Security Directory

F

Framasoft

framalistes.org

63

Framasoft is a French non-profit organization providing ethical digital services, including Framalistes, a free mailing list platform focused on privacy and user autonomy. The organization is well-established with a domain age consistent with its founding and operates transparently with donation-based funding. The website is professionally designed, mobile-optimized, and accessible, reflecting a mature digital presence. Technically, it uses modern frameworks like Vue.js and the Sympa mailing list software, hosted by a reputable registrar, Gandi SAS. Security posture is good with HTTPS and domain transfer protections, though DNSSEC and explicit security policies could be improved. Privacy compliance is strong with minimal tracking and clear terms of use. Overall, the site is trustworthy and serves a niche audience seeking ethical alternatives to commercial mailing list services.

A

Aquilenet

aquilenet.fr

59

Aquilenet is a small, non-profit associative Internet Service Provider based in the Aquitaine region of France. It focuses on providing open, neutral, and privacy-respecting Internet access to its members, leveraging open-source tools and community-driven values. The organization is registered with ARCEP and is a founding member of the Fédération FDN, reinforcing its credibility and commitment to ethical Internet services. The website serves as an information portal and access point to various member services including webmail, cloud storage, VPN, and more. Technically, the website uses standard web technologies including HTML5, CSS, JavaScript, and jCarousel for UI elements. It employs Piwik/Matomo analytics, indicating a privacy-conscious approach to user tracking. The site is mobile-optimized with a clear navigation structure, though accessibility features could be improved. No major CMS or hosting provider details are evident from the HTML content. From a security perspective, the site uses HTTPS URLs and does not expose sensitive data or vulnerable scripts. However, it lacks visible security headers and formal policies such as privacy or cookie policies, which are important for compliance and user trust. No forms collecting sensitive data are present on the homepage, reducing immediate risk. WHOIS data is unavailable, likely due to privacy protection or AFNIC policies, but the site content and affiliations suggest legitimacy. Overall, Aquilenet presents a trustworthy and community-focused ISP with a solid technical foundation but could enhance its compliance posture by publishing clear privacy and cookie policies and improving security headers. The risk level is low, but transparency improvements would benefit user trust and regulatory compliance.

LUDdesign is a small Czech Republic-based business specializing in website creation and graphic design services, primarily serving clients in and around Trutnov. The website is minimalistic and currently under construction, providing basic contact information for two business owners along with their registration and banking details. The business model is service-based, charging hourly rates for design work. The domain has been registered since 2012, consistent with the business's stated history. Technically, the website is simple, built with basic HTML and CSS, hosted likely by Wedos, a Czech hosting provider. There is no evidence of advanced frameworks, CMS, or analytics tools. Mobile optimization and SEO are basic, and no security headers or HTTPS status could be confirmed from the data provided. From a security perspective, the site lacks critical elements such as a privacy policy, cookie consent, security headers, and incident response contacts. No forms or scripts were detected, reducing attack surface but also indicating limited functionality. The domain registration data aligns well with the website content, supporting legitimacy. No suspicious or malicious indicators were found. Overall, the website is low complexity and low risk but would benefit from implementing HTTPS, security headers, privacy and cookie policies, and improved technical and content quality to enhance trust and compliance.

F

Fastpic

fastpic.org

47

Fastpic.org is a Russian-language free image hosting service established in 2016, offering users the ability to upload and share images, screenshots, and posters primarily for forums and online communities. The service provides multiple upload options including from local computer and via URL, with image resizing and optimization features. The business model relies on advertising revenue, with AdsKeeper ad network integrated and tracking pixels for analytics. The website targets a general audience seeking free and fast image hosting solutions, with a small-scale operation and moderate market presence in the niche image hosting sector. Technically, the site uses a traditional web stack with jQuery and FingerprintJS for user fingerprinting, hosted under a domain registered with Internet Domain Service BS Corp. The site shows moderate performance and basic mobile optimization but lacks advanced accessibility and SEO features. No CMS or modern frameworks are detected. Security practices are basic, with HTTPS implied but no DNSSEC or security headers observed. The upload form lacks CAPTCHA or bot mitigation, posing potential abuse risks. Security posture is moderate with room for improvement, especially in privacy compliance where no privacy or cookie policies are published, and no consent mechanisms are implemented. Contact information is limited to an email address for abuse and advertising inquiries. The domain WHOIS data is consistent and supports legitimacy, with no privacy protection or suspicious patterns. No WAF or blocking mechanisms are detected, allowing full content access. Overall, Fastpic.org is a functional but basic free image hosting service with moderate trustworthiness and security posture. Strategic improvements in privacy compliance, security headers, and abuse prevention would enhance its risk profile and user trust.

ISOPLUS is a European manufacturer specializing in pre-insulated piping systems that support the energy transition across Europe. The company serves sectors including district heating and cooling, bioenergy, agriculture, solar heating, industry, and carbon capture and storage (CCS). With a presence in over 30 countries and multiple production sites, ISOPLUS offers a comprehensive product portfolio and extensive service support, positioning itself as a key player in sustainable energy infrastructure. Technically, the website is built on TYPO3 CMS and employs modern web technologies including Bootstrap, Google Analytics, and Google Tag Manager. The site is well-optimized for mobile devices, features clear navigation, and implements cookie consent mechanisms aligned with GDPR requirements. Performance is moderate with good accessibility and SEO practices. From a security perspective, the site enforces HTTPS and uses cookie consent to manage tracking. However, explicit security headers are not detected in the HTML, and no public security or incident response policies are published. The WHOIS data is unavailable due to privacy protection, which is justified for a business of this scale. No critical vulnerabilities or exposed sensitive data were found in the site content. Overall, ISOPLUS presents a professional and trustworthy online presence with strong business credibility and compliance posture. Strategic improvements in security header implementation and transparency around security policies could further enhance trust and security maturity.

