Security Directory

G

GoDaddy Operating Company, LLC

fratellimantova.com

68

The website is a professionally designed domain sales landing page hosted on the Afternic platform, a well-known domain marketplace owned by GoDaddy Operating Company, LLC. It offers the domain fratellimantova.com for sale with clear pricing options including buy now and lease to own. The site targets German-speaking domain buyers and businesses looking for premium domain names. The presence of GoDaddy branding and a high Trustpilot rating enhances its credibility. Technically, the site uses modern web technologies such as React and Next.js, served via Akamai CDN, ensuring good performance and mobile optimization. Security is robust with HTTPS enforced, security headers present, and reCAPTCHA protecting forms. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting good privacy practices. However, WHOIS data for the domain www.afternic.com is unavailable, likely due to querying a subdomain rather than the registered domain, which slightly impacts trust analysis. Overall, the site demonstrates a strong business and technical posture with minor gaps in WHOIS transparency.

S

Stanley/Stella

stanleystella.com

72

Stanley/Stella is a premium European e-commerce retailer specializing in sustainable blank apparel designed for customization. Founded in 2011, the company positions itself as a leader in eco-conscious clothing, targeting businesses and individuals seeking quality sustainable garments. The website supports multiple languages and countries, enhancing its accessibility and market reach. Technically, the site is built on Magento with integrations of modern JavaScript frameworks and analytics tools such as Piwik PRO and New Relic, indicating a mature digital infrastructure. Security practices include HTTPS enforcement, secure cookie handling, and domain transfer protection, although DNSSEC is not enabled. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates a solid security posture and professional business credibility.

S

Střední odborná škola požární ochrany a Vyšší odborná škola požární ochrany

hasici-vzdelavani.cz

53

The website hasici-vzdelavani.cz serves as an educational portal dedicated to fire protection units in the Czech Republic. It is a collaborative project between the Ministry of the Interior's Fire Rescue Service and a specialized vocational school for fire protection. The portal provides a variety of training materials including texts, images, videos, and e-learning modules aimed at supporting professional development in fire safety and emergency response. The site targets fire protection professionals and volunteers, offering structured content relevant to their training needs. Technically, the site is built on Drupal 7 with jQuery and standard web technologies. While functional, the use of an older CMS version and lack of modern security headers indicate potential technical debt and security risks. The site shows moderate performance and basic mobile optimization. No advanced analytics or tracking tools are detected, suggesting minimal user tracking. From a security perspective, the site uses HTTPS and includes CSRF tokens in forms, which is positive. However, the absence of security headers such as Content-Security-Policy and HSTS reduces its security posture. There are no visible privacy or cookie policies, which is a compliance gap under GDPR. No incident response or vulnerability disclosure information is provided. Overall, the website is a legitimate, government-affiliated educational resource with moderate technical maturity and some security and compliance shortcomings. Strategic improvements in security headers, privacy compliance, and CMS modernization are recommended to enhance trust and resilience.

Globalshop.sk is a Slovak-based professional e-commerce solutions provider operated by Global Services Slovakia s.r.o., established in 2006. The company focuses on delivering B2B and B2C e-commerce platforms and internet shop solutions primarily targeting Slovak businesses. The website currently serves as a placeholder with minimal content, linking to related partner services and providing clear contact information. The domain is well-established with consistent WHOIS data matching the business identity. Technically, the website is basic, built with simple HTML, CSS, and minimal JavaScript. It lacks modern CMS or frameworks and shows no evidence of mobile optimization or accessibility features. Hosting appears to be provided by Websupport.sk, inferred from nameservers. Performance is moderate but could be improved with modern technologies and responsive design. From a security perspective, the site lacks HTTPS enforcement and security headers, exposing it to potential risks. No privacy, cookie, or terms of service policies are present, indicating poor compliance with GDPR and related regulations. Tracking is minimal via a WebMonitor.sk pixel, but no advanced analytics or marketing tools are detected. The absence of secure forms or incident response contacts further weakens the security posture. Overall, the website presents moderate business credibility due to clear company information and domain age but scores low on technical and security maturity. Strategic improvements in security, privacy compliance, and technical modernization are recommended to enhance trust and operational resilience.

Globalhosting.sk is operated by Global Services Slovakia s.r.o., a small Slovak company founded in 2004 specializing in web hosting and internet marketing services. The company offers domain registration, web hosting, email services, FTP and shell accounts, databases, and administration. The website content is basic but relevant, targeting businesses seeking comprehensive internet solutions in Slovakia. The technical infrastructure is simple, relying on standard HTML, CSS, and JavaScript, hosted likely by Websupport based on nameserver data. No modern CMS or frameworks are detected, and mobile optimization is basic. Security posture is moderate with some input validation on forms but lacks HTTPS confirmation and security headers. Privacy and cookie policies are absent, indicating compliance gaps. The WHOIS data is consistent and supports the legitimacy of the domain and business. Overall, the site is functional but would benefit from improved security, privacy compliance, and modern technical enhancements.

Globalweb.sk is a Slovak website representing a professional web content management system (WCM) solution under development by Global Services Slovakia s.r.o., a small technology company founded in 2004. The company offers IT services including web design, marketing, and consulting, targeting businesses seeking CMS and WCM solutions. The website currently serves as a placeholder with basic information and links to related business domains within the same group. Technically, the website is built with simple HTML and CSS, hosted on Websupport servers. It lacks modern frameworks, mobile optimization, and advanced SEO features. No analytics or tracking scripts are present, indicating minimal digital maturity. The absence of HTTPS and security headers reduces the security posture. Contact information is clearly provided, but no privacy or cookie policies are implemented, which is a compliance gap. From a security perspective, the site shows basic hygiene but lacks critical protections such as SSL/TLS encryption and security headers. No forms or user input fields are present, reducing attack surface. The WHOIS data is consistent and transparent, supporting legitimacy. Overall, the site is safe with no adult or questionable content but requires improvements in security and compliance to meet modern standards. The overall risk is moderate due to missing HTTPS and privacy policies. Strategic recommendations include implementing SSL, adding privacy and cookie policies, enhancing security headers, and improving mobile and SEO optimization to increase trust and compliance.

