perspective, the site uses HTTPS and includes consent management scripts, indicating awareness of privacy regulations. However, no explicit security headers or vulnerability disclosure mechanisms were found, and WHOIS data for the domain is unavailable, limiting domain legitimacy verification. No contact emails or phone numbers were explicitly found in the provided content, which could be improved for transparency. Overall, the website presents a trustworthy and professional front for the chamber of commerce, but could enhance privacy compliance visibility and security posture by publishing detailed policies and security contact information.

Ö

Österreichische Krebshilfe Vorarlberg

krebshilfe-vbg.at

44

Österreichische Krebshilfe Vorarlberg is a regional non-profit organization dedicated to cancer prevention, early detection, patient counseling, and research funding in the Vorarlberg region of Austria. It operates as a branch of the national Austrian Cancer Aid organization, providing comprehensive cancer-related information and support services to patients, families, and healthcare professionals. The website reflects a professional and trustworthy presence with clear contact details and affiliation to recognized cancer aid campaigns such as Pink Ribbon.

Ö

Österreichische Krebshilfe Salzburg

krebshilfe-sbg.at

35

The website www.krebshilfe-sbg.at represents the Salzburg regional branch of the Austrian Cancer Aid organization, a non-profit entity focused on cancer prevention, patient support, education, and fundraising. It serves cancer patients, their families, healthcare professionals, and donors by providing comprehensive information on cancer types, therapies, and support services. The organization maintains a strong community presence through events, workshops, and partnerships with entities like Casinos Austria. Technically, the site is built on TYPO3 CMS with SEO optimization via Yoast and uses Matomo analytics configured to respect user privacy by disabling cookies. The site is mobile-optimized, accessible, and well-structured, offering a good user experience. Security posture is solid with HTTPS and privacy-conscious analytics, but lacks published privacy and cookie policies, security policies, and incident response information, which are compliance gaps. Overall, the domain registration data aligns well with the organization's identity, supporting legitimacy and trustworthiness.

The domain libraryfacts.com currently serves as a 404 Not Found error page with no accessible business content. It is used by Admiral, a service provider specializing in copyright access control and privacy consent management for digital publishers. The domain is hosted on Google Cloud Platform and employs HTTPS with good SSL practices, but lacks DNSSEC and security headers. No privacy or cookie policies, contact information, or business details are present on the site, limiting its transparency and user trust. The domain registration is consistent and legitimate, registered via NameCheap since 2020, with no privacy protection enabled. Overall, the site appears to be a placeholder or service endpoint rather than a customer-facing website.

P

Perspektive Wismar

perspektive-wismar.de

72

Perspektive Wismar is a childcare and youth service provider operating multiple facilities including nurseries, kindergartens, after-school care (Hort), and day groups in Wismar, Germany. The organization focuses on creating a nurturing environment for children and families, emphasizing trust, diversity, and sustainability. Their market position is local and community-oriented, serving families in the Wismar area with a medium-sized operation. Technically, the website is built on the Contao Open Source CMS platform, utilizing standard web technologies such as JavaScript, CSS, and SVG graphics. The site is mobile-optimized, accessible, and performs moderately well. Hosting is managed via DomainControl (GoDaddy nameservers), and HTTPS is enforced with secure session and CSRF tokens. From a security perspective, the website demonstrates good practices including HTTPS usage and cookie consent mechanisms. However, it lacks explicit security headers and does not provide a security policy or incident response contact. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is supported by a GDPR-compliant privacy policy and cookie banner. Overall, the website is professional, trustworthy, and safe for general audiences, with no adult or questionable content. The domain registration data aligns well with the website's business claims, indicating legitimacy. Strategic recommendations include enhancing security headers, publishing terms of service and security policies, and considering vulnerability disclosure mechanisms.

B

Berufsbildungswerk Leipzig für Hör- und Sprachgeschädigte gGmbH

bbw-leipzig.de

58

The BBW-Leipzig-Gruppe is a well-established non-profit social enterprise based in Leipzig, Germany, specializing in education, employment, and inclusion services for people with special support needs. Founded in 1991, it operates as a group of social institutions and subsidiaries, providing a broad range of services including vocational training, kindergartens, youth assistance, and diaconal services. The organization enjoys a strong market position within the regional social sector and is affiliated with the Diakonisches Werk der Ev.-Luth. Landeskirche Sachsen e.V., enhancing its trustworthiness and community integration. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and providing a responsive, accessible, and SEO-optimized user experience. The site includes comprehensive privacy and cookie policies with explicit consent mechanisms, reflecting good GDPR compliance. Social media integration and external trusted links further enhance its digital presence. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, with no critical vulnerabilities or exposed sensitive data detected. However, it lacks a publicly available security policy, incident response contacts, and a vulnerability disclosure framework, which are recommended for improving security maturity. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with moderate tracking and marketing tools used transparently. Strategic improvements in security policy publication and incident response readiness would further strengthen its security posture and stakeholder confidence.

P

Plastic Free Odv Onlus

plasticfreeonlus.it

62

Plastic Free Odv Onlus is a well-established Italian non-profit organization dedicated to combating single-use plastic pollution through volunteer-driven environmental cleanups, educational programs, and partnerships with municipalities and companies. The organization has a strong market position in Italy as a leading environmental activist group with a broad target audience including volunteers, schools, and corporate partners. Their website reflects a mature digital presence built on modern technologies like Next.js and React, offering excellent mobile optimization and user experience. Security posture is strong with HTTPS enforcement, security headers, and secure payment integration via Nexi. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, the website and organization demonstrate high professionalism, trustworthiness, and community engagement.

