Security Directory

I

Instituto Nacional de tecnologías educativas y formación del profesorado

intef.es

57

INTEF (Instituto Nacional de Tecnologías Educativas y Formación del Profesorado) is a Spanish government entity under the Ministry of Education and Vocational Training focused on advancing educational methodologies through digital transformation and teacher training. It offers a broad range of digital educational resources, training programs, and initiatives aimed at improving digital competence in schools across Spain. The website serves as a central hub for these resources and initiatives, targeting educators, students, families, and educational institutions nationwide. Technically, the website is built on WordPress with a modern tech stack including jQuery, Bootstrap, and Owl Carousel, enhanced with Google reCAPTCHA and Matomo analytics for security and user behavior insights. The site is well-optimized for SEO and mobile devices, with good accessibility features and professional design. HTTPS is enforced, and basic security best practices are observed, though some security headers could be improved. From a security perspective, the site shows a mature posture with no visible vulnerabilities or exposed sensitive data. Privacy and cookie policies are comprehensive and GDPR compliant. However, explicit incident response contacts and vulnerability disclosure mechanisms are not present, which could be enhanced to improve trust and security readiness. Overall, INTEF presents a trustworthy, professional, and well-maintained digital presence consistent with its role as a national educational institution. Strategic recommendations include enhancing security headers, adding vulnerability disclosure information, and providing clearer contact channels for security incidents to further strengthen its security posture and compliance.

M

mypage.cz

mypage.cz

51

mypage.cz is a Czech language media and news website launched in 2024, focusing on films, series, games, and general lifestyle topics. It provides news articles, reviews, and guides targeting a general audience interested in entertainment and related subjects. The site operates primarily on advertising revenue, leveraging Google Adsense and Matomo analytics for monetization and user insights. The website is professionally designed with consistent branding and good content quality, offering a clear navigation structure and mobile optimization. Technically, it uses standard web technologies including Google Fonts, JavaScript, and CSS, hosted on infrastructure associated with REG-GRANSY and vas-hosting name servers. Security posture is adequate with HTTPS enforced and cookie consent implemented, though some security headers and policies are missing. No critical vulnerabilities or suspicious WHOIS data were found, and the domain registration is consistent with the site's new business age. Overall, the site is safe, compliant with GDPR, and suitable for general audiences.

A

Affilae

affilae.com

69

Affilae is a well-established French technology company founded in 2011, specializing in affiliate marketing software and services. The company provides a SaaS platform that enables advertisers and marketers to create, track, and manage affiliate and influencer partnerships with multiple commission models. Their market position is strong within the affiliate marketing sector, supported by a network of partners and a portfolio of medium to large clients. The website reflects a professional and modern digital presence with multilingual support and comprehensive content including case studies and customer testimonials. Technically, the site is built on WordPress, hosted by OVH sas, and employs modern analytics and marketing tools such as Google Tag Manager, Matomo, and LinkedIn Insight. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although there is room for improvement in publishing explicit security policies and headers. Overall, the website is trustworthy, well-optimized for SEO and mobile, and compliant with GDPR requirements.

F

FOND SIDUS

fondsidus.cz

46

Fond Sidus is a Czech non-profit organization dedicated to supporting children through educational projects, entertainment, and promoting healthy nutrition including fermentation and homemade fermented vegetables. The website presents a well-structured archive of projects spanning many years, indicating a sustained presence in the educational and social sector. The target audience primarily includes children, educational institutions, and individuals interested in healthy lifestyles. Technically, the website uses a proprietary or custom CMS platform (eshop-rychle.cz) and integrates Matomo analytics with user consent, reflecting a moderate level of digital maturity. However, the site lacks comprehensive privacy and cookie policies, and no contact information is explicitly provided, which limits transparency and user trust. Security-wise, HTTPS is enabled but the absence of security headers and WHOIS data opacity are notable weaknesses. Overall, the site is functional and content-rich but would benefit from enhanced privacy compliance and security hardening.

B

BK Olomoucko

live4basketball.cz

58

Live4Basketball.cz is an e-commerce website dedicated to selling basketball-related merchandise for the BK Olomoucko team. The site offers a variety of products including team jerseys, clothing for men, women, and children, accessories, and gift vouchers. It targets basketball fans and supporters primarily in the Czech Republic. The business operates a niche online retail model focused on sports merchandise with a small-scale market presence. Technically, the website is built on the Eshop-rychle.cz platform, utilizing standard web technologies such as HTML5, CSS, JavaScript, and Google Fonts. It integrates Matomo analytics for user tracking and employs HTTPS for secure communications. The site includes cookie consent mechanisms and basic privacy compliance features, though it lacks advanced security headers and explicit incident response policies. From a security perspective, the website demonstrates a moderate security posture with HTTPS enforcement, secure login forms, and CAPTCHA on newsletter subscriptions. However, it could improve by adding security headers and publishing clear security policies. No critical vulnerabilities or malware were detected. The WHOIS data is unavailable, likely due to privacy protection, which is common for small e-commerce sites. Overall, the website is professionally designed with good content quality and user experience. It maintains trust through clear contact information and social media presence. Strategic recommendations include enhancing security headers, publishing incident response contacts, and improving privacy disclosures to strengthen compliance and trust.

M

Ministerio de Educación, Formación Profesional y Deportes - Gobierno de España

aulamentor.es

55

Aula Mentor is a well-established e-learning platform operated by the Spanish Ministry of Education, providing lifelong learning and professional development courses to adult learners. The platform offers a broad catalog of over 240 courses across multiple professional areas, supported by a network of physical learning centers (Aulas Mentor). The website demonstrates a high level of professionalism, consistent branding, and a user-friendly design optimized for accessibility and mobile use. Technically, it is built on WordPress with modern plugins and uses Matomo for privacy-conscious analytics. Security posture is strong with HTTPS enforced and no obvious vulnerabilities, though some security headers could be improved. Privacy compliance is good with a comprehensive privacy policy, though a cookie consent mechanism is absent. Overall, the platform is trustworthy and credible, serving a government educational mission.

