Security Directory

C

Conservation International

conservation.org

77

Conservation International is a well-established non-profit organization founded in 1987, dedicated to protecting oceans, forests, and other vital ecosystems globally. The organization targets a broad audience including donors, environmental advocates, and the general public. Their business model focuses on conservation efforts, scientific research, community partnerships, and advocacy. The website reflects a mature digital presence with integrated donation capabilities and active social media engagement. Technically, the website is built on the Sitefinity CMS platform, utilizing modern technologies such as Bootstrap, jQuery, and various third-party widgets for fundraising and analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, supported by comprehensive privacy and cookie policies with user consent mechanisms. From a security perspective, the site enforces HTTPS, employs standard security headers, and avoids exposing sensitive data. However, it lacks publicly available security policies, incident response details, and vulnerability disclosure mechanisms, which are recommended for enhanced transparency and trust. Overall, the website is professional, trustworthy, and secure, with minor areas for improvement in security communication and incident handling. The absence of WHOIS data is due to privacy protection, which is justified for this type of organization. The domain and website content align well, supporting a high legitimacy score.

BetterDays srl is a well-established creative agency based in Milan, Italy, specializing in the design and production of live events, communication projects, editorial content, and professional development within the Italian music sector. With over 20 years of experience, the company targets a young, urban, and innovative audience. Their market position is strong within the creative and media industries, supported by a portfolio of notable projects and partnerships with recognized brands and organizations. The website reflects a professional and consistent brand image, with clear business information and active social media presence. Technically, the website is built on WordPress with modern web technologies including Yoast SEO, Swiper.js, and Quantcast Choice for GDPR-compliant cookie consent. The site is mobile-optimized and demonstrates good SEO practices. Performance is moderate, with room for improvement in accessibility features. Security posture is solid with HTTPS enforced, DNSSEC enabled, and no visible vulnerabilities or exposed sensitive data. However, the site lacks explicit security headers and a formal security policy. Overall, the security posture is good, with GDPR compliance evident through consent management and privacy policy availability. No incident response or vulnerability disclosure policies are found, which could be areas for enhancement. The domain registration data is consistent with the business claims, showing legitimacy and trustworthiness. The website content is safe for general audiences, with no adult or questionable content detected. Strategic recommendations include implementing security headers, publishing a vulnerability disclosure policy, enhancing accessibility, and continuing to maintain GDPR compliance. These steps will further strengthen the company's digital maturity and trustworthiness.

A

Anketa Žebřík – Hlasování, vyhlášení, redakční tipy!

anketazebrik.cz

40

Anketa Žebřík is a Czech music awards website with over thirty years of tradition, providing information about voting, nominations, results, and event announcements related to the Žebřík music awards. The site targets Czech-speaking music fans and operates as an informational and promotional platform for the awards. Technically, the website is built on WordPress with Elementor and Astra theme, integrating modern web technologies and third-party services such as Google Analytics and Seznam advertising. The site is mobile-optimized and offers a good user experience with clear navigation and professional design. Security-wise, the site uses HTTPS and avoids exposing sensitive data, but lacks some security headers and explicit privacy and cookie policies, which are recommended for compliance and trust. The absence of WHOIS data limits the ability to fully verify domain legitimacy, though the website content and social media presence suggest an established entity. Overall, the site is functional and professional but would benefit from enhanced privacy compliance and clearer contact information.

F

Frogs & Friends e.V.

frogs-friends.org

50

Frogs & Friends e.V. is a German non-profit organization dedicated to amphibian conservation and public awareness through innovative media and interactive content. The website serves as an educational platform offering rich multimedia resources, project videos, exhibitions, and opportunities for citizen participation. The organization targets a general audience interested in environmental conservation and amphibians. Technically, the website employs AngularJS, integrates YouTube APIs, and uses Matomo for privacy-conscious analytics. The site is mobile-optimized with good navigation and content quality, though accessibility features could be improved. Security posture is moderate with HTTPS implied but lacking explicit security headers and incident response policies. WHOIS data is unavailable due to privacy protection, which is typical for non-profits. Overall, the site is trustworthy, professional, and safe for general audiences.

S

SEMAE Village Semence

villagesemence.fr

10

SEMAE Village Semence operates as a specialized media platform focused on the agricultural seed and plant sector in France. The website serves as an information hub, providing broadcasts, event coverage, and educational content related to seeds and food sovereignty. It targets agricultural professionals, industry stakeholders, and the interested public. The company maintains a consistent brand presence across multiple social media platforms and organizes or participates in significant agricultural events such as the Salon International de l’Agriculture. Technically, the website is built on WordPress using the Divi theme and incorporates modern web technologies including Google Analytics for tracking and Tarteaucitron for cookie consent management. The site is mobile-optimized and demonstrates good SEO practices. Security-wise, the site enforces HTTPS and implements cookie consent but lacks some advanced security headers, suggesting room for improvement in hardening its security posture. The WHOIS data is not publicly available, indicating privacy protection which is common and justified for this type of business. No suspicious or malicious indicators were found. The website content is safe for general audiences, with no adult or questionable material detected. Overall, the site presents a professional and trustworthy digital presence for its niche agricultural media business.

