Security Directory

G

Gold Coast Community Fund

gccommunityfund.org

59

The Gold Coast Community Fund is a small non-profit organization focused on providing financial assistance and support to individuals and charities in the Gold Coast region of Australia. Established since 2000, the organization operates through community fundraising events, donations, and volunteer efforts. Their website serves as a platform for applications for assistance, donation processing, volunteer registration, and event promotion. The organization maintains a consistent brand presence and leverages social media channels such as Facebook and LinkedIn to engage with the community. Technically, the website is built on WordPress using Elementor and WooCommerce, with integrations for Stripe and PayPal for payment processing. The site is mobile-optimized and demonstrates good SEO practices, though accessibility features are basic. Security posture is adequate with HTTPS enforced and nonce tokens in forms, but lacks visible security headers and published security policies. Privacy and cookie policies are not found, indicating a gap in compliance. WHOIS data is malformed and incomplete, limiting domain trust verification, but the website content and social presence support legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security transparency.

The website www.queensland.com serves as the official tourism portal for Queensland, Australia, managed by Tourism & Events Queensland. It provides comprehensive information on destinations, experiences, events, and holiday planning tools aimed at both international and domestic tourists. The site is well-branded, professionally designed, and offers a rich user experience with clear navigation and mobile optimization. Technically, it leverages modern technologies including Adobe Experience Manager CMS, React framework, and integrates with various Adobe marketing and analytics tools, as well as Google Maps and Azure B2C for authentication. Security posture is generally good with HTTPS enforced and use of recaptcha, but lacks visible security headers and published privacy or cookie policies. The WHOIS data is missing or inaccessible, which raises concerns about domain registration transparency, though the website content and social media presence strongly support legitimacy. Overall, the site is a high-quality, trustworthy resource for tourism information but would benefit from improved transparency in privacy and security disclosures.

A

Australian Red Cross Lifeblood

transfusion.com.au

68

Australian Red Cross Lifeblood operates a comprehensive and professionally designed website targeting health professionals with detailed information on blood products, breast milk donation, and faecal microbiota transplant products. The organization holds a strong market position as a national leader in blood and related donation services in Australia, supported by extensive educational resources and a consistent brand presence. Technically, the website is built on Drupal CMS and integrates multiple modern analytics and tracking technologies, ensuring good performance, mobile optimization, and accessibility. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities, although the site could benefit from publishing explicit security policies and incident response contacts. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. Overall, the website demonstrates high professionalism, trustworthiness, and business credibility, with a domain registered through a reputable registrar despite limited WHOIS data due to privacy policies.

E

Erewhon

erewhonmarket.com

52

Erewhon operates as an organic grocer and cafe, targeting health-conscious consumers seeking organic and natural food products. The website reflects a retail business model with a focus on organic groceries and cafe services. The company appears to be established since 1995, indicating a mature presence in the market. The website uses modern web technologies including React and Next.js, integrates Google Maps API for location services, Stripe for payments, and Forter for fraud prevention. Accessibility is addressed through the AccessiBe widget, enhancing usability for users with disabilities. Security posture is generally good with HTTPS enforced and fraud prevention scripts in place; however, there is room for improvement in security headers and published security policies. Privacy compliance is weak due to the absence of visible privacy and cookie policies or consent mechanisms. No contact information or business certifications are explicitly provided on the site, which may impact user trust. Overall, the website is professional and functional but would benefit from enhanced transparency and compliance documentation.

A

Australian Red Cross Lifeblood

lifeblood.com.au

68

Australian Red Cross Lifeblood operates a comprehensive and professionally designed website dedicated to promoting and facilitating blood, plasma, breast milk, microbiome, organ, and tissue donation across Australia. The organization holds a strong market position as a leading non-profit healthcare service provider affiliated with the Australian Red Cross. The website offers extensive educational resources, donation eligibility quizzes, and easy access to donor center locations, targeting donors, patients, and health professionals alike. Technically, the site is built on Drupal CMS and integrates multiple modern analytics and marketing tools, ensuring good performance, mobile optimization, and accessibility. Security posture is strong with HTTPS enforced and secure form handling, though explicit security headers could be more visible. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. WHOIS data is privacy protected but consistent with a legitimate large organization. Overall, the site demonstrates high professionalism, trustworthiness, and user engagement.

C

Cedars-Sinai

cedars-sinai.org

65

Cedars-Sinai is a leading nonprofit academic healthcare organization based in Los Angeles, California, providing world-class specialty care, pioneering research, and education. The website reflects a mature digital presence with comprehensive information on specialty programs, virtual care, clinical trials, and patient resources. The organization holds a strong market position in Southern California healthcare, supported by patient testimonials and affiliations such as the LA28 Olympic Games medical provider role. Technically, the site leverages modern frameworks including React and Adobe Experience Manager, with integrations for marketing and analytics tools like Marketo and Adobe Launch. Security posture is robust with HTTPS, security headers, and no visible vulnerabilities, though public security policies and incident response contacts are not prominently disclosed. Privacy and cookie policies are present with consent mechanisms, indicating good compliance practices. WHOIS data is unavailable, likely due to privacy protection, which is justified for this type of organization. Overall, the website demonstrates high professionalism, trustworthiness, and technical maturity.

Z

Zipline

zipline.com

67

Zipline operates as the world's largest autonomous drone delivery system, specializing in rapid, on-demand delivery and logistics services. The company targets both businesses and consumers, offering innovative drone technology to deliver goods quickly and precisely. Their market position is strong, supported by partnerships with major brands and a clear focus on sustainable, efficient delivery solutions. The website reflects a professional and modern digital presence, leveraging advanced web technologies and multimedia content to engage users effectively. Security posture is solid with HTTPS enforced and a published vulnerability disclosure policy, though some security headers are missing and no WHOIS data is available, which warrants further investigation. Overall, Zipline presents a credible and trustworthy business with a high-quality online presence.

