High-risk security reports

K

Keep.eu

keep.eu

48

Keep.eu is a specialized platform providing aggregated information on Interreg and IPA-IPA cross-border projects, partners, and programmes. It serves governmental and non-profit organizations involved in cross-border cooperation by consolidating operational and financial data in one accessible location. The website leverages a WordPress CMS with modern JavaScript libraries and integrates Google services such as Maps and Analytics, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and reCAPTCHA implemented, but lacks comprehensive privacy and security policies, which are critical for compliance and trust. Overall, the platform is functional and professionally presented but would benefit from enhanced transparency and security documentation.

R

Running Industry Alliance

runningindustryalliance.com

44

Running Industry Alliance (RIA) is a UK and Ireland focused member-based trade organization dedicated to advancing the running industry through networking, education, and collaboration. The website presents a professional and consistent brand image, targeting businesses and professionals within the running sector. Technically, the site is built on WordPress with the Divi theme, uses modern web fonts, and integrates Google Analytics for visitor tracking. Security posture is generally good with HTTPS enabled and no obvious vulnerabilities, but lacks important security headers and published policies. The absence of WHOIS data for the domain is a notable concern, suggesting either privacy protection or data unavailability, which impacts trustworthiness. Overall, the site is functional and professional but would benefit from enhanced privacy compliance and transparency.

The website apek.ee is currently inaccessible, returning a 503 Service Unavailable error indicating maintenance or capacity issues. Due to this, no business content, metadata, or contact information is available for analysis. The domain is registered since 2016 with Zone Media OÜ, a reputable Estonian registrar, suggesting legitimacy of the domain ownership. The technical infrastructure is basic, running on an Apache server hosted by Zone Media OÜ. Security posture is weak as no security headers or policies are detected, and the site lacks privacy and cookie policies. Overall, the site is not currently functional for end users, which severely limits its business and security effectiveness.

The website estonia.ee is currently inaccessible due to a Cloudflare Turnstile security challenge, which blocks content access and prevents detailed analysis of the site's business, security, and compliance posture. The domain is registered with Zone Media OÜ, an Estonian registrar, since 2010, indicating a legitimate and established presence likely related to the Estonian government. The technical infrastructure leverages Cloudflare services for security and performance, but no direct content or metadata is accessible to evaluate privacy policies, contact information, or business details. Due to the WAF challenge, the overall AI score is low, reflecting the inability to perform a full assessment.

A

Art Media Agency OÜ

elundidoonorlus.ee

41

The website elundidoonorlus.ee serves as an informational platform dedicated to organ, tissue, and cell donation and transplantation in Estonia. It is operated by Art Media Agency OÜ and provides educational content, registration links for organ donors, and related legal and statistical information. The site targets Estonian residents interested in organ donation and transplantation, positioning itself as a niche public health resource. Technically, the site uses legacy JavaScript libraries such as jQuery 1.4.4 and integrates Google Analytics and Facebook Pixel for user tracking. The hosting is provided by Zone Media OÜ, an Estonian registrar, and the domain has been active since 2011, indicating a stable presence. Security-wise, the site uses HTTPS but lacks visible security headers and employs outdated libraries that may pose vulnerabilities. Privacy compliance is weak, with no visible privacy or cookie policies or consent mechanisms, despite the use of tracking technologies. Contact information is not explicitly provided on the main page, limiting direct user engagement. Overall, the site is functional and informative but requires improvements in security and privacy compliance to enhance trust and regulatory adherence.

A

AS Arstikeskus Confido

1220.ee

45

The website 1220.ee serves as the official Estonian health advice line platform, providing telephone and web chat medical consultation services. It targets Estonian residents and callers abroad, offering guidance on medical issues, prescription renewals, and emergency care decisions. The service operates under the auspices of the Estonian Health Insurance Fund (Tervisekassa) and collaborates with healthcare providers and pharmacies. The site is professionally designed with consistent branding and clear navigation, supporting multiple languages (Estonian and Russian). Technical infrastructure includes modern JavaScript libraries, CDN-hosted resources, and integration with Facebook SDK and Google Tag Manager for analytics and marketing purposes. The site uses HTTPS and shows no signs of blocking or WAF interference, indicating good accessibility and security basics. However, it lacks visible privacy and cookie policies, which impacts GDPR compliance and privacy posture. Contact information is limited to phone numbers with no email or physical address disclosed. No forms collecting personal data are present on the main page, reducing immediate data protection concerns. Overall, the site demonstrates a solid business credibility and technical foundation but requires improvements in privacy compliance and security policy transparency.

I

Izglītības pārvalde

tnip.lv

47

The website www.tnip.lv serves as the official online presence of the Education Department (Izglītības pārvalde) of Talsi Municipality in Latvia. It provides educational news, event information, regulatory documents, and contact details primarily targeting local residents, educators, and students. The site is built on WordPress with a range of plugins supporting social media integration, event calendars, and SEO optimization. The content is well-structured and relevant to its audience, though it lacks comprehensive privacy and cookie policies. Technically, the site uses HTTPS with a valid SSL certificate and modern web technologies, but it could improve by implementing security headers and accessibility features. The absence of WHOIS data due to query limits limits the ability to fully verify domain legitimacy, but the domain's ccTLD and content alignment suggest authenticity. Overall, the site demonstrates a good balance of content quality and technical implementation suitable for a small public sector entity.