The U.S. Securities and Exchange Commission (SEC) operates the website www.sec.gov as the official federal government portal for securities regulation, investor protection, and market oversight. The site provides comprehensive resources including filings search, rulemaking activities, enforcement news, and educational materials targeted at investors, businesses, and market participants. The SEC is a large, enterprise-level government agency with a long-standing history dating back to 1934, reflected in the authoritative and professional content presented on the site. Technically, the website is built on the Drupal CMS platform, leveraging the U.S. Web Design System (USWDS) for accessibility and responsive design. It integrates modern analytics and tracking tools such as Google Tag Manager and YouTube APIs, ensuring a rich user experience with fast performance and excellent mobile optimization. The site is hosted likely on government infrastructure or via Akamai CDN, ensuring reliability and security. From a security perspective, the site enforces HTTPS and demonstrates good security practices including secure forms and no visible vulnerabilities. While explicit security headers were not fully confirmed in the provided content, the overall posture is strong, consistent with a government entity. Privacy and cookie policies were not explicitly found in the provided HTML snippet, which slightly impacts privacy compliance scoring. Overall, the SEC website is a highly credible, trustworthy, and professionally maintained government resource. It effectively serves its mission to protect investors and maintain market integrity. Strategic recommendations include publishing explicit privacy and cookie policies prominently, ensuring all security headers are set, and maintaining vigilance on third-party scripts to uphold security standards.

L

Lidl Polska

lidl.pl

57

Lidl Polska operates as a major retail supermarket chain in Poland, offering daily deals and a broad product range to general consumers. The website reflects a professional retail business with consistent branding and a focus on customer engagement through promotions and online shopping capabilities. Technically, the site employs modern JavaScript libraries, including YouTube iframe API for media content, OneTrust for cookie consent management, and Kameleoon for A/B testing, indicating a mature digital infrastructure. Security-wise, the site uses HTTPS and cookie consent mechanisms, but lacks visible advanced security headers or a published security policy, suggesting room for improvement in security transparency and incident response readiness. Overall, the domain and website align with a reputable enterprise retail brand, with no signs of blocking or WAF interference, supporting a high legitimacy score and a moderate to good security posture.

C

Cabinet Dreyfus

dreyfus.fr

61

Cabinet Dreyfus is a specialized consulting firm based in Paris, focusing on intellectual property, industrial property, and new technologies. The firm targets businesses and professionals seeking expert legal advice in these domains. Their website reflects a professional boutique consultancy with clear service offerings and a strong emphasis on privacy and compliance. Technically, the website is built on WordPress using Elementor, integrating modern analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, and Rank Math SEO. Security posture is solid with HTTPS, security headers, and reCAPTCHA protections, though lacking a dedicated security policy or incident response information. Overall, the site is well-structured, GDPR compliant, and trustworthy, with no signs of blocking or malicious activity.

E

Eiffage

eiffageconcessions.com

58

Eiffage Concessions operates as a key division within the Eiffage group, focusing on infrastructure concessions such as roads, railways, ports, and airports. The company positions itself as a strategic partner for transition projects and infrastructure management, serving public and private sector clients. The website reflects a mature enterprise with consistent branding and a professional digital presence. Technically, the site employs modern JavaScript libraries and analytics tools, with a cookie consent mechanism indicating GDPR awareness. However, the absence of WHOIS data and explicit contact information slightly detracts from transparency and trust. Security measures like reCAPTCHA are in place, but the lack of visible security headers and incident response information suggests room for improvement. Overall, the site is accessible, well-structured, and aligned with corporate standards, but enhancing security disclosures and registrant transparency would strengthen its risk posture.

E

Eiffage

eiffageenergiesystemes.com

65

Eiffage Énergie Systèmes is a French enterprise specializing in the design, realization, operation, and maintenance of electrical, industrial, climatic, and energy engineering systems. As part of the larger Eiffage group, it serves key markets including industry, infrastructure, cities, and the tertiary sector, offering tailored solutions. The website reflects a mature digital presence with professional design, clear navigation, and compliance with privacy regulations, including GDPR. The technical infrastructure leverages modern JavaScript libraries, analytics tools, and cookie consent frameworks, indicating a well-maintained platform. Security posture is strong with HTTPS enforcement, reCAPTCHA integration, and user alerts about fraud attempts, though explicit security headers and incident response contacts are not evident. The absence of WHOIS data is a notable anomaly, suggesting either privacy protection or recent registration, which slightly impacts trust but is mitigated by consistent branding and linked official domains. Overall, the site demonstrates a solid business and technical foundation with room for enhanced transparency in security policies.

E

Eiffage

eiffagerail.com

58

Eiffage Rail is a large French company specializing in the design, construction, maintenance, and management of railway infrastructure both in France and internationally. It operates as a key partner to public and private railway transport operators, offering a comprehensive range of services including track construction, renewal, catenary systems, safety, and equipment maintenance. The company is part of the larger Eiffage group, a well-established construction and infrastructure conglomerate with multiple subsidiaries. The website reflects a professional and consistent corporate identity, emphasizing certifications and trustworthiness. Technically, the website uses a modern tech stack including jQuery, video APIs, Google reCAPTCHA, and consent management tools, built on the Jahia CMS platform. It is mobile-optimized with good SEO and basic accessibility features. Security posture is strong with HTTPS, reCAPTCHA, and cookie consent, though explicit security headers and incident response information are lacking. The WHOIS data is unavailable, which raises some concerns about domain registration transparency; however, the website content and branding strongly align with the legitimate Eiffage Rail business. No blocking or WAF challenges were detected, and the site is fully accessible. Privacy and cookie policies are present and GDPR compliant. Overall, the site is trustworthy and professionally maintained, with room for improvement in security policy transparency and accessibility. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, improving accessibility compliance, and providing explicit data protection officer contact details to strengthen trust and compliance.

E

Eiffage

eiffagemetal.com

56

Eiffage Métal is a leading French industrial construction company specializing in turnkey metal construction projects, including offshore wind energy, buildings, hydraulic and industrial works. It operates as a subsidiary of the Eiffage group with a strong market position supported by prestigious projects and a comprehensive service offering. The website demonstrates a mature digital presence with modern technologies, good content quality, and GDPR-compliant privacy and cookie policies. Security posture is solid with HTTPS and CAPTCHA protections, though explicit security headers and incident response information are lacking. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, but the overall branding and ecosystem affiliation support the company's credibility. Strategic recommendations include enhancing security headers, publishing security policies, and verifying domain registration details.

