Security Directory

The website www.isover.ee is currently inaccessible due to a Cloudflare security challenge page employing Turnstile captcha, which blocks direct access to the site's content. As a result, no business, contact, or policy information is available for analysis. The site appears to be protected by Cloudflare's WAF, indicating an intent to secure the site from automated access or attacks. However, this also prevents a comprehensive assessment of the site's content, technical infrastructure, and security posture. Without access to the actual website content, it is not possible to evaluate the company's market position, services, or compliance status.

E

E-kataloog ESTER

ester.ee

55

E-kataloog ESTER is a centralized digital catalog service aggregating the collections of major Estonian libraries. It serves as a key resource for library users including students, researchers, and the general public in Estonia, providing unified search capabilities and access to various library resources. The platform integrates institutional authentication via CAS and offers accessibility features for visually impaired users. Technically, the website employs standard web technologies such as JavaScript, jQuery, and Modernizr, and uses Google Analytics for user tracking. While the site is functional and professionally designed, it lacks visible privacy and cookie policies, which impacts its privacy compliance posture. Security-wise, HTTPS is implied, and session timeout mechanisms are implemented, but explicit security headers are missing. Overall, the site is a trusted educational resource but would benefit from enhanced privacy disclosures and security hardening.

I

International Olympic Committee (IOC)

olympic.org

63

Olympics.com is the official digital platform of the International Olympic Committee (IOC), providing authoritative and comprehensive coverage of the Olympic Games, athletes, sports, and related news. The website serves a global audience of sports enthusiasts, athletes, and stakeholders by delivering live event coverage, video highlights, original series, and historical Olympic content. It is positioned as the primary source for Olympic information and media worldwide. Technically, the site employs a modern technology stack including JavaScript frameworks (likely React), advanced search via Algolia, customer identity management through Gigya, and robust analytics with Google Tag Manager and Conviva. The site is hosted on a high-performance CDN (Akamai), ensuring fast load times and excellent mobile optimization. Accessibility and SEO practices are well implemented, supporting a broad and inclusive user experience. From a security perspective, Olympics.com enforces HTTPS with strong SSL configuration and implements key security headers such as Content-Security-Policy and Strict-Transport-Security. The site uses a comprehensive cookie consent mechanism compliant with GDPR, and no critical vulnerabilities or exposed sensitive data were detected. However, the absence of a public WHOIS record and lack of visible incident response contacts or vulnerability disclosure pages suggest areas for improvement in transparency and security communication. Overall, Olympics.com demonstrates a mature digital presence with strong content quality, technical infrastructure, and security posture. The main risks relate to WHOIS data opacity and limited direct contact information for security incidents. Strategic recommendations include enhancing incident response visibility, publishing a security.txt file, and continuous monitoring of third-party scripts to maintain security integrity.

Ü

Ühendus Sport Kõigile

sportkoigile.ee

41

Ühendus Sport Kõigile is an Estonian sports association dedicated to promoting sports activities and events across multiple disciplines. The website serves as an informational portal providing event calendars, organizational details, sports facilities, and coaching resources primarily targeting Estonian sports enthusiasts and organizations. The domain is well-established since 2010 and hosted under a reputable Estonian registrar, indicating a stable online presence. Technically, the website employs a traditional web stack with jQuery, Owl Carousel, Fancybox, and AOS for animations. While the technology is somewhat dated, it remains functional and provides a moderate performance experience. The site is mobile-optimized and offers a good user experience with clear navigation and relevant content. However, there is room for improvement in SEO and accessibility. From a security perspective, the site uses HTTPS but lacks visible security headers and formal privacy or cookie policies. No analytics or tracking scripts were detected, suggesting minimal user tracking. The absence of GDPR compliance indicators and consent mechanisms is a notable gap given the European context. No forms collecting sensitive personal data were found except a basic search form. Overall, the website presents a moderate risk profile with no critical vulnerabilities detected but with compliance and security best practices needing enhancement. Strategic improvements in privacy policy publication, cookie consent, security headers, and GDPR compliance would strengthen the site's trustworthiness and security posture.

The website esbl.ee serves as an Estonian sports biographical lexicon, providing historical data and biographies of Estonian sports figures. It is operated by Spin TEK AS, a company registered since 2013, which aligns with the domain age and content maturity. The site targets sports enthusiasts and researchers interested in Estonian sports history. The business model is informational, focusing on archival and reference content rather than commercial services. Technically, the website is built on static HTML enhanced with JavaScript, notably using an outdated jQuery version (1.7.2). There is no evidence of a modern CMS or frameworks, and the site shows basic performance and accessibility features. Mobile optimization is poor, and SEO practices are minimal. Hosting appears to be managed by Spin TEK AS, consistent with the WHOIS data. From a security perspective, the site lacks modern security headers and uses outdated libraries, which could expose it to vulnerabilities. HTTPS usage and SSL configuration details are not explicitly provided but should be verified. The site implements a cookie consent mechanism and provides a privacy policy document, indicating some compliance with GDPR. However, no terms of service, security policies, incident response contacts, or vulnerability disclosure mechanisms are present. Overall, the website is functional and moderately credible but requires technical and security improvements to enhance trust and protect user data. Strategic recommendations include updating JavaScript libraries, implementing security headers, improving SSL configuration, and publishing comprehensive security and contact policies.

