Security Directory

D

DRK-Kreisverband Ludwigsburg e. V.

drk-ludwigsburg.de

58

DRK-Kreisverband Ludwigsburg e. V. is a local branch of the German Red Cross, providing a broad range of humanitarian, social, and emergency services to the community in Ludwigsburg, Germany. The organization focuses on emergency call services, first aid training, rescue operations, social support, and voluntary engagement. The website reflects a professional and consistent brand presence aligned with the national DRK identity. The target audience includes the general public and local residents seeking social and emergency assistance. Technically, the website is built on TYPO3 CMS, a robust and widely used content management system, with additional JavaScript libraries for UI elements such as sliders. The site employs Matomo analytics with a clear cookie consent mechanism, demonstrating a commitment to privacy and GDPR compliance. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. From a security perspective, the site uses HTTPS and implements a comprehensive cookie consent banner with opt-in for analytics and preference cookies. However, it lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website presents a trustworthy and professional digital presence for a non-profit humanitarian organization. Strategic improvements could include enhancing HTTP security headers, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to further strengthen security posture and trust.

M

Muthesius Kunsthochschule

muthesius-kunsthochschule.de

54

Muthesius Kunsthochschule is a medium-sized, specialized educational institution in Germany focused on art and design education. It offers a range of Bachelor and Master programs in fields such as Kommunikationsdesign, Industriedesign, Freie Kunst, and Raumstrategien. The institution maintains a strong market position as the only art university in Schleswig-Holstein with international reach and interdisciplinary offerings. The website is built on WordPress with a modern tech stack including jQuery, Events Manager, and accessibility plugins, hosted by planet-ocean-hosting. It features comprehensive content, good mobile optimization, and accessibility features. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. The site demonstrates good privacy compliance with GDPR-aligned policies and active user consent management. Overall, the website is professional, trustworthy, and well-maintained, supporting the institution's educational mission effectively.

Incom GmbH operates a specialized communication and collaboration platform tailored for higher education institutions, particularly targeting design and art universities in Germany. The platform facilitates modern teaching concepts, enabling seamless interaction between educators and students, and extends the scope of academic courses both temporally and spatially. The business model is based on a cost-effective SaaS offering with included support and consulting services, positioning Incom as a niche player in the educational technology sector. The company has been established since 2005, reflecting a mature presence in its market segment. Technically, the website employs a modern yet straightforward technology stack including Bootstrap, jQuery, Font Awesome, and Matomo for privacy-conscious analytics. The platform is custom-built without reliance on common CMS solutions, hosted under a reputable registrar with stable DNS configurations. The site demonstrates good mobile optimization and SEO practices, although some accessibility features could be enhanced. Performance is moderate, suitable for the target audience. From a security perspective, the website enforces HTTPS with AES 256-bit encryption, avoids third-party advertising and tracking services like Google Analytics, and respects user privacy by not profiling visitors. However, it lacks DNSSEC and important security headers such as Content-Security-Policy and HSTS, which are recommended to strengthen its security posture. No incident response or security policy information is published, which could be improved to enhance trust. Overall, the website is professional, trustworthy, and safe for general audiences, with no adult or questionable content. The domain registration data aligns well with the business claims, showing consistency and legitimacy. Strategic recommendations include implementing DNSSEC, adding security headers, publishing security policies, and introducing cookie consent mechanisms to improve GDPR compliance and security maturity.

V

VisionConnect GmbH

vision-connect.de

65

VisionConnect GmbH is a well-established digital agency based in Hannover, Germany, with over 25 years of experience since its founding in 1995. The company specializes in web development, design, SEO, and digital marketing services, leveraging platforms such as TYPO3 CMS and Wordpress. Their market position is strong, supported by long-term client relationships and a comprehensive service offering that includes strategy, design, technology, and communication solutions. The website reflects a professional and trustworthy digital presence with excellent content quality and user experience. Technically, the website is built on a modern stack with TYPO3 CMS, uses Matomo for privacy-conscious analytics, and implements GDPR-compliant cookie consent mechanisms. The site is mobile-optimized, accessible, and SEO-friendly, although some security headers could be improved. The SSL configuration is excellent, ensuring secure communications. However, there is no publicly available security policy or incident response information, which could be enhanced to improve transparency and trust. From a security perspective, the site demonstrates good practices such as HTTPS enforcement and privacy-respecting analytics settings. No vulnerabilities or suspicious content were detected. The WHOIS data aligns with the business claims, showing a domain age consistent with the company's history and no privacy protection that would obscure legitimacy. Overall, the security posture is solid but could benefit from additional security headers and published policies. The overall risk assessment is low, with the website presenting a professional, secure, and compliant digital presence. Strategic recommendations include enhancing security headers, publishing a security policy and incident response contacts, and considering a vulnerability disclosure mechanism to further strengthen trust and security culture.

D

DE-VAU-GE Gesundkostwerk Deutschland GmbH

de-vau-ge.de

51

DE-VAU-GE Gesundkostwerk Deutschland GmbH is a well-established German manufacturer specializing in breakfast cereals, muesli bars, plant-based drinks, and snacks. Founded in 1899, it holds a strong market position as one of Europe's largest producers in its sector, primarily serving the European food retail market including private label partnerships. The website reflects a mature digital presence with comprehensive product information, sustainability initiatives, and career opportunities. Technically, the site is built on WordPress with modern plugins and analytics tools, optimized for SEO and mobile use. Security posture is solid with HTTPS, anti-spam measures, and cookie consent mechanisms, though additional security headers and explicit security policies could enhance protection. Overall, the site demonstrates high professionalism, compliance with GDPR, and trustworthy business practices.

