Security Directory

S

Stichting Heuvellandbibliotheken

heuvellandbibliotheken.nl

57

Stichting Heuvellandbibliotheken operates as a regional public library network serving multiple municipalities in the Limburg region of the Netherlands. The organization provides a broad range of library services including lending physical and digital media, hosting community events, and offering digital literacy support. The website reflects a well-maintained digital presence with clear navigation, mobile optimization, and relevant content targeting residents and visitors of the Heuvelland area. Technically, the site is built on Adobe Experience Manager CMS, employs HTTPS, and uses Matomo for analytics, indicating a modern and privacy-conscious infrastructure. Security posture is solid with no visible vulnerabilities or exposed sensitive data, though formal security policies and incident response contacts are not published. Overall, the site demonstrates a high level of professionalism and trustworthiness appropriate for a public service entity.

R

Rhein-Kreis Neuss

rhein-kreis-neuss.de

56

Rhein-Kreis Neuss operates as a regional government authority in Germany, providing a comprehensive range of public services and information to residents, businesses, and visitors. The website serves as a digital portal for administrative, cultural, educational, and economic services, reflecting a well-structured and professionally maintained online presence. The use of TYPO3 CMS and Matomo analytics indicates a mature digital infrastructure with a focus on privacy and user experience. Technically, the website demonstrates good implementation practices, including responsive design, accessibility features, and SEO optimization. Security measures such as HTTPS and privacy-conscious analytics configurations are in place, although explicit security headers and incident response policies are not publicly documented. The domain registration data aligns well with the website's governmental nature, supporting its legitimacy and trustworthiness. Overall, the security posture is solid but could be enhanced by publishing formal security policies and implementing additional HTTP security headers. Privacy compliance is strong, with clear cookie and privacy policies and mechanisms for user consent. The website content is safe for general audiences, with no adult or questionable material detected. Strategically, Rhein-Kreis Neuss should focus on enhancing transparency around security and incident response to further build trust and resilience. The digital platform is well-positioned to support the district's public service mission effectively.

S

Stadt Dormagen

dormagen.de

64

Stadt Dormagen operates as the official municipal government website for the city of Dormagen, Germany. It provides comprehensive information and services related to city administration, tourism, culture, business, and citizen engagement. The site targets residents, tourists, and local businesses, positioning itself as a central digital hub for municipal services and community information. The website is built on TYPO3 CMS and incorporates accessibility and multilingual features, reflecting a mature digital infrastructure suitable for a government entity. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response contacts are not publicly detailed. Overall, the site demonstrates a professional and trustworthy presence with good content quality and user experience.

W

Westdeutscher Rundfunk

wdr5.de

56

The website www1.wdr.de/radio/wdr5/index.html represents Westdeutscher Rundfunk (WDR), a large and established public broadcasting media entity in Germany. It offers a comprehensive range of radio programming, podcasts, news, and cultural content targeted primarily at German-speaking audiences interested in politics, culture, and regional news in North Rhine-Westphalia (NRW). The site is professionally designed with consistent branding and excellent content quality, reflecting WDR's strong market position in the media industry. Technically, the site uses modern web technologies including JavaScript, CSS, and ARD's proprietary player scripts, with responsive design optimized for mobile devices. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers and explicit security policies are absent. Privacy compliance is weak due to missing privacy and cookie policies and lack of consent mechanisms. Contact information is limited to a phone hotline and a contact form, with no direct emails or incident response contacts visible. Overall, the site is trustworthy and safe for general audiences, with no adult or explicit content detected.

The website nextgeneration.bg is an official Bulgarian government portal dedicated to informing the public and stakeholders about the Next Generation EU initiatives, including the National Recovery and Resilience Plan, Cohesion Policy, Fair Transition Mechanism, REACT-EU, and other EU priorities. It serves as a comprehensive informational resource with access to official documents, presentations, and public consultation links. The site targets Bulgarian citizens, government officials, and entities involved in EU funding programs. Technically, the site uses Bootstrap for responsive design, Matomo for analytics, and integrates Vimeo for video content. The website is mobile optimized, accessible, and has clear navigation, though it lacks some advanced SEO and security headers. The performance is moderate, and the technical stack is modern but basic. From a security perspective, the site uses HTTPS and does not expose sensitive data. However, it lacks visible security headers, privacy and cookie policies, and incident response information. There is no vulnerability disclosure or security.txt file. User tracking is moderate via Matomo but without explicit consent mechanisms, indicating privacy compliance gaps. Overall, the website is trustworthy and professional as a government information portal but would benefit from enhanced privacy compliance, security best practices, and clearer contact information to improve user trust and regulatory adherence.

A

AVM GmbH

avm.de

50

AVM GmbH operates the website en.fritz.com, providing a comprehensive portfolio of home networking products including routers (FRITZ!Box), mesh Wi-Fi systems, telephony devices, smart home products, and related applications. The company is positioned as a leading technology provider in the home networking and telecommunications sector, targeting consumers and small businesses seeking reliable and user-friendly Internet connectivity solutions. The website content is professionally curated, with clear navigation and detailed product information, supporting AVM's market presence and brand recognition. Technically, the website is built on the TYPO3 CMS platform, utilizing modern JavaScript libraries such as jQuery and Slick Slider for enhanced user experience. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive digital maturity profile. Analytics are implemented via Piwik (Matomo), reflecting a moderate level of user tracking balanced with privacy considerations. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in its HTML content. However, explicit security headers and published security policies or incident response procedures are not evident, representing areas for improvement. The absence of vulnerability disclosure mechanisms or security.txt files limits transparency in security communications. Overall, the website is trustworthy, safe, and professionally maintained, with no indications of adult or questionable content. The WHOIS data for the subdomain en.fritz.com is unavailable, which is expected as it is a subdomain; the main domain fritz.com is a well-established brand owned by AVM GmbH. Strategic recommendations include enhancing security headers, publishing security policies, and establishing vulnerability disclosure channels to strengthen security posture and stakeholder trust.

