Security Directory

W

WhatsApp LLC

wa.me

67

WhatsApp LLC operates one of the world's leading messaging platforms, serving over 2 billion users globally. The company offers free, secure, and reliable messaging and calling services accessible via multiple platforms including mobile and web. As a subsidiary of Meta Platforms, Inc., WhatsApp maintains a strong market position in the technology sector, focusing on user privacy and security. The website reflects a mature digital presence with comprehensive content, clear navigation, and consistent branding aligned with Meta's ecosystem. Technically, the website leverages modern web technologies and Facebook's internal frameworks, ensuring fast performance and excellent mobile optimization. The infrastructure is hosted on Meta's robust platforms, providing high availability and security. The site implements HTTPS with strong SSL configurations and security headers, demonstrating adherence to best security practices. From a security perspective, WhatsApp's website shows a strong posture with no detected vulnerabilities or exposed sensitive data. Privacy policies are comprehensive and GDPR compliant, although the site lacks a visible cookie consent mechanism on the analyzed page. Contact information and incident response details are minimal, suggesting areas for improvement in transparency and user support. Overall, the website is trustworthy, professional, and safe for general audiences. Strategic recommendations include enhancing cookie consent transparency, publishing a security.txt file or vulnerability disclosure policy, and providing clearer contact channels for security incidents to further strengthen user trust and compliance.

V

Vercel

zeit-world.org

70

Vercel is a well-established technology company founded in 1999, providing a platform as a service focused on web development, deployment, and AI cloud infrastructure. The company targets developers and businesses seeking efficient and scalable web solutions. Their market position is strong, with a focus on modern developer tools and cloud infrastructure that enable fast, personalized web experiences. Technically, the website leverages modern frameworks such as React and Next.js, hosted on their own platform, ensuring fast performance and excellent mobile optimization. Security measures include HTTPS enforcement and client-side challenges for sensitive API endpoints, although some security headers and DNSSEC are not implemented. Privacy compliance is limited as no explicit privacy or cookie policies were found in the provided content. Overall, the website is professional, trustworthy, and technically mature, but could improve transparency around privacy and security policies.

Mastercard Finland Oy operates as a subsidiary of the global Mastercard Incorporated, providing advanced payment processing and financial technology services tailored for the Finnish market. The company holds a strong market position as a leader in payment solutions, serving consumers, businesses, and financial institutions with a comprehensive portfolio of services including credit and debit card processing, digital payments, and fraud prevention. The website reflects a mature digital presence with excellent content quality, clear navigation, and professional design, targeting a broad audience in the finance sector. Technically, the site leverages modern web technologies and a proprietary digital experience platform, ensuring fast performance and mobile optimization. Security is robust, with HTTPS enforcement, comprehensive security headers, and adherence to industry standards such as PCI DSS and ISO 27001. Privacy compliance is well addressed with clear policies and consent mechanisms aligned with GDPR requirements. Overall, Mastercard Finland demonstrates a high level of business credibility and digital maturity.

P

PriceRunner Danmark

pricerunner.dk

57

PriceRunner Danmark is a well-established price comparison platform serving the Danish market, offering consumers the ability to compare prices on over 8 million products from nearly 7,000 stores. The site is professionally designed with a strong focus on user experience, mobile optimization, and comprehensive product data. Technically, the website leverages modern web technologies such as React and integrates analytics and marketing tools like Google Analytics, FullStory, and Google Tag Manager. Security posture is good with HTTPS enforced and nonce usage in scripts, though some security headers could be improved. Privacy compliance is limited as no explicit privacy or cookie policies were detected in the analyzed content. The lack of accessible WHOIS data reduces transparency and trustworthiness from a domain registration perspective. Overall, the site is credible and trustworthy for consumers but could enhance compliance and security practices.

Amazon.com, Inc. operates one of the world's largest e-commerce platforms, offering a wide range of products and services globally. The company is a market leader in online retail, serving a broad general audience with a business model centered on direct sales and marketplace facilitation. The website content provided is limited due to a security challenge page, restricting full content visibility. The technical infrastructure leverages proprietary Amazon UI frameworks and scripts, hosted likely on Amazon AWS, but lacks visible security headers and detailed performance metrics in the provided data. Security posture assessment is limited by the presence of a WAF or captcha challenge blocking normal access, which reduces the ability to fully evaluate security best practices and compliance. WHOIS data is unavailable from the raw query, which is unusual for a major domain, impacting trust verification. Overall, the site shows basic privacy and terms of service presence but lacks visible contact or security policy details in the sample. The risk assessment is moderate due to content blocking and missing WHOIS data, with recommendations to improve transparency and security header implementation.

W

Workplace from Meta

workplace.com

80

Workplace from Meta is a comprehensive business communication platform that integrates chat, video, groups, and intranet tools to enhance organizational collaboration. Positioned as an enterprise-grade SaaS solution, it targets businesses and organizations seeking secure and integrated communication tools. The platform is backed by Meta's infrastructure, ensuring scalability and reliability. The website clearly communicates the upcoming closure of the Workplace service in 2026, providing users with timelines and data export instructions to facilitate a smooth transition. Technically, the website leverages modern web technologies including React and Facebook's proprietary frameworks, ensuring a fast, responsive, and accessible user experience. The presence of advanced tracking and analytics tools indicates a mature digital infrastructure focused on performance and user engagement insights. From a security perspective, the site demonstrates strong adherence to best practices with HTTPS enforcement, comprehensive security and governance documentation, and a public bug bounty program. However, explicit incident response contacts and a security.txt file are not found, representing areas for improvement. Privacy compliance is robust, with clear privacy and cookie policies aligned with GDPR requirements. Overall, the site presents a professional, trustworthy, and well-maintained digital presence consistent with a major technology enterprise. The lack of publicly available WHOIS data is typical for large brands employing privacy protection. The risk profile is low, with no detected vulnerabilities or suspicious content. Strategic recommendations include enhancing transparency around incident response and security certifications to further build user trust.