M

Mediaset Infinity

mediaset.it

64

Mediaset Infinity is a prominent Italian media streaming platform offering free access to a wide range of TV programs, live channels, movies, documentaries, and kids content. It operates under the Mediaset brand, a major player in the Italian media industry. The platform targets a general audience interested in Italian television and streaming services, providing both free and premium content through Infinity+. The website demonstrates a high level of digital maturity with a modern tech stack based on React and Next.js, ensuring fast performance and excellent mobile optimization. Security measures such as HTTPS and security headers are properly implemented, contributing to a strong security posture. However, the absence of visible privacy and cookie policies, as well as lack of explicit contact information, indicates gaps in privacy compliance and user transparency. Overall, the site is professional and trustworthy but would benefit from enhanced privacy disclosures and incident response information.

C

Conseil Départemental de Loir-et-Cher

assistant-maternel-41.fr

53

The website www.assistant-maternel-41.fr serves as an official regional government portal for the Conseil Départemental de Loir-et-Cher, France, focusing on connecting childcare assistants (assistants maternels) with parents seeking childcare services. It provides informational resources, news updates, and practical guidance for both childcare professionals and parents within the department. The site is positioned as a trusted public service platform with a clear target audience of local families and childcare providers. Technically, the website employs legacy web technologies such as HTML4.01 Transitional and JavaScript libraries like MooTools and jQuery. While functional, the site shows signs of technical debt with basic mobile optimization and accessibility. Hosting and development are managed by AXN Informatique, a specialized IT provider. The site includes a cookie consent mechanism but lacks modern security headers and visible HTTPS enforcement in the provided data. From a security perspective, the site demonstrates moderate maturity with cookie consent implemented but lacks explicit privacy policies, terms of service, and contact information for security or incident response. The absence of WHOIS data from the AFNIC server raises minor concerns about domain registration transparency, though the site’s branding and content strongly indicate legitimacy. No vulnerabilities or adult content were detected, and the site maintains a safe content rating. Overall, the website is a moderately well-maintained government information portal with room for improvement in security posture, privacy compliance, and technical modernization. Strategic enhancements in HTTPS enforcement, security headers, and clear privacy documentation would strengthen trust and compliance.

P

Papoo Software & Media GmbH

clickskeks.de

51

clickskeks is a German-based technology company specializing in automated, GDPR-compliant cookie consent management solutions tailored for the German market. Their flagship product is a user-friendly cookie banner that automates cookie scanning and compliance, targeting website owners, agencies, and developers. The company is positioned as a trusted provider with over 2,000 clients and offers a partner program to expand market reach. Technically, the website is built on TYPO3 CMS, integrates Google Analytics and Tag Manager with privacy considerations, and demonstrates good mobile optimization and accessibility. Security posture is solid with HTTPS enforced, though some security headers could be improved. The company maintains comprehensive legal pages and clear contact information, enhancing trust and compliance. Overall, clickskeks presents a professional, secure, and privacy-conscious digital presence.

A

Apps2me

apps2.me

55

Apps2me is a newly launched technology platform focused on providing a store and hosting environment for Telegram mini apps. The platform targets Telegram users and developers interested in mini apps, positioning itself as a niche player in the Telegram ecosystem. The business model revolves around offering a centralized place to explore and add new Telegram mini apps, leveraging the popularity of Telegram's mini app capabilities. The company is small and recently founded in 2024, with domain registration consistent with a startup phase. Technically, the website uses modern web technologies including jQuery 3.7.0 and ES modules for JavaScript, with a responsive design optimized for mobile devices. Hosting is provided by Spaceship, Inc., and the site uses HTTPS, though lacks advanced security headers and DNSSEC. SEO and accessibility are basic but functional. The site includes a cookie consent banner but lacks comprehensive privacy or terms of service documentation. From a security perspective, the site benefits from HTTPS but is missing important security headers and DNSSEC, which reduces its security posture. No incident response or security policies are published, and no contact information is provided, which limits transparency and trust. The WHOIS data shows privacy protection and a recent domain registration, typical for a small tech startup, with no suspicious indicators. Overall, the site is functional and moderately trustworthy but has gaps in privacy compliance and security best practices. Strategic improvements in security headers, privacy policies, and contact transparency would enhance trust and compliance.

U

Unoenergy S.p.a.

unogas.it

71

Unoenergy S.p.a. is a medium-sized Italian energy company specializing in electricity and gas supply for residential, condominium, and business customers. With over 20 years of experience, it holds a strong market position as one of the main private operators in Italy's energy sector. The company offers a broad portfolio of services including photovoltaic systems, electric mobility charging stations, and climate control solutions. The website reflects a professional and customer-centric approach, emphasizing quality, sustainability, and personalized service. Technically, the site is built on WordPress with modern web technologies, optimized for SEO and mobile responsiveness, and integrates Google Tag Manager and customer engagement tools. Security posture is solid with HTTPS and no visible vulnerabilities, though it lacks explicit security policies and vulnerability disclosure mechanisms. Contact information is clearly presented, including email, phone, physical address, and social media channels. Overall, the site demonstrates high professionalism and trustworthiness, though improvements in privacy and cookie policy transparency are recommended.

