Security Directory

S

SPIP

spip.net

52

SPIP is an established open source publishing system designed for collaborative and multilingual web content management. Founded in 2001, it serves a broad audience of web authors, developers, and institutions seeking a free and community-driven CMS solution. The website provides comprehensive documentation and community resources, reflecting a mature and active project. Technically, the site uses SPIP CMS version 4.4.6 with modern web technologies including JavaScript, CSS, SVG, and MathJax for math rendering. The site is mobile-optimized and accessible, with good SEO practices. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers are not detected and privacy policies are absent, indicating room for improvement in compliance and security transparency. WHOIS data is unavailable, which slightly impacts trust but is mitigated by the site's open source nature and community presence. Overall, the site is professional, trustworthy, and well-maintained, but could enhance privacy and security disclosures.

M

MyMGLife

mymglife.com

65

MyMGLife operates as a niche e-commerce fundraising platform dedicated to supporting research for Myasthenia Gravis, a rare neuromuscular disease. The website leverages the Shopify platform to sell branded merchandise, with proceeds directed towards a non-profit organization focused on this cause. The site targets individuals interested in supporting medical research and awareness efforts related to Myasthenia Gravis. The business model is straightforward, combining retail sales with charitable fundraising, positioning itself as a specialized player within the non-profit e-commerce space. Technically, the website is built on a modern and robust infrastructure using Shopify's e-commerce platform, ensuring reliable hosting, secure payment processing (including Shopify Pay, Apple Pay, and PayPal), and responsive design optimized for mobile devices. The site employs standard web technologies such as JavaScript, CSS, and HTML5, with good SEO and accessibility practices evident. Performance is generally fast, benefiting from Shopify's CDN and optimized assets. From a security perspective, the site enforces HTTPS with strong SSL configurations and includes essential security headers. Payment integrations are secure, and no exposed sensitive data or vulnerable libraries were detected. However, the absence of explicit privacy and cookie policies, GDPR compliance indicators, and contact information for security incidents or abuse reduces the overall security posture and compliance maturity. Overall, the website presents a professional and trustworthy front for its fundraising mission but would benefit from enhanced transparency and compliance documentation. The lack of WHOIS data introduces some uncertainty regarding domain legitimacy, though the Shopify platform usage and secure infrastructure mitigate this risk. Strategic improvements in privacy, cookie consent, and incident response disclosures would strengthen trust and regulatory compliance.

C

Centrum realitního vzdělávání - JUDr. Tomáš Philippi

realitni.info

63

Centrum realitního vzdělávání, operated by JUDr. Tomáš Philippi, is a specialized Czech Republic-based education and legal consultancy business focused on real estate brokerage training and certification. The website offers preparatory courses, exams, online testing, and legal documentation services, positioning itself as an authoritative niche provider with strong legal expertise backing. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript without modern frameworks or CMS, resulting in moderate performance and basic mobile optimization. Security posture is average with no visible advanced security headers or policies, and privacy compliance is lacking due to missing privacy and cookie policies. The WHOIS data is unavailable, which reduces domain trustworthiness, but the website content and contact information support legitimacy. Overall, the site is professional and trustworthy for its target audience but would benefit from enhanced security and compliance measures.

D

Del Monte

delmontefscashback.com

47

The website delmontefscashback.com serves as a dedicated platform for the Del Monte Foodservice Cash Back Program, offering customers an incentive-based rebate system to encourage purchases of Del Monte branded products. The platform provides account creation, login functionality, and submission of proof of purchase for cash back rewards. The target audience primarily consists of foodservice operators and businesses engaged in purchasing Del Monte products. The business model revolves around customer engagement and brand promotion through rebate incentives. From a technical perspective, the website employs standard web technologies including JavaScript, CSS, and Google Fonts, but lacks evidence of a content management system or advanced frameworks. The site demonstrates basic mobile optimization and moderate performance but shows room for improvement in SEO and accessibility. Hosting and domain registration are managed via GoDaddy, with domain protections enabled but no DNSSEC. Security posture is moderate; while the domain is protected against unauthorized changes, the site lacks visible security headers, DNSSEC, and cookie consent mechanisms. No HTTPS enforcement details were provided, and no advanced bot protection or analytics tracking was detected. Privacy and terms of service links exist but appear basic without comprehensive GDPR compliance indicators. No contact or incident response information is available, limiting transparency. Overall, the website presents a functional but basic promotional platform with moderate trustworthiness. Strategic improvements in security headers, privacy compliance, contact transparency, and technical modernization would enhance the platform's credibility and user trust.

H

Hochschule Darmstadt

h-da.de

10

Hochschule Darmstadt (h_da) is a well-established German university of applied sciences focused on education, research, and transfer in technology, society, and art. The website serves as a comprehensive portal for students, staff, and partners, offering detailed information about academic programs, research initiatives, campus development, and services. The institution maintains a strong regional and international presence, including partnerships such as the European University of Technology (EUT+). Technically, the website is built on TYPO3 CMS, a robust open-source content management system, and employs Matomo analytics for privacy-conscious user tracking. The site is mobile-optimized, accessible, and SEO-friendly, with structured data enhancing search engine understanding. Performance is moderate, with modern web technologies and responsive design. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and formal security policies such as vulnerability disclosure or incident response contacts. Privacy compliance is partial, with no explicit privacy or cookie policies detected on the main page. The WHOIS data is minimal but consistent with the institution's identity, supporting legitimacy. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements in privacy transparency and security policy publication would enhance compliance and user trust.

