Security Directory

N

Novartis Foundation

novartisfoundation.org

70

The Novartis Foundation website presents a well-established non-profit organization focused on transforming population health through data and AI, with a strong emphasis on cardiovascular and urban health initiatives. The foundation operates under the umbrella of Novartis, a major pharmaceutical company, which enhances its credibility and market position. The website targets healthcare professionals, policymakers, and global health stakeholders, offering programs, toolkits, and innovation projects to improve health outcomes worldwide. Technically, the site is built on Drupal CMS and integrates modern analytics and marketing tools such as Google Tag Manager, TikTok Analytics, and Crazy Egg. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Privacy and cookie policies are comprehensive and include consent mechanisms, reflecting compliance with GDPR and related regulations. From a security perspective, the website enforces HTTPS and employs cookie consent banners, but lacks explicit security headers and publicly available security policies or incident response information. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected or unavailable, which is common for organizations of this type and does not raise immediate concerns. Overall, the website is professional, trustworthy, and aligned with the foundation's mission. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and implementing a vulnerability disclosure mechanism to further strengthen trust and security posture.

S

STEP

step.org

65

STEP is a globally recognized professional association dedicated to trust and estate planning professionals. The organization offers a comprehensive suite of educational qualifications, membership benefits, and professional development resources. Their website reflects a mature digital presence with a well-structured Drupal CMS platform, modern front-end technologies, and a focus on user experience and accessibility. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response information are not publicly detailed. Privacy and cookie policies are comprehensive and GDPR compliant, supporting trust and compliance. Overall, STEP presents as a credible, professional, and authoritative entity in its sector.

B

Boehringer Ingelheim

boehringer-ingelheim.cz

64

Boehringer Ingelheim is a large multinational pharmaceutical company focused on improving health for humans and animals. The Czech localized website presents professional branding and content consistent with a global healthcare provider. The technical infrastructure uses Drupal CMS and modern web technologies, with good mobile optimization and SEO practices. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, but lacks explicit security headers and published privacy or cookie policies. WHOIS data for the domain is missing, which reduces trustworthiness from a domain registration perspective but the website content and branding strongly indicate legitimacy. Overall, the site is professional and trustworthy but could improve transparency and security practices.

B

Boehringer Ingelheim

boehringer-ingelheim.com

64

Boehringer Ingelheim is a large global pharmaceutical company focused on improving life for people and animals through innovative healthcare products and research. The website reflects a mature digital presence with multilingual support and professional branding. Technically, the site uses Drupal CMS with modern web technologies and good performance optimizations. Security posture is strong with HTTPS, security headers, and secure forms, though explicit security policies and incident response details are not publicly disclosed. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The missing WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the website's quality and trust signals. Overall, the site is professional, secure, and compliant with minor areas for improvement in transparency and WHOIS data availability.

N

Novartis

novartis.com

62

Novartis is a global healthcare and pharmaceutical company focused on reimagining medicine to improve and extend lives. The website reflects a mature digital presence with comprehensive content, professional design, and consistent branding. It targets a broad audience including healthcare professionals, patients, and partners. The business model centers on pharmaceutical research, development, and healthcare innovation, positioning Novartis as a leader in the healthcare sector. Technically, the site is built on Drupal CMS and integrates multiple modern marketing and analytics tools such as Google Tag Manager, Crazy Egg, TikTok Pixel, and social media pixels. The site is mobile-optimized, accessible, and SEO-friendly, indicating a high level of digital maturity. Performance is moderate with room for optimization. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place. However, explicit security headers are not fully confirmed, and no public security policy or incident response contacts are visible. The WHOIS data is unavailable, which is unusual but the website's professional presentation and trusted external links support legitimacy. Overall, the site presents low risk with strong business credibility and privacy compliance. Strategic recommendations include enhancing transparency of security policies, verifying WHOIS data, and maintaining vigilance on third-party scripts.

S

Stallergenes AG

stallergenesgreer.ch

52

Stallergenes Greer Schweiz is a specialized pharmaceutical company focused on allergen immunotherapy and allergy management solutions in Switzerland. With over 20 years of market presence, it serves healthcare professionals, pharmacies, patient organizations, and allergy patients. The website reflects a professional and consistent brand image aligned with the parent Stallergenes Greer group. Technically, the site is built on Drupal CMS using established libraries such as jQuery, Bootstrap, and OwlCarousel, providing a moderate performance and good mobile optimization. Security posture is solid with HTTPS, captcha protections, and cookie consent mechanisms, though some security headers and explicit policies could be improved. Privacy compliance is well addressed with GDPR-aligned cookie consent and privacy policy pages. Overall, the site is trustworthy, professional, and well-suited for its healthcare audience.

S

Stallergenes Greer

stallergenesgreer.fr

47

Stallergenes Greer is a large international biopharmaceutical company specializing in allergen immunotherapy and allergy diagnostics, headquartered in Switzerland with a French localized website. The company positions itself as a global leader in allergy treatment, focusing on personalized medicine and patient support services. The website is professionally designed, mobile-optimized, and provides comprehensive information about their products, services, and corporate responsibility. Technically, the site uses Drupal CMS with modern JavaScript libraries and frameworks such as jQuery, Bootstrap, and OwlCarousel, ensuring a good user experience and moderate performance. Security posture is strong with HTTPS enforced and use of Google reCAPTCHA, although some security headers are missing and no explicit incident response or vulnerability disclosure information is present. Privacy compliance is well addressed with clear cookie consent mechanisms and GDPR-aligned policies. The absence of WHOIS data for the .fr domain is a concern and slightly reduces trustworthiness, but overall the site reflects a credible and professional business presence.