D

Dealum

dealum.com

69

Dealum is a technology company founded in 2016 that provides a SaaS platform focused on managing applications, increasing investor engagement, and facilitating co-investment. The website presents a professional and modern design, leveraging Angular framework and integrating analytics tools such as Microsoft Clarity and Google Tag Manager. The technical infrastructure is supported by Cloudflare DNS services, ensuring reliable hosting and domain management. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks advanced security headers and explicit security policies on the website. Privacy compliance is weak due to absence of privacy and cookie policies, which should be addressed to meet regulatory standards. Overall, the website is accessible, well-structured, and targets investors and startups seeking streamlined investment management solutions.

3

3DHochdrei

3dhochdrei.de

55

3DHochdrei is a German-based small business specializing in photorealistic 3D visualizations and virtual tours primarily for real estate, museums, and commercial clients. Their website presents a professional and modern digital presence built on WordPress, leveraging contemporary front-end libraries such as Swiper.js and AOS for animations. The company offers a range of services including 3D rendering, virtual 360-degree tours, drone photography, and virtual trade show stands, targeting businesses seeking to enhance customer engagement through immersive digital experiences. Social media integration and client references support their market positioning as a niche provider in the German market. Technically, the site is well-structured with good SEO practices and mobile optimization, though performance is moderate and accessibility is basic. Security posture is adequate with HTTPS enabled but lacks advanced security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is trustworthy and professional but could improve in security and privacy transparency.

D

Datenschutz ist Pflicht

datenschutz-ist-pflicht.de

59

Datenschutz ist Pflicht is a German-based company specializing in outsourced data protection management services, offering a flat-rate subscription model. Their services include certified data protection officers, IT security consulting, and compliance management, targeting businesses seeking comprehensive GDPR and data privacy solutions. The company emphasizes professional expertise with over 35 years of strategic IT consulting experience and multilingual support across more than 20 industries. Technically, the website is built on WordPress with the Divi theme, hosted by webgo.de, and employs modern web technologies including lazy loading and responsive design. Security posture is solid with HTTPS and certified personnel, though improvements are recommended in security headers and cookie consent mechanisms. Overall, the website is professional, trustworthy, and well-positioned in the data protection services market.

V

VR-Bank eG

vrbank-eg.de

61

VR-Bank eG operates as a regional cooperative bank in Germany, providing local banking and financial services to its community. The website serves as an informational portal highlighting the bank's offerings and commitment to local customer service. The technical infrastructure is based on modern web technologies including Angular Material and uses Dynatrace for performance monitoring, indicating a moderate level of digital maturity. However, the site lacks visible privacy and cookie policies, which impacts compliance and trust. Security posture is moderate with no explicit security headers or incident response information found, suggesting room for improvement in security transparency and best practices. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security disclosures to improve user trust and regulatory adherence.

S

Sparkasse Aachen

sparkasse-aachen.de

70

Sparkasse Aachen is a regional financial institution providing a broad range of banking and financial services including online banking, loans, investments, insurance, and personal advisory services. The website targets both private and corporate customers with a comprehensive digital presence and strong local market positioning, supported by awards and certifications. Technically, the site is built on a modern CMS platform (likely Adobe Experience Manager), uses HTTPS with good security practices, and integrates monitoring and analytics tools such as Dynatrace and Google Analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security posture is strong with session management and cookie consent mechanisms, though explicit security policy and incident response contacts are not published. Overall, the website is professional, trustworthy, and compliant with GDPR and cookie regulations, making it a reliable digital channel for the bank's customers.

F

FactFinder

fact-finder.de

58

FactFinder is a well-established German company specializing in AI-driven search and product discovery solutions for eCommerce businesses. With over 20 years of experience and a client base exceeding 2,000 online shops, FactFinder offers a comprehensive SaaS platform that enhances conversion rates through personalized shopping experiences. The company holds multiple industry awards, underscoring its market leadership and innovation. Technically, the website employs modern JavaScript libraries, consent management, and analytics tools, ensuring a robust digital presence with good performance and mobile optimization. Security practices include HTTPS enforcement and input validation, although explicit security policies and incident response contacts are not publicly disclosed. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, making it a credible resource for eCommerce technology solutions.

F

Fachagentur Wind und Solar

fachagentur-wind-solar.de

52

Fachagentur Wind und Solar is a German organization dedicated to promoting environmentally compatible use of wind and solar energy. Acting as an interface between science, practice, and politics, it supports the energy transition with in-depth analyses, expert information, and practical guidance. The website is professionally designed, content-rich, and regularly updated with news, publications, and events focused on renewable energy topics. The target audience includes policymakers, practitioners, researchers, and local communities interested in wind and solar energy development. Technically, the site runs on TYPO3 CMS, hosted on AWS infrastructure, and uses Matomo for privacy-respecting analytics. Security posture is good with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. Overall, the site is trustworthy, GDPR compliant, and provides valuable resources in the renewable energy sector.

A

AVM GmbH

myfritz.net

71

The website sso.myfritz.net serves as the secure login portal for MyFRITZ!Net, a service provided by AVM GmbH, a recognized German technology company specializing in home networking products. The platform allows users to authenticate and manage their FRITZ! devices through a centralized account. The site is professionally designed with consistent branding and provides links to comprehensive privacy and terms of service documents hosted on official AVM domains. The target audience is primarily users of FRITZ! products seeking device management and account access.

B

BAMBERG Tourismus & Kongress Service

tagen-in-bamberg.de

61

The website 'Tagen in Bamberg' serves as a regional platform promoting Bamberg as an ideal location for meetings, conferences, and events. Operated by BAMBERG Tourismus & Kongress Service, it offers comprehensive services including venue listings, event programs, and support services tailored to corporate and event planners. The site is professionally designed with clear navigation and is optimized for mobile devices, providing a positive user experience. Technically, it employs modern JavaScript libraries, Google Tag Manager, and a GDPR-compliant cookie consent mechanism, reflecting a moderate level of digital maturity. Security-wise, the site uses HTTPS and cookie consent but lacks visible advanced security headers or explicit security policies, indicating room for improvement. Overall, the website is trustworthy, compliant with privacy regulations, and well-positioned within its niche, though it could enhance its security posture and transparency further.