V

Visit Talsi

visittalsi.com

44

Visit Talsi is a regional tourism information center website dedicated to promoting the Talsi region in Latvia. The site provides comprehensive information about local attractions, events, accommodations, and dining options, targeting tourists and visitors interested in exploring the area. The business operates as a small entity focused on hospitality and regional tourism promotion, with a clear market position as a trusted local information source. The website is multilingual, primarily in Latvian, with options for English, German, Estonian, Lithuanian, and French, enhancing accessibility for international visitors. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, Google Maps API, and Google Fonts. It uses common plugins such as MonsterInsights for Google Analytics tracking. The site is mobile-optimized and accessible, with good SEO practices and clear navigation. Hosting is via name servers cloudns1.hostnet.lv and cloudns2.hostnet.lv, though the exact hosting provider is not explicitly identified. From a security perspective, the site uses HTTPS with a valid SSL configuration and has domain transfer protection enabled. However, DNSSEC is not enabled, and no advanced security headers were detected. There is no visible privacy policy, cookie policy, or terms of service, and no consent mechanism for tracking cookies, which poses compliance risks under GDPR. Incident response and security policies are not published, indicating a low maturity in security governance. Overall, the website is professional, trustworthy, and serves its business purpose well but requires improvements in privacy compliance and security best practices to reduce risk and enhance user trust. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enabling DNSSEC, adding security headers, and publishing incident response contacts.

R

Rebelcreations AG

epeeglobal.org

45

EPEE is a European industry association representing the refrigeration, air conditioning, and heat pump sectors. The organization focuses on policy advocacy, sustainable heating and cooling solutions, and industry representation. The website reflects an established presence with a domain registered since 2000 and hosted by OVH in Germany. Technically, the site is built on WordPress with modern libraries such as Bootstrap and jQuery, providing a good user experience and mobile optimization. However, the site lacks explicit privacy and cookie policies, and no consent mechanisms are detected, which may pose compliance risks. Security posture is moderate with HTTPS enabled but missing security headers and DNSSEC. Overall, the website is professional and credible but would benefit from enhanced privacy compliance and security best practices.

The website healthybuildingsdesigncompetition.com currently returns a 404 error page indicating that the site is not configured or accessible. There is no visible business content, contact information, or policies available. The domain is newly registered in March 2023 and hosted by OVH sas, a reputable registrar and hosting provider. The site uses TYPO3 CMS technology but lacks any active content or configuration. Due to the lack of content and accessibility, the technical maturity and security posture cannot be fully assessed. No security headers or HTTPS information was provided, and no privacy or cookie policies are present. Overall, the site appears to be inactive or under development, resulting in a low trust and credibility score.

A

Andmik

andmik.ee

45

Andmik is a specialized platform focused on providing data visualization and budget tracking services for Estonian municipalities. The website presents detailed geographic and demographic data for various local governments, targeting municipal officials and stakeholders. The platform leverages modern web technologies including Vue.js and Leaflet for interactive maps, supported by Google Analytics and Tag Manager for user tracking. The domain is registered with a reputable Estonian registrar, Zone Media OÜ, and was created in 2021, aligning with the platform's apparent recent launch. Technically, the website employs a modern JavaScript framework and mapping libraries, ensuring a responsive and interactive user experience. However, there is room for improvement in accessibility and SEO optimization. Security-wise, the site lacks visible security headers and does not enable DNSSEC, which could be enhanced to improve overall security posture. Privacy compliance is weak, with no visible privacy or cookie policies, and no consent mechanisms, which is a significant gap given the use of tracking technologies. Overall, the website is functional and professionally designed but requires improvements in privacy compliance, security best practices, and contact transparency to enhance trust and regulatory adherence. Strategic recommendations include implementing comprehensive privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact and incident response information.

E

Euroopa rändevõrgustiku Eesti kontaktpunkt

emn.ee

44

The website www.emn.ee serves as the official Estonian contact point for the European Migration Network, providing comprehensive migration and asylum policy reports, applied research, and urgent information exchange. It targets policymakers, researchers, and migration professionals, positioning itself as a trusted government-related entity with a focus on migration statistics and policy analysis. The site is well-structured, content-rich, and regularly updated with news, events, and publications relevant to migration topics. Technically, the website is built on WordPress with Yoast SEO and integrates Google Analytics and Tag Manager for tracking. It demonstrates good mobile optimization and moderate performance. The use of HTTPS and cookie consent mechanisms reflects a solid privacy posture, although some security headers and explicit incident response information are missing. Security-wise, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks published security policies and vulnerability disclosure mechanisms, which could enhance trust and compliance. No WAF or blocking mechanisms were detected, indicating full accessibility. Overall, the website scores well on content quality, technical implementation, security posture, privacy compliance, and business credibility, making it a reliable and professional resource in its domain. Strategic improvements in security headers, incident response transparency, and accessibility could further strengthen its position.

