Security Directory

The Konrad-Adenauer-Stiftung e.V. is a well-established German political foundation focused on promoting political education, democracy, and social market economy principles both nationally and internationally. The website reflects a professional and consistent brand presence with comprehensive content aimed at a general audience interested in political and social topics. The foundation maintains an active presence on multiple social media platforms, enhancing its outreach and engagement. Technically, the website is built on the Liferay CMS platform, utilizing modern web technologies including jQuery, React, and Alloy UI. The site demonstrates good mobile optimization, accessibility, and SEO practices, with moderate performance characteristics. Analytics are handled via Matomo with a consent mechanism in place, indicating a respect for user privacy. From a security perspective, the site enforces HTTPS, employs Content Security Policy with nonce, and uses secure form submissions. However, explicit privacy policies, terms of service, and vulnerability disclosure mechanisms are not detected in the provided content, representing areas for improvement. WHOIS data is minimal but does not raise immediate concerns, though more transparency would enhance trust. Overall, the website presents a low-risk profile with strong business credibility and a good security posture, but could benefit from enhanced privacy compliance documentation and clearer contact information for security and general inquiries.

D

Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH

giz.de

70

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a German government-owned enterprise specializing in international development cooperation. The organization operates globally to promote sustainable development, offering solutions and partnerships to improve living conditions worldwide. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design, targeting governments, international partners, businesses, and professionals in the development sector. Technically, the site is built on Drupal CMS, uses Matomo for privacy-respecting analytics, and employs a consent management system (Klaro) to comply with GDPR. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Privacy and compliance policies are transparent and comprehensive, supporting GDPR compliance. Overall, the website is trustworthy, professional, and well-aligned with the organization's mission and market position.

R

Région Ile-de-France

iledefrance.fr

68

The website www.iledefrance.fr is the official digital presence of the Région Île-de-France, the regional government authority for the Île-de-France area in France. It provides comprehensive information and services tailored to residents, professionals, associations, and local authorities. The site offers access to regional aids, news, events, and digital services, positioning itself as a key public service platform for the region. The business model is that of a government entity focused on public service and regional development. Technically, the website is built on Drupal 10, leveraging modern web technologies such as lazy loading images, Matomo analytics for privacy-respecting user tracking, and Clustaar webchat for user support. The site is mobile-optimized, accessible, and demonstrates good SEO practices. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not fully confirmed, the site shows good security hygiene with no exposed sensitive data or vulnerable libraries detected. The absence of WHOIS data is typical for French government domains and does not detract from the site's legitimacy. Overall, the site presents a low risk profile with strong trust indicators, professional design, and compliance with privacy regulations. Strategic recommendations include enhancing security headers, continuous monitoring of third-party scripts, and ensuring robust form security to maintain and improve the security posture.

F

Fédération de MMA Français

fmmaf.fr

45

The Fédération de MMA Français (FMMAF) is the national governing body for Mixed Martial Arts in France, providing licensing, club affiliation, training, and event organization services. The website positions FMMAF as a professional federation affiliated with the International Mixed Martial Arts Federation (IMMAF), targeting MMA practitioners, clubs, and enthusiasts across France. The business model focuses on regulatory oversight, athlete development, and promotion of MMA as a sport within the country. Technically, the website is built on WordPress using the Divi theme and several specialized plugins such as EventON for event management and Matomo for analytics. The site is well-structured with good SEO practices including JSON-LD structured data and Open Graph metadata. Performance is moderate with good mobile optimization and basic accessibility features. From a security perspective, the site enforces HTTPS and includes standard security headers, indicating a good baseline security posture. However, the absence of explicit privacy policy and terms of service documents, as well as no visible incident response or vulnerability disclosure information, suggests room for improvement in compliance and transparency. Overall, the website is trustworthy and professional, though the lack of WHOIS registrant data and some compliance documents slightly reduce the trust score. Strategic recommendations include publishing comprehensive privacy and security policies, implementing a vulnerability disclosure program, and enhancing accessibility and compliance features.

V

Velitelství výcviku - Vojenská akademie

vavyskov.cz

64

Velitelství výcviku - Vojenská akademie ve Vyškově is a Czech government military educational institution focused on training and educating military personnel including active reserves, non-commissioned officers, and university students. The website serves as an official communication channel providing news, event information, and resources related to military training. The institution holds a key position in the Czech military education sector, offering specialized courses and exercises. Technically, the website is built on Drupal 7 with Bootstrap 3, featuring responsive design and moderate performance. It employs Matomo Analytics for visitor tracking and includes a cookie consent mechanism, though lacks a published privacy policy and terms of service. Security posture is good with HTTPS enforced but could be improved by adding security headers and updating CMS components. WHOIS data is unavailable, which slightly impacts trust but the official nature of the site and contact details support legitimacy. Overall, the site is professional, content-rich, and trustworthy for its intended audience.

G

Groupe Arcade-VYV

groupearcadevyv.fr

45

Groupe Arcade-VYV is a major French real estate group specializing in affordable and health-centered housing solutions. It operates as a leader in the Logement Santé sector, providing a comprehensive range of housing and residence services for families, seniors, youth, and vulnerable populations, including private sector involvement. The website reflects a mature digital presence with professional design, structured data, and integration of modern analytics tools such as Matomo and Google Tag Manager. However, the absence of explicit privacy and cookie policies, as well as missing WHOIS data, indicates areas for improvement in transparency and compliance. Security posture is generally good with HTTPS enabled, but lacks some security headers and formal vulnerability disclosure mechanisms. Overall, the website is trustworthy and well-positioned but would benefit from enhanced privacy compliance and security best practices.