W

Welcome Hotels GHG Beteiligungsgesellschaft mbH

welcome-hotels.com

55

Welcome Hotels GHG Beteiligungsgesellschaft mbH operates a network of 14 hotels across Germany, offering accommodation, wellness, and event hosting services. The company emphasizes sustainability, demonstrated by its GreenSign certification, and targets a broad audience including tourists, business travelers, and event organizers. The website is professionally designed, mobile-optimized, and provides comprehensive information about hotel locations, amenities, and special offers. Technically, the site uses modern JavaScript libraries and integrates cookie consent mechanisms, ensuring compliance with privacy regulations. Security posture is good with HTTPS enforced, though some security headers are missing and no explicit security policy or incident response information is published. The WHOIS data is unavailable, which slightly reduces transparency but the overall business credibility remains high based on website content and trust indicators.

M

Mohrenhaus - Das Haus für schöne Sachen

mohren-haus.de

53

Mohren-Haus is a German-based e-commerce retailer specializing in lifestyle, gifts, kitchenware, home decor, fashion, and accessories. The website presents a well-structured online shop with a clear focus on branded and quality products, targeting a general audience interested in unique and beautiful items. The business appears to be a small local/regional player with an online presence to expand its reach. Technically, the website uses modern web technologies including Google Tag Manager and Facebook Pixel for marketing and analytics, hosted on Alfahosting with consistent WHOIS data. The site is mobile optimized and provides a good user experience with clear navigation and professional design. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks some security headers and explicit security policies. Privacy compliance is weak due to missing privacy and cookie policy pages, although a cookie consent mechanism is present. Overall, the website is legitimate and trustworthy but could improve transparency and security practices.

G

Geburtshaus Levi Strauss Museum

levi-strauss-museum.de

42

The Geburtshaus Levi Strauss Museum is a specialized cultural institution located in Buttenheim, Germany, dedicated to the life and legacy of Levi Strauss, the inventor of blue jeans. The museum offers exhibitions, educational programs, and a museum shop, targeting general visitors, fashion enthusiasts, and cultural tourists. It holds a niche market position with international recognition through awards. Technically, the website is built on WordPress using a child theme of Twenty Twenty-One, hosted on servers associated with flessio.com and flessio.de. The site demonstrates good mobile optimization and SEO practices but lacks advanced security headers and cookie consent mechanisms. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though improvements are recommended in security policy transparency and headers. Overall, the website is professional, trustworthy, and provides clear contact information and social media presence, supporting its credibility as a legitimate museum entity.

C

Colourbox

colourbox.de

58

Colourbox is a large German-based stock media agency offering over 26 million royalty-free images, videos, and vectors for purchase. The company targets businesses and individuals requiring licensed digital media for web, print, and social media use. The website demonstrates a mature technical infrastructure leveraging modern JavaScript frameworks, CDN hosting via AWS Cloudfront, and integration with Google Tag Manager for analytics and marketing. While the site is well-designed and content-rich, it lacks explicit privacy, cookie, and terms of service policies, which are critical for GDPR compliance and user trust. Security posture is adequate with HTTPS enabled but could be improved by implementing security headers and publishing incident response policies. Overall, the site is professional and trustworthy but would benefit from enhanced privacy and security transparency.

E

elementare teilchen GmbH

elementare-teilchen.de

42

elementare teilchen GmbH is a specialized agency focused on TYPO3 CMS development, web design, and programming services primarily serving clients in Germany. Their portfolio includes reputable institutions such as universities and government-related organizations, positioning them as a trusted niche provider in the technology sector. The company emphasizes a content-first approach and offers tailored web solutions with a strong design and technical foundation. Technically, the website employs modern frameworks like Bootstrap and uses optimized assets such as WebP images and self-hosted fonts, indicating a moderate to good level of digital maturity. Hosting is provided by SchlundTech, a professional hosting provider, and the site is mobile optimized with clear navigation and good content relevance. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks explicit security headers and published security policies, which are areas for improvement. Privacy compliance is partial, with a privacy policy linked but no cookie consent mechanism or GDPR explicit statements visible. Overall, the website is professional and trustworthy but could enhance its security posture and privacy compliance to meet higher standards.

V

vbw Stiftung Lebensgrundlagen Bayern

vbw-slb.de

58

The vbw Stiftung Lebensgrundlagen Bayern is a non-profit foundation focused on promoting sustainable social and ecological projects within Bavaria, Germany. It offers financial support through various funding awards ranging from 10,000 to 250,000 Euros annually, with a total funding volume of up to 600,000 Euros. The foundation targets individuals, organizations without profit motives, and educational institutions engaged in community and environmental sustainability initiatives. The website provides an online platform for registration and application, facilitating a structured and transparent funding process.

B

bayme vbm

baymevbm.de

65

bayme vbm is a prominent employer association representing the metal and electrical industries in Bavaria, Germany. With approximately 3,600 member companies, it provides advocacy, legal support, training, and networking services to its members. The organization operates under the umbrella of the Vereinigung der Bayerischen Wirtschaft e. V. (vbw), reinforcing its strong regional and industry presence. The website is professionally designed, multilingual (German and English), and offers comprehensive resources and tools tailored to its target audience of businesses in manufacturing and related sectors. Technically, the website employs modern JavaScript libraries such as Swiper.js and Vimeo Player API, integrates cookie consent mechanisms compliant with GDPR, and uses accessibility tools like eyeAble. The site is responsive and optimized for mobile devices, with good SEO and accessibility practices. Security-wise, the site enforces HTTPS, implements standard security headers, and uses secure forms for login. However, it lacks a dedicated security policy or incident response page and does not provide a vulnerability disclosure or security.txt file. Overall, the security posture is solid with no visible vulnerabilities or exposed sensitive data. The WHOIS data aligns with the business claims, showing consistency and legitimacy. The site uses etracker for analytics and tracking with user consent, maintaining good privacy compliance. Social media presence across major platforms enhances trust and outreach. The risk level is low, but improvements could be made by publishing explicit security policies and incident response contacts to enhance transparency and preparedness. The website serves its business purpose effectively with high professionalism and user experience.