C

Communauté de communes de la Vallée de Chamonix Mont-Blanc

cc-valleedechamonixmontblanc.fr

57

The Communauté de communes de la Vallée de Chamonix Mont-Blanc operates as a local government community entity serving the Vallée de Chamonix Mont-Blanc region in France. The website provides official information, services, news, and resources for residents and visitors, positioning itself as an authoritative source for regional administrative and community matters. It maintains active social media channels and offers multilingual support via GTranslate, enhancing accessibility for a broader audience. Technically, the website is built on WordPress with a modern tech stack including Bootstrap and jQuery, supported by Matomo analytics for privacy-conscious user tracking. The site demonstrates good mobile optimization and SEO practices, though accessibility compliance is basic and could be improved. Security measures include HTTPS and cookie consent mechanisms, but lack explicit security headers and dedicated security policy pages. From a security perspective, the site shows a moderate security posture with no visible vulnerabilities or exposed sensitive data. The absence of WHOIS data due to privacy protection is common for public entities but limits transparency. No incident response or vulnerability disclosure information is provided, which could be enhanced to improve trust and readiness. Overall, the website is professional, trustworthy, and well-suited for its public sector role. Strategic recommendations include implementing security headers, publishing security policies, enhancing accessibility, and adding vulnerability disclosure mechanisms to strengthen security and compliance further.

D

Département de la Haute-Savoie

hautesavoie.fr

57

The Département de la Haute-Savoie operates an official government website serving the Haute-Savoie region in France. The site provides comprehensive information about departmental actions, events, employment opportunities, public services, and subsidies. It targets residents and stakeholders within the region, positioning itself as a key public sector information portal. The website is built on a modern WordPress CMS infrastructure, leveraging SEO and caching plugins, and integrates social media channels for broader engagement. Technically, the site is well-optimized for mobile and desktop, with good performance and accessibility standards. Security posture is strong with HTTPS enforcement, CAPTCHA usage, and cookie consent mechanisms, although explicit privacy and security policies are not found in the provided content. Overall, the site demonstrates high professionalism and trustworthiness consistent with a government entity.

M

Mont-Blanc Hockey

montblanchockey.fr

53

Mont-Blanc Hockey is a small, community-focused ice hockey club based in France, founded in 2023. The club targets children and youth interested in ice hockey, offering training, tournaments, membership, and merchandise. The website reflects a well-structured and professionally designed platform that supports the club's activities and community engagement. The use of structured data and social media integration enhances its digital presence. Technically, the site employs a modern tech stack with popular JavaScript libraries and frameworks, hosted under a reputable registrar, and implements HTTPS with privacy-conscious analytics (Matomo). Security posture is solid with no critical vulnerabilities detected, though formal security policies and incident response contacts are absent. Privacy compliance is good, with a cookie consent mechanism and a privacy policy page in French. Overall, the website is trustworthy and suitable for its audience, with room for improvement in formal security documentation and contact transparency.

W

Women's Environment and Development Organization

genderclimatetracker.org

10

The Gender Climate Tracker website is a well-established non-profit platform operated by the Women's Environment and Development Organization. It focuses on tracking gender mandates in climate policy, women's participation in climate diplomacy, and providing country profiles related to gender and climate change. The platform serves policy makers, researchers, activists, and NGOs with data, news, and resources to support gender equality in climate action. The site is professionally designed with consistent branding and clear navigation, including multilingual support and a mobile app for offline access. Technically, the website is built on Drupal CMS with modern JavaScript libraries such as jQuery, Highcharts, and Tableau embedding for data visualization. It uses Matomo and Google Analytics for user tracking while respecting Do Not Track settings. The site is hosted with a reputable registrar and uses HTTPS, but lacks DNSSEC and some security headers, which could be improved. Performance is moderate with good mobile optimization and basic accessibility features. From a security perspective, the site implements a cookie consent mechanism with opt-in consent, but does not provide explicit privacy policies, terms of service, or vulnerability disclosure information. No contact information or incident response channels are visible, which limits transparency. The domain registration is consistent and stable, supporting the legitimacy of the organization. Overall, the security posture is adequate but could benefit from enhanced security headers, published policies, and vulnerability disclosure. The overall risk is low given the non-profit nature and content focus, but strategic improvements in privacy and security documentation would enhance trust and compliance.

H

Hockey Club 74

hc74.fr

10

Hockey Club 74 is a regional alliance of ice hockey clubs based in Haute-Savoie, France, representing teams from Chamonix, Megève, Morzine, and St Gervais. The website serves as a hub for club information, upcoming matches, tournaments, and partner acknowledgments, targeting hockey players, fans, and the local community. The club is positioned as a key regional sports entity with institutional and private partnerships supporting youth development and competitive hockey. Technically, the website is built on a custom sports club platform (Kalisport) leveraging Bootstrap 3, jQuery, and various JavaScript libraries for UI components and event management. It is hosted by OVH and uses HTTPS with a good SSL configuration. The site is mobile responsive and includes SEO and accessibility considerations, though some accessibility features are basic. From a security perspective, the site enforces HTTPS, uses a cookie consent mechanism with high privacy settings, and employs Matomo analytics for privacy-conscious tracking. However, explicit security headers and incident response policies are not evident. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website presents a professional and trustworthy front for the hockey club alliance with good content quality and privacy compliance. Strategic improvements could include adding explicit security policies, terms of service, and enhanced security headers to further strengthen the security posture.

