High-risk security reports

L

LCC PRODUKT OÜ

lccprodukt.ee

41

LCC PRODUKT OÜ is an Estonian company specializing in energy-efficient and modern ventilation solutions, including calculation, analysis, and distribution of ventilation equipment. Founded in 2012, the company positions itself as a professional partner to architects, designers, builders, and developers in Estonia, offering innovative European ventilation products and high-tech energy solutions. The website is built on WordPress with WooCommerce, featuring a modern and responsive design, integrated project search functionality, and active social media presence. Security posture is solid with HTTPS enabled and no exposed sensitive data, though it lacks some advanced security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site reflects a trustworthy and professional business with room for improvement in security and privacy transparency.

The website rara.ee is currently inaccessible due to a Cloudflare Turnstile security challenge page, which blocks direct access to the site's content. This prevents extraction of business, contact, or policy information. The domain is registered with a legitimate Estonian registrar, Zone Media OÜ, and was created in 2021, indicating a relatively new but legitimate domain. The technical infrastructure relies heavily on Cloudflare services for security and performance. Due to the blocking, no privacy, cookie, or terms of service policies are visible, and no contact information or business details can be confirmed. The overall website quality and content presence cannot be assessed beyond the challenge page.

The website riigiplaneering.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge, which blocks access to the actual site content. As a result, no business, contact, or policy information is available for analysis. The domain is registered with Zone Media OÜ, an Estonian registrar, and was created recently in April 2023. The site uses Cloudflare services for security and analytics, but no further technical or content details can be extracted due to the access restriction. This limits the ability to assess the website's business model, technical infrastructure, or security posture comprehensively. The lack of visible privacy or cookie policies and contact information further limits compliance and trust evaluations.

T

Tallinna Vesi

tallinnavesi.ee

42

Tallinna Vesi is a well-established water utility company based in Estonia, primarily serving the Tallinn region with water supply and wastewater treatment services. The company demonstrates a strong market position supported by comprehensive service offerings including water purification, meter installation, and customer self-service portals. Their website reflects a professional digital presence with multilingual support and investor relations, indicating a mature business model focused on transparency and customer engagement. Technically, the site is built on WordPress with modern plugins and scripts, ensuring good performance and SEO optimization. Security posture is robust with HTTPS enforcement and ISO certifications, although improvements can be made in security headers and incident response transparency. Privacy compliance is mostly adequate but lacks a visible cookie consent mechanism, which should be addressed to fully comply with GDPR requirements. Overall, the website and domain data indicate a trustworthy and credible organization with a solid digital infrastructure.

Eesti Ehitusinseneride Liit (EEL) is a non-profit voluntary association representing construction engineers in Estonia. Founded in 1991, it serves approximately 500 individual members and several collective members, providing professional membership services, certification, training, and information resources. The website positions EEL as a reputable and established professional body within the Estonian construction sector. Technically, the site is built on WordPress with common plugins and libraries, featuring moderate performance and good mobile optimization. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers are absent and privacy compliance is minimal due to lack of privacy and cookie policies. Overall, the website is professional, trustworthy, and well-aligned with the organization's mission, but could improve in privacy and security policy transparency.

V

Veeühing (GWP Estonia)

veeyhing.ee

43

Veeühing (GWP Estonia) is a voluntary association based in Estonia focused on water management and related environmental issues. It operates as part of the Global Water Partnership network, aiming to improve water management and protection globally. The organization hosts events such as seminars and conferences to engage stakeholders and disseminate knowledge. The website is professionally designed using WordPress and is actively maintained with regular event updates. The technical infrastructure is modern, leveraging standard WordPress plugins and libraries, and the site is served over HTTPS with no detected blocking or WAF interference. However, the site lacks explicit privacy and cookie policies, which impacts GDPR compliance and privacy posture. Contact information such as emails or phone numbers is not explicitly provided, which may affect user trust and communication. Overall, the website demonstrates a good level of professionalism and technical maturity but would benefit from enhanced privacy compliance and clearer contact channels.

M

MTÜ Maakondlikud Arenduskeskused

arenduskeskused.ee

45

MTÜ Maakondlikud Arenduskeskused operates as the largest nationwide network in Estonia providing consulting and training services to startups, active businesses, non-profits, and local governments. Their business model is based on publicly funded, free services aimed at fostering entrepreneurship and community development across all 15 Estonian counties. The website reflects a mature digital presence built on WordPress with modern plugins and SEO optimizations, supporting a good user experience and mobile responsiveness. Security posture is solid with HTTPS and standard best practices, though explicit security policies and headers could be improved. Privacy compliance is evident with a GDPR-aligned privacy policy and cookie consent mechanism. Overall, the site demonstrates high business credibility and trustworthiness with clear contact information and partner network links.

The website estlat.eu is currently inaccessible due to a Cloudflare Turnstile security challenge page that blocks access to any substantive content. As a result, no business information, contact details, or policy documents are available for analysis. The site appears to be protected by Cloudflare's security infrastructure, indicating an intent to prevent automated or malicious access. However, this also limits the ability to assess the site's business operations, technical maturity, or security posture beyond the presence of Cloudflare protections. The lack of accessible content and absence of privacy or cookie policies suggest the site is either under maintenance, restricted, or not publicly available at this time. From a security perspective, the use of Cloudflare's WAF and Turnstile challenge is a positive indicator of baseline protection, but no further security best practices or vulnerabilities can be evaluated. Overall, the site currently presents a high risk due to lack of transparency and accessibility, and further direct access or cooperation from the site owners would be necessary for a comprehensive assessment.