E

Eiffage

eiffagegeniecivil.com

58

Eiffage Génie Civil is a division of the Eiffage Group specializing in the design, construction, and maintenance of civil engineering infrastructures both terrestrial and maritime across France, Europe, and internationally. The company offers a broad range of services including demolition, depollution, deep foundations, nuclear industrial civil engineering, water and environmental engineering, pipelines, and maritime works. It targets business and public sector clients requiring large-scale infrastructure projects. The website reflects a large enterprise with consistent branding and multiple subsidiaries, indicating a strong market position in the transportation and construction sectors. Technically, the website employs modern JavaScript libraries such as jQuery, YouTube and Vimeo APIs, Google reCAPTCHA, and analytics tools like Piano Analytics and TagCommander. It is built on the Jahia CMS platform, optimized for mobile, and includes accessibility features. SEO and metadata are well implemented, with Open Graph and JSON-LD structured data present. Cookie consent and privacy policies are implemented, indicating compliance with GDPR. From a security perspective, the site uses HTTPS with good SSL configuration and includes reCAPTCHA for form protection. However, explicit security headers like Content-Security-Policy and X-Content-Type-Options are not detected. No explicit security or incident response policies or vulnerability disclosure mechanisms are found. The WHOIS data is missing or unavailable, which raises concerns about domain registration legitimacy, though the website content and branding suggest a legitimate enterprise. Overall, the website is professional and trustworthy with good technical and privacy compliance. The lack of WHOIS data and explicit security policies are areas for improvement. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and clarifying domain registration information.

E

Eiffage

eiffageroute.com

57

Eiffage Route is a prominent French road construction company specializing in sustainable and innovative infrastructure solutions. The website presents a professional and comprehensive overview of their services, subsidiaries, and commitment to ecological transition. The digital infrastructure uses modern JavaScript libraries and analytics tools, with good mobile optimization and accessibility features. Security posture is solid with HTTPS and reCAPTCHA usage, though explicit security headers and incident response information are lacking. The absence of WHOIS data is a concern but the website content and branding strongly indicate legitimacy. Overall, the site is well-structured, trustworthy, and aligned with corporate standards.

E

Eiffage Immobilier

eiffage-immobilier-corporate.fr

60

Eiffage Immobilier is a prominent French real estate developer specializing in low-carbon, sustainable urban development. The company operates as an integrated entity combining land development, promotion, and construction services, targeting mixed-use and multisector projects. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to a broad audience including investors, partners, and end-users. Technically, the site leverages modern web technologies such as the Jahia CMS, Typekit fonts, and integrates third-party services like YouTube and OneTrust for cookie consent, indicating a well-maintained infrastructure. Security posture is solid with HTTPS enforced and cookie consent implemented, though some security headers could be improved. The absence of WHOIS data is a notable concern, impacting domain legitimacy assessment. Overall, the site is professional, trustworthy, and compliant with GDPR, but domain registration details should be verified for full assurance.

E

Eiffage

eiffage-amenagement.fr

56

Eiffage Aménagement is a specialized urban development subsidiary of the large European construction and concessions group Eiffage. The company focuses on urban renewal, revitalization of city centers, and creation of sustainable eco-neighborhoods, targeting local authorities and urban planners primarily in France. The website reflects a mature corporate presence with consistent branding and clear business messaging aligned with the parent group. Technically, the site uses modern JavaScript libraries, integrates third-party analytics and consent management tools, and is built on the Jahia CMS platform. Security posture is good with HTTPS, reCAPTCHA, and cookie consent mechanisms, though explicit security policies and incident response contacts are not published. WHOIS data is not publicly available, typical for AFNIC-managed French domains, but the domain and content align with a legitimate enterprise. Overall, the site is professional, secure, and compliant with basic privacy standards, though improvements in transparency and contact information are recommended.

E

Eiffage

eiffageconstruction.com

54

Eiffage Construction is a major construction and real estate development company operating primarily in France and Europe. As a subsidiary of the Eiffage group, it offers expertise in construction, urban development, real estate promotion, and maintenance services. The website reflects a professional corporate presence with consistent branding and clear navigation aimed at business and public sector clients. Technically, the site uses modern JavaScript libraries and analytics tools, including jQuery, Google reCAPTCHA, and Piano Analytics, and appears to be built on the Jahia CMS platform. The site is mobile-optimized and includes accessibility features, although explicit security headers are not detected in the provided content. The WHOIS data for the domain is missing or unavailable, which is unusual for a corporate domain and warrants further investigation. Privacy compliance is supported by a cookie consent mechanism, but explicit privacy and terms of service pages were not found in the provided content. Overall, the website is professional and trustworthy, but the lack of WHOIS data and explicit contact/security policies are areas for improvement.

É

École nationale des ponts et chaussées

enpc.fr

55

École nationale des ponts et chaussées is a prestigious French grande école specializing in engineering education, research, and professional training with a strong focus on ecological and digital transitions. The institution offers a wide range of programs including engineering degrees, masters, doctoral studies, and continuing education, supported by multiple research laboratories and international partnerships. The website reflects a mature digital presence with comprehensive content targeting students, researchers, and professionals. Technically, the site is built on Drupal CMS with modern JavaScript libraries and privacy-respecting analytics (Matomo). Security posture is strong with HTTPS, cookie consent mechanisms, and no visible vulnerabilities, although some security headers could be improved. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

E

Eiffage

aprr.com

60

APRR is a major motorway concession operator in France, managing a 2,410 kilometer network focused on sustainable and efficient mobility solutions. It operates under the umbrella of the Eiffage group, a large construction and infrastructure conglomerate. The website reflects a mature digital presence with comprehensive content about their services, sustainability initiatives, and corporate governance. Technically, the site uses modern JavaScript libraries, integrates video APIs, and employs cookie consent management tools, indicating a good level of digital maturity. Security-wise, HTTPS is enforced and reCAPTCHA is used, but explicit security headers and policies are not evident, suggesting room for improvement. The absence of WHOIS data is unusual but the website's branding and social media presence support its legitimacy. Overall, APRR's website is professional, compliant with privacy regulations, and serves its audience effectively.