C

Calizy

calizy.com

58

Calizy is a technology company specializing in intelligent online appointment scheduling and shared calendar solutions tailored for teams and companies, particularly in sectors such as insurance, financial services, subcontracting, and specialized distribution. The company offers a SaaS platform that integrates with major calendar and CRM systems to optimize appointment allocation, synchronization, and customer engagement. The website reflects a professional and consistent brand presence with detailed service descriptions and client trust indicators. Technically, the website is built on modern frameworks including Next.js and React, hosted on reputable providers with media assets served via DigitalOcean Spaces. The site employs multiple analytics and marketing tools such as Matomo, Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag, indicating a moderate level of user tracking. Mobile optimization and SEO practices are good, though accessibility features are basic. From a security perspective, the site uses HTTPS and has some security best practices in place, but lacks explicit security headers and published security policies or incident response contacts. The domain registration is consistent and trustworthy, with no privacy protection masking ownership, and domain age aligns with the company's founding date. Overall, Calizy's website presents a solid business and technical foundation with room for improvement in privacy compliance documentation and security policy transparency. The risk level is moderate with no critical vulnerabilities detected.

M

Mocha

mochajs.org

64

Mocha is an established open source JavaScript testing framework designed for Node.js and browser environments. It offers flexible asynchronous testing capabilities, parallel test execution, and extensible reporting. The project is community-driven, supported by sponsors and backers, and hosted on GitHub. The website serves as a comprehensive documentation and community hub for developers using Mocha. Technically, the site is well-structured, performant, and mobile-optimized, leveraging modern web technologies and Matomo analytics for user tracking. However, it lacks formal privacy and cookie policies, contact information, and explicit security policies, which are areas for improvement. The domain registration is consistent and appropriate for the project's age and nature, indicating legitimacy and trustworthiness.

2

2exVia

masteredit.com

39

2exVia is a well-established French digital communication and marketing agency with over 25 years of experience. They offer a broad range of services including custom web and app development, video production, brand identity, and social media management. Their proprietary CMS, MasterEdit®, powers over 250 websites, demonstrating technical maturity and a strong market presence. The website is professionally designed, mobile-optimized, and integrates modern technologies such as Matomo analytics and lazy loading for performance. Security posture is good with HTTPS and cookie consent implemented, though explicit security policies and incident response contacts are absent. WHOIS data is unavailable, which slightly reduces transparency but does not detract significantly from the overall trustworthiness given the professional content and social media presence. Overall, the site represents a credible and competent digital agency with a solid technical foundation.

U

Usep Nationale

usep.org

67

Usep Nationale is a large French non-profit federation dedicated to organizing and promoting school sports activities for primary education. It operates nationwide including overseas territories, serving over 8250 school associations and 825,000 licensed members, impacting 2 million children annually. The website is professionally designed, content-rich, and targets educators, schools, and sports associations. Technically, it is built on WordPress with Gravity Forms, uses Matomo for analytics, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS and reCAPTCHA v3, though security headers and explicit security policies are absent. WHOIS data is unavailable due to privacy protection but the domain and website content align with a legitimate non-profit organization. Overall, the site demonstrates strong digital maturity and trustworthiness.

Ufolep is a leading French multisport federation offering a wide range of sports activities, training, and events across France. The website targets sports associations and participants, providing comprehensive information about their services and engagements. The organization holds a strong market position as the first multisport federation in France, emphasizing community and inclusive sports participation. Technically, the website employs a traditional tech stack including jQuery 1.8.2, Google Fonts, and Matomo analytics configured with privacy-respecting settings. The site is moderately performant with good mobile optimization and basic accessibility features. However, the use of an outdated jQuery version and lack of visible security headers indicate areas for technical improvement. From a security perspective, the site benefits from HTTPS and privacy-conscious analytics but lacks explicit security policies and modern security headers. The absence of WHOIS data limits domain trust verification, though the professional content and social media presence support legitimacy. Cookie consent mechanisms are implemented, but privacy and terms of service pages are not clearly found. Overall, the website presents a professional and trustworthy front for a non-profit sports federation but would benefit from enhanced security practices, updated technologies, and clearer privacy documentation to strengthen compliance and user trust.

M

Moravská hvězda, vánoční dekorace.

moravskahvezda.eu

53

The website www.moravskahvezda.eu is a Czech-language e-commerce platform specializing in the sale of traditional Moravian stars and Christmas decorations. It targets general consumers interested in cultural and festive products, primarily within the Czech Republic. The business model is retail-focused, leveraging the eshop-rychle.cz platform for online sales. The site presents a consistent brand image with good content quality and clear navigation, although it lacks explicit business contact details and comprehensive privacy documentation. Technically, the site uses legacy JavaScript libraries such as jQuery 1.8.3 and jQuery UI 1.10.3, along with Matomo analytics for user tracking. The platform is built on eshop-rychle.cz, a specialized e-commerce solution. While the site is functional and moderately optimized for performance and mobile use, it shows room for improvement in modernizing its tech stack and enhancing accessibility and SEO. From a security perspective, the site uses HTTPS but lacks visible security headers and employs outdated JavaScript libraries that may expose vulnerabilities. There is no visible privacy or cookie policy, nor incident response or security contact information, which impacts compliance and trust. The WHOIS data is not publicly available due to EURid privacy policies, which is common for .eu domains and does not raise immediate suspicion. Overall, the website is moderately secure and professionally presented but would benefit from updates to its security posture, privacy compliance, and technical modernization to reduce risks and improve user trust.

