Skip to main content

Security Directory

Explore comprehensive security analyses from websites around the world. Filter by industry, location, risk level, and more.

Live Guard activity

Security teams are checking their sites with Guard right now

Run your domain before the queue fills up

151130
Websites
130
Industries
113
Countries
52
Avg Score
Page 419 of 782|Showing 20901-20950 of 39064
gwtf.it favicon

Andrea Contino

gwtf.it

55
OtherN/asmallMEDIUM

The website contino.com is a personal weblog operated by Andrea Contino, focusing on communication, gaming, technology, and lifestyle topics. It serves a niche audience interested in personal reflections and commentary on these subjects. The site has been active since 2009, supported by a domain registered since 1997, indicating a stable and long-term presence. The business model is non-commercial, with no advertising or paid content, emphasizing personal expression and community engagement. Technically, the website is built with standard HTML, CSS, and JavaScript, without reliance on major CMS platforms or frameworks. The site demonstrates good mobile optimization and SEO practices but lacks advanced accessibility features. Hosting and DNS services are managed by Porkbun LLC, with domain security measures such as clientDeleteProhibited and clientTransferProhibited status enabled, though DNSSEC is not implemented. From a security perspective, the site uses HTTPS (implied by URLs), but no explicit security headers or incident response policies are published. There is no privacy or cookie policy, which is a compliance gap especially under GDPR. No analytics or tracking technologies are detected, indicating minimal user tracking and good privacy by default. The domain registration data aligns well with the website content, supporting legitimacy and trustworthiness. Overall, the website is a well-maintained personal blog with good content quality and moderate technical implementation. Security and privacy compliance could be improved by adding relevant policies and security headers. The site poses low risk and is safe for general audiences.

65
35
17
75
72
65
40
blogtechnologygamingpersonallifestyle+1 more
HTML5CSS3JavaScript
2025-07-27T20:57:19.870Z
heydingus.net favicon

Jarrod Blundy

heydingus.net

51
OtherUnited StatessmallMEDIUM

HeyDingus is a personal blog operated by Jarrod Blundy, focusing on technology, outdoor activities, and curated internet content. The site serves a niche audience of technology enthusiasts and outdoor lovers, offering blog posts, shortcuts, and digital products. The business model is primarily content-driven with monetization through tips, affiliate marketing, and a small store. The website is well-branded, professionally designed, and regularly updated, reflecting a small but engaged community presence. Technically, the website is hosted on Blot.im, leveraging a simple but effective tech stack including HTML5, CSS, JavaScript, and integrations with Micro.blog and Carbon Ads. The site is mobile-optimized and performs well, with fast loading times and good SEO practices. Accessibility is basic but functional. The site uses HTTPS with a strong SSL configuration, though it lacks DNSSEC and some recommended security headers. From a security perspective, the site demonstrates good baseline practices such as HTTPS enforcement and domain transfer/update protections. However, it lacks explicit privacy and cookie policies, security.txt files, and vulnerability disclosure mechanisms, which are important for compliance and transparency. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the website content and shows no suspicious patterns. Overall, HeyDingus is a trustworthy, well-maintained personal blog with solid technical foundations but could improve its privacy compliance and security posture by adding formal policies and security headers. The risk level is low, but enhancements in compliance and security best practices are recommended to maintain trust and meet evolving standards.

30
35
17
70
62
70
40
blogtechnologypersonaloutdoorsshortcuts+3 more
HTML5CSSJavaScriptBlot.im hosting+2
2025-07-27T20:57:14.842Z
L