J

Jakub Kokeš

kotviacatechnika.sk

53

Jakub Kokeš operates a specialized anchoring technology business primarily serving construction and industrial sectors in Slovakia and the Czech Republic. The company offers a wide range of fastening products such as screws, anchors, rivets, and related accessories, complemented by professional consulting and logistical services including free delivery and material returns. The website reflects a regional market position with multiple branch offices and localized contact points, targeting professional contractors and businesses in the construction industry. Technically, the website employs modern web technologies including JavaScript, Google Tag Manager, and Google Analytics, with a custom or proprietary CMS platform. The site is mobile-optimized and provides a good user experience with clear navigation and product categorization. SEO and accessibility are adequately addressed, though some advanced security headers are missing. From a security perspective, the site enforces HTTPS and anonymizes user IPs in analytics, demonstrating a baseline security posture. Cookie consent mechanisms comply with GDPR requirements, providing users control over tracking preferences. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in security maturity. Overall, the website is professional, trustworthy, and compliant with privacy regulations, with a moderate risk profile. Strategic enhancements in security transparency and technical hardening would further strengthen its posture.

C

CEUR Workshop Proceedings

ceur-ws.org

55

CEUR-WS.org is a well-established academic open-access publishing platform specializing in computer science and information systems workshop proceedings. Operated by volunteers under the auspices of RWTH Aachen University, it provides free online access to scientific papers and maintains a recognized ISSN publication series. The website hosts a large volume of proceedings with detailed editorial and submission information, targeting researchers and academic workshop organizers. Technically, the site uses basic HTML and CSS, hosted by Sun SITE Central Europe, with moderate performance and basic mobile optimization. Security posture is moderate with domain transfer protections but lacks advanced security headers and cookie consent mechanisms. Privacy compliance is basic, relying on legal disclaimers without explicit GDPR adherence or cookie policies. Overall, the domain registration is consistent and legitimate, reflecting a stable and trustworthy academic service.

D

Duplex

duplex.com

61

Duplex presents itself as a technology platform focused on enhancing digital content discovery and audience engagement to drive revenue. The website content is professionally designed using modern web technologies such as Next.js and React, indicating a contemporary digital infrastructure. However, the absence of WHOIS registration data and domain legitimacy information raises concerns about the domain's registration status or privacy protections in place. Security posture evaluation is limited due to missing SSL and security header information, and no privacy or cookie policies were detected, indicating potential compliance gaps. Overall, while the business proposition appears credible and the website is functional and well-structured, the lack of verifiable domain registration and security best practices lowers the trust and security confidence.

A

Amgen

amgen.cz

10

Amgen Česká republika is the Czech Republic branch of Amgen, a global biotechnology company focused on developing innovative medicines for serious illnesses. The website serves as a corporate informational portal targeting healthcare professionals and patients in the Czech market. It highlights Amgen's commitment to scientific innovation and patient care. Technically, the site employs modern web technologies including HTTPS, Content Security Policy, and cookie consent mechanisms to ensure security and privacy compliance. The presence of Google Tag Manager and Cookiebot indicates a mature approach to analytics and GDPR compliance. Security posture is solid with HTTPS and CSP headers, though additional security headers could enhance protection. No critical vulnerabilities or blocking mechanisms were detected, and the site is accessible and professionally designed. Overall, the website reflects a trustworthy and compliant corporate presence with good technical and security practices.

The website andresond.is represents a small Icelandic media business focused on audio book subscriptions and Disney/Pixar related content. The site is built on the LiSA CMS platform by Advania and hosted via an Icelandic provider, reflecting a mature domain established in 2009. The business targets families and children interested in audio books and related media products, operating primarily through e-commerce and subscription models. The site integrates social media sharing via Facebook and tracks user activity with Google Analytics, indicating a moderate level of digital maturity. However, the website lacks critical privacy and cookie policies, and no terms of service or security policies are present, which are important for compliance and user trust. Security posture is basic, with no DNSSEC enabled and no security headers detected, though HTTPS usage is implied by external script loading. Overall, the site is functional but requires improvements in security and privacy compliance to enhance trust and regulatory adherence.

W

Warner Bros. Discovery Poland

wbdpoland.pl

68

Warner Bros. Discovery Poland is a prominent media company operating as part of the global Warner Bros. Discovery conglomerate. It holds a leading position in the Polish media market, offering a wide range of content across multiple TV channels and streaming platforms. The website reflects a professional media brand with a focus on delivering entertainment and news content to a broad audience in Poland. Technically, the site uses modern web technologies including Next.js and integrates multiple analytics and advertising services, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and cookie consent implemented, though some advanced security headers and explicit security policies are absent. Overall, the site is safe, compliant with basic privacy standards, and trustworthy, but could improve transparency by publishing privacy policies and security disclosures.