H

HALLENKUNST | MARKTHALLE CHEMNITZ

hallenkunst.de

7

The website www.hallenkunst.de is a Wix-hosted site with minimal content and no visible privacy, cookie, or terms of service policies. The business focus is unclear due to lack of descriptive content, but the presence of art-related media suggests an art or gallery-related business. The technical infrastructure relies on Wix technologies and standard web technologies such as JavaScript, CSS, and HTML5. Mobile optimization is good, but overall content quality and SEO are basic. Security posture is moderate with HTTPS enabled but lacking security headers and incident response information. No contact information or compliance indicators are present, which limits trust and business credibility. Overall, the site is accessible without WAF or security challenges and contains no adult or explicit content.

Pau Agglomération operates an official government website serving the city of Pau and its surrounding agglomeration in France. The site provides comprehensive information on daily life, urban planning, social services, culture, environment, and more, targeting residents and visitors. It is positioned as a key local government communication and service platform. Technically, the website is built on Drupal 10, employs Matomo for analytics, and uses modern web technologies ensuring good performance, mobile optimization, and accessibility. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. Privacy compliance is well addressed with privacy and cookie policies and consent mechanisms. However, explicit contact emails and phone numbers are not directly visible, and no terms of service or vulnerability disclosure pages were found. Overall, the website is professional, trustworthy, and well-maintained, reflecting a mature digital presence for a government entity.

U

Université de technologie de Compiègne

utc.fr

57

Université de technologie de Compiègne (UTC) is a well-established French technological university focused on higher education, research, and innovation. The website reflects a professional and consistent brand image, targeting students, researchers, and industry partners. It offers comprehensive educational services and fosters technological advancement. The digital infrastructure is based on WordPress with modern frameworks and good mobile optimization, ensuring a positive user experience. Security posture is solid with HTTPS and security headers, though explicit security policies and incident response contacts are not publicly visible. Overall, the domain and website appear legitimate and trustworthy, consistent with an educational institution of its stature.

B

BISTROOO

bistrooo.cz

45

Bistrooo is a small hospitality business based in Příbram, Czech Republic, offering breakfast, soups, hot meals, and daily menus. The website presents a clear business focus on local food service with reservation capabilities and business hours. The technical infrastructure is built on the Webnode CMS platform, leveraging AWS Cloudfront CDN and Google Tag Manager for analytics. The site is accessible, mobile-optimized, and has a good user experience, though it lacks advanced SEO and accessibility features. Security posture is moderate with HTTPS enabled but missing security headers and privacy compliance elements. The absence of WHOIS data limits domain legitimacy verification, which impacts trustworthiness. Overall, the site is functional and professional but requires improvements in privacy compliance and security best practices.

B

Brdský běžecký pohár

brdskypohar.cz

44

The website 'Brdský běžecký pohár' serves as a regional platform dedicated to organizing and promoting running events and athletic competitions primarily in the Příbram area of the Czech Republic. It offers detailed information about upcoming races, results, photo galleries, and registration options, targeting runners, athletes, and local sports enthusiasts. The business model revolves around event organization, community engagement, and race facilitation, positioning itself as a key regional sports event organizer. Technically, the website employs a modern tech stack including HTML5, CSS, JavaScript with jQuery and Bootstrap 5 frameworks, and integrates Google Analytics for visitor tracking. The site is hosted under a Czech registrar with appropriate DNS settings and uses HTTPS for secure communication. Mobile optimization and user experience are good, though accessibility and SEO could be improved. From a security perspective, the site benefits from HTTPS but lacks visible security headers and a formal privacy or cookie policy, which are important for GDPR compliance. No vulnerability disclosure or incident response information is provided. The use of Google Analytics without a cookie consent mechanism indicates potential privacy compliance gaps. Overall, the website is functional, content-rich, and trustworthy for its intended audience but would benefit from enhanced privacy compliance, improved security headers, and formal policies to strengthen its security posture and regulatory adherence.

J

Jérémie Bottollier Curtet

bottweb.fr

56

Jérémie Bottollier Curtet operates as a freelance web and mobile application developer based in Haute-Savoie, France. The business specializes in creating custom digital solutions including websites (One Page, Vitrine, E-commerce, and bespoke), web and mobile applications, SaaS and Micro-SaaS platforms, site redesign, maintenance, and training services. The company targets local businesses, startups, and independent professionals primarily in the Rhône-Alpes region. The website demonstrates a professional market position with clear service offerings and a strong local focus. Technically, the website is built on WordPress using Elementor, enhanced with modern web technologies and analytics tools such as Google Tag Manager and Hotjar. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Performance is moderate with good user experience and navigation clarity. From a security perspective, the site enforces HTTPS, employs security headers, and includes cookie consent mechanisms, indicating a good security posture. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests areas for improvement. The WHOIS data is missing, which slightly impacts domain trustworthiness but does not detract significantly from the overall legitimacy. Overall, the website and business present a low-risk profile with professional digital presence and sound security practices. Strategic recommendations include enhancing transparency with dedicated security and privacy policy pages, implementing vulnerability disclosure, and maintaining regular security audits to sustain trust and compliance.

éthi'Kdo is a French e-commerce platform specializing in eco-responsible gift cards that promote ethical gifting for individuals, businesses, and employee committees. The website presents a well-structured and professionally designed interface with a focus on sustainability and social responsibility. The technical infrastructure leverages modern JavaScript, CSS, and HTML5 technologies, integrating third-party services such as Sentry for error monitoring, Google Analytics for user behavior tracking with IP anonymization, and Crisp Chat for customer support. Security posture is strong with HTTPS enforced and appropriate security headers in place, though explicit privacy and cookie policies are absent, indicating room for compliance improvement. Overall, the website demonstrates a high level of business credibility and technical maturity, with no detected vulnerabilities or suspicious activity.

