Security Directory

D

DEKORHOME, s.r.o.

dekorhome.cz

53

DEKORHOME, s.r.o. operates a large e-commerce platform specializing in furniture, home accessories, and garden products primarily targeting customers in the Czech Republic and Slovakia. The website offers a wide product range with claims of over 70,000 products and 3 million satisfied customers, positioning itself as a significant player in the regional retail market. The business model focuses on online retail with customer support and promotional sales events. Technically, the site is built on the Upgates e-commerce platform, leveraging modern JavaScript libraries and CDN hosting for performance. The site is mobile-optimized and includes SEO best practices. Security posture is solid with HTTPS and cookie consent mechanisms, though there is room for improvement in security headers and incident response transparency. Overall, the site is professional, trustworthy, and compliant with GDPR requirements. No blocking or WAF interference was detected, allowing full content access and analysis.

Indiana University Indianapolis operates as a premier educational institution serving the Indianapolis region and the broader Midwest. The website provides comprehensive academic program information, student support services, research initiatives, and campus life details, targeting prospective and current students, faculty, and alumni. The site is well-structured with consistent branding aligned with Indiana University standards. Technically, the site leverages modern web technologies including Rivet Site Builder and integrates multiple analytics and marketing pixels, indicating a mature digital presence. Security posture is moderate with HTTPS usage implied but lacking explicit security headers and published security policies. Privacy compliance is limited due to absence of clear privacy and cookie policies. Overall, the domain is a legitimate subdomain of the official Indiana University domain, though WHOIS data is unavailable as expected for subdomains. Strategic improvements in privacy transparency and security hardening would enhance trust and compliance.

C

Croatian Climate Change Panel

solarniklaster.org

45

The Croatian Climate Change Panel operates the solarniklaster.org website as a specialized platform focused on renewable energy, sustainable technologies, and climate change awareness primarily targeting Croatian and regional audiences. The site offers news, expert articles, multimedia content, and educational resources to support green energy transition efforts. Technically, the website uses a standard modern tech stack including Bootstrap, jQuery, and analytics tools, hosted on a domain registered since 2015 with privacy protection. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is basic with policies present but no explicit cookie consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the site is a credible, niche informational resource with room for security and privacy improvements.

P

Perille Mobility Services Oy

perille.fi

55

Perille Mobility Services Oy operates Perille.fi, a Finnish travel ticket service that aggregates and facilitates the purchase of train, bus, and flight tickets across Finland. The platform integrates multiple major transport providers, offering door-to-door trip planning and a user-friendly interface without requiring app downloads or registration. The service targets travelers within Finland seeking convenient and comprehensive travel options. Technically, the website is built on modern frameworks such as Next.js and React, with integrations for analytics and payment processing. Security posture is strong with HTTPS enforcement and standard security headers, though explicit security policies and incident response details are not publicly disclosed. Overall, the website is professional, trustworthy, and compliant with privacy regulations, making it a reliable platform for travel planning and ticket purchasing.

P

Perille Mobility Services Oy

matkakeisari.fi

57

Matkakeisari.fi is a Finnish travel ticket price comparison and booking platform operated by Perille Mobility Services Oy, founded in 2015. The service aggregates bus and train schedules and prices from major Finnish transport providers, enabling travelers to find the cheapest and fastest routes and purchase tickets conveniently. The website is well-designed, mobile-optimized, and uses modern web technologies including React and Next.js. It integrates Google Analytics and Tag Manager for analytics and marketing purposes. Security posture is solid with HTTPS and security headers implemented, though no explicit security or incident response policies are published. Privacy compliance is supported by a comprehensive privacy policy and cookie consent mechanism. The domain registration data aligns well with the business claims, supporting legitimacy. Overall, the website provides a trustworthy and user-friendly service for Finnish public transport travelers.

S

Saaristolautat.fi

saaristolautat.fi

43

Saaristolautat.fi is a specialized informational website providing ferry routes and schedules for the Finnish archipelago, including the Turku archipelago and Åland Islands. The site targets travelers and residents needing up-to-date ferry information for over 40,000 islands serviced by approximately 50 ferries and 200 docks. The business model is primarily informational, serving as a public utility platform rather than a commercial enterprise. The website is relatively small in scale, founded in 2017, and operates with a niche focus on regional transportation. Technically, the website employs a modern web stack including HTML5, CSS3, JavaScript with jQuery, Bootstrap for responsive design, FontAwesome for icons, and integrates Google Maps API for route visualization. Hosting appears to be provided by Domainhotelli, a Finnish hosting provider. The site is mobile optimized and has good SEO practices, though accessibility features are basic. Performance is moderate, with no major technical issues detected. From a security perspective, the site lacks visible security headers and does not provide privacy or cookie policies, which are important for GDPR compliance given its European audience. No contact information or incident response details are provided, limiting transparency and trust. The WHOIS data shows the domain is registered to a private person rather than an organization, which is somewhat inconsistent with the public service nature of the site but not necessarily suspicious. No WAF or blocking mechanisms are detected, and the site content is fully accessible. Overall, the website is functional and provides valuable regional transportation information but would benefit from improved security practices, privacy compliance, and clearer business contact details to enhance trust and regulatory adherence.

L

LuxID

luxid.lu

66

LuxID is a Luxembourg-based digital identity platform providing a secure, unified login solution for multiple local companies and applications. Supported by major partners such as POST, Cactus, CFL, and RTL, LuxID aims to simplify user authentication while enhancing privacy and security in compliance with GDPR. The website is professionally designed, multilingual, and offers clear information about the service, benefits, and partners. Technically, the site uses modern web technologies including Liferay CMS, Bootstrap, React, and various JavaScript libraries, hosted likely within Luxembourg's POST infrastructure. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security policies and vulnerability disclosures are absent. WHOIS data is unavailable, limiting domain trust verification, but the business credibility is supported by visible partnerships and professional content.