H

HUisHU. Digitale Kreativagentur GmbH

huishu-agentur.de

48

HUisHU. Digitale Kreativagentur GmbH is a German digital creative agency with offices in Hannover and Hamburg. The company specializes in digital development, campaigns, and communication aimed at fostering growth for individuals, brands, and medium-sized enterprises. Their key services include brand building, social media campaigns, content creation, websites, and applications. The agency holds multiple industry certifications and awards, positioning itself as a reputable player in the media and creative sector within Germany. Technically, the website is built on WordPress and leverages modern web technologies such as jQuery, Matomo Analytics, Google Tag Manager, and Borlabs Cookie for consent management. The site demonstrates good mobile optimization, accessibility, and SEO practices, with a moderate performance profile. Hosting appears to be managed via kasserver.com, consistent with the domain's nameservers. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious indicators were detected. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent banner, indicating GDPR adherence. Overall, the website is professional, trustworthy, and well-maintained, with strong business credibility and digital maturity. Strategic recommendations include enhancing security headers, publishing a security policy, and establishing a vulnerability disclosure process to further strengthen security posture.

N

Nutrisens

nutrisens.com

49

Nutrisens is a French agro-food group specializing in nutrition and health products tailored for patients with malnutrition, dysphagia, specific diets, and allergies. The company offers products developed by expert nutritionists and chefs, targeting both individual patients and healthcare professionals. Their business model includes direct sales through an online shop and professional channels, positioning them as a specialized player in the healthcare nutrition sector. The website is professionally designed, multilingual, and optimized for SEO, reflecting a medium-sized enterprise with a clear market focus. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and integrates multiple analytics and tracking tools including Matomo, Microsoft Clarity, Bing UET, and LinkedIn Insight. The site uses HTTPS and includes a cookie consent mechanism via Axeptio, indicating a baseline compliance with privacy regulations. However, explicit privacy and terms of service pages were not detected in the provided content, which could be improved. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in the HTML. There is no evidence of security headers in the provided data, and no direct incident response or security policy information is available. The absence of WHOIS data for the domain reduces trustworthiness from a domain registration perspective, though the website content and technical setup suggest a legitimate business. No vulnerabilities or malicious indicators were found. Overall, Nutrisens presents a professional and trustworthy online presence in the healthcare nutrition industry, with room for improvement in privacy transparency and security header implementation. The lack of WHOIS data is a concern that should be investigated further to confirm domain legitimacy.

C

Communauté d'Agglomération Sophia Antipolis

starteo-entreprises.fr

53

Starteo Entreprises is a regional business incubator managed by the Communauté d'Agglomération Sophia Antipolis in France, launched in 2023. It provides office spaces, entrepreneurial workshops, and business accompaniment services targeting startups and entrepreneurs in the Sophia Antipolis area. The website is built on TYPO3 CMS and integrates modern web technologies including Matomo analytics and cookie consent management, reflecting a mature digital infrastructure. The site is well-structured, mobile-optimized, and supports multilingual access via Google Translate. Security posture is solid with HTTPS and privacy compliance, though there is room for improvement in security headers and explicit security policies. No critical vulnerabilities or suspicious content were detected, and the domain registration data aligns well with the business profile. Overall, the site presents a professional and trustworthy digital presence for a government-affiliated business incubator.

C

Communauté d'Agglomération Sophia Antipolis

tourisme-prealpesdazur.fr

53

The website www.villagesvalleesdazur-tourisme.fr serves as a regional tourism portal managed by the Communauté d'Agglomération Sophia Antipolis, focusing on promoting the Villages Vallées d'Azur area in France. It provides visitors with information about local villages, events, guided tours, and outdoor activities, targeting tourists and families interested in cultural and natural experiences. The site positions itself as a key regional information source, supported by official regional branding and social media presence. Technically, the site is built on TYPO3 CMS, leveraging modern web technologies including jQuery, Matomo analytics with privacy-respecting configurations, and a comprehensive cookie consent mechanism via Tarteaucitron.js. The infrastructure is hosted within the regional network, ensuring moderate performance and good mobile optimization. Accessibility and SEO are adequately addressed, though there is room for improvement in SEO depth. From a security perspective, the site enforces HTTPS and provides a granular cookie consent panel, respecting GDPR requirements. However, explicit security headers are not detected, and no formal security or incident response policies are published. No vulnerabilities or exposed sensitive data were identified in the analyzed content. The WHOIS data aligns well with the website's regional and governmental nature, supporting legitimacy and trustworthiness. Overall, the website demonstrates a solid digital presence with good privacy compliance and a safe content environment. The lack of explicit contact information and security policies suggests areas for enhancement to improve user trust and operational security. Strategic recommendations include implementing security headers, publishing incident response information, and enriching SEO and accessibility features.

F

Facts.net

cookiesdirective.com

59

Facts.net is an established online media platform founded in 1997, specializing in publishing factual and educational content across diverse categories including technology and computing. The website targets a general audience interested in knowledge discovery and provides content supported by advertising revenue. The platform demonstrates consistent branding and professional content quality, supported by expert verification and editorial guidelines. Technically, the site is built on WordPress with modern SEO and analytics tools such as Yoast SEO, Google Tag Manager, and Matomo, hosted with GoDaddy and utilizing Cloudflare DNS services. The site is mobile optimized and performs moderately well, with good SEO and basic accessibility features. Security posture is adequate with HTTPS enabled and no exposed sensitive data, though improvements in security headers and explicit security policies are recommended. Privacy compliance is evident with cookie consent mechanisms and GDPR-aligned policies. Overall, the website is trustworthy, safe for general audiences, and maintains a solid business credibility profile.

L

Ledarna

ledarna.se

51

Ledarna is a Swedish trade union exclusively for managers, providing membership services, leadership development, legal support, and income insurance. The organization holds a unique market position as the only Swedish union dedicated solely to managers, targeting professionals in leadership roles across Sweden. Their website reflects a mature digital presence with comprehensive content and strong branding consistency. Technically, the site uses modern tools including Episerver CMS, Matomo analytics, OneTrust for cookie consent, and Azure Application Insights for monitoring, indicating a well-maintained infrastructure. Security posture is solid with HTTPS, bot protection, and privacy compliance, though some security headers and policies could be improved. The WHOIS data for the queried subdomain is missing, which is unusual but does not detract from the site's legitimacy given the professional content and contact information. Overall, Ledarna's website is a trustworthy and authoritative source for its audience.