Unilever Italia is a regional branch of the global consumer goods giant Unilever PLC, offering a wide range of well-known brands focused on daily consumer needs. The website reflects a mature enterprise with a strong market position in Italy, emphasizing sustainability and corporate responsibility. The digital infrastructure uses modern web technologies including Astro framework and service workers, ensuring fast performance and excellent mobile optimization. Privacy and cookie compliance are well implemented with clear policies and consent mechanisms. Security posture is solid with HTTPS and cookie management, though explicit security headers and incident response information are absent. Overall, the site is professional, trustworthy, and compliant with GDPR, serving a general audience with corporate and product information.

The website www.uil.it represents the Unione Italiana del Lavoro (UIL), a major Italian labor union focused on advocating for workers' rights and social welfare. The site provides news, studies, and reports related to labor issues, social policies, and union activities, targeting workers and stakeholders in Italy. The business model is non-profit and essential within the government and non-profit sectors. Technically, the site uses a custom or unknown CMS with technologies such as Matomo analytics, jQuery, and Google Fonts. The site is moderately optimized for performance and mobile devices, with basic accessibility and SEO features. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers and explicit incident response contacts are absent. Privacy compliance is strong with clear privacy and cookie policies, though no explicit consent mechanism is observed. The WHOIS data confirms the legitimacy and consistency of the domain registration with the organization's identity. Overall, the website is professional, trustworthy, and safe for general audiences.

The website www.berufsausweis.com serves as an informational platform for the EuropeanExpertCard, a unified professional identification card for experts and appraisers across Europe. It is closely associated with the Deutsche Gutachter und Sachverständigen Verband e.V. (DGuSV), which acts as the primary issuing body in Germany. The site targets professionals in the appraisal and expert evaluation sector, aiming to facilitate cross-border recognition of qualifications within the EU. The business model is based on membership and fee-based issuance of the card, positioning itself as a niche but important player in the European professional certification landscape. Technically, the website employs standard web technologies including HTML, CSS, and JavaScript, with cookie consent managed via Usercentrics. The site is accessible without any WAF or security challenges, uses HTTPS, but lacks advanced security headers and comprehensive mobile optimization. SEO and accessibility are basic but functional. No CMS or hosting provider details are evident from the source. From a security perspective, the site benefits from HTTPS and cookie consent mechanisms, but lacks explicit security policies, incident response contacts, and security headers that would enhance protection against common web threats. The absence of WHOIS registration data for the domain is a notable risk factor, potentially indicating privacy protection or registration issues, which impacts domain legitimacy and trust. Overall, the website is professional and trustworthy in content and presentation but would benefit from improved security practices and transparency in domain registration. Strategic improvements in security headers, mobile responsiveness, and explicit security policies are recommended to enhance trust and compliance.

B

Best Western Plus Atrium Hotel

meinbestwesternulm.de

61

Best Western Plus Atrium Hotel Ulm is a 4-star hospitality business located in Ulm, Germany, offering accommodation, meeting facilities, gastronomy, and local city guide services. The website targets travelers and business guests seeking mid-range hotel services with event hosting capabilities. The business operates under the reputable Best Western brand, enhancing its market position and trustworthiness. Technically, the website employs standard web technologies including JavaScript, CSS, and Google Analytics with IP anonymization, indicating a moderate level of digital maturity. The site is moderately optimized for mobile devices and SEO, with a clean navigation structure and professional content presentation. From a security perspective, the site uses HTTPS and anonymizes IP addresses in analytics, but lacks visible security headers, cookie consent mechanisms, and published security policies or incident response information. No vulnerabilities or malicious content were detected, but improvements are recommended to enhance compliance and security posture. Overall, the website is professional, trustworthy, and functional with room for improvement in privacy compliance and security best practices to reduce risk and increase user trust.

M

Milena Quattrocchi, KANUL.ART Art & Design

kanul.art

61

Milena Quattrocchi is an independent visual artist based in Vevey, Switzerland, specializing in minimalist graphic art that embraces imperfection. The website serves as a professional portfolio showcasing recent collections, exhibitions, and design collaborations, notably with ZigZagZurich. The business model centers on art sales via an online shop and partnerships with galleries and design houses, targeting art collectors and enthusiasts. The site is well-branded and consistent, with clear contact information and a focus on artistic expression.

S

Stadt Wien

wienwohntbesser.at

64

The website wienwohntbesser.at is an official government platform operated by the City of Vienna (Stadt Wien) focused on providing information and updates about municipal housing initiatives, campaigns, and services. It serves residents and housing seekers in Vienna, offering news, event details, and service area information related to affordable and livable housing. The site is well-branded with consistent city imagery and messaging, reinforcing its authoritative position in the local housing sector. Technically, the website is built on TYPO3 CMS with Bootstrap for responsive design, ensuring good mobile optimization and accessibility. It employs Piwik analytics with a GDPR-compliant cookie consent mechanism, reflecting a mature approach to privacy and user tracking. Performance is moderate, with no critical technical issues detected. However, security headers are not explicitly visible, and no dedicated security or incident response policies are published. From a security perspective, the site uses HTTPS and has implemented cookie consent controls, but lacks visible advanced security headers and formal vulnerability disclosure mechanisms. No exposed sensitive data or vulnerable libraries were detected. The WHOIS data confirms the domain is legitimately registered to the City of Vienna, aligning with the website's governmental nature and enhancing trustworthiness. Overall, the website presents a professional, secure, and privacy-conscious platform suitable for its public service role. Strategic improvements could include publishing explicit security policies, enhancing security headers, and providing clearer contact information for incident response. These steps would further strengthen the site's security posture and user trust.