R

run.events GmbH

run.events

68

run.events GmbH operates a sophisticated AI-powered event management platform designed to streamline the entire event lifecycle from planning to post-event analytics. The company targets event organizers, agencies, venues, and associations, offering a comprehensive SaaS solution that integrates planning, marketing automation, ticketing, delivery, and analytics. Their market position emphasizes cost savings, enhanced security, and automation, positioning them as a modern alternative to traditional event management tools. Technically, the website leverages modern frameworks such as Astro and React, hosted on Azure with integrations to major analytics and marketing platforms including Google Analytics, HubSpot, LinkedIn, and Microsoft Clarity. The site is well-optimized for performance, mobile responsiveness, and SEO. Security posture is strong with HTTPS enforced, clientTransferProhibited domain status, and cookie consent mechanisms, though DNSSEC is not enabled and some security headers could be improved. Privacy compliance is robust with clear policies and consent banners. Overall, the domain registration details align well with the business claims, supporting legitimacy and trustworthiness.

B

BKK Budapesti Közlekedési Központ

bkkinfo.hu

65

BKK Budapesti Közlekedési Központ is the primary public transportation authority in Budapest, Hungary, providing comprehensive travel planning, ticketing, and real-time traffic updates. The website serves residents and visitors with detailed information on public transport services, accessibility, and operational changes. It holds a strong market position as the official transport provider with a large user base. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and MapLibre GL JS for interactive maps. It is hosted likely behind Cloudflare, ensuring good performance and security. The site is mobile-optimized and accessible, with clear navigation and professional design. Security posture is solid with HTTPS enforced and secure login forms. However, explicit security headers like Content-Security-Policy and X-Frame-Options are not evident in the HTML and could be improved. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy, professional, and well-maintained, with no detected vulnerabilities or suspicious content. Strategic recommendations include enhancing security headers and continuous monitoring of third-party scripts to maintain security integrity.

V

Vereinigung der Bayerischen Wirtschaft e. V.

vbw-bayern.de

66

The website www.vbw-bayern.de represents the Vereinigung der Bayerischen Wirtschaft e. V., a voluntary, cross-sector economic interest association for the Bavarian economy. It serves as a key platform for economic policy advocacy, information dissemination, and member services targeting Bavarian businesses and stakeholders. The site features rich content including events, publications, podcasts, and press releases, reflecting an active engagement with its audience. The business model is non-profit and focused on regional economic representation, positioning vbw as a leading economic association in Bavaria. Technically, the site employs a modern web stack with JavaScript, CSS, and HTML5, utilizing libraries such as Swiper.js for interactive sliders and etracker for analytics. The site is mobile-optimized, accessible, and SEO-friendly, though it appears to use a custom or proprietary CMS. Performance is moderate, with good mobile and accessibility features. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. Security headers are minimal but present, and no critical vulnerabilities or exposed sensitive data were detected. However, the site lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced security posture. Overall, the site is trustworthy, professional, and compliant with privacy regulations, serving its business purpose effectively. Strategic improvements in security transparency and header implementation would further strengthen its security posture.

B

Bamberg Tourismus

bamberg.info

62

Bamberg.info is the official tourism website for the city and region of Bamberg, Germany, a UNESCO World Heritage site. The site provides comprehensive information on cultural attractions, events, accommodations, guided tours, and local activities, targeting tourists, families, and groups. It serves as a central hub for planning visits, booking tickets, and exploring the region's rich heritage and leisure offerings. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and integrates services like OpenStreetMap, YouTube, and Plausible Analytics. It features a GDPR-compliant cookie consent mechanism and privacy policy, reflecting good privacy practices. Security posture is moderate with HTTPS usage and cookie consent, though additional security headers could enhance protection. The WHOIS data is not publicly available, indicating privacy protection, which is justified for this type of public-facing tourism portal. Overall, the website is professional, trustworthy, and well-positioned in the hospitality sector.

Netbite is a German-based small business specializing in hosting and IT solutions tailored for small and medium-sized enterprises. Established in 2004, the company offers a range of services including webhosting, root servers, server housing, cloud infrastructure, and IT support such as Mac support and WLAN installations. Their market position is that of a niche provider focusing on reliable and secure hosting solutions with a local presence in Germany. The website is professionally designed with clear navigation and good mobile optimization, reflecting a mature digital presence. Technically, the website uses standard modern web technologies such as HTML5, CSS3, and JavaScript, hosted by Vautron Rechenzentrum AG. The site is served over HTTPS with Let’s Encrypt certificates, ensuring secure communications. However, some security best practices like DNSSEC and security headers are not implemented, representing areas for improvement. The site does not use any visible analytics or tracking technologies, indicating a privacy-conscious approach. From a security perspective, the site demonstrates a solid baseline with HTTPS and no exposed sensitive data. The absence of a dedicated security policy or vulnerability disclosure page suggests room for maturity in security governance. Contact information is clearly provided, but incident response and security contact channels are not explicitly stated. Overall, the security posture is good but could be enhanced with additional policies and technical controls. The overall risk assessment is low, with no signs of malicious content or vulnerabilities. Strategic recommendations include enabling DNSSEC, implementing security headers, adding a vulnerability disclosure policy, and introducing a cookie consent mechanism to improve privacy compliance. These steps will enhance trust and security culture while aligning with GDPR requirements.