Luke’s Wild Website

lkhrs.com

63
TechnologyUnited StatessmallMEDIUM

Luke’s Wild Website is a personal portfolio and blog site operated by Luke Harris, a developer and designer based in Chicago. The site serves as a platform for sharing blog posts, notes, and personal insights, targeting a general audience interested in technology and personal content. The website is built on the Ghost CMS platform, utilizing modern web technologies such as HTML5, CSS3, and JavaScript, with a clean and consistent design that supports good user experience and mobile optimization. However, the site lacks explicit contact information, privacy policies, and security headers, which impacts its overall trustworthiness and compliance posture. From a technical perspective, the website demonstrates moderate performance and good SEO optimization but lacks advanced security configurations such as HTTPS enforcement and security headers. The absence of WHOIS registration data raises concerns about domain legitimacy, although the site content appears genuine and updated recently. No advertising or analytics services are detected, indicating minimal user tracking and a privacy-conscious approach, albeit without formal policies. Security posture is currently weak due to missing HTTPS confirmation, lack of security headers, and no visible incident response or data protection policies. The site does not expose sensitive data or show signs of vulnerabilities but would benefit from implementing standard security best practices and publishing privacy and cookie policies to improve compliance and user trust. Overall, the website is functional and professional for a personal blog but requires improvements in security and compliance to enhance credibility and protect visitors.

65
50
2
70
75
85
100
blogpersonaltechnologydeveloperdesigner
HTML5CSS3JavaScriptGhost CMS
2025-07-27T20:56:14.170Z
werd.io favicon

Ben Werdmuller

werd.io

57
MediaUnited StatessmallMEDIUM

Werd I/O is an independent media and blogging platform authored by Ben Werdmuller, focusing on topics at the intersection of technology, media, and democracy. The website operates on a reader-supported subscription model, providing thoughtful essays and articles to a general audience interested in societal and technological issues. The market position is niche but credible, with a small but engaged audience. The business is small-sized, US-based, and founded in 2013, reflecting a mature presence in independent digital media. Technically, the site is built on the Ghost CMS platform, leveraging modern web technologies including JavaScript, CSS, and Cloudflare DNS services. The site demonstrates good performance, mobile optimization, and SEO practices. However, accessibility is basic and could be improved. The technical infrastructure is modern and well-maintained, supporting a smooth user experience. From a security perspective, the site enforces HTTPS and uses clientTransferProhibited status on the domain, indicating domain transfer protection. However, DNSSEC is not enabled, and no security headers are detected, which are areas for improvement. There is no visible privacy or cookie policy, nor incident response or vulnerability disclosure information, which impacts compliance and trust. No critical vulnerabilities or exposed sensitive data were found. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices. Strategic recommendations include enabling DNSSEC, publishing privacy and cookie policies, adding security headers, and providing incident response contacts to improve user trust and regulatory compliance.

15
53
17
35
75
80
100
technologymediademocracyblogindependent+1 more
JavaScriptCSSGhost CMSCloudflare DNS
2025-07-27T20:56:03.830Z
I

Ivan Moreale

ivanmoreale.com

52
OtherN/asmallMEDIUM

Ivan Moreale's website is a personal portfolio showcasing graphic design services with a casual and informal tone. The site targets a general audience interested in creative design work, emphasizing personal branding rather than corporate presence. The business model appears to be freelance or individual service provision with a niche market position. The website is minimalistic, with limited content and contact information, primarily an email and Instagram link. Technically, the site is built with basic HTML, CSS, and JavaScript without any detected CMS or frameworks. Hosting is managed via Hover, a common domain and DNS provider. The site shows moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. No analytics or tracking technologies are present, indicating minimal data collection. From a security perspective, the site lacks critical security headers and does not indicate HTTPS enforcement explicitly. DNSSEC is not enabled, and no privacy or cookie policies are published, which impacts compliance posture. The WHOIS data shows a stable domain registration with appropriate protections against unauthorized transfers, consistent with a legitimate personal brand site. No vulnerabilities or incident response information is available. Overall, the website presents a low-risk profile but would benefit from improved security practices, privacy compliance, and richer content to enhance trust and professionalism.