S

SYNLAB International GmbH

synlab.com

64

SYNLAB International GmbH operates as a leading European provider of medical laboratory diagnostic services, offering a broad range of routine and specialty testing solutions. The company targets healthcare providers, clinics, doctors, and patients, emphasizing fast and reliable test results and innovative diagnostic technologies. Their market position is strong, supported by a large network across more than 20 countries and a significant employee base including medical experts. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to their audience. Technically, the site is built on TYPO3 CMS with Bootstrap and integrates Matomo analytics and conditional Google Maps functionality, indicating a modern and privacy-conscious infrastructure. Security posture is robust with HTTPS, security headers, and cookie consent mechanisms in place, though explicit incident response and vulnerability disclosure policies are not publicly visible. The absence of WHOIS data for the domain is notable but does not detract from the overall legitimacy and professionalism of the site. Strategic recommendations include enhancing transparency around security incident response and publishing a security.txt file to facilitate vulnerability reporting.

The website ramkool.ee is currently a parked domain page managed by Zone Media OÜ, an Estonian company specializing in domain registration and web hosting services. The site primarily serves as a placeholder informing visitors that the domain is registered but not linked to any hosting service, while promoting Zone Media OÜ's hosting packages in multiple languages. The business operates in the technology sector, focusing on web hosting solutions for small to medium clients, with offerings including Wordpress one-click installs, SSL certificates, and dedicated IP addresses. The domain has been registered since 2010, indicating a stable presence in the market. Technically, the website is simple, built with standard HTML, CSS, and JavaScript, and optimized for mobile devices with a responsive design. The hosting provider is clearly Zone Media OÜ, and the site uses HTTPS for external links but does not host active content on the domain itself. Security headers are minimal but include a Content-Security-Policy. No analytics or tracking scripts are detected, and no forms or user input fields exist on the page. From a security perspective, the site has a basic posture with no visible vulnerabilities or exposed sensitive data, but lacks comprehensive privacy, cookie, or security policies. There is no contact information or incident response details provided, which limits transparency and user trust. The WHOIS data is consistent and legitimate, with no privacy protection, matching the hosting provider's identity. Overall, the site functions as a parked domain with promotional content for hosting services. The risk is low given the limited functionality, but improvements in privacy compliance, security headers, and contact transparency are recommended to enhance trust and compliance.

B

British Tourist Authority

visitbritain.org

63

VisitBritain.org is the official national tourism agency website for Britain, operated by the British Tourist Authority. It serves as a comprehensive resource for tourists, travel trade professionals, business event planners, and media, offering information on travel, accommodation, destinations, business support, research, and news. The site is well-positioned as an authoritative government entity promoting tourism in the UK. Technically, the website is built on Drupal 10, employs modern JavaScript libraries, and integrates Google Tag Manager and OneTrust for analytics and consent management. The site demonstrates good mobile optimization, accessibility, and SEO practices. Security-wise, the site enforces HTTPS, uses standard security headers, and manages cookie consent effectively, though explicit security policies and vulnerability disclosure mechanisms are not publicly visible. Overall, the domain appears legitimate despite incomplete WHOIS data, likely due to privacy protection. The website presents a professional, trustworthy, and user-friendly experience aligned with its government agency status.

A

Avis Budget UK Limited

budget.co.uk

71

Budget.co.uk represents the UK branch of Avis Budget UK Limited, a major player in the global car rental industry. The website offers a comprehensive car rental booking platform with a wide range of services including additional drivers, one-way hires, roadside assistance, and long-term rentals. The company operates across 165 countries with over 11,000 locations, positioning itself as a large and reputable transportation service provider. The site targets consumers and businesses seeking affordable and convenient car rental solutions in the UK and internationally. From a technical perspective, the website employs modern JavaScript libraries such as Handlebars.js and Globalize.js, integrates Google Tag Manager and Tealium for analytics and marketing, and uses Bing Maps API for location services. The site is mobile-optimized with good navigation and content quality, although accessibility features could be enhanced. Performance is moderate with room for improvement in loading speed and technical SEO. Security posture is solid with HTTPS enforced, cookie consent mechanisms, and input validation on forms. However, explicit security headers are not detected, and no public security or incident response policies are found on the site. The WHOIS lookup failed due to domain registration rules, but the website content and branding strongly indicate legitimacy. No WAF or blocking mechanisms were detected, and the site is fully accessible. Overall, Budget.co.uk is a professional, trustworthy, and functional car rental website with strong business credibility and good privacy compliance. Strategic improvements in security headers, accessibility, and public security policies would further enhance its security posture and user trust.

Lost Returns, Inc. operates a specialized lost property management platform that leverages AI for inventory matching and integrates with major shipping carriers to facilitate efficient return of lost items. The company targets businesses across various industries, particularly transportation and rental sectors, providing a SaaS-based solution to streamline lost and found operations and improve customer satisfaction. The website demonstrates a professional and modern digital presence built on Next.js and React, with good mobile optimization and performance. Security posture is solid with HTTPS and no visible vulnerabilities, though some security headers and explicit incident response information are lacking. Privacy compliance is supported by a comprehensive privacy policy but lacks a cookie consent mechanism. The absence of WHOIS data introduces some uncertainty regarding domain legitimacy, but the overall business credibility is supported by client testimonials and recognized brand partnerships.

T

The Hertz Corporation

hertz.ie

70

The website www.hertz.ie is the Irish regional portal for The Hertz Corporation, a globally recognized car rental company. It offers car and van rental services across Ireland with a focus on quality and convenience, including electric vehicle options. The site supports multiple languages and internationalization, reflecting a mature digital presence. Technically, the site employs modern JavaScript frameworks, asynchronous script loading, and integrates Google services such as Tag Manager and Analytics, alongside Stripe for payments and reCAPTCHA for bot protection. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, although explicit security headers and incident response information are not evident. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR-aligned cookie consent. Business credibility is supported by consistent branding and professional content, though direct contact details are not prominently displayed on the analyzed page. Overall, the site is professionally designed, functional, and secure, suitable for enterprise-level operations in the transportation sector.