H

Zakwaterowanie w Czechach i na Słowacji (5000+) - Hauzi.pl

hauzi.pl

46

Hauzi.pl is an online accommodation search and booking platform primarily targeting travelers seeking lodging in Slovakia and the Czech Republic. The website offers a comprehensive catalog of over 5000 accommodations including cottages, wooden houses, guest houses, apartments, and hotels, with user ratings and special offers. The platform is positioned as a popular and trusted search engine for accommodations in these regions, catering to a broad audience interested in vacation rentals and travel planning. Technically, the website employs modern web technologies such as Vue.js for frontend interactivity, integrates Google Tag Manager and Google Analytics for tracking and marketing purposes, and uses HTTPS to secure communications. The site is mobile-optimized and provides a user-friendly interface with clear navigation and search functionalities. However, some accessibility features and security headers could be improved to enhance security and compliance. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism with granular user options, indicating awareness of privacy regulations. Nonetheless, the absence of explicit privacy policy, terms of service, and security incident contact information represents gaps in compliance and transparency. The WHOIS data is not publicly available, which is common for commercial sites but reduces transparency regarding domain ownership. Overall, Hauzi.pl presents a professional and functional online platform with moderate security and privacy compliance maturity. Strategic improvements in policy transparency, security headers, and contact information would strengthen trust and regulatory adherence.

N

NPO

npoplayer.nl

66

NPO.nl is the official public broadcasting portal of the Netherlands, operated by the NPO organization. It aggregates programs, documentaries, podcasts, and articles from various Dutch public broadcasters, serving as a centralized media platform for Dutch audiences. The website is well-established, with a domain age dating back to 1998, reflecting its long-standing presence in the Dutch media landscape. The portal targets a broad audience interested in public media content and offers a comprehensive range of services including streaming and content aggregation from multiple broadcasters. Technically, the website employs modern web technologies such as JavaScript, CSS, SVG, and lazy loading for images to optimize performance and user experience. It uses a custom content management framework (CCM) and integrates third-party scripts for cookies and advertising opt-out. The site is mobile-optimized and accessible, with good SEO practices evident in meta tags and structured navigation. Security-wise, the site enforces HTTPS with DNSSEC enabled, uses crossorigin anonymous scripts, and avoids exposing sensitive data, indicating a strong security posture. However, the site lacks explicit privacy and cookie policies in the provided HTML content, and no visible consent mechanism for cookies was detected. Contact information such as emails or phone numbers is not explicitly present in the analyzed content, which may impact user trust and compliance. There is also no visible security policy or incident response contact information. Overall, the site is professional, trustworthy, and secure but could improve transparency and compliance by publishing clear privacy, cookie, and security policies. The overall risk assessment is low, with recommendations focusing on enhancing privacy compliance, publishing security and incident response policies, and implementing explicit cookie consent mechanisms to align with GDPR and best practices.

S

swissporTON

creaton.pl

55

swissporTON is a reputable manufacturer and distributor of roofing materials, specializing in ceramic and cement roof tiles, roofing accessories, and integrated photovoltaic systems. The company targets professional builders, distributors, architects, and individual investors primarily in Poland and Europe. The website reflects a mature digital presence with comprehensive product information, professional design, and clear navigation. Technically, the site uses modern web technologies and integrates popular analytics and marketing tools while maintaining good performance and mobile optimization. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not published. WHOIS data is unavailable publicly, consistent with .pl domain privacy norms, and does not raise legitimacy concerns. Overall, swissporTON presents a trustworthy and professional business with a solid online presence.

F

Franceinfo

francetvinfo.fr

10

Franceinfo is a prominent French public news media website providing real-time news updates, live information, and multimedia content such as photos, videos, and tweets. It targets a general audience interested in current events and live news coverage. The website demonstrates a high level of digital maturity with modern web technologies, mobile optimization, and strong branding consistency. Security posture is good with HTTPS enforced and no visible vulnerabilities, though explicit security headers and privacy policies are not clearly presented in the HTML content. The absence of WHOIS data is likely due to registry privacy policies and does not detract significantly from the site's legitimacy given its public media status. Overall, Franceinfo is a trustworthy and professional news platform with room for improvement in privacy and security disclosures.

L

Laudert GmbH + Co. KG

laudert.de

74

Laudert GmbH + Co. KG is a European leader in holistic product communication, offering consulting, tools, content, and channel services primarily targeting businesses seeking to enhance their product messaging. The company positions itself as a highly effective partner in the media sector, with a professional and well-branded online presence. The website is built on WordPress with modern SEO and privacy compliance features, including a comprehensive cookie consent mechanism and GDPR-aligned privacy policy. Technically, the site employs standard web technologies and integrates Google Tag Manager and Cookiebot for analytics and consent management. Security posture is strong with HTTPS and Content-Security-Policy headers, though explicit security policies and incident response contacts are not published. The absence of WHOIS registration data for the domain is a notable anomaly that warrants further investigation. Overall, the website demonstrates a mature digital infrastructure and a high level of professionalism, supporting the company's market position.

S

SPL-XDEMAT

spl-xdemat.fr

47

SPL-XDEMAT is a French public local company established in 2012 by multiple departmental governments to provide digital dematerialization services tailored for local authorities. The company offers a suite of applications and services including administrative document management, electronic signatures, public procurement platforms, and citizen communication tools. The website reflects a mature regional service provider with a strong focus on government clients and compliance with French regulations. Technically, the site uses standard web technologies such as jQuery and JavaScript, with a responsive and accessible design optimized for mobile devices. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers are missing and no explicit incident response or vulnerability disclosure information is provided. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. The absence of WHOIS data limits domain legitimacy verification but the professional presentation and official departmental partnerships support trustworthiness.