E

Ekino FR

ekino.fr

33

Ekino FR is a well-established digital transformation group headquartered in France with an international footprint including offices in Singapore, Vietnam, Hong Kong, India, and the USA. The company specializes in consulting, customer experience, data and AI, and engineering services, integrating design and innovation to deliver sustainable digital solutions. Their client portfolio includes major brands such as CANAL+, Renault, Orange, and Bolloré, positioning them as a significant player in the technology consulting market. The website reflects a mature digital presence with comprehensive content, strong branding, and clear navigation, targeting businesses seeking digital transformation services. Technically, the website is built on WordPress with modern SEO and privacy tools such as Yoast SEO and Complianz GDPR plugin. Analytics are handled via Matomo, emphasizing privacy compliance. The site is mobile-optimized and accessible, with good performance indicators. However, some security best practices like security headers and a published security policy are missing, which could be improved to enhance trust and compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, with clear cookie consent mechanisms and detailed privacy and cookie policies. The absence of WHOIS data due to privacy protection slightly reduces trust but is common for commercial entities. Certifications such as ISO 27001 and ISO 14001, along with workplace awards, further reinforce the company's credibility. Overall, Ekino FR presents a professional, trustworthy, and privacy-conscious digital presence suitable for its business domain. Strategic improvements in security transparency and incident response communication are recommended to further strengthen their security posture and stakeholder confidence.

C

Company Culture Market s.r.o.

cocuma.sk

57

Cocuma is a Slovakian platform dedicated to showcasing and verifying companies with strong corporate cultures. It provides job seekers and professionals with authentic company profiles, job listings, and a culture-focused magazine. The platform emphasizes transparency and trust by conducting thorough interviews and creating original content rather than relying on PR materials. Technically, the website employs modern web technologies including Google Tag Manager, Matomo analytics, and responsive design frameworks, hosted partly on Amazon S3 for media assets. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and formal policies are absent. Overall, Cocuma presents a professional, trustworthy, and user-friendly experience with moderate tracking for analytics and marketing purposes.

R

Réunion des musées nationaux Grand Palais

rmngp.fr

63

Réunion des musées nationaux Grand Palais (GrandPalaisRmn) is a prominent French cultural institution dedicated to promoting access to culture nationwide. It operates multiple expertises including acquisitions, photographic agency, art workshops, publishing, exhibitions, cultural engineering, mediation, and retail through bookshops and product sales. The organization is closely linked to the French Ministry of Culture, as evidenced by branding and domain information. The website is professionally designed, content-rich, and targets a broad audience including the general public, professionals, and educational institutions. Technically, the website is built on Drupal 10, leveraging modern JavaScript libraries such as Swiper.js and Matomo for analytics, with a cookie consent manager (Tarteaucitron) ensuring GDPR compliance. Hosting is provided by ECRITEL, a reputable provider. The site demonstrates good mobile optimization and accessibility features, though some security headers could be improved. From a security perspective, the site uses HTTPS with good SSL configuration and implements cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of explicit security policies and incident response contacts suggests room for improvement in transparency and readiness. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations. It effectively serves its cultural mission with a strong digital presence. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to further strengthen trust and security posture.

S

Schlotterer GmbH

schlotterer.com

68

Schlotterer GmbH is an Austrian company specializing in manufacturing and supplying exterior sun protection and insect protection products, including roller shutters, venetian blinds, insect screens, and textile sun protection. The company positions itself as the market leader in Austria for exterior sun protection, targeting professional partners such as the specialist trade and window manufacturers, as well as end customers. The website is professionally designed, multilingual, and powered by TYPO3 CMS, indicating a mature digital presence. Technical infrastructure includes modern JavaScript libraries and Matomo analytics for user tracking. Security posture is moderate with HTTPS usage implied but lacks explicit security headers and formal privacy or cookie policies. The absence of WHOIS data limits domain trust assessment, but the website content and branding are consistent and professional. Overall, the site is safe, business-focused, and well-structured, though improvements in privacy compliance and security transparency are recommended.

V

VisitMons

visitmons.be

10

VisitMons is a regional tourism website dedicated to promoting Mons-Borinage, Belgium, offering comprehensive information on local attractions, events, accommodations, dining, and cultural highlights. The site targets tourists and locals seeking to explore the region, providing services such as event agendas, ticket sales, and the Mons Card pass. Technically, the website is built on modern frameworks like Next.js and React, incorporating analytics tools such as Matomo and Facebook Pixel, and employs HTTPS with Google reCAPTCHA for security. However, explicit privacy and cookie policies are not detected, indicating room for improvement in privacy compliance. The security posture is generally good but could benefit from enhanced security headers and clearer incident response information. Overall, the site is professional, content-rich, and trustworthy, with a moderate risk profile primarily due to limited WHOIS transparency and privacy policy absence.

D

DIGITREE CZ s.r.o.

digitree.cz

49

DIGITREE CZ s.r.o. is a Czech Republic-based IT service provider specializing in web development, IT infrastructure management, hosting, and cloud solutions primarily targeting small and medium-sized businesses. The company positions itself as a reliable IT partner helping clients grow through quality and connected IT services. Their website reflects a professional and modern digital presence with clear service offerings and strong customer testimonials, indicating a solid market position in their niche. Technically, the website leverages modern web technologies including the Astro framework, JavaScript analytics tools like Matomo and Facebook Pixel, and integrates a GDPR-compliant consent management platform (Usercentrics). The site is well-optimized for performance and mobile devices, with good SEO and accessibility features. Security best practices are observed with HTTPS, security headers, and secure forms, although explicit security policies and incident response information are not publicly available. From a security and compliance perspective, the site demonstrates a mature posture with GDPR compliance and secure data collection mechanisms. However, the absence of WHOIS data limits domain trust assessment and raises questions about domain registration transparency. No critical vulnerabilities or exposed sensitive data were detected. Overall, the risk profile is low, but improvements in transparency and security documentation are recommended. Strategically, DIGITREE should focus on enhancing their security and compliance disclosures, including publishing a security policy, incident response contacts, and vulnerability disclosure guidelines. This will strengthen trust and align with best practices. Continued investment in technical modernization and customer engagement will support sustained growth and market credibility.

