Security Directory

G

GYMIFY

gymify.cz

64

GYMIFY.cz is a Czech-based fitness software provider specializing in online reservation systems, membership management, and integrated tools for gyms and sports centers. The company offers a SaaS model with mobile applications for Android and iOS, targeting fitness centers, yoga studios, wellness centers, and other sports facilities primarily in the Czech Republic and Slovakia. The website demonstrates a professional digital presence with modern technologies such as Nuxt.js, Vue.js, and Vuetify, and integrates third-party services like Stripe for payments and Microsoft Clarity for analytics. Customer testimonials and Trustpilot reviews indicate a positive market reputation. However, the site lacks explicit privacy and cookie policies, which impacts compliance and user trust.

C

Centrale Nantes Alumni

centraliens-nantes.org

55

Centrale Nantes Alumni operates a comprehensive digital platform serving the alumni, students, faculty, and recruiters associated with Centrale Nantes engineering school. The website offers a rich set of services including an alumni directory, event calendars, job board, mentoring, and community engagement tools. It is well-positioned as a key network facilitator for its target audience in France and internationally. The platform leverages modern web technologies such as Vue.js, Google Analytics, and Google Maps API to deliver a responsive and interactive user experience. Security posture is solid with HTTPS enforced and secure login options, though some security headers could be improved. Privacy policies and cookie consent mechanisms are present and GDPR compliant, reflecting good privacy practices. The domain WHOIS data is unavailable likely due to privacy protection, which is common for such organizations. Overall, the website is professional, trustworthy, and well-maintained, supporting its role as a vital alumni network hub.

C

Centrale Lille Alumni

centraliens-lille.org

55

Centrale Lille Alumni is a professional alumni association website dedicated to graduates and students of Ecole Centrale de Lille. It provides resources, networking opportunities, career development services, event information, and a job board tailored to its community. The site is well-branded and targets primarily French-speaking alumni and recruiters, with English language support available. The business model centers on membership and community engagement, positioning itself as a key player in alumni relations for the institution.

C

Centrale Méditerranée Alumni

centraliens-mediterranee.fr

51

Centrale Méditerranée Alumni operates as a regional alumni network for graduates and students of Centrale Méditerranée, providing a platform for networking, career development, and community engagement. The website serves as a hub for members to access news, events, job opportunities, and group activities, positioning itself as a key resource for its alumni community in France. Technically, the site employs modern web technologies including Vue.js, Google Analytics, and Google Maps API, ensuring a responsive and interactive user experience. Security measures include HTTPS enforcement and OAuth-based authentication with major providers, enhancing user trust and data protection. However, the absence of WHOIS data limits domain registration transparency, though the site’s professional presentation and official branding support its legitimacy. Overall, the site demonstrates a mature digital presence with good content quality and security posture, suitable for its educational and non-profit sector audience.

I

iRights.Lab

irights-lab.de

44

iRights.Lab is a German non-profit organization dedicated to promoting digital rights, digital literacy, and digital ethics. The organization provides educational resources, workshops, and advocacy initiatives aimed at civil society, educators, and public administration. Their digital presence includes projects like the Enter-Award and the iRights.Lab Academy, positioning them as a recognized entity in the digital rights and education sector in Germany. The website is professionally designed, mobile-optimized, and offers content primarily in German with English support.

É

Élitis

elitis.fr

57

Élitis is a French company specializing in the design and publishing of high-end fabrics, wallpapers, and wallcoverings for interior decoration. Established in 1998, the company targets interior designers, decorators, architects, and consumers seeking premium decorative materials. The website reflects a professional and consistent brand image with good design quality and user experience. Technically, the site uses modern JavaScript frameworks such as Vue.js and integrates Google Tag Manager for analytics, indicating a moderate level of digital maturity. Security-wise, the site benefits from HTTPS but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. Overall, the domain's WHOIS data confirms a legitimate and longstanding business presence in France, supporting business credibility. Strategic enhancements in privacy compliance and security best practices would strengthen the company's digital trustworthiness and regulatory adherence.

C

CentraleSupélec Alumni

centralesupelec-alumni.com

58

CentraleSupélec Alumni operates as the official alumni network for the prestigious French engineering school CentraleSupélec, offering a comprehensive platform for graduates and students to connect, share experiences, and access career opportunities. The website provides a variety of services including a member directory, event calendar, job board, and mentoring programs, positioning itself as a key resource for its community. The business model is membership-based with additional revenue from contributions and donations. Technically, the website employs modern web technologies such as Vue.js, Google Tag Manager, and Google Maps API, ensuring a responsive and interactive user experience. The platform integrates OAuth authentication with major providers, enhancing security and ease of access. While performance is moderate, the site is mobile-optimized and SEO-friendly. From a security perspective, the site enforces HTTPS and uses secure login mechanisms. However, some standard security headers like Content-Security-Policy and X-Frame-Options are not explicitly detected, representing an area for improvement. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting good data protection practices. No vulnerabilities or exposed sensitive data were identified. Overall, the website is professional, trustworthy, and well-aligned with its educational and non-profit mission. The lack of WHOIS data for the subdomain is typical and does not detract from its legitimacy. Strategic recommendations include enhancing security headers, improving accessibility, and maintaining regular security audits to uphold trust and compliance.

