Security Directory

M

Masarykova univerzita

svod.cz

50

The SVOD portal is an academic and governmental platform providing epidemiological data and analyses on cancer incidence and related statistics in the Czech Republic. It is developed in collaboration with Masaryk University, the Czech oncological society, and national health institutions, positioning it as an authoritative source for healthcare professionals and researchers. The portal offers interactive analyses, reports, and open data access, supporting public health monitoring and research. Technically, the website employs modern web technologies including JavaScript, CSS frameworks like Foundation, and integrates Google Analytics for user tracking. The site is mobile-optimized, accessible, and SEO-friendly, with a professional design and clear navigation. However, some technical improvements such as enhanced security headers and explicit privacy documentation are recommended. From a security perspective, the site uses HTTPS and a cookie consent mechanism, but lacks visible security headers and formal incident response contacts. The absence of WHOIS data reduces domain trustworthiness, though the institutional backing and content quality mitigate concerns. No vulnerabilities or sensitive data exposures were detected. Overall, the portal is a reliable and professional resource with moderate technical maturity and a good security posture. Strategic improvements in privacy compliance and security best practices would enhance trust and resilience.

Č

Česká advokátní komora

cak.cz

55

Česká advokátní komora is the self-governing professional organization representing all lawyers in the Czech Republic. It is the largest legal professional body in the country, responsible for public administration in the field of advocacy. The website provides a comprehensive directory of lawyers and trainees, legal news, educational and social events, and public legal information. The target audience includes legal professionals and the general public seeking legal assistance or information. Technically, the website uses modern JavaScript frameworks, Google Tag Manager for analytics, and Cookiebot for cookie consent management. The site is mobile-optimized with good navigation and professional design. Security posture is strong with HTTPS and cookie consent but lacks explicit security headers and published security policies. WHOIS data is unavailable, which limits domain trust assessment, but the website's professional appearance and content support its legitimacy. Overall, the site is a credible government-related legal portal with room for improvement in privacy and security disclosures.

J

Jeseníky Sdružení cestovního ruchu

jeseniky-rodina.cz

44

Jeseníky.cz is a well-established regional tourism portal dedicated to the Jeseníky mountain region in the Czech Republic. Founded in 1998, it serves as an authoritative source of information for tourists, providing comprehensive details on tourist destinations, accommodation, dining, events, and recreational activities. The site is operated by Jeseníky Sdružení cestovního ruchu, a recognized tourism association, and features partnerships with multiple regional and national tourism organizations. The platform targets visitors interested in outdoor activities, cultural events, and wellness experiences in the Jeseníky area. Technically, the website employs a custom CMS called Noteo Engine, utilizes modern web technologies including HTML5, CSS, JavaScript, jQuery, and integrates third-party services such as Google Analytics and YouTube embeds. The site is hosted under a reputable registrar (REG-ZONER) with a domain age dating back to 1998, indicating a mature online presence. Mobile optimization and SEO practices are implemented at a good level, though accessibility features are basic. From a security perspective, the site uses HTTPS and has implemented cookie consent mechanisms, but lacks visible advanced security headers and a dedicated security or privacy policy page. No critical vulnerabilities or WAF blocking were detected. Contact information is clearly provided, enhancing trustworthiness. The site does not contain any adult or questionable content, making it safe for general audiences. Overall, Jeseniky.cz demonstrates a solid business and technical foundation with room for improvement in security best practices and privacy compliance. Strategic enhancements in these areas would further strengthen its position as a trusted regional tourism resource.

J

Jasyko s.r.o.

jasyko.cz

40

Jasyko s.r.o. is a Czech Republic-based company specializing in high-end audiovisual and smart home technology solutions for both domestic and professional markets. Established in 1998, the company offers a range of services including HI-FI equipment sales and smart home system integration, supported by physical showrooms in Brno and Prague. The website reflects a niche market position with a focus on quality and recognized brand partnerships. Technically, the website employs a custom or unknown CMS with technologies such as jQuery 3.1.1 and WOWSlider, hosted by Active24. While the site is accessible and professionally designed, it shows room for improvement in mobile optimization, accessibility, and SEO. Security posture is moderate with HTTPS usage and cookie consent implemented, but lacks explicit security headers and uses an outdated JavaScript library, which could pose risks. Privacy compliance is weak due to the absence of a privacy policy and terms of service. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness.

K

Klinická onkologie

e-onkologie.cz

43

The website e-onkologie.cz serves as an educational portal dedicated to oncology professionals, providing access to the official journal 'Klinická onkologie' and related oncology educational resources. It is affiliated with recognized Czech medical societies (ČLS JEP and SLS) and features partnerships with major pharmaceutical companies, indicating a specialized niche focus in healthcare education. The business model centers on delivering oncology knowledge and journal content to medical professionals in the Czech Republic, positioning itself as a trusted resource within this sector. Technically, the site is built with basic HTML and CSS, incorporating Google Analytics for user tracking. The editorial system is hosted externally via Carecomm. The site lacks modern web frameworks and advanced technical features but maintains moderate performance and basic mobile optimization. SEO and accessibility are present at a basic level, with room for improvement. From a security perspective, the site does not display advanced security headers or policies, and no privacy or cookie policies are published, which impacts compliance with GDPR and best practices. No forms or sensitive data collection are present on the homepage, reducing immediate risk. The domain registration is consistent and legitimate, with no privacy protection, supporting trustworthiness. However, the absence of contact information and security disclosures limits transparency. Overall, the website is a functional, niche educational platform with moderate technical maturity and basic security posture. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and regulatory adherence.