K

Kommunalgemeinschaft Euroregion

elbelabe.eu

10

The website www.elbelabe.eu represents the Euroregion Elbe/Labe, a regional non-profit organization focused on fostering cross-border cooperation between Saxony (Germany) and the Czech Republic. It aims to build mutual trust and promote collaboration in various societal sectors. The site provides comprehensive information about the region, projects, events, and funding opportunities, targeting residents, organizations, and stakeholders in the border region. The business model is non-commercial, emphasizing regional development and cultural exchange. Technically, the website is built on a modern stack including jQuery, FullCalendar, and Matomo analytics, likely powered by Kirby CMS. It features good performance, mobile optimization, and accessibility. Structured data is implemented for SEO benefits. However, some security headers like Content-Security-Policy are present but commented out, and there is no cookie consent mechanism despite the use of tracking scripts. Google Tag Manager and Ads scripts are conditionally loaded, which may raise privacy considerations. From a security perspective, the site uses HTTPS and disables cookies in Matomo to enhance privacy. The lack of active CSP and cookie consent are notable gaps. No exposed sensitive data or vulnerabilities were detected. WHOIS data is unavailable due to EURid privacy protection, which is typical for EU domains and justified for this type of organization. Overall, the website is professional, content-rich, and trustworthy, with minor improvements recommended in security header enforcement and privacy compliance to align with best practices and GDPR requirements.

C

Communauté d'Agglomération Sophia Antipolis

villagesvalleesdazur-tourisme.fr

55

The website www.villagesvalleesdazur-tourisme.fr serves as a regional tourism portal for the Villages Vallées d'Azur area in France, operated by the Communauté d'Agglomération Sophia Antipolis. It provides visitors with information on local villages, events, guided tours, and family-friendly activities, positioning itself as a key regional tourism information source. The site is built on TYPO3 CMS and incorporates modern web technologies including jQuery, Matomo analytics for privacy-respecting visitor tracking, and Tarteaucitron.js for cookie consent management. Multilingual support is provided via Google Translate integration. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though additional security headers could enhance protection. The absence of WHOIS data suggests privacy protection for the domain registration, which is reasonable for a public sector tourism entity. Overall, the site is professional, compliant with GDPR, and trustworthy, with a good user experience and clear navigation.

C

Communauté d'Agglomération Sophia Antipolis

guide-culturel-casa.fr

56

The website guide-culturel-casa.fr serves as the official cultural guide for the Communauté d'Agglomération Sophia Antipolis, a regional government entity in France. It provides comprehensive information on cultural events, festivals, concerts, museums, and exhibitions within the CASA region, targeting residents and visitors interested in cultural activities. The site is positioned as a public service information portal with a focus on regional cultural promotion. Technically, the website is built on the TYPO3 CMS platform, leveraging modern JavaScript libraries such as jQuery, Parsley.js for form validation, and Tarteaucitron.js for cookie consent management. It is hosted by OVH, a reputable hosting provider, and integrates Matomo analytics with privacy-respecting configurations. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. From a security perspective, the website enforces HTTPS and includes a cookie consent mechanism compliant with GDPR. While some security headers like Content-Security-Policy and X-Content-Type-Options are not explicitly detected, the overall security posture is solid with no evident vulnerabilities. The WHOIS data aligns with the website's purpose and hosting, indicating legitimacy. Overall, the site presents a trustworthy and professional digital presence for the regional government cultural guide. Strategic recommendations include enhancing security headers, publishing explicit security and incident response policies, and improving visibility of contact information and terms of service to further strengthen trust and compliance.

C

Communauté d'Agglomération Sophia Antipolis

cddcasa.fr

10

The website www.cddcasa.fr represents the Conseil de Développement Durable (CDD) of the Communauté d'Agglomération Sophia Antipolis, a regional public non-profit organization in France focused on sustainable development and citizen participation. The site provides information about the CDD's activities, reports, newsletters, and public consultation platforms, targeting residents and stakeholders in the Sophia Antipolis region. Technically, the site is built on TYPO3 CMS, uses modern JavaScript libraries, and integrates Matomo analytics with privacy-conscious settings. Security posture is good with HTTPS enforced and cookie consent implemented, though some security headers could be improved. The absence of public WHOIS data suggests privacy protection, which is typical and justified for such public institutions. Overall, the website is professional, trustworthy, and compliant with GDPR requirements.

C

Communauté d'Agglomération Sophia Antipolis

casa-entreprises.fr

56

Casa-entreprises.fr is a French regional government-affiliated website operated by the Communauté d'Agglomération Sophia Antipolis. It serves as a comprehensive support platform for entrepreneurs and local businesses, offering tools, training, and information to facilitate business creation, financing, and development within the Sophia Antipolis region. The site is positioned as a key resource for regional economic development and business support services. Technically, the website is built on the TYPO3 CMS platform, leveraging modern JavaScript libraries such as jQuery and Parsley for enhanced user experience and form validation. It employs Matomo Analytics for privacy-conscious visitor tracking and uses Tarteaucitron.js to manage cookie consent in compliance with GDPR. Security-wise, the site enforces HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and public security policies. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website demonstrates a solid digital infrastructure with good content quality and privacy compliance, suitable for its public service mission.