The analyzed content corresponds to an internal Chrome browser error page (chrome-error://chromewebdata/) which serves as a local offline or error display, including the embedded Chrome Dino game. No external website content, business information, or contact data is present. The page is not a public website but a browser internal resource, thus no typical business or compliance information is available. The technical infrastructure is minimal, relying on Chromium's internal scripts and styles. Security posture is limited to the browser's internal environment with no external SSL or headers applicable. Overall, this page cannot be evaluated as a commercial or organizational website.

The website rtk.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge, which blocks access to actual content. The domain is registered since 2012 by Zone Media OÜ, an Estonian registrar, indicating a legitimate and stable registration. However, no business, contact, or policy information is accessible on the challenged page. The technical infrastructure relies heavily on Cloudflare's security and analytics services, but no further CMS or platform details are available. Due to the blocking, the security posture cannot be fully assessed, but the use of Cloudflare indicates a baseline security measure. Overall, the site cannot be properly evaluated until the WAF challenge is passed.

O

OÜ Tervise Paradiis

veekeskus.eu

44

OÜ Tervise Paradiis operates the largest water center in Estonia, located in Pärnu, offering a wide range of recreational and sports facilities including pools, saunas, bowling, and fitness services. The website is well designed, multilingual, and provides comprehensive information and booking forms for various customer segments such as families, schools, and groups. Technically, the site is built on WordPress with modern plugins and frameworks, and it integrates Google Analytics and Tag Manager for tracking. Security posture is good with HTTPS and secure form handling, though some security headers could be improved and no explicit security policies are published. Privacy compliance is addressed with a privacy policy and cookie consent mechanism. Overall, the domain registration is consistent with the business location and sector, indicating legitimacy and trustworthiness.

E

ENRE OÜ

oakohv.ee

46

ENRE OÜ operates the website oakohv.ee, an Estonian e-commerce platform specializing in the retail and wholesale of coffee products including coffee beans, capsules compatible with Dolce Gusto, Nespresso, and Senseo machines, as well as coffee machines and accessories. The company targets both individual consumers and businesses within Estonia, offering a broad product range with options for bulk purchases and subscription services. The website is professionally designed with clear navigation, product categorization, and detailed product information, supporting a positive user experience.

K

Kääriku Spordikeskus

kaariku.ee

40

Kääriku Spordikeskus is an established Estonian sports training and conference center with a history dating back to 1947. It offers a wide range of services including sports facilities, accommodation, conference hosting, and leisure activities, targeting athletes, sports teams, and event organizers. The website is built on WordPress with modern technologies such as Bootstrap, jQuery, and Three.js, providing a good user experience with multilingual support and accessibility features. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but lacks published privacy and cookie policies, and security headers. Contact information is clearly provided with official registration details, enhancing business credibility. Overall, the site is professional and trustworthy but would benefit from improved privacy compliance and security best practices.

L

Liikumistervise innovatsiooni klaster SportEST

sportest.eu

42

Liikumistervise innovatsiooni klaster SportEST is a small Estonian cluster organization focused on fostering innovation in the field of movement health. The website presents the cluster as a recognized European-level partner with a bronze certification from the European Cluster Excellence program. The business model centers on collaboration among sector organizations and companies to develop innovative solutions in movement health. The website content is primarily in Estonian with language options for English and Russian, targeting regional and international stakeholders in the health innovation sector. Technically, the website is built on WordPress 4.7.29, utilizing common JavaScript libraries such as jQuery and plugins for slideshows and lightboxes. Google Analytics and Google Tag Manager are implemented for user tracking. The site is served over HTTPS, ensuring encrypted communication. However, the WordPress version is outdated, and minor PHP warnings are visible, indicating backend issues that could pose security risks. Accessibility and SEO optimizations are basic but functional, and mobile responsiveness is good. From a security perspective, the site lacks important security headers and does not publicly disclose privacy or cookie policies, which impacts GDPR compliance. No incident response or vulnerability disclosure information is available. The WHOIS data is unavailable due to EURid privacy policies, but the domain appears legitimate based on website content and certifications. Overall, the security posture is moderate but could be improved by addressing backend errors, updating software, and enhancing privacy compliance. The overall risk is moderate with recommendations to improve backend stability, implement security headers, publish privacy and cookie policies, and update the CMS to a supported version. These steps will enhance trust, compliance, and security posture for the cluster and its stakeholders.

J

Jocs dels Petits Estats d'Europa

gsse-andorra2025.com

49

The website gsse-andorra2025.com serves as the official digital platform for the Games of the Small States of Europe (GSSE) event hosted by Andorra in 2025. It provides comprehensive information about the event, including schedules, venues, media resources, and transport details. The site targets athletes, officials, media, and fans interested in this biennial multi-sport event featuring small European states. The business model focuses on event promotion and information dissemination, positioning itself as the authoritative source for GSSE 2025 in Andorra. Technically, the website is built on WordPress with Elementor page builder, leveraging modern web technologies such as jQuery, Swiper, and SEO tools like Rank Math. The site demonstrates good mobile optimization, SEO practices, and moderate performance. It uses HTTPS and includes a cookie consent mechanism, reflecting a mature digital infrastructure suitable for event promotion. From a security perspective, the site enforces HTTPS and employs domain transfer protection. However, it lacks explicit security headers and dedicated security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies aligned with GDPR requirements. Contact information is limited, with no direct emails or phone numbers found on the main pages. Overall, the website presents a low-risk profile with a professional appearance and solid privacy compliance. Strategic recommendations include enhancing security headers, publishing explicit security policies, and providing clearer contact channels to improve trust and incident response readiness.