The website www.visitsaulkrasti.lv serves as an official regional tourism portal for Saulkrasti municipality in Latvia. It provides comprehensive visitor information including local attractions, events, accommodation options, dining, and useful tips for tourists. The site targets visitors and tourists interested in exploring the Saulkrasti region, positioning itself as a key local tourism information hub. The business model focuses on promoting local tourism services and events, supporting the hospitality and government sectors. The content is well-structured, visually appealing, and consistent with the brand identity of Saulkrasti tourism. Technically, the website is built on WordPress CMS and utilizes modern JavaScript libraries such as jQuery, Swiper.js for sliders, and Magnific Popup for galleries. It integrates Google Tag Manager and Google Analytics for tracking and marketing purposes. The site demonstrates good mobile optimization and basic accessibility features, with moderate performance. SEO practices are adequately implemented with proper meta tags and structured navigation. From a security perspective, the website enforces HTTPS with excellent SSL configuration. However, it lacks explicit security headers and does not provide a dedicated security or incident response policy. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligned with GDPR requirements. Contact information is transparent and professionally presented, enhancing business credibility. Overall, the website is trustworthy, professionally maintained, and serves its purpose effectively. Strategic improvements could include implementing additional security headers, publishing a security policy or incident response contact, and adding a security.txt file to facilitate vulnerability disclosures. These steps would further strengthen the site's security posture and trustworthiness.

V

Visit Tartu

visittartu.com

42

Visit Tartu operates as the official tourism portal for Tartu and Southern Estonia, providing comprehensive travel information, event promotion, and business-to-business services such as MICE and conference venues. The website targets tourists, event organizers, and business visitors, positioning itself as a key regional tourism authority. The business is well-established with a domain age dating back to 2005, reflecting a mature presence in the hospitality sector. Technically, the site leverages WordPress with Elementor and WP Rocket for performance optimization, and integrates social media and multimedia content effectively. Security posture is adequate with HTTPS enforced and domain transfer protection, but lacks advanced security headers and DNSSEC. Privacy compliance is partial, with a cookie consent mechanism present but no explicit privacy or terms of service pages detected. Overall, the site is professional, user-friendly, and trustworthy, though improvements in security headers and privacy documentation are recommended.

V

Vidzemes plānošanas reģions

vidzeme.lv

46

Vidzemes plānošanas reģions is a Latvian regional government institution focused on development and planning within the Vidzeme region. The organization actively collaborates with European partners on international projects to foster business growth and innovation. The website serves as an informational portal for stakeholders and the public, providing access to regional data and project information. Technically, the site is built on WordPress with modern plugins for SEO, multilingual support, and cookie compliance, indicating a moderate level of digital maturity. Security posture is solid with HTTPS enforced and cookie consent implemented, though there is room for improvement in publishing formal security and privacy policies. Overall, the site is professional and trustworthy, aligned with its government function.

E

Eesti Põllumajandus-Kaubanduskoda

epkk.ee

44

Eesti Põllumajandus-Kaubanduskoda (EPKK) is a well-established Estonian organization founded in 2010, serving as a key chamber representing agricultural producers, food processors, forestry, and land management enterprises. The website provides comprehensive information about the organization's advocacy efforts, events, vocational qualifications, and market information services. The target audience primarily consists of Estonian agricultural and related sector stakeholders. The business model is non-profit and focused on supporting stable development and fair competition within the agricultural sector. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Modern Events Calendar, ensuring good SEO and event management capabilities. The site is hosted by a reputable Estonian registrar and uses HTTPS, providing a secure browsing experience. However, there are gaps in privacy compliance, notably the absence of privacy and cookie policies and consent mechanisms. Security posture is moderate with HTTPS and secure forms but lacks advanced security headers and published security policies. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

B

Baltic Sea Culinary Routes

balticseaculinary.com

44

Baltic Sea Culinary Routes is a regional cultural project website dedicated to promoting the culinary heritage and traditions of countries surrounding the Baltic Sea. The site offers rich content including country-specific culinary descriptions, recipes, chef testimonials, and project documentation aimed at strengthening regional identity and supporting rural vitality through culinary tourism. The target audience includes tourists, culinary enthusiasts, chefs, and cultural stakeholders interested in Baltic Sea cuisine. Technically, the website employs a traditional tech stack with jQuery 1.8.1, jQuery UI, and several JavaScript libraries for UI components and sliders. The site is mobile responsive and has a clear navigation structure, but uses outdated JavaScript libraries that pose security risks. SEO and accessibility are basic but functional. No CMS or hosting provider details are explicitly detected. From a security perspective, the site uses HTTPS and has domain transfer protections, but lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options. The use of outdated jQuery versions introduces potential vulnerabilities. No privacy or cookie policies are present, indicating compliance gaps with GDPR. No contact emails or incident response information is provided, limiting transparency and user trust. Overall, the website is functional and content-rich with moderate business credibility but has notable security and privacy compliance shortcomings. Strategic improvements in security headers, library updates, and privacy policy implementation are recommended to enhance trust and compliance.