NTN Europe is a well-established manufacturer and provider of bearings, linear modules, and related industrial components, serving sectors such as automotive, aerospace, and manufacturing. The company offers a broad range of products and services including technical assistance, product analysis, and training, supported by online configurators and e-commerce tools. The website reflects a mature digital presence with a professional design, clear navigation, and multilingual support. Technically, the site is built on Drupal CMS, uses modern web technologies, and is hosted via a reputable registrar. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some advanced security headers and policies could be improved. Privacy compliance is strong with clear policies and GDPR-aligned consent. Overall, the site is trustworthy and professionally maintained, with no signs of malicious activity or content blocking.

T

The Australian National University

anu.edu.au

68

The Australian National University (ANU) is a leading educational institution in Australia, renowned for its research excellence and comprehensive academic offerings. The website serves a diverse audience including prospective and current students, researchers, and alumni, providing detailed information on study programs, research initiatives, and campus life. ANU maintains a strong market position as a top-tier university with extensive services and affiliations with prominent research alliances. Technically, the website is built on Drupal CMS and leverages modern web technologies including Font Awesome, Google Tag Manager, and OneTrust for consent management. The site is hosted on AWS Cloudfront CDN, ensuring fast performance and excellent mobile optimization. Accessibility and SEO practices are well implemented, contributing to a high-quality user experience. From a security perspective, the website enforces HTTPS and uses consent management tools to comply with privacy regulations. However, it lacks explicit security headers and publicly available security policies or incident response contacts. No vulnerability disclosure or security.txt files were found, indicating room for improvement in transparency and security communication. Overall, the website is professional, trustworthy, and well-maintained, with a strong focus on user experience and compliance. Strategic recommendations include enhancing security headers, publishing security policies, and establishing a vulnerability disclosure program to further strengthen the security posture and trustworthiness.

R

RX (Reed Exhibitions)

reedexhibitions.com

75

RX Global is a leading international event organizer operating over 350 events across 25 countries and 41 sectors. The company focuses on creating impactful business experiences and has a strong global footprint with multiple subsidiaries. Their website is professionally designed, mobile-optimized, and built on Drupal CMS with modern technologies. Privacy and cookie policies are comprehensive and GDPR compliant, supported by a consent mechanism. Security posture is good with HTTPS enforced and domain registration consistent with business claims. However, there is room for improvement in security headers and incident response transparency. Overall, RX Global presents a credible and trustworthy digital presence aligned with its enterprise market position.

A

Amundi Czech Republic Asset Management, a.s.

amundi.cz

63

Amundi Czech Republic Asset Management, a.s. operates a professional investment management website targeting Czech retail investors and financial advisors. The company is positioned as a leading European asset manager with a strong market presence and a comprehensive portfolio of investment products including funds, ETFs, and portfolio management services. The website demonstrates a mature digital infrastructure built on Drupal CMS with modern front-end frameworks and analytics tools, ensuring good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit security policies and incident response information are absent. The lack of WHOIS data reduces domain trustworthiness, but the overall site professionalism and branding consistency support legitimacy. Strategic recommendations include publishing security policies, incident response contacts, and improving domain registration transparency.

G

GOLF RESORT HRUBÁ BORŠA, s. r. o.

golfborsa.sk

41

Golfový klub Borša operates a well-established golf resort in Slovakia, offering a championship 18-hole golf course, memberships, accommodation, restaurant services, and various golf-related events and training. The website reflects a mature business with consistent branding and a clear focus on golf enthusiasts and hospitality clients. Technically, the site uses modern frameworks such as Bootstrap and Drupal CMS, with good mobile optimization and moderate performance. Security posture is adequate with HTTPS and DNSSEC enabled, but lacks some security headers and has minor mixed content issues. Privacy compliance is demonstrated through a comprehensive privacy policy and GDPR consent for newsletters, though cookie consent mechanisms are absent. Overall, the site is trustworthy and professional, with room for security and privacy enhancements.

S

Statutární město České Budějovice

c-budejovice.cz

51

The website www.c-budejovice.cz serves as the official online presence of the statutory city of České Budějovice, Czech Republic. It provides comprehensive information about city governance, public services, news, cultural events, and municipal resources targeted at residents, visitors, and local businesses. The site is well-branded with official logos and maintains consistent messaging aligned with its government function. The presence of social media links and a cookie consent mechanism indicates a commitment to user engagement and regulatory compliance. Technically, the site is built on the Drupal CMS platform, leveraging common web technologies such as jQuery, Google Analytics, and JW Player for multimedia content. The site is mobile-optimized with a moderate performance profile and basic accessibility features. However, some security best practices such as HTTP security headers are not visibly implemented, and WHOIS data for the domain is missing, which raises some concerns about domain registration transparency. From a security perspective, the site uses HTTPS and anonymizes IP addresses in analytics, which are positive indicators. The cookie consent banner complies with EU regulations, but there is no visible security policy or incident response information. No vulnerabilities or malware indicators were detected in the content. Overall, the site presents a moderate security posture with room for improvement in transparency and technical security controls. The overall risk assessment is moderate with a recommendation to verify domain registration details, implement additional security headers, and publish clear security and privacy policies. These steps would enhance trust and compliance, supporting the city’s digital service delivery and citizen engagement objectives.

G

Gas Networks Ireland

gasnetworks.ie

70

Gas Networks Ireland is a large, essential utility company operating the national gas network in Ireland, with a strategic focus on transitioning to renewable gases such as biomethane and green hydrogen. The company serves a broad audience including residential customers, businesses, large energy users, and the transport sector. Their website reflects a mature and professional digital presence with comprehensive information on services, safety, and corporate governance. Technically, the site is built on Drupal CMS, employs modern web technologies, and is optimized for mobile and accessibility. Security posture is strong with HTTPS, content security policies, and secure forms, though explicit security policies and incident response details are not published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high trustworthiness and professionalism, supporting the company's market position as a key energy infrastructure provider in Ireland.