The website www.reseauhaj.org/login serves as an intranet login portal for users with @reseauhaj.org accounts, providing access to the Unhaj intranet. It leverages Google OAuth for authentication, ensuring secure login without sharing user data beyond credentials. The site is built on WordPress with plugins such as WooCommerce and Elementor, indicating a modern CMS infrastructure. However, the absence of visible privacy and cookie policies and lack of security headers suggest areas for improvement in compliance and security hardening. The WHOIS data is unavailable due to a malformed response, limiting domain trust assessment, but the site content and technology usage indicate a legitimate organizational portal.

Z

Základní škola Brno, Svážná 9

zssvazna.cz

50

Základní škola Brno, Svážná 9 is a well-established primary educational institution located in Brno, Czech Republic, with a domain age dating back to 2006. The website serves as an official communication channel providing news, event calendars, practical information, and access to school-related services such as electronic grade books and school meal ordering. The target audience primarily includes parents, students, and the local community. The business model is that of a public contributory organization focused on primary education. The site maintains a consistent brand presence and offers clear contact details and social media integration, enhancing trust and engagement. Technically, the website is built on the Vismo CMS platform and employs modern web technologies including JavaScript frameworks like Vue.js, Mustache.js templating, Google reCAPTCHA v3 for form security, and Google Tag Manager for analytics. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Hosting and DNS details align with the Czech Republic, consistent with the institution's location. From a security perspective, the site uses HTTPS with good SSL configuration and integrates reCAPTCHA to protect forms. However, explicit security headers such as Content-Security-Policy and X-Frame-Options are not detected, and no published security policy or incident response contacts are found. Privacy and cookie policies are present with consent mechanisms, indicating GDPR compliance. No vulnerabilities or suspicious content were detected, and the site is free from WAF blocking or security challenges. Overall, the website demonstrates a solid security posture and good privacy compliance for an educational institution. The domain registration data supports legitimacy and trustworthiness. Strategic recommendations include enhancing security headers, publishing a security policy, and adding incident response contact information to further strengthen security and compliance posture.

S

Stamen Design LLC

stamen.com

57

Stamen Design LLC is a specialized data visualization and cartography studio with over 20 years of experience delivering award-winning visualizations and custom data products. The company serves organizations seeking sophisticated data storytelling and interactive mapping solutions, positioning itself as a niche leader in the technology and design space. Their website reflects a professional and consistent brand with clear service offerings including data storytelling, interactive experiences, workshops, and open-source tools. Technically, the site is built on WordPress with modern JavaScript libraries such as D3.js and Vue.js, and integrates analytics and marketing tools like Google Analytics, LinkedIn Insight, and Crazy Egg. Security posture is strong with HTTPS enforced, use of reCAPTCHA on forms, and privacy compliance evidenced by comprehensive privacy and cookie policies. No critical vulnerabilities or blocking mechanisms were detected, indicating a mature and well-maintained digital presence.

B

Bichinger Software & Consulting

bichinger.de

58

Bichinger Software & Consulting is a small technology company based in Germany specializing in professional web platform software development using Ruby on Rails and Vue.js. The company targets businesses seeking custom web platform solutions and consulting services. The website is currently offline with a placeholder message indicating renewal, limiting content availability and detailed business information. The technical infrastructure leverages modern frameworks and technologies, including PostgreSQL and Docker, indicating a contemporary development environment. However, the website lacks visible contact information, privacy policies, and terms of service, which impacts trust and compliance perception. Security posture shows basic implementation with CSRF tokens but lacks visible security headers and documented policies. Overall, the site is functional but minimal, with moderate technical maturity and room for improvement in security and compliance documentation.

U

uponline

uponline.md

55

The website uponline.md serves as a digital platform primarily for clients and partners affiliated with Up Moldova, providing secure login access for companies and card users. It supports user account management and promotes the Up Mobil mobile application available on iOS and Android platforms. The site targets Moldovan users and operates within the technology sector, focusing on service delivery to its client base. The business model revolves around facilitating digital access and management for affiliated users, positioning itself as a regional service platform in Moldova. Technically, the website employs modern frontend technologies such as Vue.js and Font Awesome for UI elements, with additional security measures like Cloudflare Turnstile captcha to mitigate automated abuse. Hosting leverages Azure CDN infrastructure, contributing to moderate performance and good mobile optimization. However, the site lacks visible advanced SEO and accessibility features, and no CMS or backend technologies are explicitly identified. From a security perspective, the platform demonstrates basic protective measures including HTTPS and captcha integration. Nonetheless, it lacks published security policies, incident response contacts, and security headers, which are critical for enhancing trust and compliance. The absence of privacy and terms of service documents further limits its privacy posture. No vulnerabilities or malicious content were detected in the analyzed content. Overall, the website presents a functional and professional interface for its intended audience but would benefit from enhanced transparency in privacy and security policies, improved accessibility, and stronger security header implementation to elevate its trustworthiness and compliance standing.

U

UnderTheDoormat Ltd

underthedoormat.com

71

UnderTheDoormat Ltd is a UK-based company specializing in luxury short term and vacation rental properties. Established in 2014, it has positioned itself as a premium service provider in the real estate and hospitality sectors, offering handpicked, high-quality rental homes with verified standards and a strong focus on customer experience. The company targets affluent travelers and homeowners seeking professional property management and rental services. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content that supports its market positioning. Technically, the site leverages modern JavaScript frameworks (Vue.js), integrates with multiple third-party marketing and analytics platforms, and uses secure payment and mapping APIs. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although some security headers are not explicitly detected. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business demonstrates credibility through industry awards, trust badges, and consistent domain registration data.