Č

Český svaz ochránců přírody

csop.cz

61

Český svaz ochránců přírody (ČSOP) is a well-established Czech non-governmental non-profit organization dedicated to nature and landscape protection, founded in 1979. The organization engages professionals, amateurs, and volunteers in a wide range of conservation activities, education, and public awareness. The website reflects a mature digital presence with comprehensive content about their programs, projects, and partnerships, targeting environmentally conscious individuals and groups in the Czech Republic. Technically, the site is built on WordPress with modern SEO and analytics tools, hosted on a Czech hosting provider, and demonstrates good mobile optimization and user experience. Security posture is solid with HTTPS, consent management, and no visible vulnerabilities, though some security headers could be improved. Overall, the site is trustworthy, compliant with GDPR, and professionally maintained.

Nadácia Veolia Slovensko is a Slovak non-profit foundation affiliated with the global Veolia group, focusing on community grants and social projects to support local initiatives. The website serves as an information portal for their programs, news, and supported projects, targeting Slovak community members and NGOs. The foundation operates with a medium-sized presence and emphasizes social responsibility within the energy sector. Technically, the website is built on the Vizus CMS platform, uses Matomo for analytics, and implements a cookie consent mechanism that aligns with GDPR requirements. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the website uses HTTPS and basic privacy protections but lacks advanced security headers and explicit incident response policies. No contact emails or phone numbers are directly available on the homepage, which could be improved for better user engagement and trust. Overall, the site is professional, trustworthy, and compliant with privacy regulations, though there is room for enhancement in security and transparency.

O

Ostrava

tvorimeprostor.cz

63

The website tvorimeprostor.cz represents a public grant program managed by the city of Ostrava aimed at supporting projects and community activities in public spaces. The program targets active individuals and non-profit organizations within the Czech Republic, providing financial support to revitalize urban environments. The site is well-branded with consistent use of official logos and social media channels linked to the city, reinforcing its legitimacy and public sector affiliation. The business model is a government-funded initiative focused on community development and urban improvement.

N

Novation

novation.be

48

Novation is a professional web design and development company based in Limburg, Belgium, specializing in Drupal websites, webshops, and web applications tailored for small and medium enterprises (KMO's). With over 15 years of experience, Novation positions itself as a trusted local partner delivering modern, user-friendly digital solutions. The company emphasizes a comprehensive approach from brainstorming to launch, supported by multiple certifications that enhance its credibility. Technically, the website is built on Drupal 10, leveraging modern web technologies including Video.js for multimedia, and integrates analytics and tracking tools such as Matomo, Microsoft Clarity, and Leadinfo. The site demonstrates good mobile optimization, accessibility, and SEO practices, although some security headers are missing. The SSL configuration is excellent, ensuring secure communications. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, the absence of explicit privacy and terms of service pages, as well as security incident response policies, indicates areas for improvement in compliance and transparency. The WHOIS data is restricted, which is typical for .be domains but limits domain trust verification. Overall, Novation presents a professional and trustworthy digital presence with strong business credibility and technical maturity. Strategic enhancements in privacy disclosures and security headers would further strengthen its security posture and compliance standing.

L

Les Gothiques

lesgothiques.com

42

Les Gothiques Amiens is a historic ice hockey club based in Amiens, France, offering fans access to match schedules, official merchandise, and ticketing services. The website is professionally designed using WordPress with Elementor and WooCommerce, integrating SEO best practices and social media channels to engage its audience. Privacy and cookie policies are implemented with GDPR compliance, and user tracking is managed via Matomo analytics, reflecting a privacy-conscious approach. Security posture is strong with HTTPS enforced and secure AJAX implementations, although some security headers could be improved. The absence of WHOIS data suggests the domain may be newly registered or protected, which slightly impacts trust but does not detract from the site's professional presentation. Overall, the site effectively serves its target audience of hockey fans and club supporters.

V

Vanderlande

vanderlande.com

62

Vanderlande is a globally recognized leader in logistics process automation, specializing in warehousing, airports, and parcel sectors. The company offers integrated solutions including innovative systems, intelligent software, and life-cycle services, positioning itself as a market-leading partner for future-proof automation technology. The website reflects a mature digital presence with comprehensive content targeting logistics operators and airport authorities. Technically, the site leverages modern web technologies such as WordPress CMS, jQuery, Bootstrap, and Matomo analytics, ensuring good performance, mobile optimization, and SEO. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though some security policies and incident response details are not publicly disclosed. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional site content and external references. Strategic recommendations include enhancing transparency around security policies, adding vulnerability disclosure mechanisms, and improving security headers to further strengthen trust and compliance.

R

Réunion des musées nationaux Grand Palais

grandpalaisrmn.fr

64

Réunion des musées nationaux Grand Palais (GrandPalaisRmn) is a prominent French cultural operator dedicated to promoting access to culture nationally and internationally. The organization manages multiple cultural sites, including the Grand Palais and Musée du Luxembourg, and offers a wide range of services such as acquisitions, exhibitions, publishing, mediation, and cultural engineering. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content targeting the general public, cultural professionals, and educational institutions. The business model centers on cultural dissemination, education, and retail through physical and online boutiques.