I

ifo Institut

ifo.de

61

The ifo Institut is a prominent German economic research institute focused on shaping economic debate through high-quality research and policy advice. The website reflects a mature digital presence with a professional design, comprehensive content, and strong integration with academic and policy networks such as CESifo and EconPol Europe. Technically, the site is built on Drupal 10, hosted on Microsoft Azure DNS infrastructure, and uses modern web technologies ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers and incident response policies could be improved. Privacy compliance is well addressed with GDPR-compliant privacy and cookie policies. Overall, the site demonstrates high business credibility and trustworthiness, serving a target audience of researchers, policymakers, and the public interested in economic research.

R

Rausgegangen GmbH

rausgegangen.de

64

Rausgegangen GmbH operates a professional event discovery platform primarily targeting German cities, offering users curated event tips, ticketing, and lotteries. The website is well-branded and provides a mobile-optimized experience with a modern tech stack including React, Alpine.js, and Matomo analytics. Privacy compliance is supported by an Iubenda cookie consent mechanism, although an explicit privacy policy URL was not found in the provided content. Security posture is solid with HTTPS and error monitoring via Sentry, but lacks published security policies or incident response contacts. Overall, the platform is credible and trustworthy with a focus on media and entertainment.

C

Verdiene dauerhaft mehr Geld mit deinem Design!

calculate.design

47

The website calculate.design offers specialized online tools aimed at designers to help them calculate appropriate hourly rates and project pricing. It features two main products: KAJY, a free hourly rate calculator, and VTV Design, a paid project pricing calculator with extensive examples. The site is professionally designed, with consistent branding and endorsements from recognized design professionals and organizations such as AGD and PAGE Magazin. Technically, the site uses standard web technologies (HTML5, CSS, JavaScript) and is moderately optimized for performance and mobile use. Security posture is moderate with no visible advanced security headers or policies, and no HTTPS status was explicitly found in the provided data. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. No contact emails or phone numbers are provided on the main page, which limits direct communication channels. Overall, the site is trustworthy and serves a niche market effectively.

М

Министерство на електронното управление

egov.bg

75

The website egov.bg is the official Bulgarian government portal for electronic services and information, managed by the Ministry of Electronic Governance. It serves as a centralized platform for citizens and businesses to access a wide range of administrative services, including registrations, permits, tax payments, and document validation. The portal is well-positioned as the primary digital gateway for e-government services in Bulgaria, offering comprehensive content and a user-friendly interface. The target audience includes Bulgarian citizens and business entities seeking government services online. Technically, the site is built on IBM WebSphere Portal technology, utilizing JavaScript frameworks such as Dojo Toolkit and Matomo for analytics. The infrastructure supports moderate performance with good mobile optimization and accessibility features. The site employs HTTPS with strong SSL configuration and includes cookie consent mechanisms aligned with GDPR requirements. However, there is room for improvement in security headers and incident response transparency. From a security perspective, the portal demonstrates a mature posture with encrypted communications, user consent for tracking, and CAPTCHA protections on feedback forms. No critical vulnerabilities or exposed sensitive data were detected. Privacy policies are comprehensive and GDPR compliant, enhancing user trust. The domain registration details align with the official government entity, reinforcing legitimacy. Overall, egov.bg is a trustworthy, professional government portal with strong content quality and compliance. Strategic recommendations include enhancing security headers, publishing incident response contacts, and improving transparency on data retention policies to further strengthen security and user confidence.

The website identity.eop.bg serves as the login portal for the Bulgarian government's centralized electronic public procurement system (ЦАИС ЕОП). It provides secure user authentication for stakeholders involved in public procurement processes. The platform is funded by the European Union and the Bulgarian government, reflecting its official and authoritative nature. The site supports OAuth2 authorization with PKCE and integrates digital signature login options, indicating a mature approach to secure identity management. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and ASP.NET frameworks. It employs Matomo analytics for user tracking, though no explicit cookie consent mechanism is present. The site is moderately optimized for mobile and accessibility, with a professional and consistent design aligned with government branding. However, security headers are not detected in the provided data, and no explicit security or incident response policies are published. From a security perspective, the site demonstrates good practices such as anti-forgery tokens and secure password inputs. The use of PKCE in OAuth2 flows enhances security against interception attacks. The absence of visible vulnerabilities and the consistent WHOIS data support a strong trust profile. Nonetheless, improvements are recommended in cookie consent, security headers, and transparency of security policies to enhance compliance and user trust. Overall, the platform is a reliable and professional government service with moderate technical maturity and a solid security foundation. Strategic enhancements in privacy compliance and security transparency will further strengthen its posture and user confidence.

M

Mať Filipa

matfilipa.sk

52

The website matfilipa.sk is an educational project dedicated to raising awareness and knowledge about intellectual property rights among students and young creators in Slovakia. It offers detailed educational content on industrial and authorial intellectual property, including downloadable materials and an option to order printed educational books. The site is positioned as a niche educational resource with a focus on Slovak and European intellectual property institutions. Technically, the website uses a standard modern stack including Bootstrap, jQuery, and Google Analytics, hosted likely by Websupport. It is secured with HTTPS and DNSSEC, but lacks some security headers and uses some HTTP resources, which could be improved. Privacy compliance is weak due to the absence of privacy and cookie policies. Contact is provided only via a detailed form without direct emails or phone numbers. Overall, the site is functional, informative, and trustworthy but could benefit from enhanced security and privacy practices.

R

Romeofilms

sidliskovysen.sk

41

The website sidliskovysen.sk serves as the official online presence for the documentary film 'RYTMUS sídliskový sen,' focusing on the life and culture surrounding Slovak hip-hop artist Rytmus. The site provides film-related content, including cast, crew, galleries, and related social projects. It targets a general audience interested in music, social issues, and documentary films. The business model revolves around media production and promotion, supported by partnerships with educational and governmental organizations in Slovakia and the EU. Technically, the site uses a traditional web stack with HTML5, CSS, JavaScript, and jQuery, supported by the Nette PHP framework and hosted on Websupport infrastructure. It integrates Google Analytics for tracking and Livechatoo for user engagement. However, the site lacks HTTPS, which is a critical security shortfall. Security posture is moderate with DNSSEC enabled but missing key security headers and policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the site is functional and professionally designed but requires improvements in security and compliance to enhance trust and user safety.