The website www.easywl.com hosts content related to the EWF CHISINAU 2025 weightlifting championship, providing event schedules, results, protocols, and live scoreboard embeds. The site targets weightlifting athletes, officials, and fans, serving as an informational portal for the event. The business model is focused on event information dissemination with no evident commercial transactions or user data collection. Technically, the site is basic, built with standard HTML and CSS, embedding YouTube videos for live content. There is no detected CMS or advanced frameworks, and the site lacks modern SEO and accessibility features. Security posture is minimal with no visible security headers or HTTPS confirmation in the data provided. The absence of privacy, cookie policies, and contact information indicates low compliance with data protection regulations. WHOIS data is missing, raising concerns about domain legitimacy and trustworthiness. Overall, the site functions as a niche event information platform but lacks professional security and compliance maturity.

U

Uma Mekk

umamekk.ee

44

Uma Mekk is a regional food brand based in Estonia, specifically targeting the Vana-Võromaa area. The website serves as a platform for local food and beverage producers to obtain branding and certification under the Uma Mekk trademark. The business model focuses on promoting local food products and supporting regional producers. The website is built on WordPress using the Divi Builder and Bootstrap framework, indicating a modern and maintainable technical infrastructure. SEO is enhanced with Yoast SEO and structured data, improving search visibility. The site is mobile optimized and includes cookie consent mechanisms, reflecting awareness of privacy regulations. Security posture is solid with HTTPS and security headers implemented, though explicit privacy and security policies are absent. Tracking via Google Analytics and Facebook Pixel is present, indicating moderate user data collection. Overall, Uma Mekk presents a credible and professional online presence for a small regional food brand.

S

SIIDRIKODA OÜ

kodas.ee

38

SIIDRIKODA OÜ operates the Kodas brand, a craft cider producer and hospitality business based in Estonia. The company offers a range of award-winning sustainable ciders, a restaurant, factory tours, accommodation in unique iglu houses, and event tickets. The website is professionally designed using WordPress and WooCommerce, supporting e-commerce and booking functionalities. The digital infrastructure includes modern marketing and analytics tools such as Google Analytics, Microsoft Clarity, Facebook Pixel, and Klaviyo, indicating a mature digital marketing approach. Security posture is good with HTTPS enabled and privacy compliance evident through comprehensive privacy and cookie policies. No critical vulnerabilities or blocking mechanisms were detected, and WHOIS data supports the legitimacy of the domain and business. Overall, the website presents a trustworthy and professional online presence for a small hospitality and retail business.

M

Murimäe veinikelder

murimaevein.ee

43

Murimäe veinikelder is a small Estonian hospitality business operating the world's northernmost terraced vineyard. The company offers a combination of e-commerce wine sales, wine tastings, accommodation, and event hosting, targeting wine enthusiasts and tourists. The website is built on WordPress with WooCommerce and Elementor, reflecting a moderate level of digital maturity with good SEO and mobile optimization. Security posture is adequate with HTTPS and nonce usage, but lacks advanced security headers and explicit privacy and cookie policies, indicating room for compliance improvement. Overall, the business presents a professional online presence with clear offerings but should enhance privacy compliance and security transparency to strengthen trust and regulatory adherence.

T

Toidutänavad

toidutanavad.ee

40

Toidutänavad is an event organization business hosting Estonia's largest street food festival, established in 2020. The website serves as a promotional platform targeting families and street food enthusiasts in Estonia, offering information about the festival and related events. The site is built on WordPress with modern SEO and multilingual support, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and formal privacy or cookie policies, which are critical for GDPR compliance. Contact and incident response information are not present, limiting user trust and compliance transparency. Overall, the website is functional and professional but requires improvements in privacy, security policies, and contact transparency to enhance trust and compliance.

L

Luke Mõis

lukemois.ee

41

Luke Mõis is a hospitality business based in Estonia, operating a website that serves as a digital presence for their venue and services. The website is built on WordPress using the Divi theme and integrates WooCommerce for e-commerce functionality. It targets local and regional customers interested in hospitality, events, and accommodation services. The site demonstrates a moderate level of digital maturity with standard tracking tools such as Google Analytics and Facebook Pixel implemented alongside cookie consent mechanisms. Security posture is generally good with HTTPS enforced and no obvious vulnerabilities detected, though the absence of security headers and explicit privacy policies indicates room for improvement. Overall, the website is functional and professional but lacks some compliance and security best practices, which should be addressed to enhance trust and regulatory adherence.