C

Care Comm

carecomm.cz

59

Care Comm is a small Czech healthcare service provider specializing in publishing professional medical journals, website development, and organizing medical congresses. The company targets healthcare professionals and organizations within the Czech Republic. The website is built on the Wix platform, leveraging Wix Thunderbolt framework and standard web technologies such as JavaScript, CSS, and HTML5. The site demonstrates good design quality and mobile optimization but lacks advanced accessibility and SEO features. Security posture is weak due to absence of security headers and no visible privacy or cookie policies. WHOIS data is unavailable, limiting trust assessment. Overall, the website is functional and professional but requires improvements in security and compliance to enhance trustworthiness.

AMCA, spol. s r. o. operates the website cslr.cz, serving as the online presence for the Czech Society for Wound Healing (ČSLR). The organization focuses on providing professional resources, organizing congresses, and offering educational courses related to wound care. The website targets healthcare professionals and members of the wound care community primarily in the Czech Republic. The business model is that of a professional society supported by memberships, events, and partnerships. The domain has been active since 2003, indicating a well-established presence in the healthcare sector. Technically, the website employs modern web technologies including JavaScript frameworks, Google Tag Manager for analytics, and cookie consent mechanisms compliant with GDPR. The site is mobile optimized and uses structured data (JSON-LD) to enhance search engine understanding. Performance is moderate with good SEO and accessibility basics, though some improvements could be made in accessibility and security policy disclosures. From a security perspective, the site uses HTTPS with no visible vulnerabilities or exposed sensitive data. Cookie consent is implemented properly, but there is no explicit security policy or incident response information published. The WHOIS data is consistent with the website content and business claims, supporting legitimacy. No WAF or blocking mechanisms were detected, and the site is fully accessible. Overall, the website presents a professional and trustworthy image with good content quality and technical implementation. Recommendations include publishing a security policy, adding incident response contacts, and improving accessibility features to enhance compliance and user experience further.

W

Whow Games GmbH

merkur24.com

69

Merkur24 is a social casino gaming platform operated by Whow Games GmbH, offering free-to-play casino games such as slots, blackjack, and roulette. The platform targets adult users across multiple European languages and markets, emphasizing entertainment without real money gambling. The website demonstrates a solid technical infrastructure with modern web technologies, fast performance, and mobile optimization. Privacy compliance is robust, featuring a comprehensive privacy policy and cookie consent mechanisms aligned with GDPR standards. Security posture is good with HTTPS enforcement and secure login forms, though explicit security policies and incident response details are absent. The absence of WHOIS data for the domain introduces some uncertainty regarding domain registration legitimacy, but overall business credibility is supported by consistent branding and privacy practices.

W

WWK Lebensversicherung a. G.

wwkarena.com

65

WWK Lebensversicherung a. G. operates the WWK ARENA official website, providing comprehensive information about the stadium in Augsburg, Germany. The site serves fans and visitors with details on ticketing, hospitality, sustainability, and visitor services, positioning itself as a key digital touchpoint for the stadium experience. The business model focuses on information dissemination and enhancing visitor engagement, supported by strong branding aligned with the parent insurance company WWK. Technically, the website employs modern web technologies including JavaScript, CSS, and integrates third-party services like YouTube and eTracker analytics, with a cookie consent mechanism ensuring GDPR compliance. Accessibility is enhanced by tools such as Eye-Able, reflecting a commitment to inclusive design. Security posture is solid with HTTPS enforced and no evident vulnerabilities, though improvements like enabling DNSSEC and adding security headers are recommended. Overall, the website is professional, trustworthy, and well-structured, supporting the business's digital presence effectively.

A

Agentura Osma a.s.

nutrivino.cz

51

Nutrivino.cz is a specialized digital platform launched in 2023 by Agentura Osma a.s. to assist wine producers in the Czech Republic with compliance to new EU legislation requiring detailed nutritional and ingredient labeling on wine products. The platform offers QR code management, label design integration, and online presentation of mandatory information, targeting wine producers and distributors. The website is professionally designed using modern web technologies like Bootstrap and provides clear contact information for sales and technical support. However, it lacks privacy and cookie policies, which are critical for GDPR compliance. Security posture is moderate with HTTPS implied but no visible security headers or incident response contacts. Overall, the domain registration aligns well with the business claims, indicating legitimacy.

Virgin Media operates a dedicated abuse reporting portal at netreport.virginmedia.com, providing a structured form for reporting internet security issues related to their IP addresses and accounts. The site is clearly branded and targets users needing to report abuse, phishing, or security threats. The business is a major UK telecommunications provider with a large customer base. The portal supports reporting various abuse types and provides guidance on child abuse image reporting via the Internet Watch Foundation. The site content is professional but basic, focusing on functionality over design. Technically, the site uses standard HTML, CSS, and JavaScript with no advanced frameworks or CMS detected. The performance and mobile optimization are basic, with no visible analytics or tracking scripts. Security posture is moderate but could be improved; no HTTPS enforcement or security headers were detected in the provided content, and no privacy or cookie policies are linked. The form includes client-side validation and warnings about phishing and abuse reporting. Security-wise, the portal facilitates incident response by providing a contact email for phishing reports and options to report various abuse types. However, the absence of a published security policy or vulnerability disclosure document limits transparency. WHOIS data for the subdomain is unavailable, which is typical for subdomains, but the branding and content align with Virgin Media's official services, supporting legitimacy. Overall, the site is functional for its purpose but would benefit from enhanced security and privacy compliance measures.

