Security Directory

M

Ministerium der Justiz des Landes Nordrhein-Westfalen

vr-jva.nrw

55

The website vr-jva.nrw is an official government digital platform operated by the Ministerium der Justiz des Landes Nordrhein-Westfalen, providing a virtual 360° tour of correctional facilities in North Rhine-Westphalia, Germany. It serves an educational and informational purpose, targeting the general public and potential applicants interested in the justice system. The site features interactive virtual tours, quizzes, and contact forms to engage users. Technically, the site employs modern web technologies including HTML5, CSS3, JavaScript, and licensed krpano software for immersive virtual tours. Hosting is provided by Global Village GmbH, with a domain registered under the government ministry. The site is mobile-optimized and includes basic accessibility features, though SEO and privacy compliance could be improved. From a security perspective, the site uses HTTPS and input validation on forms but lacks DNSSEC and important security headers. No privacy or cookie policies are present, representing compliance gaps. The WHOIS data confirms legitimacy and consistency with the government entity. No signs of blocking or WAF interference were detected. Overall, the site is trustworthy and professionally implemented but would benefit from enhanced privacy compliance, security hardening, and explicit incident response information to improve user trust and regulatory adherence.

O

Open Telekom Cloud

open-telekom-cloud.com

63

Open Telekom Cloud is a European-focused cloud service provider offering Infrastructure as a Service (IaaS) and managed cloud solutions primarily targeting business customers and enterprises. It operates under the Deutsche Telekom umbrella, emphasizing data sovereignty and compliance with European regulations such as GDPR. The website presents a professional and comprehensive digital presence with detailed product offerings, partner integrations, and community engagement. Technically, the site is built on modern PHP frameworks and the Neos CMS, delivering a responsive and accessible user experience. Security posture is strong, with HTTPS enforcement, security headers, and certifications like ISO 27001. Privacy compliance is well addressed with cookie consent mechanisms and detailed policies. The absence of WHOIS data is a minor anomaly but does not detract from the overall trustworthiness given the strong brand and professional presentation.

T

Tickera

tickera.com

65

Tickera is a specialized WordPress event ticketing system that enables event organizers and WordPress site owners to sell event tickets directly on their websites and deliver them digitally. The company has been operating since 2012 and maintains a consistent brand presence with active social media channels and structured data markup to enhance SEO and trust. Technically, the website is built on WordPress with standard plugins and tracking tools such as Facebook Pixel and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile optimized and provides a good user experience with clear navigation and professional design. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and formal security policies. Privacy compliance is partially addressed with a cookie consent mechanism, but the absence of a privacy policy and terms of service is a notable gap. Overall, the website is trustworthy and professional but could improve in compliance and security transparency.

Hellopro.fr is a professional French B2B marketplace platform specializing in connecting businesses with suppliers across a wide range of industrial and commercial sectors. The website offers extensive product categories and supplier comparison services, targeting professional buyers and companies seeking procurement solutions. The platform is well-positioned in the French market as a trusted partner for professional purchases, with a clear focus on industrial, manufacturing, transportation, and energy sectors. Technically, the website employs modern JavaScript libraries and analytics tools such as Google Tag Manager, Hotjar, and LinkedIn Insight Tag, indicating a mature digital infrastructure. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features could be improved. Performance is moderate, with a professional design and clear navigation structure. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR. However, it lacks explicit privacy and terms of service pages, security.txt files, and some recommended security headers, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, Hellopro.fr presents a low-risk profile with a professional and trustworthy online presence. Strategic recommendations include publishing comprehensive privacy and terms policies, enhancing security headers, and providing clear contact information for incident response to strengthen compliance and trust.

The website 'Schulerzbistum' appears to be a minimal portal page primarily embedding another PHP page via an iframe. The content is very limited, with no visible business descriptions, contact information, or user interaction elements. The technical infrastructure relies on basic web technologies including jQuery and custom JavaScript, with no advanced frameworks or CMS detected. The site lacks modern SEO and accessibility features and shows minimal mobile optimization. Security posture is weak due to absence of HTTPS and security headers, and no privacy or cookie policies are present, indicating poor compliance with GDPR and related regulations. Overall, the site presents a low trust profile with limited business credibility and minimal content quality.

B

BBW Recycling Mittelelbe GmbH

bbw-recycling.de

46

BBW Recycling Mittelelbe GmbH is a medium-sized German company specializing in the recycling of construction waste and supply of recycled building materials. The company operates a large facility with advanced processing capabilities, serving construction and waste management sectors. Their website is professionally designed using TYPO3 CMS, featuring multilingual support and clear navigation. The technical infrastructure is modern with moderate performance and good mobile optimization. Security posture is adequate with HTTPS and cookie consent implemented, though lacking some advanced security headers and explicit security policies. Overall, the website reflects a trustworthy and compliant business presence with room for security and legal documentation improvements.

S

STORK Unternehmensgruppe

stork-gruppe.de

44

STORK Unternehmensgruppe is a medium-sized, well-established European service company specializing in waste disposal and recycling, with over 30 years of operational history. The group comprises 23 companies across 13 locations, employing more than 460 staff. Their core competencies include mineral waste processing, mobile and stationary recycling technologies, and specialized services such as industrial cleaning, demolition, and hazardous material remediation. The company targets B2B clients across Europe, positioning itself as a leader in efficient metal recovery and sustainable environmental solutions. Technically, the website is built on TYPO3 CMS, featuring modern web technologies and a responsive design, though some performance and accessibility improvements are possible. Security posture is adequate with HTTPS and cookie consent implemented, but lacks explicit security headers and published incident response policies. Overall, the domain and website content align well, supporting legitimacy and trustworthiness.