E

European Union

europa.eu

70

The European Union's official website serves as a comprehensive portal providing detailed information about the EU's functions, principles, priorities, history, and member states. It targets a broad audience including EU citizens, researchers, policymakers, and the general public. The site is authoritative and well-positioned as the primary source of EU-related information, offering multilingual content and extensive contact options. Technically, the website is built on Drupal 10, leveraging modern web technologies and EU-specific webtools services. It demonstrates excellent mobile optimization, accessibility, and SEO practices, ensuring a high-quality user experience. Hosting is likely managed by European Commission infrastructure, ensuring reliability and performance. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism, reflecting good privacy compliance aligned with GDPR. While some standard security headers are present, there is room for improvement by adding additional headers like Content-Security-Policy. No vulnerabilities or exposed sensitive data were detected, indicating a strong security posture. Overall, the website is highly trustworthy and professional, with a strong focus on transparency, user privacy, and accessibility. The lack of WHOIS data is typical for EU subdomains and does not detract from the site's legitimacy. Strategic recommendations include enhancing security headers, publishing a security policy, and implementing a vulnerability disclosure mechanism to further strengthen trust and security.

M

Microsoft

office.com

77

The website www.office.com is the official Microsoft portal for Microsoft 365 Copilot and Office Online services. It provides cloud-based productivity tools including Word, Excel, PowerPoint, and OneNote, integrated with OneDrive for online collaboration. The site targets both individual users and businesses, positioning Microsoft as a market leader in productivity software and cloud services. The business model is subscription-based, leveraging Microsoft's extensive cloud infrastructure and brand recognition. Technically, the site is well-constructed using modern web technologies, hosted on Microsoft Azure and CDN networks, ensuring fast performance and mobile optimization. Security posture is strong with HTTPS enforcement, comprehensive security headers, and no visible vulnerabilities. Privacy compliance is robust, featuring clear privacy and cookie policies with user consent mechanisms. Overall, the site demonstrates high professionalism, trustworthiness, and technical maturity, consistent with Microsoft's enterprise-grade standards.

T

Tumblr

tumblr.com

72

Tumblr is a prominent social media and blogging platform that enables users to explore trending topics, share multimedia content, and engage with diverse communities. Owned by Automattic Inc., it holds a significant position in the social media landscape, targeting a broad audience interested in content sharing and community interaction. The platform's business model primarily revolves around advertising and content promotion. Technically, Tumblr employs modern web technologies including JavaScript frameworks, web fonts, and progressive web app features, ensuring a fast, mobile-optimized, and accessible user experience. Security-wise, the site enforces HTTPS, implements GDPR-compliant consent mechanisms, and maintains good security headers, though explicit security policies and incident response contacts are not publicly detailed. Overall, Tumblr presents a high level of professionalism, trustworthiness, and compliance, with no detected blocking or WAF interference.

T

Threads

threads.net

77

Threads is a social media platform designed to facilitate idea sharing, community engagement, and content posting, tightly integrated with Instagram and operated under Meta Platforms' infrastructure. The website demonstrates a modern, responsive design optimized for mobile and desktop platforms, leveraging React and JavaScript technologies. Security posture is strong with HTTPS enforcement and comprehensive security headers, although explicit privacy and cookie policies are not detected in the provided content. The absence of WHOIS data suggests domain privacy protection, common for large technology companies, and does not detract from the platform's legitimacy. Overall, Threads presents a professional and trustworthy digital presence with room for improvement in privacy transparency and contact availability.

B

Bluesky Social

bsky.app

64

Bluesky Social is an emerging decentralized social media platform focused on providing a creative and community-driven experience for users. The platform emphasizes user engagement and creativity, positioning itself as a modern alternative in the social networking space. The website presents a professional and clean design with clear branding and accessible privacy and terms of service documentation. Technically, the site leverages modern web technologies such as React and serves content over HTTPS with good SSL configuration, ensuring secure communications. However, there is room for improvement in security headers and privacy compliance mechanisms such as cookie consent. The absence of direct contact information and security policy details suggests an opportunity to enhance transparency and user trust. Overall, the platform appears legitimate and well-positioned in the technology sector with a medium-sized operational scale.

I

Industrie- und Handelskammer zu Koblenz (IHK Koblenz)

ihk-koblenz.de

74

The Industrie- und Handelskammer zu Koblenz (IHK Koblenz) is a public law corporation serving as the regional chamber of commerce for northern Rhineland-Palatinate, Germany. It represents the interests of over 95,000 member businesses, providing regulatory oversight, vocational examination services, and business support. The website reflects a professional and authoritative presence with comprehensive content tailored to its business audience. Technically, the site is built on CoreMedia CMS, employs modern JavaScript and CSS, and integrates multiple analytics and marketing tools such as eTracker, LinkedIn Insight, and Facebook Pixel. The site is well-optimized for mobile and accessibility, with clear navigation and consistent branding. Security posture is solid with HTTPS, CSRF protection, and cookie consent management, though additional security headers and incident response information could enhance trust. Overall, the site is trustworthy, compliant with GDPR, and serves its public mandate effectively.

The Global Multimedia Protocols Group (GMPG) is a small, niche experimental organization focused on developing and promoting web protocols and conceptual frameworks such as the XHTML Friends Network (XFN) and XHTML Meta Data Profiles (XMDP). The website serves primarily as an informational resource to stimulate simplification and innovation in web technologies. The group operates with a non-commercial, experimental business model and targets audiences interested in web standards and conceptual simplification. Technically, the website is basic, built with simple HTML and CSS, lacking modern web technologies, mobile optimization, and accessibility features. There is no evidence of advanced CMS, analytics, or advertising technologies. The hosting provider is not explicitly identified beyond the registrar and name servers. Performance is likely moderate given the minimal content. From a security perspective, the site lacks critical security headers, privacy and cookie policies, and incident response information. DNSSEC is not enabled, and HTTPS status is unknown but assumed minimal. The domain registration is consistent and legitimate, with a long history dating back to 2003, aligning with the group's founding. No vulnerabilities or suspicious patterns were detected, but the security posture is basic and could be improved. Overall, the website presents low risk but also low maturity in security and privacy compliance. Strategic improvements in security headers, HTTPS enforcement, privacy policies, and contact transparency would enhance trust and compliance.