T

TCL

tcl.com

70

TCL is a global technology company specializing in consumer electronics including TVs, mobile devices, and home appliances. The Finnish localized website showcases a broad product portfolio with clear navigation and professional branding, targeting general consumers interested in innovative technology products. The site is built on Adobe Experience Manager CMS and hosted likely on AWS infrastructure, utilizing modern JavaScript libraries and Google Tag Manager for analytics. Security posture is strong with HTTPS enforcement and multiple security headers, though explicit security policies and incident response contacts are not publicly detailed. Privacy and cookie policies are present and GDPR compliant, reflecting good privacy practices. The absence of WHOIS data reduces transparency but does not detract from the overall legitimacy of the site. Strategic recommendations include enhancing security transparency, adding vulnerability disclosure mechanisms, and providing direct contact information to improve trust and compliance.

T

The Kukang Rescue Program, z.s.

kukang.org

52

The Kukang Rescue Program is a small non-profit organization founded in 2014 focused on the conservation of endangered slow lorises in Sumatra, Indonesia. The organization operates through community engagement, education, anti-poaching efforts, and sustainable farming projects such as the Kukang Coffee initiative. It maintains partnerships with multiple zoos and conservation groups, enhancing its credibility and reach. The website reflects a professional and consistent brand image with clear messaging targeted at conservationists, donors, and local communities. Technically, the website is built on Joomla CMS using the Helix Ultimate framework, incorporating modern libraries like jQuery and Bootstrap. It features multimedia content including embedded YouTube videos and responsive design optimized for mobile devices. While performance is moderate, the site lacks some advanced accessibility features and security headers, which could be improved. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, the absence of security headers and privacy/cookie policies indicates room for enhancement in compliance and security posture. The WHOIS data is incomplete, which slightly reduces domain trustworthiness, but the website's content quality and partner ecosystem provide strong trust signals. Overall, the site is a credible and well-maintained platform for wildlife conservation awareness, though it would benefit from improved privacy compliance and security best practices to strengthen its risk profile and user trust.

E

Eiffage

eiffage.com

66

Eiffage is a leading European construction and concessions group specializing in infrastructure development, energy systems, and real estate. The company holds a strong market position as a major player in the construction sector, with a broad portfolio of subsidiaries covering various specialized domains such as construction, rail, metal works, and energy systems. The website reflects a professional corporate presence with consistent branding and comprehensive information about its group and subsidiaries. Technically, the website employs modern JavaScript libraries including jQuery, YouTube and Vimeo APIs, and integrates Google reCAPTCHA for form security. The use of OneTrust for cookie consent demonstrates compliance with GDPR and privacy regulations. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security policies and incident response details are not publicly disclosed. Overall, the website is well-structured, accessible, and optimized for SEO and mobile devices, supporting a positive user experience and trustworthiness.

A

Agence Nationale pour les Chèques-Vacances (ANCV)

ancv.com

61

The Agence Nationale pour les Chèques-Vacances (ANCV) is a French government public institution dedicated to facilitating access to vacations for a broad population including employees, public agents, families, seniors, and vulnerable groups. It operates through the issuance of Chèque-Vacances vouchers, Coupon Sport, and social aid programs, while also supporting the tourism and leisure sectors via partnerships. The website reflects a mature digital presence with a modern Drupal 10 CMS, Bootstrap 5 styling, and integrated analytics via Google Tag Manager. It provides comprehensive information, including privacy and cookie policies, and actively warns users about phishing attempts impersonating the agency. Security posture is generally good with HTTPS enforced and cookie consent mechanisms, though explicit security headers and incident response information are lacking. The absence of WHOIS data for the domain is a notable anomaly that reduces trust slightly, but the overall branding and content strongly indicate an official and trustworthy government entity.

C

CAB

biopaysdelaloire.fr

10

CAB (Coordination Agrobiologique des Pays de la Loire) is a regional non-profit organization dedicated to supporting and developing organic agriculture in the Pays de la Loire region of France. The organization provides technical assistance to organic farms, develops organic production sectors, and supports local authorities in their organic initiatives. The website reflects a mature digital presence with a professional design, clear navigation, and comprehensive content focused on organic agriculture and related activities. Technically, the site is built on WordPress with Elementor, uses modern JavaScript libraries like Swiper.js, and integrates Matomo for analytics, indicating a moderate to advanced digital infrastructure. Security-wise, the site enforces HTTPS, implements standard security headers, and provides cookie consent mechanisms, demonstrating good security hygiene. However, there is no explicit security policy or vulnerability disclosure page, which could be improved. Overall, the site is trustworthy, well-maintained, and compliant with GDPR, though WHOIS data is privacy-protected, limiting domain registration transparency.

S

Spiffy Checkouts

spiffy.co

52

Spiffy Checkouts is a technology company specializing in SaaS solutions for creating conversion-optimized checkout pages with one-click upsells and subscription management. The website presents a professional and modern interface, targeting businesses and online sellers seeking to improve their sales funnel efficiency. The technical infrastructure is based on WordPress with modern JavaScript libraries and SEO optimizations, ensuring good performance and mobile responsiveness. Security posture is adequate with HTTPS and Content Security Policy in place, though additional security headers and explicit policies are lacking. Overall, the website is trustworthy and well-positioned in its niche, but could improve transparency and compliance by adding privacy, cookie, and security policies.