T

The Hertz Corporation

hertz.es

71

The website www.hertz.es is the official Spanish portal for The Hertz Corporation, a globally recognized car and van rental company. It offers online reservation services tailored to the Spanish market and integrates with a broad international network of Hertz websites. The site targets consumers and businesses seeking vehicle rentals in Spain and worldwide, providing a professional and localized user experience. The business model centers on vehicle rental services supported by a loyalty program and business rental solutions. Technically, the site employs modern JavaScript frameworks, Google analytics and tag management, and security tools such as reCAPTCHA Enterprise, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement, cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is robust, with a comprehensive privacy policy and GDPR-aligned cookie consent. However, WHOIS data is restricted due to .es registry policies, limiting public domain registration transparency. Overall, the site is professional, secure, and trustworthy, suitable for enterprise-level operations.

Z

Zone Media OÜ

spoku.ee

40

Spoku.ee is a government-focused support application and processing system primarily serving Estonian municipalities and institutions. The platform offers a comprehensive suite of features including application submission, payment integration, digital contract signing, and data integration with national registries. The website is built on WordPress with modern plugins and technologies, reflecting a moderate level of digital maturity. While the technical implementation is solid and the site is mobile-optimized with good SEO practices, there is a lack of published privacy, cookie, and security policies, which impacts compliance and trust. Security posture is adequate with HTTPS enabled but could be improved by adding security headers and formal incident response documentation. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business.

Z

Zone Media OÜ

eestitoit.ee

50

Eestitoit.ee is a government-affiliated website focused on promoting Estonian food culture, local food products, and sustainable food practices. It serves as an informational and educational platform targeting Estonian residents, food enthusiasts, and culinary tourists. The site is well-branded and consistent with official government initiatives, featuring rich content about food events, traditions, and sustainability projects. Technically, the website is built on Drupal CMS and uses modern analytics tools such as Google Analytics and Matomo. It is mobile-optimized and accessible, with good SEO practices. Security-wise, the site implements cookie consent with an opt-in mechanism but lacks visible advanced security headers and a published privacy policy or terms of service. WHOIS data confirms the domain's legitimacy and long-standing registration since 2010. Overall, the website is professional, trustworthy, and serves its informational purpose effectively.

P

Perearst24

perearst24.ee

63

Perearst24.ee is a healthcare-focused digital platform serving family doctor centers in Estonia by providing a secure environment for patients to submit electronic health inquiries. The platform enhances health data security and facilitates better patient-doctor communication by allowing 24/7 submission of health concerns, which are processed during the centers' operational hours. The website is professionally designed with a clear focus on its target audience, patients of Estonian family doctor centers. Technically, the site employs modern frontend technologies such as Vue.js and Vuetify, ensuring a responsive and user-friendly experience. Security is well-handled with HTTPS enforced and cookie consent mechanisms in place, although some security headers and explicit security policies are absent. Overall, the site demonstrates a good security posture and compliance with privacy regulations, including GDPR, supported by clear privacy and cookie policies. However, contact information and incident response details are not directly available, which could be improved to enhance trust and transparency.

The website mirko.ee is currently inaccessible beyond a Cloudflare Turnstile human verification challenge page, which blocks access to any substantive content. The domain is registered with Zone Media OÜ in Estonia since 2022, indicating a relatively new but legitimate registration. Due to the WAF challenge, no business information, contact details, or policies are visible, limiting the ability to assess the company's operations or compliance posture. The technical infrastructure relies on Cloudflare services for security and performance, but no additional frameworks or CMS platforms are detectable. Security headers and privacy compliance measures are not observable due to the blocked content. Overall, the site appears to be protected by Cloudflare's security mechanisms but lacks publicly accessible information for a full evaluation.

L

Lääne-Virumaa Spordiliit

lvsl.ee

55

Lääne-Virumaa Spordiliit is a regional sports organization based in Rakvere, Estonia, focused on leading and developing sports activities in the Lääne-Virumaa region. The website serves as an informational portal primarily targeting local residents and sports enthusiasts. The business model is non-profit and community-oriented, with a clear regional focus. The website is built on the Wix platform, leveraging Wix Thunderbolt and standard web technologies, providing a moderate level of performance and mobile optimization. However, the site lacks comprehensive privacy and cookie policies, which impacts compliance and user trust. Security posture is adequate with HTTPS and some JavaScript hardening but could be improved with additional security headers and incident response information. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security transparency.

E

Eesti Korvpalliliit

basket.ee

43

Eesti Korvpalliliit is the official governing body for basketball in Estonia, managing national teams, leagues, coaching, refereeing, and basketball development programs. The organization holds a strong market position as the primary basketball authority in Estonia, supported by sponsorship from Swedbank. The website provides comprehensive content including news, events, galleries, and contact information, targeting basketball players, coaches, referees, and fans within Estonia. Technically, the site uses a custom CMS with jQuery, Owl Carousel, and Google Tag Manager, offering good mobile optimization and moderate performance. Security posture is solid with HTTPS and cookie consent mechanisms, though some improvements like updated libraries and security headers are recommended. Overall, the site is professional, trustworthy, and well-aligned with its business purpose.