J

Jesus.net

jesus.net

73

Jesus.net is a well-established non-profit organization focused on providing educational and inspirational Christian content globally. The website offers a rich variety of resources including articles, daily devotionals, online courses, prayer request services, and exclusive access to the popular TV series 'The Chosen'. The platform targets a broad audience interested in Christianity and spiritual growth. Technically, the site is built using modern web technologies such as Vue.js, and is hosted with Cloudflare DNS services, ensuring good performance and security. The site is mobile-optimized and accessible, with clear navigation and professional design. Security posture is strong with HTTPS enforced, security headers present, and domain registration protections in place. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, Jesus.net demonstrates high business credibility and trustworthiness, supported by long domain age and transparent contact options.

N

Home | Nitto ATP Finals | Tennis

nittoatpfinals.com

73

The website www.nittoatpfinals.com serves as the official digital platform for the Nitto ATP Finals tennis tournament, providing live scores, draws, group standings, news, video content, and player information. It targets tennis fans and sports enthusiasts, delivering timely and relevant event information. The site leverages modern web technologies including Vue.js and integrates Google Tag Manager and Google Ad Manager for analytics and advertising purposes. While the site demonstrates good content quality and user experience, it lacks explicit privacy and security policies and does not expose contact information, which may limit user trust. The absence of WHOIS registration data raises questions about domain legitimacy, although the site appears professionally maintained and branded. Overall, the site is functional and informative but could improve transparency and security posture.

J

joinsports.de

joinsports.de

51

JoinSports.de is a German-based online platform focused on enabling users to book sports activities easily within their region. The website leverages modern web technologies including Vue.js, Tailwind CSS, and integrates third-party services such as Stripe for payment processing and Intercom for customer engagement. The technical infrastructure is hosted on Amazon AWS, indicating a professional hosting environment. However, the website content is primarily client-side rendered, with minimal static HTML content available, which may impact SEO and accessibility. Security-wise, HTTPS is used as inferred from included scripts, but explicit security headers are missing, and no privacy or cookie policies are present, indicating gaps in compliance and security best practices. Overall, the site presents a moderate security posture with room for improvement in privacy compliance and transparency.

H

HoT Telekom und Service GmbH

hot.at

76

HoT Telekom und Service GmbH operates as a prepaid mobile telecommunications provider in Austria, offering affordable and flexible mobile and internet services without contractual obligations. The company is positioned as a leading low-cost provider, affiliated with the reputable HOFER retail brand, and has received awards for customer satisfaction and price-performance. The website is professionally designed, mobile-optimized, and provides comprehensive information about services, legal policies, and customer support. Technically, the site uses modern frameworks such as Nuxt.js and Vue.js, with strong security practices including HTTPS and Content-Security-Policy headers. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. No critical security vulnerabilities or blocking mechanisms were detected, indicating a mature and trustworthy online presence.

F

Fielmann AG

fielmann.at

59

Fielmann AG is a leading optical retailer in Austria, providing eyeglasses, contact lenses, and eye care services through both online and physical store channels. The company has a strong market presence and brand recognition, targeting consumers seeking quality eyewear and optical solutions. The website reflects a mature digital infrastructure utilizing modern frontend technologies such as Vue.js and Tailwind CSS, supported by CDN providers to ensure fast and responsive user experience. Security posture is robust with HTTPS enforcement and comprehensive security headers, although explicit security policies and incident response contacts are not prominently published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a professional and trustworthy online presence consistent with the company's established reputation.

E

Escape The City Ltd.

escapethecity.org

57

Escape The City Ltd. operates a leading UK-based online platform dedicated to connecting ambitious professionals with purposeful jobs, volunteering roles, and career change programmes. The company has established a strong market position as a purpose-driven job board and employer certification provider, targeting professionals seeking meaningful work aligned with progressive values. Their services include curated job listings, employer services such as Top 1% Employer certification, and career development resources. The website is professionally designed, well-branded, and offers a seamless user experience with clear navigation and mobile optimization. Technically, the website leverages modern web technologies including Vue.js, Algolia for search, and Google Analytics for tracking. It is hosted on Bubble.io's CDN infrastructure, ensuring fast performance and reliable availability. The site implements security best practices such as HTTPS, CSRF tokens, and secure form handling, although explicit security policies and incident response information are not publicly disclosed. Privacy compliance is addressed with comprehensive privacy and cookie policies, though a cookie consent mechanism is not explicitly implemented. Overall, the security posture is strong with no evident vulnerabilities or exposed sensitive data. The business credibility is high, supported by company registration details, VAT number, and Certified B Corporation status. The domain age aligns well with the company's founding year, reinforcing legitimacy. Recommendations include enhancing transparency around security policies, adding a cookie consent mechanism, and publishing vulnerability disclosure information to further strengthen trust and compliance.