V

Velcon s.r.o.

velcon.sk

58

Velcon s.r.o. is a Slovak company specializing in mobility aids such as stair lifts, lifting platforms, and barrier-free access solutions primarily for immobile persons and seniors. With over 22 years of experience and more than 7000 installations, Velcon holds a strong market position in Slovakia's healthcare and mobility sector. Their services include sales, installation, servicing, consulting, and assistance with state subsidies, supported by a comprehensive e-shop and rental options. The website is built on Drupal CMS and integrates modern web technologies and tracking tools, providing a good user experience with mobile optimization and clear navigation. Security posture is strong with HTTPS, security headers, and anti-bot measures, although no explicit security policy or incident response information is published. Privacy compliance is good with GDPR-aligned privacy and cookie policies. Overall, the website reflects a trustworthy and professional business with strong customer engagement through testimonials and partner affiliations.

H

ha-vel internet s.r.o.

ha-vel.cz

69

ha-vel internet s.r.o. is a Czech telecommunications company offering a broad range of services including data, voice, IT, and high-capacity internet connectivity. The company targets corporations, public administration, wholesale providers, and households, positioning itself as a reliable and quality-focused network operator with presence in over 50 cities in the Czech Republic. Their website reflects a professional business with clear service offerings and client references from notable companies such as GE Money Bank and Vodafone Czech Republic. Technically, the website is built on Drupal CMS using legacy jQuery libraries and includes cookie consent mechanisms compliant with GDPR. While HTTPS is used, security headers are not explicitly detected, and some modernization of the tech stack is advisable. The security posture is moderate with no visible vulnerabilities or exposed sensitive data. WHOIS data is not publicly available due to EURid privacy policies, but the domain and website content are consistent with a legitimate business. Overall, the site is safe, professional, and trustworthy, though improvements in security headers, mobile optimization, and explicit security policies would enhance the posture.

I

Incomaker s.r.o.

incomaker.com

61

Incomaker s.r.o. operates a sophisticated AI-driven marketing and sales automation platform targeting e-commerce, online media, travel agencies, and non-profit sectors. The company leverages machine learning to personalize marketing content and automate multi-channel campaigns, positioning itself as a competitive player in the marketing technology space since 2015. Their platform integrates with numerous popular e-commerce and CMS platforms, enhancing their market reach and usability. Technically, the website is built on Drupal CMS with Bootstrap for responsive design, incorporating modern analytics and tracking tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Smartlook session recording. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. Security practices include HTTPS enforcement and domain status protections, but DNSSEC is not enabled and security headers are not explicitly detected. Security posture is solid but could be improved by enabling DNSSEC and implementing comprehensive security headers. Privacy compliance is well addressed with clear privacy and cookie policies, GDPR compliance indicators, and visible contact information. The business credibility is high, supported by testimonials, media mentions, and EU funding acknowledgments. Overall, the website presents a professional, trustworthy, and technically competent digital presence with minor areas for security enhancement. The risk level is low, and the platform is suitable for business users seeking marketing automation solutions.

Č

České vysoké učení technické v Praze

cvut.cz

64

České vysoké učení technické v Praze (ČVUT) is a large, well-established technical university in the Czech Republic, recognized as one of the oldest and largest technical universities in Europe. The institution provides a broad range of higher education programs including bachelor, master, and doctoral studies, alongside active research and lifelong learning services. The website targets students, researchers, academic staff, and the general public interested in technical education and research. The business model is that of a public university focused on education and research services.

Č

Český telekomunikační úřad

ctu.cz

56

Český telekomunikační úřad (ČTÚ) is the official Czech government regulatory authority responsible for telecommunications, postal services, and radio spectrum management. The website serves as a comprehensive portal for consumers, businesses, and government entities, providing regulatory information, consumer protection resources, and access to various public services. The site is well-branded, professionally designed, and offers content in Czech and English, targeting a broad audience including consumers and industry stakeholders. Technically, the site is built on Drupal CMS with a modern tech stack including jQuery, Bootstrap, and Google APIs, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and explicit security policies could be improved. WHOIS data is unavailable likely due to registry policies, but the domain's .gov.cz extension and consistent official content strongly indicate legitimacy. Overall, the website is a trustworthy, professional government resource with good compliance and technical maturity.

M

Météo-France

meteofrance.com

60

Météo-France is the official French government meteorological agency providing comprehensive weather forecasts, climate information, and educational resources primarily for the French public and related stakeholders. The website is well-established with a domain age since 1997, reflecting its longstanding authority in meteorological services. The site offers detailed weather data including marine, mountain, and beach forecasts, as well as climate change insights and vigilance alerts. Technically, the site is built on Drupal CMS with modern mapping and consent management technologies, ensuring a good user experience across devices. Security posture is strong with HTTPS enforcement and security headers, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Privacy compliance is robust with a clear cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site demonstrates high professionalism, trustworthiness, and technical maturity suitable for a national public service entity.