S

starstrinec

starstrinec.cz

55

The website 'starstrinec' is a small business or organization site primarily in the Czech language, built using the Wix.com Website Builder platform. The site lacks detailed business descriptions, contact information, and privacy or cookie policies, which limits its transparency and trustworthiness. Technically, the site uses standard Wix technologies and scripts, with moderate performance and good mobile optimization. However, the absence of WHOIS data and registrant information raises concerns about domain legitimacy and registration transparency. Security posture is basic, with no advanced security headers or policies detected, and privacy compliance is minimal due to missing policies. Overall, the site appears functional but lacks critical trust and compliance elements.

O

Obec Čeladná

celadna.cz

52

Obec Čeladná is the official municipal website for the village of Čeladná located in the Moravian-Silesian region of the Czech Republic. The site serves local residents and tourists by providing information about the municipality, local news, public notices, tourism opportunities including golf, spa, and hiking, and interactive virtual tours. The website positions itself as a modern, community-focused portal with a strong emphasis on regional tourism and public service. The domain has been registered since 2000, reflecting a stable and established online presence. Technically, the website employs modern web technologies including Bootstrap for responsive design, deferred JavaScript loading for performance, and Firebase Messaging integrated with Notifee for push notifications. The site is mobile-optimized and accessible, with good SEO practices evident from meta tags and structured content. Hosting appears to be managed by a Czech provider (web4u.cz), consistent with the domain's nameservers. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, explicit security headers are not detected, and no cookie consent mechanism is present despite GDPR compliance documentation. No vulnerability disclosure or incident response contacts are provided. The WHOIS data is consistent and supports the legitimacy of the domain and its municipal purpose. Overall, the website is professional, trustworthy, and well-suited for its audience. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance its security posture and compliance standing.

V

VAVRYS CZ s.r.o.

vavrys.cz

48

VAVRYS CZ s.r.o. operates the website www.vavrys.cz as an authorized distributor of high-quality sports and outdoor apparel and equipment. Established in 1991, the company targets both retail customers and business partners, offering a range of exclusive brands through their e-commerce platform and B2B portal. The website reflects a professional retail business with a focus on sportswear and outdoor gear in the Czech and Slovak markets. Technically, the website employs modern web technologies including HTTPS, Google Analytics, and Azure CDN hosting. The site is mobile-optimized with good navigation and content quality. Cookie consent mechanisms are implemented with granular user controls, demonstrating attention to privacy compliance, although a formal privacy policy page is missing. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, the absence of security headers and lack of published security policies or vulnerability disclosure mechanisms indicate room for improvement. The missing WHOIS data reduces domain trustworthiness, though the website content and contact details appear legitimate. Overall, the website presents a solid business presence with moderate technical maturity and a good security baseline. Strategic improvements in privacy documentation, security headers, and domain registration transparency would enhance trust and compliance.

D

D&AD

dandad.org

72

D&AD is a well-established non-profit organization dedicated to stimulating, enabling, and celebrating creative excellence in design and commercial creativity. The website serves as a comprehensive platform for their awards programs, educational courses, creative community engagement, and industry insights. The organization targets creative professionals, agencies, and students globally, positioning itself as a leader in the creative media sector. Technically, the website employs modern web technologies including JavaScript modules, CSS, and integrates marketing and analytics platforms such as HubSpot and Google Analytics. The site is mobile-optimized and provides a professional user experience with clear navigation and rich multimedia content. Security-wise, the website enforces HTTPS, uses cookie consent mechanisms, and loads scripts from reputable sources, indicating a good security posture. However, the absence of explicit privacy policy and contact information for security or incident response are areas for improvement. Overall, the website is trustworthy and professionally maintained, with privacy protection applied to WHOIS data, which is typical for organizations of this nature.

A

Alumont Holding a.s.

alumont.cz

43

Alumont Holding a.s. is a Czech-based company specializing in construction openings fillings, metal and wood manufacturing, construction services, and vehicle rental with hydraulic arms. The company targets B2B clients in the construction and manufacturing sectors within the Czech Republic. The website is built on WordPress and demonstrates a moderate level of digital maturity with a professional design and good mobile optimization. However, the technical infrastructure lacks advanced security headers and privacy compliance features. The absence of WHOIS registration data and privacy policies reduces the overall trustworthiness and compliance posture. Strategic improvements in security practices, privacy policy implementation, and transparent contact information are recommended to enhance credibility and regulatory compliance.

A

AREON s.r.o.

areon-development.cz

66

AREON s.r.o. is a Czech real estate development company specializing in residential property sales and development, operating since 1993 and part of the ALUMONT HOLDING a.s. group since 2017. The company focuses on leveraging synergies within the group to deliver residential projects primarily in Ostrava and surrounding areas. The website reflects a professional and modern digital presence with clear branding and comprehensive project information. Technically, the site uses modern web technologies including Svelte framework, ES modules, and optimized image formats, ensuring good performance and mobile responsiveness. Security posture is solid with HTTPS enforced and cookie consent implemented, though additional security headers and incident response information could enhance trust. Overall, the domain WHOIS data is not publicly available, which is typical for Czech domains, but the website content and business information support legitimacy. Strategic recommendations include enhancing security headers, adding vulnerability disclosure mechanisms, and providing direct contact details for improved transparency.

T

Twisto

twisto.fr

61

Twisto is the primary public transportation provider for the Caen la mer urban community in France, offering bus and tramway services along with real-time traffic updates, route planning, and ticketing solutions. The website is professionally designed using Drupal 10, featuring a mobile-optimized interface and integrated journey planner widgets. It maintains a strong social media presence and provides comprehensive traffic alerts to its users. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. WHOIS data is not publicly available, indicating privacy protection, which is justified for this type of public service entity. Overall, the website is trustworthy, user-friendly, and compliant with privacy regulations.