M

MTÜ Hiiukala

hiiukala.org

46

MTÜ Hiiukala is a small Estonian non-profit organization dedicated to supporting the sustainable development of the Hiiumaa fishing region and representing the interests of local professional fishermen. Founded in 2008, it has a solid history of managing European fisheries fund projects and engaging the local community. The website reflects a well-structured WordPress platform with good design and navigation, optimized for mobile devices and SEO. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. Security posture is adequate with HTTPS enabled and domain registration consistent with the organization's identity, but could be improved by enabling DNSSEC and adding security headers. Contact information is clearly provided, and the organization maintains an active Facebook presence. Overall, the site is trustworthy and professional but would benefit from enhanced privacy and security disclosures.

A

Anija Mõis

anijamois.ee

42

Anija Mõis is a historic manor and cultural site located in Northern Estonia, offering a wide range of services including a permanent exhibition, visitor programs, event hosting such as weddings and seminars, workshops, a manor café, and a gift shop. The website reflects a well-established cultural tourism business targeting families, tourists, and event organizers. The site is built on WordPress using the Avada theme and Fusion Builder, integrating modern plugins like Slider Revolution and Contact Form 7 with Google Analytics and reCAPTCHA for security and analytics. Security posture is good with HTTPS and reCAPTCHA, though some security headers are missing and no privacy policy page was found, indicating room for compliance improvement. Overall, the website is professional, content-rich, and trustworthy, with clear contact information and active social media presence.

T

Tartu County Tourism Foundation

visitnarva.ee

47

Visit Narva is the official tourism website for Narva city and its surrounding county in Estonia, managed by the Tartu County Tourism Foundation. The site provides comprehensive and up-to-date information on local attractions, events, conferences, and travel logistics, targeting tourists, event organizers, and local businesses. It serves as a key regional portal promoting Narva as a travel destination with multilingual support and rich multimedia content including virtual tours and social media integration. Technically, the website is built on Drupal 7 with a moderate performance profile and good mobile and accessibility features. Security posture is adequate with HTTPS and basic security headers, though there is room for improvement in advanced security practices and incident response readiness. Privacy compliance is basic with a cookie consent mechanism and privacy policy present, but lacks detailed GDPR-specific disclosures or a data protection officer contact. Overall, the website is professional, trustworthy, and well-aligned with its business purpose, with a domain registration consistent with its Estonian location and tourism focus.

M

MTÜ Sibulatee

sibulatee.ee

44

Sibulatee is a non-profit organization dedicated to promoting the cultural and tourism assets of the Peipsimaa region in Estonia. The website serves as a comprehensive portal for events, local businesses, cultural heritage, and educational opportunities, targeting tourists and local communities interested in authentic regional experiences. The platform leverages WordPress and WooCommerce to provide event listings, e-commerce for local products, and seminar information, supported by active social media engagement and newsletter subscriptions. Technically, the site uses modern JavaScript libraries and tracking tools such as Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital infrastructure. Security posture is adequate with HTTPS enforced and cookie consent implemented, though improvements in security headers and policies are recommended. Privacy compliance is addressed with a clear privacy policy and cookie banner, aligning with GDPR requirements. Overall, the site is professionally designed, user-friendly, and trustworthy, with clear contact information and consistent branding. No critical vulnerabilities or blocking mechanisms were detected, supporting a positive risk profile.

K

kalateave.ee

kalateave.ee

42

The website kalateave.ee serves as the Fisheries Information Centre for Estonia, focusing on enhancing knowledge and sustainability in fisheries, aquaculture, and aquatic resource utilization. It targets industry professionals, non-profits, research institutions, and the general public interested in fisheries. The site offers informational content, research publications, educational materials, and event announcements, positioning itself as a central knowledge hub in the Estonian fisheries sector. Technically, the site is built on Joomla CMS with modern web technologies including jQuery, Bootstrap, and FontAwesome, and integrates Google Analytics for visitor tracking. The site is mobile-optimized and has good SEO practices but lacks some accessibility features and security headers. Security posture is solid with HTTPS enforced and CSRF protections, but there is room for improvement in privacy compliance and explicit security policies. Overall, the site is professional and trustworthy but should enhance privacy transparency and security headers to align with best practices.

Z

Zone Media OÜ

xn--puhvetitepiv-pcb.ee

43

The website 'PUHVETITE PÄIV RÕNGUST RANNUNI' serves as the official online presence for a regional Estonian food and cultural event organized by Zone Media OÜ. It provides visitors with event details, galleries, maps, and multimedia content to promote local buffets and experiences in the Rõngu and Rannu areas. The site targets local visitors and tourists interested in Estonian culinary culture. Technically, the site is built on WordPress with a modern theme and several plugins supporting multilingual content, social media integration, and cookie consent management. The infrastructure is hosted likely by Zone Media OÜ, with proper HTTPS and moderate performance. Security posture is adequate with SSL and cookie consent but lacks advanced security headers and explicit incident response or vulnerability disclosure mechanisms. Privacy compliance is partial, with a cookie policy and consent mechanism but no visible privacy policy or terms of service. Overall, the site is professional and trustworthy for its niche but could improve in privacy and security transparency.