M

Meta

facebook.fr

74

Facebook, accessible via the fr-fr.facebook.com subdomain, is a leading social networking platform operated by Meta Platforms, Inc. The website serves the French-speaking audience in France, providing a localized interface for users to connect, share, and communicate. As part of Meta's extensive ecosystem, Facebook maintains a dominant market position with a broad range of services including messaging, video content, and advertising solutions. The platform's business model is primarily advertising-based, leveraging extensive user data to deliver targeted ads. The website's content is professionally presented, with clear navigation and strong branding consistent with Meta's corporate identity. Technically, the website employs modern web technologies such as React and BigPipe for efficient content delivery and dynamic user experiences. The site is optimized for performance and mobile responsiveness, ensuring accessibility across devices. Security is robust, with HTTPS enforced, secure cookies, and standard security headers like HSTS. The login form includes anti-CSRF tokens and secure input handling, reflecting good security practices. Privacy and cookie policies are comprehensive and GDPR compliant, demonstrating Meta's commitment to regulatory adherence. The security posture is strong, with no visible vulnerabilities or exposed sensitive data. While no explicit incident response or vulnerability disclosure pages are found, the overall security framework appears mature. The website integrates multiple analytics and marketing tools, including Meta Pixel and Google Analytics, enabling extensive user tracking balanced with privacy compliance. No adult or questionable content is present, making the site safe for general audiences. Overall, Facebook's French site is a high-quality, secure, and professionally managed platform aligned with Meta's global standards. It effectively serves its target audience with a reliable and trustworthy user experience, supported by a mature technical infrastructure and strong business credibility.

H

Hurricane Electric

he.net

61

Hurricane Electric is a well-established Internet backbone and colocation provider founded in 1995, offering global IP Transit, Layer 2 transport, colocation, dedicated servers, and IPv6 certification services. The company targets ISPs, enterprises, and network operators seeking reliable and scalable Internet infrastructure. Their market position is strong, supported by a large IPv6 deployment and global network presence. Technically, the website uses standard web technologies with Google Analytics and Google Ads integrated for tracking and marketing. The site is moderately optimized for mobile and accessibility, with a professional design and clear navigation. Security posture is moderate; while HTTPS is implied, no DNSSEC or security headers are enabled, and no explicit security policies or incident response contacts are published. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. Overall, the domain WHOIS data confirms legitimacy and long-term operation, enhancing trust. Strategic improvements in security headers, DNSSEC, and privacy compliance would strengthen the security and compliance posture.

G

GoDaddy Operating Company, LLC

nicexpo.com

71

The website is a domain sales landing page operated by GoDaddy, offering the domain nicexpo.com for sale. It targets individuals and businesses interested in acquiring premium domain names, providing options to buy outright or lease to own. The platform leverages GoDaddy's established market presence and integrates partner services such as Afternic and Trustpilot to enhance trust and user confidence. The site is localized for the German market with appropriate language and currency settings. Technically, the site is built using modern web technologies including React and Next.js, hosted on GoDaddy infrastructure. It employs standard security measures such as HTTPS and reCAPTCHA for form protection, and uses tag management and analytics tools like Tealium and Google Analytics. Performance and mobile optimization are good, though some accessibility features could be improved. From a security perspective, the site demonstrates a solid posture with encrypted connections and secure payment options. However, explicit security headers are not evident, and no dedicated security or incident response policies are published. The WHOIS data for the domain is unavailable, which is typical for parked domains listed for sale, and does not raise concerns. Overall, the site is trustworthy and professionally maintained. The overall risk is low, with recommendations to enhance security headers, improve accessibility, and publish clear security policies to further strengthen user trust and compliance.

Eline GmbH operates a professional e-commerce website targeting the electrical and information technology trade sector in Germany. The company offers specialized products such as inspection stickers, inspection protocols, advertising materials, and printed matter. Founded in 1991, the business leverages a Shopify platform with a modern technical infrastructure including JavaScript frameworks, hCaptcha for form security, and GDPR-compliant cookie consent mechanisms. The website is well-structured, mobile-optimized, and integrates social media channels to enhance customer engagement. Security posture is solid with HTTPS enforced and basic protections in place, though improvements in security headers and DNSSEC are recommended. Overall, the site presents a trustworthy and professional online presence with no critical vulnerabilities detected.

T

Thienemann Verlage

thienemann-esslinger.de

70

Thienemann Verlage is a German publishing company specializing in children's and youth literature, offering a broad catalog of books, e-books, and related services. The website is professionally designed, built on TYPO3 CMS, and features modern UI components such as carousels and sliders. The company targets children, youth, parents, and educators with a focus on educational and entertaining content. The site is hosted with Microsoft Online DNS services and uses HTTPS with cookie consent managed by Usercentrics. However, explicit privacy policies, terms of service, and direct contact information are not readily found on the homepage, which could be improved for compliance and user trust. Security posture is good with HTTPS and no visible vulnerabilities, but additional security headers and incident response contacts are recommended.

The website egmont.co.uk is currently a domain parking page managed by 123 Reg Ltd, a UK-based domain registrar and hosting provider established in 1996. The page offers minimal content, primarily promoting domain purchase and hosting services via 123 Reg. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript, with no detected CMS or advanced frameworks. The site uses HTTPS and includes a cookie consent banner powered by TrustArc, indicating compliance with GDPR cookie consent requirements. However, the site lacks detailed business information, contact details, and security policies, limiting its credibility and user engagement potential. Security posture is moderate with HTTPS enabled but missing security headers and incident response contacts. Overall, the site is safe with no adult or explicit content, but its utility is limited to domain parking and advertising 123 Reg services.

C

Centous Solutions

centous.com

61

Centous Solutions is a small e-commerce focused service provider specializing in Shopify web development and tailored online business solutions. The company positions itself as a trusted Shopify partner, targeting e-commerce businesses seeking to enhance their online presence. The website is built using modern technologies such as React, Gatsby, and Bootstrap, indicating a contemporary technical infrastructure with moderate performance and good mobile optimization. However, the absence of WHOIS registration data raises concerns about domain legitimacy and trustworthiness. Security posture is adequate with HTTPS enabled but lacks important security headers and privacy compliance mechanisms. Overall, the site is professional but would benefit from enhanced transparency and security practices.