The website is a LinkedIn public profile for Alexander W., representing a small local tutoring business named Bloomington Tutors based in Bloomington, Indiana, USA. The profile highlights educational services and includes links to related tutoring websites. The digital infrastructure relies on LinkedIn's proprietary platform with secure authentication mechanisms including Google OAuth. Privacy and cookie policies are clearly presented, indicating compliance with GDPR and other regulations. The site is professionally designed with good content quality and user experience, optimized for mobile and accessibility. Security posture is strong with HTTPS, secure forms, and standard security headers, though WHOIS data is privacy protected and unavailable for detailed domain registration analysis. Overall, the site is trustworthy and suitable for its educational purpose.

Kevin Brown-Silva's website serves as a professional portfolio showcasing his software development expertise and contributions to open source projects. The site highlights his skills in technologies such as Python, Django, JavaScript, and jQuery, and provides links to his GitHub, Stack Overflow, LinkedIn, and Twitter profiles, establishing a credible online presence. The business model is personal branding and professional networking, targeting technology professionals and potential employers or collaborators. Technically, the website is built with standard web technologies including HTML, CSS, and JavaScript, with references to frameworks like Django REST framework and jQuery. Hosting and DNS are managed via Cloudflare, ensuring good SSL configuration and domain security. The site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. From a security perspective, the website benefits from HTTPS and domain transfer protection but lacks critical security headers and formal privacy or cookie policies. No forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement features. The absence of vulnerability disclosure or incident response information indicates room for improvement in security maturity. Overall, the website is a safe, professional, and trustworthy personal portfolio with good business credibility but limited privacy compliance and security best practices. Strategic enhancements in privacy policies, security headers, and incident response readiness would strengthen the site's security posture and compliance.

L

Le Gouvernement du Grand-Duché de Luxembourg

services-publics.lu

67

Guichet.public.lu is the official government portal of Luxembourg dedicated to providing citizens with easy access to a wide range of public services and administrative information. The website covers numerous thematic areas including financial aid, citizenship, family and education, taxation, immigration, inclusion, justice, housing, leisure, health, transport, and employment. It serves as a comprehensive digital gateway for residents and citizens to navigate government procedures efficiently. Technically, the site leverages Adobe Experience Manager as its CMS platform and uses Adobe Dynamic Tag Management for analytics and tracking. The site is well-structured with responsive design and accessibility features, ensuring a good user experience across devices. However, some security headers and explicit privacy and cookie policies are not evident in the provided content, indicating areas for improvement in compliance and security transparency. From a security perspective, the site uses HTTPS and secure login mechanisms, but lacks visible security headers and incident response contact information. The WHOIS data for the domain is unavailable or malformed, which limits the ability to fully verify domain registration legitimacy. Despite this, the official branding and domain (.public.lu) strongly support its authenticity as a government site. Overall, guichet.public.lu demonstrates a mature digital presence with excellent content quality and user experience, but could enhance its privacy compliance and security posture by publishing clear policies and improving domain transparency. Strategic recommendations include implementing comprehensive privacy and cookie policies with consent mechanisms, adding security headers, and providing explicit security incident contacts to strengthen trust and compliance.

S

Système d'Information Géographique de la Grande Région

sig-gr.eu

61

The website www.sig-gr.eu represents the Système d'Information Géographique de la Grande Région, a government-backed geographic information system service focused on the Greater Region, including France and Luxembourg. It provides thematic maps, interactive geoportals, metadata catalogs, and open data to support regional planning and cooperation. The site is professionally designed, multilingual, and offers comprehensive content relevant to its target audience of public institutions, researchers, and regional partners. Technically, it is built on Adobe Experience Manager CMS and uses Adobe DTM for analytics, with a responsive design and good accessibility features. Security posture is moderate with HTTPS enforced and cookie consent implemented, though explicit security headers and policies are not evident. Privacy compliance is strong with clear privacy and cookie policies aligned with GDPR. Overall, the site is trustworthy and legitimate, though WHOIS data is unavailable due to EURid privacy restrictions. Strategic recommendations include enhancing security headers, publishing incident response contacts, and adding vulnerability disclosure information.

Marcus Hutchins' website serves as a personal brand platform highlighting his expertise as a cybersecurity specialist, speaker, and ex-hacker known for stopping the global WannaCry ransomware attack. The site targets cybersecurity professionals and enthusiasts, offering services such as public speaking, research, and educational content. The business model revolves around personal branding and content dissemination. Technically, the site employs modern web technologies including HTML5, CSS3, JavaScript, Google Fonts, and Ionicons, hosted behind Cloudflare DNS and CDN services. Analytics are implemented via Google Analytics and Cloudflare Insights, though privacy compliance is limited due to the absence of privacy and cookie policies. Security posture is solid with HTTPS and domain registration protections, but could be enhanced by enabling DNSSEC and adding security headers. Overall, the site is professional, trustworthy, and well-structured, though it lacks some compliance documentation.