I

International Year of Glaciers’ Preservation

un-glaciers.org

59

The website www.un-glaciers.org is an official United Nations initiative co-chaired by UNESCO and WMO, dedicated to the International Year of Glaciers' Preservation in 2025. It serves as an authoritative platform to raise global awareness about the critical role of glaciers in climate regulation and freshwater supply, targeting policymakers, researchers, and the general public. The site offers rich multimedia content, event information, and partner collaboration opportunities, reflecting a strong commitment to environmental education and international cooperation. Technically, the website is built on Drupal CMS with modern web technologies including responsive design, Google Tag Manager, and structured data for SEO. It demonstrates good mobile optimization and accessibility, although some security headers are not visibly implemented. HTTPS is enforced, and privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanisms. From a security perspective, the site shows a mature posture with no visible vulnerabilities or exposed sensitive data. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure information, which are recommended for further strengthening trust and compliance. Overall, the domain appears legitimate and trustworthy despite the absence of WHOIS data, likely due to privacy protection. The website's professional design, authoritative content, and UN affiliation position it as a credible source for glacier preservation information. Strategic recommendations include enhancing security headers, publishing security policies, and providing clearer contact information for incident response.

D

Decade of Action for Cryospheric Sciences

un-cryosphere.org

60

The website www.un-cryosphere.org represents the Decade of Action for Cryospheric Sciences (2025-2034), a United Nations-endorsed global initiative led by UNESCO to address the rapid melting of Earth's cryosphere. The initiative aims to coordinate scientific research, raise awareness, support vulnerable communities, and build global partnerships to protect glaciers, ice caps, snow, and permafrost. The site targets scientists, policymakers, Indigenous peoples, and the global public concerned with climate change and freshwater resources. Technically, the website is built on Drupal CMS, uses modern web technologies including Google Tag Manager and Google Analytics, and is optimized for mobile and accessibility. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response information are absent. WHOIS data is unavailable, likely due to privacy protection, but the domain's content and branding strongly indicate legitimacy as a UN initiative. Overall, the site is professional, trustworthy, and content-rich, supporting its mission to drive urgent climate action.

U

UNESCO

unesco.org

70

UNESCO is a specialized agency of the United Nations focused on promoting peace and security through international cooperation in education, science, culture, communication, and information. The website reflects its global mission with comprehensive content, multilingual support, and extensive resources including publications, events, and global initiatives. The organization holds a strong market position as a leading intergovernmental entity with a large global footprint. Technically, the website is built on Drupal CMS, leveraging modern web technologies such as Google Tag Manager and Google Analytics for tracking. The site is mobile-optimized, accessible, and well-structured, providing a positive user experience. Security posture is solid with HTTPS enforced and privacy policies in place, though some security headers and explicit incident response contacts could be improved. The WHOIS data is incomplete and malformed, which limits domain registration trust analysis. However, the website's branding, content quality, and official social media presence strongly support its legitimacy. No signs of malicious content or security vulnerabilities were detected. Overall, UNESCO's website demonstrates a mature digital presence aligned with its mission, though improvements in security transparency and domain registration data would enhance trust further.

Save the Children Federation, Inc. operates a comprehensive and professionally designed website focused on child welfare, humanitarian aid, and education. The organization is positioned as a leading non-profit with a century-long history, serving children in the U.S. and globally. The website effectively targets donors, volunteers, and partners with clear messaging and secure donation mechanisms. Technically, the site uses a modern Drupal CMS infrastructure with integrations for analytics and marketing, ensuring good performance and mobile optimization. Security posture is strong with HTTPS, security headers, and secure forms, though explicit security policies and incident response details are not published. Overall, the site demonstrates high trustworthiness and compliance with privacy regulations, including GDPR. The lack of WHOIS data is mitigated by strong on-site trust signals and recognized charity certifications.

I

Information und Technik Nordrhein-Westfalen

statistik.nrw

63

Statistik.NRW is the official statistical office for North Rhine-Westphalia, Germany's most populous state. It provides comprehensive social and economic data, serving government bodies, researchers, businesses, and the public. The website is professionally designed, well-structured, and offers extensive statistical content and services including databases, publications, and regional profiles. The parent organization is the Landesbetrieb IT.NRW, ensuring strong institutional backing. Technically, the site is built on Drupal CMS with modern JavaScript libraries and privacy-conscious analytics (Matomo). It is mobile-optimized and accessible, with a clear cookie consent mechanism. Security posture is good with HTTPS enforced and no obvious vulnerabilities, though some security headers could be improved. WHOIS data confirms legitimacy and consistency with the official entity. Overall, the site demonstrates a mature digital infrastructure and strong compliance with privacy regulations. It is trustworthy and reliable for users seeking official statistical information about NRW. Recommendations include enabling DNSSEC, publishing explicit security policies, and adding a vulnerability disclosure channel to further enhance security transparency.

L

Landesbetrieb Information und Technik Nordrhein-Westfalen (IT.NRW)

it.nrw

53

Landesbetrieb Information und Technik Nordrhein-Westfalen (IT.NRW) is the official IT service provider and statistical office for the German state of Nordrhein-Westfalen. The organization offers IT infrastructure, digital administration support, and statistical data services to government agencies and the public. The website reflects a mature digital presence with a focus on transparency, accessibility, and user engagement through multiple digital channels and social media. Technically, the site is built on Drupal CMS, uses Matomo for privacy-respecting analytics, and implements modern web standards including responsive design and cookie consent mechanisms. Security posture is strong with HTTPS enforced and privacy compliance evident, though some security headers could be improved. Overall, IT.NRW demonstrates a high level of professionalism and trustworthiness appropriate for a government entity.