The website petitesimmensites.org is a small French-language informational platform focused on educating users about the benefits and usage of VPNs for accessing geo-restricted streaming content. It provides detailed explanations of VPN technology, usage instructions, and recommends Surfshark VPN as a preferred service. The site targets French-speaking internet users interested in streaming and privacy technologies. Technically, the site is built with basic HTML, CSS, and jQuery, hosted behind Cloudflare DNS but lacks DNSSEC and advanced security headers. The site is mobile responsive at a basic level and has moderate performance. Security posture is minimal with no visible security policies or incident response information. Privacy compliance is lacking as no privacy or cookie policies are present. Business credibility is low due to absence of contact or company information. Overall, the site is safe for general audiences and does not contain adult or explicit content.

T

Tangible design festival

tangible-festival.org

44

The Tangible design festival website represents a cultural event based in Marseille, France, dedicated to various forms of design expression. The festival is scheduled for October 2025 and features exhibitions, workshops, and meetings across multiple local venues. The business model centers on event organization and cultural promotion within the local design community, targeting a general audience interested in contemporary design and art. Technically, the website is built with modern web standards including HTML, CSS, and JavaScript, and uses HTTPS with hosting provided by OVH sas. The site includes minimal external dependencies, notably the Umami analytics platform for visitor tracking. The site is mobile optimized and accessible with good SEO practices, but lacks advanced frameworks or CMS platforms. From a security perspective, the site benefits from HTTPS and domain status protections but lacks DNSSEC and security headers, which are recommended for enhanced security. No privacy or cookie policies are present, and no contact or incident response information is provided, indicating gaps in compliance and user trust features. The WHOIS data shows a suspicious future domain creation date, which undermines domain legitimacy and trustworthiness. Overall, the website is functional and professionally designed for its purpose but requires improvements in privacy compliance, security hardening, and transparency to enhance trust and regulatory adherence.

B

b2match

b2match.com

68

b2match is a technology-driven SaaS company specializing in event management platforms focused on networking and matchmaking for in-person, virtual, and hybrid events. The platform offers a comprehensive suite of tools including registration, ticketing, agenda management, AI-powered matchmaking, mobile apps, and analytics, positioning itself as a trusted solution for event professionals globally. The website demonstrates a mature digital presence with modern technologies such as Next.js, React, and integration of major analytics and advertising platforms. Security posture is strong with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not publicly available. Overall, the website and business exhibit high professionalism and trustworthiness, though WHOIS data is privacy-protected, which is common for SaaS providers. Strategic recommendations include enhancing security header implementation and publishing security policies to further improve trust and compliance.

C

Circle U.

circle-u.eu

71

Circle U. is a collaborative alliance of nine research-intensive European universities focused on providing interdisciplinary education, research, and innovation opportunities. The website serves as a portal for students, academics, and administrative staff, offering news, events, and resources. The alliance is co-funded by the European Union, reinforcing its legitimacy and institutional backing. The technical infrastructure is based on the Vortex CMS platform, hosted likely by the University of Oslo, with modern web technologies and multimedia integration. The site is moderately optimized for performance and accessibility, with room for improvement in mobile responsiveness and accessibility features. Security posture is solid with HTTPS and cookie consent mechanisms in place, though explicit security headers and incident response information are absent. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent banner. Overall, the website is professional, trustworthy, and aligned with its educational mission.

H

Hochschulrektorenkonferenz (HRK)

hrk.de

39

The Hochschulrektorenkonferenz (HRK) is a prominent voluntary association representing state and state-recognized universities in Germany, encompassing 268 member institutions and covering approximately 94% of German students. The website serves as a comprehensive information hub for higher education stakeholders, offering news, policy positions, event information, and resources related to university governance and research. The HRK holds a leading position in the German higher education landscape, acting as a key coordination and advocacy body. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including JavaScript and SVG for graphics. The site demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. Privacy-conscious analytics via Piwik are implemented with cookies disabled, reflecting a commitment to user privacy. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a published security policy or incident response contacts, which are recommended for enhanced security posture. The absence of a cookie consent mechanism is a minor compliance gap given GDPR requirements. Overall, the HRK website is professional, trustworthy, and well-maintained, with strong content quality and business credibility. Strategic improvements in security headers, cookie consent, and incident response transparency would further strengthen its security and compliance stance.

The Berlin University Alliance is a prominent academic consortium of four major Berlin universities and university medical centers, established in 2011. It focuses on collaborative research addressing global societal challenges, knowledge exchange, promoting academic talent, sharing research resources, and fostering international partnerships. The alliance is well-positioned as a leading academic excellence network in Germany, supported by government funding and strategic collaborations such as with the University of Oxford. Technically, the website is built on the Infopark CMS Fiona platform using Ruby on Rails, with modern web standards including responsive design and accessibility features. The site performs moderately well with good SEO and mobile optimization, though some improvements in performance and security headers could be made. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and does not provide a public security policy or incident response information. Privacy compliance is strong with a comprehensive privacy policy and GDPR adherence, but no cookie consent mechanism is present. Overall, the website is professional, trustworthy, and safe, serving its academic audience effectively. Strategic recommendations include enhancing security headers, implementing cookie consent, and publishing security and vulnerability disclosure policies to further strengthen trust and compliance.

