Security Directory

P

UNSERE HALTUNG | DIE SCHWEIZER CASINOS

playerprotection.ch

62

The website www.playerprotection.ch appears to be a small Swiss business focused on player protection services. The site is built using the Wix platform and hosted on Wix infrastructure, utilizing standard Wix scripts and Sentry for error monitoring. The business content is minimal and lacks detailed descriptions, contact information, or formal policies such as privacy or cookie policies. The technical infrastructure is modern but basic, with moderate performance and mobile optimization. Security posture is adequate with HTTPS enabled and some monitoring tools, but lacks comprehensive security headers and formal security policies. Overall, the site presents a low to moderate risk profile but would benefit from enhanced transparency and compliance documentation.

S

Sucht Schweiz

dipendenzesvizzera.ch

62

Sucht Schweiz is a Swiss non-profit foundation dedicated to preventing and mitigating problems related to the consumption of psychoactive substances and addictive behaviors. The organization operates with a clear mission focused on research, prevention, information dissemination, and advocacy. The website reflects a mature digital presence with multilingual support, professional design, and integrated donation capabilities. Technically, the site is built on WordPress with modern plugins and frameworks, including Yoast SEO and Usercentrics for consent management. Security posture is good with HTTPS and no exposed sensitive data, though explicit security headers and policies are not evident. Privacy compliance is partial, with cookie consent implemented but no visible privacy policy or terms of service pages in the provided content. Business credibility is high, supported by consistent WHOIS data and professional content.

S

Sucht Schweiz

addictionsuisse.ch

62

Sucht Schweiz is a Swiss non-profit foundation dedicated to preventing and mitigating problems related to the consumption of psychoactive substances and addictive behaviors. The organization operates with a strong focus on research, prevention, information dissemination, and advocacy. Their website reflects a mature digital presence with multilingual support, professional design, and clear calls to action such as donations and educational offerings. The foundation targets a broad audience including professionals, affected individuals, and the general public interested in addiction-related topics. Technically, the website is built on WordPress using modern frameworks and libraries such as Flynt, Swiper.js, and Usercentrics for consent management. It integrates analytics tools like Google Analytics and Facebook Pixel with user consent mechanisms, indicating compliance with privacy regulations. The site is mobile optimized and accessible, with good SEO practices implemented via Yoast SEO. From a security perspective, the site enforces HTTPS and uses consent management but lacks visible security headers and explicit security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the provided content. WHOIS data confirms the domain's legitimacy and consistency with the organization's identity. Overall, Sucht Schweiz presents a trustworthy and professional online presence suitable for its non-profit mission. However, improvements can be made in publishing explicit privacy and security policies and enhancing security headers to strengthen compliance and trust.

The domain landrover-vertragspartner.de appears to be registered but the website content is inaccessible, displaying only a minimal message indicating the host name is not valid for the server. No business information, metadata, or contact details are available, making it impossible to assess the company's operations or market position. The technical infrastructure appears minimal or misconfigured, with no detectable CMS, scripts, or security headers. The security posture is poor due to lack of HTTPS and absence of security best practices. Overall, the website is non-functional and does not provide any meaningful content or business presence.

The website jaguar-vertragspartner.de is currently inaccessible, presenting only a minimal error message indicating the host name is not valid for the server. Due to this, no meaningful business information, metadata, or content is available for analysis. The domain is registered with name servers pointing to your-server.de and second-ns.de, but no registrant details or domain age information are provided. The lack of accessible content and absence of HTTPS severely limit the ability to assess the website's technical maturity or security posture. No privacy, cookie, or terms of service policies are present, and no contact information is available, which further reduces trustworthiness. Overall, the site appears either misconfigured or inactive, resulting in a very low AI score and high risk from a security and compliance perspective.