O

Oberfrankenstiftung

oberfrankenstiftung.de

54

The Oberfrankenstiftung is a publicly governed foundation focused on promoting welfare in the Oberfranken region of Germany. It supports projects in social, cultural, and scientific fields by allocating funds from its endowment. The website reflects a well-structured and professional digital presence with comprehensive information about its activities, funding opportunities, and recent projects. The foundation positions itself as a key regional non-profit entity with strong ties to local government and cultural institutions. Technically, the website employs standard web technologies such as Bootstrap and jQuery, ensuring responsive design and good user experience. While the site is well-structured and content-rich, it lacks advanced security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS and does not expose sensitive data or vulnerable scripts. However, the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in security maturity. The WHOIS data aligns well with the website content, showing a consistent and legitimate domain registration. Overall, the website is trustworthy, professionally maintained, and serves its target audience effectively. Strategic enhancements in security headers, privacy compliance, and incident response transparency would further strengthen its security posture and user trust.

S

shoddy.site

shoddy.site

68

Shoddy.site is a small independent Mastodon server operated by an individual named Chris, providing a general purpose fediverse social media service. The website serves as an about page describing the service and its administration, targeting general users interested in decentralized social media. The business model is community-driven and personal, with no commercial or enterprise scale indicated. Technically, the site runs on a Glitch-soc fork of Mastodon version 4.3.5, with a modern JavaScript and CSS stack, and is moderately optimized for mobile and accessibility. Security posture is basic with HTTPS enabled but lacks DNSSEC and security headers, and no published security or incident response policies. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism or GDPR explicit statements. Overall, the site is trustworthy for its scale and purpose but could improve security and compliance transparency.

U

Useful Collective s.r.o.

logokit.com

64

LogoKit is a technology company providing a reliable and comprehensive API service for accessing high-quality logos and structured brand metadata for companies, stocks, ETFs, cryptocurrencies, and other assets. The service targets developers and businesses such as fintech platforms, job boards, e-commerce sites, and media outlets, offering seamless integration with a single line of code. The company positions itself as a market leader with extensive coverage and a global CDN ensuring fast delivery worldwide. The business operates on a tiered subscription model including a free plan and multiple paid tiers with increasing features and usage limits. Technically, LogoKit employs modern web technologies including Turbo Rails, Stimulus, Tailwind CSS, and integrates analytics via PostHog and Google Tag Manager. Hosting and DNS are managed through Cloudflare, providing performance and security benefits. The website is well-optimized for mobile and accessibility, with professional design and clear navigation. Security practices include HTTPS enforcement and CSRF protection, though explicit HTTP security headers are not evident from the data. Privacy compliance is partially addressed with a clear privacy policy and terms of service, but lacks a cookie consent mechanism. The security posture is solid with no critical vulnerabilities detected, and the domain WHOIS data supports legitimacy with consistent registration details and appropriate domain age. The company provides clear contact information via email and maintains active social media profiles, enhancing trustworthiness. Overall, LogoKit demonstrates a mature digital presence with strong business credibility and technical implementation. Strategic recommendations include enabling DNSSEC, adding explicit security headers, implementing a cookie consent mechanism to improve GDPR compliance, publishing a security.txt file for vulnerability disclosure, and enhancing transparency around data retention policies.

N

nph Kinderhilfe Lateinamerika e.V.

nph-kinderhilfe.org

61

nph Kinderhilfe Lateinamerika e.V. is a well-established non-profit organization dedicated to improving the lives of children in Latin America and Haiti through education, protection, and family support. With a history dating back to 1954, the organization operates with a clear mission to provide safe environments and opportunities for children to grow and thrive. The website reflects a professional and consistent brand image, targeting donors, supporters, and stakeholders interested in child welfare. Technically, the website is built on modern frameworks such as Next.js and React, leveraging Directus as a CMS. It demonstrates good performance, mobile optimization, and SEO practices. The presence of Google Tag Manager indicates moderate user tracking for analytics and marketing purposes. From a security perspective, the site uses HTTPS with strong SSL configuration and includes essential security headers. However, there is no explicit security policy or incident response information publicly available, which could be improved. The WHOIS data is unavailable due to query failure or privacy protection, which is common for non-profits but slightly reduces trustworthiness. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include publishing a security policy, incident response contacts, and vulnerability disclosure information to enhance transparency and trust.

C

Christoffel-Blindenmission Deutschland e.V. (CBM)

cbm.de

51

Christoffel-Blindenmission Deutschland e.V. (CBM) is a well-established German non-profit organization dedicated to aiding visually impaired, blind, deaf, and physically disabled people in developing countries. The website clearly communicates its mission, projects, and donation opportunities, targeting donors, churches, and supporters interested in humanitarian and inclusive development work. The organization holds recognized certifications and trust seals, enhancing its credibility. Technically, the website employs modern web technologies including JavaScript, jQuery, and a consent management platform (Usercentrics) to ensure GDPR compliance. Hosting is managed via Ecotel, and analytics are performed using privacy-conscious Matomo. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. However, the site lacks explicit security policies, incident response contacts, and security headers, which could be improved to enhance trust and resilience. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the website presents a professional, trustworthy, and user-friendly platform for the CBM's charitable activities, with minor recommendations to bolster security transparency and incident readiness.