B

buff.rocks GmbH

buff.media

54

buff.rocks GmbH is a small digital and advertising agency based in Magdeburg, Germany, specializing in creative and strategic services including TYPO3 CMS web projects, design, campaigns, content marketing, hosting, and digital transformation. The company is part of the +Pluswerk network, enhancing its market position and service capabilities. The website is professionally designed, mobile-optimized, and rich in content, reflecting a mature digital presence. Technically, the site leverages TYPO3 CMS, modern JavaScript libraries, and Matomo analytics for user tracking, with good performance and accessibility features. Security posture is solid with HTTPS and no visible vulnerabilities, though security headers could be improved. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. WHOIS data is unavailable or malformed, limiting domain registration trust verification, but the business legitimacy is supported by consistent branding, client testimonials, and industry memberships. Overall, the site scores well on content quality, technical implementation, security, privacy, and business credibility.

UniCredit Foundation is a reputable non-profit organization dedicated to empowering Europe's next generation through education funding, research support, and social impact initiatives. The foundation operates under the UniCredit Group umbrella, focusing on reducing educational inequalities and fostering talent development. The website reflects a professional and consistent brand image, targeting students, researchers, non-profit organizations, and UniCredit employees. Technically, the site uses modern frameworks such as Next.js and Storyblok CMS, delivering a well-structured, mobile-optimized, and accessible user experience. Security posture is good with HTTPS enforced and asynchronous script loading, though explicit security headers and privacy policies are missing. The absence of WHOIS data limits domain trust verification, but the overall digital presence and content quality indicate legitimacy. Tracking scripts are present without visible consent mechanisms, suggesting room for privacy compliance improvements.

W

WBV - Westfälischer Bibliographischer Verlag

kirchenrecht.shop

56

Kirchenrecht.shop is an e-commerce platform specializing in customized and preconfigured legal text collections related to the Evangelische Kirche von Westfalen. The business operates in a niche market serving church members and legal professionals interested in church law. The website is professionally designed with clear navigation and offers a Rechtstexte-Konfigurator tool for personalized document creation. The platform is built on a Shopware Saltation theme, leveraging modern web technologies and Google reCAPTCHA for form protection. Hosting and domain registration are consistent with the business location and operations, supporting legitimacy. Security posture is good with HTTPS enforced and clientTransferProhibited domain status, though improvements are possible by enabling DNSSEC and adding security headers. Privacy compliance is adequate with a comprehensive privacy policy linked externally, but no cookie consent mechanism is present. Overall, the website is safe, trustworthy, and well-positioned within its market niche.

O

OEMUS MEDIA AG

oemus.com

51

OEMUS MEDIA AG is a well-established German media company specializing in dental medicine publications and professional education. The company offers a broad portfolio including specialist journals, seminars, and congresses targeting dental professionals. Their website reflects a mature business with a strong market position in the healthcare media sector, supported by 30 years of experience. Technically, the site uses standard web technologies such as jQuery and hosts media assets on Amazon S3, delivering moderate performance with good mobile optimization. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced DNS security and HTTP security headers. Privacy compliance is supported by a comprehensive privacy policy, though no cookie consent mechanism was detected. Overall, the website is professional, trustworthy, and content-rich, serving its target audience effectively.

Windy Scandinavia AB is a well-established Swedish manufacturer of premium sport boats and yacht tenders, with a heritage dating back to 1966. The company operates in the transportation sector, targeting boating enthusiasts and yacht owners with a range of high-quality, technically advanced vessels. Their market position is that of a niche premium brand with a strong Scandinavian craftsmanship identity. The website reflects a professional digital presence with good content quality, clear navigation, and mobile optimization. Technically, the site uses modern web technologies including Google Analytics and cookie consent mechanisms, and is likely powered by the Umbraco CMS. Security posture is solid with HTTPS and cookie consent, though some security headers and policies could be improved. The absence of WHOIS data raises questions about domain registration legitimacy, but the website content and contact information support business credibility. Overall, the site is trustworthy and professionally maintained.

V

Vitensenteret Sørlandet

vitensor.no

10

Vitensenteret Sørlandet is a regional science center in Norway offering educational and entertaining science activities for families and children. The website is built on WordPress using the Divi theme and includes common plugins for SEO and GDPR compliance. The technical infrastructure is modern with HTTPS enabled and reCAPTCHA implemented for form security. However, the site lacks visible privacy policy, terms of service, and explicit contact information in the provided HTML content. Security posture is moderate with room for improvement in security headers and incident response transparency. Overall, the website is professional, family-friendly, and safe, with a moderate risk profile due to missing compliance documentation.