Eesti Toidutee is a well-established platform dedicated to promoting Estonian local food culture and tourism. It connects food producers, restaurants, and consumers by offering curated food routes, event information, and educational workshops. The website targets consumers interested in authentic Estonian food experiences, tourists, and local food businesses. It holds a recognized position in the local hospitality and tourism sector, emphasizing regional food specialties and seasonal offerings. Technically, the website employs a traditional tech stack with jQuery and jQuery UI libraries, Google Analytics, and Google Tag Manager for tracking. While the site is mobile-optimized and offers good user experience with clear navigation and rich content, it uses outdated JavaScript libraries that pose potential security risks. The site lacks modern security headers and explicit privacy or cookie policies, indicating areas for compliance improvement. From a security perspective, HTTPS is enabled, and no sensitive data is exposed in the HTML. However, the absence of security headers and use of outdated libraries reduce the overall security posture. There is no visible incident response or security policy information, which could impact trustworthiness. The WHOIS data aligns well with the website's Estonian focus, showing consistent and transparent registration details. Overall, the website is functional, content-rich, and professionally presented but requires enhancements in privacy compliance and security best practices to improve trust and reduce risk. Strategic updates to technology and policy transparency will strengthen its position as a trusted promoter of Estonian local food culture.

S

SA Jõgevamaa Arendus- ja Ettevõtluskeskus

kultuuritee.ee

44

Kultuuritee.ee is a regional cultural tourism website managed by SA Jõgevamaa Arendus- ja Ettevõtluskeskus, promoting the cultural heritage and tourism opportunities in the Jõgevamaa region of Estonia. The site provides information about cultural routes, events, maps, and local attractions, targeting tourists and cultural visitors interested in exploring Estonian history and culture. The business model is non-profit and focused on regional development and cultural promotion. Technically, the website is built on WordPress with common plugins like Yoast SEO and uses Google Analytics and Tag Manager for visitor tracking. The hosting is provided by Zone Media OÜ, and the domain is registered since 2019, consistent with the site's purpose. Security posture is moderate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is functional, well-branded, and provides relevant content but could improve in privacy and security practices.

S

Sisevete festival

sisevetefestival.ee

47

The Sisevete festival website represents a regional cultural event focused on Estonia's largest inland water bodies, offering a 12-day program of activities, workshops, and concerts. The site targets watercraft enthusiasts and cultural visitors, providing detailed event information and a newsletter subscription. Technically, the website is built on the Voog CMS platform, utilizing modern web technologies such as jQuery and Facebook Pixel for marketing and tracking. The site is mobile-optimized with good navigation and content relevance. Security posture is solid with HTTPS enabled and no exposed sensitive data, though it lacks security headers and a cookie consent mechanism, which are recommended for enhanced protection and GDPR compliance. Overall, the website is trustworthy and professional, with room for improvement in privacy and security transparency.

S

SportAccord

aimsisf.org

43

The Alliance of Independent Recognized Members of Sports (AIMS) operates as a non-profit international sports alliance representing various independent sports federations. The organization is positioned as a key stakeholder in the global sports governance ecosystem, partnering with major entities such as the International Olympic Committee (IOC), SportAccord, WADA, and ITA. The website serves as a communication platform providing news, member federation information, and partnership details to its target audience of sports professionals and federations worldwide. Technically, the website is built on WordPress using the Elementor page builder, hosted on StableServer infrastructure. The site demonstrates good mobile optimization, clear navigation, and a professional design, although some accessibility features could be improved. Performance is moderate, with no major technical issues detected in the HTML content. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but DNSSEC is not enabled and some security headers are not explicitly detected, suggesting room for improvement. From a security and compliance perspective, the website lacks explicit privacy, cookie, and terms of service policies, which impacts its privacy compliance score. No incident response or vulnerability disclosure information is available, and no direct contact emails or phone numbers are provided, limiting transparency in communication channels. The WHOIS data is consistent and transparent, confirming the legitimacy of the domain ownership and alignment with the organization's identity. Overall, the website is trustworthy and professionally maintained but would benefit from enhanced privacy compliance measures, improved security header implementation, and clearer contact information to strengthen user trust and regulatory adherence.

Ü

Ühendus Sport Kõigile

sportkoigile.ee

41

Ühendus Sport Kõigile is an Estonian sports association dedicated to promoting sports activities and events across multiple disciplines. The website serves as an informational portal providing event calendars, organizational details, sports facilities, and coaching resources primarily targeting Estonian sports enthusiasts and organizations. The domain is well-established since 2010 and hosted under a reputable Estonian registrar, indicating a stable online presence. Technically, the website employs a traditional web stack with jQuery, Owl Carousel, Fancybox, and AOS for animations. While the technology is somewhat dated, it remains functional and provides a moderate performance experience. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. However, there is room for improvement in SEO and accessibility. From a security perspective, the site uses HTTPS but lacks visible security headers and formal privacy or cookie policies. No analytics or tracking scripts were detected, suggesting minimal user tracking. The absence of GDPR compliance indicators and consent mechanisms is a notable gap given the European context. No forms collecting sensitive personal data were found except a basic search form. Overall, the website presents a moderate risk profile with no critical vulnerabilities detected but with compliance and security best practices needing enhancement. Strategic improvements in privacy policy publication, cookie consent, security headers, and GDPR compliance would strengthen the site's trustworthiness and security posture.