H

HARTMANN

hartmanndirect.com

9

HARTMANN direct is a healthcare-focused business providing wound care, incontinence, disinfection, and surgical efficiency products globally through a network of distributors and country-specific websites. The company positions itself as a professional partner with a strong international presence. Technically, the website uses Cloudflare for CDN and security, employs basic JavaScript and CSS, and has moderate performance and mobile optimization. However, the site lacks comprehensive metadata, structured data, and visible privacy or cookie policies, which limits its compliance posture. Security-wise, HTTPS is enabled and Cloudflare provides protection, but the absence of security headers and incident response contacts indicates room for improvement. Overall, the website is functional but basic, with moderate trustworthiness and a need for enhanced privacy and security features.

I

Invoice123

invoice123.com

51

Invoice123 is a well-established SaaS platform specializing in online invoicing and accounting automation tailored for freelancers, self-employed individuals, and small to medium businesses. Founded in 2014 and operating primarily in the European market, it offers a comprehensive suite of services including invoice generation, VAT reporting, expense tracking, and integrations with popular e-commerce and accounting software. The platform emphasizes ease of use, cost-effectiveness, and continuous feature enhancements, supported by a strong user base of over 30,000 customers. Technically, Invoice123 leverages modern web technologies with a focus on performance, mobile responsiveness, and user experience. The site is hosted behind Cloudflare DNS services, uses Google Tag Manager for analytics, and integrates Crisp Chat for customer support. The website is well-structured with clear navigation, professional design, and SEO optimization, reflecting a mature digital presence. From a security perspective, the platform enforces HTTPS with SSL encryption and holds ISO 9001 certification, indicating adherence to quality management standards. However, there is room for improvement in DNS security (lack of DNSSEC) and implementation of security headers. Privacy compliance is generally good with a comprehensive privacy policy and terms of use, but lacks an explicit cookie consent mechanism. Contact information is transparent and readily available, enhancing trust. Overall, Invoice123 presents a low-risk profile with strong business credibility and technical maturity. Strategic improvements in security headers, DNSSEC, and privacy consent mechanisms would further strengthen its security posture and compliance standing.

P

Porta Medica s.r.o.

portamedica.cz

53

Porta Medica s.r.o. is a small healthcare consultancy based in Prague, Czech Republic, specializing in regulatory consulting for medical devices targeting the EU market. The company offers tailored solutions for manufacturers, distributors, hospitals, and IT startups to navigate complex regulatory environments. The website is professionally designed using the Wix platform, with good content quality and clear business focus. Technical infrastructure is modern and adequate for the business size, with Wix hosting and Thunderbolt framework. Security posture is generally good with HTTPS enforced and some security best practices observed, though lacking explicit security headers and incident response information. Privacy compliance is weak due to absence of visible privacy and cookie policies. Overall, the site appears trustworthy and legitimate, but could improve transparency and compliance documentation.

B

Balticum

balticum.tv

52

Balticum's website is a media streaming platform primarily targeting webOS TV users and browsers. The site uses modern web technologies such as Angular 14 and custom webOS APIs to deliver video content. However, the site lacks visible business contact information, privacy policies, and security headers, which limits trust and compliance. The absence of WHOIS data further reduces transparency. Technically, the site is functional but basic in design and optimization, with moderate performance and accessibility. Security posture is weak due to missing HTTPS confirmation and security headers. Overall, the site appears legitimate but would benefit from improved compliance and security measures.

The website metodickyweb.cz is an educational portal focused on providing teaching ideas and inspiration for integrating information technologies into education. It targets educators and educational professionals primarily in the Czech Republic. The platform offers methodical cards, user registration for enhanced interaction such as commenting and rating, and a catalog of educational content. The business appears to be a small-scale specialized educational service established around 2015, with consistent branding and a clear focus on its niche. Technically, the site uses a basic but functional technology stack including jQuery and Font Awesome, hosted by WEDOS, a Czech hosting provider. The site is moderately optimized for mobile and SEO, with a clean design and good user experience. However, there is room for improvement in accessibility and performance optimization. No advanced CMS or frameworks are detected. From a security perspective, the site lacks important security headers and uses GET methods for sensitive forms like login and registration, which is a security concern. There is no visible privacy or cookie policy, indicating compliance gaps with GDPR and related regulations. The absence of incident response contacts and vulnerability disclosure mechanisms further limits the security maturity. No WAF or blocking mechanisms are detected, and the domain registration data aligns well with the website content, supporting legitimacy. Overall, the website is functional and trustworthy for its educational purpose but requires enhancements in security practices and privacy compliance to improve its risk posture and user trust.

Vedle Tebe is a Czech website currently under construction, representing a home care alliance as indicated by the logo and minimal text content. The domain was registered in 2018 and is hosted on EuroVPS infrastructure, using WordPress with a maintenance plugin to display the under construction page. The website lacks substantive content, contact information, privacy policies, and security features, limiting its digital maturity and trustworthiness. No advanced technologies or analytics are detected, and no security headers or compliance indicators are present. Overall, the site is in an early development stage with minimal risk but also minimal business credibility and user engagement potential.

T

Taneční škola ASTRA Praha

astra-praha.cz

39

Taneční škola ASTRA Praha is a local dance school offering a wide range of dance courses and events targeting adults, youth, and children in Prague and surrounding areas. Their services include standard and Latin dance courses, competitive dance, summer dance schools, seminars, dance clubs, wedding dance lessons, and dance performances. The website is professionally designed with clear navigation and good content quality, supporting multiple dance-related offerings and event announcements. Technically, the website employs common web technologies including Google Analytics, Google Tag Manager, and Plausible Analytics for tracking, along with Google Fonts for typography. The site is mobile-optimized and uses HTTPS, though no explicit security headers were detected. The site lacks a cookie consent mechanism despite having a GDPR-compliant privacy policy, indicating partial privacy compliance. From a security perspective, the site shows no immediate vulnerabilities or exposed sensitive data. However, the absence of WHOIS data limits domain trust assessment, and no incident response or security policy information is provided. The site does not appear to be behind a WAF or security challenge, and content is fully accessible. Overall, the security posture is moderate but could be improved with better header configurations and privacy mechanisms. The overall risk is low given the nature of the business and content, but the lack of WHOIS transparency and cookie consent are notable gaps. Strategic recommendations include implementing security headers, adding cookie consent, publishing incident response contacts, and enhancing accessibility features to improve trust and compliance.