M

MedicVision Optikk AS

medicvision.no

10

MedicVision Optikk AS is a Norwegian company specializing in customized optical solutions for medical practice and microscopy. Their offerings include magnifying glasses, microscopes (notably ZEISS Research Microscopy Solutions), medical lighting, and diagnostic instruments tailored for healthcare professionals and researchers. The company operates a physical showroom in Arendal, Norway, providing hands-on product trials and service capabilities including adjustments and repairs. The website reflects a professional and focused business model targeting healthcare and research sectors with a clear B2B and B2C sales approach. Technically, the website is built on modern web standards with responsive design, CSS grid, and flexbox layouts, likely powered by the Umbraco CMS. It uses privacy-conscious analytics (Plausible Analytics) and lazy loading for images, enhancing performance and user experience. The site is mobile-optimized and SEO-friendly but lacks some advanced accessibility features. No forms are present on the main page, reducing potential security risks. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks visible security headers and does not provide privacy or cookie policies, which are compliance gaps. Incident response and vulnerability disclosure information are also absent. The domain is newly registered in April 2024, consistent with the company's recent founding, and WHOIS data shows no privacy protection, supporting legitimacy. Overall, MedicVision's website is professional, trustworthy, and well-aligned with its business goals but would benefit from enhanced privacy compliance and security hardening to improve its security posture and regulatory adherence.

A

Arendal Næringsforening

arendalnaeringsforening.no

53

Arendal Næringsforening is a well-established regional business association founded in 2005, focused on promoting the interests of the business community in the Arendal region of Norway. The organization operates a membership model, offering networking events, business advocacy, and youth engagement through its ANF UNG initiative. The website reflects a professional and consistent brand presence with active content such as news updates and event listings, targeting local businesses and professionals. Technically, the site employs modern web technologies including Google Tag Manager and Facebook SDK for analytics and marketing, with a responsive design and basic accessibility features. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security policies and incident response information are not publicly disclosed. Overall, the domain registration aligns well with the business claims, indicating legitimacy and trustworthiness.

S

SCHWING Stetter

schwing.de

49

SCHWING Stetter is a well-established German manufacturer specializing in concrete machinery and equipment, including truck-mounted concrete pumps, mixers, stationary pumps, and mixing plants. The company serves the construction industry globally with a broad product portfolio and after-sales services. Their website reflects a professional and consistent brand presence, targeting construction professionals and equipment buyers. The site is built on TYPO3 CMS and employs modern web technologies with a focus on privacy, as evidenced by the use of Matomo analytics and a comprehensive cookie consent mechanism. Security posture is solid with HTTPS enforced and domain registration consistent with the business history. However, there is room for improvement in security headers and published security policies. Overall, the website is trustworthy, well-structured, and compliant with GDPR requirements.

W

Web Best Practice LTD

webbestpractice.co.uk

47

Web Best Practice LTD is a UK-based web development company with over 20 years of experience, specializing in web design, digital marketing, and branding services. The company targets businesses primarily in Manchester and across the UK, offering a full in-house team and a portfolio of over 1000 websites. The website is professionally designed, mobile optimized, and includes comprehensive customer reviews and contact options. Technically, the site uses modern web technologies and tracking tools such as Google Tag Manager, Facebook Pixel, and Mouseflow, with appropriate privacy and cookie consent mechanisms in place. Security posture is good with HTTPS and reCAPTCHA implemented, though explicit security headers are not detected and could be improved. WHOIS data is unavailable due to domain naming rules violation, which raises some legitimacy concerns, but the website content and business information appear consistent and trustworthy. Overall, the site demonstrates a mature digital presence with room for security enhancements.

D

DJK Sportjugend

djk-sportjugend.de

61

DJK Sportjugend is a German non-profit youth sports organization affiliated with the Catholic DJK-Sportverband. It focuses on inclusive youth work, social and cultural diversity, and prevention initiatives such as anti-racism and sexualized violence prevention. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content relevant to its target audience of young people and sports communities. Technically, the site uses modern web technologies and a consent management platform to ensure GDPR compliance. Security posture is solid with HTTPS and no visible vulnerabilities, though formal security policies and incident response contacts are not published. Overall, the domain registration and website content are consistent and trustworthy, supporting a strong legitimacy score.

S

SiteCockpit

sitecockpit.com

55

SiteCockpit is a professional SaaS provider specializing in digital accessibility solutions, offering products such as accessibility widgets, monitoring tools, and statement generators. The company targets businesses and website owners aiming to comply with accessibility regulations and improve user experience. Their market position is that of a specialized technology provider with integrations across major CMS and e-commerce platforms. Technically, the website employs modern JavaScript frameworks like Alpine.js, integrates with HubSpot for marketing and analytics, and uses Usercentrics for consent management, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Overall, the website is well-designed, mobile-optimized, and GDPR-compliant, supporting a high level of trust and professionalism. However, the absence of WHOIS data slightly reduces transparency and trustworthiness. Strategic recommendations include publishing detailed security policies, vulnerability disclosure information, and incident response contacts to enhance security posture and trust.

O

Oranto GmbH

studienplattform.ch

53

Oranto GmbH operates the Studienplattform.ch, a specialized software platform designed to facilitate clinical and non-clinical studies with integrated CMS, CRM, and LMS capabilities. The company positions itself as a niche provider with a decade of experience, offering tailored study design and management solutions primarily targeting research institutions and clinical study leaders. The platform emphasizes data protection and GDPR compliance, catering to a German-speaking audience with professional and clear content presentation. Technically, the website is built on TYPO3 CMS and employs Matomo analytics configured to disable cookies, reflecting a privacy-conscious approach. Security posture is solid with HTTPS and no exposed sensitive data, though improvements are recommended in security headers and incident response transparency. Overall, the website demonstrates a mature digital presence with good usability and trustworthiness, though cookie consent and formal security policies could be enhanced for full compliance.