A

audaris GmbH

audaris.de

60

audaris GmbH is a German-based technology company specializing in digital marketing and cloud solutions tailored for the automotive dealership sector. As part of the betzemeier group, audaris offers a comprehensive suite of services including vehicle management software, digital marketing, image and video solutions, dealership websites with integrated online trade, and B2B sales platforms. The company positions itself as a digital full-service provider for automotive dealers, leveraging cloud technologies and innovative marketing tools to enhance lead generation and operational efficiency. Technically, the website employs modern web technologies such as jQuery, Foundation CSS framework, Google Tag Manager, and Google reCAPTCHA Enterprise, indicating a mature digital infrastructure. The site is hosted on Schlundtech servers, uses HTTPS with strong SSL configuration, and implements a detailed cookie consent mechanism compliant with GDPR. The website is mobile-optimized, accessible, and SEO-friendly, supporting a positive user experience. From a security perspective, the site demonstrates good practices including HTTPS enforcement, use of reCAPTCHA to prevent abuse, and granular cookie consent. However, it lacks explicit security policies, incident response contacts, and security.txt files, which are recommended for enhanced transparency and vulnerability management. No critical vulnerabilities or exposed sensitive data were detected. Overall, audaris GmbH presents a credible, professional online presence with strong business and technical foundations. The company’s integration within the betzemeier group and visible trust indicators such as awards and Google Partner status further reinforce its market position. Strategic improvements in security transparency and incident response readiness would enhance its security posture and stakeholder trust.

I

ilogs smartwear GmbH

mynextring.com

47

MYnextRING is a health-focused wearable technology company offering a smart ring that monitors various biometric data such as heart rate, sleep, stress, and activity. The company positions itself as a premium European brand with a focus on privacy and user-friendly design. The website is well-developed using WordPress and WooCommerce, integrating modern marketing and analytics tools. Security posture is good with HTTPS and domain transfer protection, though DNSSEC is not enabled and cookie consent mechanisms are missing. Contact information is clearly provided, enhancing business credibility. Overall, the website presents a professional and trustworthy digital presence suitable for its target market.

SafeMotion, operated by ilogs healthcare GmbH, is a specialized technology provider focused on lone worker safety solutions. Their offerings include professional 4G LTE smartwatches, pendants, smartphone apps, and a 24/7 alarm monitoring center. The company targets industries where lone working is common, such as production, construction, logistics, security, retail, social work, hospitality, and public administration. Their market position is that of a reliable and user-friendly safety system provider exceeding legal safety requirements. The website is multilingual and professionally designed, reflecting a small but credible technology business based in Austria. Technically, the website is built on WordPress with modern plugins for SEO and multilingual support. It uses HTTPS and secure AJAX forms but lacks some security headers and cookie consent mechanisms. The site performs moderately well with good mobile optimization and accessibility. No major vulnerabilities or exposed sensitive data were detected. Security posture is solid with HTTPS and secure form handling, but the absence of explicit security policies and incident response contacts is a gap. WHOIS data is minimal and privacy protected, which slightly reduces trust but is common for small businesses. Overall, the site is professional, trustworthy, and compliant with GDPR, though improvements in cookie consent and security transparency are recommended. The risk assessment is low, with no signs of malicious activity or suspicious content. Strategic recommendations include implementing security headers, adding cookie consent, publishing security policies, and enhancing WHOIS transparency to improve trust and compliance.

I

ilogs healthcare GmbH

james4sales.de

51

James4Sales is a specialized B2B sales application targeting the home emergency call sector, offering digital contract capture and standardized customer consultation to optimize sales processes. The company behind the website is ilogs healthcare GmbH, based in Munich, Germany. The website presents a professional and consistent brand image with clear contact information and legal pages, positioning itself as a niche provider in healthcare sales solutions. Technically, the website is built on WordPress using the Breakdance page builder plugin, enhanced with GSAP animations and Google Fonts. The site is mobile-optimized and performs moderately well, though there is room for improvement in accessibility and SEO. No analytics or tracking scripts were detected, indicating a minimal user tracking approach. From a security perspective, the site enforces HTTPS but lacks security headers and does not provide a privacy or cookie policy, which are important for GDPR compliance. No incident response or vulnerability disclosure information is available. The WHOIS data is minimal but does not raise immediate red flags, though the lack of registrant details slightly reduces trust. Overall, the website is safe, professional, and business-focused but would benefit from enhanced privacy compliance, security hardening, and transparency to improve trust and regulatory adherence.