F

Frauen gewinnen

frauen-gewinnen.eu

55

Frauen gewinnen is a government-backed initiative focused on promoting women's participation in the labor market in Niedersachsen, Germany. The website serves as an informational and support platform, providing resources, project information, and networking opportunities to women at various stages of their careers, including special focus groups such as single mothers, refugees, and female entrepreneurs. The initiative is funded by the Niedersächsisches Ministerium für Soziales, Gesundheit und Gleichstellung and co-financed by the European Union through the RIKA program. The site is built on TYPO3 CMS and uses Matomo for analytics, reflecting a moderate level of digital maturity with good mobile optimization and accessibility.

M

Muthesius Kunsthochschule

muthesius.de

54

Muthesius Kunsthochschule is a specialized art university in Schleswig-Holstein, Germany, offering a range of Bachelor and Master programs in art, design, and spatial strategies. The institution emphasizes artistic freedom, interdisciplinary research, and international collaboration, serving a diverse student body including international students. The website reflects a mature digital presence built on WordPress, integrating accessibility and privacy compliance features such as cookie consent and GDPR-aligned policies. Social media and event information enhance community engagement. Security posture is solid with HTTPS and cookie management, though explicit security policies and incident response details are absent. Overall, the site is professional, trustworthy, and well-structured, supporting the institution's educational mission effectively.

CSC - Tieteen tietotekniikan keskus Oy is a Finnish non-profit specialized ICT service provider focused on scientific computing, data management, and digital solutions for research, education, and enterprises. Established in 1991, CSC holds a strong national position as a trusted partner for universities, research institutions, and companies, supporting digital transformation and green transition efforts. The website reflects a mature digital presence with comprehensive service descriptions, multi-language support, and clear contact channels. Technically, the site is built on WordPress with modern plugins and privacy-respecting analytics (Matomo), ensuring good performance, accessibility, and SEO. Security posture is solid with HTTPS enforced and cookie consent implemented, though DNSSEC and some security headers could be improved. Overall, CSC demonstrates high business credibility and digital maturity.

T

Tilastokeskus

stat.fi

65

Tilastokeskus is the official Finnish government statistics agency responsible for producing reliable and impartial official statistics about Finnish society. It leads and develops the state statistical system, serving a broad audience including policymakers, researchers, and the general public. The website demonstrates a mature digital presence with a modern Next.js and React-based infrastructure, hosted on Azure CDN, ensuring fast and mobile-optimized access. Security is robust with HTTPS, multiple security headers, and a clear cookie consent mechanism, although DNSSEC is not implemented. Privacy policies and terms of service are comprehensive and GDPR compliant, reflecting strong governance. Overall, the site is trustworthy, professional, and well-maintained, supporting the agency's mission effectively.

I

infoklick.ch, Kinder- und Jugendförderung Schweiz

infoklick.ch

46

infoklick.ch is a Swiss non-profit organization dedicated to promoting youth participation and improving information dissemination in the children and youth sector. With over 25 years of history, it holds a respected position in the Swiss youth promotion landscape. The website provides resources, partner networks, and community engagement opportunities targeting children and young people in Switzerland. Technically, the site is built on TYPO3 CMS, uses standard web technologies, and integrates both Google Analytics and Matomo for analytics, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and privacy-respecting analytics, but lacks advanced security headers and cookie consent mechanisms. Overall, the site is trustworthy, professional, and content-rich, though improvements in privacy compliance and security policies are recommended.

K

Kreisstadt Siegburg

siegburg.de

66

The website siegburg.de is the official online presence of the Kreisstadt Siegburg, a municipal government entity in Germany. It provides comprehensive information and digital services to residents and visitors, including service portals, issue reporting, council information, event calendars, and citizen engagement platforms. The site is well-structured and targets local citizens and stakeholders, emphasizing accessibility and user-friendly navigation. The business model is typical for a government portal, focusing on public service delivery and community engagement.

S

Stadtmuseum Siegburg

stadtmuseum-siegburg.de

10

Stadtmuseum Siegburg is a local cultural institution in Germany providing museum exhibitions, events, guided tours, and educational programs. The website serves as an information portal for visitors and community members interested in local history and art. The technical infrastructure is based on the ionas4 CMS with modern web technologies including JavaScript modules and Matomo analytics, indicating a moderate level of digital maturity. Security posture is strong with HTTPS and script integrity checks, though explicit security policies and incident response contacts are not published. Privacy compliance is partial, with a cookie consent mechanism but no visible privacy policy or terms of service. Overall, the website is professional, well-structured, and trustworthy, serving its target audience effectively.

C

Conventus Congressmanagement & Marketing GmbH

conventus.de

50

Conventus Congressmanagement & Marketing GmbH is a well-established congress agency based in Jena, Germany, with over 25 years of experience in managing congresses and events. Their website reflects a professional service provider targeting organizations and professionals seeking comprehensive congress management, including digital and hybrid event solutions. The company maintains a consistent brand presence and offers a range of specialized services such as IT service, greenscreen studio, and congress technology. Technically, the website is built on TYPO3 CMS with Bootstrap and FontAwesome, hosted on AWS infrastructure, and includes modern analytics tools like Matomo and Facebook Pixel. The site is mobile-optimized and SEO-friendly, providing a good user experience. Security-wise, the site uses HTTPS and implements cookie consent mechanisms, but lacks visible HTTP security headers and a published security policy or incident response contacts. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and consistency. The website does not contain any adult or questionable content and is fully accessible without WAF blocking.