I

INFO-DRÁČEK z.s.

info-dracek.cz

54

INFO-DRÁČEK z.s. is a small non-profit organization based in the Czech Republic dedicated to fostering mutual understanding of different cultures, with a particular focus on Vietnamese and Asian cultural integration. The organization operates through cultural festivals, educational projects, and community events, targeting the general public interested in cultural exchange and minority communities. Their website reflects a professional and consistent brand presence, featuring event galleries, contact information, and social media links, primarily Facebook. The business model is centered on non-profit cultural activities without commercial e-commerce components. Technically, the website is built on the Webnode CMS platform and hosted via AWS Cloudfront CDN, utilizing modern web technologies such as JavaScript and CSS. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Performance is moderate, with proper HTTPS implementation ensuring secure communication. Google Tag Manager is used for analytics and tracking, indicating moderate user tracking levels. From a security perspective, the site employs HTTPS and some basic security headers but lacks advanced headers like Content-Security-Policy. No vulnerabilities or exposed sensitive data were detected. However, the absence of privacy and cookie policies represents a compliance gap, especially under GDPR regulations. The WHOIS data for the domain is unavailable, which limits the ability to verify domain legitimacy and registration details, posing a potential risk factor. Overall, the website is safe, professional, and serves its non-profit cultural mission effectively. Strategic improvements include adding comprehensive privacy and cookie policies, enhancing security headers, and publishing incident response or security policies to bolster trust and compliance. The lack of WHOIS data should be investigated to ensure domain registration transparency and legitimacy.

U

Український журнал. Час для...

ukrzurnal.eu

7

The website ukrzurnal.eu operates as an online cultural-political monthly magazine targeting the Ukrainian diaspora in Europe. It provides archived issues, subscription options, and information about projects and partners. The content is primarily in Ukrainian with additional language options, focusing on cultural and political topics relevant to Ukrainians living in Europe. The business model centers on digital publication and community engagement through social media integration. Technically, the site uses basic web technologies including HTML, CSS, JavaScript, Facebook SDK, and Google Analytics. The site lacks modern CMS indicators and advanced frameworks, suggesting a simple, possibly custom-built platform. Performance and mobile optimization are basic, with room for improvement in accessibility and SEO practices. From a security perspective, the site does not explicitly confirm HTTPS usage in the HTML base tag, and no security headers such as CSP or HSTS are detected. External scripts are loaded without integrity checks. Privacy and cookie policies are absent, indicating potential GDPR compliance gaps. No forms collecting sensitive data are present, reducing immediate risk exposure. The WHOIS data shows the domain is registered via a Czech registrar, consistent with the European focus but no direct registrant organization is disclosed. Overall, the website is functional and serves its niche audience but requires improvements in security posture, privacy compliance, and technical modernization to enhance trust and resilience against threats.

The Technical University of Košice (TUKE) is a well-established public university in Slovakia, offering a broad range of higher education and research programs in innovative technical fields. The website reflects a strong market position as a leading educational institution with a large student body and international collaborations, including Erasmus+ and the Ulysseus European University alliance. The digital presence is modern, leveraging Next.js and React technologies, with excellent mobile optimization and user experience. Security posture is robust with HTTPS, security headers, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional, trustworthy, and well-aligned with the university's mission and audience.

H

Hotel Troja, ubytování a restaurace v Praze 8 | hoteltroja.cz

hoteltroja.cz

54

Hotel Troja is a hospitality business located in Prague 8, offering hotel accommodation, restaurant services, conference room rentals, and event hosting including weddings. The website presents a professional and user-friendly interface with integrated booking systems from third-party providers. The business targets general audiences seeking lodging and dining in the Prague area. Technically, the site uses jQuery and custom JavaScript with CSS styling, managed via the adSYSTEM CMS platform. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is moderate with HTTPS usage but lacks visible security headers and explicit incident response policies. Privacy and cookie policies are present and GDPR compliant. WHOIS data is unavailable, which limits domain trust verification, but the website content and contact details appear legitimate. Overall, the site is functional and trustworthy for its business purpose.

T

Tourismus Marketing Gesellschaft Sachsen mbH

sachsen-angebote.de

52

Tourismus Marketing Gesellschaft Sachsen mbH operates the website www.sachsen-angebote.de to promote tourism offers and facilitate accommodation bookings in the Saxony region of Germany. The site targets tourists and travelers interested in exploring Saxony, providing curated travel packages and booking options. The business is positioned as a regional tourism marketing entity with a medium-sized operational scale. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including JavaScript, CSS, and accessibility tools such as Eye-Able. Hosting is provided by SchlundTech, a reputable provider. The site demonstrates good mobile optimization and basic SEO practices, with consent management implemented for GDPR compliance. From a security perspective, the site enforces HTTPS and integrates consent management, but lacks explicit security headers and a published security policy. No vulnerabilities or malicious content were detected. Privacy compliance is partial due to the absence of a visible privacy policy and terms of service. Contact information is available via a clearly labeled phone number and booking form. Overall, the website presents a professional and trustworthy front for regional tourism marketing, with moderate technical maturity and security posture. Strategic improvements in privacy policy publication, security header implementation, and incident response readiness would enhance compliance and trustworthiness.