The Industrie- und Handelskammer Lüneburg-Wolfsburg (IHK Lüneburg-Wolfsburg) is a regional chamber of commerce serving approximately 70,000 businesses across several districts in Germany. The website provides comprehensive information and services including business consulting, education, networking, and support for startups. It targets businesses and entrepreneurs in the Lüneburg-Wolfsburg region, positioning itself as a key regional economic facilitator. Technically, the website is built on the CoreMedia CMS platform and integrates modern web technologies including JavaScript, CSS, and HTML5. It employs third-party services such as eTracker for analytics, CCM19 for cookie consent management, and Userlike for chat support. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. From a security perspective, the site enforces HTTPS, uses CSRF tokens in forms, and provides a granular cookie consent mechanism. However, it lacks publicly visible security policies, incident response contacts, and security headers which could enhance its security posture. No vulnerabilities or exposed sensitive data were detected. Overall, the website is professional, trustworthy, and compliant with GDPR requirements. It effectively serves its audience with relevant content and clear contact information. Strategic improvements in security transparency and incident response readiness are recommended to further strengthen trust and resilience.

B

Barberco

barberco.sk

43

Barberco.sk is a specialized e-commerce platform focused on selling barber and grooming products primarily targeting gentlemen, barbershops, and hairdressers in Slovakia and the Czech Republic. The website offers a wide range of products including hair care, beard care, shaving accessories, and professional barber equipment. It also supports a wholesale partner program for professionals in the industry. The site is well-structured with clear navigation, product categorization, and customer support channels, reflecting a mature regional retail business. Technically, the website uses modern web technologies such as jQuery, Slick Slider, and integrates analytics and user behavior tracking tools like Google Tag Manager and Hotjar. It is hosted behind Cloudflare DNS services, ensuring reliable performance and security. The site is mobile-optimized and includes accessibility features, although some improvements could be made. From a security perspective, Barberco.sk enforces HTTPS and uses secure login forms with CSRF tokens. While basic security headers are implied, explicit Content-Security-Policy and other headers are not confirmed and should be implemented. No vulnerabilities or exposed sensitive data were detected in the provided content. Privacy and cookie policies are present with consent mechanisms, indicating GDPR awareness, but no explicit security policy or incident response contacts are published. Overall, Barberco.sk presents a trustworthy and professional online retail presence with a solid business foundation and good technical implementation. Strategic improvements in security headers, incident response transparency, and accessibility would further enhance its security posture and compliance.

E

EVIDENT GmbH

evident.de

47

EVIDENT GmbH is a German company specializing in dental practice management software, targeting dental professionals and clinics. The website is built on WordPress using the Divi theme and includes event calendar functionality. The technical infrastructure is modern but shows room for improvement in security headers and privacy compliance. The security posture is moderate with no critical vulnerabilities detected but lacks explicit security policies and incident response information. Overall, the website is professional and safe, but enhancements in privacy and security transparency are recommended.

A

Agencija za komercijalnu djelatnost proizvodno, uslužno i trgovačko d.o.o.

e-red.hr

56

The website e-red.hr represents a Croatian service platform focused on appointment scheduling and online ordering for agencies such as AKD and HZMO. It targets Croatian users seeking to book appointments with these agencies. The business operates in a niche local market with a small company profile. Technically, the site is built using React and modern JavaScript technologies, delivering a moderate performance and good mobile optimization. The presence of Segment analytics indicates moderate user tracking. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit security policies. Privacy and cookie policies are present and indicate GDPR compliance. Overall, the site is professional and trustworthy with room for improvement in security and transparency.