D

Das Bauhaus-Archiv / Museum für Gestaltung

bauhaus.de

49

Das Bauhaus-Archiv / Museum für Gestaltung is a prominent cultural institution in Germany dedicated to preserving and showcasing the Bauhaus legacy, the most influential school of architecture, design, and art of the 20th century. The website serves as a comprehensive portal for visitors, researchers, and enthusiasts, offering information on exhibitions, research projects, educational outreach, and a dedicated shop for Bauhaus-related products. The institution holds a leading market position in the cultural and educational sector related to Bauhaus history. Technically, the website is built on WordPress CMS with modern frontend technologies such as Vue.js, providing a smooth and responsive user experience. The site employs performance optimization tools like WP Rocket and integrates a consent management platform to comply with privacy regulations. Hosting is managed professionally via dns-hotel.net, ensuring reliable uptime and security. From a security perspective, the website enforces HTTPS and uses privacy-conscious cookie consent mechanisms. While no explicit security policy or incident response contacts are published, the site shows no signs of vulnerabilities or exposed sensitive data. The absence of common security headers is noted as an area for improvement. Overall, the security posture is solid for a cultural institution website. The risk assessment is low, with no detected malicious or suspicious activity. Strategic recommendations include enhancing security headers, publishing a security policy, and adding a security.txt file to improve transparency and vulnerability management. The website demonstrates high professionalism, trustworthiness, and compliance with GDPR requirements.

T

Tchibo

tchibo.at

60

The website represents an online shop for Tchibo products, primarily focused on retailing coffee and related merchandise to a general audience in Austria. The site uses modern frontend technologies such as Vue.js and Vuetify, indicating a contemporary technical infrastructure. However, the content quality is basic with limited visible business or contact information. Security posture is weak due to lack of visible security headers, absence of privacy and cookie policies, and no evident incident response or vulnerability disclosure mechanisms. The WHOIS data is unavailable due to quota restrictions, limiting the ability to verify domain legitimacy and registration details. Overall, the site functions as a basic e-commerce platform but requires improvements in security, privacy compliance, and transparency to enhance trust and compliance.

A

ACO

draindesign.aco

58

ACO is a global leader in surface water management systems, specializing in manufacturing and supplying a wide range of drainage channels and grating styles. The website targets designers, engineers, and urban planners, providing product information and design support. The digital infrastructure is modern, leveraging Vue.js and progressive web app technologies, but lacks visible privacy and security policies. Analytics are implemented via Google Tag Manager without explicit cookie consent mechanisms. Security posture is moderate with no detected security headers and unknown SSL configuration. Overall, the website is professional and content-rich but requires improvements in privacy compliance and security transparency.

EVENTIM.Light is a German e-commerce platform enabling event organizers to create their own ticket shops and sell tickets, including through the EVENTIM network. The website is professionally designed, mobile-optimized, and uses modern technologies such as Vue.js and Vuetify. It integrates Google reCAPTCHA for security and uses Akamai CDN for hosting and performance optimization. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. However, the absence of WHOIS data for the domain raises concerns about domain registration legitimacy, which impacts overall trustworthiness. No explicit security policy or incident response information is published, indicating room for improvement in transparency and security posture. Overall, the site is functional, secure, and targeted at professional event organizers in Germany.

О

ООО «Billur Com»

kia.uz

10

The website kia.uz represents the official Kia dealership in Uzbekistan, operated by ООО «Billur Com». It offers new Kia vehicles with services including credit, leasing, and trade-in options. The site targets general consumers in Uzbekistan interested in purchasing Kia automobiles. The business is well-established, with a domain registered since 2006, indicating a mature market presence. Technically, the website employs modern frontend technologies such as Vue.js, PrimeVue, Tailwind CSS, and Swiper.js, providing a good user experience with mobile optimization and decent SEO practices. Security posture is adequate with HTTPS enabled, but lacks visible security headers and formal security policies. Privacy and cookie policies are absent, which is a compliance gap. Overall, the site is professional and trustworthy but could improve in privacy compliance and security transparency.

DF1 is a German media website offering documentaries, reportages, magazines, quiz shows, weather updates, and live sports including MotoGP, PENNY DEL, Formel-E, tennis, sailing, and football. The site targets a general audience interested in diverse media content and live sports coverage. The business model appears to be content streaming and broadcasting, with a focus on entertainment and sports media. The website uses modern web technologies such as Nuxt.js and Vue.js, built on a WordPress CMS backend, indicating a moderate level of digital maturity. Performance and mobile optimization are basic but functional. From a security perspective, the site implements a cookie consent mechanism with GDPR considerations, but lacks visible privacy policies, terms of service, or security headers. SSL configuration details are not provided, and no contact or incident response information is available. Google Analytics is used for user tracking at a moderate level. The absence of critical security issues is positive, but improvements are needed in security best practices and transparency. Overall, the website is accessible and safe for general audiences, with no adult or explicit content detected. The domain WHOIS data is consistent with a legitimate German media site, though limited registrant details are available. The site scores moderately on content quality, technical implementation, security posture, privacy compliance, and business credibility, resulting in an overall AI score of 66 out of 100.