G

Greystyle.com

greystyle.com

44

Greystyle.com is a small German-based graphic and web design company established since 2002, specializing in clean programming solutions and elegant design. Their market position is niche-focused, serving clients primarily in the cultural and ecclesiastical sectors in Germany. The website showcases a comprehensive portfolio of projects, emphasizing CMS development, corporate design, and print media. Technically, the site uses XHTML, JavaScript libraries including jQuery and Highslide, and Matomo for analytics, but includes some outdated Flash content. Security posture is moderate with privacy policies in place and anonymized analytics, but lacks visible security headers and cookie consent mechanisms. WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy despite the professional presentation. Overall, the site is functional and trustworthy but would benefit from modern security and privacy enhancements.

F

FRAMETRAXX UG (haftungsbeschränkt)

frametraxx.de

54

FRAMETRAXX UG operates a specialized e-commerce platform offering royalty-free (gemafreie) music for various applications including YouTube, advertising, film, and commercial use. The company targets content creators, agencies, and businesses seeking legally secure music licensing solutions. Their market position is that of a niche provider with a comprehensive catalog and clear licensing models, supported by a professional website and trusted client logos. Technically, the website is built on the Gambio e-commerce platform with modern JavaScript libraries and Google Tag Manager integration, providing a good user experience with mobile optimization and SEO best practices. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers could be improved. Overall, the site is trustworthy, compliant with GDPR, and professionally maintained.

E

Sign in - Matomo

etrackingserver.de

54

The website etrackingserver.de serves as a login portal for a Matomo analytics platform instance, providing web analytics and visitor tracking services. The platform is designed for website administrators or analytics users to access detailed analytics data. The site uses HTTPS and standard Matomo security features, but lacks publicly accessible business information, privacy policies, or contact details, limiting transparency and user trust. Technically, the site employs Matomo's JavaScript and PHP stack, with moderate performance and basic mobile optimization. Security measures include password authentication and support for two-factor authentication, though no explicit security headers were detected in the provided data. Overall, the site is functional but lacks comprehensive privacy compliance and business credibility indicators.

I

Institut der deutschen Wirtschaft

iwd.de

45

The website www.iwd.de serves as the information service of the Institut der deutschen Wirtschaft, providing up-to-date economic analyses, research results, and background information on current economic topics primarily focused on Germany and Europe. It targets professionals, policymakers, academics, and the general public interested in economic affairs. The business model revolves around disseminating economic knowledge through articles, dossiers, newsletters, and interactive graphics, positioning itself as a reputable and authoritative source in the German economic research landscape. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and integrates analytics tools such as Matomo and Google Tag Manager. It employs Usercentrics for GDPR-compliant consent management. The site is mobile-optimized, accessible, and SEO-friendly, with structured data enhancing search engine visibility. Hosting is managed via domaincontrol.com (GoDaddy), a common and reliable provider. From a security perspective, the website enforces HTTPS with a strong SSL configuration and uses consent management for cookies, reflecting good privacy practices. However, it lacks explicit security headers and published security policies or incident response contacts, which are areas for improvement. No vulnerabilities or exposed sensitive data were detected in the content. The site demonstrates a moderate to high security posture but could enhance transparency and technical security controls. Overall, www.iwd.de is a professional, trustworthy, and content-rich platform with strong compliance to privacy regulations and a solid technical foundation. Strategic recommendations include implementing security headers, publishing a security policy and incident response information, and adding a security.txt file to facilitate vulnerability disclosures. These steps would further strengthen the site's security posture and trustworthiness.

H

Hamburg Port Authority (HPA)

tideelbe.info

54

The website www.tideelbe.info serves as an informational blog managed by the Hamburg Port Authority (HPA), focusing on sediment management and the Tideelbe river to ensure navigable water depths for ships in Hamburg's harbor. It provides news, analyses, and downloadable reports targeted at the general public and stakeholders in maritime transport and environmental sectors. The site is professionally designed with consistent branding and clear navigation, supporting a positive user experience. Technically, the site is built on TYPO3 CMS, a reputable open-source content management system, and employs Matomo analytics configured to respect user privacy by disabling cookies and honoring DoNotTrack signals. The site is mobile-optimized and accessible, with good SEO practices evident from meta tags and structured content. However, no explicit cookie consent mechanism was detected, which may impact full GDPR compliance. From a security perspective, the site uses HTTPS and shows good security practices, but lacks visible security headers and published security policies or incident response contacts. The WHOIS data for the domain is unavailable or protected, limiting transparency and trust verification, though the official branding and content quality mitigate some concerns. Overall, the website presents a trustworthy and professional platform for disseminating port-related environmental information, with moderate technical and privacy compliance maturity. Strategic improvements in cookie consent, security policy publication, and WHOIS transparency would enhance its security posture and user trust.

V

Vereinigte Industrieverbände von Düren, Jülich, Euskirchen und Umgebung e.V.

extraviv.de

38

The website extraviv.de serves as a members-only information portal for the Vereinigte Industrieverbände von Düren, Jülich, Euskirchen und Umgebung e.V., a regional industry association in Germany. It provides employers and association members with access to documents, newsletters, event information, and other resources relevant to their business operations and networking. The site is primarily in German and targets local employers within the manufacturing and non-profit sectors. Technically, the site uses a custom or unknown CMS with JavaScript libraries such as jQuery UI and Modernizr, hosted on servers associated with kasserver.com. The design is professional and consistent, though mobile optimization and accessibility are basic. Security posture is moderate with a login form secured by POST but lacks advanced security headers and cookie consent mechanisms. No WAF or blocking mechanisms were detected, and the domain registration data aligns well with the website's business purpose, indicating legitimacy. Overall, the site scores well on business credibility and content quality but could improve technical implementation and security practices.