The website mojamirovina.hr serves as a digital platform providing individualized pension information to Croatian citizens. It is part of the MOJA MIROVINA project aimed at enhancing REGOS services in the labor market. The platform offers an anonymous pension calculator and detailed pension-related data, targeting the general public interested in retirement planning. The site is government-backed, with partnerships including the Croatian Pension Insurance Institute (HZMO) and co-financing from the European Social Fund, positioning it as a credible and authoritative source in the pension sector. Technically, the website is built using modern frontend technologies such as Nuxt.js and Vue.js, styled with Tailwind CSS and enhanced with PrimeVue components. It is hosted by a local Croatian ISP, A1 Hrvatska d.o.o., ensuring regional hosting consistency. The site is mobile-optimized and accessible, though SEO and metadata could be improved. No major performance issues were detected, indicating a moderate to good technical maturity. From a security perspective, the site enforces HTTPS and uses secure form inputs but lacks visible security headers and a cookie consent mechanism, which are recommended for enhanced security and GDPR compliance. No vulnerabilities or exposed sensitive data were found in the HTML content. The WHOIS data is transparent and consistent with the business, reinforcing trustworthiness. However, the absence of a published security policy and incident response contacts suggests room for improvement in security governance. Overall, mojamirovina.hr is a trustworthy, government-supported platform with solid technical foundations and good business credibility. Strategic enhancements in privacy compliance, security headers, and incident response transparency would further strengthen its security posture and user trust.

A

Altera

altera.hr

48

Altera is a Croatian company specializing in the rental and sale of tents and pagodas for weddings, corporate events, sports events, and fairs. With over 20 years of experience, the company positions itself as a reliable partner for outdoor event solutions, offering additional equipment and services to support event organization. The website is professionally designed using WordPress with the Avada theme and includes modern plugins such as Slider Revolution and Yoast SEO, indicating a mature digital infrastructure. Security measures include HTTPS enforcement, reCAPTCHA integration, and standard security headers, reflecting a good security posture. However, the absence of explicit privacy and terms of service policies suggests room for improvement in compliance and transparency. Overall, the website is trustworthy, content-rich, and well-optimized for SEO and mobile devices, supporting Altera's market presence in the hospitality and event services sector.

C

Catering Team Majetić

cateringteammajetic.hr

46

Catering Team Majetić is a well-established catering company based in Zagreb, Croatia, with a strong family tradition dating back to 1998. The company specializes in high-quality catering services for weddings, corporate events, and private celebrations, operating both locally and across Europe. Their business model includes owning exclusive venues and collaborating with prestigious locations, positioning them as a premium service provider in the hospitality sector. The website reflects a professional and consistent brand image, supported by customer testimonials and media coverage. Technically, the site is built on WordPress using Elementor and Yoast SEO, with modern tracking tools like Google Tag Manager and Facebook Pixel integrated. The site is mobile-optimized and SEO-friendly, though some accessibility features could be improved. Security-wise, the site uses HTTPS and avoids exposing sensitive data but lacks some recommended security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is trustworthy and professional, with room for improvement in security and privacy transparency.

D

DISH Digital Solutions GmbH

eatbu.hr

64

DISH Digital Solutions GmbH operates a specialized website builder platform tailored for the hospitality industry, targeting restaurants, cafes, bars, bakeries, and delivery services. The platform enables users to create websites quickly without coding knowledge, positioning itself as a niche digital solutions provider within the hospitality sector. The website content is professional, well-branded, and clearly communicates its value proposition to its target audience. Technically, the site employs modern web technologies including Bootstrap, Google Tag Manager, Adobe Dynamic Tag Manager, and a Usercentrics consent management platform, indicating a mature digital infrastructure with good privacy compliance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers and a published security policy are absent. The absence of direct contact information and incident response details suggests areas for improvement in transparency and trust. Overall, the website is trustworthy, well-maintained, and compliant with GDPR, serving its business purpose effectively.

O

Obiteljsko Poljoprivredno Gospodarstvo Damjanić Ivan

damjanic.eu

45

Damjanić Wines is a small family-owned winery based in Fuškulin near Poreč, Croatia, with a long tradition dating back to the early 18th century. The company produces a variety of wines and olive oil, offers wine tastings by appointment, and operates a webshop for direct sales. Their market position is that of a leading regional winery in Istria, targeting wine consumers, tourists, and distributors. The website is multilingual and professionally designed to support their business model and customer engagement. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and various frontend libraries. Hosting is provided by a Croatian hosting company, and the site uses HTTPS with a cookie consent mechanism to comply with GDPR. Performance and mobile optimization are good, though accessibility features are basic. SEO is well implemented with proper meta tags and structured data. From a security perspective, the site enforces HTTPS and uses cookie consent banners but lacks advanced security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the business information, indicating a legitimate and trustworthy domain. Overall, the website presents a professional and trustworthy online presence for a small winery business, with good privacy compliance and moderate security posture. There are opportunities to enhance security headers and incident response information to further improve trust and compliance.