H

Hypervision Surgical Ltd

hypervisionsurgical.com

69

Hypervision Surgical Ltd is a UK-based medical technology company spun out from King's College London, specializing in AI-powered hyperspectral imaging to enhance surgical precision and patient safety. Their flagship product integrates real-time, non-invasive tissue characterization into surgical workflows, targeting clinicians and healthcare providers. The company is positioned as an innovative early-stage MedTech player with strong academic and industry partnerships, supported by certifications such as ISO 13485, UKCA marking, and FDA clearance. Technically, the website is built using modern frameworks like Bootstrap and Hugo CMS, hosted behind Cloudflare DNS, and optimized for mobile and performance. The site employs lazy loading and standard web technologies, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and domain transfer protections, though improvements like DNSSEC and security headers are recommended. From a security and compliance perspective, the site provides comprehensive privacy, cookie, and terms of service policies with GDPR compliance indicators. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. No phone contact is provided, only email and physical address. No tracking or analytics scripts were detected, indicating a privacy-conscious approach. Overall, the website and business present a high level of professionalism, trustworthiness, and technical maturity with minor areas for security enhancement. The risk profile is low, and the company demonstrates credible market positioning in the healthcare technology sector.

E

Ecole Supérieure Multinationale des Télécommunications

esmt.sn

47

ESMT (Ecole Supérieure Multinationale des Télécommunications) is a regional educational institution based in Senegal, specializing in telecommunications and related fields. It offers a variety of educational programs including initial training cycles, continuing education, certifications such as AWS Cloud Foundations, and masters programs both online and in evening formats. The institution is recognized by regional bodies such as CAMES and maintains partnerships with several organizations, enhancing its market position in education and telecommunications sectors. Technically, the website is built on Drupal CMS with Bootstrap and jQuery frameworks, integrating Google Maps and Google Analytics for user tracking and location services. While the site is mobile responsive and well-structured, it uses an outdated jQuery version and lacks advanced security headers, which could pose risks. Performance is moderate with good content quality and navigation. Security posture is basic with HTTPS enabled and IP anonymization in analytics, but missing DNSSEC and security headers reduce the overall security score. No privacy or cookie policies were found, indicating compliance gaps with GDPR and other privacy regulations. Contact information is clearly provided, supporting business credibility. Overall, the website is professional and trustworthy but would benefit from enhanced security measures and privacy compliance to improve user trust and regulatory adherence.

U

USSEIN - Université du Sine Saloum El-Hâdj Ibrahima NIASS

ussein.sn

31

The website www.ussein.sn represents the Union des Syndicats des Enseignants du Sénégal (USSEIN), a teachers' union in Senegal focused on labor rights and education advocacy. The site targets education professionals within Senegal and serves as a platform for union-related information and activities. The market position is that of an important national union, though the website content and design are basic and primarily in French. Technically, the website is built on WordPress with common plugins such as LayerSlider and uses Google Fonts and Google Maps API. It employs Google Analytics for user tracking. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. From a security perspective, the site uses HTTPS but does not implement advanced security headers or provide security policies or incident response information. No vulnerability disclosure or data protection officer details are found. The security posture is moderate but could be improved with better headers and formal policies. Overall, the website is safe for general audiences, with no adult or explicit content detected. However, the absence of privacy and cookie policies and limited contact information reduce privacy compliance and business credibility scores. Strategic improvements in security and compliance documentation are recommended.

A

ATU Auto-Teile-Unger

atu.de

62

ATU Auto-Teile-Unger operates a comprehensive e-commerce platform specializing in automotive parts, tires, rims, and workshop services primarily targeting the German market. The company holds a strong market position as a large retailer with extensive service offerings including online sales, workshop appointments, and customer loyalty programs. The website demonstrates a mature technical infrastructure utilizing modern web technologies such as jQuery, Bootstrap, Adobe DTM for tag management, and Google Maps API for location services. Security posture is robust with HTTPS enforcement, CSRF protection, and bot mitigation via DataDome, although explicit security policies and incident response contacts are not publicly disclosed. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, trustworthy, and well-optimized for user experience and SEO.

C

Cœur + AVC

jeunescoeursrythmes.ca

56

Jeunes Cœurs rythmés is a French-language educational website operated by Cœur + AVC, a Canadian non-profit organization dedicated to heart disease and stroke prevention. The site offers educational resources and interactive programs targeting children and youth, as well as educators and families. It serves as a digital learning center with a focus on heart and brain health, providing a library of activities and an interactive mystery game for older students. The website is well-branded, consistent, and professionally designed, reflecting the organization's long-standing reputation in healthcare education. Technically, the site is built on WordPress with modern plugins and integrates analytics and tracking tools such as Google Analytics and Facebook Pixel. It uses Cloudflare for DNS and domain protection but lacks DNSSEC and some security headers. The site supports multilingual content via WPML and offers secure login and registration forms for educators. However, explicit privacy and cookie policies are not found, indicating a gap in compliance. Overall, the site is trustworthy, secure, and serves its educational mission effectively.

C

CanCOVID

cancovid.ca

60

CanCOVID is a Canadian non-profit network established in 2020 to facilitate multidisciplinary collaboration among researchers, academics, patient partners, decision makers, and industry stakeholders focused on the COVID-19 pandemic response. It provides knowledge products, data trackers, resource libraries, and community engagement platforms to support evidence-informed decision-making and policy development. The organization is government-funded and well-positioned within the Canadian public health ecosystem. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and integrates Google Analytics and Google Maps APIs. The site is hosted behind Cloudflare DNS, uses HTTPS with a good SSL configuration, and demonstrates good mobile optimization and accessibility. SEO practices are well implemented, and the site offers a professional user experience with clear navigation and relevant content. From a security perspective, the site employs HTTPS and domain transfer protection but lacks DNSSEC and explicit security headers. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial; a comprehensive privacy policy is present, but no cookie consent mechanism is implemented despite tracking scripts. Incident response and security policies are not publicly disclosed, which could be improved to enhance trust. Overall, CanCOVID presents a high level of business credibility and trustworthiness with a strong focus on public health research collaboration. The website quality is excellent, with minor improvements recommended in security headers and privacy compliance to further strengthen its security posture and regulatory adherence.