C

Centrum pre filantropiu n.o.

darujme.sk

63

DARUJME.sk is a well-established Slovak online fundraising platform operated by Centrum pre filantropiu n.o., founded in 2011. It serves as a donation gateway and fundraising tool provider primarily targeting non-profit organizations and individual donors within Slovakia. The platform offers a comprehensive suite of services including secure payment processing, donor communication, administrative tools, and training resources. It holds a strong market position with over 1,000 registered organizations and nearly 40 million euros donated through its system. The website is professionally designed, mobile-optimized, and provides clear navigation and rich content relevant to its audience.

S

STORK Umweltdienste GmbH

stork-umwelt.de

46

STORK Umweltdienste GmbH is a medium-sized German company specializing in recycling, waste disposal, and raw material recovery with over 30 years of experience. The company operates from Magdeburg with a strong focus on environmental sustainability, supported by ISO 14001 certification. Their services include recycling, container services, mobile processing technology, and logistics leveraging trimodal transport connections. The website is professionally designed using TYPO3 CMS, providing clear navigation and multilingual support. Contact information and social media presence enhance business credibility. Security posture is good with HTTPS and cookie consent mechanisms, though no explicit security policy or incident response contacts are published. Overall, the website reflects a trustworthy and established business with a solid digital presence.

F

FederlegnoArredo

federlegnoarredo.it

61

FederlegnoArredo is a well-established Italian industry association representing companies in the wood and furniture manufacturing sector. The website serves as a professional platform targeting industry stakeholders, providing information and event details relevant to the sector. The site is built on modern web technologies including React and Next.js, ensuring a responsive and user-friendly experience. The presence of a Cookiebot consent mechanism indicates attention to privacy compliance, although explicit privacy and terms of service documents were not found in the provided content. Security posture is adequate with HTTPS enabled, but could be improved by adding security headers and vulnerability disclosure information. Overall, the website is professional and trustworthy, with room for enhancement in privacy transparency and security best practices.

The website www.mein-t-raum.de is currently inaccessible beyond a Cloudflare security challenge page that requires human verification via Turnstile CAPTCHA. This indicates the presence of a Web Application Firewall (WAF) protecting the site from automated access or potential threats. Due to this blocking, no actual business content, contact information, or policies are accessible for analysis. The domain is hosted on the Jimdo platform as inferred from the nameservers, and Cloudflare provides security and performance services. The lack of visible content and business data limits the ability to assess the company's market position, services, or compliance posture. Security-wise, the use of Cloudflare WAF and CAPTCHA is a positive indicator, but the absence of security headers and policies reduces the overall security maturity score. Privacy compliance and business credibility cannot be evaluated due to missing information.

K

KjG Berlin

kjg-berlin.de

56

KjG Berlin is a small non-profit Catholic youth organization based in Germany, focused on engaging young people in community activities, education, and events within the Catholic framework. The website serves as an informational and organizational platform for members and interested parties, providing updates, event information, and contact details primarily via email. The organization maintains a presence on social media platforms such as Instagram and Facebook to reach its target audience. Technically, the website is built on WordPress, utilizing standard web technologies such as PHP, JavaScript, and CSS. The site is served over HTTPS with a valid SSL certificate, ensuring secure communication. While the site demonstrates good mobile optimization and basic SEO practices, it lacks advanced security headers and cookie consent mechanisms, which are recommended for GDPR compliance and enhanced security. From a security perspective, the site shows a moderate security posture with HTTPS enabled but missing several security headers and no visible incident response or vulnerability disclosure policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially met with a privacy policy present, but the absence of a cookie consent banner is a gap. Overall, KjG Berlin presents a trustworthy and professional online presence for a small non-profit organization. Strategic improvements in security headers, cookie consent, and incident response documentation would enhance compliance and security posture, supporting the organization's credibility and user trust.

J

Jugendverbände der Gemeinschaft Christlichen Lebens - Diözesanverband Berlin

j-gcl.berlin

42

J-GCL Berlin is a small non-profit youth organization focused on Christian community activities within the Berlin region. The website serves primarily as an informational portal presenting the organization's identity, social media presence, and contact email. The business model centers on community engagement and youth involvement in Christian life, positioning itself as a local entity without commercial operations. Technically, the website is built on a simple HTML5 and CSS stack with some JavaScript for UI enhancements, using the HTML5 UP design template and Font Awesome icons. The site is moderately optimized for mobile devices but lacks advanced SEO and accessibility features. Security posture is basic; while the domain is registered with a reputable German registrar and protected against unauthorized transfers, the site lacks DNSSEC, security headers, and visible HTTPS enforcement details. No privacy or cookie policies are present, indicating compliance gaps with GDPR and related regulations. Overall, the site is safe, with no adult or questionable content, but would benefit from enhanced security and compliance measures.

D

DJK Landesgemeinschaft Berlin e.V.

djk-berlin.de

58

DJK Landesgemeinschaft Berlin e.V. is a regional Catholic sports association in Berlin, Germany, serving approximately 500,000 members across more than 1,000 clubs nationally. The organization focuses on promoting sports activities, events, and community engagement within the Catholic sports community. Their website provides comprehensive information about the association, news, events, and member clubs, targeting members and interested parties in the sports and religious community. Technically, the website is built on AmphiCMS with standard web technologies such as HTML5, CSS3, JavaScript, and jQuery, featuring responsive design and moderate performance. Security posture is solid with HTTPS enforced, but lacks advanced security headers and incident response disclosures. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is professional, trustworthy, and well-structured, serving its non-profit mission effectively.