A

Avager s.r.o.

pagio.cz

60

Avager s.r.o. is a Czech-based company specializing in B2B and enterprise e-commerce solutions, focusing on digitalizing business processes and accelerating online commerce. Their proprietary Avager Business Platform offers scalable, secure, and fast e-commerce capabilities tailored for demanding enterprise clients. The company targets manufacturing firms, wholesalers, and various industries including automotive, agriculture, and services. With over 15 years of specialization, Avager holds a strong market position supported by a portfolio of top clients and multilingual platform support. Technically, the website employs modern JavaScript frameworks like Alpine.js, integrates Matomo and Google Tag Manager for analytics, and uses Statamic CMS. The site is well-optimized for mobile and SEO, with a professional and consistent design. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and policies could be improved. Overall, the domain registration aligns with the business claims, indicating legitimacy and trustworthiness.

P

Pražská vydavatelská společnost

casopisyprovas.cz

50

Casopisyprovas.cz is an e-commerce website specializing in the sale and subscription of various magazines primarily targeting Czech and Slovak customers. The business offers a wide range of magazine titles, including Pes přítel člověka, Praktik, Méďa Pusík, and others, with options for purchasing individual issues or subscriptions. The site also provides pre-orders for calendars and emphasizes customer support through multiple contact channels. Technically, the website is built on the Eshop-rychle.cz platform, uses HTTPS, and integrates Matomo analytics for visitor tracking. The site is mobile-optimized and provides cookie consent mechanisms aligned with GDPR requirements. Security posture is generally good with HTTPS and secure forms, though the absence of visible security headers and missing WHOIS data are notable gaps. Overall, the website presents a professional and trustworthy front for magazine retail, but domain registration transparency should be improved to enhance trust.

Steiner & Kovarik is a small family-owned premium chocolate manufacturer based in the Czech Republic, operating since 2005. The company produces high-quality, design-focused chocolate products sold through multiple physical stores in Prague and an online e-shop, with international distribution including prestigious clients such as the Sultan's palace. The website is professionally designed, mobile-optimized, and uses a modern technology stack including jQuery, Google Tag Manager, Facebook Pixel, and Matomo Analytics. Security posture is good with HTTPS and reCAPTCHA implemented, but lacks some security headers and formal privacy and terms policies. The WHOIS data is missing, which raises concerns about domain registration legitimacy despite the professional online presence. Overall, the website is trustworthy and business credible but would benefit from improved transparency and security practices.

Č

Český svaz ochránců přírody

uklidmesvet.cz

51

Ukliďme svět is a well-established non-profit environmental campaign operated by Český svaz ochránců přírody, focusing on organizing community clean-up events across the Czech Republic since 1993. The website serves as a hub for news, event registration, educational content, and volunteer coordination, supported by governmental and municipal bodies. The platform demonstrates a strong market position within the environmental non-profit sector, leveraging partnerships with logistics and local organizations to enhance its outreach and impact. Technically, the site is built on WordPress with modern plugins for SEO, privacy compliance, and user engagement, hosted on a Czech hosting provider. The site is mobile-optimized and provides a good user experience with clear navigation and rich content. Security-wise, the site uses HTTPS and privacy-respecting analytics (Matomo), but lacks some advanced security headers and explicit incident response policies. Privacy compliance is robust with clear cookie consent and privacy policies in Czech language. Overall, the website is trustworthy, professional, and aligned with its mission, with minor technical improvements recommended to enhance security and accessibility.

A

AstraZeneca

astrazeneca.fr

64

AstraZeneca France operates as a regional branch of the global biopharmaceutical company AstraZeneca, focusing on research, development, production, and commercialization of prescription medicines across key therapeutic areas including oncology, cardiovascular, respiratory, vaccines, and rare diseases. The website targets French residents, patients, healthcare professionals, and stakeholders, providing comprehensive information about the company's products, innovation strategies, and corporate social responsibility initiatives. The site is professionally designed with clear navigation and mobile optimization, reflecting a mature digital presence. Technically, the website leverages modern web technologies including Adobe Experience Manager CMS, JavaScript libraries like jQuery, and analytics platforms such as Matomo and Adobe Analytics. Tag management is handled via Tealium, and security is enhanced through Cloudflare services including rate limiting and bot management. The site employs HTTPS with strong SSL configuration and cookie consent mechanisms, demonstrating compliance with GDPR and French data protection regulations. Security posture is robust with no evident vulnerabilities or exposed sensitive data. However, explicit security headers like X-Frame-Options and X-Content-Type-Options should be verified. The absence of WHOIS data is noted but likely due to registry policies rather than malicious intent. Overall, the site maintains high trustworthiness and professionalism. Strategically, AstraZeneca France should continue to monitor third-party scripts for vulnerabilities, enhance transparency around incident response and security policies, and ensure all forms are secured against common web threats. These measures will strengthen compliance and user trust in an increasingly regulated healthcare digital environment.

C

CGT - Commissariat général au Tourisme

tourismewallonie.be

72

Tourisme Wallonie is the official tourism administration for the Wallonia region in Belgium, focusing on sustainable tourism development and economic recognition of the tourism sector. The website serves as a comprehensive portal offering information on accommodations, attractions, guides, agencies, and public services related to tourism. It targets tourism professionals, public entities, and the general public interested in Wallonia tourism. Technically, the site is built on WordPress using Elementor and JetEngine, with modern JavaScript libraries and analytics tools like Matomo and Google Tag Manager. The site is well-structured, mobile-optimized, and implements GDPR-compliant cookie consent via Iubenda. Security posture is good with HTTPS enforced, though security headers could be improved. WHOIS data is restricted, but the domain appears legitimate and consistent with a government entity. Overall, the site is professional, trustworthy, and serves its public sector mission effectively.