E

Events.com Inc.

evensi.com

67

Events.com Inc. operates a large-scale global event discovery and ticketing platform, offering users access to over 186 million events worldwide. The platform targets a broad audience interested in music, culture, business networking, nightlife, sports, and leisure activities. Key services include event discovery by location and category, ticket sales, event promotion, and calendar integration. The company maintains a consistent brand presence and provides clear contact information, enhancing user trust. Technically, the website employs a modern tech stack including Google Tag Manager, Google Analytics, Facebook Pixel, and other marketing and tracking tools. It uses Vue.js for frontend interactivity and integrates Google Maps API for location services. The site is mobile-optimized, fast-loading, and SEO-friendly, with good accessibility features. From a security perspective, the site uses HTTPS with secure cookie settings and implements consent management via Usercentrics. While explicit security headers are not fully visible in the HTML, best practices such as nonce usage in OAuth2 SSO flows are observed. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies and terms of service are present and comprehensive, indicating good compliance with GDPR and related regulations. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Recommendations include enhancing visible security headers, publishing a security policy and incident response contacts, and establishing a vulnerability disclosure program to further strengthen security posture.

H

Huron Perth & Area Ontario Health Team

hpaoht.ca

47

Huron Perth & Area Ontario Health Team is a regional healthcare integration organization focused on improving health system collaboration and community health services in the Ontario Health West Region of Canada. The website serves healthcare professionals, leaders, community members, and caregivers by providing resources, educational campaigns on equity and inclusion, and digital health access tools such as ConnectMyHealth. The organization is positioned as a medium-sized non-profit entity founded in 2021, with government funding and accreditation endorsements, reflecting a credible and trusted presence in the healthcare sector. Technically, the website is built on a modern WordPress platform using Elementor and Tutor LMS plugins, integrating Google Tag Manager and Matomo for analytics, and Google Maps API for location services. The site demonstrates good design quality, mobile optimization, and SEO practices, though performance is moderate. Security posture is adequate with HTTPS enabled but lacks DNSSEC and security headers, which are recommended for enhanced protection. Security evaluation shows no critical vulnerabilities or exposed sensitive data, but privacy compliance is limited due to the absence of explicit privacy and cookie policies. Contact information is available primarily via phone and contact forms, with no direct company emails found. Social media presence is active on major platforms, supporting community engagement. Overall, the website is professional, trustworthy, and safe for general audiences, but should improve privacy compliance and security hardening to meet best practices and regulatory expectations.

L

LASIK

lasik.com

73

LASIK.com is a leading online resource dedicated to providing comprehensive and reliable information about modern LASIK eye surgery. The website serves both doctors and patients by offering educational content, a large network of certified LASIK surgeons, and tools to find trusted providers across the United States. The platform positions itself as the largest trusted LASIK network, supported by strong partnerships with major insurance providers and a significant volume of positive user reviews, indicating high market credibility. Technically, the website is built on WordPress with a modern technology stack including SEO optimization via Yoast, analytics through HubSpot and Google Tag Manager, and user experience enhancements such as responsive design and accessibility considerations. The site employs cookie consent mechanisms compliant with GDPR, ensuring privacy compliance. Performance and mobile optimization are excellent, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and uses secure forms with input validation. While explicit security headers are not fully visible in the HTML, the overall security posture is strong with no evident vulnerabilities or exposed sensitive data. However, the absence of WHOIS registration details and lack of published security or incident response policies represent minor transparency gaps. Overall, LASIK.com demonstrates a mature digital presence with strong business credibility and technical implementation. The site is safe, professional, and trustworthy, making it a reliable source for LASIK-related information and services.

C

Chicken Farmers of Ontario

ontariochicken.ca

62

Chicken Farmers of Ontario is a well-established agricultural organization representing over 1,300 family-run chicken farms across Ontario. The website serves as a comprehensive resource for farmers, prospective entrants, and the public, providing information on regulations, policies, news, and community stories. The organization plays a significant role in Ontario's economy, contributing billions annually and supporting tens of thousands of jobs. Technically, the website is built on the Kentico CMS platform, utilizing modern JavaScript libraries like jQuery and integrates Google Analytics and Tag Manager for tracking. The site is hosted with Cloudflare DNS services, ensuring reliable performance and security. Security posture is generally good with HTTPS enforced and domain transfer protections, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is basic with a privacy policy present but lacking cookie consent mechanisms and terms of service. Overall, the website is professional, trustworthy, and serves its target audience effectively.

I

IT NEXT SOFTWARE SOLUTION SRL

nextsoftware.ro

57

Next Software is a Romanian-based company specializing in custom software development with a focus on business and financial sector solutions. Their offerings include cash management systems, fintech microfinancing platforms, legal entity identifier management, stock tracking, and office space management solutions. The company positions itself as a flexible and competent partner for businesses requiring tailored software solutions, with a market presence primarily in Romania. The website reflects a professional and consistent brand image with clear contact details and GDPR compliance indications. Technically, the website employs a modern front-end stack including Bootstrap, jQuery, and various UI plugins such as Revolution Slider and Owl Carousel. It is mobile-optimized with moderate performance and basic SEO and accessibility features. The site integrates Google Analytics and Tag Manager for user tracking and marketing purposes. From a security perspective, the site uses HTTPS (implied by external Google services usage), but lacks visible HTTP security headers and publicly available security policies or incident response contacts. Cookie consent is implemented, and GDPR policy is accessible, indicating awareness of privacy compliance. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website and business appear legitimate and professionally managed, with room for improvement in security best practices and transparency around incident response and vulnerability disclosures.