65
50
2
60
72
70
40
graphicdesignpersonalportfoliocreativefreelance
HTML5CSS3JavaScript
2025-07-27T20:55:58.615Z
elmikewalsh.com favicon

Mike Walsh

elmikewalsh.com

61
TechnologyChilesmallMEDIUM

The website elmikewalsh.com serves as a personal portfolio and blog for Mike Walsh, a front-end web designer, developer, and translator based in Villarrica, Chile. The site highlights his skills, writings, and professional presence with links to his GitHub, Medium, and Mastodon profiles. The business model is that of an individual professional showcasing services and content to a general audience interested in technology, politics, humor, and life. The site is well-structured, visually consistent, and optimized for mobile devices, reflecting a good level of digital maturity for a personal brand. Technically, the website is built using modern web standards including HTML5, CSS3, JavaScript, and JSON-LD structured data for SEO. It uses a static site generator (Publii), which contributes to fast loading times and good performance. The site is served over HTTPS with a valid SSL certificate, and minimal external scripts are used, primarily for analytics via Cloudflare Insights. Accessibility and SEO optimizations are present but could be enhanced further. From a security perspective, the site enforces HTTPS and does not expose sensitive data or use vulnerable libraries. However, it lacks explicit security headers and does not provide privacy, cookie, or terms of service policies, which are important for compliance and user trust. No contact information for security incidents or vulnerability disclosure mechanisms are present. The WHOIS data is unavailable or the domain is unregistered, which raises concerns about domain legitimacy and trustworthiness. Overall, the website is professional and safe for general audiences but would benefit from improved privacy compliance, clearer domain registration information, and enhanced security practices. Strategic recommendations include publishing privacy and cookie policies, adding security headers, providing contact channels for incident response, and implementing a vulnerability disclosure policy to strengthen trust and compliance.

50
50
2
65
75
70
100
front-endwebdesigndevelopmenttranslationblog+2 more
HTML5CSS3JavaScriptJSON-LD+1
2025-07-27T20:55:28.024Z
P

Private by Design, LLC

skyhold.org

54
OtherUnited StatessmallMEDIUM

Skyhold.org is a personal website operated by C Jackdaw, a writer and witch, serving as a platform for creative expression, personal blogging, and resource sharing. The site targets a niche audience interested in writing, witchcraft, solarpunk, ADHD, and related topics. It is a small-scale, non-commercial site with regular content updates and a modest but consistent brand presence. The business entity behind the domain is Private by Design, LLC, a US-based organization, which aligns with the website's personal and creative nature. Technically, the site is hand-coded with standard HTML, CSS, and JavaScript, leveraging modern IndieWeb protocols such as IndieAuth and Webmention. Analytics are implemented via privacy-conscious services like GoatCounter and Tinylytics, reflecting a minimal user tracking approach. The site demonstrates good mobile optimization and basic accessibility but lacks advanced SEO and security headers. Hosting details are not explicit, but DNS indicates use of messagingengine.com name servers, possibly related to email hosting. From a security perspective, the site uses HTTPS and has domain status protections against unauthorized transfer or deletion. However, it lacks DNSSEC and common security headers, which are recommended to enhance security posture. No privacy or cookie policies are present, indicating compliance gaps. No forms or input fields are present, reducing attack surface but also limiting user interaction. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the personal nature and limited business impact of the site. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and considering a security.txt file for vulnerability disclosure. These steps would improve trust, compliance, and security without significant overhead.

15
50
2
55
72
65
100
personalblogcreativewitchcraftwriting+3 more
HTML5CSSJavaScriptGoatCounter analytics+4
2025-07-27T20:55:11.976Z
mattstein.com favicon