I

INSIDE COMMUNICATION

inside-communication.lu

38

INSIDE COMMUNICATION is a communication agency based in Luxembourg focusing on strategies, innovation, and impact. The current website is a placeholder announcing a forthcoming new site and offers a newsletter subscription to keep interested parties informed. The company targets businesses or professionals seeking communication and innovation services. The website's technical infrastructure uses standard web technologies including HTML5, CSS3, JavaScript, and integrates Google Fonts and CreateSend for email marketing. However, the site lacks advanced frameworks or CMS indications and shows basic mobile optimization and accessibility features. Security posture is limited with no visible HTTPS confirmation or security headers, and no privacy or cookie policies are present. The WHOIS data is unavailable due to query rate limits, limiting domain legitimacy verification. Overall, the site is functional but minimal, with room for significant improvements in security, privacy compliance, and content richness.

C

Contact Privacy Inc. Customer 0167022659

eth.limo

58

eth.limo is a technology service focused on making decentralized websites accessible, specifically those built with the Ethereum Name Service (ENS). The website positions itself as a niche service provider facilitating effortless access to blockchain-based web content. The company appears to be a small-sized entity founded in 2021, with domain registration protected by privacy services. The site uses modern front-end technology (Framer) and is hosted on AWS infrastructure, indicating a reasonable level of digital maturity. However, the absence of privacy and cookie policies suggests gaps in compliance and transparency. Security posture is moderate with HTTPS enabled and domain transfer protections in place, but DNSSEC is not enabled and no explicit security policies are published. Overall, the website is professional and functional but would benefit from enhanced privacy compliance and security best practices.

P

Prva sušačka hrvatska gimnazija u Rijeci

pshg.net

44

Prva sušačka hrvatska gimnazija u Rijeci is a Croatian secondary school providing general and specialized education including classical ballet and contemporary dance programs. The institution is well-established with a domain age since 2007 and holds Erasmus accreditation, indicating active participation in European educational programs. The website serves students, parents, and educators with relevant news, schedules, and contact information. Technically, the site uses standard web technologies such as HTML5, CSS3, jQuery, and Font Awesome, hosted under a reputable registrar. The site is moderately optimized for performance and mobile use, with clear navigation and consistent branding. Security posture is moderate; while HTTPS is assumed, no advanced security headers or DNSSEC are implemented, and no cookie consent mechanism is present, which may affect compliance with privacy regulations. Overall, the site is trustworthy and professional but could improve in security and privacy compliance.

R

RIKA Innovative Ofentechnik GmbH

rika.at

58

RIKA Innovative Ofentechnik GmbH is an Austrian manufacturer specializing in high-quality heating stoves including pellet, wood-burning, and combination ovens. The company emphasizes innovation, Austrian craftsmanship, and customer-centric services such as an online stove configurator and a broad dealer network. Their market position is that of a reputable medium-sized enterprise with international reach, targeting homeowners seeking efficient and modern heating solutions. Technically, the website employs modern JavaScript libraries and asynchronous loading techniques, hosted on DigitalOcean infrastructure, ensuring fast performance and excellent mobile optimization. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent mechanisms, though some security headers and explicit incident response policies are absent. Privacy compliance is well addressed with comprehensive policies and GDPR adherence. Overall, the website is professional, trustworthy, and well-structured, supporting the company's business credibility effectively.

L

Latin Studio

latinstudio.at

58

Latin Studio is a small local dance studio based in Austria specializing in Latin dance styles. The website is built on the Wix platform and offers information about dance classes and workshops targeting dance enthusiasts. The technical infrastructure is standard for Wix-hosted sites, with moderate performance and basic mobile optimization. Security posture is basic with HTTPS enabled but lacks security headers and formal privacy or cookie policies. No contact or incident response information is provided, limiting transparency and compliance. Overall, the site is functional but would benefit from enhanced security and privacy features to improve trust and compliance.

F

Fondation Restena

restena.lu

72

Fondation Restena is a Luxembourg-based non-profit foundation that manages telecommunication infrastructure and services for the research, education, culture, health, and administration sectors in Luxembourg. It operates the national research and education network, manages the .lu domain registry, and provides a range of services including email, hosting, network connectivity, and IT security. The foundation is well-established, with origins dating back to 1989 and formal foundation status since 2000. Their market position is strong as a key national infrastructure provider with a focus on public and academic institutions. Technically, the website is built on Drupal 8, featuring modern web technologies and good mobile optimization. The site is well-structured with clear navigation and professional design. Security posture is strong, supported by ISO 27001 certification and secure form handling, although some security headers are not visibly implemented. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism. Overall, the security posture is robust with dedicated incident response services (CSIRT) and ongoing certification efforts. No major vulnerabilities or suspicious patterns were detected. The domain WHOIS data aligns well with the website content, confirming legitimacy and consistency. Strategic recommendations include enhancing privacy compliance with cookie consent, adding security headers, and publishing a vulnerability disclosure policy to further strengthen trust and security culture.

M

Ministère de l'Éducation nationale, de l'Enfance et de la Jeunesse

men.lu

58

The website men.public.lu is the official online presence of the Ministry of National Education, Childhood and Youth of Luxembourg. It serves as a comprehensive information portal providing detailed content on the Luxembourg education system, policies, news, events, and resources for students, parents, educators, and the general public. The site is well-positioned as an authoritative government source with a clear focus on education and youth services in Luxembourg. Technically, the website is built on Adobe Experience Manager CMS, leveraging modern web technologies including RequireJS and Adobe Dynamic Tag Management for analytics and tag management. The site is mobile-optimized, accessible, and demonstrates good SEO practices. Performance is moderate, with content delivered via a government CDN. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not fully confirmed, the site follows best practices with no visible vulnerabilities or exposed sensitive data. The absence of WHOIS data is noted but likely due to registry policies rather than malicious intent. Overall, the site maintains a strong security posture suitable for a government entity. The overall risk assessment is low, with no signs of malicious activity or compliance issues. Strategic recommendations include enhancing security header implementation, publishing a formal security policy, and improving incident response contact visibility to further strengthen trust and security culture.