V

Visit Jõgeva | Avasta Jõgevamaa

visitjogeva.com

47

Visit Jõgeva is a regional tourism website dedicated to promoting the Jõgevamaa region in Estonia. It provides comprehensive information on local events, attractions, accommodation, food, active holidays, and local products, targeting tourists and visitors interested in exploring this area. The website is multilingual, supporting Estonian, English, German, Finnish, and Latvian languages, enhancing accessibility for international visitors. The business model focuses on informational and promotional services to boost regional tourism.

T

Tallinn City Tourist Office & Convention Bureau

visittallinn.ee

69

Visit Tallinn is the official tourism portal managed by the Tallinn City Tourist Office & Convention Bureau, providing comprehensive information about the city's attractions, events, public transport, and dining options. The website targets tourists and visitors seeking practical and up-to-date travel information about Tallinn, Estonia. It holds a strong market position as the official city guide and tourism authority, supported by consistent branding and good content quality. Technically, the website employs modern web technologies including Vue.js and Bootstrap, with integrations for analytics and tracking such as Google Tag Manager, Microsoft Clarity, and Facebook Pixel. The site demonstrates good mobile optimization and moderate performance, reflecting a mature digital infrastructure. Hosting and domain registration are consistent and stable, managed by Spin TEK AS since 2014. From a security perspective, the website uses HTTPS with good SSL configuration and includes several security-related HTTP headers. However, it lacks visible privacy and cookie policies, consent mechanisms, and incident response contact information, which are critical for GDPR compliance and user trust. No significant vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and transparency measures to improve user trust and regulatory adherence.

B

Bureau Veritas Eesti

bureauveritas.ee

68

Bureau Veritas Eesti is a well-established branch of the global Bureau Veritas Group, specializing in certification, inspection, and sustainability services. The company offers a broad portfolio of services including ISO management system certifications, food safety, information security, and sustainability consulting, targeting businesses in Estonia. The website reflects a professional and consistent brand image with clear navigation and relevant content for its audience. Technically, the site is built on Drupal 10, uses modern consent management tools (Didomi), and integrates Google Analytics and Tag Manager for tracking. Security posture is strong with HTTPS enforced and standard security headers present, though explicit security and incident response policies are not found. Privacy compliance is partially addressed via cookie consent but lacks a clearly accessible privacy policy page. Overall, the website demonstrates a mature digital presence with room for improvement in privacy transparency and incident response communication.

L

Luuletus.ee

luuletus.ee

60

Luuletus.ee is a well-established Estonian online platform dedicated to poetry, offering a large collection of poems with daily updates. It targets Estonian poetry enthusiasts and writers, providing services such as poem publishing, sharing, user accounts, and curated collections. The platform is owned by Zone Media OÜ and has been operational since 2011, positioning itself as the largest Estonian poetry repository online. Technically, the website employs modern web technologies including HTTPS, Cloudflare CDN, Google Analytics, and lazy loading for images, delivering a good user experience with mobile optimization and clear navigation. Security-wise, the site enforces HTTPS and uses service workers but lacks some advanced security headers and a formal vulnerability disclosure policy. Privacy compliance is addressed with a visible cookie consent mechanism and a basic privacy policy aligned with GDPR requirements. Overall, the website demonstrates a solid business credibility and technical maturity with room for security enhancements.

E

Eesti Rahvusraamatukogu

digar.ee

40

DIGAR is a digital archive platform operated by the National Library of Estonia, providing access to a wide range of digitized cultural heritage materials including books, periodicals, images, and collections. The website targets researchers, students, historians, and the general public interested in Estonian history and culture. It serves as a national-level digital repository with a public service business model, offering structured search capabilities and curated collections. The platform is well-branded and consistent with its institutional identity. Technically, the website employs standard web technologies including JavaScript and integrates Google Analytics and Google Tag Manager for user tracking and analytics. The site is served over HTTPS with CSRF protection on forms, indicating a reasonable security baseline. However, it lacks advanced security headers and explicit privacy or cookie policies, which are important for compliance and user trust. Mobile optimization and accessibility are basic but functional, with room for improvement. From a security perspective, the site demonstrates good practices such as HTTPS and CSRF tokens but misses opportunities to enhance security posture through security policies, incident response contacts, and vulnerability disclosure mechanisms. No critical vulnerabilities or blocking mechanisms were detected. The WHOIS data confirms the legitimacy and consistency of the domain registration, aligning with the website's governmental and cultural heritage role. Overall, DIGAR presents a trustworthy and professional digital archive service with good content quality and business credibility. To improve, it should implement comprehensive privacy and cookie policies, enhance security headers, and provide clear incident response and vulnerability disclosure information to strengthen user trust and compliance.

E

Erasmus+ ja Euroopa Solidaarsuskorpuse agentuur

euroopanoored.eu

46

The website represents the Erasmus+ and European Solidarity Corps national agency in Estonia, providing comprehensive information, resources, and support for youth, youth workers, and organizations involved in European youth programs. It serves as a government-funded platform facilitating access to program opportunities, project guidance, and community engagement. The site is well-positioned as the authoritative national agency for these programs, targeting youth and professionals in the youth sector. Technically, the website is built on WordPress with modern performance and SEO optimizations, including WP Rocket and The SEO Framework. It employs Google Site Kit for analytics and consent management, ensuring GDPR compliance with a robust cookie consent mechanism. The site is mobile-optimized, accessible, and fast-loading, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and employs consent mode to restrict tracking and personalization. While explicit security headers and incident response policies are not evident, no vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the agency's Estonian identity, registered through a reputable local registrar without privacy protection, appropriate for a government entity. Overall, the website demonstrates a strong security posture, excellent content quality, and good privacy compliance, making it a trustworthy and professional platform for its audience.