O

Obec Lhota u Vsetína

lhotauvsetina.cz

46

The website lhotauvsetina.cz serves as the official online presence for the municipality of Lhota u Vsetína in the Czech Republic. It provides residents and visitors with local news, official announcements, event calendars, waste collection schedules, and contact information for municipal offices. The site is designed to support community engagement and transparency in local governance. The business model is that of a governmental municipal service portal, targeting local residents and stakeholders. The domain is well-established since 2007, reinforcing its legitimacy and trustworthiness. Technically, the website is built on the vismo CMS platform, utilizing standard web technologies such as HTML5, CSS, and JavaScript. It integrates Google Analytics and Google Tag Manager for visitor analytics, with a clear cookie consent mechanism in place to comply with GDPR requirements. The site is mobile-optimized and provides basic accessibility features, although there is room for improvement in security headers and SEO. From a security perspective, the site enforces HTTPS and implements cookie consent, but lacks explicit security headers like CSP or HSTS. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data aligns well with the website's purpose and geographic location, indicating a trustworthy domain registration. No WAF or blocking mechanisms interfere with content accessibility. Overall, the website presents a professional and trustworthy digital presence for the municipality, with good content quality and user experience. Strategic recommendations include enhancing security headers, publishing explicit security and privacy policies, and considering a vulnerability disclosure policy to further strengthen security posture and user trust.

R

Ridgidgear

ridgidgear.eu

57

Ridgidgear is a small-sized e-commerce retailer specializing in branded promotional products, primarily under the RIDGID brand. The website offers a range of products including textiles, giveaways, and accessories targeted at businesses and professionals seeking promotional merchandise. The platform is built on Shopware 6, indicating a modern e-commerce infrastructure with basic to moderate performance and mobile optimization. The site presents a professional design with clear navigation and consistent branding, although some SEO and accessibility features could be improved. Security posture is solid with HTTPS and standard security headers implemented, but lacks published security policies and incident response information. Privacy compliance is partial, with a privacy policy present but no explicit cookie policy or GDPR compliance indicators visible. Contact information is limited to an email address without phone or physical address details. Overall, the site appears legitimate and trustworthy but could enhance transparency and compliance to improve user trust and regulatory adherence.

J

Jastrząb Post

jastrzabpost.pl

56

Jastrząb Post is a Polish media website specializing in celebrity news, gossip, and entertainment content. Established in 2013, it serves a general audience interested in Polish and international celebrity culture. The site offers news articles, event coverage, interviews, and video content, monetized primarily through advertising networks. The website is hosted by OVH SAS and uses modern web technologies including React and JavaScript frameworks. It is optimized for both desktop and mobile platforms with a moderate performance profile. Security-wise, the site enforces HTTPS but lacks some recommended security headers, and no explicit privacy or cookie policies were found in the provided content. The domain registration data is consistent with the business profile, indicating legitimacy and stability.

M

MEMOIO

memoio.com

64

MEMOIO is a German-based company offering a secure B2B messaging platform designed for businesses to communicate easily and securely across devices. The website positions MEMOIO as a trusted, German-made solution for professional communication between customers, colleagues, and partners. The business appears to be small-sized, founded in 2014, with a focus on technology and secure communication services. Technically, the website uses modern web technologies including JavaScript and Electron for desktop app support, with a moderate performance profile and basic mobile optimization. Security posture is adequate but could be improved by hardening the Content-Security-Policy and adding additional security headers. Privacy compliance is partially addressed with a privacy policy present, but lacks cookie consent mechanisms. WHOIS data is transparent and consistent with the business claims, supporting legitimacy. Overall, the website is professional and trustworthy but has room for improvement in security and privacy compliance.

A

Adventist News Network

adventist.news

66

The Adventist News Network website serves as the official news channel for the Seventh-day Adventist Church, providing a wide range of religious news, video content, and updates globally. The site targets members of the church and interested audiences seeking authoritative religious news. It operates as a non-profit media outlet with a consistent and professional brand presence. Technically, the website is built on modern web technologies including Next.js and React, ensuring fast performance and excellent mobile optimization. It integrates Google Tag Manager and TrustArc for analytics and consent management, reflecting a moderate level of digital maturity. From a security perspective, the site enforces HTTPS, employs multiple security headers, and secures user input forms with consent checkboxes. However, it lacks explicit privacy and cookie policies, which are critical for full GDPR compliance. No vulnerabilities or exposed sensitive data were detected. Overall, the website presents a low risk profile with strong content quality and technical implementation. Strategic improvements in privacy transparency and contact information would enhance trust and compliance.

The analyzed domain identitypxl.app is currently a parked domain hosted by GoDaddy.com LLC, a well-known domain registrar and parking service provider. The website content is minimal, serving primarily as a placeholder with advertising and a Trustpilot widget referencing GoDaddy. There is no active business or service presented on the site, and no contact or company-specific information is available. The domain appears to be available for purchase through GoDaddy's domain marketplace. From a technical perspective, the site uses standard web technologies including JavaScript, CSS, and SVG graphics, with React inferred from the HTML structure. The hosting and platform are provided by GoDaddy, and the page loads quickly with basic mobile optimization. However, there is no CMS detected, and SEO optimization is poor due to lack of meaningful content and metadata. Security posture is minimal; no security headers were detected, and no HTTPS configuration details were available from the provided data. The site includes external scripts for advertising and review widgets but does not collect user data via forms. Privacy and cookie policies are present but generic, referencing GoDaddy's main privacy policy. No incident response or security policies specific to this domain are found. Overall, the domain is low risk but also low value in its current state. It is suitable only as a parked domain awaiting potential sale. Strategic recommendations include implementing basic security headers, enabling HTTPS, and providing clear privacy and terms policies if the domain is developed into an active business site.