L

Liikumisharrastuse kompetentsikeskus

liikumisaasta.ee

49

Liikumisharrastuse kompetentsikeskus is a government-affiliated non-profit organization established by the Estonian Olympic Committee in 2022 to promote physical activity and healthy lifestyles across Estonia. The website serves as a central hub for information, resources, and events related to physical movement, targeting a broad audience including youth, adults, seniors, and partners in the health and sports sectors. The organization positions itself as a leader in driving a national movement towards increased physical activity and wellness.

E

Eesti Spordi- ja Olümpiamuuseum SA

spordimuuseum.ee

49

Eesti Spordi- ja Olümpiamuuseum is a well-established cultural institution located in Tartu, Estonia, serving as the largest and most modern sports museum in the Baltic region. The museum offers a rich visitor experience with over 15 attractions, educational programs, exhibitions, and a dedicated Hall of Fame. Its target audience includes families, groups, individual sports enthusiasts, and educational institutions. The business model combines ticket sales, educational services, event hosting, and an online store. The museum maintains a strong market position supported by partnerships with cultural and Olympic organizations and environmental certifications.

S

Spordimeditsiini SA

sportmed.ee

38

Spordimeditsiini SA is an established Estonian sports medicine foundation providing specialized health examinations, treatments, and consultations for amateur, youth, and professional athletes. With over 25 years of experience, it holds a strong market position in Estonia's healthcare sector, focusing on sports-related medical services including physiotherapy, cardiology diagnostics, nutrition counseling, and advanced physiotherapy procedures. The website is well-structured, multilingual, and professionally designed, reflecting the organization's credibility and service quality. Technically, it is built on WordPress with modern plugins and SEO optimizations, though some performance and security enhancements are advisable. Security posture is solid with HTTPS and no visible vulnerabilities, but lacks explicit security headers and incident response policies. Privacy compliance is partially met with privacy and cookie policies present, but missing active consent mechanisms. Overall, the site demonstrates a mature digital presence with room for improvements in security and privacy transparency.

Eesti Paralümpiakomitee is the official Estonian Paralympic Committee, a non-profit organization dedicated to supporting Paralympic athletes and promoting Paralympic sports within Estonia. The website serves as a hub for news, event calendars, athlete information, and organizational details, targeting athletes, supporters, and the general public interested in Paralympic sports. The organization maintains a clear national presence with sponsorships and social media engagement. Technically, the website employs a modern JavaScript stack including jQuery, Google reCAPTCHA, Axios, and sliders for dynamic content presentation. It uses HTTPS with a valid SSL configuration and integrates Google Analytics for visitor tracking. The site is moderately optimized for mobile and accessibility, with room for improvement in SEO and accessibility features. From a security perspective, the site benefits from HTTPS and CSRF token usage in forms, but lacks explicit security headers and detailed security or incident response policies. No privacy or cookie policies are present, which is a compliance gap. Contact information is clearly provided, enhancing trust and user engagement. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security hardening to align with best practices and regulatory requirements.

T

treenerikutse.ee

treenerikutse.ee

46

The website treenerikutse.ee serves as a portal for coaching certification and related educational services primarily targeting the Estonian market. It offers functionalities such as application control, certification verification, self-training campaigns, and registers related to education and sports disciplines. The business operates in a niche sector focused on professional coaching and sports education within Estonia, with a domain registered in 2019 and hosted by Spin TEK AS, an Estonian registrar and hosting provider. Technically, the website employs a variety of common web technologies including jQuery, Bootstrap, FlexSlider, and DataTables, indicating a moderate level of digital maturity. The site is structured with responsive design elements but lacks advanced SEO optimization and accessibility features. The absence of CMS detection suggests a custom or lightweight platform. Performance is moderate, with no explicit indicators of slow loading but also no advanced optimization. From a security perspective, the site lacks visible security headers and does not provide explicit HTTPS status in the provided data, which is a concern. The cookie consent mechanism is implemented, indicating some awareness of privacy compliance, but no privacy policy or terms of service are present, limiting GDPR compliance. No contact information or incident response channels are provided, reducing transparency and trust. Overall, the website presents a basic but functional service portal with moderate business credibility. Security and privacy practices require significant improvement to meet modern standards. Strategic recommendations include implementing HTTPS with strong SSL/TLS, publishing comprehensive privacy and security policies, adding security headers, and providing clear contact information to enhance trust and compliance.

S

Spordikoolituse ja -Teabe Sihtasutus

spordiraamat.ee

39

Spordiraamat.ee is an Estonian e-commerce platform specializing in the sale of sports-related books, including annual sports yearbooks and training manuals. The business is operated by Spordikoolituse ja -Teabe Sihtasutus, targeting sports professionals, coaches, and enthusiasts primarily within Estonia. The website offers a focused catalog of sports literature with some partner integrations for purchasing select titles. Technically, the site uses a traditional frontend stack including jQuery, Bootstrap 3.3.7, and Selectize.js, with basic mobile responsiveness and moderate performance. Security measures include HTTPS, CSRF tokens, and a cookie consent mechanism, but lack advanced security headers and vulnerability disclosure policies. The WHOIS data aligns well with the business claims, indicating a legitimate and consistent registration. Overall, the site presents a professional and trustworthy e-commerce experience within its niche, though improvements in privacy policy presence and security hardening are recommended.