C

Công Ty Cổ Phần Dịch Vụ Bảo Vệ Long Hải

securitaslonghai.vn

72

Công Ty Cổ Phần Dịch Vụ Bảo Vệ Long Hải is a leading security service provider in Vietnam, offering a range of services including on-site guarding, technology-based security solutions, event security, VIP protection, asset transportation, and mobile security. The company positions itself as the first and foremost security provider in the Vietnamese market, combining human expertise with advanced technology to deliver comprehensive security solutions. The website reflects a professional business model targeting corporate and institutional clients within Vietnam. Technically, the site uses EPiServer CMS, integrates Google Tag Manager and Microsoft Application Insights for analytics, and employs OneTrust for cookie consent management, indicating a moderate to advanced digital maturity. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though the absence of explicit security headers and a published security policy suggests room for improvement. Overall, the website is well-designed, mobile-optimized, and provides clear navigation and relevant content, supporting a high trustworthiness rating.

S

Securitas Portugal

securitas.pt

73

Securitas Portugal is a leading private security company offering a broad range of security services with a strong technological component. The company targets businesses and organizations in Portugal, providing specialized surveillance, remote monitoring, electronic security, and risk management solutions. The website reflects a mature digital presence with professional design, clear navigation, and multilingual support, indicating a well-established market position under the global Securitas brand. Technically, the site employs modern analytics and consent management tools, ensuring GDPR compliance and user privacy. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities. Overall, the website demonstrates a high level of professionalism and trustworthiness, supporting the company's credibility in the security sector.

S

Securitas Nederland

securitas.nl

77

Securitas Nederland is a leading security services provider operating in the Netherlands, offering a broad range of integrated security solutions including physical security, alarm central services, mobile surveillance, technology solutions, risk management, and consultancy. The company is part of the global Securitas Group, with a strong market position and a comprehensive service portfolio targeting businesses and organizations seeking professional security services. The website reflects a mature digital presence with professional design, clear navigation, and multi-language support linking to global Securitas domains. Technically, the site employs modern technologies such as EPiServer CMS, Google Tag Manager, Microsoft Application Insights, and OneTrust for cookie consent, indicating a well-maintained infrastructure. Security posture is strong with HTTPS enforced, nonce-based script loading, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is evident through detailed privacy and cookie policies and consent mechanisms. However, explicit security policies and incident response contacts are not publicly available, representing an area for improvement. Overall, the website and domain registration data indicate a legitimate, trustworthy, and professionally managed online presence.

Swissquote Bank Europe is a leading online investment and banking service provider based in Luxembourg, targeting private investors, professionals, and institutional clients. The company offers a comprehensive suite of financial services including online trading, wealth management, life insurance, and banking products such as debit and credit cards. The website reflects a strong market position as a European leader in online investing, supported by personalized services and global market access. Technically, the website is built on modern frameworks like Next.js and React, optimized for performance and mobile use, and employs robust security measures including HTTPS and security headers. The security posture is strong with ISO 27001 certification and clear incident response channels, although WHOIS data is incomplete, which slightly impacts trust metrics. Overall, the site demonstrates high professionalism, compliance with GDPR, and a user-friendly experience, making it a trustworthy platform for financial services.

P

Piwik PRO

piwik.pro

79

Piwik PRO operates as a technology company specializing in analytics and data activation platforms designed to unify marketing insights and provide comprehensive performance views for businesses. The company positions itself as a privacy-conscious alternative in the analytics market, offering tools that enable organizations to collect and activate data while maintaining compliance with data protection regulations. The website reflects a mature digital presence built on WordPress with SEO optimization and cookie consent mechanisms aligned with GDPR and Google Consent Mode standards. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers and policies could be improved. The absence of WHOIS registrant data slightly reduces trust but is mitigated by professional website content and privacy compliance. Overall, the risk profile is low with recommendations to enhance transparency around security policies and incident response.

A

Automattic

gravatar.com

69

Gravatar, operated by Automattic, is a well-established global avatar and profile service that enables users to maintain a consistent online identity across millions of websites. The service offers free personal profiles, link-in-bio pages, and developer APIs, positioning itself as a key player in digital identity management. The website reflects a mature digital presence with professional design, comprehensive multilingual support, and clear branding aligned with Automattic and WordPress.com. Technically, the site employs modern web standards, including HTTPS, JavaScript, and CSS, ensuring fast performance and mobile optimization. Privacy and cookie policies are prominently presented with user consent mechanisms, demonstrating compliance with GDPR and other privacy regulations. Security posture is strong with domain registration protections and secure HTTPS, though explicit security headers and vulnerability disclosure mechanisms could be enhanced. Overall, the site is trustworthy, professional, and well-suited for its target audience of individual users and developers.

F

Font Awesome

fontawesome.com

72

Font Awesome is a leading technology company specializing in providing a comprehensive icon library and toolkit widely used by designers, developers, and content creators globally. Established in 2012, the company offers a freemium business model with free icons and paid Pro and Pro+ subscription plans that unlock additional icon packs and features. The website demonstrates a strong market position with millions of users and a professional, consistent brand presence. Technically, the site leverages modern web technologies including Vue.js, SVG, and optimized assets hosted on AWS infrastructure, ensuring fast performance and excellent mobile responsiveness. Security posture is robust with HTTPS, CSRF protection, reCAPTCHA integration, and privacy compliance mechanisms including GDPR-aligned policies and cookie consent. No critical vulnerabilities or suspicious indicators were found. Overall, Font Awesome presents a trustworthy, mature, and well-managed digital presence with clear business credibility and user-focused design.