T

THE CANADIAN MENTAL HEALTH ASSOCIATION

here247.ca

58

Here 24/7 is a Canadian non-profit organization providing coordinated addictions, mental health, and crisis services across the Waterloo Wellington region. The website serves as a comprehensive portal for individuals seeking help, providers, and families, offering intake, assessment, referrals, and support services. It is operated by THE CANADIAN MENTAL HEALTH ASSOCIATION, a reputable organization with a domain registered since 2014, reflecting a stable presence in the healthcare sector. The site also partners with government health agencies and participates in the national 9-8-8 Suicide Crisis Helpline initiative. Technically, the website is built on WordPress using the Genesis Framework, with common web technologies such as jQuery and Google Maps API integrated. The site is mobile-optimized and accessible, with good SEO practices and clear navigation. Hosting is via Hover.com, and the site uses HTTPS with a valid SSL certificate. However, DNSSEC is not enabled, and security headers are absent, which are areas for improvement. From a security perspective, the site demonstrates good baseline practices such as HTTPS enforcement and domain transfer protections. There are no visible vulnerabilities or exposed sensitive data. The Google Analytics plugin is installed but not configured, indicating minimal user tracking. Privacy compliance is basic, with a clear privacy policy but no cookie consent mechanism. No explicit security or incident response policies are published. Overall, the website is trustworthy, professional, and well-aligned with its mission to provide mental health and addiction support. Strategic improvements in security headers, DNSSEC, and privacy mechanisms would enhance its security posture and compliance. The domain registration data supports legitimacy and transparency, reinforcing confidence in the organization and its digital presence.

S

SPEEDEX A.E. Ταχυμεταφορών

speedex.gr

56

Speedex is a well-established Greek courier and parcel delivery company offering a broad range of domestic and international shipping services, including same-day delivery and franchise opportunities. The company holds ISO 9001:2015 certification, reflecting its commitment to quality management. The website targets both general consumers and business clients within Greece, providing multiple customer interaction points such as shipment tracking, pickup requests, and cooperation forms. The business model focuses on logistics and transportation services with an emphasis on franchise expansion.

S

Star Odigos – ΔΙΚΤΥΟ ΕΠΑΓΓΕΛΜΑΤΙΩΝ ΚΑΙ ΚΑΤΑΝΑΛΩΤΩΝ

starodigos.gr

24

Star Odigos is a Greek-language online network platform aimed at connecting professionals and consumers. The website serves as a business directory or listing service, targeting a Greek audience. The business model appears to be based on categorized listings with different membership or listing tiers (e.g., GOLD, SILVER, MAKETA). However, the website currently suffers from a critical WordPress error that prevents normal content access and user interaction. This significantly impacts the user experience and trustworthiness of the platform. Technically, the site is built on WordPress using common plugins such as Visual Composer and Bootstrap for frontend styling. It integrates Google Maps API for location services. Despite using modern technologies, the site shows signs of technical debt and lacks performance optimization. Mobile responsiveness is basic, and accessibility features are minimal. From a security perspective, the site lacks visible security headers and does not show evidence of HTTPS enforcement in the provided data. No privacy or cookie policies are published, indicating poor compliance with GDPR and related regulations. The critical WordPress error page also suggests backend vulnerabilities or misconfigurations that need urgent remediation. Overall, the website presents a low security posture and poor content quality due to technical failures. Strategic improvements in backend stability, security hardening, and compliance documentation are essential to restore trust and functionality.

M

Mediadom Pyrhani

mediadom-piran.si

41

Mediadom Piran is a cultural multimedia center based in Piran, Slovenia, established around 2015. It serves as a hub for cultural events, multimedia exhibitions, and community engagement, targeting local residents, tourists, and students. The website reflects a well-structured cultural institution with partnerships across regional cultural organizations. Technically, the site is built on WordPress using common frameworks like Foundation and jQuery, integrating Google Maps and multimedia galleries. The site is moderately optimized for performance and mobile use, with good navigation and content relevance. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy and professional but could improve in privacy and security transparency.

The website www.portoroz.si serves as a comprehensive tourism portal for the Portorož and Piran regions in Slovenia, offering detailed information on accommodations, events, cultural and natural landmarks, activities, gastronomy, wellness, and business meeting facilities. It targets tourists and visitors interested in exploring Slovenian Istria, positioning itself as a regional authority in destination marketing. The business operates under Webtasy, d.o.o., with a domain age dating back to 2000, indicating a well-established presence. Technically, the site is built on ASP.NET Web Forms with a custom CMS, integrating modern web technologies such as jQuery, Google Maps API, and various marketing and analytics tools including Hotjar, Klaviyo, and Google Analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. Security measures include HTTPS enforcement, Google reCAPTCHA, and a detailed cookie consent mechanism compliant with GDPR. Security posture is solid with no critical vulnerabilities detected; however, the site could enhance its security by implementing additional HTTP security headers and publishing explicit security and incident response policies. Privacy compliance is strong, with a comprehensive cookie policy and user consent management. Business credibility is supported by consistent branding, official social media presence, and transparent marketing practices. Overall, the website presents a professional, trustworthy, and user-friendly platform for tourism promotion in the region. Strategic recommendations include enhancing security headers, publishing detailed security and incident response policies, and providing clearer direct contact information to improve user trust and compliance.

Cimitirul Eparhial Sf. Nicolae is a specialized cemetery service provider located in Bucharest, Romania, offering permanent burial plots, modern mortuary facilities, and funeral-related services. The business is positioned as a modern, well-managed cemetery under the auspices of the Arhiepiscopia Bucureștilor, targeting families seeking dignified and organized burial solutions. The website reflects a professional digital presence with comprehensive service descriptions, customer testimonials, and clear contact channels. Technically, the site is built on WordPress with a modern theme and plugins, including SEO and analytics tools, ensuring good digital maturity. Security posture is adequate with HTTPS and GDPR compliance, though improvements in security headers and DNSSEC are recommended. Overall, the site is trustworthy and well-aligned with its business goals.