A

Attractions et Tourisme asbl

365.be

70

365.be is an official tourism promotion website for the Wallonia and Brussels regions in Belgium, operated by Attractions et Tourisme asbl. It provides comprehensive information on approximately 250 tourist attractions, museums, events, and leisure activities targeting families, tourists, and culture enthusiasts. The site is well-structured with clear navigation, multilingual support, and interactive features such as maps and downloadable guides. Technically, the site uses modern web technologies including React components, Matomo analytics, and polyfills for compatibility, delivering a mobile-optimized and accessible user experience. Security-wise, the site enforces HTTPS and cookie consent mechanisms, though it lacks explicit security policies and incident response contacts. The WHOIS data is restricted by the DNS Belgium registry, but the domain and website content align with legitimate regional tourism promotion. Overall, the site demonstrates a good balance of content quality, technical implementation, and privacy compliance, making it a trustworthy resource for visitors.

S

Service public de Wallonie

wallonie.be

59

The website 'wallonie.be' serves as the official digital portal for the Wallonia regional government in Belgium. It provides comprehensive administrative services, news, events, and institutional information targeted at citizens, businesses, local authorities, and non-profit sectors. The site is well-established, with a domain age dating back to 1996, reflecting its longstanding presence and authority. The business model is centered on public service delivery and information dissemination, positioning it as a key regional government resource. Technically, the site is built on Drupal 10, leveraging modern web technologies and frameworks such as Bootstrap, Matomo Analytics for privacy-respecting user tracking, and CookiesJSR for cookie consent management. The site demonstrates good mobile optimization, accessibility, and SEO practices, ensuring a positive user experience across devices. Performance is moderate, with room for optimization but no critical issues. From a security perspective, the site enforces HTTPS with strong SSL configuration and implements cookie consent mechanisms aligned with GDPR. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a dedicated security policy or incident response contact suggests areas for improvement in transparency and readiness. The WHOIS data confirms domain legitimacy and consistency with the official government entity. Overall, the website exhibits a high level of professionalism, trustworthiness, and compliance with privacy regulations. Strategic recommendations include publishing explicit security policies, establishing incident response contacts, and adopting security.txt for vulnerability disclosures to enhance security posture and stakeholder trust.

B

Brussels-Capital Region

be.brussels

54

The be.brussels website serves as the official portal for the Brussels-Capital Region government, providing comprehensive information on regional administrations, public services, and community resources. It targets residents, businesses, and visitors seeking authoritative regional information. The site is well-positioned as a trusted government resource with a clear focus on accessibility and transparency. Technically, the website leverages modern web technologies including React and Next.js, ensuring fast performance and excellent mobile optimization. The use of Matomo analytics reflects a privacy-conscious approach to user tracking. Accessibility is certified by the AnySurfer label, indicating a strong commitment to inclusive design. From a security perspective, the site employs HTTPS with strong SSL configuration and security headers. It integrates Google reCAPTCHA to protect forms and implements cookie consent mechanisms aligned with GDPR requirements. However, there is no explicit security policy or incident response information publicly available, which could be improved. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy standards. It is suitable for general audiences and contains no adult or questionable content. Strategic recommendations include publishing dedicated security and incident response policies and enhancing transparency around data retention.

R

Red Cross EU Office

redcross.eu

58

The Red Cross EU Office website serves as the digital presence for the EU-level coordination and advocacy office representing the Red Cross National Societies and the IFRC. It provides policy dialogue, programming coordination, and advocacy services aimed at EU stakeholders and humanitarian actors. The website is well-branded, professionally designed, and offers comprehensive content relevant to its mission. The target audience includes EU Red Cross National Societies, humanitarian organizations, and EU policymakers. Technically, the website employs a modern tech stack including Matomo analytics for privacy-conscious tracking, Laravel-based cookie consent mechanisms, and a CMS identified as Typi. The site is mobile-optimized, accessible, and SEO-friendly, with moderate performance. Hosting details are not explicit but the domain registrar is GANDI, a reputable provider. From a security perspective, the site uses HTTPS with no visible security vulnerabilities or exposed sensitive data. Cookie consent is implemented properly, and tracking is minimal. However, the site lacks explicit security headers and does not publish security or incident response policies publicly. No vulnerability disclosure or security.txt file is present. Overall, the website is trustworthy, professional, and compliant with basic privacy standards, though it could improve by adding a privacy policy page and enhancing security headers. The domain registration is consistent with the organization's identity, supporting legitimacy and trustworthiness.

Type@Cooper is an educational program specializing in typeface design, operated under The Cooper Union. It offers postgraduate certificate programs, workshops, and free public lectures led by industry professionals. The website serves as an information hub for prospective students and the typography community, highlighting upcoming events and educational offerings. Technically, the site is hosted by DreamHost and uses Matomo for analytics, reflecting a moderate level of digital maturity with room for improvement in security headers and privacy compliance. The security posture is generally good with HTTPS enabled and no visible vulnerabilities, but lacks advanced security headers and formal privacy policies. Overall, the site is professional, trustworthy, and well-branded, targeting a niche educational market. Strategic recommendations include implementing privacy and cookie policies, enhancing security headers, and publishing incident response information to improve compliance and trust.