Bouygues is a large French multinational conglomerate operating in diverse sectors including construction, telecommunications, media, and real estate. The website serves as a corporate portal and magazine to communicate news and updates about the group. The site is professionally designed, mobile-optimized, and uses modern web technologies such as WordPress, Google Tag Manager, Matomo Analytics, and Cookiebot for consent management. Security measures include HTTPS enforcement, reCAPTCHA integration, and comprehensive cookie consent mechanisms. However, the absence of publicly available WHOIS data and registrant information slightly reduces domain trustworthiness. No explicit security policy or incident response contact information is published, which could be improved to enhance transparency and compliance. Overall, the website reflects a mature digital presence consistent with a large enterprise.

B

Bouvet

bouvet.se

48

Bouvet is a Scandinavian publicly listed IT consultancy specializing in system development, business development, and design, with a strong focus on healthcare, public sector, and energy sectors. The company emphasizes creating digital solutions that contribute to societal benefits such as stable energy supply, efficient public services, and improved public health in Sweden. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation, targeting business and public sector clients. Technically, the site uses modern web technologies including Google Fonts, YouTube embeds, Matomo analytics, and LinkedIn Insight tags, hosted likely behind Cloudflare CDN, and built on the Enonic CMS platform. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and ISO 27001 certification, though some security headers could be improved and incident response contacts are not publicly detailed. Overall, the site is trustworthy, compliant with GDPR, and professionally maintained, supporting Bouvet's market position as a leading IT consultancy in Scandinavia.

S

Shen Yun Performing Arts

shenyunsymphony.com

57

Shen Yun Symphony Orchestra is a cultural performing arts organization based in New York, specializing in blending traditional Chinese music with Western symphony orchestra elements. The website promotes upcoming performances and highlights the orchestra's unique artistic mission inspired by 5,000 years of Chinese civilization. The company positions itself as a niche cultural entity with a focus on live event ticket sales and cultural preservation. Technically, the website uses modern web technologies including React, Google Fonts, and multiple third-party analytics and advertising scripts. The site is mobile-optimized and well-structured but lacks visible privacy and cookie policies, which is a compliance concern. Security posture is moderate with HTTPS enabled and domain protections in place, but DNSSEC is not enabled and security headers are missing. Overall, the website is professional and trustworthy but could improve privacy compliance and security best practices.

A

Association of Film Commissioners International

afci.org

60

The Association of Film Commissioners International (AFCI) is a well-established membership organization founded in 1975, serving the global film commission industry. It provides networking, education, and industry support services to film commissions, business affiliates, film liaisons, and producers worldwide. The website reflects a professional and consistent brand presence, with a focus on events, educational programs, and community engagement. The organization holds a strong market position as the largest network of its kind, primarily targeting media industry professionals and stakeholders. Technically, the website is built on WordPress using modern plugins such as Elementor, WooCommerce, and Yoast SEO, with integration of Google Analytics for user tracking. The site is hosted with Cloudflare DNS and uses HTTPS with a valid SSL certificate, ensuring secure communications. Performance and mobile optimization are good, though accessibility features are basic. SEO is well implemented with structured data and meta tags. From a security perspective, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and explicit security headers. There is no publicly visible security policy or incident response information, and no privacy or cookie policies were found, indicating gaps in privacy compliance. No vulnerabilities or suspicious patterns were detected in the content or WHOIS data. The domain is long-standing and consistent with the organization's history, supporting legitimacy. Overall, the website is professional, content-rich, and trustworthy but would benefit from enhanced privacy compliance and security transparency to improve user trust and regulatory adherence.

C

Coopérative d'Installation en Agriculture Paysanne Pays de la Loire

ciap-pdl.fr

48

CIAP Pays de la Loire is a cooperative dedicated to supporting agricultural installation projects in the Pays de la Loire region of France. The organization offers key services including a one-year creative farmer training program, activity incubation (portage d’activités), and permanent test spaces for aspiring farmers. The cooperative aims to secure project leaders, involve local authorities, and promote sustainable peasant agriculture. The website reflects a regional cooperative with a clear mission to facilitate agricultural entrepreneurship and innovation. Technically, the website is built on WordPress using Elementor and several plugins for enhanced functionality, including GDPR compliance and analytics. Hosting is provided by OVH, a reputable provider. The site is mobile-optimized and uses HTTPS with a good SSL configuration. However, some security headers are missing, and no explicit security or incident response policies are published. Security posture is moderate with best practices like HTTPS and reCAPTCHA in place, but improvements are recommended in security headers and formal policies. Privacy compliance is partial due to the absence of a visible privacy policy page, though cookie consent is implemented. Business credibility is high, supported by consistent domain registration, professional content, and social media presence. Overall, the website is a trustworthy and professional platform for its niche cooperative, with room for improvement in privacy and security transparency.

S

Accueil | Start-Scop le site des start-up coopératives

start-scop.fr

48

The website www.start-scop.fr serves as a dedicated platform promoting and supporting start-up cooperatives (Scop/Scic) in France. It targets young entrepreneurs seeking social utility and a sense of belonging through cooperative business models. The site offers guidance on creating, financing, and accompanying cooperative startups, showcasing successful cooperative entrepreneurs and providing news and resources. Technically, the site is built on Drupal 10 CMS, integrates Matomo and Google Analytics for tracking with privacy considerations, and uses modern web technologies including YouTube APIs. Security posture is solid with HTTPS enforced and privacy-respecting analytics, though it lacks explicit security headers and formal privacy or security policies. The domain WHOIS data is not publicly available, typical for .fr domains or privacy-protected registrations, but the website content and activity indicate legitimacy. Overall, the site is professional, well-structured, and serves a niche cooperative entrepreneurship community effectively.