Matt Stein

mattstein.com

59
TechnologyUnited StatessmallMEDIUM

Matt Stein's website serves as a personal portfolio and blog showcasing his work as a web designer, developer, and writer based in Bend, Oregon. The site is well-structured, featuring curated writings and recent posts, targeting a general audience interested in technology and personal insights. The business model is that of a personal brand, with no commercial storefront but with links to social media and donation platforms such as Ko-fi. The domain is well-established, created in 2004, indicating a mature online presence. Technically, the site is built using modern technologies including Astro framework and JavaScript, hosted via Cloudflare infrastructure. It demonstrates excellent mobile optimization, good accessibility, and SEO practices. The use of Umami analytics reflects a privacy-conscious approach to user tracking. The site loads quickly and is free from broken elements or errors. From a security perspective, the website enforces HTTPS and has domain transfer protections in place. However, it lacks DNSSEC and important security headers such as Content-Security-Policy. There are no visible vulnerabilities or exposed sensitive data. Privacy and cookie policies are absent, which is a compliance gap. Incident response and vulnerability disclosure mechanisms are not present. Overall, the website is trustworthy, professional, and safe for general audiences. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and providing incident response contacts to enhance security posture and compliance.

40
35
2
60
75
75
100
personalportfoliowebdesignblogtechnologydeveloper+1 more
Astro v5.7.13JavaScriptSVG icons
2025-07-27T20:54:56.657Z
C

Chris Hannah

chrishannah.me

56
OtherN/asmallMEDIUM

The website chrishannah.me is a personal blog and portfolio site maintained by Chris Hannah. It features a variety of content including essays, technical articles, photography, and personal updates. The site targets a general audience interested in technology, programming, and personal storytelling. The business model is primarily content publishing for personal branding and sharing knowledge. The site is small-scale and has been active since 2016, with consistent content updates and a clear personal identity. Technically, the site is well-structured with modern HTML5 and CSS3 standards, uses JavaScript libraries such as Highlight.js for code syntax highlighting, and Lightbox.js for image display. Hosting is via Vercel DNS, indicating a modern and performant infrastructure. The site is mobile-optimized and has good navigation clarity, although accessibility features are basic. SEO optimization is present but could be improved. From a security perspective, the site enforces HTTPS with good SSL configuration and has domain transfer protections enabled. However, it lacks DNSSEC and security headers such as Content Security Policy or HSTS. There are no published privacy or cookie policies, nor a security.txt or vulnerability disclosure page, which are areas for improvement. Analytics are minimal and privacy-respecting, using Tinylytics with no aggressive tracking. Overall, the site is trustworthy and professional for a personal blog but has gaps in privacy compliance and security best practices. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and publishing a vulnerability disclosure policy to enhance trust and compliance.

30
35
17
40
72
75
100
personalblogtechnologyprogrammingphotographyessays
HTML5CSS3JavaScriptHighlight.js+2
2025-07-27T20:54:41.543Z
planetminecraft.com favicon

Cyprezz LLC.

planetminecraft.com

64
TechnologyN/alargeMEDIUM

Planet Minecraft is a well-established community platform dedicated to Minecraft players and content creators worldwide. Operating since 2010 under Cyprezz LLC., it offers a wide range of user-generated content including maps, skins, mods, texture packs, and data packs. The site fosters social interaction through forums, groups, and content jams, positioning itself as a leading fan community in the Minecraft ecosystem. Its business model relies on community engagement and advertising revenue, supported by a large active user base exceeding 5 million members. Technically, the website employs modern web technologies including JavaScript frameworks, Google Tag Manager, and ad networks like Google Adsense and Venatus. It is mobile-optimized and implements HTTPS with good security practices such as CSRF tokens. However, it lacks some advanced security headers and explicit cookie consent mechanisms, which are important for GDPR compliance. The site integrates multiple analytics and tracking services, reflecting a moderate level of user tracking typical for community platforms. From a security perspective, the site demonstrates a solid posture with encrypted connections and no visible vulnerabilities or exposed sensitive data. The absence of a security.txt file and dedicated incident response contacts suggests room for improvement in vulnerability disclosure and incident management. The WHOIS data is unavailable, possibly due to privacy protection or query issues, which slightly reduces trust but is mitigated by the site's long history and consistent branding. Overall, Planet Minecraft presents a trustworthy, family-friendly environment with high-quality content and good technical implementation. Strategic enhancements in privacy compliance, security transparency, and WHOIS data availability would further strengthen its risk profile and user trust.