The website esbl.ee serves as an Estonian sports biographical lexicon, providing historical data and biographies of Estonian sports figures. It is operated by Spin TEK AS, a company registered since 2013, which aligns with the domain age and content maturity. The site targets sports enthusiasts and researchers interested in Estonian sports history. The business model is informational, focusing on archival and reference content rather than commercial services. Technically, the website is built on static HTML enhanced with JavaScript, notably using an outdated jQuery version (1.7.2). There is no evidence of a modern CMS or frameworks, and the site shows basic performance and accessibility features. Mobile optimization is poor, and SEO practices are minimal. Hosting appears to be managed by Spin TEK AS, consistent with the WHOIS data. From a security perspective, the site lacks modern security headers and uses outdated libraries, which could expose it to vulnerabilities. HTTPS usage and SSL configuration details are not explicitly provided but should be verified. The site implements a cookie consent mechanism and provides a privacy policy document, indicating some compliance with GDPR. However, no terms of service, security policies, incident response contacts, or vulnerability disclosure mechanisms are present. Overall, the website is functional and moderately credible but requires technical and security improvements to enhance trust and protect user data. Strategic recommendations include updating JavaScript libraries, implementing security headers, improving SSL configuration, and publishing comprehensive security and contact policies.

Z

Zone Media OÜ

korvpall24.ee

36

Korvpall24.ee is a specialized Estonian media website focusing on basketball news, interviews, and event coverage. Operated by Zone Media OÜ since 2017, it serves a niche audience of basketball enthusiasts primarily in Estonia. The website features regularly updated content, including interviews and reports on local and international basketball events. Technically, the site is built on WordPress with Elementor and integrates modern web technologies such as push notifications (OneSignal), Google Analytics, and Facebook Pixel for marketing and analytics. The site uses HTTPS with good SSL configuration, ensuring secure data transmission. However, it lacks a cookie consent mechanism and explicit security or incident response policies, which are important for GDPR compliance and user trust. Overall, the site demonstrates a good balance of content quality, technical implementation, and business credibility, but could improve privacy compliance and security transparency.

A

A. Le Coq

alecoq.ee

47

A. Le Coq is Estonia's oldest and largest beverage producer, offering a wide range of alcoholic and non-alcoholic drinks including beer, cider, juices, water, and energy drinks. The company operates a professional and well-structured website built on WordPress with WooCommerce, targeting both consumers and distributors in Estonia and export markets. The website demonstrates good digital maturity with modern technologies, SEO optimization, and mobile responsiveness. Security posture is strong with HTTPS enforcement, security headers, and cookie consent mechanisms, although explicit privacy and security policies are not published. Overall, the site reflects a credible and established business with a focus on compliance and user experience.

P

Pilt Ruudus OÜ

piltruudus.ee

41

Pilt Ruudus OÜ operates as a creative agency based in Estonia, offering a comprehensive suite of digital marketing, SEO, web development, video, and photography services. The company targets Estonian businesses seeking to enhance their online presence and marketing effectiveness. The website reflects a professional and consistent brand image, with clear service descriptions and a user-friendly contact form facilitating client engagement. The business appears well-established with a domain age consistent with its operational history.

The website elva.ee is currently inaccessible beyond a Cloudflare security challenge page, which prevents access to any substantive content. The domain is registered since 2010 with a legitimate Estonian registrar, indicating a stable domain ownership. However, no business information, contact details, or compliance policies are visible due to the access restriction. The technical infrastructure relies on Cloudflare services for security and performance, but no further technical or business details can be assessed. The security posture cannot be fully evaluated given the lack of accessible content, but the presence of Cloudflare WAF indicates a baseline security measure. Overall, the site is currently not analyzable for business or compliance insights due to the WAF block.

Lääneranna vald is a local government entity in Estonia formed in 2017 by merging several municipalities. The website currently serves as a maintenance page with basic information about the municipality's geography, administrative structure, and protected natural areas. The site is built on WordPress and uses common web technologies such as jQuery. The technical infrastructure is moderate with HTTPS enabled and hosted likely by Zone Media OÜ, an Estonian registrar and hosting provider. However, the site lacks advanced security headers and policies, and no privacy or cookie policies are published, which limits compliance with GDPR and other regulations. The login form is present but lacks visible security enhancements such as CAPTCHA or multi-factor authentication. Overall, the website is functional but minimal, reflecting a work-in-progress status.