Compel s.r.o. is a small Czech IT company based in Trutnov, specializing in computer hardware sales, IT services, web development, and hosting. The company has a long-standing presence since 2000, supported by consistent WHOIS data and a domain age that aligns with its business claims. The website provides detailed information about their product offerings including gaming computers, software, and specialized systems like point of sale and hotel management. Technically, the website uses basic HTML, CSS, and JavaScript with Google Analytics for visitor tracking. The site is functional but lacks modern mobile optimization and accessibility features. Security posture is moderate with HTTPS implied but no advanced security headers or policies published. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is safe, professional, and trustworthy but would benefit from improvements in privacy, security, and technical modernization.

C

Chinwag

chinwag.org

55

Chinwag is a small community-focused social platform that brands itself as a friendly local pub for communication. Founded in 2017, it offers social chat tools and hosts a Mastodon instance called Chinwag Social. The website is built using the Hugo static site generator and leverages Cloudflare for DNS services. The technical infrastructure is modern and well-implemented, with good mobile optimization and accessibility. Security posture is moderate with HTTPS enabled and domain transfer protections in place, but lacks DNSSEC and security headers. Privacy and cookie policies are absent, which impacts compliance and user trust. Overall, the site is safe, professional, and targeted at a general audience interested in social communication.

C

Cyberplace

cyberplace.social

67

Cyberplace.social is an independent Mastodon social media server focused on cybersecurity, fandom, video games, and technology communities. It operates within the fediverse, providing a decentralized platform for users interested in these topics. The site is administered by a known individual, Kevin Beaumont (@GossiTheDog), and maintains an active user base of approximately 937 monthly active users. The platform leverages Mastodon version 4.4.7 and modern web technologies such as React and ES modules, ensuring a contemporary user experience with mobile optimization and good navigation clarity. From a technical perspective, the site demonstrates moderate performance and basic SEO and accessibility features. It uses HTTPS, but no explicit security headers were detected in the provided data, suggesting room for improvement in security hardening. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms and terms of service pages. No contact emails or phone numbers are publicly listed, which is common for federated social platforms prioritizing user privacy. The security posture is adequate but could be enhanced by implementing recommended security headers, publishing security policies, and improving privacy compliance. The WHOIS data is privacy protected, which is typical for social media platforms, and does not raise immediate legitimacy concerns given the known administrator and active community. Overall, Cyberplace.social presents as a legitimate, niche social media platform with a focus on cybersecurity and related interests, but with opportunities to strengthen its security and privacy posture.

R

Redbit s.r.o.

redbit.cz

53

Redbit s.r.o. is a Czech Republic based IT company specializing in the maintenance and support of online invoicing and digital product sales platforms, notably Vyfakturuj.cz and SimpleShop. The company positions itself as a reliable and enthusiastic partner for small businesses, freelancers, and firms seeking efficient online invoicing and digital sales solutions. Their website reflects a professional and consistent brand image, targeting primarily Czech-speaking audiences. Technically, the site is built on WordPress using modern themes and plugins, optimized for performance and mobile responsiveness. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers and cookie consent mechanisms are missing. WHOIS data is unavailable, likely due to privacy protection, which slightly reduces transparency but is common for small IT firms. Overall, Redbit demonstrates a mature digital presence with room for improvement in privacy compliance and security disclosures.

A

AL Pergoly s.r.o.

al-pergoly.cz

76

AL Pergoly s.r.o. is a Czech manufacturer specializing in high-quality aluminum bioclimatic pergolas, offering free measurement and installation services across the Czech Republic. The company positions itself as a local expert in custom pergola manufacturing with a focus on quality and customer service. The website reflects a professional and consistent brand image, targeting residential and commercial customers interested in durable outdoor structures. Technically, the website leverages modern web technologies including AWS hosting, JavaScript frameworks, and cookie consent management, indicating a mature digital infrastructure. Security posture is strong with HTTPS and Content-Security-Policy headers implemented, though additional headers could enhance protection. Privacy compliance is addressed through a comprehensive cookie consent mechanism, aligning with GDPR requirements. Overall, the website is well-structured, user-friendly, and trustworthy, though the absence of WHOIS data slightly reduces domain trust. Strategic recommendations include enhancing security headers, publishing a security.txt file, and providing more explicit business contact details to improve transparency and compliance.

altMBA LLC operates a niche online leadership workshop aimed at professionals and leaders seeking transformative development experiences. The website presents a clean, focused message emphasizing its 9 years of operation and global alumni network. The business model centers on delivering leadership education and fostering an alumni community, positioning itself as a specialized provider in the education sector. The site is simple and static, with minimal interactive features and no evident e-commerce or complex platform integrations. Technically, the website uses basic HTML5, CSS, and JavaScript with embedded video content. There is no evidence of a CMS or advanced frameworks, and hosting details are limited to DNS provider information. Performance and mobile optimization are basic but adequate for the site's scope. SEO and accessibility features are minimal, and no analytics or tracking technologies are detected, indicating a low digital maturity level. From a security perspective, the site lacks critical security headers and does not indicate HTTPS usage, which is a significant concern. The absence of privacy, cookie, and terms of service policies suggests compliance gaps with GDPR and other privacy regulations. Contact information is limited to a single email address, with no phone or physical address provided. The domain registration is stable and consistent with the business history, supporting legitimacy. Overall, the security posture is weak and requires improvements to protect user data and enhance trust. The overall risk assessment highlights the need for immediate implementation of HTTPS, security headers, and privacy policies to meet modern security and compliance standards. Strategic recommendations include enhancing security configurations, adding comprehensive privacy and cookie policies, and improving transparency with users. These steps will strengthen the website's trustworthiness and align it with best practices in security and privacy.