V

Visit Otepää

visitotepaa.com

44

Visit Otepää is a regional tourism promotion website dedicated to showcasing the attractions, events, accommodation, and culinary experiences of Otepää, Estonia's winter capital. The site targets tourists and visitors interested in exploring the natural beauty and cultural offerings of the region. It provides comprehensive information and interactive features such as maps, event listings, and a newsletter subscription to engage its audience. Technically, the website is built on WordPress with modern front-end technologies including Bootstrap and JavaScript libraries, and integrates Google Maps for location services. SEO is enhanced through Rank Math plugin and structured data markup is implemented for better search engine understanding. Security-wise, the site uses HTTPS with a valid SSL certificate and employs Google reCAPTCHA on its contact form to mitigate spam. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. Overall, the website is professional, user-friendly, and trustworthy, but could improve its privacy compliance and security headers to enhance its security posture.

T

Tartu Welcome Centre

tartuwelcomecentre.ee

40

Tartu Welcome Centre is a local newcomer information and support center based in Tartu, Estonia, founded in 2019. It provides free consultations, registry services, cultural and networking events, and useful information to international newcomers and their families in Tartu and South-Estonia. The organization positions itself as a community-oriented non-profit entity aiming to facilitate smooth integration and settlement for newcomers. The website is built on WordPress with modern SEO and analytics tools, hosted by Zone Media OÜ. The site is well designed, mobile optimized, and offers clear navigation and professional content. However, it lacks formal privacy and cookie policies, which impacts compliance and user trust. Security posture is adequate with HTTPS enabled but could be improved by adding security headers and vulnerability disclosure mechanisms. Overall, the website is trustworthy and functional, serving its target audience effectively.

V

V360 agency

v360.ee

43

V360 Agency OÜ is a small Estonian digital agency specializing in web development, e-commerce solutions, branding, and full digital marketing services. The company positions itself as a smart solution for digital success, targeting businesses seeking to elevate their online presence through comprehensive marketing and branding strategies. Their website showcases a professional design with clear navigation, client testimonials, and a portfolio of projects, indicating a trusted market presence. Technically, the site is built on WordPress with modern JavaScript libraries such as Swiper.js and Tippy.js, and integrates Google Tag Manager and reCAPTCHA for tracking and security. The hosting and domain registration are managed by Zone Media OÜ, a reputable Estonian registrar and hosting provider. Security posture is adequate with HTTPS and reCAPTCHA implemented, but lacks advanced security headers and DNSSEC. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Overall, the website is professional and credible, though improvements in privacy and security policies are recommended.

V

Võrumaa Arenguagentuur SA

vorumaa.ee

39

Võrumaa Arenguagentuur SA operates the website vorumaa.ee as a regional development center serving Southeast Estonia. The organization provides information, consulting, and training services primarily targeting local businesses, non-profits, and municipalities. The website reflects a government or non-profit entity with a clear regional focus and a mission to support economic and community development. The site is built on WordPress using the Divi theme and incorporates modern SEO practices via Yoast SEO. It uses Google Analytics and Tag Manager for analytics and includes a cookie consent mechanism, indicating some attention to privacy compliance. Security measures include HTTPS and Google reCAPTCHA, but explicit security policies and incident response information are absent. Overall, the website is professionally designed with good content relevance and moderate trustworthiness, though it lacks some compliance documentation such as privacy and terms of service pages.

Valgamaa Arenguagentuur is a regional development agency based in Estonia, focused on fostering cooperation among local development organizations and providing professional support services to businesses, non-profits, and local governments. The agency aims to enhance the economic and living environment of Valgamaa county, positioning itself as a key facilitator in regional development with a focus on entrepreneurship, education, and community welfare. The website reflects this mission with clear service offerings and active engagement channels. Technically, the website employs modern frontend technologies including Tailwind CSS, Swiper.js, and Plyr.js, managed through the Greativ CMS platform. It integrates analytics and social media tools such as Google Analytics and Facebook SDK, indicating a moderate level of digital maturity. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks important security headers and does not provide visible privacy or cookie policies, which are critical for GDPR compliance. There is no incident response or vulnerability disclosure information, which could be improved to enhance trust and security posture. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices to reduce risk and improve user trust.

T

Tartu Ärinõuandla

arinouandla.ee

41

Tartu Ärinõuandla is a non-profit organization based in Estonia, providing expert consultancy and support services to entrepreneurs, NGOs, youth labs, and investors. The organization is recognized within its network as a leading entrepreneurship developer since 2014. The website serves as a portal for information, events, and service registration, targeting local and regional business communities. Technically, the site is built on WordPress, leveraging common marketing and analytics tools such as Google Analytics, Facebook Pixel, and Sendinblue for newsletter management. Security measures include HTTPS enforcement and reCAPTCHA on forms, though some security headers are missing. Privacy compliance is addressed with a cookie consent banner and a privacy policy page, though terms of service and security policies are absent. Overall, the site is professional, trustworthy, and well-aligned with its business purpose.