T

Thomas Huot-Marchand

thomashuotmarchand.com

55

Thomas Huot-Marchand is a professional typographer and graphic designer with a portfolio showcasing a variety of projects including custom typefaces, visual identities, posters, and exhibitions. The website serves as a portfolio platform targeting design professionals and enthusiasts, emphasizing bespoke typography and graphic design services. The business is small-sized, based in France, and has been active since 2008, consistent with the domain registration data. Technically, the website uses modern JavaScript libraries such as jQuery and Flickity for interactive galleries and Matomo for privacy-focused analytics. The site is hosted by OVH sas, a reputable hosting provider, and uses HTTPS, but lacks DNSSEC and security headers, indicating room for security improvements. Privacy compliance is minimal, with no visible privacy or cookie policies, which could pose compliance risks under GDPR. Contact information is limited to a contact form without direct emails or phone numbers. Overall, the website is professionally designed with good user experience and content relevance but could enhance its security posture and privacy compliance.

C

C4C systems GmbH

c4c-systems.de

53

C4C systems GmbH is a German-based IT consulting and software development company specializing in tailored digital solutions including PHP and Symfony development, database and backend services, CMS and website services, IT infrastructure and hosting, SEO and web analytics, and data protection consulting. Positioned as a trusted expert for enterprises, NGOs, and public institutions, the company emphasizes scalable architectures and sustainable consulting. The website is built on TYPO3 CMS and integrates privacy-friendly analytics (Matomo) and Cookiebot for GDPR-compliant cookie management. Security posture is solid with HTTPS and consent mechanisms, though security headers and explicit incident response policies are absent. Contact information is clearly provided, enhancing business credibility. Overall, the digital maturity is moderate to good with room for security enhancements.

C

C4C creative GmbH

c4c-creative.de

52

C4C creative GmbH is a small, professional full-service creative agency based in Gladbeck, Germany, specializing in brand development, communication, employer branding, content creation, web development, and brand guidelines. The company positions itself as a strategic partner for businesses seeking to build authentic and sustainable brands with tailored digital solutions. Their market position is that of a regional agency integrated within the C4C group, leveraging sister companies for comprehensive communication services. Technically, the website is built on TYPO3 CMS, uses modern JavaScript libraries, and integrates Cookiebot for GDPR-compliant cookie consent. Matomo analytics is employed, indicating a privacy-conscious approach to user tracking. The site is well-structured, mobile-optimized, and professionally designed, providing a positive user experience. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though security headers and incident response policies are not explicitly published. Overall, the website reflects a trustworthy and credible business with solid privacy compliance but could improve transparency on security policies and vulnerability disclosures.

C

C4C consulting GmbH

c4c-consulting.de

52

C4C consulting GmbH is a German-based consulting firm specializing in branding, communication strategies, research, coaching, training, and teaching services. Positioned as a strategic partner for sustainable business success, the company operates under the C4C group umbrella alongside sister companies C4C systems and C4C creative. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content relevant to its target audience of businesses and professionals seeking communication and branding expertise. Technically, the site runs on TYPO3 CMS, employs Matomo for analytics, and integrates Cookiebot for GDPR-compliant cookie consent management. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site reflects a mature digital presence with good trust indicators and business credibility.

B

Bioprojet

bioprojet.com

49

Bioprojet is a French pharmaceutical laboratory specializing in bioscience research, clinical development, and commercialization of medicines. The company emphasizes innovation in therapeutic solutions and maintains a medium-sized operation with an international footprint. The website is professionally designed, mobile-optimized, and rich in relevant content targeting healthcare professionals, patients, and scientific partners. Technically, the site is built on WordPress with modern libraries and privacy-respecting analytics (Matomo). Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security headers could be improved. The absence of WHOIS data for the domain is a concern and warrants verification. Overall, the site presents a credible and trustworthy business presence in the healthcare sector.

L

LFB

groupe-lfb.com

69

LFB is a French biopharmaceutical company specializing in plasma-derived and recombinant protein medicines, serving healthcare professionals globally. The company positions itself as an ethical and responsible actor in healthcare, emphasizing its role in public health and French health sovereignty. The website is professionally designed, mobile-optimized, and rich in relevant content, including multimedia and structured data, reflecting a mature digital presence. Technically, the site uses WordPress with modern libraries such as Swiper.js and Matomo for analytics, and implements GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS and no visible vulnerabilities, though the absence of a published security policy and incident response contacts is noted. WHOIS data is unavailable, which slightly impacts trust but the overall professional presentation supports legitimacy. Strategic recommendations include publishing security and incident response policies and improving WHOIS transparency.

K

key4events

key4events.com

70

Key4events is a French-based company specializing in IT solutions and services for event management, including physical, virtual, and hybrid events. Their flagship software suite, K4FUSION, integrates with third-party applications to streamline event operations, complemented by K4PROD event services and K4ACADEMY training initiatives. The company targets a diverse audience including scientific societies, PCOs, agencies, enterprises, associations, and institutional clients, positioning itself as an experienced player with over 20 years in the market. The website reflects a professional and consistent brand image with good content quality and clear navigation.

N

Nadační fond Veolia

nfveolia.cz

50

Nadační fond Veolia is a corporate foundation affiliated with the Veolia group in the Czech Republic, established in 2003. It supports social and environmental projects nationwide and regionally, promoting volunteerism and community engagement. The website presents a professional and consistent brand image with clear navigation and relevant content tailored to its audience. Technically, the site uses a custom CMS platform with Matomo analytics and includes a cookie consent mechanism, reflecting good privacy compliance. However, the absence of WHOIS data and lack of visible security headers indicate areas for improvement in security posture. Overall, the site is trustworthy and well-maintained but would benefit from enhanced security practices and domain registration transparency.