C

Communauté d'Agglomération Sophia Antipolis

casa-energie.fr

53

Casa-energie.fr is the official website of the Communauté d'Agglomération Sophia Antipolis, a regional government entity focused on energy transition and sustainability initiatives. The site provides information and resources related to energy renovation, renewable energy production, sustainable mobility, and energy transition animation targeted at local governments, businesses, social landlords, and citizens within the Sophia Antipolis region. The website is built on TYPO3 CMS and hosted by OVH, leveraging modern web technologies including Matomo analytics and a cookie consent framework compliant with GDPR. The site demonstrates good digital maturity with professional design, clear navigation, and mobile optimization. Security posture is solid with HTTPS enforced and privacy-respecting analytics, though there is room for improvement in implementing security headers and publishing explicit security policies. Overall, the site is trustworthy, well-maintained, and aligned with its public service mission.

C

Communauté d'Agglomération Sophia Antipolis

casa2040.fr

56

CASA2040 is a French governmental initiative managed by the Communauté d'Agglomération Sophia Antipolis, focusing on regional planning, sustainable development, and mobility within the Sophia Antipolis area. The website serves as an informational platform targeting residents, local authorities, and stakeholders involved in territorial development. It provides access to plans, public consultations, and related services, positioning itself as a key regional government resource. Technically, the website is built on TYPO3 CMS, leveraging modern JavaScript libraries such as jQuery and Matomo for analytics, with a strong emphasis on privacy compliance through a detailed cookie consent mechanism. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure suitable for public sector needs. From a security perspective, the site enforces HTTPS and employs privacy-respecting analytics with Do Not Track enabled. However, it lacks visible advanced security headers and explicit incident response or vulnerability disclosure policies, which could be improved to enhance trust and resilience. Overall, the site presents a professional and trustworthy front for a regional government entity, though the absence of WHOIS data and some security policies slightly reduce the trust score. Strategic improvements in security headers and transparency policies are recommended to strengthen its security posture and compliance.

C

Communauté d'Agglomération Sophia Antipolis

lol1625.fr

53

LOL1625 is a regional community service platform managed by the Communauté d'Agglomération Sophia Antipolis, providing information and management for the LOL1625 discount card. The website targets residents and visitors in the Alpes-Maritimes region, offering cultural, leisure, and sports discounts and events. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and uses Matomo for privacy-respecting analytics. The site is well-structured, mobile-optimized, and compliant with GDPR, featuring clear privacy and cookie policies with user consent mechanisms. Security posture is good with HTTPS and some security best practices, though additional headers and incident response documentation could improve it. Overall, the website is trustworthy, professional, and serves its community function effectively.

G

Groupe VYV

groupe-vyv.fr

58

Groupe VYV is the leading mutualist actor in health and social protection in France, offering comprehensive services across insurance, healthcare, and housing sectors. The organization protects over 10 million people and operates a large network of establishments and agencies nationwide. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to employers, intermediaries, and partners. Technically, the site is built on WordPress with modern caching and slider technologies, ensuring moderate performance and good mobile optimization. Security posture is strong with HTTPS and privacy policies in place, though HTTP security headers could be improved. No WHOIS data is available, likely due to privacy protection, but the website's consistency and trust signals support its legitimacy. Overall, Groupe VYV presents a credible and professional online presence aligned with its mission of accessible health for all.

U

Université PSL

psl.eu

60

Université PSL is a prestigious French university composed of multiple member institutions, offering a broad range of graduate programs, research initiatives, and innovation support. The website reflects a well-established educational institution with a strong international presence and a focus on excellence and sustainability. Technically, the site is built on Drupal 10, uses Matomo for analytics, and is hosted under a reputable registrar, OVH SAS. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is good with HTTPS and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

N

Nutrisens

nutrisens.fr

49

Nutrisens is a French agro-food group specializing in nutrition and health, offering products designed by nutrition experts and chefs for patients with malnutrition, dysphagia, specific diets, and food allergies. The company targets both individual patients and healthcare professionals, operating an online shop to distribute its products. The website is built on WordPress with modern SEO and analytics tools, reflecting a medium-sized enterprise with a professional digital presence. Security posture is good with HTTPS and cookie consent implemented, though explicit privacy and terms of service pages are missing. The domain WHOIS data is not found in the VeriSign database, which raises concerns about domain registration transparency. Overall, the website is professional and trustworthy in content but would benefit from improved compliance documentation and clearer domain registration information.

MSV Liberec, s.r.o. is a Czech manufacturing company specializing in elevators and lifting devices, offering comprehensive services including manufacturing, installation, modernization, and maintenance. The company operates primarily in the Czech Republic with branches in Prague, Mladá Boleslav, and Liberec, and exports to international markets such as England. Their website reflects a mature business with over 25 years of experience and thousands of completed projects, targeting businesses and institutions requiring elevator solutions. Technically, the website uses a legacy but functional technology stack including jQuery, jQuery UI, Owl Carousel, and Google reCAPTCHA, hosted on a CMS platform called IPO. The site is mobile optimized and includes a cookie consent mechanism, but lacks visible security headers and up-to-date privacy documentation. Analytics are handled via Matomo, indicating some privacy awareness. Security posture is moderate with some best practices like CAPTCHA and cookie consent, but missing key elements such as security headers and published privacy policies. The absence of WHOIS data reduces domain trustworthiness, though the website content and contact information appear legitimate and professional. Overall, the website is functional and professional but would benefit from enhanced security measures, updated privacy compliance, and domain registration transparency to improve trust and compliance.

J

Judo Pro League

judoproleague.com

40

Judo Pro League is the official professional mixed-gender judo team championship in France, established recently in 2022. The website serves as the primary digital platform for the league, providing schedules, results, team information, news, videos, and statistics to judo enthusiasts and stakeholders. The site targets French sports fans and professional judo communities, positioning itself as the authoritative source for the league's activities. Technically, the website is built on WordPress with a modern tech stack including jQuery, Font Awesome, and various plugins for SEO, video lightbox, surveys, and multilingual support. Hosting is managed via GoDaddy, and the site uses HTTPS with a valid SSL certificate. Cookie consent is implemented using tarteaucitron.io, and analytics are handled through Matomo and Facebook Pixel, indicating moderate user tracking. From a security perspective, the site has a good SSL configuration but lacks DNSSEC and explicit security headers, which are recommended for enhanced protection. No privacy policy or terms of service pages were found, representing compliance gaps especially under GDPR. No incident response or vulnerability disclosure mechanisms are publicly available. The domain registration is transparent and consistent with the website's purpose and age. Overall, the website is professional and trustworthy for its audience but would benefit from improved privacy compliance documentation, enhanced security headers, and DNSSEC implementation to strengthen its security posture and regulatory adherence.