K

Kiel Institute for the World Economy

ifw-kiel.de

58

The Kiel Institute for the World Economy is a respected German research institute specializing in globalization and global economic affairs. It serves academics, policymakers, and the public by providing research publications, datasets, and hosting events. The website is built on TYPO3 CMS with Bootstrap and uses Matomo for analytics, reflecting a modern and professional digital infrastructure. Security posture is adequate with HTTPS and cookie consent mechanisms, though it lacks explicit security policies and vulnerability disclosure information. The domain WHOIS data is minimal but shows stable DNS configuration. Overall, the site is trustworthy, professional, and content-rich, suitable for its target audience.

D

Deutsche Gesellschaft für Internistische Intensivmedizin und Notfallmedizin (DGIIN) / Österreichische Gesellschaft für Internistische und Allgemeine Intensivmedizin und Notfallmedizin (ÖGIAIN)

akutwissen.de

51

AkutWissen.de is a specialized e-learning platform developed by the Deutsche Gesellschaft für Internistische Intensivmedizin und Notfallmedizin (DGIIN) and the Österreichische Gesellschaft für Internistische und Allgemeine Intensivmedizin und Notfallmedizin (ÖGIAIN). It offers a range of courses, webinars, podcasts, and interactive forums focused on intensive and emergency medicine, targeting medical professionals and learners in German-speaking countries. The platform leverages Moodle LMS technology with a modern tech stack including YUI, jQuery, and Matomo analytics, ensuring a robust and accessible user experience. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. The website is professionally designed with clear navigation and consistent branding, supported by affiliations with recognized medical societies.

C

Conventus GmbH

icem2026.com

10

ICEM 2026 is a professionally managed international conference focused on Emergency Medicine, scheduled for June 2026 in Hamburg, Germany. The website serves as an information hub and registration portal for attendees, exhibitors, and partners, leveraging a modern TYPO3 CMS platform with integrated GDPR-compliant cookie consent and spam protection via hCaptcha. The site demonstrates good technical maturity with moderate performance and mobile optimization. Security posture is solid with HTTPS and form protections, though security headers and explicit security policies could be improved. WHOIS data confirms domain legitimacy and appropriate registration history. Overall, the site is trustworthy and well-positioned to support the conference's business objectives.

C

Conventus Congressmanagement & Marketing GmbH

dgina-kongress.de

10

The website dgina-kongress.de serves as the official portal for the 21st Annual Meeting of the Deutsche Gesellschaft für Notfallmedizin e.V. (DGINA) and the ICEM 2026 conference in Hamburg. It provides detailed event information, contact forms, and links to partner sites, targeting medical professionals and emergency medicine specialists. The site is professionally designed using TYPO3 CMS, with a clear structure and mobile optimization, supporting a positive user experience. Technically, it employs modern web technologies and integrates Matomo analytics for visitor tracking while maintaining GDPR compliance through a comprehensive cookie consent mechanism. Security posture is solid with HTTPS enforced and CAPTCHA protection on forms, though it lacks explicit security policies or incident response contacts. Overall, the domain registration aligns with the website content, indicating legitimacy and trustworthiness.

S

Softwareallianz Deutschland

softwareallianz.de

66

Softwareallianz Deutschland is a German-based IT services company specializing in providing IT experts and consulting services to businesses, particularly bridging the gap between IT mid-sized companies and large enterprises. Their website highlights competencies in areas such as Artificial Intelligence, Cybersecurity, Custom Software Development, E-Commerce, Microsoft, and SAP technologies. The company targets businesses seeking timely and specialized IT expertise for large projects. Technically, the website is built on WordPress with modern plugins including Yoast SEO and Matomo Analytics, indicating a mature digital infrastructure. The site is mobile optimized and SEO friendly, with good content quality and clear navigation. Security posture is solid with HTTPS enforced and CAPTCHA protections on forms, though explicit security policies and incident response contacts are absent. Overall, the site presents a professional and trustworthy business presence with room for improvement in privacy and security disclosures.

K

KlimAktiv

klimaktiv.de

50

KlimAktiv is a German climate consultancy focused on supporting businesses, associations, authorities, and private individuals in measuring and reducing their carbon footprint to achieve zero emissions. With over 20 years of experience, they offer a comprehensive range of services including CO₂ calculators, climate strategy development, communication, and climate protection projects. The website reflects a professional and consistent brand with a clear mission centered on climate protection and sustainability. Technically, the site employs modern web technologies such as Bootstrap 5, Livewire (Laravel), and Swiper.js for interactive elements. It uses Matomo for analytics, indicating a privacy-conscious approach. The site is mobile-optimized and well-structured, though some accessibility features could be improved. Performance is moderate with good SEO practices. From a security perspective, the website uses HTTPS and includes CSRF tokens, but lacks visible security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is limited by the absence of explicit privacy and cookie policies or consent mechanisms. Overall, KlimAktiv presents a trustworthy and professional online presence with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas would strengthen their security posture and regulatory adherence.

E

Energieküste

energiekueste.de

49

Energieküste is a regional platform and network based in Schleswig-Holstein, Germany, focused on advancing renewable energy initiatives and the energy transition. The website serves as a hub for connecting stakeholders including businesses, research institutions, policymakers, and the public. It offers project information, event announcements, newsletters, and news updates, positioning itself as a leading regional player in the renewable energy sector. Technically, the website is built on TYPO3 CMS, leveraging modern JavaScript libraries and Matomo for privacy-conscious analytics. The site is well-optimized for mobile devices, accessible, and SEO-friendly. It employs HTTPS and a cookie consent mechanism, demonstrating good digital maturity. From a security perspective, the site enforces HTTPS and uses cookie consent but lacks explicit security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns with the business claims, indicating a trustworthy domain registration. Overall, the website presents a professional, secure, and privacy-compliant digital presence suitable for its business goals. Strategic improvements could include publishing a security policy and enhancing HTTP security headers to further strengthen its security posture.