35
53
2
85
75
80
100
minecraftcommunitygamingmodsmaps+4 more
JavaScriptGoogle Tag ManagerGoogle AdsenseQuantcast+4
2025-07-27T20:53:16.017Z
bitwarden.com favicon

Bitwarden, Inc.

bitwarden.com

85
TechnologyUnited StatesenterpriseLOW

Bitwarden, Inc. operates a leading open source password management platform trusted by millions globally, serving individuals, families, businesses, and enterprises. Their product suite includes password management, secrets management, passwordless authentication, and developer tools, positioning them strongly in the cybersecurity technology market. The company emphasizes transparency, security, and compliance, supported by certifications such as SOC 2 and ISO 27001. Their business model is primarily SaaS with free and paid tiers, including self-hosting options for enterprises. Technically, Bitwarden employs a modern React-based web platform, leveraging Cloudflare for hosting and CDN services, and integrates analytics tools like Google Tag Manager and Plausible Analytics. The website demonstrates excellent performance, mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure. Security posture is robust, with enforced HTTPS, comprehensive security headers, a bug bounty program, and regular compliance audits. However, DNSSEC is not enabled, and a security.txt file is absent, representing areas for improvement. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information is available primarily via contact forms, with no explicit phone numbers or emails disclosed. Overall, Bitwarden presents a high-trust, professional, and secure online presence with minimal risk. Strategic recommendations include enabling DNSSEC, publishing a security.txt file, and enhancing incident response transparency to further strengthen their security and compliance posture.

95
80
75
82
72
85
100
passwordmanagersecurityopensourceenterprisecompliance+1 more
ReactJavaScriptCSSGoogle Tag Manager+2
2025-07-27T20:53:00.717Z
pixelfed.social favicon

Pixelfed

pixelfed.social

61
TechnologyCanadamediumMEDIUM

Pixelfed.social is the original and main instance of the decentralized photo sharing social media platform Pixelfed, operated by the lead developer known as @dansup. The platform offers a federated social media experience focusing on photo posts, albums, filters, and video support, targeting general users interested in privacy-respecting social media alternatives. The website is professionally designed with good content quality and clear navigation, supporting mobile optimization and modern web technologies such as Vue.js and Plyr media player. Hosting and DNS are managed by Cloudflare, ensuring reliable performance and security. The domain is well-established since 2018, consistent with the business history. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and some security headers. There is no explicit public security or incident response policy, and no cookie consent mechanism was detected, which may impact GDPR compliance. The platform enforces community rules prohibiting hate speech, harassment, explicit content, and illegal activities, contributing to a safe user environment. Overall, the security posture is good but could be improved with enhanced policies and technical controls. The business model centers on providing a decentralized, federated photo sharing service with a strong community focus. The site maintains transparency with contact email and clear rules but lacks some formal compliance disclosures. The platform is positioned as a privacy-conscious alternative to mainstream social media, appealing to users valuing decentralization and open-source principles. Strategic recommendations include implementing cookie consent, enabling DNSSEC, publishing security policies, and adding security headers to strengthen trust and compliance.

50
53
17
35
75
75
100
photosharingsocialmediadecentralizedfederatedopensource
Cloudflare (DNS and hosting)JavaScriptVue.js (implied by VueCarousel classes)Plyr (media player library)+1