M

MWEIMH Nordrhein-Westfalen

wirtschaft.nrw

65

The website wirtschaft.nrw is the official portal of the Ministry for Economic Affairs, Industry, Climate Protection and Energy of North Rhine-Westphalia, Germany. It serves as a comprehensive information hub for economic policy, industry, energy, climate protection, innovation, and digitalization initiatives within the state. The site targets businesses, entrepreneurs, policymakers, and the general public interested in these sectors. It is positioned as a trusted government source with extensive content and clear navigation. Technically, the site is built on Drupal CMS with modern web technologies including Bootstrap and Modernizr. It employs Matomo analytics with strong privacy controls respecting user consent and Do Not Track settings. The site is mobile-optimized, accessible, and performs moderately well. Hosting and domain registration are consistent with a German government entity. From a security perspective, the site uses HTTPS with good SSL configuration and cookie consent mechanisms. However, some security headers are not explicitly detected and DNSSEC is not enabled, which could be improved. There is no public security policy or incident response contact information visible. No vulnerabilities or suspicious content were found. Overall, wirtschaft.nrw demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations. It is a safe and reliable resource for its audience. Strategic recommendations include enabling DNSSEC, enhancing security headers, publishing a security.txt file, and improving incident response visibility to further strengthen its security posture.

C

College Board

collegeboard.org

80

College Board is a prominent non-profit organization dedicated to providing educational services, including the AP Program, SAT Suite, and college planning tools such as BigFuture. The organization serves students, educators, and professionals in the education sector, maintaining a leading position in standardized testing and college admissions support in the United States. The website reflects a mature digital presence with a professional design, comprehensive content, and a broad ecosystem of related subdomains supporting various services. Technically, the site is built on Drupal CMS, employs modern JavaScript libraries, and integrates privacy and consent management tools like OneTrust. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly detailed. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with privacy regulations, making it a reliable resource for its target audience.

P

Pomerleau Inc.

pomerleau.ca

53

Pomerleau Inc. is a leading Canadian construction company specializing in building, infrastructure, and civil engineering projects. Established in 2000, it has grown to become one of Canada's largest construction firms with revenues exceeding $4.8 billion in 2023. The company targets clients in various sectors including energy, transport, and real estate, offering comprehensive construction services with a focus on innovation and sustainability. The website reflects a professional and well-branded digital presence, supporting its market position and business model effectively. Technically, the website is built on Drupal CMS and integrates modern technologies such as Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is mobile-optimized, accessible, and SEO-friendly, with structured data enhancing content discoverability. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and employs a robust cookie consent mechanism, demonstrating good privacy compliance aligned with GDPR. However, there is an opportunity to enhance security posture by enabling DNSSEC, adding security headers, and publishing explicit security policies or incident response contacts. No critical vulnerabilities or suspicious indicators were detected. Overall, Pomerleau's website presents a trustworthy and professional front that aligns well with its business stature. Strategic recommendations include strengthening DNS security, enhancing HTTP security headers, and publishing formal security and incident response documentation to further build trust and compliance.

U

U.S. Treasury Inspector General for Tax Administration

tigta.gov

67

The U.S. Treasury Inspector General for Tax Administration (TIGTA) operates as an independent oversight body for the Internal Revenue Service (IRS), focusing on promoting integrity, efficiency, and detecting fraud, waste, and abuse within IRS programs. The website serves as an official communication channel to provide reports, investigations, and avenues for submitting complaints related to IRS operations. The site is positioned as a trusted government resource with a clear mission and audience comprising taxpayers, government officials, and stakeholders interested in tax administration oversight. Technically, the website is built on the Drupal CMS platform and leverages the U.S. Web Design System (USWDS) for consistent government styling and accessibility. It uses modern JavaScript libraries such as Slick Carousel and is supported by Akamai CDN services for performance and security. The site demonstrates good mobile optimization, accessibility, and SEO practices, although some improvements in cookie consent and security headers could enhance compliance and security posture. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and a published vulnerability disclosure or incident response policy, which are recommended best practices for government websites. The WHOIS data is unavailable due to .gov domain restrictions, but the domain's official status and consistent branding strongly support its legitimacy. Overall, the site maintains a high trust level with minor areas for improvement in privacy compliance and security transparency. The overall risk assessment is low, with recommendations focusing on enhancing security headers, implementing cookie consent mechanisms, and publishing security policies to strengthen user trust and regulatory compliance.

C

Connecting Up | Powered by Infoxchange

connectingup.org

69

Connecting Up, powered by Infoxchange, is a platform dedicated to providing donated and discounted technology to not-for-profit organizations. The website positions itself as an exclusive access point for non-profits to obtain software and technology from major providers such as Adobe, Microsoft, and Bitdefender. The business model focuses on supporting the non-profit sector by facilitating access to technology resources, enhancing their operational capabilities. The platform appears to be medium-sized and professionally branded, with consistent messaging and clear target audience focus. From a technical perspective, the website is built on Drupal CMS and utilizes modern front-end frameworks like Bootstrap. It integrates several analytics and marketing tools including Google Analytics, Facebook Pixel, Hotjar, and LinkedIn Insight Tag, indicating a moderate level of digital maturity and user tracking. The site is mobile optimized and demonstrates good SEO practices, though accessibility features are basic. Security-wise, the site enforces HTTPS and uses secure connections, but lacks visible security headers and explicit security policies such as incident response or vulnerability disclosure. No critical vulnerabilities or exposed sensitive data were detected in the provided content. Privacy compliance is limited, with no clear privacy or cookie policies found in the analyzed HTML content, which is a gap for GDPR and other regulations. Overall, the website is trustworthy and professional, serving a clear non-profit technology access purpose. Strategic improvements in privacy compliance, security headers, and incident response transparency would enhance its security posture and regulatory alignment.