D

datamints.com GmbH

datamints.com

10

datamints.com GmbH is a well-established internet agency based in Penzberg, Germany, specializing in web design, online marketing, and software development with a strong focus on TYPO3 CMS and e-commerce platforms such as Shopware and OXID. The company targets businesses seeking comprehensive digital solutions and has a solid market position supported by over 20 years of experience and a client base including notable companies like Telekom and NTTDATA. Their service offerings cover strategy, design, programming, hosting, and campaign management, positioning them as a full-service digital partner. Technically, the website is built on TYPO3 CMS and integrates modern web technologies including Bootstrap, jQuery, and Leaflet. They employ Google Tag Manager and Matomo for analytics with a robust cookie consent mechanism ensuring GDPR compliance. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS and implements cookie consent management, but lacks several recommended security headers such as Content-Security-Policy and X-Frame-Options. No vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS registration data for the domain raises concerns about domain legitimacy, which slightly impacts the overall trust score. Overall, datamints.com GmbH presents a professional and trustworthy digital presence with strong business credibility and technical maturity. The main risk lies in the missing WHOIS data, which should be investigated further. Strategic improvements in security headers and formal security policies would enhance their security posture and trustworthiness.

L

Legal Cockpit

cockpit.legal

55

Legal Cockpit is a German-based service provider specializing in legal compliance solutions for websites and digital agencies. The company offers tools and consulting services to ensure websites meet legal requirements, particularly in the areas of privacy and data protection. The website is professionally designed, targeting website owners and agencies seeking legal security. The business operates in a niche market focused on legal compliance for digital businesses.

T

Thüringer Ministerium für Wirtschaft

efre-thueringen.de

58

The website www.efre-thueringen.de represents the Thüringer Ministerium für Wirtschaft's European Regional Development Fund (EFRE) program for the German state of Thüringen. It serves as an authoritative regional government portal providing comprehensive information on EU-funded development projects, funding opportunities, and strategic initiatives aimed at fostering regional growth, innovation, and sustainability. The site targets businesses, research institutions, and public stakeholders seeking funding and information about EFRE programs. Technically, the site is built on TYPO3 CMS, employs modern frontend libraries like Swiper.js, and uses Matomo for privacy-conscious analytics. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is solid with HTTPS and privacy-aware analytics, though it lacks visible cookie consent banners and explicit security policies. Overall, the domain and hosting align with German governmental infrastructure, supporting high legitimacy and trust. Strategic recommendations include enhancing GDPR compliance with visible cookie consent, publishing security and incident response policies, and adding security headers to strengthen defenses.

N

Nordwest Assekuranzmakler GmbH & Co. KG

nw-assekuranz.de

55

Nordwest Assekuranzmakler GmbH & Co. KG operates as an independent insurance broker based in Bremen, Germany, specializing in global insurance broking for industrial sectors. Their services encompass insurance management, risk management, risk assessment, due diligence, and provisions, targeting a diverse range of industries including renewable energy, transport, real estate, aerospace, and manufacturing. The company leverages its membership in the UnisonSteadfast network to provide global market access and specialized expertise. Technically, the website is built on the Contao CMS platform, utilizing modern web technologies such as jQuery and lazy loading for images, and integrates Matomo analytics with privacy-conscious configurations. The site demonstrates good mobile optimization, clear navigation, and professional design, reflecting a mature digital presence suitable for their target audience. From a security perspective, the website enforces HTTPS and employs cookie consent mechanisms aligned with GDPR requirements. However, explicit security headers and incident response policies are not evident, representing areas for improvement. No vulnerabilities or suspicious content were detected, and the domain registration data aligns well with the business claims, supporting the site's legitimacy. Overall, the website presents a trustworthy and professional front for the company, with strong business credibility and privacy compliance. Strategic enhancements in security policy transparency and technical security controls could further strengthen their security posture and stakeholder confidence.

S

Stadtwerke Schwerin GmbH

stadtwerke-schwerin.de

50

Stadtwerke Schwerin GmbH is a regional utility provider delivering electricity, gas, heat, fiber-optic internet, and water services primarily to customers in Schwerin, Germany. The company positions itself as a reliable and experienced service provider with over 30 years in the market, emphasizing personal customer service and sustainable regional engagement. Their website targets both private and business customers, offering detailed product information, customer portals, and interactive tariff calculators. Technically, the site is built on Drupal 10, uses Matomo for analytics, and integrates Usercentrics for cookie consent management, reflecting a modern and privacy-conscious digital infrastructure. Security posture is good with HTTPS enforced and no visible vulnerabilities, though explicit security headers could be improved. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the website is professional, well-structured, and trustworthy, supporting the company's market position as a key regional energy and telecommunications provider.

S

Sønderborg Kommune

sonderborgkommune.dk

76

Sønderborg Kommune operates as the official municipal government website for the Sønderborg region in Denmark, providing a comprehensive range of public services to its citizens. The site targets residents and visitors seeking information on personal affairs, health and care, construction, education, traffic, employment, and environmental issues. It holds a strong market position as a local government authority with a well-established digital presence since 1997. Technically, the website leverages Drupal CMS, integrates privacy-focused analytics via Matomo, and employs Cookiebot for GDPR-compliant cookie consent management. The site demonstrates good mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure suitable for public sector needs. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms to comply with privacy regulations. However, it lacks explicit security headers and a public security policy or incident response contact, which are areas for improvement. No critical vulnerabilities or WAF blocking were detected, indicating a stable security posture. Overall, Sønderborg Kommune's website is a trustworthy, professional, and privacy-conscious platform that effectively serves its public audience. Strategic enhancements in security policy transparency and DNS security could further strengthen its risk profile and compliance stature.