S

Service-Bund GmbH & Co. KG

servicebund.de

58

Service-Bund GmbH & Co. KG is a well-established family-owned group founded in 1973, specializing in wholesale food and non-food products for professional kitchens, including gastronomy, hotels, and large-scale catering. The company operates through a consortium of regional subsidiaries across Germany and Austria, providing tailored delivery services and an online webshop. Their market position is strong within the hospitality sector, emphasizing quality, regional partnerships, and flexible service. Technically, the website is built on the Neos CMS platform using the Flow PHP framework, with modern JavaScript and Matomo analytics integration. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Security posture is good with HTTPS enforced and no visible vulnerabilities, though explicit security headers and policies could be improved. Privacy compliance is limited due to missing explicit privacy and cookie policies. Overall, the website is professional, trustworthy, and business-focused, with clear contact information and comprehensive structured data.

E

Europski socijalni fond

esf.hr

46

The website www.esf.hr serves as the official Croatian government portal for the European Social Fund (ESF), focusing on the development of human potentials through various social, employment, education, and governance projects. It provides comprehensive information about funding calls, project examples, and relevant documentation, targeting civil society organizations, cultural institutions, and social service providers. The site is well-positioned as a trusted government resource with consistent branding and clear navigation. Technically, the site is built on WordPress 5.1.19 with a modern tech stack including jQuery, Google Analytics, and SEO plugins. It demonstrates good mobile optimization and accessibility features, although performance is moderate. The hosting appears to be managed by CARNET, a Croatian academic network, aligning with the official nature of the site. From a security perspective, the site uses HTTPS with a good SSL configuration but lacks advanced security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partially addressed with a privacy policy and cookie notice, but lacks a full consent mechanism. Contact information is limited to a physical address without direct email or phone contacts. Overall, the website is a reliable and professional government platform with a strong business credibility score. Strategic improvements could focus on enhancing security headers, implementing cookie consent, and publishing security policies to strengthen trust and compliance.

V

Visit Karlovac

visitkarlovac.hr

48

Visit Karlovac is the official tourism website for the city of Karlovac, Croatia, providing comprehensive information about cultural, natural, gastronomic, and event experiences to visitors. The site targets tourists and visitors interested in exploring the city and offers resources such as event calendars, travel planning guides, and detailed descriptions of local attractions. The website is well-positioned as an authoritative source for tourism in Karlovac, supported by active social media channels and structured data that enhances search engine visibility. Technically, the website is built on WordPress using Elementor, enhanced with performance and SEO plugins such as WP Rocket and Rank Math. It leverages Cloudflare for DNS and likely CDN services, ensuring fast loading times and good mobile optimization. The site implements HTTPS with a strong SSL configuration and includes a cookie consent mechanism compliant with GDPR, reflecting a mature digital infrastructure. From a security perspective, the website enforces HTTPS and uses reputable plugins, but explicit security headers are not fully verified in the HTML content. There is no visible incident response or vulnerability disclosure policy, which could be improved to enhance trust and security posture. No vulnerabilities or exposed sensitive data were detected in the content. Overall, Visit Karlovac presents a professional, secure, and privacy-compliant tourism platform with excellent content quality and user experience. Strategic improvements in security header implementation and incident response transparency would further strengthen its security maturity.

Ypsilon.Net AG is a well-established global provider of integrated travel IT, payment, and fraud prevention solutions primarily serving airlines, travel agencies, and online travel operators. Founded in 1994 and headquartered in Germany, the company offers a comprehensive suite of services including content aggregation from GDS and NDC carriers, booking engines, ticketing, and PCI DSS Level 1 certified payment services. Their market position is strong with thousands of customers worldwide and multiple subsidiaries supporting various aspects of their business. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, with a moderate performance profile and good mobile optimization. The infrastructure described is robust, supporting high scalability and availability. Security posture is strong, evidenced by certifications like PCI DSS Level 1, ISO 27001, and PSD2 compliance, although some improvements in security headers and incident response transparency are recommended. Overall, the website and business demonstrate a mature digital presence with good compliance and security practices. The incomplete WHOIS data introduces some uncertainty about domain registration legitimacy, but the business content and certifications strongly support credibility. Strategic recommendations include enhancing security header implementation, publishing incident response contacts, and improving cookie consent mechanisms to further strengthen privacy compliance and trust.