F

FIVA (Fédération Internationale des Véhicules Anciens)

fiva.org

64

FIVA (Fédération Internationale des Véhicules Anciens) is a globally recognized non-profit organization dedicated to the protection, preservation, and promotion of historic vehicles. Established in 1966 and active in over 80 countries, FIVA serves millions of historic vehicle enthusiasts worldwide and holds a consultative partnership with UNESCO. The organization offers membership services, event support, advocacy on legislation, and maintains a comprehensive document library to support the historic vehicle community. Their website reflects a professional and well-structured digital presence, emphasizing community engagement and education. Technically, the website employs modern JavaScript libraries such as Livewire (Laravel), GSAP, and Swiper.js, alongside Google reCAPTCHA v3 for form security. The site is mobile-optimized, fast-loading, and includes SEO best practices. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although explicit security policies and incident response contacts are not published. Analytics and marketing tools like Google Analytics and Facebook Pixel are used with user consent. The WHOIS data for the domain is unavailable or malformed, which limits the ability to fully verify domain registration legitimacy. Despite this, the website's professional design, clear contact information, and active social media presence support its credibility. No adult or questionable content is present, making the site safe for general audiences. Overall, FIVA's website demonstrates a mature digital infrastructure suitable for its global non-profit mission, with room for improvement in transparency around security policies and domain registration details.

S

Shift4

securionpay.com

65

Shift4 is a large, publicly-traded technology company specializing in commerce technology and payment processing solutions. The website dev.shift4.com serves as a developer portal and informational site for the recent acquisition of SecurionPay, which is now integrated under the Shift4 brand. The site targets developers and merchants, offering APIs, documentation, and support for online payment processing. Technically, the site is built on modern frameworks such as Next.js and uses Cloudflare for CDN and security, ensuring good performance and security posture. The security setup is robust with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response information are not published on this subdomain. Privacy compliance is moderate, with a privacy policy linked from the main domain but no cookie consent mechanism on this site. Overall, the site is professional, trustworthy, and well-maintained, reflecting the strong market position of Shift4 in the payment processing industry.

G

Donor Advised Fund Payment Option | Chariot

givechariot.com

52

The website www.givechariot.com is an active Wix-hosted site with basic business presence but lacks detailed business, compliance, and contact information. The absence of WHOIS registration data raises concerns about domain legitimacy and transparency. Technically, the site uses standard Wix technologies and includes third-party marketing and analytics tools such as Hotjar and Apollo.io, indicating some level of digital maturity. However, the lack of visible privacy policies, cookie consent mechanisms, and security headers suggests a weak security posture and poor privacy compliance. Overall, the site appears to be a small-scale business or project with limited online presence and trust indicators.

D

demch.co

demch.co

51

demch.co is a Ukrainian-based web development company specializing in creating websites and digital services for non-profit organizations and social change initiatives. With over 12 years of experience and more than 300 projects completed, the company positions itself as a trusted partner for NGOs, government agencies, and international organizations. Their key services include full-cycle website development, consulting, technical support, branding, design, and animation. The website is professionally designed, mobile-optimized, and provides clear contact information, enhancing user trust and engagement. Technically, the site employs modern web technologies such as HTML5, CSS3, JavaScript, and popular libraries like jQuery, TweenMax, and AOS for animations. Google Analytics and Google Tag Manager are used for tracking, indicating a moderate level of user data collection. Hosting appears to be managed via NameCheap with custom DNS servers. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, the site uses HTTPS and has domain transfer protections in place. However, it lacks DNSSEC and visible security headers, which are recommended to enhance security posture. No privacy, cookie, or terms of service policies are present, representing compliance gaps especially under GDPR. No incident response or vulnerability disclosure information is provided. Overall, the website is safe, professional, and trustworthy with a strong focus on serving the non-profit sector. Strategic improvements in privacy compliance and security hardening would further strengthen its position and reduce risk.

L

Liikenne- ja viestintävirasto Traficom

matka.fi

75

Liikenne- ja viestintävirasto Traficom operates the Matka.fi service, an official Finnish government platform providing comprehensive door-to-door route planning that integrates multiple transportation modes. The website serves the general public and travelers within Finland, offering detailed route and schedule information to facilitate efficient travel planning. As a government entity, Traficom holds a strong market position as the authoritative source for transportation information in Finland. Technically, the website employs modern web technologies including React and Apollo GraphQL, ensuring a responsive and accessible user experience across devices. The site demonstrates good SEO practices and integrates privacy-conscious analytics via Matomo. Mobile optimization and accessibility features are well implemented, supporting broad user inclusivity. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and publicly available security policies or incident response information. No vulnerabilities or suspicious content were detected, indicating a solid security posture appropriate for a government service. Overall, the website is professional, trustworthy, and compliant with GDPR and cookie consent requirements. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and adding vulnerability disclosure mechanisms to further strengthen trust and security maturity.

F

Fintraffic

digitraffic.fi

56

Digitraffic is a Finnish public service platform operated by Fintraffic that provides real-time open data and APIs for road, railway, and marine traffic in Finland. It serves developers, transport operators, and public sector entities by offering comprehensive traffic data sourced from Fintraffic's own data collection systems. The website is professionally designed with consistent branding and clear navigation, supporting both Finnish and English languages. Technically, the site uses modern JavaScript frameworks and includes privacy-compliant cookie consent mechanisms. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Overall, Digitraffic presents a trustworthy and reliable service for open traffic data in Finland.