E

ENTRE Timing

entretiming.pl

44

ENTRE Timing is a Polish small business specializing in electronic timing services for sports events. The website presents a professional and consistent brand image focused on event timing, results publication, and related additional services. The target audience is primarily local sports event organizers and participants. The business operates on a service model with a niche market position in Poland, founded around 2013. Technically, the website is built on WordPress CMS with a modern plugin stack including WooCommerce, Yoast SEO, and Google Analytics integration, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly, though accessibility features are basic. From a security perspective, the website uses HTTPS and implements cookie consent mechanisms, reflecting GDPR compliance efforts. However, no advanced security headers or explicit security policies are present, and no vulnerability disclosure or incident response information is publicly available. The absence of WHOIS data limits the ability to fully verify domain legitimacy, but the website content and technical setup suggest a legitimate small business presence. Overall, the security posture is moderate with room for improvement in security best practices and transparency. The website is fully accessible without WAF or blocking mechanisms, providing a good user experience with clear navigation and relevant content. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and adding vulnerability disclosure mechanisms to improve trust and compliance. These steps will strengthen the security posture and business credibility while maintaining a positive user experience.

Biblioteca Sfantului Sinod is a Romanian government-affiliated cultural and educational institution specializing in religious and historical library services. It offers access to unique collections such as manuscripts, old Romanian and foreign books, and periodicals, serving researchers and the general public. The website is built on WordPress with a Bootstrap framework, hosted by Hosterion, and demonstrates moderate technical maturity with good mobile optimization and basic SEO. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies. Contact information is clearly presented, enhancing business credibility. Overall, the site is trustworthy and safe for general audiences.

Xionodromika.gr is a specialized Greek-language online portal dedicated to providing comprehensive news, information, and resources related to ski centers and winter tourism in Greece. Established in 2015, the website serves as a key information hub for winter sports enthusiasts, offering live webcams, accommodation options, ski equipment rentals, and event updates. The site maintains a consistent brand presence and leverages social media channels to engage its audience. Technically, the website is built on WordPress with WooCommerce integration, utilizing modern web technologies such as Google Maps API, FontAwesome, and various analytics and marketing tools including Google Tag Manager and Facebook Pixel. The site demonstrates good mobile optimization and moderate performance. Security-wise, the site employs HTTPS and some security plugins but lacks explicit security headers and published security policies. Privacy compliance is partial, with a cookie consent mechanism present but no accessible privacy policy or terms of service pages. Overall, the website is legitimate and trustworthy within its niche but would benefit from enhanced privacy and security disclosures.

Web-Greece.Gr is a well-established Greek tourism guide website founded in 2015, offering comprehensive information on destinations, hotels, car rentals, food, and entertainment in Greece. It targets tourists and travelers seeking detailed travel planning resources and booking options. The website leverages WordPress CMS with modern plugins and SEO tools, ensuring good technical infrastructure and user experience. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. Contact information and privacy policies are clearly presented, supporting GDPR compliance. Overall, the site is professional, trustworthy, and content-rich, serving as a valuable resource in the Greek hospitality sector.

S

SŽ – Vleka in tehnika, d.o.o.

sz-vit.si

55

SŽ – Vleka in tehnika, d.o.o. is a medium-sized Slovenian company specializing in railway vehicle maintenance, train towing, and technical wagon services. It operates as a subsidiary of the Slovenske železnice group, providing comprehensive maintenance, overhaul, wheelset processing, mobile service, and engineering consulting. The company holds multiple ISO certifications, indicating a commitment to quality, environmental management, and occupational health and safety. The website is professionally designed with multilingual support, clear navigation, and detailed contact information, targeting railway operators and transportation sector clients. Technically, the website is built on WordPress with modern web technologies including jQuery, Google Maps API, and Google Tag Manager. It is hosted behind Cloudflare, ensuring good performance and security. The site includes accessibility features and cookie consent mechanisms compliant with GDPR. However, explicit security headers could be improved, and no dedicated security or incident response pages were found. The security posture is good with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. The domain registration is consistent with the business profile, having been registered in 2012 and matching the company branding. No suspicious WHOIS patterns were detected. Overall, the website presents a trustworthy and professional digital presence for the company. Strategic recommendations include enhancing security headers, publishing an incident response policy, and adding a vulnerability disclosure mechanism to further improve security and trust.

SŽ-ŽIP, storitve, d.o.o. is a medium-sized Slovenian company founded in 2002, operating as a subsidiary of Slovenske železnice. The company focuses on providing socially responsible employment for disabled railway workers and offers a range of services including comprehensive facility management, vehicle fleet management, production and trade activities, and accommodation services. The website is professionally designed, consistent with the brand, and targets both internal Slovenske železnice stakeholders and external clients requiring related services. Technically, the site is built on WordPress with modern libraries and APIs such as Google Maps and Leaflet, ensuring good mobile optimization and accessibility. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. No critical vulnerabilities or suspicious content were detected, and the domain registration data aligns well with the business profile, indicating legitimacy.

V

Verkehrsverbund Oberelbe GmbH (VVO)

vvo-mobil.de

53

VVO Mobil is a regional public transportation platform serving the Oberelbe region in Germany. It offers trip planning, real-time departure information, ticket purchasing, and network maps. The website is built on a modern Angular framework and integrates trusted third-party services such as Google Maps and PayPal for enhanced user experience and payment processing. The platform targets public transport users in the region, providing essential mobility services with a focus on usability and accessibility. The business operates in the transportation sector with a medium-sized footprint and maintains a consistent brand presence online. Technically, the website demonstrates a mature digital infrastructure with a strict Content-Security-Policy, HTTPS enforcement, and integration of analytics via Matomo. The site is mobile-optimized and provides a good user experience, though some accessibility features could be improved. The absence of a cookie consent mechanism and terms of service pages indicates room for enhancement in privacy compliance. Security posture is strong with no evident vulnerabilities or exposed sensitive data. From a security perspective, the site employs best practices such as HTTPS and CSP headers, but lacks explicit security policies and incident response contacts. No vulnerability disclosure or security.txt files were found, which could be added to improve transparency and trust. The WHOIS data aligns well with the website's claims, showing consistent domain registration and authoritative name servers. Overall, VVO Mobil presents a trustworthy and professional online presence for a regional transportation service. Strategic improvements in privacy compliance, security transparency, and accessibility would further strengthen its position and user trust.