Smart Slider 3 is a well-established WordPress plugin provider specializing in slider creation tools for WordPress and Joomla platforms. With over 800,000 users, the company NEXTENDWEB LTD. holds a strong market position in the WordPress plugin ecosystem, offering advanced editing capabilities and a freemium business model. The website demonstrates professional design, excellent content quality, and clear branding consistency, targeting web developers and site owners seeking enhanced slider functionality. Technically, the site is built on WordPress, leveraging modern web technologies including Google Tag Manager and Google Analytics for marketing and analytics purposes. Hosting and domain registration are managed via Cloudflare, ensuring reliable infrastructure and domain security. Security posture is good with HTTPS enforced and standard security headers present; however, improvements such as enabling DNSSEC and publishing explicit security policies are recommended. Privacy compliance is basic, with no visible privacy or cookie policies or consent mechanisms, which should be addressed to meet GDPR and other regulations. Overall, the website is trustworthy and professional, with minor gaps in privacy and security documentation.

ACTON s.r.o. is a Czech-based company established in 1993, providing a broad range of services primarily in real estate management, engineering, construction, and hospitality sectors. The company has evolved from property law consulting to a diversified service provider with local market presence in Prague and surrounding regions. The website reflects a small business with a focus on local clients including private individuals and municipal entities. Technically, the website is basic with standard HTML, CSS, and JavaScript usage, including Google Analytics for visitor tracking. However, it lacks modern CMS features and advanced technical frameworks. Security posture is moderate with no visible HTTPS confirmation or security headers, and no privacy or cookie policies are present, indicating compliance gaps. Contact information is limited to email and physical address without phone numbers or social media presence. Overall, the website is functional but would benefit from enhanced security, privacy compliance, and technical modernization.

P

Pražské vodovody a kanalizace, a.s.

pvk.cz

57

Pražské vodovody a kanalizace, a.s. is a major water utility company serving Prague and surrounding regions, providing essential water supply and sewage services. The company is part of the Veolia group, a global leader in environmental services. Their website offers comprehensive information on services, customer support, water quality, and company news, targeting residential and commercial customers. The business model focuses on utility service provision with a strong emphasis on customer engagement and environmental responsibility. Technically, the website is built on the Vizus CMS platform, utilizing modern web technologies including JavaScript, CSS, and Bootstrap framework components. The site is mobile-optimized and includes a cookie consent mechanism compliant with GDPR standards. Analytics are handled via Matomo, indicating a privacy-conscious approach to user tracking. Performance is moderate with good SEO and basic accessibility features. From a security perspective, the site enforces HTTPS and provides cookie consent controls, but lacks visible security headers and explicit security policies or incident response contacts. The absence of WHOIS data reduces domain trust slightly, though the affiliation with Veolia and professional presentation support legitimacy. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional and trustworthy digital presence for a large utility company. Strategic improvements in security headers, explicit privacy and security policies, and WHOIS transparency would enhance trust and compliance further.

G

Grand Automotive Central Europe

omoda-jaecoo.cz

63

The website omoda-jaecoo.cz represents the Czech market presence of the automotive brands Omoda and Jaecoo, subsidiaries of the Chinese Chery Group. It offers detailed information about various car models including electric, hybrid, and combustion engine vehicles, targeting a broad audience from young buyers to urban elites. The site includes dealer locators, news updates, and vehicle configuration options, supporting a direct-to-consumer sales model through a network of dealerships. Technically, the site uses modern JavaScript frameworks, Google Tag Manager, and analytics tools, hosted on Netim infrastructure with good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacks explicit security policy disclosures. WHOIS data confirms recent domain registration consistent with the brand's market entry timeline. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

E

EXPOBEAUTY PRAGUE s.r.o.

worldofbeauty.cz

38

Beauty Expo CZ, operated by EXPOBEAUTY PRAGUE s.r.o., is a prominent organizer of international trade fairs focused on cosmetics, hairdressing, wellness, and spa industries in the Czech Republic. The website showcases a long history of events dating back to 2006, attracting over 350 exhibitors and 15,000 visitors, positioning itself as a leading event in its sector. The business model revolves around organizing exhibitions, competitions, and seminars to connect industry professionals and consumers. The target audience includes industry professionals, exhibitors, and visitors interested in beauty and wellness sectors. Technically, the website employs standard HTML, CSS, and JavaScript with jQuery plugins for slideshows, but lacks modern frameworks or CMS indications. The site shows moderate performance and basic mobile optimization.

R

Review Porn

reviewporn.com

68

ReviewPorn.com is an established adult entertainment review platform founded in 2004, specializing in providing comprehensive reviews and comparisons of adult straight porn sites. The site targets an adult-only audience and operates primarily as an affiliate marketing business, offering detailed content and discount offers for various adult sites. Technically, the website uses standard web technologies including JavaScript, CSS, and Google Tag Manager for analytics. The site is moderately optimized for mobile and SEO, with a good user experience and clear navigation. Security posture is basic with HTTPS enabled and an adult content consent banner, but lacks advanced security headers and explicit security policies. Privacy compliance is minimal with a basic privacy policy but no cookie policy or GDPR indicators. The domain WHOIS data is consistent and trustworthy, registered through GoDaddy since 2004, supporting the site's legitimacy. Overall, the site is professional and credible within its niche but could improve security and privacy compliance.