N

NETINERA

netinera-tickets.de

62

NETINERA operates a digital platform and app for the Deutschland-Ticket, a nationwide public transportation subscription in Germany. The company is a major player in the German regional transport sector, operating multiple subsidiary brands. The website provides comprehensive information about ticketing options, app usage, and subscription management, targeting private customers, students, apprentices, and employers. Technically, the site uses modern web standards, is hosted behind Cloudflare, and implements HTTPS with strong security headers. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. However, explicit security policies and incident response contacts are not published. Overall, the website is professional, trustworthy, and well-optimized for its audience.

The Berchtesgadener Land Bahn website serves as the official online presence for a regional railway operator in Germany, providing schedules, ticketing information, and news updates related to the Freilassing to Berchtesgaden rail line. The business recently transitioned operations to Bayerische Regiobahn, indicating a shift in operational control. The website targets local passengers and public transport users, offering essential travel information and partner links. Technically, the site is built with basic HTML, CSS, and JavaScript without modern frameworks or CMS, resulting in moderate performance and limited mobile optimization. Security posture is weak, with no HTTPS enforcement or security headers detected, and no visible privacy or cookie policies, which poses compliance and trust concerns. Overall, the site is functional but lacks modern security and privacy best practices, limiting its digital maturity and user trust.

M

metronom Eisenbahngesellschaft mbH

der-metronom.de

56

metronom Eisenbahngesellschaft mbH operates regional passenger rail services connecting key northern German states including Niedersachsen, Hamburg, and Bremen. The company positions itself as a reliable regional transport provider with a focus on customer service, real-time travel information, and sustainable mobility. Their business model centers on providing scheduled train services, ticketing solutions, and substitute bus services during infrastructure works. The website reflects a medium-sized enterprise with consistent branding and a strong regional presence supported by partnerships with local transport authorities and the parent company Netinera. Technically, the website employs modern web technologies including Progressive Web App features, service workers, and integrates third-party widgets for travel planning. Hosting and DNS are managed via Cloudflare, ensuring good performance and security. The site is mobile-optimized, accessible, and SEO-friendly, with comprehensive metadata and structured content. From a security perspective, the site enforces HTTPS, uses standard security headers, and avoids exposing sensitive data. However, it lacks a dedicated security policy, incident response information, and vulnerability disclosure mechanisms, which are recommended for enhanced transparency and trust. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms aligned with GDPR. Overall, the website is professional, trustworthy, and well-suited for its audience. Strategic improvements in security transparency and incident response readiness would further strengthen its posture.

L

Landesverkehrsgesellschaft Niedersachsen mbH (LNVG)

mobilotsin-niedersachsen.de

43

MOBILOTSIN is a regional initiative under the Landesverkehrsgesellschaft Niedersachsen mbH (LNVG) focused on supporting municipalities and counties in Lower Saxony, Germany, with innovative mobility concepts and the traffic transition. The website presents a professional and consistent brand image, offering services such as consulting, qualification courses, and events. The target audience primarily includes local government entities and stakeholders involved in mobility management. The digital infrastructure is built on the ProcessWire CMS with modern JavaScript libraries enhancing user experience. The site is mobile-optimized and well-structured, providing clear navigation and relevant content including event listings and newsletter subscription. From a security perspective, the website uses HTTPS and does not expose sensitive data in the HTML content. However, there is no evidence of advanced security headers or published security policies, and no cookie consent mechanism is present, which could be improved for better compliance. No analytics or tracking scripts were detected, indicating minimal user tracking. Contact information is clearly provided, enhancing business credibility. WHOIS data shows consistent domain registration with no privacy protection, aligning with the website's governmental affiliation. Overall, the website demonstrates a solid technical foundation and business credibility with room for improvement in privacy compliance and security best practices. The content is safe and appropriate for a general audience, with no adult or questionable material detected.

M

MDCV Distribution

mdcvpro.fr

72

MDCV Distribution operates a professional B2B e-commerce platform specializing in the sale of wines from Provence to hospitality professionals such as cavistes and restaurants in France. The website offers competitive pricing, free delivery for orders over 500€, and promotional gifts for first-time customers, positioning itself as a niche regional wine distributor. The site is built on the Shopify platform using a modern, responsive theme, ensuring a good user experience across devices. It integrates multiple marketing and analytics tools, including Klaviyo and Google Tag Manager, to support customer engagement and business intelligence. From a security perspective, the website enforces HTTPS with strong SSL configuration and includes essential security headers, contributing to a robust security posture. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent banner, and GDPR adherence indicators. However, the absence of publicly available WHOIS data due to registry privacy policies limits transparency regarding domain ownership. No explicit incident response or vulnerability disclosure information is provided, which could be improved to enhance trust. Overall, MDCV Distribution presents a professional and secure online presence suitable for its target B2B audience. The site demonstrates good technical maturity and privacy compliance, though it would benefit from enhanced transparency in domain registration and explicit security policies. Strategic recommendations include publishing security and incident response policies, implementing a vulnerability disclosure program, and maintaining regular audits of third-party integrations to mitigate risks.

F

Friedrichstadt

friedrichstadt.de

59

The website www.friedrichstadt.de serves as a tourism and cultural promotion platform for the town of Friedrichstadt in Schleswig-Holstein, Germany. It highlights local attractions such as canal tours and city walks, targeting tourists and visitors interested in nature and cultural experiences. The site is built on TYPO3 CMS and employs Cookiebot for cookie consent management, indicating a basic level of privacy compliance. However, no explicit privacy policy or terms of service pages were found, which limits full compliance and transparency. Technically, the site shows moderate performance and good mobile optimization but lacks visible security headers and advanced security policies. The domain is hosted by netcup GmbH, consistent with the German location, and shows no signs of blocking or WAF interference.