P

Papoo Software & Media GmbH

clickskeks.at

52

Clickskeks is a specialized technology company offering an automated cookie consent banner solution tailored for Austria and Germany. The company operates a SaaS model providing GDPR-compliant cookie management tools that simplify compliance for website owners and agencies. With over 2,000 clients and a strong partner ecosystem, clickskeks holds a reputable position in the regional market. The website is professionally designed, content-rich, and highly user-friendly, reflecting a mature digital presence. Technically, the site is built on TYPO3 CMS, integrates Google Analytics and Tag Manager for tracking, and demonstrates good mobile optimization and accessibility. Security posture is solid with HTTPS enforced, though some security headers and explicit policies could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR-aligned consent mechanisms. Overall, clickskeks presents a trustworthy and professional business with clear contact channels and legal transparency.

B

Brest en vue

brestaim.fr

57

Brest en vue is a French public local enterprise specializing in the management of major public equipment and the creation of events within Brest métropole. The company positions itself as a dynamic and responsive entity serving the public interest with a focus on innovation, entertainment, discovery, entrepreneurship, and regional influence. The website reflects a medium-sized organization with a clear mission and a strong local government sector presence. Technically, the site is built on WordPress with Yoast SEO, featuring modern web standards and mobile optimization, though some security headers are missing. Security posture is solid with HTTPS and cookie consent but could be improved with additional headers and explicit security policies. Overall, the site is professional, trustworthy, and compliant with GDPR, with clear contact information and legal disclosures.

W

wohnpartner

wohnpartner-wien.at

64

wohnpartner is a Vienna-based social service organization focused on fostering good community living in municipal housing. As part of Wohnservice Wien, it offers conflict mediation, social advice, and neighborhood engagement through various projects and events. The website reflects a mature digital presence built on TYPO3 CMS with a clear structure and good user experience. Privacy and cookie compliance are well implemented, including a consent mechanism and a comprehensive privacy policy. Security posture is solid with HTTPS and no visible vulnerabilities, though formal security policies and incident response contacts are absent. Overall, the site is trustworthy and professionally maintained, serving a government/non-profit sector audience effectively.

F

Finanz Informatik

fi-update.de

40

The website fi-update.de serves as a platform for the FI Update 2025, a management event targeted at the leadership level within the Sparkassen-Finanzgruppe, a major financial group in Germany. The site primarily functions as an informational and event management portal, with a focus on finance professionals. The business is positioned as an enterprise-level entity within the finance sector, leveraging its parent company Finanz Informatik's brand and network. The content is concise and oriented towards event promotion and user engagement through social media channels such as LinkedIn and Instagram. Technically, the website employs modern web technologies including JavaScript, CSS, and the PrimeReact framework. It integrates etracker analytics with respect for Do Not Track settings, indicating a moderate level of digital maturity and privacy awareness. The site is hosted with DNS services provided by DomainControl (GoDaddy), suggesting a professional hosting environment. Performance and mobile optimization are basic but functional, with room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS and includes some privacy-conscious analytics configurations. However, it lacks explicit security headers and cookie consent mechanisms, which are important for compliance and protection. No forms or direct contact information are present on the main page, limiting data exposure risks but also reducing user engagement options. The absence of a published security policy, incident response contacts, and vulnerability disclosure reduces transparency and preparedness indicators. Overall, the website presents a moderate risk profile with no critical vulnerabilities detected. Strategic improvements in security headers, privacy compliance, and user contact options would enhance trust and compliance. The business credibility is supported by consistent branding and legitimate domain registration, but the content and technical implementation could be further developed to improve user experience and security posture.

The website jb-fotografie.de represents a small photography business specializing in family photos, passport photos, portrait, and wedding photography services primarily targeting a German-speaking audience. The site content is minimal but relevant to the business domain, with basic branding and a simple user interface. The technical infrastructure is based on a shared hosting platform (hpage), utilizing standard HTML, CSS, and JavaScript without advanced frameworks or CMS beyond the hosting provider's platform. Security posture is weak due to lack of visible HTTPS confirmation, absence of security headers, and no privacy or cookie policies, which impacts compliance and trust. No contact information or forms are present, limiting user engagement and transparency. Overall, the site is functional but basic, with moderate risk due to missing security and privacy best practices.

The website 'thomas blog' is a personal technical blog primarily focused on networking topics such as Headscale and Tailscale VPN solutions. It targets technology enthusiasts and users interested in self-hosted privacy-focused networking. The site is built using the Hugo static site generator and hosted likely on a VPS provider mentioned in the content (Hetzner). The technical infrastructure is modern but minimalistic, with no detected analytics or advertising scripts, indicating a privacy-conscious approach. Security posture is basic; the site lacks published security headers, privacy policies, and contact information for incident response. No WAF or blocking mechanisms are present, and the site content is fully accessible. Overall, the site is safe and trustworthy but would benefit from improved privacy and security disclosures.