U

University of Plymouth

plymouth.ac.uk

74

The University of Plymouth website serves as the digital presence for a large UK-based educational institution focused on advancing knowledge and transforming lives through higher education and research. The site targets prospective and current students, researchers, and the academic community, offering information about courses, research programs, and student services. The website demonstrates a mature digital infrastructure with modern technologies such as AWS Cloudfront CDN, Google Analytics, Microsoft Clarity, and Cookiebot for privacy compliance and user experience enhancement. The use of Ruby on Rails is implied by the presence of CSRF tokens, indicating a robust backend framework. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities or exposed sensitive data. However, explicit security headers could be more clearly implemented and documented. Privacy compliance is well addressed with a comprehensive cookie policy and GDPR-aligned consent management. The absence of WHOIS data limits domain registration insights, but the overall professionalism and trust indicators suggest legitimacy. Strategic recommendations include enhancing security header implementation, publishing incident response and security policies, and adding a vulnerability disclosure mechanism to further strengthen trust and compliance.

Manage2sail.com is an established online platform specializing in regatta and sailing event management, primarily serving sailing clubs, sailors, and regatta organizers across Europe. The platform offers key services such as event scheduling, regatta management, and integrates live tracking powered by a third-party service, TracTrac. The business operates under ST Software s.r.o., founded in 2013, indicating a mature presence in its niche market. The website supports multiple languages, enhancing accessibility for its international audience. From a technical perspective, the website is built on a Microsoft ASP.NET MVC framework, hosted likely on Microsoft Azure infrastructure, and employs standard web technologies including HTML5, CSS, JavaScript, and jQuery. The site demonstrates moderate performance and basic mobile optimization, with a clean and consistent design that supports good user experience and navigation clarity. Security posture is moderate; the site uses HTTPS but lacks advanced security headers such as Content-Security-Policy or HSTS. DNSSEC is not enabled for the domain, representing a minor security gap. No explicit security or incident response policies are published, and no cookie consent mechanism is present, which impacts privacy compliance. WHOIS data shows a consistent and legitimate domain registration with appropriate domain status protections. Overall, the website is functional and professional with a clear business focus but would benefit from enhanced security practices and improved privacy compliance to strengthen trust and regulatory adherence.

S

SOCIÉTÉ NAUTIQUE DE GENÈVE

sng-shop.com

68

SOCIÉTÉ NAUTIQUE DE GENÈVE operates an e-commerce website (sng-shop.com) focused on nautical-themed apparel, accessories, and related products. The website targets a European audience, primarily French-speaking customers in Switzerland and Finland, and leverages the Shopify platform with the Dawn theme for its online store. The business model is retail e-commerce with a niche market positioning. Technically, the site uses modern web technologies and is hosted on Shopify's infrastructure, ensuring reasonable performance and mobile optimization. Security posture is adequate with HTTPS enforced and domain transfer protections in place, though DNSSEC is not enabled and no explicit security policies or incident response information are published. Privacy compliance is supported by a comprehensive privacy policy and cookie consent banner, indicating GDPR awareness. However, contact information is limited to social media and a contact form, with no explicit emails or phone numbers found. WHOIS data shows a suspicious future domain creation date, likely a data anomaly, which slightly impacts trustworthiness. Overall, the site is professionally designed and functional but could improve transparency and security disclosures.

B

Banque Cantonale de Genève

bcge.ch

70

Banque Cantonale de Genève (BCGE) is a well-established Swiss bank founded in 1816, serving a broad range of clients including individuals, private banking customers, corporate clients, institutional clients, and SMEs. The bank offers a comprehensive suite of financial services such as day-to-day banking, savings, mortgage loans, leasing, investment management, pension planning, and security solutions. BCGE positions itself as a key regional player in Geneva and the surrounding region, emphasizing competitive banking services and regional development. Technically, the website is built on the Liferay CMS platform and employs modern web technologies including Google Tag Manager and Google reCAPTCHA for security and analytics. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Security best practices are observed with HTTPS enforcement, security headers, and secure form handling. From a security perspective, BCGE demonstrates a strong posture with no detected vulnerabilities or exposed sensitive data. Privacy compliance is robust, with clear privacy and cookie policies and GDPR adherence. However, explicit security policies and incident response information are not publicly detailed, representing an area for improvement. Overall, BCGE's website reflects a professional, trustworthy, and secure banking institution with a strong market presence. Strategic recommendations include enhancing transparency around security policies and vulnerability disclosures to further strengthen trust and compliance.

J

Jooce Digital Agency

jooce.ch

60

Jooce Digital Agency is a small, local digital agency based in Geneva, Switzerland, specializing in web development, IT assistance, and digital solutions tailored for local businesses. The company positions itself as a trusted local partner emphasizing Swiss quality and personalized service. Their website is professionally designed using modern technologies such as React and Next.js, hosted on Vercel, and optimized for performance and mobile devices. Structured data is well implemented to enhance SEO and local business visibility. However, the website lacks critical compliance and security documentation such as privacy policies, cookie consent mechanisms, and incident response information. No contact emails or phone numbers are explicitly provided, which may impact user trust and business credibility. Overall, the site is secure with HTTPS and no visible vulnerabilities, but improvements in privacy compliance and transparency are recommended.

V

Volkswagen Group

volkswagenag.com

72

Volkswagen Group is a leading global automotive manufacturer with a broad portfolio of brands including Volkswagen, Audi, Porsche, Bentley, Lamborghini, and others. The company is focused on innovation, sustainability, and shaping the future of mobility through its strategic roadmap extending to 2035. The website reflects a mature digital presence with comprehensive corporate information, investor relations, media resources, and career opportunities. Technically, the site employs modern web technologies, including Matomo analytics with user consent, lazy loading images, and responsive design, ensuring good performance and accessibility. Security posture is strong with HTTPS enforced and privacy mechanisms in place, though some security headers could be improved and explicit security policies published. The absence of WHOIS data limits domain registration transparency but the website's professional presentation and official social media presence support its legitimacy. Overall, the site is well-structured, trustworthy, and compliant with privacy regulations.