Ö

ÖKO-TEST

oekotest.de

60

ÖKO-TEST is a well-established German media company specializing in independent product testing, consumer advice, and related news. With a history spanning over 30 years, it holds a strong market position as a trusted source for product evaluations and lifestyle guidance. The website offers subscription-based content and integrates modern consent management and subscription authentication systems to comply with GDPR requirements. Technically, the site leverages Cloudflare for DNS and likely CDN services, uses Google Analytics for tracking, and employs a custom or proprietary CMS framework. The design is professional, mobile-optimized, and content-rich, targeting a general audience interested in consumer products and lifestyle topics. Security posture is solid with HTTPS and Cloudflare protection, though explicit security headers and incident response information are not evident. Overall, the site is trustworthy and professionally maintained, with room for improvement in transparency of privacy and security policies.

T

Thomann

thomann.de

60

Thomann is a leading European e-commerce retailer specializing in musical instruments and related accessories. The website serves a broad international audience with multiple language and country-specific versions, positioning itself as Europe's largest music retailer. The platform offers a wide range of products including guitars, drums, studio equipment, lighting, and PA systems, supported by strong customer service features such as a 30-day money-back guarantee and a 3-year warranty. Technically, the website employs modern web technologies including JavaScript, SVG icons, and Google Tag Manager for analytics and marketing. The site is well-optimized for mobile devices and accessibility, with clear navigation and professional design. Security posture is solid with HTTPS enabled and cookie consent mechanisms in place, though explicit security headers and published security policies are absent. Overall, the site demonstrates a mature digital presence with good privacy compliance and business credibility.

L

Landesnahverkehrsgesellschaft Niedersachsen mbH

lnvg.de

46

The Landesnahverkehrsgesellschaft Niedersachsen mbH (LNVG) is a government-affiliated organization responsible for planning, financing, and managing public transportation services in the German state of Niedersachsen. The website serves as an information hub for passengers, transport operators, and stakeholders, providing comprehensive details on regional rail and bus services, funding programs, infrastructure projects, and regulatory frameworks. The company holds a significant market position as a key public transport authority in the region. Technically, the website is built on TYPO3 CMS, a robust and widely used content management system, ensuring maintainability and scalability. The site employs Matomo analytics with an opt-out mechanism, reflecting a moderate level of privacy awareness. The site is mobile-optimized, accessible, and SEO-friendly, with a clear navigation structure and professional design. From a security perspective, the site uses HTTPS with a Content-Security-Policy header, indicating good baseline security practices. However, it lacks explicit cookie consent mechanisms and published security or incident response policies, which are areas for improvement. No vulnerabilities or suspicious content were detected. Overall, the website is trustworthy, professional, and well-aligned with its public service mission. Strategic enhancements in privacy compliance and security transparency would further strengthen its posture.

R

R.I.F.E.L. Research Institute for Exhibition and Live-Communication e.V.

rifel-institut.de

45

R.I.F.E.L. Research Institute for Exhibition and Live-Communication e.V. is a small, Germany-based non-profit organization specializing in research within the exhibition and live communication sectors. The website serves as a platform to showcase their research activities, provide access to an online shop, and offer contact channels for stakeholders. Their market position is niche, targeting professionals and organizations involved in exhibitions and live events. The business model combines research services with e-commerce capabilities, supporting their mission and outreach. Technically, the website is built on WordPress with WooCommerce integration, leveraging common web technologies such as jQuery and PHP. Hosting is managed via Corpex DNS, and the site employs HTTPS with a good SSL configuration. The site demonstrates moderate performance and good mobile optimization, though accessibility and SEO optimizations are basic. The presence of Jetpack and WooCommerce analytics indicates moderate user tracking. From a security perspective, the site uses HTTPS but lacks advanced security headers and explicit security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance compliance and security posture, supporting the organization's credibility and user trust.

L

Landesinnungsverband Sachsen-Anhalt der Elektrohandwerke

elektrohandwerk-sachsen-anhalt.de

38

The Landesinnungsverband Sachsen-Anhalt der Elektrohandwerke is a regional industry association representing electrical trades in the German state of Sachsen-Anhalt. The website serves as an information hub for professionals, businesses, and stakeholders in the electrical, energy, and related sectors, offering details on industry events, training, membership, and sector news. It positions itself as a key regional player facilitating networking, education, and industry standards. Technically, the site is built on TYPO3 CMS, employs modern web standards, and is hosted with reputable DNS providers. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and avoids exposing sensitive data but lacks some security headers and formal security policies. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site is professional and trustworthy but could improve in security and privacy transparency.

A

Arbeitsgemeinschaft Medienwerbung GmbH im Zentralverband der Deutschen Elektro- und Informationstechnischen Handwerke

e-check.de

46

The website www.elektrohandwerk.de is a professionally maintained information portal affiliated with the German electrical trade association (ZVEH). It focuses on promoting the E-CHECK service, which provides electrical safety inspections and energy efficiency advice primarily for private homeowners, tenants, landlords, and property managers. The site offers comprehensive content on electrical safety, damage prevention, energy saving, and comfort enhancements, positioning itself as an authoritative resource in the energy sector within Germany. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CSS technologies, and integrates a consent management platform (Usercentrics) alongside Google Tag Manager and TikTok analytics for tracking, all implemented with GDPR compliance in mind. Security-wise, the site enforces HTTPS and uses consent-based tracking but lacks explicit security headers and published security policies or incident response information. Overall, the site is trustworthy, well-branded, and user-friendly, with moderate to good performance and mobile optimization.

R

RHEINZINK

rheinzink.de

55

RHEINZINK is a globally recognized manufacturer specializing in titanium zinc products, primarily serving the construction and architectural sectors. The company positions itself as a market leader with a strong emphasis on quality, sustainability, and innovative solutions for roofing, facades, and drainage systems. Their website reflects a mature digital presence with comprehensive product information, localized domains for international markets, and a professional design tailored to architects, craftsmen, distributors, and builders. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies and includes performance optimizations and mobile responsiveness. Security measures such as HTTPS, security headers, and cookie consent mechanisms are in place, indicating a solid security posture. However, explicit security policies and incident response contacts are not prominently published. Overall, the site demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations such as GDPR. The absence of blocking mechanisms or WAF challenges allows full content accessibility and analysis. Strategic recommendations include enhancing security transparency and publishing vulnerability disclosure information to further strengthen trust.