E

Eduten Ltd.

eduten.com

65

Eduten Ltd. operates a leading digital math learning platform originating from Finland, combining Finnish educational excellence with gamification and AI technologies. The platform targets K-12 students, teachers, school leaders, and parents worldwide, offering a comprehensive content library and AI-driven learning analytics. It holds a strong market position supported by over 15 years of university research and international awards such as the UNESCO ICT for education prize and UNICEF special edtech award. Technically, the website employs modern JavaScript libraries and analytics tools, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though additional security headers and explicit security policies could enhance protection. The domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness. Overall, the website presents a professional, trustworthy, and user-friendly digital education platform.

E

Eliis Tarkvara

eliis.eu

55

ELIIS is a specialized online information system designed for pre-school organizations, including kindergartens, local governments, teachers, and parents. It offers a comprehensive suite of features such as curriculum planning, child development analysis, digital diaries, communication tools, and document management. The platform is positioned as a trusted solution across the EU, with over 15,000 teachers and 1,000 institutions relying on it. The business model is subscription-based, charging local governments per child, while teachers and parents have free access. The website is professionally designed, multilingual, and emphasizes GDPR compliance.

The website elron.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge page, which blocks access to the actual content. This prevents a full analysis of the business, security, and compliance posture. Based on the WHOIS data, the domain is registered since 2013 with Zone Media OÜ, a known registrar, indicating a legitimate domain age and registration consistency. The website appears to be related to the transportation sector in Estonia, likely a medium-sized entity given the domain age and sector. The technical infrastructure includes Cloudflare services for CDN, security, and bot mitigation, but no CMS or other frameworks are detectable due to the blocked content. Security posture cannot be fully assessed, but the presence of Cloudflare WAF and Turnstile indicates a baseline security measure. No privacy, cookie, or terms of service policies are visible, nor are there any contact details or business information on the landing page. Overall, the site is protected by strong bot mitigation but lacks publicly accessible content for deeper analysis.

P

Peatus

peatus.ee

51

Peatus.ee is a digital journey planning user interface focused on public transportation in Estonia, leveraging the Digitransit platform. The website targets public transport users seeking route planning and transit information. Technically, it employs modern web technologies including React, JavaScript, and integrates analytics tools such as Matomo and Google Tag Manager. The site demonstrates good security practices with HTTPS and security headers, but lacks explicit privacy and cookie policies, as well as contact information, which impacts privacy compliance and user trust. Overall, the domain registration data aligns well with the website's purpose, indicating legitimacy. Strategic improvements in privacy disclosures and user contact options would enhance compliance and trust.

Z

Zone Media OÜ

inimene.ee

45

Inimene.ee is an established Estonian health portal operated by Zone Media OÜ since 2010. It provides comprehensive health-related content including disease catalogs, symptoms, treatments, and health news. The site targets Estonian-speaking individuals seeking reliable health information and offers interactive features such as a question submission form answered by medical professionals. The business model relies on content provision combined with advertising partnerships, notably with Apotheka e-pharmacy. Technically, the site uses a modern CMS (Greativ), integrates multiple third-party analytics and advertising services, and is optimized for mobile devices with good SEO practices. Security posture is solid with HTTPS enforced and secure form handling, though it lacks some advanced headers and published incident response policies. Overall, the site is trustworthy and professionally maintained, with room for improvement in security transparency and direct contact information.

MTÜ Viimsi Invaühing is a small Estonian non-profit organization focused on community support and charity events, such as the Heategevusball. The website serves as an informational portal for local activities and fundraising events, targeting the Viimsi community and supporters of disability-related causes. The business model is event-driven and donation-based, with a local market position and a history dating back to 2010. Technically, the website uses a basic custom or legacy CMS with JavaScript and jQuery libraries. The hosting is provided by Spin TEK AS, a local Estonian registrar and hosting company. The site shows moderate performance and basic mobile optimization but lacks modern frameworks or CMS platforms. SEO and accessibility features are minimal. From a security perspective, the site uses HTTPS (assumed from URL), but no advanced security headers or policies are detected. There are no visible forms collecting sensitive data, but the absence of privacy and cookie policies indicates compliance gaps with GDPR. No incident response or security contact information is provided, limiting the organization's readiness for security events. Overall, the website is functional but basic, with moderate trustworthiness due to its long domain age and consistent WHOIS data. However, it lacks critical privacy and security policies, contact transparency, and modern technical implementations. Strategic improvements in security posture, privacy compliance, and user experience would enhance trust and compliance.

H

Harjumaa Omavalitsuste Liit

hol.ee

51

Harjumaa Omavalitsuste Liit is a regional non-profit organization established in 2010 to foster cooperation and joint project development among local governments in Harjumaa, Estonia. The website serves as an information hub for governance, education, culture, health, safety, and regional development initiatives. It targets local government representatives, educational and cultural institutions, and the general public within the Harjumaa region. The organization positions itself as a key regional cooperation leader with a focus on community well-being and development. Technically, the website is built on a modern stack including Laravel Livewire, jQuery, and various JavaScript libraries for UI enhancements. It employs Google reCAPTCHA v3 for form security and implements cookie consent mechanisms, reflecting a moderate level of digital maturity. The site is mobile-optimized with good navigation and content structure, though some accessibility features could be improved. From a security perspective, the site enforces HTTPS and includes CSRF tokens and reCAPTCHA to protect user inputs. However, some security headers are not explicitly detected, and there is no public incident response or vulnerability disclosure policy. No critical vulnerabilities were found in the analysis. Privacy compliance is strong with clear privacy and cookie policies aligned with GDPR requirements. Overall, the website presents a trustworthy and professional digital presence for a regional government entity. Recommendations include enhancing security headers, publishing incident response information, and considering a vulnerability disclosure policy to further strengthen security posture and transparency.