The website www.priserkyvhlave.cz is an educational platform in Czech language focused on teaching about monsters through interactive games and resources, primarily targeting schools and children. It is a project supported and co-financed by the European Union and the Czech Ministry of Interior, indicating a non-commercial, public service nature. The site uses modern web technologies such as React and Next.js, providing a good user experience with responsive design and clear navigation. However, the site lacks visible privacy, cookie, and terms of service policies, and no contact information is provided, which limits transparency and user trust. From a technical perspective, the site is built on a modern JavaScript framework with client-side rendering and moderate performance. No analytics or tracking scripts were detected, suggesting minimal user tracking. Security posture is limited due to the absence of security headers and no visible SSL configuration details. The WHOIS data for the domain is unavailable, likely due to privacy protection or domain registration issues, which negatively impacts the trustworthiness assessment. Overall, the website is safe and suitable for general audiences, with no adult or explicit content detected. The lack of WHOIS transparency and privacy policies are the main concerns. Strategic recommendations include implementing comprehensive privacy and cookie policies, improving security headers, providing clear contact and incident response information, and verifying domain registration details to enhance trust and compliance.

V

Všeobecná zdravotní pojišťovna ČR

zdravakariera.cz

63

The website zdravakariera.cz serves as the official career portal for Všeobecná zdravotní pojišťovna ČR (VZP), the largest health insurance company in the Czech Republic. It provides detailed information about employment opportunities across various professional fields including healthcare, IT, law, marketing, and HR. The site emphasizes benefits, trainee programs, and inclusion initiatives for handicapped individuals, targeting job seekers, students, and graduates. The website is well-branded, consistent, and professionally designed, reflecting the stature of a major public institution. Technically, the site employs modern web technologies including Microsoft Azure hosting, Google Tag Manager, Microsoft Application Insights, and Facebook Pixel for analytics and marketing. It is mobile-optimized, accessible, and uses HTTPS with a cookie consent mechanism that complies with GDPR requirements. However, explicit security headers are not evident in the HTML source, and no direct contact or security incident response information is provided. From a security perspective, the site demonstrates good practices such as encrypted connections and privacy-aware analytics. The absence of WHOIS data is notable but likely due to registry policies or privacy protection rather than malicious intent. No vulnerabilities or exposed sensitive data were detected. Overall, the site presents a low-risk profile with strong business credibility. Strategically, the site could improve by publishing explicit security policies, incident response contacts, and implementing security.txt for vulnerability disclosure. Enhancing security headers would further strengthen its security posture. The site’s comprehensive privacy and cookie policies, combined with official social media presence, contribute to user trust and compliance.

F

Friedrich-Schiller-Universität Jena

uni-jena.de

63

Friedrich-Schiller-Universität Jena is a prominent German university focused on education, research, and community engagement. The institution offers a broad spectrum of academic programs and fosters interdisciplinary research under its key profiline themes "Light. Life. Liberty." The university serves approximately 17,000 students and 10,000 staff, positioning itself as a large, internationally connected academic entity. The website reflects this stature with rich content, professional design, and clear navigation tailored to students, researchers, and international audiences. Technically, the website employs modern web standards including HTML5, CSS, and JavaScript, with accessibility features such as ReadSpeaker integration. Hosting appears to be managed by DFN, a German research network, which aligns with the academic nature of the institution. Performance and mobile optimization are good, though no explicit CMS or frameworks were detected. SEO and accessibility are well addressed. From a security perspective, the site uses HTTPS with strong SSL configuration and deferred script loading. However, it lacks visible security headers and does not publish a security policy or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is limited, with no explicit privacy or cookie policies found in the analyzed content, which is a notable gap. Overall, the website is trustworthy, professional, and content-rich, but could improve in privacy transparency and security policy disclosures. Strategic recommendations include implementing security headers, publishing privacy and cookie policies, and establishing a vulnerability disclosure process to enhance trust and compliance.

Sdružení pečujících o duševně nemocné ČR z.s. (SPDN ČR) is a Czech non-profit organization dedicated to supporting caregivers of mentally ill individuals. The organization focuses on advocacy, legislative cooperation, monitoring compliance with mental health laws, and providing awareness and counseling services. The website content is primarily in Czech and targets caregivers, mental health professionals, and government bodies within the Czech Republic. The business model is non-profit and community-focused, with a small organizational size and a founding year of 2006. Technically, the website is built with basic HTML, CSS, and JavaScript without any detected CMS or advanced frameworks. The site performs well with fast loading times but has only basic mobile optimization and accessibility features. SEO and metadata are minimal, and no structured data or Open Graph tags are present. There is no evidence of modern analytics or marketing tools beyond a single tracking pixel. From a security perspective, the site lacks visible HTTPS confirmation in the provided data, no security headers, and no privacy or cookie policies. No contact information or incident response details are provided, which limits transparency and user trust. The WHOIS data is unavailable due to a malformed request, which reduces domain registration trustworthiness but is not uncommon for non-profit organizations. Overall, the security posture is weak, and privacy compliance is minimal. The overall risk is moderate given the nature of the organization and the lack of sensitive transactional data on the site. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, improving security headers, and providing clear contact and incident response information to enhance trust and compliance.

W

WebConsult.cz - Internet & Marketing s.r.o.

webconsult.cz

45

WebConsult.cz - Internet & Marketing s.r.o. is a Czech Republic based technology company specializing in custom web application development and proprietary platforms such as Ibis CMS, Merkur eShop, and Henry system. With over 27 years of experience, they serve both B2B and B2C clients, emphasizing tailored solutions to improve client business efficiency. The website presents a professional image with client testimonials and a broad portfolio of customers, indicating a stable market position. Technically, the site uses standard web technologies including jQuery and custom JavaScript, with moderate performance and good mobile optimization. However, the absence of privacy and cookie policies, lack of security headers, and missing WHOIS data reduce the overall security and compliance posture. No WAF or blocking mechanisms were detected, allowing full content access. Strategic improvements in security practices and privacy compliance are recommended to enhance trust and regulatory adherence.