Q

Qualentum

qualentum.com

51

Qualentum is a Spanish company specializing in accelerating digital talent through apprenticeship and internship programs, primarily targeting junior tech and digital profiles. It operates as part of the Proeduca group and collaborates with educational institutions such as UNIR and corporate partners like VASS. The website is well-structured, professionally designed, and optimized for SEO, providing clear information about its services and target audiences. However, the absence of WHOIS registration data raises some concerns about domain legitimacy, although the business presence and content suggest a legitimate operation. Technically, the website is built on WordPress using modern tools like Elementor and Yoast SEO, with Google Tag Manager integrated for analytics. The site is mobile-optimized and performs moderately well. Security posture is good with HTTPS enabled and no obvious vulnerabilities, but lacks some security headers and published policies. Privacy compliance is weak due to missing privacy and cookie policies, which should be addressed to meet GDPR requirements. Overall, the website presents a professional and trustworthy front for a medium-sized education and technology business, but improvements in transparency, privacy compliance, and domain registration clarity are recommended to enhance trust and security.

A

Axperi

axperi.com

48

Axperi is a specialized web-based platform designed to support clinical trial management by providing tools for administration, coordination, activity tracking, and electronic archiving compliant with Good Clinical Practice (GCP). The platform targets clinical study units, experimental centers, sponsors, CROs, and regulatory bodies, aiming to streamline clinical trial processes and improve communication among stakeholders. The website presents a professional and consistent brand image with clear contact information and privacy compliance mechanisms. Technically, the website leverages modern JavaScript libraries such as jQuery, ScrollMagic, and Bootstrap to deliver a responsive and interactive user experience. The platform is web-based, supporting mobile devices, and optimized for moderate performance. However, some security best practices like security headers are not explicitly detected, and no explicit security certifications or vulnerability disclosure policies are present. From a security perspective, the site enforces HTTPS and includes cookie consent mechanisms, indicating a baseline privacy compliance. The absence of WHOIS data for the domain www.axperi.com raises concerns about domain registration legitimacy, which impacts overall trustworthiness. No signs of WAF or blocking mechanisms were detected, and the content is safe for general audiences. Overall, Axperi demonstrates a solid business and technical foundation for clinical trial management software but should address domain registration inconsistencies and enhance security posture to improve trust and compliance.

T

TNX s.r.l.

avatable.com

48

AVATABLE is a specialized SaaS provider offering a comprehensive restaurant booking management system integrated with a website solution. The company, TNX s.r.l., targets restaurants, pizzerias, fast food outlets, and event organizers primarily in Italy. Their platform includes a booking engine, table and room management, digital menus, CRM capabilities, marketing automation, and delivery integration. The website is professionally designed, mobile-optimized, and provides clear navigation and relevant content for its target audience. Technically, the site uses modern web technologies including jQuery, Bootstrap, and various JavaScript libraries, with good SEO and performance characteristics. Security posture is solid with HTTPS enforced and no obvious vulnerabilities, though explicit security headers and incident response policies are absent. Privacy and cookie policies are present and GDPR compliant. WHOIS data is missing, which reduces trust slightly but the overall business presence and content quality support legitimacy.