The website outil-web.fr is a French-language agricultural form platform designed to collect user data related to agricultural activities such as cultivated surface area and type of culture. The site targets agricultural professionals or farmers in France and operates as a small-scale data collection service. The technical infrastructure is basic, relying on standard HTML and CSS with Google Fonts integration, hosted by Infomaniak Network SA. The site includes a CSRF token in its form, indicating some attention to security, but lacks advanced security headers and visible HTTPS confirmation in the provided data. No privacy, cookie, or terms of service policies are present, which limits compliance with GDPR and other privacy regulations. The absence of contact emails or phone numbers reduces business credibility and user trust. Overall, the site is functional but basic, with moderate mobile optimization and minimal tracking or advertising.

M

MARK of the BRAND

themolitor.com

45

MARK of the BRAND is a small, Seattle-based independent design studio specializing in brand identity services including monograms, brand marks, and logos primarily serving the Pacific Northwest region. The website presents a professional portfolio showcasing various brand mark designs and related services, targeting businesses and professionals seeking distinctive visual identity solutions. The business appears newly founded in 2024, consistent with the domain registration date. Technically, the website is built on WordPress with modern web technologies including optimized CSS and JavaScript, Google Fonts integration, and caching mechanisms. The site is mobile-optimized and SEO-friendly with appropriate meta tags and structured data. Hosting appears to be through NameCheap, the domain registrar, with HTTPS enabled ensuring secure communications. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. No privacy or cookie policies are present, which is a compliance gap. The site uses minimal tracking scripts and has no visible forms collecting sensitive data, reducing attack surface. No incident response or vulnerability disclosure information is provided. Overall, the website is professionally designed and trustworthy with a good security baseline but would benefit from enhanced privacy compliance and security hardening to improve user trust and regulatory adherence.

M

Midnight Carnival, LLC

midnightcarnival.com

54

Midnight Carnival, LLC operates a niche adult affiliate program specializing in fetish and erotica content. The website serves as a platform to recruit and support affiliate webmasters with a 50/50 payout model, focusing on high-quality adult promotional content. The business has been established since 2004, with a consistent domain registration and a clear market position within adult affiliate marketing. The website content is primarily static with some outdated technologies such as Flash, and it lacks modern web features like mobile optimization and advanced SEO. Technically, the site uses basic HTML, CSS, and JavaScript with no detected CMS or modern frameworks. Hosting is provided by MojoHost, as indicated by the nameservers. The site lacks HTTPS enforcement and security headers, which are critical for protecting user data and ensuring trust. There is no visible cookie consent mechanism or GDPR compliance indicators, which may expose the business to regulatory risks. From a security perspective, the site shows minimal security best practices, with no DNSSEC enabled and use of deprecated Flash content. The login form uses POST but no further security controls are evident. The WHOIS data is consistent and supports the legitimacy of the business, with no privacy protection masking registrant details. Overall, the security posture is weak and requires significant improvements. The website is clearly adult-oriented with explicit keywords and content targeting adults-only audiences. No social media or modern analytics tools are detected, indicating a low level of digital maturity. Strategic recommendations include enabling HTTPS, implementing security headers, removing Flash content, adding privacy and cookie policies, and improving mobile and accessibility features to enhance user experience and compliance.

G

Dessins animés, séries, films & émissions enfants en streaming gratuit

gulli.fr

66

Gulli.fr is a French media website focused on providing free streaming of cartoons, series, films, and children's shows. It targets a young audience and families, offering video content, games, news, and mobile applications. The site is well-branded and consistent with the Gulli media brand, a known player in French children's entertainment. Technically, the site uses modern web technologies including Next.js and React, with mobile optimization and integration of Google Tag Manager for analytics and a privacy consent SDK for cookie management. Security posture is moderate with HTTPS enabled but lacks explicit security headers and published privacy or terms of service pages. WHOIS data is not publicly available, typical for French domains managed by AFNIC, but the domain appears legitimate and consistent with the business. Overall, the site is professional and safe for its target audience but could improve transparency and security practices.

S

SPOT – Social Psychology of Transformation

spot-psychology.eu

48

The SPOT website represents an academic Erasmus Mundus Joint Master Programme focused on social psychology and social change, delivered by a consortium of European universities. It targets prospective graduate students seeking transformative education across multiple countries. The site is professionally designed using TYPO3 CMS and Bootstrap, with good mobile optimization and accessibility. It employs GDPR-compliant cookie consent and integrates Google Analytics for user behavior insights. Security posture is solid with HTTPS and no exposed sensitive data, though security headers and explicit policies could be improved. Overall, the domain registration and website content are consistent and legitimate, reflecting a trustworthy educational institution.

I

Internationale Hofer Filmtage

hofer-filmtage.com

60

The Hof International Film Festival is a well-established and important cultural event in Germany, focusing on independent and new cinema. Founded in 1967, it serves as a platform for emerging filmmakers and presents a diverse program of feature films, documentaries, and shorts. The festival is supported by a range of sponsors and partners, including government bodies and media organizations, and maintains a strong presence in the film industry. The website reflects a professional and user-friendly digital presence with comprehensive content and clear navigation. Technically, the site uses modern web technologies and Matomo analytics for user tracking, with good mobile optimization and accessibility. Security posture is solid with HTTPS and no obvious vulnerabilities, though improvements could be made by adding security headers and cookie consent mechanisms. The absence of WHOIS data for the domain is a notable anomaly that slightly reduces trust but does not detract from the overall legitimacy of the organization. Strategic recommendations include enhancing security policies, publishing incident response contacts, and improving privacy compliance transparency.

ARTE is a well-established European cultural television channel and online media platform, providing high-quality cultural, educational, and documentary content to a broad European audience. The website reflects a mature digital presence with a modern tech stack including React and Next.js, optimized for performance and mobile devices. Security posture is strong with HTTPS enforcement, modern security headers, and no detected vulnerabilities. Privacy compliance is robust, with clear privacy and cookie policies and GDPR adherence. Overall, ARTE demonstrates a high level of professionalism and trustworthiness, consistent with its public broadcaster status.