D

Domaine des Trois Étoiles

trois-etoiles.ch

58

Domaine des Trois Étoiles is a small Swiss vineyard and wine producer located in Peissy, Switzerland, specializing in organic wine production certified by Bio Suisse. The company operates an e-commerce platform hosted on Shopify, offering a selection of wines including Chardonnay, Merlot, Rosé de Gamay, and Amprô. The website is professionally designed with consistent branding and clear navigation, targeting mature wine consumers primarily in the Swiss region. The business model focuses on direct-to-consumer online sales complemented by local events such as the Saint-Martin de Peissy celebration. Technically, the site leverages Shopify's platform and CDN infrastructure, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforced and use of hCaptcha for form protection, though explicit security headers and vulnerability disclosure mechanisms are absent. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism. Overall, the domain registration data aligns well with the business identity, supporting legitimacy and trustworthiness.

B

BODY BALANCE Physiotherapie

physiotherapie-bodybalance.de

40

BODY BALANCE Physiotherapie operates modern physiotherapy practices in Leipzig and Zwenkau, Germany, offering a broad range of therapeutic services including manual therapy, neurological treatments, and wellness massages. The business targets patients seeking professional physiotherapy and rehabilitation services, positioning itself as a trusted local healthcare provider with strong partnerships in the medical and academic sectors. The website is professionally designed, mobile-optimized, and provides clear, comprehensive information about services, locations, and contact options. Technically, the site is built on WordPress with modern SEO and cookie management plugins, hosted on kasserver.com, and employs HTTPS with good security practices. Privacy compliance is well addressed with GDPR-aligned policies and consent mechanisms. Security posture is solid with no visible vulnerabilities, though some security headers could be improved. Overall, the website reflects a credible, trustworthy healthcare business with a strong digital presence.

A

Appenzeller Druckerei AG

trauer-zirkular.ch

61

The website trauer-zirkular.ch is an e-commerce portal operated by Appenzeller Druckerei AG, specializing in funeral and mourning print materials such as mourning circulars, thank you cards, and funeral meal cards. The site targets individuals in Switzerland seeking personalized funeral print products, offering a streamlined and personal ordering experience. The business operates in a niche market with a clear focus on quality and customer service. Technically, the website employs a custom or Websale-based e-commerce platform with modern web technologies including JavaScript, CSS, and AJAX. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Performance is moderate, and SEO and accessibility features are basic but adequate for the target audience. From a security perspective, the site enforces HTTPS, uses CSRF tokens in forms, and implements a cookie consent mechanism compliant with GDPR. However, it lacks explicit security headers and does not provide a public security policy or incident response contact. No vulnerabilities or suspicious activities were detected in the analysis. Overall, the website presents a trustworthy and professional front for a small specialized business. Strategic recommendations include enhancing security headers, publishing a security policy, and expanding contact information to improve trust and compliance further.

S

Suzuki Schweiz

suzuki.ch

42

Suzuki Schweiz operates as the official Swiss web presence for Suzuki, focusing on promoting and linking to its automobile, motorcycle, and marine product lines. The website serves primarily as a gateway to specialized subdomains dedicated to each product category, targeting consumers and enthusiasts in Switzerland. The business model centers on brand representation and product information dissemination within the transportation sector. Technically, the site employs standard HTML5, CSS, and JavaScript technologies, including the Jssor Slider for visual content and Google Tag Manager for analytics and marketing. The site is moderately optimized for mobile devices and performance but lacks advanced SEO and accessibility features. Security posture is basic; while HTTPS is presumed, no security headers or explicit security policies are present, and no contact or incident response information is provided. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms, which may pose GDPR compliance risks. Overall, the domain registration aligns well with the brand's Swiss presence, indicating legitimacy and trustworthiness.

F

FXB Climate

fxbclimateadvocates.org

54

FXB Climate Advocates is a small, youth-focused non-profit organization dedicated to climate activism and environmental protection. Their website, built on the Wix platform, presents a professional and consistent brand image targeting young climate activists. The site provides information about their mission and encourages engagement but lacks explicit contact details and formal privacy or cookie policies. Technically, the website uses modern web technologies with HTTPS enforced, but it lacks advanced security headers and privacy compliance mechanisms. The absence of WHOIS data due to privacy protection limits the ability to fully verify domain legitimacy. Overall, the website is safe and functional but would benefit from enhanced privacy and security features to improve trust and compliance.

Z

Zürcher Kantonalbank

zkb.ch

75

Zürcher Kantonalbank is a well-established Swiss universal bank with over 150 years of history, offering a broad range of financial services including private banking, retail banking, mortgages, investment, and digital banking solutions. The website reflects a mature digital presence with comprehensive service information targeting private clients in Switzerland. The bank positions itself as a secure and trusted financial institution with strong local roots. Technically, the site uses Adobe Experience Manager as its CMS, integrates OneTrust for cookie consent, and employs Adobe Analytics for user tracking. The site is mobile-optimized, accessible, and SEO-friendly. Security posture is strong with HTTPS enforced and consent mechanisms in place, though explicit security policies and incident response contacts are not found. Overall, the domain registration and WHOIS data align well with the bank's identity, supporting legitimacy and trust.