S

SA Jõgevamaa Arendus- ja Ettevõtluskeskus

jaek.ee

45

SA Jõgevamaa Arendus- ja Ettevõtluskeskus (JAEK) is a regional development and entrepreneurship support organization based in Jõgeva County, Estonia. Founded in 2010, it provides a broad range of services including entrepreneurship training, community programs, cultural and tourism promotion, and health and safety initiatives. The website serves as an information hub for local businesses, citizens, and institutions, offering news, project details, and contact information. The organization positions itself as a key regional player in supporting economic and social development.

S

SA Saare Arenduskeskus

sasak.ee

40

SA Saare Arenduskeskus is a regional development foundation based in Estonia, focused on supporting local municipalities, entrepreneurs, and civic organizations in Saare County. The organization provides professional consulting, project management, and training services aimed at fostering regional growth and community development. The website reflects a small-sized, government/non-profit entity with a clear regional focus and a business model centered on service provision rather than commercial sales. Technically, the website is built on the concrete5 CMS platform and utilizes modern web technologies including Bootstrap, jQuery, FontAwesome, and AOS for animations. It integrates Google Analytics and Facebook SDK for tracking and social media functionalities. The site is mobile-optimized and demonstrates good design and navigation clarity, though accessibility features are basic. Hosting appears to be managed by Zone Media OÜ, an Estonian registrar and hosting provider. From a security perspective, the site enforces HTTPS and includes minimal security headers such as X-Content-Type-Options. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of comprehensive security headers and lack of published security or incident response policies indicate room for improvement. Privacy compliance is weak due to the absence of privacy and cookie policies and no visible consent mechanisms, which could pose regulatory risks under GDPR. Overall, the website is functional, professional, and trustworthy with moderate digital maturity. Strategic recommendations include implementing privacy and cookie policies with consent mechanisms, enhancing security headers, and publishing incident response contacts to improve compliance and security posture.

Sihtasutus RAEK is a regional development foundation based in Rapla County, Estonia, focused on supporting balanced regional growth by providing professional development services to private, public, and third sector organizations. The website clearly targets entrepreneurs, citizen associations, youth, and local governments with a variety of support services including training, mentoring, and consulting. The organization is well-established with a domain age since 2010 and is part of a national network of county development centers. The website is built on a modern WordPress platform with common web technologies and SEO optimizations, providing a good user experience and mobile responsiveness. Security posture is solid with HTTPS and no visible vulnerabilities, though it lacks advanced security headers and formal incident response or vulnerability disclosure information. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site presents a professional and trustworthy image consistent with a government/non-profit entity.

S

Sihtasutus Läänemaa

laanemaa.ee

44

Sihtasutus Läänemaa operates as a regional non-profit organization dedicated to supporting and promoting the Läänemaa county in Estonia. The website serves as an information hub for residents, local businesses, non-profit organizations, educational institutions, and tourists. Key services include entrepreneurship support, coordination of education, tourism development, and event aggregation. The organization positions itself as a trusted regional authority fostering sustainable development and cultural engagement. Technically, the website is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable infrastructure. The site is mobile-optimized and includes SEO best practices, although accessibility features are basic. Security posture is solid with HTTPS enforced and no visible vulnerabilities, but could be improved by adding security headers and explicit incident response policies. Privacy compliance is partially met with a privacy and cookie policy present, but lacks a cookie consent mechanism. Overall, the website is professional, trustworthy, and well-aligned with its business objectives.

P

Pärnumaa Arenduskeskus

parnukobar.ee

42

Pärnumaa Arenduskeskus is a regional development foundation established by local governments in Pärnumaa, Estonia. It focuses on balanced regional development, entrepreneurship support, youth entrepreneurship education, civil society development, public health, internal security, and international cooperation. The organization offers a variety of services including consulting for startups and existing businesses, training programs, and coordination of regional strategies and projects. The website reflects a professional and consistent brand presence with a clear focus on community and business support within the Pärnumaa region. Technically, the website is built on WordPress with Elementor and uses modern plugins such as Yoast SEO and PixelYourSite for analytics and marketing. Cookie consent is managed via CookieYes, indicating attention to privacy compliance. The site is mobile optimized and accessible, with good SEO practices implemented. However, explicit privacy policy and terms of service pages are not found, which is a compliance gap. From a security perspective, the site uses HTTPS with a good SSL configuration. No critical vulnerabilities or exposed sensitive data were detected. However, security headers are not present, and there is no visible security policy or incident response information, which could be improved to enhance trust and security posture. Overall, the website is trustworthy and professional, serving as an effective platform for the foundation's mission. Strategic recommendations include publishing explicit privacy and security policies, adding security headers, and providing clear contact information for incident response to strengthen compliance and security readiness.