C

Collabora Online and Collabora Office

collaboraoffice.com

72

Collabora Online and Collabora Office provide a comprehensive open-source online document editing suite designed for secure, collaborative editing controlled by the user. The company targets businesses and organizations requiring enterprise-grade document collaboration solutions, offering products such as Collabora Online, Collabora Office desktop applications, mobile apps, and large deployment controllers. Their market position is that of an established technology provider in the open-source productivity software space, supported by a strong partner and integration ecosystem. Technically, the website is built on WordPress with modern plugins like Elementor and Yoast SEO, and integrates analytics and marketing tools such as Matomo and Mautic. The site is well-optimized for SEO, mobile-friendly, and accessible, reflecting a mature digital infrastructure. However, some security best practices like explicit security headers and published security policies are not evident. From a security perspective, the site uses HTTPS and avoids exposing sensitive data, but lacks visible privacy and cookie policies and incident response information. The absence of WHOIS registration data reduces trust slightly, though the professional presentation and partner ecosystem support legitimacy. No critical vulnerabilities or adult content were detected. Overall, the website demonstrates a solid business and technical foundation with room for improvement in privacy compliance and security transparency. Strategic recommendations include publishing comprehensive privacy and security policies, enhancing security headers, and improving contact information visibility to strengthen trust and compliance.

M

Musée du Luxembourg

museeduluxembourg.fr

59

Musée du Luxembourg is a well-established cultural institution in Paris, offering art exhibitions, events, and educational programs. The website reflects a professional and user-friendly digital presence, built on Drupal 10 with modern analytics and consent management tools. The museum is affiliated with the French Senate and Grand Palais RMN, reinforcing its legitimacy and trustworthiness. Privacy and cookie policies are comprehensive and GDPR compliant, with clear user consent mechanisms. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. Overall, the site provides a safe, accessible, and informative experience for a broad audience including tourists, students, and art enthusiasts.

Shen Yun Performing Arts is a globally recognized performing arts company specializing in classical Chinese dance and music, established in New York in 2006. The company focuses on reviving and presenting traditional Chinese culture through breathtaking performances that include classical dance, ethnic and folk dance, and orchestral music. Their market position is strong as a premier classical Chinese dance company with a broad international audience. The website reflects a professional and consistent brand image with multilingual support, targeting a general audience interested in cultural and performing arts experiences. Technically, the website employs modern JavaScript libraries, analytics tools, and accessibility features, indicating a mature digital infrastructure. However, some areas such as explicit privacy and cookie policies and WHOIS transparency could be improved. Security posture is good with HTTPS and no visible vulnerabilities, but security headers and incident response information are lacking. Overall, the site is trustworthy and well-maintained but would benefit from enhanced privacy compliance and domain registration transparency.

B

Bouvet ASA

bouvet.no

54

Bouvet ASA is a leading Norwegian-owned consulting company specializing in IT, advisory, design, and digital communication services. The company serves a broad range of private and public sector clients, positioning itself as a key digital transformation partner in the Nordic region. Their service portfolio includes designing, developing, managing, and advising on IT solutions and digital communication strategies. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to their target audience of businesses and societal actors across industries. Technically, the website leverages modern web technologies including Enonic XP CMS, Google Fonts, Matomo analytics for privacy-conscious tracking, and Cloudflare for performance and security enhancements. The site is well-optimized for mobile devices, accessible, and SEO-friendly. Security best practices are observed with HTTPS enforcement, cookie consent mechanisms, and published information security policies. However, explicit security headers and vulnerability disclosure mechanisms could be improved. From a security posture perspective, Bouvet demonstrates a strong commitment to information security, evidenced by ISO 27001 certification and published security guidelines. The presence of a security incident reporting page indicates readiness for incident response. No critical vulnerabilities or security issues were detected in the website content or configuration. Privacy compliance is robust with clear cookie policies and GDPR-aligned disclosures. Overall, Bouvet ASA's website and digital infrastructure reflect a reputable, secure, and professionally managed business entity with a strong market position in IT consulting. The lack of publicly available WHOIS data is consistent with Norwegian domain privacy norms and does not detract from the company's legitimacy. Strategic recommendations include enhancing transparency on security headers, adding a public vulnerability disclosure policy, and providing direct security contact information to further strengthen trust and compliance.

Arche TI is a Canadian technology company specializing in Odoo ERP consulting, implementation, and optimization services. Positioned as the top Odoo integrator in Canada, they serve businesses primarily in Montreal, Quebec, Toronto, and other Canadian regions. Their key offerings include ERP consultation, project rescue, migration, customization, and ongoing support, targeting medium-sized businesses seeking digital transformation and operational efficiency. The company has a professional web presence with detailed service descriptions, client testimonials, and multiple office locations, reflecting a mature and credible business model. Technically, the website is built on the Odoo platform, leveraging modern web technologies such as JavaScript, FontAwesome, and Google Tag Manager for analytics. The site is mobile-optimized, accessible, and SEO-friendly, with fast to moderate performance. However, there is room for improvement in security headers and explicit privacy compliance features. From a security perspective, the site uses HTTPS and includes CSRF tokens, indicating a baseline security posture. The domain is registered with GoDaddy and secured with registrar locks, consistent with the business's age and claims. No critical vulnerabilities or suspicious patterns were detected, but the absence of a visible privacy policy and cookie consent mechanism represents compliance gaps. The presence of a named Data Protection Officer with contact details is a positive indicator. Overall, Arche TI presents a trustworthy and professional digital footprint with strong business credibility and technical maturity. Strategic enhancements in privacy compliance and security best practices would further strengthen their security posture and regulatory alignment.