I

Inventage AG

inventage.com

70

Inventage AG is a Swiss-based technology company specializing in custom software solutions leveraging modern web technologies and open-source components. Established in 2000, the company targets businesses and organizations seeking tailored digital solutions. Their market position is that of a trusted, established provider with a focus on quality and innovation. The website reflects a professional and consistent brand image with clear contact information and social media presence, supporting credibility and trust. Technically, the website uses modern web standards with JavaScript and CSS, and integrates Matomo Analytics for privacy-conscious user tracking. Hosting is provided by Cloud DNS Ltd, and the domain is well-maintained with a long history. The site is mobile-optimized and accessible, with good SEO practices evident in meta tags and structured data. From a security perspective, HTTPS is enforced, and domain status includes clientTransferProhibited, indicating domain transfer protection. However, DNSSEC is not enabled, and no security headers were detected, which could be improved. No explicit security policies or incident response contacts are published, representing an area for enhancement. Privacy compliance is good with a comprehensive privacy policy, but no cookie consent mechanism was found. Overall, the website and business demonstrate a solid risk posture with no critical vulnerabilities or suspicious indicators. Strategic recommendations include enabling DNSSEC, adding security headers, publishing security policies, and implementing cookie consent to enhance compliance and trust.

I

INNOQ

innoq.com

73

INNOQ is a professional technology consulting firm specializing in software architecture, digital product development, AI, and training services. The company operates primarily in Germany and Switzerland with multiple office locations, serving technology-focused clients seeking innovative and pragmatic software solutions. Their market position is that of an established medium-sized consultancy with a strong emphasis on future-proofing technology and delivering effective digital infrastructures. Technically, the website demonstrates a mature digital infrastructure with modern web technologies, including optimized performance, mobile responsiveness, and accessibility features. The use of Cloudflare for hosting and analytics, Cloudinary for media delivery, and FriendlyCaptcha for form protection indicates a well-architected and secure technical environment. From a security perspective, the site enforces HTTPS, uses CAPTCHA to prevent spam, and offers S/MIME certificates for encrypted email communication, reflecting a strong security posture. However, the absence of explicit security headers and a public security policy or vulnerability disclosure program suggests areas for improvement. The lack of WHOIS data reduces transparency but does not detract significantly from the overall trustworthiness given the professional presentation and contact information. Overall, INNOQ presents a low-risk profile with a solid business and technical foundation. Strategic recommendations include enhancing security headers, publishing security policies, and implementing cookie consent mechanisms to further improve compliance and trust.

Astina AG is a Swiss technology company specializing in e-commerce, process digitization, and system integrations. Their business model focuses on providing tailored digital transformation solutions to other businesses, leveraging platforms such as the Paloma Platform and various e-commerce and automation services. The company maintains a professional online presence with a clear focus on customer success and digital innovation, supported by a portfolio of reputable clients and partners. Technically, the website employs standard web technologies including JavaScript, CSS, and HTML5, with a responsive design optimized for mobile devices. While the site performs moderately well, there is room for improvement in accessibility and SEO enhancements. No CMS or hosting provider details were explicitly identified. From a security perspective, the website uses HTTPS, indicating basic encryption standards. However, there is a lack of visible security headers and no published security or incident response policies, which could be improved to enhance trust and compliance. The absence of privacy and cookie policies represents a compliance gap, especially under GDPR regulations. Overall, the website is trustworthy and professionally maintained, with clear business contact information and no signs of malicious content or blocking mechanisms. Strategic improvements in privacy compliance and security transparency would further strengthen the company's digital maturity and customer trust.

A

Adnovum

adnovum.ch

68

Adnovum is a technology company specializing in digital business solutions, cybersecurity, consulting, and cloud services, with a strong focus on banking, insurance, public sector, and transportation industries. The company positions itself as a trusted partner with over 30 years of experience, delivering tailored software and security solutions to enterprises and organizations. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content that targets enterprise clients seeking digital transformation and security expertise. Technically, the website is built on the HubSpot CMS platform, leveraging modern analytics and marketing tools such as Google Analytics 4, Google Tag Manager, and Facebook Pixel. The site is mobile-optimized, accessible, and SEO-friendly, indicating a well-maintained digital infrastructure. Security best practices are observed with HTTPS enforcement and security headers, though explicit security policy and incident response information are not publicly detailed. From a security perspective, the site demonstrates good posture with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, featuring clear privacy and cookie policies with consent mechanisms aligned with GDPR requirements. However, the absence of WHOIS registration data and domain transparency slightly reduces trustworthiness, suggesting possible privacy protection or registration under a different domain variant. Overall, Adnovum's website presents a professional, secure, and privacy-conscious digital front that supports its business credibility. Strategic improvements could include publishing detailed security policies, incident response plans, and enhancing domain registration transparency to further strengthen trust and compliance.

Ergon Informatik AG is a well-established Swiss IT company founded in 1984, specializing in custom software development, digital transformation consulting, security solutions, and advanced technologies such as artificial intelligence and blockchain. The company holds a strong market position in Switzerland and Germany, serving diverse industries including finance, healthcare, retail, and government. Their business model focuses on delivering tailored software solutions and consulting services to ambitious organizations seeking digital innovation and operational excellence. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive service descriptions. Technically, the website employs modern web technologies including JavaScript frameworks (likely Vue.js), CSS, and integrates a consent management platform (Usercentrics) alongside Google Tag Manager for analytics. The site is mobile-optimized, fast-loading, and SEO-friendly, indicating a high level of digital maturity. Security measures such as HTTPS enforcement, security headers, and privacy compliance mechanisms are in place, demonstrating a responsible approach to user data protection. From a security perspective, the site shows good practices with no visible vulnerabilities or exposed sensitive information. However, explicit security policies and incident response contacts are not publicly available, which could be improved to enhance transparency and trust. Privacy compliance is strong, with GDPR-aligned cookie consent and a detailed privacy policy. Overall, Ergon Informatik AG presents a trustworthy and professional online presence with robust technical and privacy standards. Strategic recommendations include publishing explicit security policies, adding vulnerability disclosure information, and enhancing incident response readiness to further strengthen their security posture and stakeholder confidence.