The website ramkool.ee is currently a parked domain page managed by Zone Media OÜ, an Estonian company specializing in domain registration and web hosting services. The site primarily serves as a placeholder informing visitors that the domain is registered but not linked to any hosting service, while promoting Zone Media OÜ's hosting packages in multiple languages. The business operates in the technology sector, focusing on web hosting solutions for small to medium clients, with offerings including Wordpress one-click installs, SSL certificates, and dedicated IP addresses. The domain has been registered since 2010, indicating a stable presence in the market. Technically, the website is simple, built with standard HTML, CSS, and JavaScript, and optimized for mobile devices with a responsive design. The hosting provider is clearly Zone Media OÜ, and the site uses HTTPS for external links but does not host active content on the domain itself. Security headers are minimal but include a Content-Security-Policy. No analytics or tracking scripts are detected, and no forms or user input fields exist on the page. From a security perspective, the site has a basic posture with no visible vulnerabilities or exposed sensitive data, but lacks comprehensive privacy, cookie, or security policies. There is no contact information or incident response details provided, which limits transparency and user trust. The WHOIS data is consistent and legitimate, with no privacy protection, matching the hosting provider's identity. Overall, the site functions as a parked domain with promotional content for hosting services. The risk is low given the limited functionality, but improvements in privacy compliance, security headers, and contact transparency are recommended to enhance trust and compliance.

The website kose.ee serves as a simple informational portal for Kose vald, a local government municipality in Estonia. It primarily functions as a redirect and contact hub linking users to the official Kose vald website (kosevald.ee) and its Facebook page. The site provides basic contact information including official email addresses and phone numbers but lacks comprehensive privacy, cookie, or terms of service policies. The content is minimal and targeted at residents or stakeholders seeking municipal information. Technically, the site is built on WordPress using common libraries such as jQuery, Bootstrap, and Font Awesome. Hosting appears to be managed by Zone Media OÜ, an Estonian registrar and hosting provider. The site uses HTTPS with good SSL configuration but lacks advanced security headers and modern privacy compliance features. Mobile optimization and accessibility are basic but functional. From a security perspective, the site shows moderate maturity with HTTPS enabled but no visible security policies or incident response contacts. No forms or user data collection mechanisms are present, reducing attack surface but also limiting user engagement. The absence of privacy and cookie policies indicates non-compliance with GDPR best practices, which is a risk for a government entity. Overall, the website is legitimate and consistent with its stated purpose but would benefit from enhanced security practices, privacy compliance, and improved user experience to better serve its audience and meet regulatory requirements.

R

Rapla vald

rapla.ee

45

Rapla vald operates as a local government entity serving the Rapla region in Estonia, providing a broad range of municipal services including social support, education, cultural activities, infrastructure management, and community engagement. The website serves as an official portal for residents and visitors, offering news, event information, and access to various public services. The organization maintains a clear and consistent brand presence with a well-structured website in Estonian, targeting local community members and stakeholders. Technically, the website is built on WordPress CMS, leveraging modern plugins and frontend technologies such as jQuery, FontAwesome, and Google Tag Manager. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. Hosting and domain registration are managed by a reputable Estonian registrar, Telia Eesti AS, with domain age consistent with the organization's history. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms compliant with GDPR. However, it lacks explicit security headers, published security policies, and incident response contact information. No vulnerability disclosure or security.txt files are present, indicating room for improvement in transparency and security maturity. Overall, the website presents a trustworthy and professional digital presence for a government entity, with moderate technical and security posture. Strategic enhancements in security headers, incident response readiness, and vulnerability disclosure would strengthen its security and compliance stance.

The website parnu.ee is registered to the Estonian Ministry of Education and Research (Haridus- ja Teadusministeerium) via EENet, indicating a government affiliation. However, the website content is currently inaccessible due to a Cloudflare Turnstile CAPTCHA challenge, which blocks automated access and requires human verification. This prevents direct analysis of the site's content, policies, and contact information. The domain is well-established since 2010 and shows no suspicious registration patterns, supporting its legitimacy as a government domain. Technically, the site leverages Cloudflare's security and performance services, including the Turnstile CAPTCHA for bot mitigation. No CMS or additional frameworks are detectable from the accessible content. The lack of visible privacy, cookie, or terms of service policies, as well as absence of contact details, limits assessment of compliance and user engagement features. From a security perspective, the use of Cloudflare provides a baseline of protection, but the absence of visible security headers or policies in the accessible content is a gap. The domain does not have DNSSEC enabled, which is recommended for enhanced DNS security. No vulnerabilities or exposed sensitive data are observable due to the content block. Overall, the site appears to be a legitimate government domain with strong domain registration trustworthiness but currently limited accessibility and transparency. Strategic recommendations include improving public access to privacy and security policies, enabling DNSSEC, and providing clear contact and incident response information to enhance trust and compliance.

M

MTÜ Kodukant Läänemaa

kklm.ee

39

MTÜ Kodukant Läänemaa is a small Estonian non-profit organization dedicated to promoting and supporting village life and rural community development in the Läänemaa region. The organization provides project support, facilitates funding opportunities, and organizes community events to strengthen local engagement. The website is built on WordPress using the Virtue theme and several plugins such as MailPoet for newsletters and Google Calendar Events for event management. The technical infrastructure is modern and moderately performant with good mobile optimization. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks important security headers and formal privacy or cookie policies. Contact information is clearly provided with a physical address and company email, enhancing business credibility. Overall, the website is professional and trustworthy but would benefit from improved privacy compliance and enhanced security practices.