H

Henkel AG & Co. KGaA

fritz-henkel.com

66

The website https://fritz-henkel.com/ is a professionally designed microsite dedicated to celebrating the 175-year legacy of Fritz Henkel, founder of Henkel AG & Co. KGaA. It provides rich historical content, brand heritage storytelling, and corporate culture insights targeted at a general audience including brand enthusiasts and stakeholders. The site leverages modern web technologies such as Nuxt.js and Vue.js, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and cookie consent managed via OneTrust, although some security headers could be improved. The domain registration is consistent with the corporate identity and appropriate for a dedicated campaign site. Overall, the site demonstrates strong compliance with GDPR and presents trustworthy business information.

L

LOUPE

loupe.at

65

LOUPE is a specialized compliance management solution provider focusing on whistleblowing, anti-corruption, integrity management, and risk assessments. The company targets businesses needing to fulfill regulatory requirements such as the Corporate Sustainability Due Diligence Directive. Their market position is niche but professional, supported by ISO 27001 certification, indicating a strong commitment to information security. The website is well-designed, mobile-optimized, and uses modern technologies like Nuxt.js and Vue.js, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and a comprehensive cookie consent mechanism, although explicit incident response and vulnerability disclosure information are absent. Overall, the website and business present a trustworthy and professional image with moderate user tracking balanced by GDPR-compliant privacy practices.

M

Magyar Telekom Nyrt.

telekom.hu

63

Magyar Telekom Nyrt. is a leading telecommunications provider in Hungary, offering a wide range of services including mobile telephony, internet, TV, and device sales targeted primarily at residential customers. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content tailored to its audience. The company is a subsidiary of Deutsche Telekom AG, reinforcing its strong market position and enterprise scale. Technically, the site employs modern web technologies such as Vue.js and Google Tag Manager, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policy and incident response information are not publicly detailed. Overall, the site demonstrates high trustworthiness and compliance with GDPR and cookie regulations, supporting a positive user experience and business credibility.

M

Magyar Kézilabda Szövetség

mksz.hu

58

The Magyar Kézilabda Szövetség website serves as the official digital presence of the Hungarian Handball Federation, providing comprehensive information about handball activities, news, competitions, and organizational details in Hungary. It targets handball players, fans, sports professionals, and the broader Hungarian sports community. The site is well-positioned as a national governing body with authoritative content and strong brand consistency. Technically, the website employs modern web technologies including Vue.js, jQuery, and various analytics tools such as Microsoft Clarity, Google Analytics, Hotjar, and Facebook Pixel. The site is mobile-optimized with good performance and SEO practices, although accessibility features could be enhanced. Hosting details are not explicitly identified but the site uses HTTPS with strong security headers. From a security perspective, the site demonstrates good practices with enforced HTTPS, cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policies, incident response information, and vulnerability disclosure mechanisms, which could be improved to enhance trust and compliance. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. It effectively supports the federation's mission and provides a positive user experience. Strategic recommendations include publishing security and incident response policies, adding terms of service, and enhancing accessibility compliance.

E

European Handball Federation

eurohandball.com

51

The European Handball Federation (EHF) operates a comprehensive and professionally designed website serving as the central hub for European handball competitions, news, media, and fan engagement. The site offers extensive information on club and national team competitions, development programs, and services such as media accreditation and ticketing. The EHF positions itself as the authoritative body for handball in Europe with a strong digital presence and multiple linked domains supporting its ecosystem. Technically, the website employs modern JavaScript frameworks including Vue.js, integrates advanced analytics tools like Segment and Google Tag Manager, and uses a robust cookie consent mechanism via Iubenda, ensuring GDPR compliance. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. From a security perspective, the site enforces HTTPS and implements cookie consent with per-purpose control, though explicit security headers could be more visible. No vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS registration data for the domain is a notable anomaly that slightly impacts trustworthiness, though the professional nature of the site mitigates concerns. Overall, the EHF website demonstrates a mature digital infrastructure with strong content quality and privacy compliance. The main risk lies in the missing WHOIS data, which should be monitored. Strategic recommendations include enhancing security header implementation, improving contact information visibility, and regular audits of third-party scripts to maintain security posture.

K

Kuoni Reisen

kuoni.at

64

Kuoni Reisen is a prominent Austrian travel agency offering a wide range of travel services including package holidays, flights, hotels, cruises, and car rentals. The website targets travelers primarily in Austria, providing comprehensive travel options with a focus on luxury and affordability. Kuoni maintains a strong market position supported by customer trust, evidenced by awards and positive reviews. Technically, the website is built on TYPO3 CMS with modern frontend technologies like Vue.js, ensuring a responsive and user-friendly experience. Security measures include HTTPS enforcement, consent management via Usercentrics, and error monitoring with Sentry, though some security headers could be improved. Overall, the site demonstrates a mature digital infrastructure with good privacy compliance and a professional online presence.

C

Christliches Zentrum Hofmatt Aarburg

czh.ch

10

Christliches Zentrum Hofmatt Aarburg (CZH) is a small, non-profit Christian church based in Aarburg, Switzerland, focused on providing a welcoming community for families and individuals. The website highlights their core values, church services, youth and children programs, and community groups, positioning them as a local religious organization with an international and family-oriented approach. Their digital presence includes active social media channels and a newsletter subscription, supporting community engagement. Technically, the website is built on WordPress with modern plugins and frameworks such as Vue.js and Swiper.js, ensuring a responsive and user-friendly experience. SEO practices are well implemented with Yoast SEO and structured data markup. Security posture is adequate with HTTPS and reCAPTCHA usage, though there is room for improvement in security headers and incident response transparency. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism. Overall, the website is professional, trustworthy, and serves its community effectively.