P

Paikkatietoikkuna

paikkatietoikkuna.fi

55

Paikkatietoikkuna is a Finnish national spatial data portal providing access to spatial datasets and services, aimed at facilitating the use of geographic information. The portal serves a general audience including government entities, researchers, and the public interested in geographic data. It holds a strong market position as the official national geoportal for Finland, offering key services such as spatial data presentation and related services. The website is multilingual, supporting Finnish, Swedish, and English, enhancing accessibility for diverse users. Technically, the website employs modern web technologies including the Ant Design UI framework and the Oskari mapping platform, indicating a mature digital infrastructure. The site is served over HTTPS, ensuring secure communication, and demonstrates moderate performance and good mobile optimization. However, some accessibility and SEO features could be improved to enhance user experience further. From a security perspective, the site uses HTTPS and shows no immediate vulnerabilities or exposed sensitive data. However, explicit security headers and policies such as privacy, cookie, and incident response are absent, which are important for compliance and user trust. The WHOIS data confirms the domain's legitimacy and consistency with the Finnish government affiliation. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security policy disclosures to improve user confidence and regulatory adherence.

E

ELY-keskusten sekä TE-toimistojen kehittämis- ja hallintokeskus (KEHA-keskus)

tyomarkkinatori.fi

73

Työmarkkinatori is a Finnish government-operated platform established in 2016, serving as a meeting place for jobs and job seekers. It is managed by the ELY Centres and TE Offices development and administration center (KEHA-keskus), reflecting its official government status. The platform targets individual customers in Finland, providing employment services and labor market information. The website is professionally designed with good content quality and consistent branding, supporting its role as a trusted government service. Technically, the website uses modern JavaScript technologies, including React components and Cookiebot for cookie consent management. Matomo analytics is employed for user tracking with consent mechanisms in place, indicating a moderate level of digital maturity. Hosting and domain registration are managed by Finnish government ICT services, ensuring reliable infrastructure. Mobile optimization and accessibility are rated good, though SEO optimization is basic. From a security perspective, the site uses HTTPS and cookie consent with blocking mode, but lacks visible security headers and published security policies or incident response contacts. No vulnerabilities or suspicious patterns were detected in the provided data. Privacy compliance is partial due to the absence of a clear privacy policy and terms of service pages. Overall, Työmarkkinatori presents a high legitimacy and trustworthiness profile as a government service platform. Strategic recommendations include publishing comprehensive privacy and terms of service policies, enhancing security headers, and improving privacy compliance documentation to strengthen user trust and regulatory adherence.

I

Istria Tourist Board

istra.hr

54

The website www.istra.hr serves as the official tourist website for the Istria Tourist Board, promoting the Istria region in Croatia. It provides comprehensive tourism information including accommodation, events, heritage, and nature activities targeting tourists and visitors interested in the Mediterranean region. The business operates as a regional tourism board with a medium-sized presence and has been established since 2012, consistent with the domain registration data. The website demonstrates a good level of digital maturity with modern web technologies, accessibility features, and SEO optimization. It uses a Laravel-based CMS inferred from session cookies and integrates multiple third-party services such as Facebook SDK, Google Tag Manager, Cookiebot for cookie consent, and MailerLite for marketing automation. Security posture is solid with HTTPS enforced and a detailed cookie consent mechanism, although explicit security headers could be more visible. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed through Cookiebot's consent management and links to a comprehensive privacy policy. However, no explicit terms of service or security policy pages were found. Overall, the website is professional, trustworthy, and well-aligned with its business purpose.

L

Le Gouvernement du Grand-Duché de Luxembourg

citoyens.lu

56

Guichet.lu is the official government portal of Luxembourg dedicated to providing citizens with easy access to a wide range of administrative information and services. The website covers numerous thematic areas including financial aids, citizenship, family and education, taxation, immigration, inclusion, justice, housing, leisure, health, transport, and work. It serves as a comprehensive digital gateway for residents and citizens to interact with government services efficiently. Technically, the site is built on Adobe Experience Manager, a robust enterprise CMS platform, and employs modern web technologies including SVG icons and JavaScript for enhanced user experience. The site demonstrates good mobile optimization, accessibility features, and SEO practices, ensuring broad usability and reach. From a security perspective, the website enforces HTTPS, includes security headers, and implements cookie consent mechanisms aligned with GDPR requirements. However, explicit security policies and incident response information are not publicly detailed, which could be improved to enhance transparency and trust. Overall, Guichet.lu presents a professional, trustworthy, and user-friendly platform that effectively supports the Luxembourg government's digital service delivery to its citizens. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and providing direct security contact channels to further strengthen its security posture and user trust.

G

GOVCERT.LU

govcert.lu

71

GOVCERT.LU serves as the official Computer Security Incident Response Team (CSIRT) for the Government of Luxembourg, providing centralized cybersecurity incident management and response services for government and critical infrastructure operators. The website offers comprehensive information on incident reporting, security advisories, and contact channels, positioning GOVCERT.LU as a trusted national cybersecurity authority. Technically, the site is built using the Hugo static site generator, delivering fast performance, mobile optimization, and accessible design. Security posture is strong with HTTPS enforced and secure communication channels, though improvements are needed in security headers and formal vulnerability disclosure policies. Overall, the site demonstrates a professional and trustworthy presence aligned with government standards.