S

Spiel und Objekt – MA in Experimental Play

spielundobjekt.de

45

Spiel und Objekt is a specialized Master’s program in Experimental Play affiliated with the Hochschule für Schauspielkunst Ernst Busch in Berlin. The program focuses on developing artistic, technological, social, and material skills for new playful formats, primarily in theater and related fields. The website serves as an academic and informational platform targeting prospective students, artists, and researchers interested in experimental play and theater arts. Technically, the site is built on modern frameworks such as SvelteKit and uses Sanity.io as a CMS, ensuring good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and cookie consent mechanisms are lacking. The WHOIS data is minimal but does not raise concerns, and the domain appears consistent with the academic nature of the site. Overall, the website is professional, trustworthy, and well-structured, though improvements in privacy compliance and security headers are recommended.

T

Terumo Blood and Cell Technologies

terumobct.com

66

Terumo Blood and Cell Technologies is a global healthcare company specializing in blood and cell-based therapy solutions. Their offerings include automated blood collection and processing systems, therapeutic apheresis devices, cell therapy manufacturing technologies, and related software and services. The company positions itself as a leader in the healthcare technology sector, serving hospitals, blood centers, and cell therapy manufacturers worldwide. The website reflects a mature digital presence built on Adobe Experience Manager, with modern web technologies and integration of analytics tools like Google Tag Manager. Security posture is strong with HTTPS and no visible vulnerabilities, though some security headers and incident response details could be improved. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. The absence of WHOIS registration data is a concern but is mitigated by the professional nature of the website and its association with Terumo Corporation. Overall, the site is professional, trustworthy, and well-targeted to its healthcare audience.

N

Nakladatelství Akademie múzických umění v Praze

namu.cz

46

Nakladatelství Akademie múzických umění v Praze (NAMU) is a specialized publishing house affiliated with the Academy of Performing Arts in Prague, focusing on academic and artistic publications in film, music, theatre, dance, and related disciplines. The website serves as an online catalog and sales platform, targeting academics, students, and professionals in the performing arts sector. The business operates with a clear niche focus and maintains a consistent brand presence with professional content and social media engagement. Technically, the website uses standard web technologies (HTML5, CSS, JavaScript) with a moderate performance profile and good mobile optimization. However, it lacks advanced frameworks or CMS indications and does not show evidence of modern security headers or advanced analytics/tracking tools. The cookie consent mechanism is implemented, supporting GDPR compliance. From a security perspective, the site enforces HTTPS and provides basic privacy compliance but lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. No critical vulnerabilities or suspicious patterns were detected, but improvements in security headers and formal policies are recommended to enhance trust and compliance. Overall, NAMU presents a trustworthy, professional online presence with room for technical and security enhancements to better align with best practices and regulatory requirements.

Cdiscount is a major French e-commerce platform offering a wide range of products including furniture, electronics, home improvement, garden, and sports goods. The website targets French consumers looking for affordable prices and convenient online shopping experiences. It provides services such as secure payment options, installment plans, free delivery over certain amounts, and a loyalty program. The platform also offers mobile plans and travel booking services, indicating a diversified e-commerce ecosystem. Technically, the website employs modern web technologies including React and jQuery, with a responsive design optimized for mobile and desktop users. The presence of JSON-LD structured data and comprehensive meta tags supports good SEO practices. Performance is moderate with extensive use of JavaScript and external resources. Accessibility features and SEO optimizations are well implemented. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes security headers such as Content Security Policy and X-Frame-Options. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. However, explicit security policies and incident response contacts are not prominently published, which could be improved to enhance transparency and trust. Overall, the website is professional, trustworthy, and compliant with GDPR, featuring clear privacy and cookie policies with consent mechanisms. The lack of WHOIS data reduces domain registration transparency but does not significantly impact the site's legitimacy given its established market presence. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure information to further strengthen security posture and user trust.

K

KHSB

khsb-berlin.de

60

KHSB is an educational institution based in Germany, providing higher education services primarily targeting students and the academic community. The website is built on TYPO3 CMS and demonstrates a moderate level of digital maturity with modern technologies and a responsive design. The presence of Cookiebot for cookie consent and Matomo for analytics reflects a commitment to privacy and GDPR compliance, although explicit privacy and terms of service pages are not detected in the provided content. Security posture is adequate with HTTPS enabled and no obvious vulnerabilities, but could be improved with additional security headers and published policies. Overall, the website is professional and trustworthy, serving its educational purpose effectively.

H

Humboldt-Universität zu Berlin

hu-berlin.de

70

Humboldt-Universität zu Berlin is a prominent German university offering a wide range of academic programs and research initiatives. The website reflects its role as a leading educational institution with a strong emphasis on interdisciplinary research and social cohesion. It targets students, researchers, academic staff, and the general public interested in academic content. The university maintains a large-scale presence with consistent branding and professional content quality. Technically, the website is built on the Plone CMS platform, utilizing modern JavaScript libraries such as jQuery and bxSlider for interactive elements. It employs Matomo analytics with user consent mechanisms, indicating a mature approach to privacy. The site is hosted likely within academic networks in Germany, ensuring reliability and performance rated as moderate to good. Mobile optimization and accessibility features are well implemented. From a security perspective, the site enforces HTTPS and uses script integrity attributes, but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear cookie consent and a comprehensive privacy policy. Business credibility is high, supported by certifications and trust signals. Overall, the website is professional, secure, and compliant, with minor recommendations to enhance security headers and publish vulnerability disclosure information to further strengthen trust and security posture.