Z

Zentralverband Deutscher Schornsteinfeger e.V.

zds-schornsteinfeger.de

54

Zentralverband Deutscher Schornsteinfeger e.V. (ZDS) is a well-established German trade union and professional association serving the chimney sweep industry since 1907. The organization provides member services including advocacy, education, publishing, and employment support. The website reflects a mature digital presence with clear navigation, professional content, and active social media engagement. Technically, the site is built on Liferay CMS with modern frontend technologies and uses Matomo for privacy-conscious analytics. Security posture is adequate with HTTPS and secure login forms, but lacks visible security headers and explicit security policies. Privacy compliance is strong with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and well-suited for its target audience of industry professionals and members.

L

LAG Main4Eck

fabuly.de

9

Fabuly.de is a regional discovery platform focused on the Bavarian Untermain area, offering curated content and interactive maps for nature, history, technology enthusiasts, and sustainability advocates. The platform includes a related ecoKompass subsite dedicated to promoting sustainable projects and eco-friendly solutions. The website is professionally designed with consistent branding and good content relevance, targeting a general audience interested in regional exploration and sustainability. Technically, the site uses standard web technologies (HTML5, CSS3, JavaScript) and is hosted on servers indicated by the nameservers your-server.de and second-ns domains. Mobile optimization and navigation clarity are good, though accessibility features are basic. Security posture is moderate with no visible security headers or advanced policies, and no cookie consent mechanism is present. WHOIS data is minimal but consistent with a small regional platform. Overall, the site is safe, trustworthy, and compliant with GDPR based on the presence of a privacy policy, but improvements in security headers and contact transparency are recommended.

HÜF-NRW is a regional educational organization providing professional development and training services primarily for technical and administrative staff across 36 cooperating universities in North Rhine-Westphalia, Germany. Their offerings include a broad event program and a comprehensive e-learning platform accessible via ILIAS. The website is built on TYPO3 CMS, leveraging modern web technologies and privacy-conscious analytics through Matomo. The site demonstrates good compliance with GDPR and cookie consent regulations, providing clear contact information and social media presence. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response contacts are absent. Overall, the website reflects a professional and trustworthy educational service with a medium-sized organizational footprint.

A

Arte Bunkering OÜ

artebunkering.com

34

Arte Bunkering OÜ is a specialized marine fuel supply company founded in 2012, operating globally with offices in Europe, Asia, and the Americas. The company focuses on delivering marine fuel oil, gas oil, lube oil, and eco-friendly fuels such as LNG to over 3000 vessels annually across more than 650 ports. Their business model centers on providing personalized, efficient, and timely bunkering services with competitive pricing, targeting shipping companies and vessel operators worldwide. The website reflects a professional and consistent brand image with clear contact information and a global presence, supporting their market position as an experienced player in the marine energy sector. Technically, the website employs modern web standards including HTML5, CSS with LESS preprocessing, and JavaScript. It is hosted likely by Loginet, with responsive design elements and basic accessibility features. However, the site lacks advanced SEO optimization and does not appear to use a CMS or analytics tools based on the provided data. Performance is moderate, and mobile optimization is good. From a security perspective, the site uses HTTPS (implied by base href https URL), includes a CSRF token meta tag indicating some security awareness, but lacks DNSSEC and visible security headers. There is no privacy or cookie policy found, which is a compliance gap, especially under GDPR. Incident response and vulnerability disclosure information are absent. The WHOIS data is consistent and supports the legitimacy of the domain and business. Overall, the security posture is moderate but could be improved with better policy transparency and technical security controls. The overall risk assessment is moderate with no critical vulnerabilities or blocking detected. Strategic recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and publishing incident response and vulnerability disclosure information to enhance trust and compliance.

P

PMG Holding

holdingpmg.com

52

PMG Holding operates as a physical supplier of marine bunker fuels in the Black Sea region, offering products such as Marine Bunker Fuel Oil and Marine Gasoil. Additionally, the company engages in global cargo trading, positioning itself as a niche player in the energy and transportation sectors. The website is professionally designed using the Wix platform, featuring structured data for local business identification and basic SEO metadata. Technical infrastructure relies on Wix's hosting and content management services, with Google Tag Manager integrated for analytics. Security posture is moderate, with HTTPS implied but lacking explicit security headers and policies. Privacy and cookie policies are absent, indicating compliance gaps. Contact information is minimal, limited to a phone number in structured data. The domain WHOIS data is unavailable, raising concerns about domain registration legitimacy. Overall, the website presents a professional front but requires improvements in compliance, security transparency, and domain legitimacy verification.

I

IBT Bunkering & Trading

ibtbunker.com

44

IBT Bunkering & Trading is a well-established global bunker trader based in Hamburg, Germany, with over 45 years of market presence. The company specializes in marine fuel supply, offering services such as spot trading, formula-based contracts, and price hedging to shipping companies worldwide. Their business model focuses on building long-term, reliable relationships with clients and suppliers, supported by a strong network and industry memberships. Technically, the website employs modern web technologies including Bootstrap and JavaScript, providing a good user experience with mobile optimization and clear navigation. However, the site lacks explicit privacy and cookie policies, which is a compliance gap. Security-wise, HTTPS is enabled and domain registration is stable, but the absence of security headers and incident response information suggests room for improvement. Overall, the website is professional and trustworthy, but enhancing privacy compliance and security practices would strengthen its posture.