The website pendlerinfo.org serves as an official information portal provided by the Region Sønderjylland-Schleswig, a regional government entity focused on cross-border cooperation between Germany and Denmark. It offers advisory services, publications, news, and mobility barrier reporting for cross-border commuters, businesses, and residents. The site is well-positioned as a trusted regional government resource with a clear target audience and a stable market presence since 2005. Technically, the website employs a traditional web stack with jQuery and related plugins, Matomo analytics configured for privacy, and Monsido for accessibility and heatmaps. The site is hosted under a reputable registrar and uses HTTPS, though DNSSEC is not enabled. Mobile optimization and accessibility are basic but functional, with good SEO practices. From a security perspective, the site demonstrates good baseline practices including HTTPS, clientTransferProhibited domain status, and privacy-conscious analytics. However, it lacks advanced security headers and explicit security or incident response policies. No vulnerabilities or suspicious content were detected. Overall, the website is a reliable, safe, and professional government service portal with moderate technical sophistication and good privacy compliance. Strategic improvements in security headers, cookie consent mechanisms, and incident response documentation would enhance its security posture and user trust.

Region Sønderjylland-Schleswig is a regional governmental and cooperative organization focused on fostering cross-border collaboration between Denmark and Germany. The website serves as an information hub detailing the organization's structure, political bodies, working areas, and news updates. It targets residents, public authorities, and stakeholders in the border region, providing resources such as newsletters and mobility barrier reporting. Technically, the website employs a jQuery-based tech stack with plugins for sliders and navigation, and integrates Matomo analytics with privacy-conscious configurations. Accessibility tools like Monsido are also used to enhance user experience. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though security headers and explicit security policies are absent. The WHOIS data is unavailable, limiting domain trust analysis, but the website's content and partner affiliations indicate legitimacy. Overall, the site is professionally designed, functional, and compliant with GDPR, suitable for its public service role.

The Region Sønderjylland-Schleswig website serves as an informational platform for a regional government cooperation entity focused on bridging the German-Danish border region. It provides comprehensive details about organizational structure, working fields, press releases, and cross-border initiatives. The site targets citizens, local authorities, employers, and media representatives interested in regional collaboration and public services. The business model is centered on public administration and regional cooperation, positioning itself as a key facilitator of cross-border dialogue and projects. Technically, the website employs a mature but somewhat traditional technology stack including jQuery, Matomo for analytics, and Monsido for accessibility and heatmap tracking. The CMS appears to be webEdition, a specialized content management system. The site is moderately optimized for performance and mobile devices, with good SEO practices and basic accessibility features. Hosting details are not explicit but the domain uses ns14.net nameservers, indicating professional hosting. From a security perspective, the site uses HTTPS and disables cookies in analytics to enhance privacy. However, it lacks explicit security headers and published security or incident response policies. No vulnerability disclosure or security.txt files are present. The privacy and cookie policies are present and GDPR compliant, reflecting a good privacy posture. No critical vulnerabilities or suspicious elements were detected. Overall, the website is trustworthy, professional, and well-aligned with its public service mission. It demonstrates a solid privacy and compliance stance but could improve in security transparency and technical modernization. The risk level is low, with recommendations focusing on enhancing security headers, incident response readiness, and adding terms of service documentation.

W

WEtell

wetell.de

54

WEtell is a small German telecommunications company specializing in sustainable and fair mobile phone services. Founded in 2020, it positions itself as an ethical alternative in the telecom market, emphasizing climate neutrality, data privacy, and community engagement. The website reflects this mission with comprehensive content, clear navigation, and strong branding consistency. Technically, the site uses modern JavaScript frameworks such as Alpine.js and Swiper.js, integrates Matomo for analytics, and employs Cookiebot for GDPR-compliant cookie consent management. Security posture is solid with HTTPS enforced and CSRF protections in place, though formal security policies and incident response contacts are not publicly available. Overall, the site is professional, trustworthy, and well-optimized for mobile and accessibility. The domain WHOIS data aligns well with the business claims, showing no suspicious patterns. Recommendations include publishing explicit security policies and incident response information to further enhance trust and compliance.

The website 'Der echte Norden' serves as the official regional marketing and informational platform for Schleswig-Holstein, Germany. It promotes the region's economic sectors such as renewable energy, maritime industry, digital economy, and healthcare, targeting residents, businesses, investors, students, and workforce. The site provides rich multimedia content including videos and podcasts to engage its audience. Technically, it is built on TYPO3 CMS, employs Matomo for analytics with privacy-conscious configurations, and uses a cookie consent mechanism compliant with GDPR. The site is mobile-optimized and accessible with clear navigation and professional design. From a security perspective, the website enforces HTTPS and disables cookies in analytics to enhance privacy. However, it lacks explicit security headers and dedicated security or incident response policies. No vulnerabilities or suspicious elements were detected. The WHOIS data is privacy protected, which is common for such public-facing regional websites, and no suspicious registration patterns were found. Overall, the site demonstrates a good security posture and compliance with privacy regulations. The risk assessment is low with no critical issues identified. Strategic recommendations include implementing security headers, publishing security policies, and maintaining up-to-date third-party scripts. The website is trustworthy, professional, and serves its purpose effectively as a regional promotional platform.