INVOICEX is a well-established Italian software company specializing in invoicing, warehouse management, and internal accounting solutions tailored for small and medium enterprises, freelancers, and artisans. The company, TNX s.r.l., has over 20 years of experience and a strong client base exceeding 10,000 active users annually. Their product offers multi-platform compatibility and a free version with upgrade options, supported by professional technical assistance and continuous updates. The website reflects a mature digital presence with comprehensive content and clear business positioning. Technically, the website employs modern JavaScript libraries such as jQuery and Bootstrap, integrates multiple analytics and tracking tools including Google Analytics, Matomo, and Facebook Pixel, and uses HTTPS with good SSL configuration. The site is mobile-optimized and features a cookie consent mechanism compliant with GDPR. However, some security headers like Content-Security-Policy and X-Frame-Options are not detected, representing an area for improvement. From a security perspective, the site demonstrates good practices such as secure login forms and data backup options but lacks explicit security policy documentation and incident response contacts. No vulnerabilities or exposed sensitive data were found in the HTML content. The domain registration data is consistent with the business claims, enhancing trustworthiness. Overall, the website scores well in content quality, technical implementation, privacy compliance, and business credibility, with moderate security posture. Strategic recommendations include enhancing HTTP security headers, publishing security policies, and improving accessibility features to further strengthen the site's security and compliance posture.

O

Ordinalo

ordinalo.net

52

Ordinalo is an Italian-based software service provider specializing in take away and food delivery management solutions for restaurants and food businesses. The company offers a comprehensive SaaS platform including a website, mobile apps for Android and iOS, order management, delivery rider coordination, digital menus with QR codes, and marketing tools such as push notifications. Ordinalo positions itself as a niche player enabling restaurants to disintermediate from large food delivery platforms and build direct customer relationships. The website is professionally designed, content-rich, and targets small to medium-sized food service businesses in Italy. Technically, the site uses modern web technologies and integrates analytics and tracking tools, but lacks some advanced security headers and a published security policy. The WHOIS data is unavailable, which slightly reduces domain trustworthiness, but the overall business credibility is supported by clear contact information, client logos, and active social media presence. Privacy and cookie policies are implemented with consent mechanisms, indicating GDPR awareness. Overall, Ordinalo presents a solid digital presence with room for security and compliance improvements.

M

Medical Research Council (MRC)

mrc.ac.uk

72

The Medical Research Council (MRC) is a UK government-funded research council operating under UK Research and Innovation (UKRI). It focuses on funding world-leading discovery and translational medical research to accelerate diagnosis, advance treatment, and prevent human illness. The website serves researchers, healthcare professionals, and policy makers by providing information on funding opportunities, research programs, and collaboration initiatives. The MRC holds a leading position in the UK's medical research funding landscape, offering fellowships and grants to support scientific advancement. Technically, the website is built on WordPress and leverages modern web technologies including Google Tag Manager, Google Analytics, Siteimprove Analytics, and Hotjar for performance and user behavior insights. It employs the GOV.UK design system ensuring accessibility and responsive design. The site is well-optimized for SEO and mobile devices, with a clear navigation structure and professional content presentation. From a security perspective, the site enforces HTTPS and implements a cookie consent mechanism compliant with GDPR. While explicit security headers are not visible in the HTML, the overall security posture is good with no exposed sensitive data or vulnerable libraries detected. The WHOIS data is unavailable due to query failure, but the domain is consistent with official UK government domains, indicating high legitimacy. Overall, the MRC website demonstrates a strong digital maturity with excellent content quality, good technical implementation, and solid privacy compliance. It is a trustworthy and authoritative source for medical research funding information in the UK.

U

University of York

york.ac.uk

68

The University of York is a prestigious UK academic institution, part of the Russell Group, offering outstanding teaching and research services. The website reflects a mature digital presence with comprehensive content targeting prospective and current students, researchers, and academic staff. The site is well-branded and professionally maintained, emphasizing its academic reputation and community engagement. Technically, the site employs modern web technologies and multiple analytics and marketing tools to optimize user experience and engagement. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the domain and website present a trustworthy and credible academic entity.