R

Rohelise Jõemaa Koostöökogu

joemaa.ee

39

Rohelise Jõemaa Koostöökogu is a small regional cooperative organization based in Estonia, focused on sustainable rural economic development, cultural heritage preservation, and tourism promotion. The website serves as an informational and promotional platform highlighting the organization's mission, events, and regional identity. The technical infrastructure is based on WordPress with common plugins such as Yoast SEO and Contact Form 7, supported by standard web technologies like jQuery and Bootstrap. The site is moderately optimized for performance and mobile devices but lacks advanced accessibility features. Security posture is basic with HTTPS enabled but missing important security headers and policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the website is functional and professional but requires improvements in privacy, security, and compliance to enhance trust and user protection.

P

Pärnu Lahe Partnerluskogu

plp.ee

39

Pärnu Lahe Partnerluskogu is a regional non-profit partnership organization based in Estonia, focused on supporting local development projects, cooperation, and dissemination of information in the Pärnu Bay area. The website serves as an information hub for local government entities, community organizations, and residents, providing updates on meetings, funding opportunities, and collaborative projects. The organization appears well-established with a domain age since 2010 and consistent regional focus. Technically, the website is built on WordPress using the Sydney theme and common plugins such as Yoast SEO and Elementor. It employs HTTPS and basic SEO optimizations, with moderate performance and good mobile responsiveness. However, accessibility features are basic, and some security best practices like DNSSEC and security headers are missing. From a security perspective, the site has a good SSL configuration but lacks advanced security headers and explicit privacy or cookie policies, which are important for GDPR compliance. No incident response or vulnerability disclosure mechanisms are evident. The absence of contact emails and phone numbers in the HTML limits direct communication channels, though physical addresses linked to local municipalities are present. Overall, the website is functional and professional for its purpose but would benefit from enhanced privacy compliance, improved security headers, and clearer contact information to strengthen trust and regulatory adherence.

G

Geopeitus MTÜ

geopeitus.ee

41

Geopeitus.ee is a niche community platform dedicated to geocaching activities in Estonia, operated by Geopeitus MTÜ. The website offers geocache listings, user forums, event announcements, and user-generated content such as logs and photos. It targets geocaching enthusiasts primarily within Estonia, fostering an active and engaged community with premium membership features and event support. The platform's market position is that of a specialized community hub rather than a commercial enterprise. Technically, the site uses legacy JavaScript libraries like jQuery 1.6.4 and jQuery Fancybox 1.3.4, along with Google Tag Manager for analytics. The CMS appears custom-built, with basic mobile optimization and accessibility features. Security posture is moderate but could be improved; the site lacks modern security headers and uses outdated libraries that may expose vulnerabilities. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service. Contact information is limited to an obfuscated email and a login form; no phone numbers or physical addresses are provided. Overall, the site is functional and community-focused but would benefit from modernization and enhanced security and privacy practices.

Soomaa.com is a small hospitality and tourism business focused on providing wilderness experiences in Estonia, particularly in Soomaa National Park. The website offers detailed information and booking options for various outdoor activities such as canoe trips, kick-bike trips, bogwalking, mushrooming, and snowshoeing. The company targets nature enthusiasts and tourists seeking authentic outdoor adventures in Estonia. The business appears established, with a domain registered since 1999, and maintains a consistent brand presence including social media channels on Facebook, YouTube, and Instagram. Technically, the website is built on WordPress using the Astra theme and Elementor page builder, integrating third-party booking services via FareHarbor. The site is well-structured with good SEO practices, mobile optimization, and a cookie consent mechanism compliant with GDPR principles. Performance is moderate, and accessibility is basic but functional. From a security perspective, the site uses HTTPS with good SSL configuration but lacks advanced security headers and explicit security policies. No vulnerabilities or exposed sensitive data were detected. The cookie consent banner and detailed preferences indicate a commitment to privacy compliance, although no explicit privacy policy or terms of service were found in the analyzed content. Overall, Soomaa.com presents a credible and professional online presence for a niche tourism business. Strategic improvements in security headers, explicit privacy and security policies, and enhanced accessibility would strengthen its security posture and compliance. The domain registration data supports legitimacy and trustworthiness.

E

Eesti Maaturismi Ühing

saunatee.ee

26

Saunatee.ee is a specialized Estonian website dedicated to promoting sauna culture, tourism, and related products. Operated by Eesti Maaturismi Ühing, it serves as a comprehensive portal listing various sauna types, sauna packages, and educational content about sauna traditions in Estonia. The website targets sauna enthusiasts and tourists interested in authentic Estonian sauna experiences, positioning itself as a niche cultural and tourism information platform. The business model focuses on information dissemination and promotion of sauna-related services and products, supported by a small but consistent content base and community engagement through newsletters and social media.

A

Allikukivi Veinimõis

allikukivi.ee

40

Allikukivi Veinimõis is a small family-owned Estonian business specializing in handcrafted berry and fruit wines produced on-site in their manor's wine cellar. They complement their wine production with hospitality services including wine tastings, tours, and glamping accommodations in a historic manor park. The website is built on WordPress with WooCommerce, featuring a professional design and moderate performance. The site includes cookie consent mechanisms and integrates third-party booking services. Security posture is good with HTTPS and no exposed sensitive data, but lacks some security headers and formal privacy and terms policies. Overall, the business presents a trustworthy local niche hospitality and wine production service with room for improvement in privacy compliance and security documentation.