I

iJUG Interessenverbund der Java User Groups e.V.

ijug.social

64

The website ijug.social serves as a decentralized social network platform powered by Mastodon, specifically targeting the Java User Groups community under the non-profit organization iJUG Interessenverbund der Java User Groups e.V. It provides a niche social networking service within the fediverse, fostering community engagement and collaboration among Java enthusiasts. The platform is administered by the iJUG e.V. infrastructure team, with clear contact information and a professional presentation. Technically, the site leverages Mastodon version 4.4.5 with modern web technologies including React and ES modules, offering a responsive and user-friendly experience. Security posture is moderate, with HTTPS implied but lacking explicit security headers and cookie consent mechanisms. Privacy compliance is supported by a clear privacy policy, though terms of service and cookie policies are absent. Overall, the domain registration is privacy protected but consistent with the organization's identity, indicating legitimacy. The site is free from adult or questionable content, targeting a general audience of technology professionals and enthusiasts.

B

B4Takeoff.net

b4takeoff.net

55

B4Takeoff.net is a specialized digital platform providing electronic flight logbook services compliant with European aviation regulations. It targets pilots and aviation professionals, offering features such as flight tracking, license monitoring, checklists, and multi-user collaboration. The business operates on a subscription model with free registration and premium paid plans, positioning itself as a niche but recognized player in the aviation digital tools market. Technically, the website uses standard web technologies (HTML, CSS, JavaScript) with moderate performance and good mobile optimization. Security posture is adequate but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms. Overall, the site is professional, trustworthy, and well-aligned with its business goals.

H

Togel HK ~ Pengeluaran HK Pools ~ Angka Keluaran HK ~ Data HK Hari Ini ~ Result HK Prize

hplc2023-duesseldorf.com

47

The website eurocorr2021.org operates as an e-commerce platform focused on providing lottery-related data and results, specifically targeting the Indonesian market interested in Togel HK (Hong Kong pools). The business model revolves around selling lottery data and results, catering to online lottery players. The site is built on the Squarespace platform, leveraging standard web technologies and Cloudflare DNS services. The technical infrastructure is basic but functional, with moderate performance and mobile optimization. Security posture is adequate with HTTPS and HSTS enabled, but lacks advanced security headers and DNSSEC. The WHOIS data raises significant concerns due to a future domain creation date and use of a domain drop catching registrar, which undermines trust and legitimacy. No privacy, cookie, or terms of service policies are present, and no contact information is provided, limiting compliance and user trust. The content is gambling-related, targeting mature audiences, and the site does not employ WAF or blocking mechanisms, allowing full content access.

L

Land Berlin

berlin.de

63

Berlin.de is the official city portal of Germany's capital, Berlin, providing comprehensive information and services for residents, tourists, and stakeholders. The website offers a wide range of public services including online administrative procedures, cultural event information, tourism guidance, and career opportunities within the city administration. It serves as a central hub for official communications and citizen engagement, reflecting the city's governance and community priorities. Technically, the website is hosted on Amazon AWS infrastructure, utilizing a custom or proprietary CMS with a modern JavaScript and CSS stack. The site demonstrates good mobile optimization, accessibility features, and SEO practices, ensuring a positive user experience across devices. The use of async scripts and crossorigin attributes indicates attention to performance and security. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in its HTML content. However, it lacks explicit security headers and does not publicly provide vulnerability disclosure or incident response information, which are areas for improvement. Privacy compliance is strong with a comprehensive GDPR-compliant privacy policy, though no cookie consent mechanism was detected. Overall, Berlin.de presents a trustworthy, professional, and well-maintained digital presence for the city government, with minor gaps in security transparency and cookie consent that could be addressed to enhance compliance and user trust.

B

Bundesministerium für wirtschaftliche Zusammenarbeit und Entwicklung

bmz.de

74

The Bundesministerium für wirtschaftliche Zusammenarbeit und Entwicklung (BMZ) is the German Federal Ministry responsible for planning and implementing Germany's development policy. The website serves as an official government platform providing information on development cooperation, policy updates, press releases, and international collaboration efforts. It targets citizens, partner organizations, and international development stakeholders. The site is professionally designed with consistent branding and offers content primarily in German with an English option.

B

Bundesministerium für Bildung, Familie, Senioren, Frauen und Jugend (BMBFSFJ)

bmfsfj.de

67

The Bundesministerium für Bildung, Familie, Senioren, Frauen und Jugend (BMBFSFJ) is the German federal ministry responsible for education, family affairs, senior citizens, women, and youth. The website serves as an official government portal providing comprehensive information, policy updates, and public services related to these sectors. It targets a broad audience including families, seniors, women, youth, and stakeholders in education and social policy. The ministry operates as a large government entity with a strong market position as a federal authority in Germany. Technically, the website employs a modern and accessible design with a custom framework (Rebrush) and uses Matomo analytics configured for privacy compliance. The site is mobile-optimized, SEO-friendly, and hosted under a German research network DNS, indicating a robust infrastructure. The content quality is excellent with clear navigation and rich, relevant information. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms aligned with GDPR. While some advanced security headers are missing, no vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the official government domain usage, reinforcing legitimacy. No WAF or blocking mechanisms were detected, allowing full content accessibility. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations. Strategic recommendations include enhancing security headers, publishing explicit security policies, and adding a vulnerability disclosure mechanism to further strengthen the security posture.

The website www.zug.ch serves as the official online portal for the canton and city of Zug in Switzerland, providing a wide range of government-related information and public services. It targets residents, businesses, and visitors by offering access to political bodies, administrative departments, education, health, social services, tax information, and more. The portal links extensively to official canton and city subdomains, reinforcing its role as a trusted government resource. Technically, the site employs established JavaScript libraries such as jQuery and jQuery UI to deliver interactive features like accordions and carousels. The use of HTTPS ensures secure communication, and the site appears to be mobile-optimized with responsive CSS stylesheets. However, the absence of explicit privacy and cookie policies, as well as missing security headers, indicates areas for improvement in compliance and security hardening. From a security perspective, the site shows no signs of WAF blocking or security challenges, and no vulnerabilities or exposed sensitive data were detected in the provided content. The WHOIS data aligns well with the official government entity, confirming the domain's legitimacy and trustworthiness. Nonetheless, the lack of published privacy and cookie policies and incident response contacts reduces the overall privacy compliance score. Overall, www.zug.ch is a credible and professional government portal with good content quality and technical implementation. Strategic enhancements in privacy compliance and security headers would further strengthen its security posture and user trust.