F

Fédération Française de Judo

ffjudo.com

71

The Fédération Française de Judo operates the official website www.ffjudo.com, serving as the national governing body for judo and associated disciplines in France. The site provides comprehensive information on governance, competitions, training, and community engagement, targeting judo practitioners, clubs, and enthusiasts. The federation maintains a strong market position as the authoritative body for judo in France, supported by partnerships with related organizations and a clear focus on sport development and ethical practice. Technically, the website employs a modern technology stack including Matomo for analytics, TikTok and Facebook pixels for marketing, and various JavaScript libraries for UI enhancements. The site is well-optimized for mobile and accessibility, with good SEO practices and structured data for enhanced search engine visibility. Privacy compliance is robust, featuring a consent management platform and clear policies aligned with GDPR. Security posture is solid with HTTPS enforced and no visible vulnerabilities in the content. However, the absence of HTTP security headers and a public security.txt file indicates room for improvement in security best practices. The WHOIS data is notably missing or inaccessible, which is unusual for an official federation site, but the website's professional presentation and external references support its legitimacy. Overall, the site presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing security headers, publishing vulnerability disclosure information, and verifying domain registration details to strengthen trust and compliance.

C

Communauté d'Agglomération Sophia Antipolis

agglo-sophiaantipolis.fr

58

The Communauté d'Agglomération Sophia Antipolis website serves as the official digital presence of a French regional government entity focused on the Sophia Antipolis area. It provides information on regional development, cultural initiatives, environmental management, public transportation, and community services. The site targets residents, businesses, and visitors, positioning itself as a key regional authority and service provider. Technically, the website is built on TYPO3 CMS, leveraging modern JavaScript libraries such as jQuery and Matomo for analytics, alongside Tarteaucitron.js for cookie consent management. The site is multilingual with Google Translate integration, and demonstrates good mobile optimization and accessibility features. Performance is moderate with room for improvement in security headers and hosting transparency. From a security perspective, the site uses HTTPS and implements a robust cookie consent mechanism aligned with GDPR requirements. However, no explicit security headers or incident response policies are published, and WHOIS data is unavailable, likely due to privacy protection. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional and trustworthy government portal with good privacy compliance and user experience. Strategic improvements in security headers, incident response visibility, and WHOIS transparency could enhance trust and resilience.

FENDI is a renowned luxury fashion brand established in 1925, operating under the LVMH group. The website serves as the official online boutique offering a wide range of products including fashion collections for women, men, kids, and home. It targets a global audience with a focus on high-end luxury consumers. The business model centers on e-commerce retail complemented by personalized shopping services and boutique appointments. The site demonstrates strong branding consistency and high-quality content aligned with its market position. Technically, the website leverages a modern e-commerce platform (Demandware/Salesforce Commerce Cloud) with integrations for advanced search (Algolia), personalization (Dynamic Yield), and analytics (Google Tag Manager, Matomo, AWS RUM). The site is mobile-optimized, fast-loading, and accessible, reflecting a mature digital infrastructure. Security posture is robust with HTTPS enforced, multiple security headers, and encrypted payment processing. However, explicit security policies and incident response contacts are not publicly disclosed, representing an area for improvement. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site is trustworthy and professionally managed, though WHOIS data is unavailable likely due to privacy protections. Strategic recommendations include publishing detailed security policies, vulnerability disclosure information, and enhancing transparency on data retention to further strengthen trust and compliance.

K

Křesťanská střední škola, základní škola a mateřská škola Elijáš

elijas.cz

48

The website www.elijas.cz represents a Christian educational institution located in Prague, offering kindergarten, primary, and secondary education along with associated services such as a school canteen and after-school programs. The institution is operated by the České sdružení CASD, a recognized Christian association. The website is well-structured, professionally designed, and targets parents and students seeking faith-based education in the Czech Republic. Technically, the site uses modern web standards with HTML5, CSS3, and JavaScript, and integrates Matomo analytics for user tracking with a cookie consent mechanism, reflecting a moderate level of digital maturity. Security posture is good with HTTPS enforced and no visible vulnerabilities, though additional security headers could enhance protection. The absence of WHOIS data limits domain trust assessment, but the website content and contact information support legitimacy. Overall, the site is a credible digital presence for the educational institution with room for security and compliance improvements.

M

Moravský patriot

moravskypatriot.eu

53

Moravský patriot is a Czech Republic based small e-commerce business specializing in the sale of Moravian patriotic merchandise including flags, books, stickers, badges, clothing, and accessories. The website is built on the eshop-rychle.cz platform and uses legacy jQuery libraries along with Matomo analytics configured to require user consent. The site is accessible without any WAF or blocking mechanisms and presents a well-structured product catalog targeting regional patriotic consumers. However, the website lacks explicit privacy and cookie policies, contact information, and security headers which are important for compliance and trust. The domain WHOIS data is privacy protected as per EURid policy for .eu domains, which is typical and justified for this business type.