V

Valgeranna Seikluspark

valgerannaseikluspark.ee

44

Valgeranna Seikluspark is an Estonian adventure park offering active outdoor recreational activities primarily targeting families, children, and groups near Pärnu. The website presents a professional and consistent brand image with clear descriptions of services such as adventure trails, group bookings, and special events. Technically, the site is built on WordPress with Elementor and Yoast SEO, integrating Google Analytics and Tag Manager for tracking. Cookie consent is implemented with detailed user controls, reflecting a basic level of privacy compliance. Security posture is solid with HTTPS and no visible vulnerabilities, though formal security and incident response policies are absent. Overall, the site is functional, trustworthy, and well-positioned regionally, but could improve transparency by publishing privacy and terms policies and enhancing contact information visibility.

Z

Zone Media OÜ

visitkorvemaa.ee

42

VisitKorvemaa is a regional tourism platform focused on promoting the Kõrvemaa nature area in Estonia. It aggregates local tourism services and offers authentic nature and community experiences including guided tours, outdoor activities, accommodation, and workshops. The website is built on WordPress with WooCommerce for e-commerce capabilities and uses modern plugins for SEO and marketing. The business is small, founded in 2021, and targets tourists interested in nature and active tourism. The platform integrates social media and third-party review widgets to build trust and engagement. Technically, the site is well-structured and mobile-optimized but lacks some advanced security headers and explicit privacy and cookie policies. The domain registration is consistent and transparent, supporting the legitimacy of the business.

E

Elkdata OÜ (registrar)

veetee.ee

46

VeeTee.ee is a small Estonian business specializing in outdoor recreational services including ski and snowboard rentals, canoe and rubber boat trips, and accommodation rental at Annemäe Puhkemaja. The company targets tourists and local outdoor enthusiasts seeking guided water and winter sports experiences. The website is built on WordPress with modern plugins and provides clear contact information and service descriptions. Technically, the site uses HTTPS and common WordPress technologies but lacks some security headers and explicit privacy consent mechanisms. Security posture is moderate with no critical vulnerabilities detected but room for improvement in policy transparency and compliance. Overall, the business appears legitimate with consistent domain registration data and a professional web presence.

A

Adrenaator Grupp

adrenaator.ee

40

Adrenaator Grupp operates the website adrenaator.ee, providing adventure and outdoor experiences such as canoe trips, hiking, and team events primarily in the Aidu quarry area in Estonia. The company targets families, friends, and corporate groups seeking unique adventure activities. The business is positioned as a niche local provider with a focus on experiential tourism and event hosting. The website is built on WordPress with modern SEO and GDPR compliance plugins, indicating a moderate level of digital maturity. Technical infrastructure includes Google Analytics and Tag Manager for tracking, and the site is hosted by Zone Media OÜ, a known Estonian registrar and hosting provider. Security posture is adequate with HTTPS enabled and cookie consent implemented, though some security headers are missing and no explicit security or incident response policies are published. Overall, the site is professional and trustworthy with room for improvement in security and contact transparency.

Maaturism.ee is the official website of MTÜ Eesti Maaturism, a non-profit organization dedicated to promoting rural tourism in Estonia. The website offers comprehensive information about accommodation, active holidays, food services, health tourism, family vacations, themed farms, museums, seminars, weddings, and cooperation networks. It also highlights various projects aimed at developing rural tourism products and services, targeting tourists interested in nature and cultural experiences in Estonia and the Baltic region. The organization has a strong local presence and a network of members, positioning itself as a key player in Estonia's rural tourism sector. Technically, the website employs a modern tech stack including jQuery, Leaflet.js for mapping, Google Tag Manager, and Google Analytics for tracking. It uses HTTPS with a hosting provider Elkdata OÜ, an Estonian registrar and hosting company, ensuring secure connections. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. However, it lacks explicit privacy and cookie policies, which are important for GDPR compliance. From a security perspective, the site uses HTTPS and asynchronous script loading, but no explicit security headers were detected. There is no visible vulnerability disclosure or incident response contact information. The WHOIS data is transparent and consistent with the website's business and location, supporting legitimacy. Overall, the site demonstrates a moderate to good security posture but could improve compliance and security best practices. The overall risk assessment is moderate with recommendations to implement privacy and cookie policies, add security headers, and establish vulnerability disclosure mechanisms to enhance trust and compliance.

R

Romantiline Rannatee

rannatee.ee

38

Romantiline Rannatee is a well-established regional tourism promotion website focused on the Pärnumaa coastal area in Estonia. The site offers rich content including destination guides, events, accommodations, and virtual tours, targeting tourists interested in nature, culture, and leisure activities. The business operates primarily as a tourism marketing platform, leveraging partnerships with local organizations and maintaining a consistent brand presence. Technically, the website is built on WordPress using the Avada theme and Yoast SEO plugin, with Google Tag Manager integrated for analytics. The site demonstrates good design quality, mobile optimization, and SEO practices, though accessibility features are basic. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks security headers and formal security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the domain registration is consistent and trustworthy, with no blocking or WAF detected, supporting a moderate to good trust level for visitors.