H

Hochschule für Musik Hanns Eisler Berlin

hfm-berlin.de

42

Hochschule für Musik Hanns Eisler Berlin is a well-established public music university founded in 1950, recognized as one of Europe's leading music institutions. The website provides comprehensive information about its academic offerings, ensembles, events, and student services, targeting prospective and current students, faculty, and music professionals. Technically, the site is built on TYPO3 CMS and hosted by Hetzner, featuring a well-structured, accessible, and mobile-optimized design. Security posture is solid with HTTPS enabled and secure form handling, but lacks visible security headers and formal privacy or cookie policies. No incident response or vulnerability disclosure mechanisms are evident, which could be improved to enhance trust and compliance. Overall, the site is professional, trustworthy, and content-rich, but would benefit from enhanced privacy and security transparency.

E

Evangelische Hochschule Berlin

eh-berlin.de

67

The Evangelische Hochschule Berlin (EHB) is a specialized higher education institution based in Germany, focusing on practical degree programs in social work, health, nursing, and education. The website serves as an information portal for prospective and current students, offering detailed navigation through academic programs, research, international opportunities, and continuing education. The institution positions itself as a medium-sized university of applied sciences with a clear focus on social and health sectors. Technically, the website is built on the TYPO3 CMS platform, utilizing modern web standards such as HTML5, CSS, and JavaScript. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The absence of advanced analytics or tracking scripts suggests a privacy-conscious approach or limited digital marketing. From a security perspective, the site lacks visible security headers and explicit security or privacy policies, which lowers its security posture. No blocking mechanisms or WAF challenges were detected, indicating open accessibility. The WHOIS data is minimal, with generic DNS servers and no detailed registrant information, which slightly impacts trust but is not uncommon for educational institutions. Overall, the website is professional and functional but would benefit from enhanced transparency in privacy and security policies, improved security headers, and clearer contact information to strengthen trust and compliance.

The website represents a small German software provider specializing in solutions for Studentenwerke, offering products such as inventory management, dormitory management, accounting, and cash register systems. The business positions itself as the leading provider in its niche within Germany. The technical infrastructure is basic, relying on legacy HTML standards and a CMS named 'web to date 8.0'. There is no evidence of modern SEO, accessibility, or mobile optimization. Security posture is weak due to lack of HTTPS and security headers, and no visible privacy or cookie consent mechanisms. Contact information and incident response details are absent, limiting trust and compliance. Overall, the site is functional but outdated and lacking in security and privacy best practices.

D

DK

d-k.io

62

DK is a French company specializing in carbon measurement and management solutions tailored for the communication, media, and advertising sectors. Their platform offers harmonized and standardized carbon footprint measurement tools, including an API for automated calculations, targeting advertisers, agencies, publishers, and media companies. The company positions itself as a market reference in France with notable media clients and a strong emphasis on sustainability and environmental impact reduction. Technically, the website is well-built with modern technologies such as Matomo analytics and Google Tag Manager, hosted by OVH SAS. It demonstrates excellent mobile optimization, accessibility, and SEO practices. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. Security posture is good with HTTPS enforced and no visible vulnerabilities, but the absence of security headers and incident response information are areas for improvement. Overall, the website is professional, trustworthy, and content-rich, reflecting a credible business with a clear mission. The domain registration data aligns well with the business claims, enhancing legitimacy. Privacy compliance and security transparency could be strengthened to improve user trust and regulatory adherence.

I

Instagram

tictac.com

80

Instagram is a globally recognized social media platform owned by Meta Platforms, Inc., providing photo and video sharing services to a broad audience. The website analyzed is the official login page, designed with modern web technologies and optimized for performance and mobile use. The platform maintains a strong security posture with HTTPS enforcement and comprehensive security headers, ensuring user data protection during login. While privacy and cookie policies are not directly visible on the login page, the overall compliance posture is good given Instagram's global presence and regulatory adherence. The domain's WHOIS data is privacy protected, which is typical for large enterprises, and does not detract from the site's legitimacy. Overall, Instagram's website demonstrates high professionalism, security, and trustworthiness.

C

C & K člen skupiny AUTO UH a.s.

ckauto.cz

43

C & K člen skupiny AUTO UH a.s. operates as an authorized automotive dealership and service provider specializing in Toyota, Lexus, Subaru, and CFMOTO brands. The company serves customers primarily in the Czech Republic with physical locations in Brno and Uherské Hradiště. Their business model focuses on new and used vehicle sales, vehicle servicing, and financing solutions, positioning them as a reputable regional player within the automotive retail sector. The website reflects a professional and consistent brand image aligned with their market presence. Technically, the website employs modern tracking and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and Seznam Analytics, indicating a mature digital marketing infrastructure. The site is mobile-optimized with good navigation and content quality, though some accessibility features could be enhanced. Performance is moderate, and SEO practices are adequately implemented. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms, demonstrating compliance with privacy regulations such as GDPR. However, the absence of explicit security headers and incident response information suggests room for improvement in security posture. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. The main limitation is the lack of WHOIS data, which restricts domain legitimacy verification. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility to further strengthen trust and compliance.