J

Jean Lain Mobilités

jeanlain.com

70

Jean Lain Mobilités is a French automotive dealership and mobility services provider offering a wide range of vehicle brands including Volkswagen, Audi, Toyota, and others. The company provides new and used vehicle sales, leasing, after-sales services, electric mobility solutions, and professional fleet services. The website is well-structured and professionally designed, targeting both consumers and business clients seeking automotive and mobility solutions. Technically, the site is built on WordPress with modern frameworks and includes analytics tools such as Matomo and Facebook Pixel. Security posture is good with HTTPS and no visible vulnerabilities, though explicit privacy and cookie policies are not found on the homepage. The domain is a subdomain of jeanlain.com, a known automotive group, with no separate WHOIS registration, which is expected and legitimate. Overall, the site demonstrates a mature digital presence with room for improvement in privacy compliance and security transparency.

C

Communauté de communes Pyrénées-Cerdagne

pyrenees-cerdagne.com

59

Pyrénées Cerdagne Tourisme is the official regional tourism website for the Pyrénées Cerdagne area in France, operated by the Communauté de communes Pyrénées-Cerdagne. The site provides comprehensive information on local attractions, accommodations, activities, events, and practical visitor information, targeting tourists and visitors interested in exploring the region. The business model is government-funded tourism promotion, positioning itself as a key regional authority and information portal. Technically, the website is built on Drupal 7 with AngularJS enhancements, uses Matomo for privacy-conscious analytics, and integrates mapping technologies such as Leaflet and Google Maps API. The site is well-structured, mobile-optimized, and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and uses cookie consent frameworks but lacks visible security headers and formal privacy or terms of service pages, which are recommended for compliance and trust. WHOIS data is missing or unavailable, which slightly impacts trust but is mitigated by the official branding and social media presence. Overall, the site is professional, trustworthy, and serves its tourism promotion purpose effectively.

C

Comité Régional du Tourisme de la Bretagne

tourismebretagne.com

66

Tourisme Bretagne is the official regional tourism authority website for Brittany, France, providing comprehensive information and services to tourists and visitors. The site offers multilingual support, detailed destination guides, accommodation options, and event information, positioning itself as a key resource for vacation planning in the region. The website demonstrates a mature digital presence with modern technologies and a strong focus on user experience and accessibility. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security headers and incident response policies are not evident. The absence of WHOIS registration data is a notable anomaly but does not detract significantly from the site's legitimacy given its official branding and content. Overall, the site is professional, trustworthy, and well-optimized for its target audience.

O

Office de Tourisme de Rochefort Océan

rochefort-ocean.com

68

Office de Tourisme de Rochefort Océan operates as a regional tourism office providing comprehensive information and services related to tourism in the Rochefort Océan area of France. The website offers details on accommodations, events, local attractions, and thermal cures, targeting tourists and visitors interested in this coastal region. The business model focuses on tourism promotion and facilitating bookings and event ticketing, positioning itself as a key regional tourism resource. Technically, the website is built on Drupal CMS with AngularJS and Bootstrap frameworks, integrating modern web technologies such as Google Maps API, Matomo analytics, and Crisp chat for user engagement. The site is mobile-optimized with good navigation and SEO practices, although accessibility features are basic. Performance is moderate, with a professional design and consistent branding. From a security perspective, the site enforces HTTPS and includes several security headers, along with a cookie consent mechanism indicating some privacy compliance. However, the absence of a dedicated privacy policy page and incident response information represents gaps in compliance and security transparency. No vulnerabilities or malicious content were detected, and the site maintains a good security posture overall. The WHOIS data is missing, with the domain appearing unregistered or expired in the registry, which raises concerns about domain legitimacy. Despite this, the website content and presentation suggest a legitimate tourism office. Monitoring domain registration status is recommended to ensure continued trustworthiness. Overall, the site is a well-constructed regional tourism platform with room for improvement in privacy compliance and domain registration transparency.

M

Megève Tourisme

megeve-tourisme.fr

69

Megève Tourisme operates a comprehensive and professionally designed tourism website promoting the alpine resort of Megève in France. The site targets tourists seeking a four-season mountain destination, offering detailed information on accommodations, activities, and visitor services. The business model focuses on tourism promotion and facilitating accommodation bookings through partner sites. Technically, the website is built on WordPress with modern SEO and analytics tools such as Yoast SEO, Matomo, Hotjar, and Google Tag Manager, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and some security monitoring, though additional security headers could enhance protection. Privacy compliance is well addressed with visible cookie and privacy policies and consent mechanisms. However, WHOIS data is unavailable, which slightly impacts trust but is mitigated by the professional site presentation and content quality. Overall, the website is a reliable and authoritative source for tourism information about Megève.

Physicians' Education Resource operates a professional online platform specializing in continuing medical education (CME) and continuing education (CE) for healthcare professionals. The website offers a broad catalog of live events, webcasts, and on-demand educational activities targeting physicians, nurses, optometrists, and pharmacists. The company positions itself as a reputable provider in the healthcare education sector with a focus on delivering accessible and accredited learning experiences. Technically, the website is built using modern web technologies including Ember.js and is hosted on a robust infrastructure leveraging Amazon CloudFront CDN. It integrates multiple analytics and marketing tools such as Google Tag Manager, Matomo, Facebook Pixel, and Segment Analytics, all implemented with user consent mechanisms to comply with privacy regulations. The site demonstrates good mobile optimization and SEO practices, providing a user-friendly experience. From a security perspective, the website enforces HTTPS with strong SSL configuration and includes standard security headers. It employs a cookie consent banner aligned with GDPR requirements. However, there is no publicly available dedicated security policy or incident response information, which could be improved to enhance transparency and trust. The absence of WHOIS domain registration data limits the ability to fully verify domain legitimacy, though the professional presentation and contact information mitigate some concerns. Overall, the website presents a secure, professional, and privacy-conscious platform for healthcare education. Strategic recommendations include publishing a formal security policy, establishing incident response contact channels, and considering a vulnerability disclosure program to further strengthen security posture and stakeholder confidence.