The website capline.org is a French digital platform dedicated to the registration of nautical races. It centralizes race registrations and allows participants to upload and reuse necessary documents for their participation. The platform targets participants and organizers of nautical races, positioning itself as a niche service within the transportation sector. The domain was registered in April 2023, consistent with the business's recent establishment. Technically, the website uses modern web technologies including JavaScript and Bootstrap for responsive design. It is hosted by Gandi SAS and served over HTTPS, ensuring basic security. However, the site lacks advanced security headers and DNSSEC, which could be improved to enhance security posture. The website is moderately optimized for mobile devices and performance is average. From a security perspective, the site has a basic security posture with HTTPS enabled but missing important security headers and no DNSSEC. There are no privacy or cookie policies present, which is a compliance gap especially under GDPR. No contact information or incident response details are provided, limiting transparency and user trust. No analytics or tracking scripts were detected, indicating minimal user tracking. Overall, the website is functional and serves its business purpose but requires improvements in privacy compliance, security best practices, and contact transparency to increase trustworthiness and regulatory compliance. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and providing clear contact and incident response information.

S

SuperSaaS

supersaas.dk

60

SuperSaaS is a Danish-based SaaS company providing a comprehensive online booking and scheduling platform tailored for a wide range of industries and use cases. The website demonstrates a mature digital presence with extensive content, multiple language support, and integration capabilities with popular services such as Google Calendar, Microsoft 365, PayPal, Stripe, and Zoom. The platform targets businesses and organizations seeking to automate appointment scheduling, payment processing, and resource management, positioning itself as a flexible and user-friendly solution with a strong global customer base exceeding 205,000 users. Technically, the website employs modern web standards including HTML5, CSS, and JavaScript, with asynchronous loading of analytics and tracking scripts such as Google Tag Manager and Google Analytics. The site is mobile-optimized and accessible, featuring SVG graphics and video content to enhance user engagement. Security is well-handled with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers and a public security policy are absent. From a security perspective, the site shows good practices with no visible vulnerabilities or exposed sensitive data. However, the lack of WHOIS data for the domain supersaas.dk limits the ability to fully verify domain legitimacy and registrant information, which slightly impacts trust assessment. Privacy compliance is strong, with clear privacy and cookie policies aligned with GDPR requirements. The absence of direct contact emails or phone numbers on the homepage is noted but does not significantly detract from overall credibility. Overall, SuperSaaS presents a professional, trustworthy, and technically sound online presence suitable for its business model. The main risk lies in the unavailable WHOIS data, which should be addressed to improve transparency and trustworthiness. Strategic recommendations include enhancing security headers, publishing a security policy and incident response contacts, and providing clearer company contact information to further strengthen user confidence and compliance posture.

Vetvision is a Danish veterinary IT solutions provider specializing in veterinary practice management software, currently transitioning its offerings to the Provet Cloud platform. The website targets veterinary clinics and hospitals, offering professional support and conversion planning services. The business operates in the healthcare sector with a small company size and a niche market position in Denmark. Technically, the website is built on WordPress using the TwentyTwenty theme, with moderate performance and basic SEO and accessibility features. Security posture is good with HTTPS enforced and cookie consent implemented, though security headers and incident response information are lacking. The absence of WHOIS data due to privacy protection is typical for small businesses and does not raise immediate concerns. Overall, the website is functional and professional but could benefit from enhanced security practices and richer business information.

V

Výrobní a opravárenský podnik Dolní Bousov, spol. s.r.o.

vop-db.cz

53

Výrobní a opravárenský podnik Dolní Bousov, spol. s.r.o. is a small Czech manufacturing company specializing in the production of mobile flood barriers, barricade spikes, locksmith services, metalworking, machining, and repair and servicing of power generators. The website presents basic business information primarily in Czech, targeting local or regional customers in need of manufacturing and repair services. The site content is relevant but basic and somewhat outdated, with the last update noted in 2012. The company appears to have a stable domain registration dating back to 2004, consistent with its business history. Technically, the website is built with simple HTML, CSS, and minimal JavaScript, using Google Fonts for typography. There is no evidence of modern CMS platforms or frameworks, and no analytics or tracking tools are detected. The site lacks mobile optimization and accessibility features, and SEO practices are basic. Hosting is managed via the registrar REG-INTERNET-CZ with name servers at forpsi.net and forpsi.it. From a security perspective, the website lacks HTTPS enforcement and security headers, which are critical for protecting user data and ensuring secure communications. No privacy, cookie, or terms of service policies are published, indicating poor privacy compliance. There is no visible incident response or vulnerability disclosure information, and no contact details such as emails or phone numbers are explicitly provided on the analyzed page. These factors reduce the overall security posture and trustworthiness of the site. Overall, the website scores moderately due to its basic content and business credibility but is penalized for lacking essential security and privacy features. Strategic improvements in HTTPS implementation, security headers, privacy policies, and contact information publication are recommended to enhance trust and compliance.

Monivet s.r.o. operates vystavba-srubu.cz, a Czech website specializing in the construction of ecological log houses and timber frame buildings. The company targets individuals and municipalities seeking custom wooden homes and garden architecture solutions. The website content is primarily in Czech with language options for English, German, and Russian, indicating some international outreach. The business model focuses on bespoke construction services rather than catalog homes, emphasizing ecological and energy-efficient building technologies. The domain is well-established since 2010, supporting the company's credibility. Technically, the website uses basic web technologies including JavaScript, CSS, and Google Analytics for visitor tracking. The site is moderately optimized for performance and mobile devices but lacks advanced accessibility features. No CMS or modern frameworks are detected, and the design is functional but somewhat dated. Security posture is basic with HTTPS enabled but no security headers or advanced protections observed. Privacy and cookie policies are absent, indicating compliance gaps. Security evaluation reveals no critical vulnerabilities but highlights missing security headers and lack of incident response contacts. The absence of privacy and cookie policies reduces GDPR compliance confidence. The site uses Google Analytics, implying moderate user tracking without clear privacy disclosures. Overall, the website is moderately secure but would benefit from improved security and privacy practices. The overall risk is moderate with no signs of malicious activity or suspicious content. Strategic recommendations include implementing security headers, publishing privacy and cookie policies, enhancing mobile and accessibility features, and adding incident response contacts to improve trust and compliance.