Ústav pro zdravotní gramotnost, z.ú. is a Czech non-profit organization dedicated to promoting health literacy among the Czech population. The organization conducts research, organizes educational events, and collaborates with governmental and international bodies to improve public health knowledge. The website serves as an informational platform presenting the organization's mission, leadership, projects, and contact information. The site is professionally designed using WordPress and provides clear navigation and relevant content for its target audience.

Bergstadtatelier is a small regional e-commerce business specializing in personalized and mining heritage-themed merchandise such as calendars, wall pictures, mugs, postcards, and gifts. The website is built on the Shopify platform using the Dawn theme, indicating a modern and scalable technical infrastructure. The site is well-structured with good design quality, mobile optimization, and clear navigation, targeting customers interested in regional culture and personalized products. Security posture is strong due to Shopify's hosting and SSL implementation, with standard security headers and no visible vulnerabilities. However, the site lacks visible privacy and cookie policies, which impacts GDPR compliance and privacy transparency. Contact information is not explicitly provided, which may affect customer trust and support accessibility. Overall, the website is functional, secure, and professionally presented but would benefit from enhanced privacy compliance and clearer contact channels.

The Československá asociace čistících stanic (formerly Česká asociace čisticích stanic) is a small, non-profit association focused on improving the quality and safety of cleaning stations for chemical and food transport containers primarily in the Czech Republic and Slovakia. The association provides certification services, education, and advocacy for its members and is recognized by European and Czech chemical industry bodies. The website content is professionally relevant but basic in design and technical implementation, lacking modern CMS or frameworks. Security posture is moderate with HTTPS implied but no visible security headers or explicit privacy and cookie policies, which are compliance gaps. The site uses Google Analytics without a consent mechanism, indicating privacy compliance weaknesses. WHOIS data confirms a consistent and legitimate domain registration dating back to 2006, supporting the association's stated history. Overall, the site is safe, trustworthy, and functional but would benefit from improved privacy compliance and security hardening.

F

Freiberger Brauhaus

freiberger-pils.de

65

Freiberger Brauhaus is a well-established German brewery with a rich heritage spanning approximately 175 years of pilsner brewing tradition. The company emphasizes authenticity, regional pride, and tradition in its branding and product offerings. The website serves as a marketing and informational platform showcasing their beer products, brewery tours, events, and an online shop. The target audience is mature adults interested in traditional beer culture. Technically, the website employs modern web technologies including Google Tag Manager and Usercentrics for consent management, ensuring GDPR compliance and user privacy. The site is mobile-optimized with good navigation and professional design. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though some security headers are not explicitly detected. No critical vulnerabilities or exposed sensitive data were found. Overall, the website is trustworthy and professionally maintained, with clear compliance to privacy regulations and responsible marketing practices for alcoholic beverages.

E

Erzgebirgssparkasse

erzgebirgssparkasse.de

69

Erzgebirgssparkasse is a regional financial institution based in Germany, offering a broad range of banking and financial services including online banking, loans, investments, insurance, and real estate services. The website targets both private and corporate customers, providing comprehensive digital access to their products and services. The bank maintains a strong local presence and positions itself as a trusted financial partner in the Erzgebirge region. Technically, the website is built on Adobe Experience Manager, indicating a mature and enterprise-grade digital infrastructure. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and professional design. Security posture is strong with HTTPS enforcement, session management, and cookie consent mechanisms, although some security headers are not explicitly visible in the HTML. Privacy policies and cookie management comply with GDPR requirements. No critical vulnerabilities or suspicious activities were detected. Overall, Erzgebirgssparkasse demonstrates a solid digital presence with good security and compliance practices, supporting its role as a reputable regional bank.

J

James Hardie

aestuver.com

66

The website www.aestuver.com represents a specialized business unit under the James Hardie brand, focusing on passive fire protection solutions including fire protection boards, expansion joints, and electrical fire protection for structural and tunnel applications. The site targets industry professionals and OEMs in sectors such as energy, transportation, and manufacturing. The digital infrastructure is built on ASP.NET with Kentico CMS, integrating modern marketing tools like Google Tag Manager and OneTrust for cookie consent, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS usage and cookie consent, but lacks visible security headers and explicit privacy policies, which are areas for improvement. The absence of WHOIS registration data is a notable concern for domain legitimacy, although the professional branding and corporate association mitigate some risk. Overall, the site is functional, professional, and safe for general audiences, but would benefit from enhanced transparency and security practices.

The website coopdisk.cz is a login portal for the COOP organization, leveraging Nextcloud technology for file storage and collaboration services. The platform appears targeted at internal users or members of the COOP group, providing access to file sharing, notifications, and user management features. The domain is registered in the Czech Republic and has been active since 2018, consistent with the business's operational timeline. Technically, the site uses modern web technologies including Nextcloud and Vue.js, with HTTPS enforced, but lacks comprehensive privacy and cookie policies, as well as public contact information. Security posture is moderate with room for improvement in security headers and incident response transparency.

C

COOP Morava

nacoopka.cz

53

COOP Morava operates the naCOOPka platform, a retail loyalty application designed to provide customers with benefits such as discounted products, store locators, and contest participation. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content targeting consumers shopping at COOP Morava stores in the Czech Republic. Technically, the site uses modern web technologies including JavaScript and Google Tag Manager, with HTTPS enforced and a cookie consent mechanism implemented. However, the absence of WHOIS data and a dedicated privacy policy page slightly reduce trust from a compliance and domain legitimacy perspective. Security posture is generally good but could be improved by adding security headers and publishing a security policy. Overall, the site is functional, trustworthy, and serves its business purpose effectively.