W

WEISSER RING Stiftung

weisser-ring-stiftung.de

50

The WEISSER RING Stiftung is a German non-profit foundation dedicated to supporting victims of crime and strengthening their societal position. The foundation operates through funding projects aligned with its mission, supported by donations and conservative investment strategies. The website presents a professional and consistent brand image, targeting donors, supporters, and victims seeking assistance. Technically, the site is built on Drupal 10, hosted likely by Deutsche Telekom, and uses Piwik analytics with privacy-conscious settings. Security posture is solid with HTTPS and no visible vulnerabilities, though security headers and incident response policies could be improved. Overall, the site is trustworthy and well-maintained, reflecting the foundation's reputable standing in the non-profit sector.

Holidu GmbH operates a vacation rental search and booking platform targeting travelers seeking holiday accommodations primarily in Germany and Europe. The website offers a comprehensive search engine with over 15 million listings, positioning itself as a significant player in the hospitality sector. The business model revolves around aggregating and comparing vacation rental offers to facilitate user bookings. Technically, the site employs modern JavaScript frameworks, including React, and integrates multiple analytics and marketing tools such as Google Analytics, Bing Ads, and Taboola. Hosting is managed via Amazon AWS infrastructure, ensuring reliable performance and scalability. Security posture is solid with HTTPS enforcement and standard security headers, though explicit security policies and incident response contacts are not published on the analyzed page. Privacy compliance is evident through accessible privacy and cookie policies, with GDPR considerations addressed. Overall, the site demonstrates good professionalism, trustworthiness, and technical maturity, though improvements in transparency around security and contact information would enhance credibility further.

P

Pomoc.sk

pomoc.sk

58

Pomoc.sk is a Slovak non-profit helpline and educational platform dedicated to child and youth internet safety, supported by the European Commission and Slovak government bodies. It provides free 24/7 telephone counseling, online chat, and email support, alongside accredited educational programs addressing cyberbullying, online risks, and digital literacy. The organization has a strong market position in Slovakia with over 18 years of experience and recognized partnerships with UNICEF and government ministries. Technically, the website uses standard web technologies including HTML, CSS, JavaScript, Google Analytics for tracking, and a third-party chat widget (Livechatoo). The site is moderately optimized for performance and mobile use but lacks advanced accessibility features and comprehensive SEO optimization. No CMS or hosting provider details are evident. From a security perspective, the site uses HTTPS and avoids exposing sensitive data but lacks visible security headers and published security or incident response policies. Privacy and cookie policies are absent, representing compliance gaps with GDPR and related regulations. The site does not show signs of vulnerabilities or malicious content but would benefit from improved security best practices. Overall, Pomoc.sk is a trustworthy and professionally presented resource for child internet safety in Slovakia, with solid business credibility but room for improvement in privacy compliance and security posture.

C

Conversion Expert GmbH

conversion.expert

63

Conversion Expert GmbH is a specialized technology service provider focused on A/B-Testing development, consulting, and platform solutions. With over 10 years of experience and hundreds of implemented experiments, they serve companies and agencies of all sizes primarily in Germany. Their business model combines bespoke A/B-Testing implementation services with their proprietary platform ABlyft, targeting expert users seeking high performance and flexibility. The website reflects a professional and consistent brand image with clear service offerings and client testimonials, positioning them as a trusted expert in the conversion optimization space. Technically, the website employs modern web technologies including Bootstrap, jQuery, and lazy loading for performance optimization. It integrates New Relic for monitoring and analytics, indicating a mature approach to performance and error tracking. The site is mobile optimized and SEO friendly, though accessibility features are basic. Hosting and domain registration are consistent with the business claims, enhancing credibility. From a security perspective, the site uses HTTPS with a valid SSL configuration and has domain transfer protections enabled. However, DNSSEC is not enabled and no explicit security headers were detected in the provided data. There is no visible security or incident response policy, and cookie consent mechanisms are absent despite GDPR relevance. These gaps suggest room for improvement in compliance and security posture. Overall, the website is trustworthy, professionally maintained, and business-focused with moderate privacy compliance and good technical implementation. Strategic enhancements in security headers, cookie consent, and explicit security policies would further strengthen their security posture and regulatory compliance.

A

AudioCodes

audiocodes.com

71

AudioCodes is a global enterprise technology company specializing in advanced voice networking and media processing solutions tailored for the digital workplace. Their offerings include Microsoft Teams integration, contact center innovations, meeting room solutions, and Voice.AI products, positioning them as a leading vendor in the telecommunications and technology sectors. The company targets enterprises and service providers, delivering both hardware and SaaS platforms to support unified communications and cloud migration strategies. Technically, the website demonstrates a mature digital infrastructure utilizing modern JavaScript libraries and analytics tools such as Google Tag Manager and ZoomInfo. The site is well-optimized for mobile and accessibility, with comprehensive SEO and structured navigation. Security best practices are observed with HTTPS enforcement and multiple security headers, although there is room for improvement in public vulnerability disclosure and incident response transparency. The security posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms and GDPR adherence. The absence of WHOIS data reduces some trust but is mitigated by the professional presentation and external validation through partner portals and investor relations. Overall, AudioCodes presents a credible and professional online presence with a robust business model and technical foundation. Strategic recommendations include enhancing transparency around security incident response and vulnerability disclosures to further strengthen trust and compliance.

S

StädteRegion Aachen

staedteregion-aachen.de

61

StädteRegion Aachen operates as a regional governmental authority in Germany, providing a wide range of administrative and public services to residents and stakeholders within its jurisdiction. The website serves as a comprehensive portal offering information on governance, history, digital infrastructure, social services, and citizen engagement. The target audience primarily includes local citizens, businesses, and public sector partners. The business model is centered on public administration and service delivery, positioning the entity as a key regional government institution. Technically, the website is built on the TYPO3 CMS platform, utilizing modern web technologies such as JavaScript and CSS. The site demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Performance is moderate, with room for optimization. Security measures include HTTPS enforcement and standard security headers, contributing to a solid security posture. Security evaluation reveals strengths in encryption and cookie consent mechanisms, though the absence of explicit security policies, incident response contacts, and vulnerability disclosure reduces transparency. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with comprehensive privacy and cookie policies aligned with GDPR requirements. Overall, the website presents a professional, trustworthy, and secure platform for regional government services. Strategic recommendations include publishing detailed security policies, establishing vulnerability disclosure channels, and enhancing contact information for security incidents to further strengthen trust and compliance.