V

Visit Celje

visitcelje.eu

41

Visit Celje is a regional tourism promotion website dedicated to showcasing the cultural, historical, and recreational attractions of Celje city in Slovenia. The site offers detailed information on events, experiences, accommodations, and local cuisine, targeting tourists and visitors interested in exploring the city. The business model includes tourism promotion and an online shop for related products, positioning itself as a key regional tourism resource. Technically, the website is built on WordPress with WooCommerce integration, leveraging modern web technologies such as jQuery, Google Maps API, and Google Fonts. The site is mobile-optimized and provides multi-language support, enhancing accessibility for international visitors. Security-wise, the website enforces HTTPS and uses Google reCAPTCHA, but lacks some security headers and formal privacy and cookie policies, which are important for compliance and user trust. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

N

Nimaint

radiorogla.si

41

Radio Rogla is a regional Slovenian media company operating a radio station with live streaming, music charts, and local news content. The website targets the general public in the Štajerska region, providing entertainment and community engagement through various digital channels. The business model centers on media broadcasting with advertising and community-driven content. Technically, the site is built on WordPress with Elementor and WooCommerce plugins, integrating Google Analytics and Google Maps APIs, reflecting a moderate level of digital maturity. The website is mobile optimized and offers a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enabled and anonymized Google Analytics tracking; however, it lacks security headers and visible privacy or cookie policies, indicating compliance gaps. Overall, the site is legitimate and trustworthy but would benefit from enhanced privacy compliance and security best practices.

W

Webtasy, d.o.o.

stajerska.si

56

Štajerska.si is a professionally designed regional tourism website promoting the Štajerska region in Slovenia. It offers comprehensive information on cultural, natural, and wellness experiences, targeting tourists and visitors interested in urban and natural attractions. The website leverages modern technologies such as Nuxt.js, Vue.js, and DatoCMS, ensuring a fast, mobile-optimized, and accessible user experience. Social media integration and event promotion enhance its outreach. Security posture is strong with HTTPS and security headers, though the absence of a cookie consent banner and explicit security policies indicates room for compliance improvement. Overall, the site is trustworthy and well-positioned as a regional tourism marketing platform.

M

MBajk

mbajk.si

54

The website www.mbajk.si represents a business entity with an established domain since 2013, indicating a stable presence. The site is built using modern web technologies including Angular 18.2.10, Bootstrap, and integrates Matomo for analytics and Google Maps API for location services. A cookie consent mechanism is implemented via Didomi, reflecting some level of privacy compliance. However, the site lacks visible privacy policy, terms of service, and contact information, which limits transparency and user trust. The technical infrastructure appears moderately optimized with good mobile responsiveness but basic SEO and accessibility features. Security posture is moderate with HTTPS implied but no explicit security headers detected in the HTML content. No forms or direct data collection points are visible, reducing immediate risk but also limiting user engagement. Overall, the site is functional but would benefit from enhanced compliance documentation and security hardening.

The SYMBOLS project website serves as an educational platform focused on exploring cultural symbols, particularly those found in cemeteries across Europe. It is a collaborative initiative involving six European partners including municipal councils, educational institutions, and cultural organizations. The site offers a symbols database, interpretative content, and special tours, targeting audiences interested in cultural heritage and funerary arts. The business model is primarily educational and cultural, with a niche market position supported by reputable European partners. Technically, the website is built on ASP.NET Web Forms with legacy JavaScript libraries such as jQuery 1.8.2 and jQuery UI 1.9.1. It integrates Google Analytics and Google Maps API for tracking and mapping functionalities. The site demonstrates moderate performance and basic mobile optimization, with room for improvement in accessibility and SEO practices. From a security perspective, the site uses HTTPS ensuring encrypted communication but lacks visible security headers like Content Security Policy and uses outdated JavaScript libraries that may expose vulnerabilities. No privacy or cookie policies are present, indicating gaps in GDPR compliance. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website is a credible cultural heritage resource with moderate technical maturity and security posture. Strategic improvements in security headers, library updates, and privacy compliance would enhance trust and resilience.

E

e-Občina

e-obcina.si

56

e-Občina.si is a well-established Slovenian e-government platform providing electronic services to municipalities and their citizens. The platform facilitates electronic application submissions, online payments, citizen notifications, participatory budgeting, and local news dissemination. With 144 municipalities using the system and serving over 1.2 million citizens, it holds a strong market position in the government sector in Slovenia. The website is professionally designed, mobile-optimized, and uses modern web technologies including jQuery, Bootstrap, Google Maps, and PWA capabilities. Hosting is supported by Cloudflare, ensuring reliable DNS and security infrastructure. Security posture is adequate with HTTPS and Cloudflare DNS, but lacks explicit security headers and incident response information. Privacy and cookie policies are not found, indicating room for compliance improvement. Overall, the website is trustworthy, content-rich, and serves an essential public sector function.