U

Up Romania

uponline.ro

53

Up Romania operates a digital platform (uponline.ro) primarily serving its clients and partners by providing account access, business proposal management, and marketing information. The platform supports both company users and card users, facilitating loyalty and payment services. The website also promotes the Up Mobil+ mobile application available on multiple app stores. Technically, the site is built using Vue.js, integrates Google Analytics for traffic monitoring, and uses Cloudflare DNS services. Security measures include HTTPS, Google reCAPTCHA for form protection, and a cookie consent mechanism compliant with GDPR. However, DNSSEC is not enabled and security headers are not explicitly present, indicating room for improvement. Overall, the website is professional, trustworthy, and well-structured, targeting Romanian business clients and affiliated users.

L

Lexus

discoverlexus.com

60

DiscoverLexus.com serves as a global lifestyle and brand marketing platform for Lexus, a premium automotive brand. The website focuses on delivering luxury and lifestyle content that aligns with Lexus's market positioning as a leader in the transportation sector. The site targets luxury vehicle enthusiasts and Lexus customers worldwide, providing brand storytelling and vehicle-related information. The business model centers on brand engagement and lifestyle marketing rather than direct sales. The domain age and WHOIS data support the legitimacy and maturity of the brand presence online. Technically, the website employs modern frontend technologies including Vue.js and Nuxt.js, with a CMS likely based on Statamic. Hosting is supported by Microsoft Azure DNS infrastructure. The site demonstrates good mobile optimization and SEO practices, with cookie consent managed by Cookiebot. Performance is moderate, with room for improvement in accessibility and security headers. From a security perspective, the site uses HTTPS and enforces domain transfer protection. However, DNSSEC is not enabled, and security headers are not detected in the provided data. There is no visible privacy policy or terms of service, which are critical for compliance and user trust. No incident response or vulnerability disclosure mechanisms are found. The site integrates Google Tag Manager for analytics and tracking, balanced with a cookie consent mechanism. Overall, the website is professionally designed and trustworthy, with a strong brand presence. To enhance security posture and compliance, it is recommended to publish privacy and terms policies, enable DNSSEC, implement security headers, and provide clear contact information for incident response. These steps will improve user trust, regulatory compliance, and resilience against threats.

.

.LOUPE

loupe.link

65

The website loupe.link represents .LOUPE, a specialized provider of compliance management solutions focusing on whistleblowing, anti-corruption, integrity management, risk assessments, and corporate sustainability due diligence. The company targets businesses requiring turnkey compliance solutions, positioning itself as a niche player with ISO 27001 certification enhancing its credibility. The website is built on modern web technologies including Nuxt.js and Vue.js, with integrated analytics and cookie consent mechanisms reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and GDPR-compliant privacy and cookie policies, though some areas like explicit Terms of Service and vulnerability disclosure policies are missing. Overall, the site is professional, trustworthy, and safe for general audiences.

K

Kraftfahrt-Bundesamt

kba-online.de

62

The Kraftfahrt-Bundesamt (KBA) operates as a federal government authority in Germany, providing a range of online services related to vehicle registration, recall databases, driver points information, and other transport-related data management. The website serves a broad audience including citizens, businesses, and governmental bodies, positioning itself as the authoritative source for vehicle and traffic data in Germany. The business model is centered on public service delivery through digital platforms, enhancing accessibility and efficiency for users. Technically, the website employs modern frontend technologies such as Vue.js and Vuetify, ensuring a responsive and user-friendly interface optimized for mobile devices. The site demonstrates moderate performance and basic accessibility features, with room for improvement in SEO and security header implementation. Hosting and backend details are not explicitly disclosed but the use of official German name servers indicates a stable and secure infrastructure. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data or vulnerable libraries in the frontend. However, it lacks visible security headers and does not provide explicit security policies or incident response contact information, which are areas for enhancement. Privacy compliance is generally good with a comprehensive privacy policy and GDPR adherence, though the absence of a cookie consent mechanism is a minor gap. Overall, the website is trustworthy, professionally maintained, and aligned with its governmental role. Strategic recommendations include implementing security headers, adding cookie consent, publishing security and incident response policies, and enhancing accessibility to further strengthen the security posture and user trust.

wunu webLab OG is a small Austrian digital agency specializing in tailored digital experiences that combine design, technology, and strategy. Their core services include app development, web solutions, and creative design, targeting startups and businesses seeking innovative digital products. The company maintains a professional online presence with clear branding, comprehensive privacy and cookie policies, and accessible contact information. Technically, the website leverages modern JavaScript frameworks such as Nuxt.js and Vue.js, and employs Matomo for privacy-conscious analytics. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response information are not published. Overall, the website reflects a mature digital infrastructure and a trustworthy business model.

A

Allgemeine Unfallversicherungsanstalt (AUVA)

auva.at

67

The Allgemeine Unfallversicherungsanstalt (AUVA) is a key Austrian government institution providing accident insurance, prevention, treatment, rehabilitation, and financial compensation services. The website serves as the official portal for AUVA, targeting Austrian residents and workers who require accident-related social insurance services. The site is professionally designed, primarily in German, and uses modern web technologies including Vue.js and the Umbraco CMS platform. It demonstrates good digital maturity with mobile optimization, accessibility features, and SEO best practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, though explicit security policies and incident response contacts are not found in the provided content. WHOIS data confirms the domain's legitimacy and consistency with the institution's government affiliation. Overall, the website is trustworthy and serves its public service function effectively.