S

Urlaub in Sachsen: Kultur, Natur & Genuss erleben

sachsen-tourismus.de

61

The website www.sachsen-tourismus.de serves as a regional tourism portal promoting travel, culture, nature, and leisure experiences in Saxony, Germany. It targets tourists and travelers seeking vacation information and booking options in the region. The site is built on TYPO3 CMS and hosted on Schlund Technologies infrastructure, indicating a stable and professional technical foundation. The content is well-structured, visually appealing, and optimized for mobile devices, providing a good user experience. However, explicit privacy policies and terms of service are not found in the provided content, which could be improved for compliance and user trust. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks some security headers and incident response information.

E

eVstupenka

evstupenka.cz

68

eVstupenka.cz is a well-established online ticketing platform primarily serving the Liberec region in the Czech Republic. Founded in 2006, it offers a comprehensive catalog of cultural events including theater, concerts, musicals, festivals, and other entertainment options. The platform supports online ticket sales, subscription packages, and gift vouchers, targeting local residents and visitors interested in cultural activities. The website demonstrates a consistent brand presence and provides a user-friendly experience with clear navigation and mobile optimization. Technically, it leverages modern web technologies such as React and Next.js, integrated with DatoCMS for content management, and employs Google Tag Manager and Analytics for tracking.

J

James Hardie Europe GmbH

holzbauplaner.com

43

The website holzbauplaner.com hosts the fermacell Timberwork Planner, a specialized tool designed for professionals in timber construction to calculate and design timber frame wall panels according to recognized standards. The business is operated by James Hardie Europe GmbH, a medium-sized company based in Germany, focusing on manufacturing and construction sectors. The site provides detailed technical content, tutorials, and downloadable documentation to support its users, primarily structural engineers and architects. Technically, the website uses modern web technologies such as Vue.js and JavaScript libraries, ensuring a responsive and user-friendly experience. However, some security best practices like security headers and DNSSEC are not implemented, which could be improved. Privacy and cookie policies are present with consent mechanisms, indicating good compliance with GDPR requirements. Overall, the site is professional, trustworthy, and well-positioned within its niche market.

D

dgstudio.cz s.r.o.

dgstudio.cz

61

dgstudio.cz s.r.o. is a small Czech digital agency specializing in custom web design, e-commerce development, branding, graphic design, and bespoke software solutions. With over 14 years of experience and more than 300 satisfied clients, the company positions itself as a creative and professional partner for businesses seeking tailored digital services. Their offerings include integration with accounting and CRM systems, reflecting a focus on business process optimization. Technically, the website employs modern web technologies including Google Tag Manager, Google Analytics, and Cloudflare Turnstile captcha for bot protection. The site is well-structured, mobile-optimized, and uses HTTPS with good SSL configuration. Cookie consent and privacy policies are implemented, indicating attention to GDPR compliance. However, some security headers are missing, and no explicit security or incident response policies are published. From a security perspective, the site demonstrates a solid baseline with HTTPS, consent management, and bot mitigation. The absence of WHOIS data reduces transparency but does not indicate malicious intent. No vulnerabilities or exposed sensitive data were detected. Overall, the website is professional, trustworthy, and compliant with privacy regulations. The overall risk is low, but improvements in security headers, incident response transparency, and vulnerability disclosure would enhance the security posture and trustworthiness further.

T

TQG Lottery Solutions GmbH

tqg-lotterysolutions.com

67

TQG Lottery Solutions GmbH is a specialized technology company focused on providing lottery and gaming solutions, including lottery draw systems, gaming platforms, and handheld terminals. The company targets lottery operators and stakeholders in the gaming industry, offering strategic consulting and technology products. The website is built on WordPress with the Gutenberg plugin, reflecting a moderate level of digital maturity with good mobile optimization and basic SEO features. Security posture is moderate with HTTPS likely enabled but lacking visible security headers and formal privacy or cookie policies. The absence of WHOIS registration data raises concerns about domain legitimacy, although the website content and structured data indicate a legitimate business presence. Overall, the site is professional but would benefit from enhanced security and compliance measures.

S

Spinelli s.r.o.

spinelli.cz

48

Spinelli s.r.o. is a Czech-based marketing consultancy specializing in creative marketing solutions, business consulting, brand building, HR marketing, and marketing communication. The company targets businesses seeking to improve their brand presence and operational success through tailored marketing strategies. The website presents a professional image with clear service offerings and notable client references, positioning Spinelli as a trusted partner in the marketing sector within the Czech Republic. Technically, the website employs modern web technologies including Google Tag Manager and Google Analytics for tracking, uses web fonts and icons for design consistency, and implements a cookie consent mechanism compliant with GDPR standards. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. From a security perspective, while HTTPS is presumably enabled (based on URL schema), explicit security headers and policies are not visible in the provided data. The absence of WHOIS registration details limits the ability to fully verify domain legitimacy and ownership, which is a moderate risk factor. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, Spinelli's website reflects a credible and professional marketing consultancy with moderate technical maturity and privacy compliance. The main risk lies in the lack of publicly available WHOIS data, which should be addressed to enhance trust and transparency.