V

Vereinsflieger.de

vereinsflieger.de

50

Vereinsflieger.de is a specialized online platform providing club management software tailored for flight sport clubs in Germany. The website offers services including online club administration, flight logging, seminar scheduling, and integrations with flight school solutions and electronic logbooks. The target audience primarily consists of flight clubs, flight instructors, and aviation enthusiasts within the German-speaking market. The business operates as a small-sized entity focusing on a niche transportation sector with a SaaS business model. Technically, the website is built with standard HTML, CSS, and JavaScript, hosted with DNS services from GoDaddy. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses password masking and cryptographic salts in login forms but lacks visible security headers and cookie consent mechanisms, which are recommended for GDPR compliance. No blocking or WAF mechanisms were detected, and the domain registration appears consistent with the business purpose. Overall, the website demonstrates a good balance of content quality, technical implementation, and business credibility, with room for improvement in security and privacy compliance.

C

Computer Online AG

on-res.com

48

The website on-res.com is operated by Computer Online AG, a Swiss company specializing in providing an online reservation and administration system tailored for aviation clubs, flight schools, and charter services. The platform offers real-time flight scheduling, digital flight logs approved by Swiss aviation authorities (BAZL), technical maintenance logs, and integration with Swiss accounting software (Comatic). The business model is that of an Application Service Provider (ASP), targeting niche aviation organizations primarily in Switzerland. The company has been established since 2002, indicating a mature presence in its market segment. Technically, the website employs basic web technologies including HTML, CSS, JavaScript, and jQuery 2.2.4. It supports multiple browsers and mobile devices such as iPads and iPhones, though mobile optimization is basic. The site lacks modern CMS frameworks and advanced SEO or accessibility features, reflecting a functional but dated technical infrastructure. From a security perspective, the domain is registered with a reputable registrar and has a long history, supporting legitimacy. However, the site lacks DNSSEC, security headers, and published privacy or cookie policies, which are notable compliance and security gaps. No WAF or blocking mechanisms are detected, and no analytics or tracking scripts are present, indicating minimal user tracking. Contact information is clearly provided, enhancing trust. Overall, the website scores moderately on content quality and business credibility but lower on technical implementation and privacy compliance. Strategic improvements in security headers, privacy documentation, and modernizing the technical stack would enhance the site's security posture and user trust.

B

Bank Cler

cler.ch

76

Bank Cler is a Swiss financial institution focused on providing comprehensive banking services to private customers, including investment strategies and mobile banking solutions. The website reflects a mature digital presence with multilingual support and clear navigation tailored to its target audience. Technically, the site employs modern tracking and consent management tools such as Google Tag Manager and OneTrust, ensuring compliance with privacy regulations. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly detailed. Overall, the site demonstrates professionalism and trustworthiness consistent with a reputable banking entity.

E

Eventfrog

eventfrog.ch

76

Eventfrog is a Switzerland-based event calendar and ticket sales platform, positioning itself as the largest event calendar in the country with over 25,000 published events. The platform enables users to discover events and sell tickets easily and free of charge, targeting a broad general audience interested in events and parties. The website is professionally designed with consistent branding and clear business contact information, enhancing its credibility and trustworthiness. Technically, the website employs standard web technologies including JavaScript and CSS, with moderate performance and good mobile optimization. SEO practices are well implemented with comprehensive meta tags and Open Graph data, although accessibility features are basic. The site uses tracking pixels from Meta and Google Tag Manager for marketing and analytics purposes but lacks a visible cookie consent mechanism, which may impact privacy compliance. From a security perspective, the site enforces HTTPS and includes domain verification meta tags for Google, Facebook, and Microsoft, indicating some level of security awareness. However, no explicit security headers or vulnerability disclosure information are present, and privacy and cookie policies are not found in the provided content. The WHOIS data is consistent with the website's claims, showing legitimate registration and no privacy protection, which supports the domain's trustworthiness. Overall, Eventfrog presents a solid business and technical foundation with room for improvement in privacy compliance and security best practices. Strategic recommendations include publishing comprehensive privacy and cookie policies with consent mechanisms, implementing security headers, and providing vulnerability disclosure and incident response information to enhance user trust and regulatory compliance.

B

Berner Fachhochschule

digisus-lab.ch

61

Berner Fachhochschule's Digital Sustainability Lab is a research and development unit focused on enhancing digital and innovative capabilities within the public sector. The lab offers software development, UI/UX design, data visualization, and consulting services related to digital transformation, open source, and AI. The website reflects a well-established academic institution with a clear mission to foster sustainable digital solutions for public administration. Technically, the site uses modern web technologies including Google Tag Manager and OneTrust for cookie consent, ensuring good performance and compliance with basic privacy standards. Security posture is solid with HTTPS and obfuscated emails, though explicit security policies and vulnerability disclosures are absent. Overall, the site is professional, trustworthy, and serves its target audience effectively.

P

pretalx

pretalx.com

68

pretalx is a specialized conference management software platform that facilitates the entire event planning process from Call for Papers to scheduling and publishing. It is positioned as an open source, customizable, and extendable solution trusted by a variety of conferences including PyCon and JuliaCon. The platform targets conference organizers seeking a flexible and transparent tool to manage submissions, reviews, communications, and scheduling. Technically, the website is well-structured with modern HTML, CSS, and JavaScript, optimized for mobile and SEO, and hosted under a reputable German registrar. Security posture is solid with HTTPS enabled and domain transfer protections, though improvements such as DNSSEC and security headers are recommended. Privacy compliance is mostly addressed with clear privacy and terms of service pages, but lacks a cookie consent mechanism. Overall, pretalx demonstrates a mature digital presence with strong business credibility and trust signals.