H

Hamburg Port Authority

hamburg-port-authority.de

47

Hamburg Port Authority (HPA) is a large public entity managing the port infrastructure of Hamburg since 2005. It provides comprehensive services including infrastructure planning, port safety, traffic management, and real estate management. The website reflects a mature digital presence with a structured navigation system, multilingual support, and integration of modern web technologies such as TYPO3 CMS and video content. The organization maintains active social media channels and uses consent management and analytics tools to monitor user engagement. Security posture is strong with HTTPS and security headers in place, though privacy policy documentation and incident response contacts could be improved. Overall, the site is professional, trustworthy, and serves a broad audience including port users, residents, and business partners.

I

Industrieverband Steine und Erden Baden-Württemberg e.V.

azubiste.de

51

The website www.bockaufsteine.de serves as an educational and promotional platform for vocational training in the stones and earths industry in Baden-Württemberg, Germany. It is operated by the Industrieverband Steine und Erden Baden-Württemberg e.V., an industry association. The site provides detailed information about various professions, training paths, and career opportunities, targeting young people interested in apprenticeships. The business model focuses on industry promotion and education rather than direct commercial services. Technically, the website is built on a simple CMS (cumodis simple cms) and uses standard web technologies such as HTML5, CSS3, and JavaScript. It is hosted on German UI-DNS nameservers and employs HTTPS with good SSL configuration. The site is mobile optimized and offers a good user experience with clear navigation and relevant content. However, it lacks advanced SEO features, accessibility enhancements, and modern frameworks. From a security perspective, the site enforces HTTPS and provides a cookie consent mechanism compliant with GDPR. However, it lacks explicit security headers, incident response policies, vulnerability disclosure mechanisms, and contact information for security issues. No tracking or analytics scripts were detected, indicating minimal user tracking. Overall, the website is safe, professional, and trustworthy for its intended audience. It demonstrates good privacy compliance and business credibility but could improve its technical and security posture by adding security headers, explicit policies, and contact details. The domain WHOIS data is minimal but consistent with the business purpose, supporting legitimacy.

B

Bundesverband Transportbeton

betonwissen.de

54

BetonWissen is an educational and informational platform affiliated with the Bundesverband Transportbeton, serving the transport concrete industry in Germany. The website consolidates training and knowledge resources targeted at professionals in this niche sector. Technically, the site is built on WordPress and hosted by Hetzner, a reputable German hosting provider, indicating a stable and professional infrastructure. The website demonstrates good SEO practices and mobile optimization, although accessibility features are basic. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and explicit security policies. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy policy page detected. Business credibility is strong due to clear affiliation with a recognized industry association, but contact information is not readily found in the provided content. Overall, the site is professional and trustworthy but could improve in privacy transparency and security best practices.

U

Universität Duisburg-Essen

uni-due.de

57

The Universität Duisburg-Essen is a prominent German university offering a wide range of educational and research services. The website reflects a well-established institution with a clear focus on serving students, researchers, alumni, and staff. It provides comprehensive information about study programs, research activities, campus life, and international cooperation. The university maintains a strong digital presence with official social media channels and updated news content. Technically, the website is built on the IMPERIA CMS platform and uses standard web technologies including HTML5, CSS3, JavaScript, and jQuery. It incorporates MathJax for mathematical content rendering. The site is mobile-optimized and accessible, with good SEO practices evident. However, some modern security headers and explicit security policies are not visible, indicating room for improvement in security hardening. From a security perspective, the site uses HTTPS (implied by domain and standard practice, though SSL details are not explicit in the data). No WAF or blocking mechanisms were detected, and no critical vulnerabilities or exposed sensitive data were found in the HTML content. Privacy compliance is supported by a comprehensive GDPR privacy policy, but cookie consent mechanisms are lacking. Contact information is clearly provided, enhancing trust and credibility. Overall, the website is professional, trustworthy, and well-maintained, suitable for its educational mission. Strategic improvements in security headers, cookie consent, and incident response disclosures would further strengthen its security posture and compliance.

O

Oranto GmbH

studienplattform.eu

50

Oranto GmbH operates the Studienplattform.eu website, offering a comprehensive, customizable study platform solution tailored for clinical and non-clinical studies. The platform integrates CMS, CRM, and LMS functionalities with a strong emphasis on GDPR compliance and data protection. The company targets research institutions and organizations requiring flexible, privacy-conscious study management tools. The website reflects a professional, well-structured digital presence with clear business focus and contact transparency. Technically, the site is built on TYPO3 CMS, leveraging modern web technologies including HTML5 video and Matomo analytics configured for privacy (cookies disabled). The site is mobile-optimized with good SEO and accessibility basics, though some security headers are missing. HTTPS is enforced, ensuring secure data transmission. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of explicit security policies, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement. Privacy compliance is strong with a comprehensive privacy policy, though cookie consent mechanisms could be enhanced. Overall, the website and business present a trustworthy, professional image with moderate technical maturity and good privacy awareness. Strategic enhancements in security transparency and consent management would further strengthen trust and compliance.