A

Association d'assurance accident

aaa.lu

57

The Association d'assurance accident (AAA) website serves as the official online presence for the Luxembourg governmental accident insurance association. It provides comprehensive information on accident insurance, workplace safety, indemnifications, and related public services. The site targets residents, workers, and employers in Luxembourg, offering resources, contact points, and regulatory information. The organization holds ISO9001:2015 certification, reinforcing its commitment to quality and trustworthiness. Technically, the website is built on Adobe Experience Manager CMS, leveraging modern web technologies including RequireJS and Adobe Dynamic Tag Manager for analytics and marketing. The site is well-structured, mobile-optimized, and accessible, with clear navigation and professional design. Cookie consent and privacy policies are implemented in compliance with GDPR. Security posture is moderate with HTTPS usage inferred, but no explicit security headers were detected in the provided data. No vulnerabilities or exposed sensitive data were found. The absence of WHOIS data limits domain registration trust analysis, but the domain's public.lu TLD and content strongly indicate an official government entity. Overall, the website is a reliable and professional government resource with good content quality and privacy compliance. Recommendations include enhancing security headers, publishing explicit security policies, and improving WHOIS data transparency where possible.

L

Le Gouvernement du Grand-Duché du Luxembourg

accessibilite.lu

54

The website accessibilite.lu is an official government portal of Luxembourg dedicated to providing information on accessibility across digital platforms, infrastructure, and products/services. It serves as a public service resource aimed at residents and stakeholders interested in accessibility issues within Luxembourg. The site is branded consistently with Luxembourg government identity and offers navigation in French with an option for German. Technically, the site uses standard HTML5, CSS, and JavaScript, including Adobe Launch for analytics, indicating a moderate level of digital maturity. The site is mobile optimized and accessible, though content quality is basic with limited depth on the landing page. Security posture is adequate with HTTPS implied, but lacks visible security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. No contact or incident response information is provided, limiting user engagement and trust channels. Overall, the domain registration and DNS configuration align with official Luxembourg government infrastructure, confirming legitimacy and trustworthiness. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance the site's security and user trust.

M

Ministère de la Digitalisation - Le gouvernement luxembourgeois

luxchat4gov.lu

60

Luxchat4Gov is a secure, government-provided instant messaging platform designed specifically for the Luxembourg public sector. Operated by the Ministry of Digitalisation, it leverages the open-source Matrix protocol to ensure end-to-end encrypted communications hosted within Luxembourg data centers. The service is free of charge, ad-free, and respects user privacy, positioning itself as a trusted communication tool for government agents and employees. The website reflects a professional government portal with clear navigation, multilingual support, and official branding. Technically, the site is built on Adobe Experience Manager, uses modern JavaScript libraries, and integrates Adobe Dynamic Tag Management for analytics and tag control. The platform is mobile-optimized and accessible, with a cookie consent mechanism aligned with GDPR requirements. Security practices include HTTPS enforcement and encrypted messaging, though explicit security headers and incident response information are not publicly detailed. The security posture is strong given the encryption and hosting policies, but could be enhanced by publishing security policies and vulnerability disclosure programs. The absence of WHOIS data is likely due to the domain being a subdomain of the official Luxembourg government domain, which supports legitimacy despite missing registrar details. Overall, Luxchat4Gov presents a mature, secure, and privacy-conscious communication platform for government use, with a well-structured website that supports its mission and user base effectively.

H

Hugsmiðjan

hugsmidjan.is

56

Hugsmiðjan is a professional Icelandic digital agency specializing in designing and developing user-friendly, visually appealing, and results-driven web solutions. The company targets businesses and organizations seeking comprehensive digital services including strategy, design, development, marketing, and hosting. Their market position is supported by a portfolio of notable projects and a consistent brand presence. Technically, the website is built on modern frameworks such as Next.js and React, with good performance and mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security headers and privacy policies are lacking. Overall, the site is trustworthy and professional but would benefit from enhanced privacy compliance and domain registration transparency.

S

Simple Bytes

simplebytes.at

51

Simple Bytes is a small Austrian technology company specializing in modern, customized web design and app development for web, iOS, and macOS platforms. The company offers a range of services including web design, CMS integration, webshop solutions, domain registration, hosting, email and productivity service setup, app development, and ongoing support. Their market position is that of a specialized local service provider with a professional and client-focused approach, supported by client testimonials and references. Technically, the website employs a modern technology stack including Craft CMS, React, Vue.js, SvelteKit, and backend technologies like PHP Yii2 and Elixir Phoenix, indicating a mature digital infrastructure. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is good with HTTPS enforced and SSL certificates in use, but lacks some advanced security headers and explicit privacy and cookie policies, which are compliance gaps. WHOIS data is unavailable, which slightly reduces domain trustworthiness, but the website content and references support legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security transparency.

M

Median

hellomedian.com

65

Median is a technology company specializing in cobrowsing and screen sharing software designed to enhance customer support experiences. Their platform enables real-time screen sharing, audio, and video communication without requiring downloads or installs, integrating seamlessly with popular chat and support tools. The company positions itself as a leading solution with a significant user base and global reach. Technically, the website is built on modern web technologies including Webflow CMS and integrates multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and ProfitWell. The site is well optimized for performance and mobile devices, offering a professional user experience. Security posture is solid with HTTPS enforced and bot protection via Cloudflare Turnstile, though explicit security headers and incident response information are lacking. Privacy compliance is minimal with no visible privacy or cookie policies, which is a notable gap. WHOIS data is unavailable, raising some concerns about domain registration transparency, but the professional site and client testimonials support legitimacy. Overall, the site is functional and professional but would benefit from enhanced privacy disclosures and security transparency.