The website www.visittrentino.info serves as the official tourism portal for the Trentino region in Italy, providing comprehensive information about holidays, accommodations, events, and activities in the area. It targets tourists and travelers interested in the Italian Alps, offering booking services and rich content to facilitate holiday planning. The site is well-branded and professionally designed, reflecting its role as a regional tourism authority. Technically, the site employs a modern tech stack including Bootstrap 3, Pimcore CMS, Google Tag Manager, and Cookiebot for cookie consent management. The site is mobile-optimized and SEO-friendly, with good navigation and content structure. Performance is moderate, and accessibility features are basic but present. From a security perspective, the site uses HTTPS with a good SSL configuration and implements cookie consent mechanisms. However, it lacks visible security headers and explicit privacy policies or terms of service in the analyzed content. No vulnerability disclosure or incident response information is provided, which could be improved to enhance trust and compliance. Overall, the website is legitimate and trustworthy based on content and branding, though the absence of public WHOIS data and some compliance documents slightly reduce its trust score. Strategic improvements in privacy documentation, security headers, and contact transparency are recommended to strengthen its security posture and user trust.

T

TIC Šentjur / Občina Šentjur

turizem-sentjur.com

63

The website turizem-sentjur.com serves as the official tourism portal for the municipality of Šentjur, Slovenia. It provides comprehensive information about local attractions, cultural heritage, events, accommodations, culinary offerings, and outdoor activities, targeting tourists and visitors interested in the region. The business is positioned as a regional tourism information hub, supported by the municipality and local partners. The domain is well-established since 2005, reflecting a mature presence in the local tourism market. Technically, the site uses a custom CMS (BCMS), integrates Google Maps API for location services, and employs Mailchimp for newsletter subscriptions. The design is professional, mobile-optimized, and accessible, with good SEO practices. However, some modern security best practices such as DNSSEC and security headers are missing. Cookie consent is implemented, but a dedicated privacy policy page is not found. From a security perspective, the site enforces HTTPS and uses CAPTCHA on contact forms, but lacks published security policies and incident response contacts. No WAF or blocking mechanisms are detected, and no suspicious or adult content is present. Overall, the site is safe, trustworthy, and professionally maintained, but could improve security posture and privacy transparency. The overall AI score is 78, reflecting good content quality, technical implementation, and business credibility, with room for improvement in security and privacy compliance.

M

Mestna občina Maribor

maribor.si

43

Mestna občina Maribor is the official municipal government website for the city of Maribor, Slovenia, the country's second largest municipality with approximately 113,000 residents. The site provides comprehensive information about municipal services, public announcements, projects, tourism, economic development, and community engagement. It targets residents, businesses, and visitors, offering multilingual support and easy navigation. The business model is focused on public service delivery and community information dissemination. Technically, the website is built on WordPress and leverages modern web technologies including Google Analytics, Hotjar for user behavior analysis, Google reCAPTCHA for form security, and Google Maps API for location services. The site is hosted by TELEMACH d.o.o., a Slovenian registrar and likely hosting provider. Performance is moderate with good mobile optimization and accessibility features. From a security perspective, the site enforces HTTPS, uses reCAPTCHA on forms, and complies with GDPR through cookie consent banners and privacy policies. However, it lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious content were detected. Overall, the website is professional, trustworthy, and well-maintained, serving as a reliable digital presence for the municipal government. Strategic recommendations include enhancing HTTP security headers, publishing security policies, and maintaining regular updates to software components.

P

Pogrebno podjetje Maribor d.d.

pp-mb.si

53

Pogrebno podjetje Maribor d.d. is a well-established funeral service provider based in Maribor, Slovenia, founded in 2006. The company offers comprehensive funeral organization, cemetery management, grave site rental, and stonemasonry services. It is part of the JHMB Group, a recognized entity in the region, and maintains a strong local presence with a focus on cultural heritage preservation. The website reflects a professional and consistent brand image, targeting local residents seeking respectful and organized funeral services. Technically, the website is built on an ASP.NET WebForms platform with jQuery and Font Awesome, providing moderate performance and basic mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and privacy compliance mechanisms such as cookie consent and privacy policies. Contact information is clearly presented, enhancing business credibility. Overall, the site is safe, professional, and trustworthy but would benefit from improved privacy and security practices.

A

Apraxa eG

apraxa.de

47

Apraxa eG operates a specialized legal services network in Germany, providing a platform for law firms to connect with potential clients through a detailed lawyer search. The website positions itself as a quality-focused, innovative, and local legal network with over 700 locations nationwide. The business model centers on membership for law firms, offering quality certifications and access to legal databases. Technically, the site uses standard web technologies including jQuery and Google Maps API, with a cookie consent mechanism in place, and is served over HTTPS ensuring secure communications. Security posture is adequate but could be improved by adding explicit security policies and incident response contacts. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, targeting both lawyers and clients in Germany.

E

Engineering Development Board

engineeringpakistan.com

47

The Engineering Development Board (EDB) is a government entity under Pakistan's Ministry of Industries & Production, focused on strengthening the engineering sector and integrating it with global markets. The website serves as a portal for policies, industry sectors, publications, and official communications, targeting industry stakeholders and government officials. The site is built on WordPress with a modern tech stack including Bootstrap and various plugins, offering a good user experience and mobile optimization. Security posture is moderate with HTTPS enabled but lacking advanced security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies. Contact information and social media links are clearly provided, enhancing trustworthiness. Overall, the site is a credible government resource with room for improvement in security and privacy compliance.

M

Menschen in Hanau e.V.

menschen-in-hanau.de

52

Menschen in Hanau e.V. is a German non-profit organization dedicated to promoting inclusion, accessibility, and diversity within the Hanau community. The website serves as a platform to inform citizens about ongoing projects, events, and volunteer opportunities aimed at fostering an open and barrier-free society. The organization targets local residents, people with disabilities, and volunteers interested in social engagement. Technically, the website is built on WordPress with a modern tech stack including jQuery, Google Maps API, and SEO plugins, ensuring good performance, mobile optimization, and accessibility features. Security posture is solid with HTTPS and anonymized Google Analytics, though it lacks explicit security headers and published security policies. Privacy compliance is limited due to the absence of privacy and cookie policies. Overall, the site is trustworthy, professionally maintained, and content-rich, supporting its mission effectively.