O

Oranto GmbH

oranto.ch

56

Oranto GmbH is a small technology service provider specializing in professional web and app development, primarily leveraging the TYPO3 CMS platform. The company targets businesses and organizations seeking enterprise-grade web solutions with a strong focus on customer-oriented consulting and practical implementations. Their market position is that of a niche expert in TYPO3-based enterprise websites, offering a range of services including hosting, SEO, workshops, and training. Technically, the website is built on TYPO3 CMS with modern JavaScript usage and integrates Matomo analytics for user tracking. The site is mobile-optimized with good SEO practices and moderate performance. Hosting details are not explicitly disclosed. The technical infrastructure reflects a mature digital presence suitable for their business model. From a security perspective, the website enforces HTTPS and uses best practices such as asynchronous script loading and no visible sensitive data exposure. However, it lacks visible security headers, a cookie consent mechanism, and formal security or incident response policies. The privacy policy is present but basic, with no explicit GDPR compliance indicators or cookie consent banners. Matomo analytics suggests some privacy-conscious tracking but without explicit user consent mechanisms. Overall, the website presents a moderate risk profile with no critical vulnerabilities detected but room for improvement in privacy compliance and security transparency. Strategic recommendations include implementing cookie consent, publishing security policies, and enhancing security headers to improve trust and compliance.

G

Gute Botschafter GmbH

gute-botschafter.de

47

Gute Botschafter GmbH is a German-based medium-sized company specializing in brand positioning and marketing communication services. Their website presents a professional and comprehensive overview of their offerings, targeting primarily medium-sized enterprises and non-profit organizations. The company emphasizes authentic and sustainable brand communication, supported by a multidisciplinary team. Technically, the website employs modern web technologies including HTML5, CSS3, JavaScript, and Lottie animations, with Google Tag Manager integrated for analytics and marketing purposes. The site is mobile-optimized and provides a good user experience with clear navigation and rich content. Security-wise, the site uses HTTPS and includes a consent mechanism for tracking but lacks explicit privacy and terms of service pages, as well as some security headers, which are areas for improvement. WHOIS data aligns well with the business claims, indicating a legitimate and consistent domain registration. Overall, the website scores well on content quality, business credibility, and technical implementation, with moderate scores on security posture and privacy compliance.

U

Uniper

uniper-digital.de

60

Uniper Digital operates a secure customer login portal leveraging Microsoft Azure B2C identity services. The website serves as an authentication gateway for Uniper's digital energy services, targeting customers and partners in the energy sector. The platform uses modern OAuth2 and OpenID Connect protocols to ensure secure access. The technical infrastructure is robust, hosted on Azure cloud, and employs contemporary JavaScript frameworks and libraries. Security posture is strong with HTTPS enforced and secure token handling, although explicit security headers could be improved. Privacy compliance is limited on the login page, lacking visible privacy and cookie policies. Overall, the site reflects a mature digital presence aligned with corporate branding and security best practices.

S

Schwing Stetter (UK) Ltd

schwing-stetter.co.uk

51

Schwing Stetter (UK) Ltd is a well-established manufacturer and supplier specializing in concrete production and placement equipment, including concrete pumps, batching plants, truck mixers, and concrete recyclers. The company positions itself as a global leader in the concrete equipment industry, serving primarily construction professionals and contractors in the UK. Their business model focuses on manufacturing, distribution, and after-sales services, supported by a professional and content-rich website that reflects their market position. Technically, the website employs modern web technologies such as Google Tag Manager, reCAPTCHA, and service workers, ensuring a secure and user-friendly experience. The site is mobile-optimized with good SEO practices and clear navigation, although some improvements in accessibility and security headers could enhance the overall technical posture. From a security perspective, the site uses HTTPS and implements reCAPTCHA on its contact forms, indicating a baseline security awareness. However, the absence of explicit security policies, incident response contacts, and security headers suggests room for improvement in security maturity. The WHOIS lookup failed due to querying a subdomain rather than the registered domain, but this does not detract from the legitimacy of the business as evidenced by the professional website and consistent branding. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic recommendations include enhancing security headers, publishing security policies, and maintaining regular audits of third-party scripts to further strengthen the security posture.

S

Schwing Stetter

schwing.es

56

Schwing Stetter is a well-established manufacturing company specializing in concrete pumps, stationary pumps, concrete plants, recycling plants, and truck-mounted concrete pumps. With over 80 years of experience, the company targets professionals in the construction and concrete industry, offering a comprehensive range of equipment to optimize production and ecological recycling. The website reflects a medium-sized enterprise based in Spain, with consistent branding and professional content. Technically, the site is built on WordPress using modern plugins such as Elementor and Smart Slider 3, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and cookie consent implemented, though security headers are missing and incident response information is absent. WHOIS data is not publicly accessible due to registry restrictions, which is typical for .es domains, slightly impacting trust but not indicating suspicious activity. Overall, the website is professional, secure, and compliant with privacy regulations, supporting the legitimacy of the business.

T

TC-Innovations GmbH

leader-shops.de

49

Leader Shops, operated by TC-Innovations GmbH, is a specialized e-commerce coaching platform focused on helping online shop owners achieve market leadership through proven strategies, sales psychology, and expert mentoring. The website is professionally designed, well-structured, and optimized for SEO and mobile devices. It leverages modern web technologies and the Shopware platform to deliver a seamless user experience. Security posture is solid with HTTPS and cookie consent mechanisms in place, though some security headers and explicit policies could be improved. Overall, the site demonstrates a mature digital presence with strong trust signals such as customer testimonials and industry awards.