D

Défi Azimut

defi-azimut.net

58

Défi Azimut is a specialized event organizer focused on the IMOCA sailing race, serving a niche audience of sailing professionals, enthusiasts, and media. The website provides comprehensive race information, rankings, media content, and partner engagement, positioning itself as a key player in the sailing sports event sector in France. Technically, the site uses modern web technologies with embedded multimedia content and a responsive design, ensuring good user experience across devices. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and explicit security policies. The absence of WHOIS data is a notable anomaly that may require further verification to confirm domain legitimacy. Overall, the site is professional, trustworthy, and well-maintained, with room for improvement in security transparency and contact information availability.

The website servicos.gov.br/editar is an official Brazilian government portal designed to allow public servants to access and edit government service information. It targets government employees and operates as a secure internal platform. The site uses HTTPS and integrates Google reCAPTCHA to protect against automated abuse. The technical infrastructure is basic but sufficient for its purpose, hosted on SERPRO servers, a trusted government IT provider. The site lacks visible privacy and cookie policies, which is a compliance gap. Security posture is generally good, with secure forms and HTTPS, but could be improved by adding security headers and explicit policies. Overall, the site is trustworthy and safe, with no adult or questionable content.

B

Bluesoft

bluesoft.cz

81

Bluesoft is a Czech technology service provider specializing in web development, ecommerce, and web applications built on the Kentico platform. The company targets businesses seeking professional digital solutions and positions itself as a niche player in the Czech Republic's technology sector. The website content is professionally presented, with a clear focus on their core services and expertise in Kentico-based projects. Technically, the website employs modern web technologies including Kentico CMS, JavaScript, CSS, and integrates multiple third-party services such as Google Tag Manager, Cookiebot for cookie consent management, LinkedIn Insight Tag, and Google reCAPTCHA for security. The site is mobile-optimized and demonstrates good SEO and accessibility practices, although hosting provider details are not explicitly identified. From a security perspective, the site enforces HTTPS, uses cookie consent mechanisms compliant with GDPR, and employs reCAPTCHA to mitigate bot activity. Security headers appear to be in place, though explicit Content-Security-Policy headers were not confirmed. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a published security policy, incident response contacts, or vulnerability disclosure page suggests room for improvement in transparency and security maturity. Overall, the website is safe, professional, and compliant with privacy regulations. The lack of publicly available WHOIS data indicates privacy protection, which is typical for small technology firms. The site does not exhibit any adult or questionable content and maintains a high trustworthiness rating. Strategic recommendations include enhancing security transparency, publishing incident response information, and auditing third-party scripts regularly to maintain security posture.

D

Destinace Brněnsko

destinace-brnensko.cz

53

Destinace Brněnsko is a destination management organization focused on promoting tourism and managing the Brno region and its surroundings. The website presents a professional image consistent with a small hospitality sector business, offering services related to regional tourism development and promotion. The technical infrastructure is based on the Wix platform, leveraging standard web technologies such as JavaScript, CSS, and HTML5, providing a moderate level of performance and good mobile optimization. Security posture is adequate with HTTPS enforced, but lacks advanced security headers and explicit privacy or cookie policies. The absence of WHOIS data and contact information reduces overall trust and business credibility. Strategic improvements in privacy compliance, security best practices, and transparency are recommended to enhance trust and compliance.

R

Réussir avec le web

reussiravecleweb.fr

59

Réussir avec le web is a French digital service focused on providing an online self-assessment tool to evaluate digital maturity and online presence. The website offers a questionnaire designed to deliver a personalized report to businesses and professionals seeking to improve their digital communication, cybersecurity, and commercial development. The business operates primarily in the technology sector with a niche focus on digital transformation support. The domain is well-established since 2016 and hosted by OVH, a reputable provider. Technically, the website is built on WordPress with a custom theme and uses standard web technologies such as JavaScript and CSS. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. However, SEO is limited due to the 'noindex, nofollow' robots meta tag, and accessibility features are basic. No analytics or tracking scripts were detected, indicating minimal user tracking. From a security perspective, the site uses HTTPS with good SSL configuration but lacks important security headers and visible privacy consent mechanisms. No explicit contact emails or phone numbers are provided on the main domain, with contact facilitated through a related partner domain. There are no visible vulnerabilities or exposed sensitive data, but improvements are needed in privacy compliance and security best practices. Overall, the website presents a moderate risk profile with good legitimacy and business credibility but requires enhancements in privacy compliance, security headers, and contact transparency to improve trust and regulatory adherence.

C

Conductrics

conductrics.com

61

Conductrics is a technology company offering a unified customer experience platform that integrates A/B testing, machine learning predictions, and customer surveys to help enterprises optimize customer satisfaction and behavior. The website presents a professional and consistent brand image with clear navigation and relevant content targeting businesses seeking advanced experimentation tools. Technically, the site uses modern web technologies including Bootstrap and JavaScript libraries, with good mobile optimization and SEO practices. However, the absence of WHOIS registration data raises concerns about domain legitimacy or recent registration status. Security posture is moderate with HTTPS implied but lacking visible security headers and cookie consent mechanisms. Overall, the site is functional and professional but would benefit from enhanced security and compliance transparency.

The domain tranquilveil.com currently serves a 404 Not Found error page with content describing the hosting service provided by Admiral, a company specializing in copyright access control and privacy compliance solutions for digital publishers. The site lacks active business content, contact information, or marketing materials, indicating it is either under development or inactive. The technical infrastructure is based on Google Cloud Platform with AWS DNS servers, and the domain is very recently registered (January 2024), consistent with its current inactive status. Security posture is reasonable with HTTPS enforced and no executable content hosted, but lacks DNSSEC and explicit security headers. Privacy compliance is basic, with a privacy statement present but no cookie consent mechanism. Overall, the site is not operational and scores low on content quality and business credibility.