S

Startseite » Studierzimmer Münster

studierzimmer-muenster.de

35

Studierzimmer Münster is a community-driven campaign focused on facilitating affordable student housing in the city of Münster, Germany. The website serves as a platform to connect landlords, investors, and students seeking housing, emphasizing social support and local collaboration. The campaign is supported by local institutions including the City of Münster, University of Münster, Fachhochschule Münster, and Studentenwerk Münster, indicating strong community ties and trust. Technically, the website is built on the SilverStripe CMS platform, utilizing standard web technologies such as HTML5, CSS, JavaScript, and jQuery. The site demonstrates moderate performance and basic mobile optimization. However, there is room for improvement in accessibility and SEO optimization. The hosting is provided by kasserver.com, a known hosting provider. From a security perspective, the site uses HTTPS as indicated by the base URL, but lacks visible security headers and formal privacy or cookie policies, which are critical for GDPR compliance. No forms with sensitive inputs are present on the homepage, reducing immediate risk exposure. The absence of vulnerability disclosure and incident response information suggests limited security maturity. Overall, the website is a trustworthy and professional community resource with moderate technical and security posture. Strategic improvements in privacy compliance, security headers, and transparency would enhance trust and compliance with data protection regulations.

AVC Music is an e-commerce business focused on music products, offering a multilingual online shop experience. The website is relatively basic, featuring outdated Flash content and minimal interactive or modern web features. The domain has been registered since 2004, indicating a longstanding presence, but the lack of detailed business contact information and policies reduces its perceived professionalism and trustworthiness. Technically, the site lacks modern security practices such as HTTPS enforcement and security headers, and it does not provide privacy or cookie policies, which are critical for compliance and user trust. Overall, the website's digital maturity is low, with significant room for modernization and security improvements.

C

Commerzbank

commerzbank.com

64

Commerzbank's group website serves as the corporate portal for one of Germany's major banking institutions. The site provides information about the bank's corporate identity and services, targeting corporate clients, investors, and the general public interested in the bank's operations. The website demonstrates a professional design with consistent branding and a moderate level of technical maturity, including the use of modern web technologies and a cookie consent mechanism to comply with privacy regulations. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks visible security headers and explicit security policies. The absence of explicit privacy policy and terms of service in the provided content suggests areas for improvement in privacy compliance and transparency. Overall, the domain registration data aligns well with the business claims, indicating a legitimate and trustworthy online presence.

SmileReef is a small e-commerce business specializing in eco-friendly surf hats with integrated helmets, targeting environmentally conscious surfers. The company emphasizes sustainability by using recycled ocean plastics and supports reef conservation with a portion of sales. The website is professionally designed on the Shopify platform, featuring customer reviews and multi-language support, indicating a moderate level of digital maturity. Technically, the site uses modern web technologies and is hosted on Google Cloud via Shopify, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and no explicit security or incident response policies are published. WHOIS data shows anomalies such as a future domain creation date and country mismatch, which slightly reduce trustworthiness but do not negate the overall legitimacy. Privacy compliance is addressed with policies and cookie consent mechanisms. Overall, the site presents a trustworthy and professional e-commerce presence with room for improvement in security transparency and domain registration consistency.

Testudo Srl is an Italian boutique software company specializing in custom software development, innovative SaaS products, and strategic consulting. The company targets businesses seeking tailored digital solutions to improve operational efficiency and market competitiveness. Their website showcases a strong client portfolio including major brands across various sectors such as logistics, insurance, manufacturing, and professional services, positioning them as a reputable player in the technology industry. Technically, the website is built using modern frameworks like Next.js and React, delivering fast performance, excellent mobile optimization, and good SEO practices. Security-wise, the site enforces HTTPS and includes essential security headers, reflecting a mature security posture. However, the absence of WHOIS registration data and lack of direct contact emails or phone numbers slightly reduce trust. Overall, the site is professional, trustworthy, and compliant with privacy regulations, though it would benefit from publishing explicit security policies and incident response contacts.

P

PG AT GEWINNSPIEL

pg-gewinnspiel.at

68

The website pg-gewinnspiel.at is a promotional contest platform primarily targeting users in Austria, as indicated by the German language and locale settings. The site appears to be focused on marketing sweepstakes or giveaways, likely as part of a broader promotional campaign. The business model revolves around engaging users through contests, but no detailed company or business information is publicly available on the site. The website's content quality is basic, with limited textual content and no visible privacy or terms of service pages, which impacts user trust and compliance transparency. Technically, the site employs modern web technologies including JavaScript modules, CSS, Google Tag Manager, Google Analytics, and OneTrust for cookie consent management. HTTPS is enabled, ensuring secure communication, and Google reCAPTCHA is used to protect forms from abuse. However, the absence of security headers and limited accessibility features suggest room for improvement in technical implementation and security hardening. From a security perspective, the site demonstrates moderate maturity with HTTPS and consent mechanisms in place, but lacks visible security policies, incident response contacts, and comprehensive privacy documentation. The WHOIS data is privacy protected, which is common for marketing sites but reduces transparency. No WAF or blocking mechanisms were detected, and no suspicious or malicious content was found. Overall, the site is safe for general audiences but would benefit from enhanced compliance and security practices. The overall risk assessment indicates a moderate risk profile primarily due to missing compliance documentation and contact information. Strategic recommendations include publishing clear privacy and terms of service pages, implementing security headers, providing contact details for security incidents, and enhancing accessibility and SEO features to improve trust and user experience.