F

FMO

fmo.nl

71

FMO is the Dutch entrepreneurial development bank with over 50 years of experience investing sustainably in emerging markets. The organization supports economic development by financing projects in sectors such as energy, financial institutions, and agribusiness across more than 85 countries. Their business model focuses on partnering with other financiers to open new markets and take on challenging investments with significant risk exposure. The website reflects a mature, professional institution with clear communication and comprehensive information for partners and stakeholders. Technically, the website uses a modern CMS (Procurios), integrates YouTube videos via privacy-enhanced domains, and employs Google Tag Manager for analytics and tracking. The site is mobile-optimized, accessible, and SEO-friendly, with good performance and structured navigation. Privacy and cookie policies are clearly presented with consent mechanisms, indicating compliance with GDPR requirements. From a security perspective, the site enforces HTTPS, uses privacy-conscious embedded content, and implements cookie consent. However, explicit security policies, incident response details, and vulnerability disclosure mechanisms are not publicly available, representing an area for improvement. No vulnerabilities or exposed sensitive data were detected in the content. Overall, the website is trustworthy, professional, and well-maintained, supporting the organization's credibility and mission. Strategic recommendations include publishing security policies, adding vulnerability disclosure information, and enhancing security header visibility to further strengthen the security posture.

L

Lawyer Monthly

lawyer-monthly.com

55

Lawyer Monthly is a UK-based legal news magazine providing comprehensive coverage of various legal sectors including personal injury, criminal law, employment, family law, and immigration. The website targets legal professionals and individuals seeking legal advice and news. It operates as an online publication with a focus on delivering expert insights, legal advice, and sector-specific news. The site maintains a consistent brand presence and offers multiple channels for user engagement including social media and newsletters. Technically, the website is built on WordPress using the Oxygen Builder framework, leveraging modern web technologies such as Google Fonts, Google Tag Manager, and YouTube APIs. The site demonstrates good mobile optimization and SEO practices, with a moderate performance profile. Cookie consent and privacy compliance are well implemented, reflecting GDPR adherence. From a security perspective, the site uses HTTPS and employs cookie consent mechanisms, but lacks visible advanced security headers and explicit security policies. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS registrant data is a concern for domain transparency, though the website content and professional presentation suggest legitimate operations. Overall, Lawyer Monthly presents a professional and trustworthy online presence with good content quality and privacy compliance. However, domain registration transparency issues warrant further verification to fully establish trustworthiness.

P

Planetárium Ostrava

planetko.cz

57

Planetárium Ostrava is an educational and cultural institution affiliated with the Mining-Geological Faculty of the Technical University of Ostrava. It provides a wide range of astronomy and natural science educational programs, cultural events, and interactive exhibits targeting visitors of all ages, including schools and the general public. The website reflects a professional and consistent brand image with clear navigation and rich content focused on its mission. Technically, the website is built on the MySUITU CMS platform and leverages modern web technologies such as YouTube IFrame API, jQuery, Swiper.js, and Google Tag Manager. The site is hosted likely by Active24, with good mobile optimization and moderate performance. SEO and accessibility are adequately addressed, though accessibility could be improved. From a security perspective, the site uses HTTPS and implements a cookie consent mechanism, but lacks explicit security headers and published security policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's claims, indicating legitimacy and consistency. Overall, the website is trustworthy, professionally maintained, and compliant with basic privacy standards, though it would benefit from enhanced security policies and accessibility improvements.

M

Mary's Meals Australia

marysmeals.org.au

57

Mary's Meals Australia is a well-established non-profit organization dedicated to providing nutritious school meals to children in impoverished communities. The website reflects a strong market position within the global charitable sector, serving over 3 million children daily. Their key services include fundraising, volunteer engagement, and awareness campaigns, supported by a consistent and professional brand presence. Technically, the site is built on Drupal 10, leveraging modern web technologies and third-party integrations such as Google Tag Manager and PayPal for donations. The site is mobile-optimized and accessible, with good SEO practices in place. Security posture is solid with HTTPS enforced and consent management implemented, though some security headers could be improved. WHOIS data is limited due to privacy policies but does not raise concerns about legitimacy. Overall, the site demonstrates high trustworthiness and professionalism.

I

Institut One Health

institut-one-health.fr

50

Institut One Health is a French public health and research institute established in 2023, focused on emerging infectious diseases and integrated within national and European health strategies. It offers training, expertise, and decision support services primarily targeting public health professionals, researchers, and policymakers. The website reflects a professional and consistent brand image aligned with its institutional mission. Technically, the site is built on WordPress with a modern theme and includes standard analytics tools. Security posture is adequate with HTTPS and domain protections, but lacks some advanced security headers and formal security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is legitimate and trustworthy but would benefit from enhanced privacy and security disclosures.

B

Bandzone.cz

bandzone.cz

50

Bandzone.cz is a well-established Czech online community platform dedicated to music bands, DJs, MCs, and their fans. Founded in 2005, it hosts profiles for over 35,000 groups and 180,000 fans, offering music streaming, downloads, concert listings, videos, and promotional services. The platform integrates ticket sales via SMS Ticket and promotes music education partners, positioning itself as the largest Czech music community online. Technically, the site uses a custom CMS with a mix of legacy and modern technologies including jQuery, Firebase, Google Analytics, and Facebook Pixel. While the site is functional and professionally designed, it uses an outdated jQuery version which poses security risks. Security posture is moderate with HTTPS enabled and basic privacy compliance via cookie consent, but lacks explicit security headers and published security policies. Overall, the website is credible and trustworthy for its audience but would benefit from technical and security updates.

F

Fondation Lemarchand

fondationlemarchand.org

55

Fondation Lemarchand is a French non-profit foundation dedicated to supporting associative projects focused on nature preservation and social aid, particularly for children in social care. Established in 2017, it has supported over 874 projects and 364 associations, positioning itself as a reputable actor in the non-profit environmental and social sector. The website provides comprehensive information about its mission, projects, and partner associations, targeting donors, associations, and the general public interested in environmental and social causes. Technically, the site uses a moderate tech stack including jQuery, Modernizr, Google Maps API, and YouTube embeds, hosted by OVH sas. The site is mobile-optimized with good navigation and content quality.