P

Pinault Collection

pinaultcollection.com

73

Pinault Collection operates as a prominent private art collection and cultural institution with museums in Paris and Venice. The website provides detailed information about exhibitions, membership benefits, and off-site events, targeting art enthusiasts and cultural tourists. The digital infrastructure is built on Drupal 10 with integration of modern analytics and marketing tools, reflecting a mature digital presence. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit security policies could be improved. The absence of WHOIS data limits domain trust analysis, but the professional site and consistent branding support legitimacy. Overall, the website is well-designed, user-friendly, and compliant with privacy regulations.

W

WriteFreely

writefreely.org

56

WriteFreely is an open source, minimalist blogging platform designed for self-hosting and federation via ActivityPub. It targets writers and communities seeking a distraction-free writing environment integrated with the decentralized social web. The platform is mature, powering over half a million blogs, and offers both downloadable binaries and managed hosting services. The website is professionally designed with clear navigation and good mobile optimization, reflecting a technically competent and user-friendly digital presence. The technical infrastructure leverages Go for lightweight performance and uses reputable DNS and registrar services, ensuring stability and reliability. Security posture is solid with HTTPS enabled and domain transfer protections, though improvements are needed in DNSSEC, security headers, and privacy compliance mechanisms. Analytics usage is privacy-conscious, employing Matomo without extensive tracking. Overall, the domain registration and website content are consistent and trustworthy, supporting a high legitimacy score. Strategic recommendations include enhancing privacy and security policies, adding contact and incident response information, and implementing cookie consent to improve compliance and user trust.

M

Musing Studio

musing.studio

53

Musing Studio is a small technology company focused on providing digital platforms for artists to share their work without relying on traditional social media channels. Their key offering includes the Write.as editor and several related subdomains for notes, mood, social, and task management. The website is professionally designed with clear navigation and good mobile optimization, reflecting a niche market position targeting creative individuals seeking privacy and simplicity in content sharing. Technically, the site uses standard web technologies including HTML5, CSS, JavaScript, and Matomo analytics for user tracking. The SSL configuration is excellent, ensuring secure HTTPS connections, though the site lacks several recommended security headers and formal privacy or cookie policies. Security posture is moderate with no visible vulnerabilities or exposed sensitive data, but improvements are needed in compliance and incident response transparency. Overall, the domain registration is privacy protected, which is typical for small tech startups, and no suspicious WHOIS patterns were detected. The site is safe for general audiences with no adult or questionable content.

A

Automattic Inc.

writingatlarge.com

58

Writing at Large is a personal blog focused on creative pursuits such as writing, sketching, running, and travel. The site is hosted on the WordPress.com platform, with Automattic Inc. as the registrar and hosting provider, indicating a stable and reputable technical infrastructure. The blog features rich content with recent posts and high-quality images, targeting individuals interested in lifestyle and creative arts. Technically, the site uses WordPress with Jetpack and Google Fonts, providing a modern and responsive user experience. However, there are gaps in privacy compliance, as no privacy or cookie policies were found, and no consent mechanisms are implemented. Security posture is moderate with HTTPS enabled but lacks DNSSEC and security headers. Overall, the domain registration is consistent and trustworthy, with no suspicious indicators.

J

Jonas Jongejan

halfdanj.dk

54

The website halfdanj.dk is a personal professional portfolio for Jonas Jongejan, a Creative Technologist and Fullstack Software Engineer with a history of working at Google Creative Lab and Danish Broadcasting Corporation. The site showcases a broad range of creative and technical projects, targeting technology enthusiasts and professionals in creative technology fields. The business model is primarily personal branding and portfolio presentation, with a niche market position focused on innovative technology and media projects. Technically, the website is built using modern web technologies including SvelteKit and JavaScript, with good mobile optimization and fast performance. It uses Google Analytics for visitor tracking but lacks cookie consent mechanisms and privacy policies, which impacts privacy compliance. The site is well-structured, visually professional, and provides clear navigation and relevant content. From a security perspective, the site uses HTTPS but lacks DNSSEC and important security headers, which are recommended for enhanced protection. No vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms a long-standing domain consistent with the professional history presented. However, the absence of privacy and cookie policies and security headers are notable compliance and security gaps. Overall, the website is trustworthy and professional but would benefit from improved privacy compliance and enhanced security configurations to align with best practices and regulatory requirements.

C

Cecillia X. Xie

cecexie.com

62

The website cecexie.com represents the personal brand of Cecillia X. Xie, a writer, lawyer, and educator. The site serves as a platform to showcase her professional background, creative work, and legal expertise, particularly in arts and entertainment law. The content is well-structured, targeting a general audience interested in law, writing, and culture. The business model revolves around personal branding, content creation, and legal consulting, with a niche market position supported by academic credentials and social media presence. Technically, the site is built on the Squarespace platform, leveraging standard web technologies such as JavaScript, CSS, and Typekit fonts. The site is mobile-optimized and performs moderately well, though there is room for improvement in SEO and accessibility. The hosting and CMS provider is Squarespace, which offers a stable and secure infrastructure. From a security perspective, the site uses HTTPS with a valid SSL certificate and has domain transfer protections enabled. However, it lacks DNSSEC and important security headers, which could enhance its security posture. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR-specific features. Contact information is clearly provided, enhancing business credibility. Overall, the site is trustworthy and professionally maintained but could benefit from enhanced security measures and privacy compliance improvements to better protect visitors and align with regulatory standards.

T

Tory Williams Photography

torywilliams.com

59

Tory Williams Photography is a small, professional photography business based in Connecticut, specializing in portraits, interiors, and family photography with over two decades of experience. The website serves as a portfolio showcasing high-quality images and targets individual creatives, brands, publications, and design professionals. The business model is service-oriented, focusing on personalized photography services. The website is hosted on Squarespace, leveraging its platform and technologies such as Typekit fonts and standard JavaScript and CSS. The site is well-designed, mobile-optimized, and provides a good user experience with clear navigation and professional branding. Security posture is strong with HTTPS and HSTS enabled, but lacks additional security headers and formal privacy or cookie policies. WHOIS data is missing, which raises concerns about domain registration legitimacy. Overall, the site is trustworthy and professional but would benefit from improved compliance documentation and domain registration verification.