K

KlimAktiv gemeinnützige Gesellschaft zur Förderung des Klimaschutzes mbH

co2-rechner.de

52

The CO2-Rechner website is an official environmental tool operated by KlimAktiv on behalf of the German Umweltbundesamt (UBA). It provides a comprehensive CO2 footprint calculator that includes multiple greenhouse gases and covers various lifestyle aspects. The site targets private individuals, municipalities, and event organizers, offering detailed calculation tools and educational resources. The platform is well-positioned as a government-backed, scientifically supported service with strong trust signals and consistent branding. Technically, the website employs modern frameworks such as Bootstrap 5 and Alpine.js, integrates advanced charting libraries (AmCharts 5), and uses Klaro for GDPR-compliant cookie consent. Hosting is managed via DomainControl nameservers, and analytics are handled by Matomo with anonymized IP tracking, reflecting a privacy-conscious approach. The site is mobile-optimized, accessible, and SEO-friendly, with a professional design and clear navigation. From a security perspective, the site enforces HTTPS and uses secure cookie management. However, no explicit security policy or incident response contact is published, and HTTP security headers are not evident in the provided data. No vulnerabilities or suspicious content were detected. Privacy compliance is strong, with a detailed privacy policy and data protection officer contact provided. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance suitable for a government environmental service. Strategic improvements could include publishing a formal security policy, adding security headers, and establishing a vulnerability disclosure process to further enhance security posture and user trust.

F

FORSTORY

forstory.de

44

FORSTORY is a small Munich-based film agency specializing in storytelling with a focus on sustainability. The company positions itself as a niche player in the media industry, offering film production, impact films, workshops, and social business consulting. The website is professionally designed with clear navigation and good mobile optimization, reflecting a moderate level of digital maturity. The technical infrastructure includes modern web technologies such as HTML5, CSS3, JavaScript, and integration of Vimeo for video content. Matomo analytics is used for user tracking, indicating some privacy-conscious choices. Security posture is generally good with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and a privacy policy page, which are recommended for compliance and trust. No contact emails or phone numbers are explicitly provided on the site, which may affect user trust and business credibility. WHOIS data is minimal but consistent with the hosting provider, with no suspicious indicators. Overall, the website is safe, professional, and targeted at a general audience interested in sustainability storytelling.

B

BEW - Das Bildungszentrum für die Ver- und Entsorgungswirtschaft gGmbH

bew.de

56

BEW - Das Bildungszentrum für die Ver- und Entsorgungswirtschaft gGmbH is a well-established non-profit educational institution based in Germany, specializing in training and continuing education in environmental protection, waste management, energy, and related sectors. The organization offers a broad range of services including seminars, workshops, online live trainings, e-learning, and inhouse training, targeting professionals and organizations within the environmental and utility industries. Their market position is strong regionally, supported by certifications such as ISO 9001 and Ökoprofit, and a consistent brand presence across multiple digital channels. Technically, the website is built on TYPO3 CMS, leveraging modern web technologies including Bootstrap and jQuery, with integrated analytics via Matomo and Google Analytics. The site is mobile-optimized, accessible, and SEO-friendly, providing a positive user experience. Security measures include HTTPS enforcement and Google reCAPTCHA on forms, alongside a comprehensive cookie consent mechanism. However, the site lacks explicit security policies and incident response contact information. The security posture is solid with no visible vulnerabilities or exposed sensitive data, but could be enhanced by implementing additional HTTP security headers and publishing a formal security policy. Privacy compliance is strong, with clear privacy and cookie policies in German, and GDPR compliance indicators. The business credibility is high, supported by detailed contact information, certifications, and a professional content presentation. Overall, BEW demonstrates a mature digital presence with a focus on education and sustainability, though improvements in security transparency and incident response readiness are recommended to further strengthen trust and compliance.

L

LIFEe.V.

elearning-erkunden.de

44

eXplorarium is a well-established non-profit educational project based in Berlin, focused on integrating digital media and discovery learning into school curricula. The project collaborates with multiple schools and partners, including universities and embassies, and offers digital learning workshops and platforms such as Moodle. The website reflects a professional and consistent brand presence with good content quality and clear navigation tailored to educators and students. Technically, the site is built on WordPress with the Divi theme and uses Matomo analytics configured for privacy. Security posture is solid with HTTPS and privacy-conscious analytics, though it lacks some security headers and formal security policies. Overall, the site is trustworthy and compliant with GDPR, though cookie consent mechanisms and incident response information could be improved.

B

Bundeszentralamt für Steuern

bzst.de

65

The Bundeszentralamt für Steuern (Federal Central Tax Office) operates as the official German federal government agency responsible for tax administration and related services. The website serves multiple target audiences including private individuals, businesses, and government authorities, providing comprehensive tax-related information, digital services, and regulatory guidance. It holds a strong market position as the authoritative tax authority in Germany. Technically, the website is built on the Government Site Builder CMS and hosted by ITZBund, the federal IT service provider. It employs Matomo analytics hosted internally to ensure privacy compliance. The site is well-structured, mobile-optimized, and accessible, reflecting a mature digital infrastructure suitable for a government entity. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms aligned with GDPR. While explicit security headers and vulnerability disclosure pages are not detected, no critical vulnerabilities or exposed sensitive data were found. The WHOIS data aligns consistently with the official government entity, reinforcing legitimacy. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with minor recommendations to enhance security headers and publish incident response or vulnerability disclosure information.

OceanBlogs.org is an educational blogging platform dedicated to ocean science and marine research, featuring multiple blogs authored by scientists and students. The platform is affiliated with reputable research institutions such as GEOMAR and Future Ocean, enhancing its credibility within the marine science community. The website is built on WordPress and uses privacy-conscious Matomo analytics, reflecting a moderate level of digital maturity. While the site is well-structured and content-rich, it lacks visible contact information, cookie consent mechanisms, and formal security or terms of service policies, which are important for compliance and trust. The absence of WHOIS data limits full domain legitimacy verification. Overall, the site is a valuable resource for ocean science enthusiasts but would benefit from enhanced privacy and security disclosures.