C

Chiesi Farmaceutici S.p.A

chiesi.com

70

Chiesi Farmaceutici S.p.A is a large, globally recognized pharmaceutical company based in Italy, with over 80 years of experience specializing in respiratory, neonatology, and rare diseases. The company operates a professional corporate website primarily in Italian, offering detailed information about its therapeutic areas, research and development, partnering opportunities, and sustainability initiatives. The website demonstrates a mature digital presence with modern technologies such as Bootstrap, jQuery, Swiper.js, and Matomo analytics, alongside a robust cookie consent mechanism via OneTrust. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers and explicit security policies are not evident. WHOIS data is unavailable, which is unusual but the website content and branding strongly indicate legitimacy. Overall, the site is well-structured, accessible, and trustworthy, targeting healthcare professionals, partners, and patients.

H

Health Resources & Services Administration

organdonor.gov

77

The website organdonor.gov is an official U.S. government platform managed by the Health Resources & Services Administration (HRSA) under the Department of Health & Human Services. It serves as a comprehensive resource for organ, eye, and tissue donation information, targeting both the general public and healthcare professionals. The site provides educational content, registration guidance, statistics, and professional outreach materials, positioning itself as a trusted authority in the organ donation space. Technically, the site is built on Drupal 10 and leverages modern web technologies including the US Web Design System, Google Analytics, and YouTube integration. It demonstrates good mobile optimization, accessibility, and SEO practices, although performance is moderate. The hosting environment is consistent with government infrastructure, ensuring reliability and security. From a security perspective, the site enforces HTTPS and employs several best practices, though explicit security headers like X-Frame-Options were not confirmed. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with a comprehensive privacy policy linked from the site, though a cookie consent mechanism is not evident. The WHOIS data is unavailable due to privacy typical for .gov domains, but the domain's legitimacy is supported by consistent branding and authoritative content. Overall, organdonor.gov presents a professional, secure, and trustworthy online presence with minor areas for improvement in cookie consent and explicit security header implementation. It effectively fulfills its mission as a government resource for organ donation awareness and education.

Shen Yun Performing Arts is a globally recognized performing arts company specializing in classical Chinese dance and music performances. The company tours extensively, reaching audiences in over 20 countries and 200 cities annually. Their business model centers on ticket sales for live shows that celebrate and revive traditional Chinese culture. The website is professionally designed, mobile-optimized, and rich in content, providing comprehensive information about performances, ticketing, and audience reviews. Technically, the site employs modern web technologies including React, Google Tag Manager, and multiple analytics platforms, ensuring good performance and user experience. Security posture is strong with HTTPS enforcement and security headers, though the absence of public WHOIS data slightly reduces domain trustworthiness. Overall, the site demonstrates a mature digital presence with effective marketing and analytics integration, supporting a reputable cultural enterprise.

M

MAMA AI

themama.ai

61

MAMA AI is a technology company specializing in AI-driven solutions for industries such as insurance claims processing, IT helpdesk ticket resolution, and virtual recruitment. The company positions itself as a trusted partner with a focus on simplifying AI adoption for businesses, supported by a presence in media and a portfolio of satisfied clients. The website is built on a WordPress platform using the Avada theme, integrating marketing and analytics tools such as HubSpot and Google Analytics, indicating a moderate level of digital maturity. Security measures include HTTPS and reCAPTCHA, but lack advanced security headers and published policies, suggesting room for improvement in security posture and privacy compliance. Overall, the website presents a professional image with moderate trustworthiness but would benefit from enhanced transparency and security practices.

O

KIM – KONGRES INTEGROVANÉ MEDICÍNY – Oficiální webové stránky Kongresu integrované medicíny.

openmedicine.cz

58

The website openmedicine.cz serves as the official platform for the 10th annual Congress of Integrated Medicine (KIM) held in Prague, Czech Republic. It targets medical professionals interested in integrated and alternative medicine disciplines such as acupuncture and homeopathy. The site provides event information, registration links, and partner details, positioning itself as a niche event organizer within the healthcare sector. The domain age and WHOIS data support the legitimacy and consistency of the business. Technically, the site is built on WordPress using Elementor and standard web technologies like jQuery and Bootstrap. It is hosted likely in the Czech Republic with HTTPS enabled, ensuring basic security. The site is mobile-optimized and offers a good user experience with clear navigation and professional design. However, it lacks advanced security headers and formal privacy or cookie policies, which are important for compliance and trust. From a security perspective, the site uses HTTPS but does not publish security policies, incident response contacts, or vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. The absence of privacy and cookie policies and security headers lowers the overall security posture. Overall, the website is functional, professional, and trustworthy for its purpose but would benefit from enhanced privacy compliance, security best practices, and transparency in contact and policy disclosures to improve user trust and regulatory adherence.

The website www.dub.cz represents the Duchovní universita Bytí, an organization focused on spiritual philosophy and the teachings of Josef Zezulka, particularly in the field of Biotronika and alternative medicine. It serves a niche audience interested in spiritual education, events, and community engagement primarily in the Czech Republic but with multilingual support for international visitors. The site offers lectures, concerts, video content, and publications, positioning itself as a small but dedicated non-profit educational entity. Technically, the website employs a moderate technology stack including jQuery, bxSlider, Google Tag Manager, and reCAPTCHA, ensuring basic interactivity and security. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS and reCAPTCHA usage, but lacks some security headers and explicit privacy policies, which are areas for improvement. The absence of WHOIS data reduces transparency and trust slightly, but the active and professional nature of the site, along with partner references, supports its legitimacy. Overall, the site is functional, moderately secure, and serves its community well, though it would benefit from enhanced privacy and security disclosures.