B

Bauspot.de

bauspot.de

60

Bauspot.de is a German online platform serving the construction industry by providing product information, training, webinars, and a partner portal for manufacturers. The site targets construction professionals and manufacturers within Germany, positioning itself as a niche resource and marketplace. Technically, the website employs modern technologies such as Vue.js, integrates third-party services like YouTube and Vimeo for video content, and uses Cookiebot for GDPR-compliant cookie consent management. Hosting is provided via German-based nameservers, consistent with the business location. Security posture is solid with HTTPS enabled, CSRF protection, and anonymized IP tracking in analytics, though some security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. No direct contact emails or phone numbers are publicly listed, with contact likely via legal or contact pages. Overall, the website is professional, trustworthy, and well-structured, with moderate tracking and advertising practices primarily through Google services.

M

Museum für Gestaltung Zürich

museum-gestaltung.ch

51

Museum für Gestaltung Zürich is a leading Swiss museum specializing in design and visual communication, operating across three locations in Zurich. It is affiliated with the Zurich University of the Arts and supported by prominent cultural and corporate entities. The museum offers exhibitions, educational programs, publications, and an online shop, targeting a broad audience including groups, schools, families, and accessible audiences. The website reflects a mature digital presence with modern technologies such as Nuxt.js and Vue.js, and integrates Matomo analytics for user tracking. Security posture is strong with HTTPS and security headers implemented, though there is room for improvement in privacy compliance with the addition of cookie consent mechanisms and explicit security policies. Overall, the site is professional, trustworthy, and well-optimized for performance and accessibility.

E

EXPO EVENT – Swiss LiveCom Association

expo-event.ch

61

EXPO EVENT – Swiss LiveCom Association is a national industry association representing the Live Communication sector in Switzerland. The organization provides membership services, industry events, education, and sustainability consulting to its members. The website reflects a professional and well-established entity with a clear market position as a leading voice for LiveCom in Switzerland. The technical infrastructure is modern, leveraging Nuxt.js and Vue.js frameworks, with integration of common analytics and marketing tools such as Google Analytics and LinkedIn Insight Tag. Security posture is strong with HTTPS and security headers implemented, although cookie consent mechanisms and explicit terms of service are missing. Overall, the site is well-designed, mobile-optimized, and provides comprehensive contact and event information, supporting a high level of trust and credibility.

O

Optimize AG

eventlokale.ch

62

eventlokale.ch is a well-established Swiss event portal operated by Optimize AG, offering a comprehensive marketplace for event locations, service providers, and event-related job listings. The platform targets event planners and individuals in Switzerland, positioning itself as the largest event portal in the country. The website provides rich content including editorial articles, event ideas, and the Swiss Location Award information, enhancing its market presence and user engagement. Technically, the site is built on modern frameworks such as Nuxt.js and Vue.js, with integrations of Google Analytics, Google Tag Manager, and Hotjar for analytics and user behavior tracking. The site is mobile-optimized and features good SEO practices, although accessibility could be improved. Security-wise, the site enforces HTTPS and includes standard security headers, but lacks visible privacy and cookie policies, which are critical for GDPR compliance. No contact emails or phone numbers were found, which may impact user trust and compliance. Overall, the site is professional and trustworthy but should address privacy compliance and contact transparency to enhance its security posture and user confidence.

F

fit4future foundation Germany

fit4future-foundation.de

49

fit4future foundation Germany is a Munich-based non-profit organization dedicated to promoting health and environmental sustainability among children and youth. Their focus lies in educating about the intersection of climate change and health, supporting school projects, and running tree planting donation campaigns. The foundation targets schools, educators, and environmentally conscious individuals in Germany, positioning itself as a niche player in the non-profit sector focused on future generations' well-being. Technically, the website employs modern web technologies including Vue.js for frontend rendering, Google Tag Manager for analytics, and Usercentrics for GDPR-compliant cookie consent management. The site is mobile-optimized with good navigation and content quality, though no explicit CMS or hosting provider details are evident. Performance is moderate with room for improvement in accessibility features. From a security perspective, the site uses HTTPS and implements cookie consent but lacks visible security headers and published security policies or incident response information. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is supported by a privacy policy and cookie banner, but terms of service and vulnerability disclosure mechanisms are absent. Overall, the website is trustworthy and professional with a strong focus on its mission. Recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and improving accessibility compliance to strengthen the security posture and user trust.

ISUZU France operates as a commercial vehicle manufacturer and distributor, focusing on trucks and pickups such as the D-MAX and Truck series. The website serves French-speaking customers with detailed product information, dealer locators, and customer service resources. The company is positioned as a significant player in the transportation sector in France, supported by a large-scale business infrastructure. Technically, the website employs modern frameworks including Laravel and Vue.js, with integration of Google Tag Manager and Iubenda for privacy compliance. The site is mobile-optimized and demonstrates good SEO practices. Security posture is solid with HTTPS enforced and CSRF protections, though some security headers and explicit incident response information are absent. Privacy policies are comprehensive and GDPR compliant, including a named Data Protection Officer. Overall, the site is professional, trustworthy, and safe for general audiences.