M

MASLATON Rechtsanwaltsgesellschaft mbH

maslaton.de

42

MASLATON Rechtsanwaltsgesellschaft mbH is a German law firm specializing in renewable energy law, air traffic law, and other civil and public law areas. With headquarters in Leipzig and branches in Munich and Cologne, the firm serves businesses, municipalities, and aviation clients. It holds a strong market position as a top-ranked law firm in energy law, offering comprehensive legal services including wind energy, biomasse, photovoltaic, and electromobility. The website reflects a professional and trustworthy brand with clear contact channels and client testimonials. Technically, the website uses modern web technologies including Matomo analytics configured for privacy, SVG icons, and responsive design. Hosting is via kasserver.com, and the site is served over HTTPS with good SSL configuration. However, no explicit cookie consent mechanism or advanced security headers were detected, indicating room for improvement in privacy compliance and security hardening. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of a security policy or incident response contacts suggests limited transparency in security governance. The firm demonstrates GDPR compliance through a comprehensive privacy policy and cookie-less tracking setup. Overall, the website and domain registration data align well, indicating a legitimate and credible business presence. Strategic recommendations include implementing cookie consent, enhancing security headers, and publishing security and incident response policies to further strengthen trust and compliance.

I

ITAD e.V.

itad.de

45

ITAD e.V. is a well-established German industry association representing thermal waste treatment plants, holding a leading market position with over 90 member plants covering more than 95% of national treatment capacity. The organization focuses on promoting sustainable waste management, climate protection, and circular economy principles. Their website reflects a professional and consistent brand image, targeting industry stakeholders, members, and the press. Technically, the site is built on the Plone CMS platform, leveraging modern JavaScript libraries such as Swiper.js and Leaflet.js, and uses Matomo for privacy-conscious analytics. Hosting is provided by Hostsharing eG, a reputable provider. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is supported by a comprehensive privacy policy, but lacks a cookie consent mechanism. Overall, the website is trustworthy, well-maintained, and aligned with the organization's business goals.

I

ifeu gGmbH: Institut für Energie- und Umweltforschung Heidelberg gGmbH

ifeu.de

48

ifeu gGmbH is a well-established German non-profit research institute specializing in energy and environmental sustainability research and consulting. With over 45 years of experience and more than 120 employees across multiple locations, it serves a broad audience including national and international funding agencies, policymakers, and environmental stakeholders. The organization offers a range of services including environmental research, sustainability consulting, and development of analytical tools and models. The website reflects a professional and comprehensive digital presence with clear navigation and rich content focused on their research themes and projects. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and uses Matomo analytics configured for privacy compliance. Security posture is good with HTTPS and privacy-respecting analytics, though there is room for improvement in security headers and incident response disclosures. Overall, the website is trustworthy, well-branded, and serves as a credible platform for the institute's activities.

D

Deutsche Energie-Agentur GmbH (dena)

dena.de

66

Deutsche Energie-Agentur GmbH (dena) is a prominent German energy agency focused on promoting efficient, intelligent, and sustainable energy production and usage. It collaborates with public and private sector partners to advance the energy transition and climate protection efforts in Germany. The website reflects a professional and comprehensive digital presence, leveraging TYPO3 CMS and modern web technologies. It provides detailed information about its mission, projects, and services, targeting stakeholders in the energy sector and government entities. The site supports multiple languages, enhancing accessibility for international audiences. Technically, the website employs a mature infrastructure with strong privacy and consent management mechanisms, including Cookiebot for cookie consent and Matomo and Hotjar for analytics, ensuring GDPR compliance. The site is well-optimized for mobile devices and accessibility, with a clear navigation structure and professional design. Hosting is managed via secure providers, and HTTPS is enforced with appropriate security headers. From a security perspective, the site demonstrates good practices such as secure cookie handling, consent management, and absence of exposed sensitive data. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not publicly available, representing areas for improvement. Overall, the domain registration and hosting details align with the organization's legitimacy, supporting a high trust level. The overall risk assessment is low, with no indications of malicious content or security vulnerabilities. Strategic recommendations include publishing formal security and incident response policies, adding vulnerability disclosure information, and providing direct security contact channels to enhance transparency and trust.

D

Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH

collaborative-climate-action.org

47

The Partnership for Collaborative Climate Action website serves as a knowledge-sharing platform focused on fostering cooperation between national and subnational governments to address climate change effectively. It highlights the CHAMP initiative, providing resources, news, and events to support multilevel climate governance. The site is operated by Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, a reputable German development agency, positioning itself as a trusted source in the climate action domain. Technically, the website is built on WordPress with the Enfold theme and uses modern tools such as Smart Slider 3 and Matomo analytics. The infrastructure is stable, with HTTPS enabled and a moderate performance profile. Mobile optimization and SEO practices are good, though accessibility features are basic. The domain registration is consistent and appropriate, with no privacy protection, indicating transparency. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and explicit security headers. No security or incident response policies are published, and there is no cookie consent mechanism, which may impact GDPR compliance. The use of Matomo analytics suggests some privacy awareness, but overall privacy compliance is basic. Overall, the website is professional, trustworthy, and relevant to its target audience of government and climate stakeholders. However, improvements in security headers, privacy compliance, and explicit security policies would enhance its security posture and regulatory adherence.