OA.Works is a US-based non-profit organization dedicated to developing free and open source tools that facilitate open access to academic research. Their portfolio includes products such as ShareYourPaper, InstantILL, OAbutton, and OA.Report, which serve researchers, libraries, and funders by simplifying open access deposit, interlibrary loans, paywall bypassing, and policy compliance reporting. The organization maintains strong partnerships with reputable institutions including the Gates Foundation and IFLA, enhancing its credibility and market position within the open access community. Technically, the website employs modern web technologies, is mobile-optimized, and hosted via Cloudflare, ensuring good performance and accessibility. Security posture is solid with HTTPS enforced and domain registration protections, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is well addressed with comprehensive policies and GDPR considerations. Overall, OA.Works presents a professional, trustworthy, and mission-driven digital presence with a strong focus on community and open access advocacy.

L

Lokálny trh

lokalnytrh.sk

56

Lokálny trh is an established Slovak online platform founded in 2014 that maps and catalogs local food and beverage producers, providing consumers with an interactive map and search tools to discover regional producers. The platform also supports producers, retailers, and event organizers by offering free online profiles and promotional tools. The website demonstrates a good level of digital maturity with modern technologies such as Algolia search, Google Analytics, Facebook SDK, and responsive design. Security posture is solid with HTTPS, DNSSEC, and cookie consent mechanisms, though explicit security policies and vulnerability disclosures are absent. Overall, the platform serves a niche retail market in Slovakia with a focus on local and regional products, maintaining a trustworthy and professional online presence.

M

Mastodon Mulchers| Forestry Mulching Attachments | United States

mastodon.com

51

The website at www.mastodon.com appears to be a minimal placeholder or parked page hosted on the Wix platform, with no substantive content, business information, or contact details. The WHOIS lookup failed to return any registration data, indicating the domain may not be registered or the data is intentionally blocked. The site uses Wix's Thunderbolt framework and includes Google Tag Manager scripts but lacks privacy policies, cookie consent mechanisms, or terms of service. No forms or user data collection points are present. Security posture is weak due to absence of HTTPS confirmation and security headers. Overall, the site lacks credibility and trust indicators, suggesting it is not an active business website.

M

mastodon.de

mastodon.de

52

mastodon.de is an independent Mastodon server targeting the DACH region (Germany, Austria, Switzerland) and open to all users. It provides a federated social networking platform allowing users to participate in the fediverse with features such as user profiles, content exploration, and social posting. The website is well-branded and consistent with the Mastodon ecosystem, offering a good user experience with mobile optimization and clear navigation. Technically, it leverages the Mastodon open-source software (glitch-soc fork) with modern web technologies including React and Webpack, served over HTTPS with script integrity checks, indicating a mature digital infrastructure. Security posture is solid with HTTPS and no exposed sensitive data, though it lacks some advanced security headers and explicit incident response contacts. Privacy compliance is good with a comprehensive privacy policy, but cookie consent mechanisms and terms of service are not clearly presented. Overall, the site is safe, professional, and trustworthy, serving a general audience interested in decentralized social networking.

A

Associazione Aeronautica

assoaeronautica.it

50

Associazione Aeronautica is an Italian aeronautical association focused on serving professionals and stakeholders in the aviation and transportation sector. The website is built on the Wix platform, indicating a moderate level of digital maturity with basic content and design. The technical infrastructure relies on Wix's Thunderbolt framework and standard web technologies. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and policies. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the site presents a basic but functional online presence for the association.

T

Teatro La Fenice

teatrolafenice.it

59

Teatro La Fenice di Venezia is a renowned cultural institution offering theatrical performances and cultural events. The website serves as an official portal providing information and ticketing services to a general audience interested in the arts and theatre. The business model focuses on cultural hospitality and event management within Italy. Technically, the site is built on WordPress, leveraging modern JavaScript libraries and third-party integrations such as YouTube and Cookiebot for enhanced user experience and compliance. The site demonstrates good SEO practices and mobile optimization, although accessibility could be improved. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, but lacks explicit security policies and vulnerability disclosure channels. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy and trustworthiness.

Sencor is a consumer electronics and household appliances brand offering a wide range of products including televisions, audio-video equipment, kitchen appliances, and health and beauty devices. The company targets consumers seeking quality and design in everyday electronics and home appliances. The website is professionally designed with clear navigation and a comprehensive product catalog, supporting a medium-sized retail business model primarily focused on the Czech Republic and surrounding European markets. Technically, the site uses modern JavaScript libraries, Google Tag Manager for analytics, and appears to be built on Joomla CMS. The site is mobile optimized and SEO friendly but lacks visible privacy and cookie policies, which is a compliance gap. Security posture is good with HTTPS enabled but could be improved with additional security headers and incident response information. WHOIS data is incomplete or privacy protected, which slightly reduces trust but does not negate the legitimacy of the active and content-rich website.

The website www.drmaxlekynapredpis.cz is a Czech-language e-commerce platform focused on providing prescription medicines through an electronic prescription (eRecept) service. It targets Czech customers seeking convenient access to prescription drugs online. The site demonstrates a moderate level of digital maturity, utilizing common analytics tools such as Microsoft Clarity and Google Tag Manager, along with a cookie consent mechanism via Cookiebot. However, the absence of WHOIS registration data and lack of explicit privacy and terms of service policies reduce its overall trustworthiness. Security posture is limited, with no detected security headers and unknown SSL configuration, suggesting room for improvement in protecting user data and ensuring compliance. Overall, the site is functional and professionally designed but requires enhancements in transparency and security to improve credibility and compliance.