I

In Good Spirits

ingoodspirits.at

56

In Good Spirits Vertriebsgesellschaft is a small Austrian company specializing in the distribution of spirits, sparkling wines, and non-alcoholic beverages primarily targeting the gastronomy and retail sectors in Austria. Their website reflects a professional and consistent brand presence, showcasing a diverse product portfolio with detailed descriptions. The company leverages WordPress CMS with SEO optimizations but lacks some advanced security and compliance features. Technically, the site is moderately performant and mobile-optimized, though it could benefit from enhanced accessibility and security headers. Security posture is adequate with HTTPS enforced but missing several best practice headers and explicit incident response policies. Privacy compliance is basic with privacy and cookie policies present but no active consent mechanism. Overall, the website is trustworthy and suitable for mature audiences given its alcohol-related content.

F

Plesk Obsidian 18.0.72

fondonegri.it

61

The website is a login portal for Plesk Obsidian 18.0.72, a commercial web hosting control panel software widely used by hosting providers and administrators. The page is designed primarily for authenticated users to access hosting management features. The business behind the software is positioned as a technology provider in the web hosting industry, targeting hosting service providers and web administrators. The site content is minimal, focusing on login functionality with cookie consent mechanisms in place, but lacks visible privacy policies or contact information on this page. Technically, the site uses the Plesk UI library, JavaScript frameworks like Prototype.js and RequireJS, and standard web technologies. The page is moderately optimized for mobile and accessibility but lacks advanced SEO features. Security-wise, the site uses HTTPS (implied by URL), includes CSRF protection tokens, and password input controls, but no explicit security headers were detected in the HTML content. DNSSEC is not enabled for the domain, which is a recommended improvement. The domain is well-established, created in 2000, indicating legitimacy. Overall, the security posture is moderate with room for improvement in security headers and explicit privacy/security policies. The site is safe with no adult or questionable content. No WAF or blocking mechanisms were detected, allowing full content access. The lack of visible business contact details and privacy policy on this page limits privacy compliance scoring. Strategic recommendations include enabling DNSSEC, adding security headers, and providing clear privacy and security policies linked from the login page.

C

Code for Germany

codefor.de

50

Code for Germany is a non-profit civic tech network focused on promoting open data, open government, and digital sustainability in Germany. It operates through a community of approximately 300 volunteers organized in local labs and an online platform. The organization is coordinated by the Open Knowledge Foundation Deutschland e.V. and is part of the global Code for All network. Their key services include developing open source software and hardware projects, supporting municipalities in digital transformation, and advocating for transparent and sustainable digital policies. Technically, the website is built using the Hugo static site generator, employs Matomo for privacy-conscious analytics, and is well-optimized for performance and mobile devices. Security posture is solid with HTTPS and minimal tracking, though improvements are recommended in security headers and explicit cookie consent. Overall, the website is professional, trustworthy, and serves a clear community and civic purpose.

M

Deutschlands grösstes Online Trainings- und Informationsportal für Immobilienmakler

makler-wissen.de

55

Makler-Wissen.de is Germany's largest online training and information portal dedicated to real estate agents. It offers hundreds of professional training and educational videos with certification to support the success of real estate professionals. The platform targets aspiring and active real estate agents seeking continuous education and certification. Technically, the website is built on the Contao Open Source CMS, hosted likely by netcup, and employs modern web technologies including JavaScript, CSS, and integrates marketing and analytics tools such as Facebook Pixel, Google Analytics, and Cookiebot for consent management. The site is mobile optimized and SEO friendly, providing a good user experience. Security-wise, the site uses HTTPS and implements CSRF protection cookies, but lacks explicit security headers and published incident response or vulnerability disclosure information. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and a detailed privacy policy in German, aligned with GDPR requirements. Overall, the website is professional, trustworthy, and well-positioned in its niche, though it could improve security posture by adding security headers and incident response contacts.

B

Beikircher Grünland Srl

agritura.com

67

Agritura by Beikircher Grünland is an established Italian e-commerce platform specializing in agricultural products, animal husbandry supplies, and gardening accessories. Founded in 2008, the company targets farmers, hobby breeders, and gardening enthusiasts primarily in Italy, offering a wide range of Beikircher branded feeds and equipment. The website leverages Shopify as its platform, integrating customer review systems such as Google Reviews and Judge.me to build trust and credibility. The site is multilingual, supporting Italian, German, and English languages, enhancing its accessibility to a broader audience. Technically, the website employs modern web technologies and maintains good performance and mobile optimization, although some accessibility features could be improved.