R

RALU Logistika d.d.

ralulogistics.com

60

RALU Logistika d.d. is a well-established third-party logistics provider specializing in integrated cold chain services, including international and national transport, warehousing, and distribution across Croatia, Serbia, and Europe. The company has a strong market position supported by over 30 years of experience and a large fleet and infrastructure. Their website reflects a professional digital presence built on WordPress with Elementor, incorporating modern analytics and cookie consent mechanisms. Security posture is solid with HTTPS, domain transfer lock, and no detected vulnerabilities, though some security policies and disclosures could be improved. Overall, the company demonstrates transparency and compliance with GDPR, enhancing trustworthiness.

A

anemos Gesellschaft für Umweltmeteorologie mbH

anemos.de

45

anemos Gesellschaft für Umweltmeteorologie mbH is a specialized consultancy based in Germany providing environmental meteorology services focused on wind energy. With over 30 years of experience, the company offers a range of services including site assessment, wind atlas data, due diligence, and market value analysis, targeting wind energy investors, developers, and operators. The website reflects a professional and consistent brand image with clear navigation and comprehensive service descriptions. Technically, the site employs established JavaScript libraries and analytics tools with privacy-conscious implementations such as cookie consent and opt-in tracking. Security posture is moderate with room for improvement in HTTP security headers and explicit security policies. WHOIS data aligns well with the business claims, supporting legitimacy. Overall, the website is trustworthy and well-positioned in its niche market.

A

Ahnen&Enkel - Agentur für Kommunikation

ahnenenkel.com

46

Ahnen&Enkel is a specialized communication agency focused on the energy transition, sustainability, and infrastructure sectors. The company offers a range of services including corporate publishing, press work, project communication, and change communication. Their market position is that of a niche agency with a strong emphasis on content quality and targeted communication strategies for clients in the energy and environmental sectors. The website reflects a professional and consistent brand image, supported by a well-structured digital presence and client portfolio. Technically, the website is built on WordPress with modern plugins such as Yoast SEO, WPBakery Page Builder, and Slider Revolution. It uses Matomo for analytics with a GDPR-compliant cookie consent mechanism. The site is mobile-optimized and performs moderately well, though some accessibility improvements could be made. No hosting provider details were identified from the content. From a security perspective, the site enforces HTTPS and implements cookie consent controls, but lacks explicit security headers and dedicated security or incident response pages. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS registration data for the domain is a notable concern, suggesting either a WHOIS server issue or domain privacy service, which should be verified to confirm legitimacy. Overall, the website presents a low to moderate risk profile with strong content and privacy compliance but requires verification of domain registration and enhancement of security policies to improve trust and resilience.

O

OMICRON electronics GmbH

omicronenergy.com

10

OMICRON electronics GmbH operates a professional website focused on providing innovative power system testing solutions to the electrical power industry worldwide. The company offers products and services for testing, diagnostics, and monitoring of electrical assets, positioning itself as a specialized B2B provider in the energy sector. The website is built on TYPO3 CMS and integrates modern analytics and cookie consent technologies, reflecting a mature digital infrastructure. Security posture is strong with HTTPS enforced and privacy compliance mechanisms in place, although explicit security headers and incident response information are absent. The absence of WHOIS data reduces transparency but does not detract significantly from the site's legitimacy given the professional content and technology usage. Overall, the website demonstrates good technical and business maturity with room for improvement in security disclosures and registrant transparency.

F

Feustel Gärten und Ideen GmbH

feustel.de

50

Feustel Gärten und Ideen GmbH is a German garden design and landscaping company offering comprehensive services including garden planning, execution, and maintenance. The company positions itself as a traditional and professional provider targeting garden enthusiasts and homeowners in Germany. Their website is built on TYPO3 CMS with a modern responsive design and includes detailed service descriptions and themed garden inspirations. Technically, the site uses Bootstrap and FontAwesome, with analytics implemented via Matomo and Google Analytics, and a GDPR-compliant cookie consent mechanism. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers and explicit security policies could be improved. Contact information is clearly presented, but no terms of service or incident response contacts are found. Overall, the website is professional, trustworthy, and compliant with privacy regulations.

G

G. Umbreit GmbH & Co. KG

umbreit.de

53

G. Umbreit GmbH & Co. KG operates a professional and comprehensive website focused on book distribution, e-commerce solutions, and related services primarily targeting book retailers, publishers, and e-commerce businesses in Germany. The company offers a broad portfolio including logistics, digital content, and customer support, positioning itself as a key regional player in the retail and e-commerce sectors. The website is built on TYPO3 CMS with modern frontend technologies and integrates Matomo analytics for privacy-conscious user tracking. Security posture is solid with HTTPS and secure forms, though improvements are recommended in cookie consent and security policy transparency. WHOIS data confirms domain legitimacy and consistency with the business profile. Overall, the site demonstrates good technical maturity, business credibility, and user experience, making it a trustworthy platform for its target audience.

G

Groupe Interaction

interaction-interim.com

55

Interaction Interim is a French staffing agency specializing in interim employment across multiple sectors including transport, logistics, industry, healthcare, building, and commerce. The company operates a professional and content-rich website built on Drupal 10, featuring job offers, training programs, and benefits for temporary workers. The site is well-structured, mobile-optimized, and includes GDPR-compliant privacy and cookie policies. Analytics and tracking are implemented via Matomo, Google Tag Manager, Hotjar, and Facebook Pixel, indicating a mature digital marketing approach. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, though the absence of a published security policy and incident response information is noted. WHOIS data is unavailable, which raises some questions about domain registration transparency, but the website content and branding suggest a legitimate business presence. Overall, the site scores well on content quality, technical implementation, and business credibility, with recommendations to improve security transparency and WHOIS data availability.