V

Viimsi vald

viimsi.ee

47

Viimsi vald is the official local government authority for the Viimsi municipality in Estonia, providing a wide range of public services including administration, education, social care, culture, and environmental management. The website serves residents and businesses in the region with comprehensive information, news, and access to municipal services. The site is well-structured and professionally designed, reflecting its role as a government portal. Technically, the site is built on Drupal 9 CMS and integrates modern analytics and tracking tools such as Google Analytics, Microsoft Clarity, and Facebook SDK, while maintaining GDPR-compliant cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response contacts are not published. Overall, the site demonstrates a mature digital presence suitable for a government entity, with clear contact information and consistent branding.

The website kalmistud.ee serves as the official Estonian cemetery portal, providing information and e-services related to cemeteries, burial places, and related administrative functions. It targets Estonian residents, municipalities, and cemetery administrators, offering a centralized platform for searching burial information and managing burial plots. The site is operated by Spin TEK AS, a registrar and hosting provider consistent with the domain registration data. Technically, the site uses modern web technologies including JavaScript and CKEditor, with a responsive and accessible design. Security posture is moderate with HTTPS enabled and CSRF protection on forms, but lacks visible security headers and comprehensive privacy compliance documentation. Overall, the site is functional and trustworthy but would benefit from enhanced privacy policies and security disclosures.

S

Synology Inc.

gofile.me

62

The analyzed page is an error page related to Synology's QuickConnect service, hosted under the domain gofile.me. The business behind the service is Synology Inc., a reputable technology company specializing in network-attached storage and related services. The page content is minimal and focused on troubleshooting connection issues, with no direct business or security policy information presented. The technical infrastructure includes AWS DNS hosting and JavaScript-based front-end components, with Google Analytics used for tracking. Security posture is moderate but could be improved by enabling DNSSEC, adding security headers, and publishing explicit security policies. Privacy compliance is basic, with a cookie policy and consent mechanism present but no privacy policy on this page. Overall, the domain registration is consistent and legitimate, with privacy protection justified for this business type.

The website keskkonnaamet.ee is currently inaccessible due to a Cloudflare Turnstile security challenge page that blocks direct access to the site's content. This prevents extraction of meaningful business, contact, or policy information. The domain is registered since 2010 with a reputable Estonian registrar, indicating legitimacy and a stable presence. The site appears to be a government-related entity based on the domain and WHOIS data, but no explicit business details or descriptions are available in the accessible content. Technically, the site uses Cloudflare services for security and performance, but no CMS or frameworks are detectable from the challenge page. Security posture is partially observable due to HTTPS and Cloudflare protection, but no security headers or policies are visible. Privacy and cookie policies are not found, and no contact information is exposed. Overall, the site is protected by a strong WAF, but this limits external analysis and transparency.

A

Ahula Pansionaat

ahulakodu.org

57

Ahula Pansionaat is a small healthcare service provider based in Estonia, offering general care services outside the home in a homely environment. The website is built on the Wix platform, indicating a moderate level of digital maturity with standard Wix technologies and frameworks. The site is accessible, mobile-optimized, and uses HTTPS, but lacks advanced security headers and privacy compliance features. The absence of WHOIS data limits the ability to fully verify domain legitimacy. Overall, the website presents a professional front for a local care facility but would benefit from enhanced security and compliance measures.

The website tamsalusport.ee is currently a parked domain page indicating that the domain is registered but not linked to any hosting service. It primarily serves as a placeholder to promote web hosting packages offered by Zone Media OÜ, the domain registrar and hosting provider. The site is multilingual, targeting Estonian, Russian, Finnish, and English speakers, and offers basic information about hosting plans including pricing and features. There is no active business content or contact information on the site, reflecting its placeholder status. From a technical perspective, the site uses standard HTML, CSS, and JavaScript with no advanced frameworks or CMS detected. The hosting provider is Zone Media OÜ, consistent with the WHOIS data. The site is mobile responsive and has basic SEO and accessibility features but lacks comprehensive metadata or structured data. Security headers are minimal, with only a Content-Security-Policy allowing unsafe-inline scripts, and DNSSEC is not enabled, which is a security gap. Security posture is limited due to the lack of HTTPS linkage on the domain, absence of security best practices, and no privacy or cookie policies. No forms or data collection mechanisms are present, reducing immediate privacy risks but also indicating no active user engagement. The WHOIS data shows a recent domain registration consistent with the placeholder nature of the site. There are no suspicious patterns or privacy protection used, and the registrant matches the hosting provider, supporting legitimacy. Overall, the site is low risk but also low value in terms of business credibility and privacy compliance. It is recommended to enable DNSSEC, implement HTTPS hosting, add privacy and cookie policies, and provide contact information to improve trust and compliance. Until the domain is linked to an active website, the site remains a basic parked domain page with limited content and security features.

V

Virumaa Koostöökogu

viko.ee

40

Virumaa Koostöökogu is a small Estonian non-profit organization focused on regional cooperation and rural development in the Virumaa area. Founded in 2006, it serves local municipalities and communities by managing projects, organizing events, and facilitating cooperation among stakeholders. The website reflects this mission with relevant content, event announcements, and organizational information. Technically, the site is built on WordPress using popular plugins such as WPBakery Page Builder and Slider Revolution, with integration of Google Analytics and Facebook Pixel for tracking. The site is mobile-optimized and SEO-friendly but lacks some accessibility features. Security posture is moderate with HTTPS enforced and use of reCAPTCHA, but missing important security headers and explicit security policies. Privacy compliance is weak due to absence of privacy and cookie policies and no visible consent mechanisms despite tracking scripts. Overall, the domain registration data aligns well with the website content, supporting legitimacy and trustworthiness.