V

Verband der Gründer und Selbstständigen Deutschland e.V.

vgsd.de

64

The Verband der Gründer und Selbstständigen Deutschland e.V. (VGSD) is a non-profit organization dedicated to representing the interests of founders, self-employed individuals, and small businesses in Germany. The website serves as a comprehensive platform offering advocacy, community engagement, educational content, events, and podcasts to support its target audience. The VGSD positions itself as a key lobby group fighting for fair regulations and better conditions for its members. Technically, the website is built on WordPress with modern JavaScript frameworks like Alpine.js and integrates multiple analytics and tracking tools with a strong emphasis on user consent and privacy compliance. Security-wise, the site enforces HTTPS, anonymizes IPs in analytics, and uses consent-based script loading, though it lacks explicit security policy documentation and a vulnerability disclosure mechanism. Overall, the site is professional, trustworthy, and well-optimized for performance and accessibility.

K

K2MATCH LIMITED

k2match.com

62

K2MATCH LIMITED operates a professional international entrepreneurial ecosystem platform focused on developing B2B and B2B2C startups and scaleups into market leaders. The company facilitates connections between startups, investors, corporates, business communities, and expert solution partners, offering growth services and hosting investor lounges and accelerator programs. The website is built on Squarespace, featuring a modern and professional design with good mobile optimization and SEO practices. Security posture is solid with HTTPS and HSTS enabled, though some security headers and privacy policies are missing. WHOIS data is unavailable, which slightly impacts trust but the website content and structure indicate a legitimate business. Overall, K2MATCH presents a credible platform for startup ecosystem development with room for improvement in privacy and security transparency.

JTL-Connect is a professional e-commerce event organized by JTL-Software-GmbH, targeting customers, partners, and interested parties in the e-commerce sector primarily in Germany. The website promotes the 8th JTL-Connect event scheduled for October 2, 2026, in Cologne, providing information and networking opportunities. The company holds a solid market position as an established event organizer within the German e-commerce ecosystem. Technically, the website is built on WordPress with modern SEO practices using Yoast SEO Premium. It integrates multiple analytics and marketing tools such as Google Analytics, Matomo, Facebook Pixel, Microsoft Clarity, and LinkedIn Insight Tag, demonstrating a mature digital infrastructure. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. From a security perspective, the site enforces HTTPS, employs Google reCAPTCHA for form protection, and implements a comprehensive cookie consent mechanism aligned with GDPR requirements. However, it lacks explicit security headers and a published security policy or incident response information, which are areas for improvement. Overall, the website is trustworthy, compliant with privacy regulations, and professionally maintained. The risk level is low, but strategic enhancements in security transparency and accessibility could further strengthen its posture.

A

Amazon.com, Inc.

amazon.jobs

72

Amazon.jobs is the official global career site for Amazon.com, Inc., a leading enterprise in technology and e-commerce. The website provides a comprehensive platform for job seekers to explore and apply for a wide range of roles including software development, warehouse, and hourly jobs. It reflects Amazon's mission to be Earth's most customer-centric company and highlights its innovative culture and global presence. The site is well-branded, professionally designed, and targets a broad audience of students, professionals, and hourly workers. Technically, the site leverages modern web technologies including React.js, AWS CloudFront CDN, and advanced performance monitoring tools such as Boomerang and AWS RUM. It is hosted on Amazon Web Services, ensuring robust infrastructure and fast performance. The website is mobile-optimized and accessible, with good SEO practices and structured navigation. From a security perspective, the site enforces HTTPS, implements security headers, and uses CSRF tokens to protect forms. Privacy and cookie policies are comprehensive and include consent mechanisms, indicating good privacy compliance. However, there is no explicit security policy or vulnerability disclosure page, which could be improved. No vulnerabilities or exposed sensitive data were detected. Overall, Amazon.jobs demonstrates a high level of professionalism, security, and compliance suitable for a global enterprise. The site is trustworthy and provides a safe, user-friendly experience for job seekers worldwide.

P

pixelfed.de

pixelfed.de

50

pixelfed.de is a German-based decentralized photo sharing social media platform powered by Pixelfed software. It positions itself as an ethical alternative to centralized platforms, offering features such as photo posts, albums, filters, collections, and federation with other platforms. The platform supports mobile apps, stories, and video content, targeting a general audience interested in privacy-respecting social media. The website is moderately sized with over 76,000 total users and 3,300 active users, indicating a healthy community presence. The business model revolves around providing a federated, open-source social media experience without advertising or centralized control. Technically, the website uses modern JavaScript frameworks including Vue.js and the Plyr video player, with responsive design and good SEO practices. The site is served over HTTPS with a valid SSL configuration and includes CSRF protection tokens, indicating a good security baseline. However, explicit security headers are not detected, and no cookie consent mechanism is present, which are areas for improvement. The site does not appear to use third-party analytics or tracking, aligning with its privacy-focused ethos. From a security perspective, pixelfed.de demonstrates a solid posture with no visible vulnerabilities or exposed sensitive data. The lack of detailed security policies or incident response contacts is a gap, as is the absence of a vulnerability disclosure or security.txt file. The WHOIS data is minimal but consistent with the website's German origin and business history, with no privacy protection applied. Contact information is limited to an email address for the administrator, with no phone or physical address provided. Overall, pixelfed.de is a trustworthy and well-maintained platform serving a niche community interested in decentralized and ethical social media. Strategic recommendations include enhancing security headers, implementing cookie consent for GDPR compliance, expanding contact information, and publishing explicit security and incident response policies to further build trust and compliance.