The website fitandmuscular.com operates as a niche adult video content platform specializing in videos featuring fit and muscular women wearing skimpy outfits such as thongs and thong bikinis. The business model appears to be subscription or membership-based access to video content with regular updates and preview videos. The site targets an adult audience interested in this specific content genre. Technically, the site is built with basic HTML and CSS, hosted by DreamHost, and lacks modern web frameworks or CMS. There is no evidence of analytics, tracking, or advertising technologies in use. Security posture is weak, with no HTTPS or security headers detected and no privacy or cookie policies present. WHOIS data is suspicious due to a domain creation date set in the future and lack of registrant details, which undermines trust. Overall, the site is functional but basic, with significant gaps in security and compliance.

C

This website is for ADULTS ONLY

cruel-mistresses.com

45

The website cruel-mistresses.com is an adult content portal requiring users to affirm they are at least 18 years old before entering. It hosts sexually explicit material with fetish and bondage themes, targeting an adult-only audience. The site references Mood-Universe.com as the copyright holder but provides minimal business or contact information. Technically, the site uses basic HTML and CSS with no detected CMS or advanced frameworks. Mobile responsiveness is present but basic. Security posture is weak, with no HTTPS enforcement or security headers detected in the provided data. The domain is aged since 2011 and registered with a reputable registrar, Rebel Ltd, but lacks detailed registrant information. Overall, the site lacks privacy, cookie, and terms of service policies, which impacts compliance and trustworthiness.

SubmissiveCuckolds.com is an adult entertainment website specializing in cuckolding fetish videos with a femdom touch. The site operates on a subscription-based model offering exclusive adult video content targeted at mature audiences interested in niche fetish genres. The website has been active since 2009, indicating a stable presence in its niche market. The content is explicit and designed for adults only, with no visible age verification mechanisms on the main page. Technically, the site uses standard web technologies including HTML5, CSS, JavaScript, and video.js for media playback. Google Analytics and Google Tag Manager are employed for user tracking, but there is no visible cookie consent mechanism, which may raise privacy compliance concerns. Security posture is basic with no advanced security headers detected and DNSSEC not enabled on the domain. The WHOIS data shows consistent domain registration with a long history and no privacy protection, supporting legitimacy. However, the absence of contact information and security policies reduces business credibility. Overall, the site functions adequately for its purpose but lacks several modern security and privacy best practices.

Orgasmabuse.com is an adult entertainment website specializing in forced orgasm content, offering exclusive videos and daily free content to adult enthusiasts. The site targets a niche adult audience and operates on a subscription or content access business model. The domain is mature, registered since 2013, and hosted by Hosting Concepts B.V., indicating a stable operational history. Technically, the site uses standard web technologies such as JavaScript, CSS, and HTML5, with cookie consent managed by Cookiebot and analytics via Google Tag Manager. However, the site lacks advanced SEO optimization and accessibility features, and the design quality is basic. From a security perspective, the website uses HTTPS but lacks DNSSEC and important security headers, which reduces its security posture. No privacy policy, terms of service, or contact information are published, limiting transparency and compliance with privacy regulations such as GDPR. The site employs external ad networks and tracking services, which may impact user privacy. Overall, the security score is moderate but could be improved significantly by implementing standard security headers and publishing comprehensive policies. The content is explicitly adult and NSFW, with clear age verification and warnings, making it suitable only for adults. There is no evidence of WAF or blocking mechanisms, allowing full content access for analysis. The domain registration data is consistent with the business type, though registrant details are minimal. Strategic recommendations include enhancing security headers, publishing privacy and security policies, improving SEO and accessibility, and adding clear contact and incident response information to build trust and compliance.

HumiliationPOV.com is a niche adult entertainment website specializing in fetish content such as small penis humiliation, femdom POV, financial domination, and related adult themes. The site operates primarily on a subscription and affiliate marketing business model, targeting an adults-only audience interested in specific fetish content. The website content is accessible without any WAF or security challenges, but it uses outdated technologies such as Flash and lacks modern security practices like HTTPS and security headers. Privacy compliance is minimal, with no visible cookie consent mechanisms despite handling user subscriptions. WHOIS data is unavailable, indicating possible privacy protection or recent domain registration, which reduces transparency and trustworthiness. Overall, the site serves a specialized adult market but has significant technical and security shortcomings.

T

The English Mansion

theenglishmansion.com

7

The English Mansion operates as a niche adult content membership website specializing in femdom BDSM videos and related fetish content. It targets an adults-only audience with explicit content and enforces age verification for UK subscribers. The site claims over 20 years of operation and positions itself as a leader in its niche, offering daily updated HD videos and VR content. Technically, the site uses basic HTML, CSS, and JavaScript with Google Analytics for tracking. However, there is no evidence of a modern CMS or advanced frameworks. Security posture is weak, lacking HTTPS enforcement and security headers, and no privacy or cookie policies are present. The absence of WHOIS registration data and contact information reduces business credibility and trust. Overall, the site is functional but requires significant improvements in security, privacy compliance, and transparency to enhance trust and user safety.

B

Bizarre Design

kinkymistresses.com

7

Kinky Mistresses is an adult entertainment website specializing in BDSM and Femdom video content. The site offers membership-based access to explicit adult videos featuring various fetish and domination themes. The business operates in a niche market segment targeting adults interested in BDSM and Femdom genres. The website content is explicit and includes an age verification warning to restrict access to adults only. Technically, the site uses standard web technologies including JavaScript and CSS, with Google Analytics and Google Tag Manager for visitor tracking. The site lacks advanced CMS or frameworks and shows basic mobile optimization and accessibility features. Security posture is moderate but limited by the absence of visible security headers and lack of published privacy or cookie policies. WHOIS data is unavailable, which reduces transparency and trustworthiness. Overall, the site functions as a small-scale adult content membership platform with basic technical and security implementations.