W

Winterhalter Gastronom GmbH

winterhalter.com

64

Winterhalter Gastronom GmbH is a well-established family-owned company specializing in commercial warewashing technology, including dishwashers, water treatment, chemicals, and accessories for the hospitality and catering industries. The company positions itself as a quality leader with a comprehensive system approach to warewashing solutions. The website is professionally designed, multilingual, and targets a global audience of commercial kitchen operators. Technically, the site is built on TYPO3 CMS, uses modern web technologies, and integrates consent management and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, bot protection via Cloudflare Turnstile, and privacy compliance through Usercentrics, although explicit security headers could be improved. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional web presence and contact transparency. Overall, the website demonstrates a high level of professionalism, trustworthiness, and business credibility.

B

Bundesverband Solarwirtschaft (BSW-Solar) e.V.

bsw-solar-shop.de

49

The website www.bsw-solar-shop.de serves as the official online shop for the Bundesverband Solarwirtschaft (BSW-Solar) e.V., a German solar industry association. It offers publications, guides, and studies related to solar thermal energy, photovoltaics, and energy storage. The platform targets investors, members of the association, and other stakeholders interested in solar energy solutions. The business model is primarily e-commerce focused on niche solar energy content, supported by member discounts and campaign information. The site holds a strong position within the German solar energy sector as a trusted source of industry publications. Technically, the website is built on the Magento CMS platform, utilizing standard web technologies such as HTML5, CSS, and JavaScript. The site demonstrates good mobile responsiveness and basic accessibility features. Hosting is provided by a German hosting provider (kasserver.com), and the site structure supports clear navigation and SEO best practices. However, some modern security headers and cookie consent mechanisms are missing, which could be improved to enhance compliance and security. From a security perspective, the site uses HTTPS (assumed though not explicitly confirmed), does not expose sensitive data, and avoids vulnerable libraries in the visible code. However, it lacks explicit security headers and published security policies or incident response information. No vulnerability disclosure or security.txt files are present. The site does not appear to use tracking or advertising scripts, which reduces privacy risks but also indicates limited marketing automation. Overall, the website is professional, trustworthy, and focused on its niche market. Security posture is moderate with room for improvement in headers and compliance mechanisms. Privacy compliance is basic, with a privacy policy present but no cookie consent banner. The risk level is low, but strategic improvements in security and privacy transparency are recommended to maintain trust and compliance.

The website ribarstvo.hr serves as the official information system for fisheries in Croatia, operated under the Ministry of Agriculture. It provides a suite of official applications, manuals, and resources aimed at government employees, fisheries professionals, and recreational fishers. The platform is co-financed by the European Maritime and Fisheries Fund, reinforcing its legitimacy and governmental backing. The domain is well-established since 2001 and registered with a reputable Croatian academic network registrar, aligning with the website's official nature. Technically, the site is built on ASP.NET Web Forms technology, featuring standard HTML and CSS with hidden form fields for state management. While the site is functional and content-rich, it shows basic mobile optimization and accessibility. No advanced SEO or modern frameworks are detected. Performance is moderate, and no analytics or tracking scripts are present, indicating minimal user tracking. From a security perspective, the site uses HTTPS (implied by domain and typical government standards), but no explicit security headers are detected in the provided content. There is no visible privacy or cookie policy, which is a compliance gap under GDPR. The absence of contact information and security policies reduces transparency. However, no vulnerabilities or suspicious elements are evident in the HTML content. The WHOIS data confirms domain legitimacy with consistent registration details. Overall, the site is a trustworthy government portal with good business credibility but requires improvements in privacy compliance, security headers, and user contact transparency to enhance its security posture and regulatory adherence.

The website pag-apartments.info serves as a regional accommodation portal focused on the Island Pag area in Croatia, offering listings of private apartments, rooms, and houses for vacationers. It facilitates direct booking with accommodation owners and targets tourists seeking lodging options on the island. The business model is a niche hospitality listing platform with a small market presence. Technically, the site is built with legacy HTML and CSS, lacking modern frameworks or CMS, and shows poor mobile optimization and accessibility. Security posture is weak, with no HTTPS detected and absence of security headers or privacy policies. No contact information or incident response details are provided, limiting trust and compliance. Overall, the site is functional for its purpose but requires significant improvements in security, privacy, and technical modernization to enhance user trust and compliance.

C

CARNET

evisitor.hr

63

The www.evisitor.hr website is an official Croatian government platform managed by CARNET, designed to facilitate the registration and deregistration of tourists in Croatia. It serves commercial and non-commercial accommodation providers, integrating with the national authentication system NIAS for secure user login. The platform is well-positioned as a critical digital service in the Croatian tourism sector, providing essential compliance and informational services to stakeholders. Technically, the site employs modern web technologies including JavaScript, CSS, and Kendo UI components, with a focus on accessibility and multilingual support. Security measures include HTTPS enforcement and anti-CSRF tokens, although some advanced security headers and policies are not visibly implemented. Privacy compliance is basic, with terms of service available but no explicit cookie or privacy policies on the login page. Overall, the site demonstrates a strong business credibility and trustworthy government affiliation, with a moderate to good technical and security posture.