The website eesti.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge page, which blocks direct content access. This page serves as a security gate to verify visitors before allowing access to the actual site content. The domain is registered to Zone Media OÜ, an Estonian registrar, with a creation date in 2010, consistent with a mature government portal. However, no business or contact information, privacy policies, or terms of service are visible on the challenge page, limiting the ability to assess compliance and business details. The technical infrastructure relies on Cloudflare services for CDN and security, including the Turnstile captcha mechanism. The security posture is moderate given the use of HTTPS and Cloudflare protections, but lacks visible security headers and policies. Overall, the site cannot be fully analyzed due to access restrictions, resulting in a low AI score and limited insights.

H

Häirekeskus

112.ee

65

Häirekeskus is the official Estonian Emergency Response Center responsible for managing emergency calls and coordinating emergency services such as ambulance, police, and rescue. The website serves as a public information portal providing emergency contact numbers, career opportunities, and safety guidance. It targets Estonian residents and visitors requiring emergency assistance, positioning itself as a critical government agency in public safety. The site is well-branded and consistent with government standards, offering content primarily in Estonian with English and Russian alternatives. Technically, the website is built on modern web technologies including Nuxt.js and Vue.js, ensuring good mobile optimization, accessibility, and SEO. The site loads with moderate performance and includes security best practices such as HTTPS enforcement and security headers. No major vulnerabilities or exposed sensitive data were detected. However, explicit cookie consent mechanisms and security policy disclosures could be improved. The security posture is strong with excellent SSL configuration and standard security headers. The absence of a published incident response or vulnerability disclosure policy is noted but not critical. WHOIS data confirms the domain's legitimacy and consistency with the Estonian government entity. Overall, the website demonstrates a mature digital presence with a high level of trustworthiness and professionalism. Strategic recommendations include implementing explicit cookie consent, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to enhance transparency and compliance. These improvements will further strengthen the site's security posture and user trust.

The website livekluster.ehr.ee is currently inaccessible beyond a Cloudflare security challenge page that requires human verification via Turnstile captcha. This indicates a strong security posture at the perimeter, likely to protect sensitive electronic health record (EHR) data. However, due to the content being blocked, no business or contact information, privacy policies, or terms of service are visible, limiting the ability to assess the company's market position or services. The technical infrastructure leverages Cloudflare's security and performance services, but the lack of visible content and metadata results in poor content quality and SEO. Security best practices are partially implemented through WAF and bot mitigation, but no additional security headers or policies are observable. Overall, the site demonstrates a high-security perimeter but lacks transparency and compliance disclosures in the accessible content.

T

The Hertz Corporation

hertz.co.uk

67

The Hertz Corporation operates a comprehensive car and van rental service platform targeting customers primarily in the UK and worldwide. The website offers a broad range of services including daily car hire, electric vehicles, long-term business rentals, and van hire, supported by loyalty programs such as Gold Plus Rewards. The site is professionally designed with good content quality and clear navigation, optimized for mobile devices. Technically, the platform leverages modern JavaScript frameworks, Google Tag Manager, Google Analytics, and Stripe for payments, alongside security tools like Google reCAPTCHA Enterprise and a cookie consent mechanism powered by Securiti.ai. Security posture is strong with HTTPS enforced and no visible vulnerabilities, although explicit security headers could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent banner. WHOIS data for the subdomain queried is unavailable due to Nominet rules, but the main domain is legitimate and consistent with the business. Overall, the website demonstrates a mature digital presence with robust security and privacy practices.

B

Budget Rent a Car

budget.com

75

Budget is a globally recognized car rental company operating under the Avis Budget Group umbrella. The website provides vehicle rental services including cars, trucks, and vans, targeting both leisure and business travelers. The brand maintains a strong market position with a professional online presence and comprehensive service offerings. Technically, the website employs modern JavaScript frameworks, integrates multiple analytics and marketing tools, and implements accessibility and privacy compliance features effectively. Security posture is robust with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not publicly available. The absence of WHOIS data is notable but does not detract from the overall legitimacy of the site given the brand's prominence. Strategic recommendations include publishing detailed security policies and incident response information to enhance trust and compliance.

E

Europcar

europcar.com

67

Europcar is a globally recognized leader in the vehicle rental industry, offering a wide range of car and van rental services across more than 140 countries with over 3835 locations. The company caters to both business and leisure travelers, providing flexible rental options, loyalty programs, and digital conveniences such as online check-in and mobile app bookings. The website reflects a mature digital presence with modern technologies and comprehensive content supporting its market position. Technically, the site uses advanced frameworks like Nuxt.js and integrates monitoring tools such as Dynatrace for performance and security insights. Security posture is strong with HTTPS enforcement and secure form handling, though explicit security policies and incident response information are not publicly disclosed. Privacy compliance is well addressed with detailed privacy and cookie policies and consent mechanisms. Overall, Europcar's website demonstrates a high level of professionalism, trustworthiness, and digital maturity, supporting its enterprise-scale operations.