Partner Domains:

pixelfed.org
partner
2025-07-27T20:52:55.686Z
L

lojban.io

lojban.io

49
EducationIcelandsmallHIGH

lojban.io is a specialized educational platform dedicated to the study and promotion of the constructed language Lojban. It offers free and open-source resources including courses, learning decks, and community engagement via a Discord server. The website targets language enthusiasts and learners interested in logical and constructed languages, positioning itself as a niche educational resource with a small but active user base. The platform is relatively young, established in 2020, and maintains a consistent brand and content quality with regular updates and community involvement. Technically, the website employs modern web technologies such as Bootstrap for styling, Font Awesome for icons, and integrates Google Analytics and Tag Manager for user tracking. It also supports Progressive Web App features, enhancing user experience across devices. Hosting and DNS services are managed via Cloudflare, providing performance and security benefits. The site demonstrates moderate performance and good mobile optimization but lacks some advanced accessibility features. From a security perspective, the site uses HTTPS with a good SSL configuration and has domain transfer protections in place. However, it lacks DNSSEC and important security headers like Content-Security-Policy and X-Frame-Options, which are recommended to enhance security posture. Privacy compliance is limited due to the absence of privacy and cookie policies, which is a notable gap given the use of tracking technologies. No incident response or vulnerability disclosure mechanisms are present. Overall, lojban.io presents a trustworthy and professional educational resource with a solid technical foundation but would benefit from improved privacy compliance and enhanced security headers. Strategic recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and establishing a vulnerability disclosure process to strengthen trust and compliance.

30
35
17
70
52
70
40
educationlanguagelojbanconstructedlanguageopensource+1 more
HTML5CSS (Bootstrap)JavaScriptGoogle Analytics+3
2025-07-27T19:50:21.433Z
fincxjejo.com favicon

Finĉjejo

fincxjejo.com

62
OtherN/asmallMEDIUM

The website fincxjejo.com is a personal site dedicated to sharing ideas, projects, and creations related to the Esperanto language by an individual named Fingtam (Finĉjo). It serves as a cultural and educational platform targeting Esperanto learners and enthusiasts. The site is hosted on Google Sites, leveraging Google's infrastructure and technologies such as Google Fonts and APIs. The content is primarily textual with links to social media channels including YouTube and Facebook. The site lacks formal business structure and operates as a small-scale personal project without commercial intent. From a technical perspective, the site is built on a modern, stable platform (Google Sites) ensuring reliable hosting and HTTPS security. The site demonstrates moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. No custom frameworks or CMS beyond Google Sites are used. The absence of security headers beyond HTTPS is noted, and no forms or interactive data collection mechanisms are present. Security posture is adequate for a personal site with HTTPS enforced, but the lack of additional security headers and absence of privacy or terms of service pages indicate room for improvement. The WHOIS data is unavailable, raising concerns about domain registration legitimacy, although the site content and hosting platform suggest no malicious intent. Privacy compliance is minimal, with only a cookie consent banner present. Overall, the site is low risk but would benefit from improved transparency regarding domain registration, privacy policies, and enhanced security practices. Strategic recommendations include adding privacy and terms pages, implementing security headers, and clarifying domain registration status to improve trustworthiness.

70
50
2
60
72
75
100
esperantolanguagelearningpersonalwebsitegooglesiteseducation
Google SitesGoogle FontsGoogle APIsJavaScript
2025-07-27T19:50:16.399Z
lipukule.org favicon

Private by Design, LLC

lipukule.org

58
OtherUnited StatessmallMEDIUM

Lipukule.org is a niche cultural and linguistic website dedicated to the toki pona language and related content. It provides articles and posts that explore various themes in toki pona, targeting enthusiasts and learners of this constructed language. The website operates under the ownership of Private by Design, LLC, a US-based entity, with domain registration consistent with the site's scale and focus. The business model centers on content publication and community engagement via Discord and Telegram channels, without evident commercial transactions or e-commerce features. Technically, the website is built using the modern SvelteKit framework with JavaScript and CSS, delivering a good user experience with responsive design and clear navigation. Performance is moderate, and accessibility is basic but functional. No major technical debt or outdated technologies were detected. However, the site lacks advanced SEO optimization and accessibility features. From a security perspective, the site uses HTTPS but lacks security headers and published security policies. No privacy or cookie policies are present, and no contact information is provided, which limits compliance with GDPR and other privacy regulations. No vulnerability disclosure or incident response information is available. The domain registration is transparent and consistent with the website's purpose, supporting legitimacy. Overall, the website is safe, with no adult or explicit content detected. The content quality and business credibility are good, but privacy compliance and security posture need improvement. Strategic recommendations include implementing privacy and cookie policies, adding security headers, publishing a vulnerability disclosure policy, and enhancing accessibility and SEO.