MIDI Europe Srl operates the official Italian website for Isuzu commercial vehicles, focusing on the sales and support of models such as the D-MAX pickup and various truck ranges. The company targets commercial vehicle buyers and fleet operators within Italy and Europe, providing comprehensive product information, after-sales services, and dealer network access. The website demonstrates a solid market position as a reputable manufacturer and distributor in the transportation sector. Technically, the site leverages modern frameworks like Vue.js and Laravel, integrates Google Tag Manager for analytics, and employs Iubenda for cookie compliance, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS, implements standard security headers, and provides a whistleblowing channel and data protection officer contact, indicating a strong security posture. No critical vulnerabilities or suspicious elements were detected, and privacy policies are comprehensive and GDPR compliant. Overall, the website is professional, trustworthy, and well-aligned with the business's operational and compliance needs.

O

OWNBIT GmbH

ownbit.net

56

OWNBIT GmbH is a Swiss web agency specializing in custom websites and web applications, with a strong focus on user-centered digital solutions. The company targets Swiss SMEs, corporations, and design agencies, offering tailored WordPress and web development services. With over 12 years of market presence and more than 200 clients, OWNBIT holds a reputable position in the local technology sector. The website reflects a professional and consistent brand image, supported by client testimonials and a 5-star Google rating. Technically, the website is built using modern frameworks such as Vue.js and Gridsome, ensuring fast performance and excellent mobile optimization. The use of WordPress for client projects indicates flexibility in CMS solutions. The site includes cookie consent mechanisms and a comprehensive privacy policy, demonstrating good GDPR compliance. However, explicit security headers and SSL configuration details are not evident from the data, suggesting areas for security enhancement. The security posture is moderate with no visible vulnerabilities or exposed sensitive data, but the absence of detailed security policies and incident response information indicates room for improvement. The WHOIS data is privacy protected, which is justified for this business type, though it limits domain age verification. Overall, the website is trustworthy, professional, and compliant with privacy regulations, with recommendations to strengthen security headers and transparency. Strategically, OWNBIT should focus on enhancing security best practices and publishing vulnerability disclosure policies to further build client trust and compliance readiness.

S

Sparkassen in Hessen und Thüringen

ps-los-sparen.de

66

The website www.ps-los-sparen.de represents a regional lottery savings product offered by the Sparkassen financial institutions in Hessen and Thüringen, Germany. The business model combines savings with lottery participation, offering cash and prize draws while supporting social projects. The site targets local savers and lottery participants, positioning itself as a trusted regional financial service with strong branding consistency aligned with the Sparkassen group. Technically, the site is built on Concrete CMS with modern frontend technologies including jQuery, Bootstrap, and Vue.js. It employs Matomo analytics for privacy-conscious user tracking and integrates a cookie consent mechanism, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and privacy-respecting analytics, though explicit security headers and published security policies are absent. The site is accessible without WAF or blocking mechanisms and shows no signs of malicious content or vulnerabilities. Overall, the website demonstrates good content quality, technical implementation, and business credibility, suitable for its regional financial service role.

Simpleview Europe is a specialized digital agency providing comprehensive tourism technology solutions including CMS, CRM, DMS, and digital marketing services. As part of Granicus, it holds a strong market position serving Destination Management Organisations and tourism boards across Europe. The website reflects a mature digital presence with modern technologies and extensive service offerings. However, the absence of WHOIS data and lack of explicit privacy and cookie policies indicate areas for improvement in transparency and compliance. The technical infrastructure is robust with use of modern JavaScript frameworks and analytics tools, supporting good performance and user experience. Security posture is moderate with HTTPS implied but lacking visible security headers and published policies. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and clearer contact and security information.

W

WABSOLUTE GmbH

wabsolute.de

51

WABSOLUTE GmbH is a specialized technology company focused on enhancing vocational training through digital solutions, prominently featuring their proprietary platform APPRENTIO. Positioned as an innovative partner in the German-speaking market, they serve organizations seeking to improve apprenticeship quality and management. Their website reflects a professional and modern digital presence, leveraging contemporary frameworks such as Vue.js and Laravel, hosted on maxcluster.net, and integrating privacy and security tools like Cookiebot and Google reCAPTCHA. Security posture is solid with HTTPS and consent mechanisms, though explicit security headers and incident response details are absent. Overall, the site demonstrates strong business credibility and compliance with GDPR, supported by certifications like ISO 9001. Strategic recommendations include enhancing security headers and publishing a formal security policy to further strengthen trust and compliance.

A

Active City Hamburg

hamburg-activecity.de

56

Active City Hamburg is a government-backed public initiative promoting sports and physical activities for all residents and visitors of Hamburg. The platform offers a comprehensive activity program, event information, and sports club details, supported by a dedicated mobile app. The website is well-branded, professionally designed, and targets a broad audience interested in an active lifestyle. Technically, the site uses modern web technologies including Vue.js and Mapbox GL JS, hosted on AWS infrastructure with S3 storage. The site is mobile-optimized and accessible, with good SEO practices. Security posture is solid with HTTPS and CSRF protections, though some security headers could be improved. Privacy compliance is strong with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and serves as a valuable resource for the Hamburg community.