G

Green Climate Fund

greenclimate.fund

73

The Green Climate Fund (GCF) is an international climate finance organization dedicated to mobilizing and delivering capital to developing countries to support climate change mitigation and adaptation projects. The website reflects a well-established global entity with a strong market position as a leading climate fund. It offers comprehensive information on projects, governance, funding modalities, and partnerships, targeting governments, accredited entities, and climate finance stakeholders. Technically, the website is built on Drupal CMS with modern web technologies including Bootstrap, Modernizr, and advanced analytics tools such as Microsoft Clarity and Google Tag Manager. The site is mobile-optimized, accessible, and demonstrates good SEO practices. Performance is moderate with room for optimization. From a security perspective, the site enforces HTTPS and does not expose sensitive data. However, explicit security headers and vulnerability disclosure mechanisms are not evident. Privacy and cookie policies are present with consent mechanisms, indicating good compliance with GDPR and related regulations. Overall, the website presents a professional, trustworthy, and content-rich platform aligned with the organization's mission. The lack of WHOIS data is mitigated by the organization's global reputation and transparent content. Strategic recommendations include enhancing security headers, publishing a security.txt file, and providing clearer incident response contacts to strengthen security posture and trust.

M

Missouri Department of Natural Resources

mostateparks.com

66

The Missouri State Parks website is an official government platform managed by the Missouri Department of Natural Resources, providing comprehensive information about state parks, historic sites, activities, reservations, and visitor resources. The site targets a broad audience including residents, tourists, and outdoor enthusiasts, positioning itself as the primary authoritative source for Missouri State Parks. The business model is a government-operated public service with a large scope and long-established presence since 1999. Technically, the website is built on Drupal CMS with a modern tech stack including jQuery, Google Maps API, and various JavaScript libraries for enhanced user experience. Performance is moderate with good mobile optimization and basic accessibility features. The site uses third-party analytics and monitoring tools such as Google Analytics and New Relic, indicating a mature digital infrastructure. From a security perspective, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and visible security headers like CSP or HSTS. There is no visible privacy or cookie policy, which is a compliance gap. No incident response or security contact information is provided. No WAF or blocking mechanisms are detected, and no suspicious content or vulnerabilities are apparent. Overall, the website is professional, trustworthy, and content-rich but would benefit from enhanced privacy compliance and security hardening. The risk level is low, but improvements in security headers, DNSSEC, and privacy disclosures are recommended.

D

D-Trust GmbH

d-trust.net

63

D-Trust GmbH is a qualified trust service provider and a subsidiary of the Bundesdruckerei Group, specializing in secure digital identities and eIDAS-compliant trust services such as electronic signatures, certificates, and secure data management solutions. The company targets businesses, government entities, and private users requiring secure digital processes, particularly in healthcare and government sectors. The website is professionally designed, well-structured, and provides comprehensive information about products and services, including recent news and press releases indicating active business operations. Technically, the site is built on Drupal CMS with Bootstrap 5, optimized for mobile, and employs eTracker analytics with GDPR-compliant cookie consent mechanisms. Security posture is strong with HTTPS and good practices, though explicit security headers could be improved. WHOIS data is missing or inaccessible, which is inconsistent with the active and professional website presence, suggesting a possible WHOIS query or registry issue rather than illegitimacy. Overall, the site is trustworthy and credible, but domain registration status should be verified through alternate WHOIS sources.

B

Bundesdruckerei GmbH

bdr.de

67

Bundesdruckerei GmbH is a large, government-affiliated technology company specializing in secure digital identity solutions, cybersecurity, and digitalization services primarily for public sector and sensitive economic sectors in Germany. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation. It highlights the company's role as a trusted technology provider for the German government and its subsidiaries. The technical infrastructure is modern, based on Drupal CMS and Bootstrap 5, with good mobile optimization and accessibility. Security posture is strong with HTTPS enforced, cookie compliance, and vulnerability disclosure mechanisms, though some security headers could be more explicit. Overall, the site demonstrates high professionalism and trustworthiness with no signs of blocking or suspicious activity.

B

Bundesdruckerei GmbH

bundesdruckerei.de

69

Bundesdruckerei GmbH is a large, government-affiliated technology company specializing in secure digital identity solutions, cybersecurity, and digital transformation services primarily for public sector and critical industries in Germany. The company holds a strong market position as the largest cross-departmental federal enterprise in digitalization with approximately 1300 employees. Their offerings include identification systems, IT security, trusted services, and digital infrastructure solutions. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional branding consistent with their government ties. Technically, the site is built on Drupal CMS with Bootstrap 5, optimized for mobile, and integrates eTracker analytics with privacy-conscious cookie consent mechanisms. Security posture is strong with HTTPS enforced, nonce usage in scripts, and a dedicated vulnerability disclosure page, though explicit security headers could be more visible. Overall, the domain registration data aligns well with the business identity, supporting legitimacy and trustworthiness.

C

Cancer Research UK

cancerresearchuk.org

60

Cancer Research UK is a leading independent non-profit cancer charity based in the UK, dedicated to saving lives through funding cancer research, providing information, and engaging the public in fundraising and volunteering. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. It serves a broad audience including patients, researchers, donors, and volunteers. Technically, the site is built on Drupal CMS with modern JavaScript libraries and frameworks, and employs Google Tag Manager and OneTrust for analytics and privacy compliance. Security posture is strong with HTTPS enforced and secure form handling, though explicit security headers could be more visible. Privacy and cookie policies are comprehensive and GDPR compliant. WHOIS data is unavailable, likely due to privacy protection, which is justified for this type of organization. Overall, the site is professional, trustworthy, and well-maintained.