R

Raiffeisenverband Südtirol

rvsportal.it

71

The website is a Microsoft Azure Active Directory login portal customized for Raiffeisenverband Südtirol, a regional cooperative banking association. It serves as an authentication gateway for users accessing SharePoint and other Microsoft services. The site leverages Microsoft's secure OAuth2 authorization code flow and integrates branding elements specific to Raiffeisenverband Südtirol, indicating a trusted business relationship. The technical infrastructure is robust, utilizing modern web technologies, Microsoft cloud hosting, and strong security controls including HTTPS, CSRF tokens, and nonce-based script loading. Privacy and terms of service are linked to official Microsoft pages, reflecting compliance with GDPR and other regulations. However, the site lacks explicit cookie consent mechanisms and direct contact information for security incidents, which could be improved. Overall, the site demonstrates a mature security posture appropriate for its function as an enterprise authentication portal.

tiny.li is a URL shortening service operated by Börsenmedien AG, a German media company. The service provides a simple utility to convert long URLs into short, easy-to-use links. The website content is minimal but functional, with clear branding aligned to the parent company. The technical infrastructure appears basic, relying on standard HTML and CSS without advanced frameworks or analytics. Security posture is limited, with no detected security headers or privacy policies on the site itself, though the parent company provides terms of service. Overall, the site is legitimate and trustworthy but could improve in privacy compliance and security features.

A

Apple

apple.com

77

Apple Inc. is a globally recognized leader in consumer electronics, software, and digital services. The company operates a comprehensive online presence offering a wide range of products including iPhone, iPad, Mac, Apple Watch, and Apple TV, alongside accessories and entertainment services. Apple maintains a strong market position with a focus on innovation, quality, and user experience. The website reflects this with professional design, clear navigation, and extensive product information targeting both consumers and businesses worldwide. Technically, the website employs modern web technologies including HTML5, CSS, JavaScript, and SVG graphics, optimized for both desktop and mobile platforms. The site demonstrates excellent performance, accessibility, and SEO practices, ensuring a fast and user-friendly experience. The presence of multiple language and regional versions indicates a mature digital infrastructure supporting global operations. From a security perspective, Apple enforces HTTPS with strong SSL configurations and comprehensive security headers such as Content-Security-Policy and Strict-Transport-Security. The site avoids exposing sensitive data and follows best practices in secure form handling. Privacy compliance is robust, with detailed privacy and cookie policies, GDPR adherence, and a clear vulnerability disclosure program. The WHOIS data is not publicly available, likely due to privacy protection, which is justified for a large enterprise. Overall, the website presents a low-risk profile with high trustworthiness, professional content, and strong security posture. Strategic recommendations include maintaining regular security audits, enhancing incident response transparency, and continuing to evolve privacy and consent mechanisms to align with emerging regulations.

S

Sparkasse.de

s.de

72

Sparkasse.de serves as the central information portal for the Sparkassen-Finanzgruppe, a major financial institution in Germany. The website provides comprehensive information about banking products, services, and branch locations, targeting a broad general audience primarily within Germany. The business model focuses on delivering accessible financial information and facilitating customer engagement with local Sparkasse branches. The site demonstrates a strong market position as part of a well-established financial group. From a technical perspective, the website employs modern web technologies including React and Next.js, indicating a mature digital infrastructure. The site is well-structured, mobile-optimized, and exhibits good SEO practices. However, there is limited evidence of advanced security headers or explicit privacy and cookie policies, which are critical for compliance and user trust in the financial sector. Security posture analysis reveals gaps such as the absence of visible security headers and lack of published security policies or incident response contacts. While HTTPS is presumed given the domain and modern setup, explicit confirmation is not available in the provided data. The lack of privacy and cookie policies also indicates potential compliance risks with GDPR requirements. Overall, Sparkasse.de is a professionally designed and credible financial information portal with strong business credibility and technical implementation. To enhance security and compliance, it is recommended to implement comprehensive privacy and cookie policies, security headers, and vulnerability disclosure mechanisms. These improvements will strengthen user trust and regulatory adherence.

The Centre Communal d'Action Sociale (CCAS) of Nice is a municipal public social service organization established since 2001, providing a broad range of social support services to the residents of Nice, France. Its offerings include senior care programs, social insertion initiatives, and community development actions. The website serves as an informational portal with links to official reports, social programs, and contact resources, targeting local citizens in need of social assistance. Technically, the website employs a basic but functional technology stack centered around jQuery and a CMS likely to be CMS Made Simple. The site is hosted by DIGITAL RURAL INFORMATIQUE and uses HTTPS to secure communications. While the site is accessible and contains relevant content, it lacks advanced mobile optimization, accessibility features, and modern security headers, which limits its technical maturity. From a security perspective, the website benefits from HTTPS but does not implement key security headers or provide explicit privacy, cookie, or security policies. There is no visible incident response or vulnerability disclosure information. The absence of these elements suggests room for improvement in compliance and security posture. However, no critical vulnerabilities or suspicious indicators were detected. Overall, the website is a trustworthy and legitimate municipal service portal with good business credibility but requires enhancements in privacy compliance, security best practices, and technical modernization to improve user experience and regulatory adherence.

Cookies.fo is a specialized service provider offering cookie consent management solutions tailored to comply with Faroese data protection laws, GDPR, ePR, and CCPA. Founded in 2020 and operated by Spf QODIO, the company targets website owners needing to ensure legal compliance with cookie usage regulations. The website presents a clear business model based on subscription services with a free trial and standard paid plans. The market position is niche and local, focusing on the Faroe Islands and GDPR-regulated regions. Key services include a customizable cookie consent banner, centralized legal updates, and integration with Google Tag Manager.