30
50
2
70
72
75
100
tokiponalanguageculturelipukulecommunity
SvelteKitJavaScriptCSS
2025-07-27T19:50:11.360Z
L

LIPUmanka

lipamanka.gay

56
OtherIcelandsmallMEDIUM

The website 'lipamanka.gay' is a personal site primarily focused on sharing essays, stories, and linguistic resources related to the creator's interests. It is a small-scale, niche site without commercial intent or business contact information. The site is hosted likely on GitHub Pages with domain registration through NameCheap, protected by privacy services. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript, with minimal external dependencies. Analytics are implemented via GoatCounter, providing lightweight user tracking without aggressive data collection. From a security perspective, the site uses HTTPS and has domain transfer protection enabled, but lacks DNSSEC and security headers, which could be improved to enhance security posture. There are no privacy or cookie policies, nor terms of service, which limits compliance with GDPR and other privacy regulations. No contact or incident response information is provided, reducing transparency and trustworthiness from a security standpoint. Overall, the site is safe for general audiences, containing no adult or explicit content. The domain registration is recent and privacy protected, appropriate for a personal website. The lack of business information and policies limits the site's credibility and compliance maturity. Strategic improvements in security headers, privacy disclosures, and contact transparency would enhance trust and compliance.

15
40
2
70
95
70
100
personallinguisticsessaysstoriestokipona
HTML5CSSJavaScript
2025-07-27T19:49:51.004Z
A

Anna Kudriavtsev

ap5.dev

59
TechnologyN/asmallMEDIUM

The website ap5.dev is a personal professional portfolio and blog belonging to Anna Kudriavtsev, focusing on computing systems design and software development with an emphasis on correctness and maintainability. The site positions itself as a personal brand rather than a commercial business, targeting a general audience interested in technology and software development. The business model is primarily informational and portfolio-based, with links to a resume and GitHub repository. Technically, the website uses standard modern web technologies including HTML5, CSS3, and JavaScript, with external resources such as Google Fonts and a chat widget from cactus.chat. The site is moderately optimized for mobile and SEO, with good design quality and clear navigation. However, no CMS or hosting provider details are evident, and performance is moderate. From a security perspective, the site uses HTTPS and does not expose forms or sensitive data, but lacks explicit security headers and formal privacy or cookie policies. No vulnerability disclosure or incident response information is provided. The domain registration is privacy protected, which is appropriate for a personal site. Overall, the security posture is adequate but could be improved with additional headers and compliance documentation. The overall risk is low given the nature of the site, but strategic recommendations include implementing privacy and cookie policies, adding security headers, and providing vulnerability disclosure information to enhance trust and compliance.

15
35
2
70
95
80
100
personalportfoliotechnologyblogprofessional
HTML5CSS3JavaScript
2025-07-27T19:49:45.994Z
kitty.social favicon