L

LOBSTER BISTRO

lobster-bistro.cz

49

LOBSTER BISTRO is a small hospitality business operating a restaurant in the Czech Republic, offering a harmonious dining experience with creative food and a pleasant atmosphere. The website reflects a local restaurant's digital presence with a focus on user experience and basic analytics integration. The technical infrastructure includes modern analytics tools such as Google Analytics and Matomo, with cookie consent mechanisms implemented to comply with privacy regulations. However, the absence of visible privacy policies, terms of service, and contact information limits the website's compliance and trustworthiness. Security posture is moderate, with no detected security headers and unknown SSL configuration, suggesting room for improvement in hardening the website's defenses. Overall, the website is functional and professionally designed but lacks critical compliance and security documentation, which should be addressed to enhance trust and legal standing.

T

tolk.ai - Generative AI powered Chatbot and Livechat solutions

thechatbotfactory.com

65

tolk.ai is a French technology company specializing in generative AI-powered chatbots and livechat solutions designed to enhance customer relations. Their SaaS platform offers no-code deployment of AI virtual assistants, livechat agents, and analytics tools to improve customer service efficiency and business insights. The company targets businesses seeking advanced conversational AI to automate pre- and post-sales customer interactions. The website demonstrates a professional digital presence with partnerships such as Microsoft France and availability on Azure Marketplace, indicating a credible market position. Technically, the site is built on WordPress with modern plugins and analytics integrations, providing moderate performance and good mobile optimization. Security posture is solid with HTTPS and no exposed sensitive data, though improvements in security headers and explicit policies are recommended. Privacy compliance is partial, lacking visible privacy and cookie policies on the main page. Overall, tolk.ai presents a trustworthy and professional business with room for enhanced transparency and security documentation.

L

LISIO

numanis.net

44

LISIO is a French technology company specializing in digital inclusion and responsible web solutions. Their offerings include SaaS products and consulting services aimed at making websites accessible, inclusive, and environmentally sustainable. The company targets website owners and organizations committed to responsible digital communication. The website is professionally designed, mobile-optimized, and rich in relevant content, demonstrating a strong market position within its niche. Technically, the site leverages modern JavaScript frameworks, Matomo analytics with privacy-conscious configurations, and cookie consent management via Axeptio. Hosting is provided by OVH, a reputable provider. Security posture is solid with HTTPS and privacy-respecting analytics, though the site lacks a published security policy and incident response details. Overall, the website is trustworthy, well-branded, and compliant with GDPR requirements.

M

Megève Tourisme

megeve.com

69

Megève Tourisme operates a comprehensive and professionally designed tourism website promoting the alpine resort of Megève in France. The site targets tourists interested in skiing, outdoor activities, gastronomy, and cultural experiences. It serves as an official or semi-official portal with extensive content, event calendars, and accommodation booking links. The technical infrastructure is based on WordPress with modern plugins and analytics tools, ensuring good SEO, accessibility, and mobile responsiveness. Security posture is strong with HTTPS and security headers, though no explicit security policy or incident response contacts are published. WHOIS data is privacy-protected but the domain is active and well-maintained, supporting legitimacy. Overall, the website is a trustworthy and valuable resource for visitors planning a stay in Megève.

Y

Yoomigo

espacestrail.run

49

Espacestrail.run is a specialized platform dedicated to trail running, offering detailed information on trail running routes across over 40 territories primarily in France and nearby regions. The website serves trail runners and outdoor enthusiasts by providing route maps, event calendars, and mobile app integrations to enhance the trail running experience. The business operates as a niche outdoor sports network with a focus on promoting territories and facilitating trail running activities. Technically, the site uses modern web technologies including Bootstrap, OpenLayers for mapping, FontAwesome icons, and Matomo for analytics, delivering a responsive and user-friendly experience. Security posture is solid with HTTPS, security headers, and no visible vulnerabilities, though privacy compliance could be improved by adding cookie consent and clearer GDPR statements. Overall, the site is professional, trustworthy, and well-positioned in its niche, though it would benefit from enhanced privacy and security policy disclosures.

C

Accueil | Chamonix

chamonix.com

52

The website www.chamonix.com serves as the official tourism portal for the Vallée de Chamonix-Mont-Blanc in France. It provides comprehensive information and services including accommodation booking, activity reservations, restaurant finders, event calendars, and transport details. The site targets tourists and visitors interested in mountain and nature experiences, positioning itself as a key resource for destination marketing in the hospitality sector. Technically, the site is built on Drupal 10 CMS and employs modern JavaScript libraries such as Swiper.js and Litepicker, alongside analytics tools like Matomo, Google Tag Manager, and Hotjar, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforced and consent management implemented, though explicit security headers could be improved. Privacy compliance is moderate with a cookie consent mechanism present but no explicit privacy policy detected in the provided content. The absence of WHOIS registration data is a concern but does not appear to affect the site's legitimacy based on content and external references. Overall, the site is professional, user-friendly, and trustworthy, serving its business purpose effectively.

S

SM3A

riviere-arve.org

48

SM3A is a French public entity focused on managing watercourses and environmental protection for 93 communes across 13 intercommunalities in the Arve watershed. The website presents a professional and well-structured digital presence built on WordPress with Elementor and Yoast SEO, supporting good content quality and user experience. The organization provides key services including flood prevention, aquatic environment management, and maintenance of watercourses and related infrastructure. Social media presence on Facebook, LinkedIn, and YouTube supports community engagement. Technically, the site uses modern plugins and libraries, with moderate performance and good mobile optimization. Security posture is solid with HTTPS and CAPTCHA usage, but lacks some security headers and explicit incident response information. WHOIS data is missing or unavailable, which raises some concerns about domain registration transparency but does not detract from the apparent legitimacy of the organization. Overall, the site is trustworthy, safe, and serves its public service mission effectively.