O

Opinion System

opinionsystem.fr

53

Opinion System is a French independent survey organization specializing in verified customer reviews, positioning itself as a trusted third party between professionals and consumers, primarily in the service and real estate sectors. The company holds multiple ISO certifications, reinforcing its commitment to quality and transparency. The website reflects a professional and consistent brand image, targeting both consumers seeking trustworthy professionals and businesses looking to leverage customer feedback. Technically, the site uses modern JavaScript frameworks, Matomo analytics for tracking, and HubSpot forms for lead capture, hosted on AWS infrastructure. Security posture is good with HTTPS enforced and secure login forms, though explicit security headers and privacy policies are lacking. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness.

The domain xn--jgeva-dua.ee is registered with Zone Media OÜ, an Estonian registrar, since 2017. The website is currently inaccessible due to a Cloudflare security challenge page employing Turnstile captcha, which blocks access to actual content. No business-related content, contact information, or policies are visible, indicating the site is either under protection or not publicly available. The technical infrastructure relies on Cloudflare for security and performance, but lacks DNSSEC and security headers, which are recommended for enhanced security. The SSL configuration is basic but present. Overall, the website's digital maturity is low due to the lack of accessible content and minimal technical optimizations.

Jõhvi vallavalitsus operates as the official municipal government for the Jõhvi region in Estonia, providing a wide range of public services including governance, social welfare, education, cultural events, urban planning, and community engagement. The website serves as a comprehensive portal for residents and stakeholders to access information, participate in local initiatives, and stay informed about municipal activities. The target audience primarily consists of local residents, businesses, and visitors seeking official information and services. Technically, the website is built on the Liferay CMS platform, utilizing JavaScript, jQuery, Bootstrap, and Font Awesome for UI components and styling. It employs HTTPS for secure communication and integrates Google Analytics for visitor tracking. The site demonstrates good mobile responsiveness and clear navigation, although some technical debt is evident with the use of an outdated jQuery version, which could pose security risks. From a security perspective, the site benefits from HTTPS encryption and a cookie consent mechanism indicating GDPR awareness. However, it lacks visible security headers and explicit security or incident response policies. The absence of a vulnerability disclosure policy and the use of outdated libraries suggest areas for improvement. No critical vulnerabilities or blocking mechanisms were detected, and contact information is clearly provided, enhancing trust. Overall, the website is professional, trustworthy, and functional, serving its governmental role effectively. Strategic improvements in updating libraries, implementing security headers, and publishing comprehensive security policies would enhance its security posture and compliance standing.

V

Viimsi vald

viimsivald.ee

47

Viimsi vald is the official municipal government entity for the Viimsi region in Estonia, providing a broad range of public services including planning, social welfare, education, culture, and infrastructure management. The website serves as a comprehensive portal for residents and stakeholders, offering news, event information, service guides, and contact details. It maintains a strong local government presence with clear communication channels and social media integration. Technically, the website is built on Drupal 9 CMS, leveraging modern JavaScript libraries and analytics tools such as Google Analytics and Microsoft Clarity. The site is mobile-optimized and demonstrates good SEO and accessibility practices, although some accessibility features could be enhanced. Hosting and domain registration are consistent with a reputable Estonian registrar, Elkdata OÜ, supporting the site's legitimacy. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR requirements. However, it lacks explicit security policies, incident response contacts, and some recommended security headers, which could be improved to strengthen its security posture. No critical vulnerabilities or exposed sensitive data were detected. Overall, Viimsi vald's website is a trustworthy, well-structured government portal with good content quality and technical implementation. Strategic improvements in security headers, incident response transparency, and accessibility would further enhance its robustness and user trust.

Raasiku Vallavalitsus operates as the local government authority for Raasiku vald in Estonia, providing a broad range of public services including social welfare, education, environmental management, and urban planning. The website serves as an information hub for residents and stakeholders, offering news, contact details, e-services, and detailed sectoral information. The organization holds a stable market position as a small-sized governmental entity with a domain age consistent with its operational history since 2010. Technically, the website is built on the Liferay CMS platform, utilizing standard web technologies such as JavaScript, jQuery, Bootstrap, and Google Fonts. It is hosted under a reputable registrar, Telia Eesti AS, and employs HTTPS with a cookie consent mechanism, indicating a moderate level of digital maturity. Mobile optimization and SEO practices are adequately implemented, though accessibility features could be enhanced. From a security perspective, the site enforces HTTPS and includes a cookie consent banner, but lacks visible advanced security headers and explicit security or incident response policies. No critical vulnerabilities or exposed sensitive data were detected. The use of Google Analytics introduces moderate user tracking, balanced by privacy compliance measures including a privacy policy and cookie policy. Overall, the website presents a trustworthy and professional digital presence for a local government entity. Strategic recommendations include enhancing security headers, publishing incident response information, updating libraries regularly, and improving accessibility compliance to further strengthen the security posture and user trust.

A

AS PASAŽIERU VILCIENS

vivi.lv

54

AS Pasažieru Vilciens operates as the primary passenger rail service provider in Latvia, offering scheduled train routes including international connections such as Vilnius-Riga-Tallinn. The website serves as a portal for ticket purchases, route schedules, passenger information, and tourism-related content, targeting travelers and commuters in Latvia and neighboring countries. The business model centers on public transportation services with a focus on passenger convenience and digital ticketing via a mobile app. Technically, the website employs modern JavaScript libraries and UI components, ensuring good mobile optimization, accessibility, and SEO practices. The presence of cookie consent mechanisms and privacy policies indicates compliance with GDPR requirements. Security posture is adequate with HTTPS enabled and form validation scripts, though explicit security headers and incident response policies are not publicly visible. Overall, the website is professional, trustworthy, and well-aligned with the business's public transportation mission.