H

Henkel

henkel-adhesives.com

72

Henkel Adhesive Technologies operates as a global leader in the manufacturing and supply of adhesive products and solutions. The website serves as a global entry point for users to select their regional site and language preferences. The company targets industrial and commercial customers requiring advanced adhesive technologies. The digital infrastructure is built on Adobe Experience Manager CMS, with integration of cookie consent management via OneTrust and performance tracking through LiveUX. While the site demonstrates basic compliance with GDPR through cookie consent mechanisms, explicit privacy policies and terms of service are not readily found in the provided content. Security posture is moderate with HTTPS implied and some best practices observed, but lacks visible security headers and detailed security policies. The absence of WHOIS data raises concerns about domain registration legitimacy, though the branding and content suggest a legitimate corporate entity. Overall, the website is functional but could benefit from enhanced transparency and security documentation.

R

Rubena, s.r.o.

rubena.eu

57

Rubena, s.r.o. is a Czech manufacturing company specializing in a wide range of rubber products including V-belts, air springs, tyres, ice hockey pucks, and rubber molded parts. The company operates multiple e-commerce platforms to sell its products and supports multiple languages, indicating a focus on international markets. The website is professionally designed with good navigation and mobile optimization, reflecting a mature digital presence. Technically, the site uses modern tracking and consent management tools such as Google Analytics and CookieScript, and employs JavaScript frameworks like Naja for enhanced user experience. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers and incident response contacts could be improved. WHOIS data is privacy protected, which is common for EU domains, and does not raise immediate concerns. Overall, the website presents a trustworthy and professional image suitable for its industrial manufacturing business.

M

MVKM s.r.o.

mvkm.cz

53

MVKM s.r.o. is a Czech Republic based marketing agency specializing in performance marketing, PPC campaigns, SEO, social media management, and video production. The company targets businesses seeking measurable marketing results and ROI, positioning itself as a small but professional agency with over 20 satisfied clients and a high client satisfaction rate. The website is modern, well-designed, and mobile-optimized, reflecting a mature digital presence. Technically, the site uses modern frameworks like Next.js and React, with service workers for enhanced performance. Security posture is good with HTTPS and secure forms, but lacks explicit security headers and published security policies. Privacy compliance is limited, with no dedicated privacy policy page found, though a cookie consent banner is present. WHOIS data is unavailable, likely due to privacy protection, which slightly reduces trust but is common for this business type. Overall, the site is professional and trustworthy, with room for improvement in privacy and security transparency.

Lasvit is a Czech-based company specializing in bespoke glass design, manufacturing unique lighting installations and architectural glass products. Established in 2007, it blends traditional craftsmanship with innovative design to serve a global clientele including architects, designers, and luxury commercial and residential customers. The company maintains a strong market position in the high-end bespoke glass industry with a focus on artisanal quality and design excellence. Technically, the website is built on modern frameworks such as Next.js and React, ensuring fast performance, mobile optimization, and good SEO practices. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response information are not publicly available. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, trustworthy, and well-maintained, though the absence of WHOIS data and some security policy disclosures slightly reduce trust scores.

J

James Hardie Europe GmbH

fermacell.de

65

fermacell® is a German-based manufacturer specializing in gypsum fiber boards and related construction materials, operating under James Hardie Europe GmbH. The company offers innovative building solutions including fire and sound protection products and floor heating systems like Therm25™. Their market position is strong within the European construction sector, supported by industry awards and a professional digital presence. The website is well-structured, providing comprehensive product information and digital tools for planning and building professionals. Technically, the site uses ASP.NET with Kentico CMS, integrates modern tracking and consent management tools, and is hosted with Cloudflare DNS services. Security posture is good with HTTPS and security headers, though explicit security policies and incident response contacts are not published. Privacy compliance is partially addressed via cookie consent but lacks a visible privacy policy. Overall, the site is professional, trustworthy, and suitable for its target audience of construction industry stakeholders.

J

James Hardie Europe

jameshardie.nl

67

James Hardie Europe is a leading manufacturer and distributor of fiber cement facade products, serving construction professionals and homeowners in the Netherlands. The company offers a range of products including Hardie® Panel, Hardie® Plank, and Hardie® Shield, emphasizing sustainability, durability, and aesthetic appeal. The website reflects a mature business with a strong market position and a comprehensive product offering. Technically, the site is built on Kentico CMS using ASP.NET WebForms, with good mobile optimization and SEO practices. Security posture is solid with HTTPS, security headers, and cookie consent mechanisms in place, though dedicated security and incident response policies are not publicly visible. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

Č

Česká asociace streetwork

pracenaulici.cz

47

The website pracenaulici.cz represents the Česká asociace streetwork, a Czech non-profit umbrella organization focused on low-threshold social services addressing children, youth, addiction, and homelessness. The site provides campaign information and links to related social service areas. The organization appears to be small-sized and founded in 2018, with a clear mission to support vulnerable populations in the Czech Republic. The website is professionally designed with good content relevance and clear navigation, optimized for mobile devices. Technically, it uses standard web technologies including JavaScript, CSS, and Google Analytics for visitor tracking, with a cookie consent mechanism implemented to comply with privacy regulations. However, no explicit privacy policy or terms of service pages were found, which is a compliance gap. Security posture is moderate with HTTPS implied but no detailed security headers detected. No contact information or incident response details are published, limiting transparency. Overall, the website is safe, trustworthy, and serves a general audience without adult or explicit content.

BNP Paribas is a major European and international banking group with a diversified business model spanning corporate, institutional, commercial, personal banking, and investment services. The website reflects a mature digital presence with comprehensive content targeting a broad audience including investors, clients, and job seekers. The technical infrastructure employs modern web technologies and analytics tools, ensuring good performance and user experience. Security posture is strong with HTTPS enforcement and domain registration protections, though DNSSEC is not enabled and explicit security policies are not publicly detailed. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness consistent with a leading financial institution.