M

Ministarstvo gospodarstva i održivog razvoja Republike Hrvatske

mingor.hr

65

The website mingor.hr/login serves as a secure login portal for the Nextcloud platform used by the Ministry of Economy and Sustainable Development of the Republic of Croatia. It provides government employees and authorized users with a safe environment for data storage and collaboration. The site leverages modern web technologies including Vue.js and Nextcloud version 30, hosted by CARNET, the Croatian Academic and Research Network. The domain registration data aligns well with the government entity, confirming legitimacy and trustworthiness. Technically, the site demonstrates good security practices such as HTTPS enforcement, Content Security Policy with nonce, and session management. However, it lacks publicly accessible privacy, cookie, and terms of service policies, as well as contact or incident response information, which are important for compliance and user trust. The site is minimalistic as expected for a login page, with no advertising or tracking scripts detected, indicating a focus on privacy and security. Overall, the security posture is strong with no obvious vulnerabilities detected in the provided content. The site is well-optimized for mobile and has a professional design consistent with government branding. The main risks relate to the absence of visible privacy and compliance documentation, which should be addressed to improve transparency and regulatory adherence.

F

Fond za zaštitu okoliša i energetsku učinkovitost

fzoeu.hr

56

Fond za zaštitu okoliša i energetsku učinkovitost is a Croatian governmental fund dedicated to environmental protection and energy efficiency. Established in 2004, it serves as a national authority providing funding, regulatory oversight, and public information related to waste management, renewable energy, and environmental sustainability. The website offers comprehensive resources including public tenders, announcements, and educational content targeting Croatian citizens, businesses, and public institutions. The organization maintains a consistent and professional online presence aligned with its governmental role. Technically, the website employs modern web technologies including JavaScript, CSS, and HTML5, with Google Analytics integrated for user tracking under a compliant cookie consent mechanism. Hosting and DNS services are supported by Cloudflare, ensuring reliable performance and security. The site is mobile optimized and includes accessibility features enhancing usability for diverse users. From a security perspective, the website enforces HTTPS and implements cookie consent, but lacks visible security policy documentation and incident response contacts. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the organization's Croatian governmental identity, enhancing trustworthiness. Overall, the website presents a secure, professional, and informative platform supporting the fund's mission. Strategic improvements include publishing explicit security policies, incident response information, and enhancing security headers to further strengthen the security posture.

Die Schlösserstrasse is a regional development association focused on promoting cultural tourism and heritage sites, specifically castles and fortresses in Southeast Austria and Slovenia. The website serves as an information hub for tourists and cultural enthusiasts, offering event announcements, booking options, and educational content. The organization appears to have a solid market position within its niche, supported by regional tourism partners and a network of castles. Technically, the website uses basic web technologies such as jQuery and JavaScript, with moderate performance and basic mobile optimization. Security posture is average, with no HTTPS or security headers information available from the provided data, and no cookie consent mechanism detected despite EU audience relevance. The WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy, although the website content and partner references suggest a legitimate operation. Overall, the site is professional and trustworthy but would benefit from improved technical and security measures.

K

KAB Page

kab.page

57

KAB Page is a technology-focused company offering a modern, AI-powered SEO website builder platform designed to enable users to quickly launch fast, secure, and search engine optimized websites. The business targets individuals and businesses seeking competitive online presence with easy-to-use tools and AI assistance. The website demonstrates a good level of digital maturity, leveraging the Astro framework for performance and SEO optimization. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the site is professional, trustworthy, and well-positioned in its niche.

C

Christian Kiewaldt & Benjamin Braun GbR

kiwis-and-brownies.de

45

KIWIS & BROWNIES is a small German software development company specializing in custom enterprise software, eCommerce solutions using Magento, and promotional applications to increase reach and lead generation. The company operates primarily in the Gummersbach and Oberberg regions of Germany, targeting local businesses seeking digital transformation and marketing services. Their website reflects a professional and modern digital presence with a focus on clear communication and customer engagement via WhatsApp and downloadable informational materials. Technically, the website employs standard modern web technologies including HTML5, CSS, JavaScript with jQuery, and Google Fonts. The hosting is managed via DomainControl nameservers, and Magento is indicated as the eCommerce platform. The site is moderately optimized for performance and mobile devices, though accessibility features are basic. SEO practices are adequately implemented with meta tags and structured content. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a formal security policy or incident response contacts. The privacy policy is comprehensive and GDPR compliant, but no cookie consent mechanism is present, which is a compliance gap. No vulnerability disclosure or security.txt files are found, limiting transparency in security practices. Overall, the website presents a trustworthy and professional image suitable for its business scope. The risk level is moderate with recommendations to enhance security headers, implement cookie consent, and publish security policies to improve compliance and trust. The domain registration aligns with the business identity, supporting legitimacy.

H

HDIT

hdit.hr

56

HDIT is a Croatian IT integration company established in 2006, specializing in IT system implementation, maintenance, custom software and web development, cybersecurity, and IT consulting. The company holds a strong market position as a leading system integrator and helpdesk support provider in Croatia. Their services cover comprehensive IT infrastructure and application solutions, supported by partnerships with major technology vendors. The website reflects a mature digital presence with professional design, clear navigation, and mobile optimization. Technically, the site is built on WordPress with modern plugins and follows good performance and accessibility standards. Security posture is solid with HTTPS, GDPR compliance, and ISO certifications, though some security headers and incident response disclosures could be improved. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

P

Placehold

placehold.co

55

Placehold is a small technology service offering a free, fast, and simple image placeholder generation platform supporting multiple image formats and customization options. The website is well designed, mobile optimized, and provides clear documentation for users, primarily targeting developers and designers needing placeholder images for projects. The technical infrastructure is modern, leveraging standard web technologies and Google Analytics for tracking, with advertising via Carbon Ads. Security posture is good with HTTPS enforced, but lacks security headers and formal policies such as privacy or cookie policies. No forms or sensitive data collection reduces risk exposure. Overall, the site is professional and trustworthy but could improve compliance and security transparency. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, and adding vulnerability disclosure information.