T

Transparency International

transparency.org

75

Transparency International is a globally recognized non-profit organization dedicated to combating corruption and promoting integrity and accountability worldwide. The website serves as a comprehensive platform for advocacy, research, and public engagement on anti-corruption issues. It targets a broad audience including policymakers, civil society, and the general public. The organization maintains a strong market position as a leading authority in corruption research and policy influence. Technically, the website employs modern web technologies including Google Tag Manager, Google Analytics, Plausible Analytics, and Cookiebot for consent management. The site is well-optimized for mobile devices, has good SEO practices, and uses HTTPS with strong security headers, indicating a mature digital infrastructure. Performance is moderate with room for optimization. From a security perspective, the site demonstrates good practices such as HTTPS enforcement, cookie consent, and security headers. However, it lacks publicly available security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for transparency and trust. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations such as GDPR. The lack of WHOIS data is due to privacy protection, which is justified for this type of organization. Strategic recommendations include publishing a security policy, incident response information, and a vulnerability disclosure policy to enhance transparency and security posture.

B

Bundesministerium für Digitales und Verkehr

mobilithek.info

65

Mobilithek.info is a German government-operated platform under the Bundesministerium für Digitales und Verkehr, providing open mobility data and serving as a national access point and marketplace for mobility data in Germany. The platform targets businesses, municipalities, data providers, and mobility enthusiasts from various sectors including economy, science, and public administration. It offers services such as data searching, data delivery facilitation, and community networking through a professional and well-maintained website. Technically, the website employs modern web technologies including JavaScript ES modules and Vue.js framework, with a responsive and accessible design optimized for mobile devices. The site demonstrates good SEO practices and fast performance, although no common CMS or hosting provider details are evident. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks visible security headers and explicit incident response or vulnerability disclosure mechanisms. Overall, the security posture is solid but could be improved by implementing additional security headers and publishing a security.txt or vulnerability disclosure policy. The WHOIS data is limited due to TLD restrictions and privacy, but the domain's association with a federal ministry strongly supports legitimacy. No signs of malicious activity or suspicious content were found, and the site maintains high standards of professionalism and trustworthiness.

S

Sparkasse Münsterland Ost

sparkasse-muensterland-ost.de

70

Sparkasse Münsterland Ost is a regional German bank providing a comprehensive range of financial services including current accounts, loans, investments, insurance, and private banking. The website targets private customers, corporate clients, and young people, emphasizing local presence in Münsterland and surrounding areas. The business model focuses on traditional banking services enhanced with digital offerings such as online and mobile banking apps. The bank maintains a strong market position regionally with consistent branding and trust signals including social media engagement and clear contact information. Technically, the website is built on a modern web stack likely supported by a robust CMS such as Adobe Experience Manager. It employs JavaScript, CSS, and HTML5 with some React components and custom Sparkasse frameworks. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS, includes session management features, and implements cookie consent mechanisms aligned with GDPR. While explicit security policies and incident response information are not found, the site shows good security hygiene with no visible vulnerabilities or exposed sensitive data. The domain registration is consistent with the business claims, indicating legitimacy. Overall, the website is professional, secure, and compliant with privacy regulations, serving as a trustworthy digital front for the bank. Recommendations include publishing explicit security and incident response policies and adding a vulnerability disclosure mechanism to enhance transparency and security posture.

B

Bechtle AG

bechtle.com

70

Bechtle AG is a leading European IT services provider specializing in digital transformation, cloud solutions, mobility, security, and IT as a service. The company targets business and enterprise customers across Europe, positioning itself as a trusted IT future partner. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses modern frameworks such as React, integrates Google Tag Manager for analytics, and employs Usercentrics for GDPR-compliant consent management. Security posture is strong with HTTPS enforced and multiple security headers present, though explicit security policies and incident response contacts are not publicly detailed. WHOIS data is unavailable, which slightly impacts trust but does not detract from the overall legitimacy given the professional web presence and certifications like ISO 27001. Overall, the site is well-optimized for performance, accessibility, and SEO, providing a high-quality user experience.

V

Viega Group

viega.com

74

Viega Group is a large, family-owned global market leader specializing in manufacturing sanitary and heating technology products. Their website reflects a professional and comprehensive digital presence, leveraging Adobe Experience Manager as their CMS and Adobe Analytics for user tracking. The company emphasizes key sectors such as drinking water quality, fire prevention, and innovative product design in pre-wall and drainage technology. The site targets professionals and customers in the sanitary and heating sectors, providing detailed product and company information. Technically, the website is well-structured, mobile-optimized, and implements modern web technologies with good performance and SEO practices. Security posture is strong with HTTPS enforcement, security headers, and cookie consent mechanisms, though explicit security policies and incident response details are not publicly available. WHOIS data is missing or privacy-protected, which is common for enterprises but reduces transparency. Overall, the website is trustworthy, safe, and professionally maintained, with room for improvement in security transparency and direct contact information.

Milchwerke Berchtesgadener Land Chiemgau eG operates a regional dairy cooperative focused on producing high-quality, sustainable dairy products. The website emphasizes values such as quality, origin, sustainability, and fairness, targeting consumers who value responsible agriculture and regional products. The business model is cooperative-based dairy production and retail, positioning itself as a trusted regional brand in Germany. The website is built on the Neos CMS platform using the Flow PHP framework, hosted on servers indicated by the domain's nameservers. The technical infrastructure is modern and supports good mobile optimization, accessibility, and SEO practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is strong with a comprehensive privacy policy and GDPR-compliant cookie consent. Overall, the website is professional, trustworthy, and aligned with the business's values and market position.