Kitty Cat

kitty.social

57
OtherN/asmallMEDIUM

Kitty.social is a niche social networking platform focused on cat enthusiasts, including neko and furry communities, operating within the fediverse ecosystem. The platform offers a cozy, community-driven space for users to share content and interact, leveraging the Misskey software framework. The business model centers on providing a specialized social experience rather than commercial services, targeting a small but dedicated audience. Technically, the website employs modern JavaScript tooling with Vite and Misskey 2025.2.1, ensuring a contemporary and responsive user experience. The site uses HTTPS with reCAPTCHA integration to prevent bot registrations, and media proxying enhances user privacy. However, some standard security headers are missing, and no privacy or cookie policies are published, which limits compliance maturity. From a security perspective, the platform demonstrates good baseline practices such as HTTPS enforcement and bot mitigation but lacks comprehensive security policies and incident response contacts. No vulnerabilities or exposed sensitive data were detected. The absence of privacy and cookie policies is a notable compliance gap, especially for GDPR considerations. Overall, Kitty.social presents a well-implemented niche social platform with good technical foundations and a safe content environment. To enhance trust and compliance, the site should publish privacy and cookie policies, implement security headers, and provide incident response information. These steps will improve user confidence and regulatory adherence.

30
50
2
80
95
80
40
socialnetworkfediversecatscommunitymisskey
JavaScriptViteMisskey (basedMisskeyVersion 2025.2.1)CherryPick (version 4.15.1)+1
2025-07-27T19:49:05.747Z
P

Pontus Henriksson

pontushenriksson.com

55
TechnologyN/asmallMEDIUM

The website pontushenriksson.com represents a personal portfolio for an individual web developer and programmer named Pontus Henriksson. The site is currently under development with a legacy site linked for reference. The business model is focused on showcasing skills and previous work to attract freelance or contract opportunities. The target audience includes potential clients or employers seeking web development and design services. The website is hosted on Cloudflare Pages and uses basic modern web technologies such as HTML5, CSS3, and JavaScript. The design is responsive and user-friendly, though content is minimal and lacks comprehensive business or contact information. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers, which are recommended to enhance protection. No privacy, cookie, or terms of service policies are present, indicating limited compliance with GDPR or other privacy regulations. No contact emails, phone numbers, or social media links are provided, reducing business credibility and user trust. Analytics are implemented via Cloudflare Pages Analytics with minimal user tracking. Overall, the website is safe with no adult or questionable content detected. The domain registration is consistent with the website's new status and shows no suspicious patterns. The security posture is moderate but can be improved by adding security headers and privacy policies. The site’s technical implementation is adequate for a personal portfolio but lacks advanced SEO and accessibility features. Strategic recommendations include implementing privacy and cookie policies, adding security headers, providing clear contact information, enabling DNSSEC, and enhancing SEO and accessibility to improve user trust and compliance.

40
50
2
40
75
70
100
portfoliowebdeveloperprogrammerpersonalwebsitecloudflare
HTML5CSS3JavaScript
2025-07-27T19:45:11.043Z
is-a.dev favicon

is-a.dev - Free subdomains for developers

is-a.dev

61
TechnologyN/asmallMEDIUM

The website is-a.dev offers a free subdomain registration service targeted primarily at developers. It enables users to obtain free `.is-a.dev` subdomains by following instructions hosted on a GitHub repository. The service is positioned as a niche developer tool with a small-scale operation founded in 2020. The website content is clear, relevant, and professionally presented with consistent branding and a focus on developer engagement through GitHub and Discord communities. From a technical perspective, the site uses modern web technologies including HTML5, CSS3, JavaScript, and is hosted behind Cloudflare, ensuring fast performance and good mobile optimization. The presence of Carbon Ads and Cloudflare Insights indicates minimal advertising and analytics usage, with a low level of user tracking. SEO and accessibility are adequately addressed, though accessibility is basic. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the site lacks explicit security headers and formal privacy or cookie policies, which are important for compliance and trust. Incident response is partially addressed via a GitHub abuse reporting mechanism, but no dedicated security contact or vulnerability disclosure policy is present. Overall, the website is trustworthy and functional with a good balance of usability and security for its scope. The main risks relate to privacy compliance and formal security governance, which could be improved to enhance user trust and regulatory adherence.

25
50
2
70
75
85
100
developersubdomainfreegithubcloudflare+1 more
HTML5CSS3JavaScriptCloudflare+1
2025-07-27T19:44:35.831Z