S

Jobs that will help you level up | StartupJobs.com

startupjobs.com

7

StartupJobs.com is an online job platform specializing in connecting job seekers with startup companies. The website offers job listings tailored to the startup ecosystem, targeting individuals seeking employment opportunities in innovative and emerging companies. The platform positions itself as a niche job board within the technology sector, aiming to facilitate career growth for startup enthusiasts. Technically, the website leverages modern JavaScript frameworks such as Nuxt.js and integrates multiple third-party analytics and advertising tools including Google Tag Manager, Matomo Analytics, LinkedIn Insight Tag, and Broadstreet Ads. The site demonstrates moderate performance and good mobile optimization, with a professional design and clear navigation structure. However, the absence of visible privacy, cookie, and terms of service policies, as well as the lack of contact information, reduces its privacy compliance and business credibility scores. Security posture is weak due to missing security headers and unknown SSL configuration. The WHOIS data is unavailable, indicating either an unregistered domain or privacy protection, which raises concerns about domain legitimacy. Overall, the website is functional and relevant for its target audience but requires improvements in security, privacy compliance, and transparency to enhance trust and credibility.

J

Jedu na dřeň

jedunadren.cz

42

Jedu na dřeň is a Czech non-profit campaign focused on bone marrow donor registration and raising awareness about the importance of saving lives through bone marrow donation. The website presents a well-established regional initiative with over 10 years of activity, supported by local government and sponsors. It targets the general public in the Czech Republic, encouraging them to register as donors and participate in related events. Technically, the site is built on WordPress using the Divi theme, with modern tracking and consent management tools such as Matomo Analytics and Complianz GDPR Cookie Consent. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers could be improved. No critical vulnerabilities or exposed sensitive data were detected. Overall, the domain registration data aligns well with the website's claims, supporting its legitimacy and trustworthiness.

D

Doctena

doctena.blog

53

Doctena operates a multilingual healthcare blog and appointment booking platform primarily serving Luxembourg and neighboring countries. The website provides health advice, news, and practical information for patients, positioning itself as a trusted healthcare service provider. The platform leverages WordPress with advanced SEO and performance plugins, ensuring a professional and responsive user experience. Security posture is solid with HTTPS and privacy-conscious analytics (Matomo), though explicit security headers could be improved. WHOIS data is privacy-protected, common for commercial healthcare services, and no suspicious patterns were detected. Overall, Doctena demonstrates a mature digital presence with consistent branding and compliance with privacy regulations.

D

Doctena

doctena.com

58

Doctena operates as a healthcare-focused online appointment booking and visibility platform targeting doctors and healthcare providers primarily in Luxembourg and surrounding regions. The company offers a comprehensive online agenda tool that enables 24/7 patient appointment booking, integrates with medical software, and provides local customer support. The website demonstrates a mature digital presence with multilingual support, professional branding, and extensive customer testimonials, positioning Doctena as a trusted partner in the healthcare sector with over 12 years of market presence. Technically, the website is built on WordPress using the Avada theme, enhanced with performance optimizations via WP Rocket, and integrates multiple marketing and analytics tools including HubSpot, Google Tag Manager, Matomo, and Facebook Pixel. The site is well-optimized for SEO and mobile responsiveness, with proper security headers and HTTPS enforced, reflecting a strong digital infrastructure. From a security perspective, the site employs best practices such as reCAPTCHA Enterprise for form protection and comprehensive security headers. However, the absence of explicit privacy and cookie policies, lack of visible incident response or vulnerability disclosure information, and missing WHOIS domain registration data introduce some trust and compliance concerns. These gaps suggest areas for improvement in transparency and regulatory adherence. Overall, Doctena presents a professional and trustworthy online platform with robust technical implementation and a clear business focus. Addressing privacy compliance and domain registration transparency would further enhance its security posture and business credibility.

S

Sciencesconf

sciencesconf.org

60

Sciencesconf is a French academic platform dedicated to the management of scientific conferences, workshops, and colloquia. It offers a free, comprehensive toolset for organizers to create event websites, manage communications, organize peer reviews, and track registrations. The platform is well integrated with the HAL open archive, enhancing its utility for the research community. The website is professionally designed, multilingual, and targets academic organizers and researchers primarily in France. Technically, Sciencesconf is built on WordPress with modern SEO and analytics tools like Matomo, ensuring good digital maturity and privacy respect. Security posture is solid with HTTPS and secure forms, though some security headers and incident response details could be improved. Overall, the platform demonstrates high trustworthiness and professionalism, supported by its affiliation with the reputable CCSD and HAL organizations.

T

Type@Cooper

typographics.com

46

Typographics 2025 is an established annual design festival focused on typography, organized by Type@Cooper and hosted at The Cooper Union in New York City. The event includes conferences, workshops, book fairs, and informal talks, targeting design professionals, educators, and enthusiasts. The website presents a professional and well-structured digital presence with clear navigation and rich content. Technically, it uses modern web technologies including HTML5, CSS3, JavaScript, jQuery, and Matomo analytics, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and secure form handling, though improvements are recommended in security headers and privacy compliance. Overall, the site is trustworthy, safe, and credible, supported by reputable sponsors and institutional partners.

The website represents the 109th Annual Meeting of the German Society of Pathology, hosted by the University Hospital Augsburg. It serves as a professional platform for pathology experts, researchers, and clinicians to engage in scientific exchange, abstract submission, and event registration. The site is well-structured, content-rich, and professionally designed, reflecting a mature digital presence for a scientific conference. Technically, it is built on TYPO3 CMS, hosted on AWS infrastructure, and incorporates modern web practices including responsive design and consent-based tracking via Matomo. Security posture is solid with HTTPS and basic security headers, though additional headers and explicit security policies could enhance protection. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy, professional, and aligned with the expectations of its target audience.