Kulturforum Hanau is a public cultural institution operated by the city of Hanau, Germany, providing a range of cultural, educational, and library services to the local community. The website serves as an information portal for various departments including the city library, archives, media center, and educational counseling. It also promotes events and community engagement activities. The institution holds a solid position as a government cultural service provider with a medium-sized operational scale. Technically, the website is built on the Imperia CMS platform with Bootstrap for responsive design, enhanced by jQuery and other JavaScript libraries. It integrates Matomo analytics for privacy-conscious user tracking and includes accessibility and SEO optimizations at a basic to good level. The site is mobile-friendly and well-structured, supporting a positive user experience. From a security perspective, the site uses HTTPS (implied by external Google Maps API usage and standard practice), but lacks visible security headers in the HTML source. Cookie consent is implemented effectively, and no critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit security policies and incident response information suggests room for improvement in transparency and security maturity. Overall, the website is trustworthy, professionally maintained, and compliant with GDPR requirements. It effectively serves its target audience without any adult or questionable content. Strategic recommendations include enhancing security headers, publishing security policies, and continuous monitoring of third-party scripts to maintain a strong security posture.

S

Stadt Hanau

hanau-corona.de

61

The website 'Corona in Hanau' is an official municipal information portal operated by Stadt Hanau, Germany, providing comprehensive and up-to-date information related to the Coronavirus pandemic. It serves residents and stakeholders by offering resources such as testing locations, vaccination sites, hygiene rules, legal information, and support services. The site is positioned as a trusted government source with consistent branding and clear navigation. Technically, the website is built on the IMPERIA CMS platform and utilizes a modern technology stack including jQuery, Bootstrap, Matomo Analytics, and Google Maps API. The site demonstrates good mobile optimization and SEO practices, although performance is moderate. The cookie consent mechanism is robust, ensuring GDPR compliance with user opt-in for analytics tracking. From a security perspective, the site employs HTTPS and anonymizes user IPs in analytics. However, explicit security headers and incident response information are not evident, suggesting room for improvement in security posture. No vulnerabilities or exposed sensitive data were detected. Overall, the site maintains a good balance between usability, privacy, and security. The risk assessment is low given the official nature of the site and its compliance with privacy regulations. Strategic recommendations include enhancing security headers, publishing a security policy, and providing incident response contacts to further strengthen trust and resilience.

T

Tillmann Verpackungen GmbH

tillmann-verpackungen.de

55

Tillmann Verpackungen GmbH is a well-established packaging solutions provider based in Mühlheim am Main, Germany, with over 70 years of experience. The company specializes in manufacturing and distributing a wide range of packaging products including wellpappe, vollpappe, and innovative solutions like LiFe-Multibox and TICO Aluliner. Positioned as the market leader in the Rhein-Main region, Tillmann Verpackungen serves diverse industries such as automotive, e-commerce, pharma, electronics, and medical technology. Their business model focuses on B2B sales, packaging consulting, development, and logistics support including warehousing and assembly services. Technically, the website is built on WordPress with modern SEO and multilingual support via WPML. It employs various third-party services for analytics (eTracker), anti-spam (CleanTalk), and cookie consent management (CookieMonkey). The site is mobile-optimized with good performance and accessibility features, although some improvements could be made in accessibility and security headers. The hosting is professional with domain control nameservers and SSL encryption ensuring secure communications. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms compliant with GDPR. It holds ISO 9001 certification and displays trust signals such as Kununu ratings. However, it lacks a published security policy, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. No critical vulnerabilities or suspicious content were detected. Overall, the website and business present a high level of professionalism, trustworthiness, and compliance with privacy regulations. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility to further strengthen the security posture and user trust.

M

MRH Trowe

mrh-trowe.com

66

MRH Trowe is a large, internationally active, owner-managed insurance broker headquartered in Germany, positioned among the top 10 industrial brokers in the country. The company specializes in developing tailored and sustainable insurance solutions and consulting concepts for both business and private clients. Their business model emphasizes independence and comprehensive service, supported by a broad network and a workforce exceeding 1700 employees. The website reflects a professional and consistent brand image, showcasing multiple certifications and strong customer trust indicators such as high ratings on ProvenExpert and Kununu. Technically, the website is built on WordPress with modern plugins including Gravity Forms for data collection, CleanTalk for anti-spam, and CookieMonkey for cookie consent management. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. Security posture is good with HTTPS enforced and bot detection mechanisms in place; however, the absence of visible security headers and a formal security policy or vulnerability disclosure reduces the overall security maturity. The WHOIS data is notably missing or unavailable, which introduces some uncertainty regarding domain registration legitimacy. Despite this, the website content, certifications, and business presence strongly suggest a legitimate and established business. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent mechanisms, and a named data protection contact. Overall, MRH Trowe presents a trustworthy and professional digital presence with room for improvement in security transparency and WHOIS data clarity. Strategic enhancements in security headers and incident response disclosures would further strengthen their security posture and stakeholder confidence.

M

MRH Trowe

crm-makler.de

66

MRH Trowe is a well-established insurance and finance services provider based in Germany, recently integrating CRM Makler GmbH to expand its offerings. The company targets both corporate and private clients with a broad portfolio including corporate insurance, motor, real estate, specialty insurances, and financial services such as factoring and leasing. The website reflects a professional and consistent brand image with clear navigation and comprehensive service descriptions. Technically, the site is built on WordPress with modern plugins like Gravity Forms and CleanTalk for spam protection, and it includes GDPR-compliant cookie consent mechanisms. Security posture is good with HTTPS and bot detection, though some security headers are missing and no explicit security policy is published. WHOIS data is unavailable, which reduces transparency but the overall trust signals from the website and external reviews support legitimacy. Strategic recommendations include enhancing security headers, publishing a security policy, and improving WHOIS transparency.