R

Rieker Holding AG

remonte.us

62

Remonte Shoes operates as an e-commerce retailer specializing in footwear products, leveraging the Shopify platform for its online presence. The website is professionally designed with a focus on user experience and mobile optimization, targeting general consumers interested in shoes. The technical infrastructure is modern, utilizing Shopify's modular theme, Cloudflare DNS, and various third-party marketing and analytics tools. Security posture is adequate with HTTPS enabled and domain transfer protections in place; however, there is room for improvement in DNS security and HTTP security headers. Privacy and compliance documentation are notably absent or not easily discoverable, which may pose risks in regulatory adherence. Overall, the domain registration data aligns well with the business identity, supporting legitimacy. Strategic enhancements in privacy transparency and security hardening are recommended to bolster trust and compliance.

R

Rieker UK

rieker.co.uk

66

Rieker UK operates a professional e-commerce platform specializing in men's and women's footwear, offering a variety of shoes, boots, and accessories primarily targeting independent retailers in Europe. The website demonstrates a solid market position as an established footwear brand with a consistent and professional online presence. Technically, the site employs modern JavaScript libraries and analytics tools such as Google Analytics and Microsoft Clarity, ensuring moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and partial security headers present, though improvements are recommended to enhance protection. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms in place. Overall, the site is trustworthy and user-friendly, though the lack of accessible WHOIS data introduces some uncertainty regarding domain registration legitimacy.

R

Rieker

rieker-eshop.sk

63

Rieker-eshop.sk is a specialized e-commerce platform offering the largest selection of Rieker footwear in Slovakia. The website targets Slovak consumers seeking quality and comfortable shoes, providing a broad range of styles for both women and men. The business model focuses on direct online retail with value-added services such as free shipping, free returns, and seasonal promotions. The site holds a strong market position as a leading Rieker footwear retailer in the region, supported by multiple ShopRoku awards indicating customer trust and quality service. Technically, the website employs a modern JavaScript stack with integrations for analytics and advertising, including Google Analytics, Facebook Pixel, Bing Ads, and Criteo retargeting. The platform is built on the ineShop CMS, optimized for desktop and mobile users with good SEO and accessibility practices. Security posture is strong with HTTPS enforced and appropriate security headers, although no explicit security policy or incident response information is published. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website demonstrates a professional and trustworthy online retail presence with room for improvement in explicit contact information and security transparency.

R

Rieker

rieker-eshop.cz

61

Rieker-eshop.cz is a well-established e-commerce platform specializing in the sale of Rieker footwear and related accessories in the Czech Republic. The website positions itself as the largest Rieker footwear seller in the country, supported by 35 physical stores and a strong online presence. It offers a wide range of products for both women and men, emphasizing comfort, style, and quality. The site includes customer trust signals such as ShopRoku awards and a high recommendation rate on Heureka.cz, enhancing its credibility. Technically, the website employs a modern tech stack including Google Tag Manager, Google Analytics, Facebook Pixel, and other marketing and tracking tools, integrated with a custom CMS platform (ineShop). The site is mobile-optimized, has good SEO practices, and provides a user-friendly shopping experience with clear navigation and product presentation. Security-wise, HTTPS is enforced, and cookie consent mechanisms are implemented, though some security headers could be improved. The security posture is solid with no detected vulnerabilities or blocking mechanisms, and privacy compliance is well addressed with clear privacy and cookie policies. However, the WHOIS data is unavailable, which limits the ability to fully verify domain registration legitimacy. Despite this, the website's content, branding, and trust indicators strongly suggest a legitimate and professional business. Overall, Rieker-eshop.cz demonstrates a mature digital presence with strong business credibility, good technical implementation, and a secure environment for customers. Continued improvements in security headers and transparency in domain registration would further enhance trust and compliance.

W

Waldhart Software

skischool.shop

48

Waldhart Software operates a specialized online platform providing e-commerce and booking solutions tailored for ski schools and snow sports schools primarily in Alpine regions. The website serves as a reference showcase for nearly 300 live client online shops, demonstrating a strong market presence in the niche retail sector for winter sports education and services. The business model focuses on B2B SaaS offerings, enabling ski schools to manage online bookings and sales effectively. Technically, the website employs modern JavaScript frameworks, likely Vue.js with the Quasar UI framework, and integrates Google Maps APIs for location services. Hosting is managed via profiwebspace.at, with domain registration through InterNetX GmbH in Austria. The site is served over HTTPS, ensuring encrypted communications, but lacks DNSSEC and security headers, which are recommended for enhanced security. Security posture is moderate; while HTTPS and domain transfer protections are in place, the absence of security headers and privacy/cookie policies indicates room for improvement in compliance and security best practices. No forms or contact details were found in the analyzed content, limiting direct user engagement and incident response capabilities. Overall, the website is professional and well-structured, targeting ski schools and related businesses with a clear value proposition. However, to strengthen trust and compliance, the addition of privacy and cookie policies, security headers, and clear contact information is advised.

Y

YouTube / Google

brandhunters.cz

72

This website is a consent management interface for YouTube, a service owned by Google LLC. It is designed to handle user consent for cookies and data processing, particularly targeting users in Germany as indicated by the 'gl=DE' parameter. The page is part of the broader YouTube and Google ecosystem, reflecting a mature and enterprise-level digital infrastructure. The business model revolves around advertising and content delivery, with user data consent as a critical compliance component. Technically, the site employs modern JavaScript frameworks and Google-hosted services, ensuring fast performance and good mobile optimization. Security is robust, with HTTPS enforced and multiple security headers present, reflecting Google's high standards. However, explicit privacy and cookie policy links are not present on this specific page, likely centralized on main domains. Overall, the site is trustworthy, secure, and professionally maintained, with no indications of adult or unsafe content.