O

Orine

orine.one

56

Orine is a newly established Czech technology company specializing in customized information systems tailored for small and medium businesses (SMB). The website presents a minimalistic design focused on providing contact information and remote support services. The business targets SMBs seeking bespoke IT solutions, positioning itself as a niche provider in the Czech market. The domain was registered recently in March 2024, consistent with a startup or new venture. Technically, the website uses basic HTML and CSS without advanced frameworks or CMS. Hosting is provided via websupport.sk with DNS servers aligned accordingly. The site is accessible over HTTPS but lacks DNSSEC and security headers, indicating room for improvement in security hardening. Performance and mobile optimization are basic, with no detected analytics or tracking technologies. From a security perspective, the site has a moderate posture with HTTPS enabled but missing critical security headers and no visible privacy or cookie policies, which impacts GDPR compliance. Contact information is clearly provided, but no incident response or security policy details are available. The domain registration data aligns well with the website's claims, showing no suspicious patterns, but the overall digital maturity is low. Overall, Orine's website is functional but minimal, with significant opportunities to enhance security, privacy compliance, and content richness to build trust and professionalism. Strategic improvements in these areas will support better market positioning and regulatory adherence.

The domain ckpalava.cz currently hosts only a Webnode placeholder error page indicating the domain is available for registration and website creation. There is no active business content, contact information, or privacy and security policies present. The website is hosted on the Webnode platform with content delivered via Cloudfront CDN. The technical infrastructure is basic and lacks modern security headers or SSL configuration details visible in the content. The absence of business information and compliance documentation indicates the domain is not currently in active commercial use.

Heyduk, Musil & Strnad, operating under HMS Design, is a well-established graphic design studio based in the Czech Republic, with a history dating back to 2000 and a domain registered since 2005. The company specializes in brand development, visual identity, and a broad range of creative services including logos, graphic manuals, annual reports, campaigns, and web design. Their portfolio and award recognition position them as a reputable player in the creative design market. Technically, the website employs modern web technologies such as lazy loading and carousel sliders, ensuring good performance and mobile optimization. However, the site lacks some advanced security headers and cookie consent mechanisms, indicating room for improvement in privacy compliance and security posture. Overall, the website is professional, content-rich, and trustworthy, with clear contact information and social media presence, but could benefit from enhanced security and compliance features.

C

Car Talk Store

shamelesscommerce.com

59

The Car Talk Store is an official e-commerce platform offering merchandise related to the popular NPR show Car Talk. The website is currently password protected and undergoing maintenance, with a simple email notification form for interested customers. The business operates on the Shopify platform, leveraging its e-commerce and analytics infrastructure. The site demonstrates basic content quality and branding consistency but lacks comprehensive privacy and cookie policies. Security posture is moderate with HTTPS enforced but missing advanced security headers and DNSSEC. The domain is well aged and registered consistently, supporting business legitimacy. Overall, the site is functional but would benefit from enhanced privacy compliance and security hardening.

D

DadReadsRomance

dadreadsromancebooks.online

59

DadReadsRomance is a niche personal blog dedicated to reviewing romance books from a father's perspective. The site offers detailed book reviews, reading lists, and interactive features such as voting on future reviews. It targets general audiences interested in romance literature and parenting viewpoints. The business model is content-driven with engagement through email subscriptions and social media. Technically, the site is built on the Write.as platform, leveraging modern web technologies and CDN services, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and domain transfer protections but lacks advanced security headers and DNSSEC. Privacy and cookie policies are absent, representing compliance gaps. Overall, the site is trustworthy and professionally presented but could improve in privacy and security best practices.

82MHz is a personal blog operated by an individual named Andreas, focusing on topics such as retro technology, music, books, and cultural commentary. The website serves a niche audience interested in these subjects and offers blog posts, RSS feeds, and photo sharing links. The domain is relatively new, registered in 2023, and hosted via Manitu DNS servers. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript without a known CMS or advanced frameworks. Security posture is minimal with no detected security headers or privacy policies, and no evidence of HTTPS enforcement was found in the provided data. Contact is primarily via an obfuscated email and a Mastodon social profile link. Overall, the site is safe, with no adult or explicit content, and presents a moderate level of professionalism and trustworthiness.

J

Joel's Homepage

joelchrono.xyz

61

Joelchrono.xyz is a personal blog operated by an individual named Joel from Mexico, focusing on technology, free software, gaming, and personal hobbies such as origami. The site serves a niche audience interested in these topics and supports itself through donations via PayPal, Liberapay, Ko-fi, and Monero. The website is built using Jekyll and hosted with modern infrastructure, featuring good mobile optimization and accessibility. The site integrates with the Fediverse and IndieWeb communities, enhancing its social presence. Technically, the site uses standard web technologies including HTML5, CSS, and JavaScript, with minimal external dependencies. It employs HTTPS and domain locking features to secure the domain, but lacks DNSSEC and explicit security headers. Analytics are minimal and privacy-respecting, with no intrusive tracking or advertising. However, the site does not provide privacy or cookie policies, which is a compliance gap. From a security perspective, the site demonstrates basic good practices such as HTTPS and domain transfer protections but could improve by enabling DNSSEC, adding security headers, and publishing a vulnerability disclosure policy. No forms collect sensitive data, reducing attack surface. The domain registration details align well with the website content, indicating legitimacy. Overall, the site is a well-maintained personal blog with moderate security posture and good technical implementation but lacks formal privacy and security documentation. Strategic improvements in compliance and security headers would enhance trust and protection.