A

Autorité des marchés financiers

amf-france.org

72

The Autorité des marchés financiers (AMF) is the French financial markets regulatory authority responsible for protecting savings, informing investors, and ensuring the proper functioning of financial markets. The website serves as a comprehensive portal offering regulatory information, news, sanctions, and resources for both professionals and the general public. It holds a strong market position as a key government entity in the finance sector in France. Technically, the website is built on Drupal CMS with modern JavaScript libraries and includes cookie consent management tools. It is mobile-optimized, accessible, and performs moderately well. The site uses HTTPS with good SSL configuration and employs some security best practices, although explicit security headers are not fully confirmed. From a security perspective, the site shows a mature posture with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong with clear GDPR-aligned policies and cookie consent mechanisms. However, WHOIS data is unavailable or malformed, which limits domain registration verification and slightly impacts trustworthiness. Overall, the website is professional, trustworthy, and well-maintained, serving its regulatory and informational role effectively. Strategic recommendations include enhancing security header implementation, improving incident response visibility, and publishing vulnerability disclosure information to further strengthen security and trust.

D

Development Bank of Southern Africa

dbsa.org

70

The Development Bank of Southern Africa (DBSA) is a government-owned development finance institution focused on financing infrastructure projects to promote economic prosperity in Southern Africa. The website reflects a mature digital presence with comprehensive information about their services, sectors, and projects. The organization positions itself as a key player in infrastructure finance, climate financing, and sustainable development, targeting governments, municipalities, and investors across Africa. The site is well-branded, professionally designed, and offers multiple contact channels including forms, phone numbers, and social media links. Technically, the website is built on Drupal CMS and leverages modern web technologies such as lazy loading, Google Analytics, Google Tag Manager, and reCAPTCHA v3 for security on forms. The site is mobile optimized and accessible, with good SEO practices evident from meta tags and structured data. However, security headers are not detected in the provided data, which is an area for improvement. From a security perspective, the site uses HTTPS and implements anti-bot measures on forms, but lacks a published vulnerability disclosure or incident response contact information. The WHOIS data is unavailable or malformed, likely due to privacy protection, which is common for government entities. Overall, the site demonstrates a strong security posture but could enhance transparency and security header implementation. The overall risk assessment is low, with recommendations to improve security headers, publish vulnerability disclosure policies, and provide incident response contacts to further enhance trust and compliance. The website is professional, trustworthy, and aligns well with the organization's mission and government ownership.

S

SAP Concur

concur.com

74

SAP Concur is a leading provider of spend management software, integrating travel, expense, and invoice management on a unified platform. The company targets businesses of all sizes, offering AI-enabled tools to simplify and automate spend processes. As a subsidiary of SAP, Concur holds a strong market position with a comprehensive suite of products and global reach. The website reflects a mature digital presence with extensive product information, customer case studies, and multiple regional versions. Technically, the site is built on Drupal CMS with modern JavaScript libraries and integrates advanced analytics and performance monitoring tools such as New Relic and Adobe Target. The presence of TrustArc for cookie consent and Google reCAPTCHA for form security indicates a focus on privacy and security compliance. The site is mobile-optimized and accessible, providing a professional user experience. Security posture is strong with HTTPS enforced, security headers present, and no visible vulnerabilities. However, the absence of explicit security policy or incident response information is noted. Privacy compliance is well addressed with GDPR-consistent policies and consent mechanisms. Overall, the site demonstrates high trustworthiness and professionalism. Recommendations include publishing a dedicated security policy and vulnerability disclosure page, enhancing transparency around incident response, and maintaining continuous monitoring of third-party scripts and integrations to mitigate risks.

The African Development Bank Group is a prominent regional multilateral development finance institution dedicated to fostering economic development and social progress across African countries. The website reflects a mature digital presence with comprehensive content including news, reports, projects, and sectoral information, targeting governments, investors, academia, and civil society. The institution's market position is strong, supported by extensive documentation and active engagement on multiple social media platforms. Technically, the website is built on Drupal CMS with modern libraries such as Bootstrap and Font Awesome, and integrates analytics tools like Google Analytics and Hotjar for user behavior insights. The site demonstrates good performance, mobile optimization, and accessibility features, ensuring a positive user experience. From a security perspective, the site enforces HTTPS, employs standard security headers, and avoids exposing sensitive data. However, explicit security policies and incident response contacts are not publicly detailed, representing an area for improvement. Privacy and cookie policies are present and appear GDPR compliant, enhancing user trust. Overall, the website is professional, trustworthy, and well-maintained, though the absence of WHOIS data limits domain registration verification. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and enhancing transparency around data retention and incident response.

The United Nations Development Programme (UNDP) website serves as the official digital presence of the UN's lead agency on international development. It provides extensive information about UNDP's mission to eradicate poverty, reduce inequalities, and promote sustainable development across more than 170 countries and territories. The site is well-structured, professionally designed, and targets a broad audience including governments, development partners, and the general public. It offers key services such as policy advice, capacity building, and partnership facilitation, positioning itself as a global leader in development efforts. Technically, the website is built on the Drupal CMS platform and leverages modern web technologies including Google Tag Manager, Google Analytics, Facebook Pixel, and Akamai CDN for performance and analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, ensuring a positive user experience across devices. Performance is moderate, with asynchronous loading of scripts and use of content delivery networks. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes essential security headers such as Content-Security-Policy and Strict-Transport-Security. No exposed sensitive data or vulnerable libraries were detected. Privacy compliance is robust, with clear privacy and cookie policies and GDPR adherence. However, the absence of a public vulnerability disclosure policy and incident response contact details suggests room for improvement. Overall, the website reflects a mature and trustworthy digital asset consistent with the UNDP's global stature. The lack of WHOIS data is likely due to privacy protection and does not detract from the site's legitimacy. Strategic recommendations include enhancing transparency around security incident response, tightening CSP policies, and continuous monitoring of third-party scripts to maintain security posture.