H

Hiiumaa Arenduskeskus

hiiumaaarenduskeskus.ee

41

Hiiumaa Arenduskeskus is a regional development center based in Hiiumaa, Estonia, focused on supporting local entrepreneurs, NGOs, tourism clusters, and community initiatives. The organization provides consulting, training, event hosting, and facilities such as remote offices and seminar rooms. Their market position is that of a key regional coordinator and promoter of economic and social development in Hiiumaa. The website reflects a small-sized, government or non-profit entity founded recently in 2022, with a clear focus on local community and business support services. Technically, the website is built on WordPress with a modern plugin ecosystem including WooCommerce, Yoast SEO, and booking/event management tools. It uses HTTPS with good SSL configuration and integrates analytics tools like Google Analytics and Microsoft Clarity. The site is mobile optimized and SEO friendly, though accessibility features are basic. Performance is moderate, with room for improvement in security headers and accessibility. From a security perspective, the site uses HTTPS and reCAPTCHA for form protection but lacks explicit security policies, incident response contacts, or vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present and GDPR compliant, supporting user consent mechanisms. Overall, the website is professional, trustworthy, and well-aligned with the organization's mission. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and improving accessibility compliance to strengthen trust and resilience.

E

ET Infokeskuse AS

ehituskeskus.ee

38

ET Infokeskuse AS operates the website ehituskeskus.ee, providing construction-related information, seminars, and publications primarily targeted at construction professionals and real estate stakeholders in Estonia. The company has an established presence since 2010 and offers a mix of digital and physical products including training seminars, construction guidelines, and a digital kartoteek service. The website is multilingual, supporting Estonian, English, Finnish, and Russian languages, enhancing accessibility for a broader regional audience. Technically, the website is built on WordPress with WooCommerce for e-commerce functionality, leveraging modern web technologies such as Bootstrap, jQuery, and Owl Carousel. The site is hosted behind Cloudflare DNS and CDN services, ensuring reliable performance and security. SEO is well implemented with Yoast SEO plugin, and the site shows good mobile optimization and user experience. From a security perspective, the site enforces HTTPS and uses common security practices, though explicit security headers like Content-Security-Policy are not detected. No critical vulnerabilities or exposed sensitive data were found. However, the site lacks a cookie consent mechanism and does not provide explicit incident response or vulnerability disclosure information, which are areas for improvement. Overall, ehituskeskus.ee presents a professional and trustworthy digital presence for ET Infokeskuse AS, with solid business credibility and technical implementation. Strategic enhancements in privacy compliance and security transparency would further strengthen its posture and user trust.

Airwave OÜ is a well-established Estonian company specializing in the import and wholesale of heating, ventilation, and air conditioning (HVAC) equipment, serving primarily the Baltic region and Finland since 1999. The company positions itself as one of the largest HVAC importers and wholesalers in the Baltics, offering a broad range of products including heat pumps, ventilation systems, and climate control devices. Their business model focuses on wholesale distribution supported by professional sales and after-sales services, catering to both commercial and residential customers. Technically, the website is built on the Odoo CMS platform, leveraging modern web technologies such as Bootstrap and FontAwesome for UI components. The site demonstrates good mobile optimization and SEO practices, with a clear navigation structure and professional design. Performance is moderate, and accessibility is basic but functional. The absence of advanced analytics or tracking scripts suggests a minimal user tracking approach. From a security perspective, the website enforces HTTPS with a valid SSL configuration and includes CSRF tokens in its scripts, indicating awareness of basic web security practices. However, it lacks several security headers and does not publicly disclose security policies or incident response procedures. There is no visible cookie consent mechanism, which may impact GDPR compliance. The presence of a privacy policy and terms of service pages indicates some level of compliance and transparency. Overall, Airwave OÜ's website reflects a credible and professional business with a solid market presence in the HVAC sector. Security posture is adequate but could be improved with enhanced headers, explicit policies, and cookie consent. The site is trustworthy with consistent WHOIS data and clear contact information. Strategic improvements in privacy compliance and security transparency would further strengthen their digital maturity and customer trust.

E

EB THERM OÜ

ebtherm.ee

43

EB THERM OÜ is an established Estonian company founded in 1993 specializing in ventilation, heating, and climate control equipment sales, installation, maintenance, and consulting. The company targets residential and commercial customers seeking efficient and environmentally sustainable indoor climate solutions. Their website reflects a consistent brand presence with partner affiliations to Dantherm and Cotes, indicating a solid market position in the energy sector. Technically, the website is built on Drupal 7 with jQuery and integrates Google Analytics and Tag Manager for user tracking. The site is mobile-optimized and provides clear navigation and relevant content, though it lacks formal privacy and cookie policies. Security posture is moderate with HTTPS enabled and IP anonymization in analytics, but missing security headers and incident response information reduce overall security maturity. No blocking or WAF mechanisms were detected, allowing full content access and analysis.

S

S.F.P. Group OÜ

sfp.ee

46

S.F.P. Group OÜ is an Estonian company specializing in the sale and consulting of ventilation, heating, and cooling equipment for industrial, residential, and apartment buildings. The company collaborates with leading manufacturers to provide energy-efficient and technologically advanced HVAC solutions. Their website reflects a professional presence with a focus on local market needs and showcases references to notable projects. Technically, the website is built on WordPress using modern tools like Elementor and Astra theme, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent mechanisms, though lacking some advanced security headers and explicit privacy policies. Overall, the domain registration data supports the legitimacy and maturity of the business.