E

Eurazeo

eurazeo.com

72

Eurazeo is a prominent investment group specializing in private markets asset management, including private equity, private debt, and real assets. Positioned as a leading private asset manager in Europe, Eurazeo offers a range of investment services aimed at supporting business growth and development. The website reflects a professional and comprehensive digital presence targeting investors, shareholders, and businesses seeking investment opportunities. Technically, the website leverages modern technologies such as Drupal CMS, Google Analytics, Google Tag Manager, and Cookiebot for consent management. The site demonstrates good mobile optimization, accessibility, and SEO practices, contributing to a positive user experience. Performance is moderate, with lazy loading implemented for images. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. However, explicit security headers are not clearly visible in the provided content, and no dedicated security policy or incident response contact information is found. The absence of WHOIS data for the domain raises concerns about domain registration transparency, which slightly impacts trustworthiness. Overall, Eurazeo's website is professional, secure, and privacy compliant, but it would benefit from enhanced transparency regarding domain registration and explicit security policies to strengthen trust and compliance.

C

Centre national d'études spatiales

cnes.fr

68

The CNES website represents the official digital presence of the Centre national d'études spatiales, the French national space agency. It serves as an informational and educational platform providing comprehensive details about France's space strategy, projects, and public policies related to space. The site targets a broad audience including government entities, scientists, educators, students, and the general public. The agency holds a strong market position as a key player in European and international space activities. Technically, the website is built on Drupal CMS, employs modern web standards, and integrates privacy-focused analytics and cookie consent mechanisms, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and minimal third-party tracking, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with GDPR and French government web standards.

M

Ministerium für Arbeit, Gesundheit und Soziales des Landes Nordrhein-Westfalen

mags.nrw

68

The website https://mags.nrw/ is the official digital presence of the Ministry for Labor, Health, and Social Affairs of the German state North Rhine-Westphalia. It serves as a comprehensive information portal for citizens and institutions, providing news, press releases, and access to government programs related to labor, health, and social welfare. The site is well-branded, professionally designed, and highly accessible, reflecting its government status and public service mission. Technically, it is built on Drupal CMS with modern frameworks like Bootstrap and uses Matomo for privacy-conscious analytics. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. The domain registration aligns perfectly with the ministry's identity, enhancing trust and legitimacy. Overall, the site demonstrates a mature digital infrastructure suitable for a government entity, with excellent content quality and user experience.

P

Polska Agencja Prasowa SA

pap.pl

62

Polska Agencja Prasowa SA operates the website pap.pl, the largest news agency portal in Poland, providing comprehensive and objective news coverage domestically and internationally. The site offers a variety of news categories including business, health, science, culture, and sports, enriched with multimedia content such as photos and videos. The company holds a strong market position as a key media entity in Poland, targeting a general audience with timely and relevant news content. Technically, the website is built on Drupal CMS and employs modern web technologies including Google Tag Manager and Hotjar for analytics and user behavior tracking. The site is mobile-optimized and features a clear navigation structure, although some accessibility features could be improved. Security posture is moderate with HTTPS usage and cookie consent mechanisms in place, but lacks visible security headers and explicit security policies. WHOIS data is unavailable, likely due to privacy protection, but the website's professional presentation and official social media presence support its legitimacy. Overall, the site is a reliable and professional media platform with room for enhancement in privacy transparency and security best practices.

U

University of Cambridge

cam.ac.uk

71

The University of Cambridge website represents a globally recognized educational institution with a rich history dating back to 1209. The site offers comprehensive information about undergraduate and postgraduate studies, research, alumni, and public engagement. It targets prospective students, researchers, alumni, and the general public interested in higher education and research. The business model is centered on education and research services, maintaining a prestigious market position as a world-leading university. Technically, the website is built on Drupal CMS with modern web technologies including jQuery and Bootstrap. It integrates Google Tag Manager and New Relic for analytics and performance monitoring. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience with fast loading times and clear navigation. From a security perspective, the site enforces HTTPS and uses monitoring tools but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms, aligned with GDPR requirements. Overall, the website is professional, trustworthy, and well-maintained, with no signs of malicious activity or content safety concerns. The absence of WHOIS data is likely due to privacy protection, which is justified for an institution of this nature. Strategic recommendations include enhancing security header implementation, publishing security policies, and adding vulnerability disclosure information to further strengthen trust and security posture.

V

Viaplay Group

viaplaygroup.com

72

Viaplay Group is a leading Nordic entertainment provider offering streaming services, TV channels, and radio stations across multiple countries. The company targets a broad audience with a focus on live sports, films, series, and music content. The website demonstrates a mature digital presence with a professional design, clear navigation, and comprehensive corporate information including investor relations and sustainability efforts. Technically, the site uses Drupal CMS and integrates modern analytics and marketing tools, ensuring good performance and mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and incident response policies are not evident. The absence of WHOIS data reduces domain trust slightly, but the overall business credibility remains high due to transparent corporate disclosures and Nasdaq listing. Strategic recommendations include enhancing security headers, publishing incident response details, and improving contact information visibility.

Deroma is a well-established Italian company specializing in the manufacturing and sale of gardening pots, with a history spanning over 60 years. The company operates internationally and emphasizes craftsmanship and sustainability in its product offerings. The website reflects a mature business with consistent branding and a clear focus on its target audience of gardeners and retailers. The presence of multiple language options and detailed corporate information supports its international market position. Technically, the website is built on Drupal CMS with standard modern web technologies such as jQuery and integrates Google Analytics and Tag Manager for tracking. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is solid with HTTPS enabled and domain transfer protections in place, though improvements could be made by enabling DNSSEC and adding security headers. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR considerations. Overall, the domain registration data aligns well with the business claims, supporting the legitimacy of the site.