P

Public Library of Science (PLOS)

plosmedicine.org

72

PLOS Medicine is a leading open-access medical journal operated by the Public Library of Science, a reputable non-profit academic publisher based in the United States. The website serves as a platform for disseminating peer-reviewed medical research and commentary, targeting researchers, clinicians, and healthcare professionals globally. The business model focuses on open-access publishing, supported by article processing charges and institutional funding, positioning PLOS Medicine as a key player in the academic publishing industry. Technically, the website employs a modern technology stack including jQuery, Foundation framework, and integrates analytics and marketing tools such as Google Analytics, New Relic, and HubSpot. The site demonstrates good performance, mobile optimization, and accessibility, reflecting a mature digital infrastructure suitable for its audience. From a security perspective, the site enforces HTTPS, implements multiple security headers, and maintains secure cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a public vulnerability disclosure policy and incident response contact information suggests areas for improvement in transparency and security readiness. Overall, the website is professional, trustworthy, and compliant with privacy regulations including GDPR. The domain WHOIS data is privacy protected but consistent with the organization's branding and reputation. The risk profile is low, with recommendations focusing on enhancing security policies and disclosure practices to further strengthen trust and compliance.

COPE (Committee on Publication Ethics) is a well-established non-profit membership organization dedicated to promoting integrity in scholarly research and publication. Founded in 2008, it serves the global scholarly publishing community by providing guidance, tools, events, and forums to uphold ethical standards. The website reflects a professional and comprehensive digital presence with clear navigation, rich content, and a strong brand identity. Technically, the site is built on Drupal 10, uses Cloudflare DNS, and integrates modern analytics and consent management tools, indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement, domain protection statuses, and bot mitigation via Google reCAPTCHA, though enabling DNSSEC and explicit security headers would enhance security further. Privacy compliance is robust, featuring a comprehensive cookie policy and consent mechanism aligned with GDPR requirements. Overall, the site demonstrates high professionalism, trustworthiness, and a commitment to ethical standards in scholarly publishing.

The website www.bmj.com is currently inaccessible due to a Cloudflare Turnstile security challenge page that requires human verification before content can be accessed. This prevents extraction of meaningful business, technical, or security information from the site content. The domain WHOIS lookup returned no registration data, which is unusual for a well-known domain and may indicate privacy protection or query limitations. Due to these access restrictions, the technical infrastructure appears to rely on Cloudflare for security and DDoS protection, but no further details can be confirmed. The security posture cannot be fully assessed, but the presence of a WAF challenge indicates some level of protection. Overall, the site cannot be fully analyzed until the security challenge is bypassed or removed.

A

American College of Physicians

annals.org

65

Annals of Internal Medicine is a reputable medical journal published by the American College of Physicians, targeting healthcare professionals and researchers in internal medicine. The website offers a wide range of peer-reviewed articles, clinical guidelines, and educational content, positioning itself as a leading source in the medical publishing industry. The business model is primarily subscription-based with additional revenue from advertising and continuing medical education offerings. The site demonstrates consistent branding and a professional presentation aligned with its parent organization.

C

Carletta Ltd.

pin-up-casinos.mx

55

Pin-Up Casino México operates as a licensed online gambling platform targeting Mexican players with a broad offering of casino games, sports betting, and promotional bonuses. The business is registered offshore under Carletta Ltd. in Cyprus, with a Curazao gambling license ensuring regulatory compliance. The website is professionally designed, mobile-optimized, and provides a secure user experience with SSL encryption and certified RNG for fair play. Customer support is available 24/7, and the platform offers multiple payment methods including cryptocurrencies. Technically, the site is built on WordPress with Bootstrap framework, leveraging Cloudflare for DNS and CDN services. It employs modern analytics tools such as Google Analytics and Microsoft Clarity for user behavior tracking. Security best practices are mostly followed, though explicit security headers and incident response policies are absent. Privacy compliance is basic, with cookie consent implemented but limited GDPR indicators. Overall, the security posture is solid with no critical vulnerabilities detected. The domain is newly registered compared to the business founding date, which may indicate a recent rebranding or regional expansion. The platform maintains high trustworthiness through licensing, transparent business information, and positive user testimonials. Strategic improvements in privacy compliance and security policy transparency would enhance the platform's credibility further.

V

Venson Ltd

mostbet-download.app

52

Mostbet is an established online gambling and sports betting platform operated by Venson Ltd, licensed under Curacao jurisdiction since 2009. The website offers a comprehensive mobile app experience for Android and iOS users, targeting a global audience with a strong presence in over 90 countries including Pakistan, India, and Bangladesh. The platform provides a wide range of betting options including sports, casino games, poker, and e-sports, supported by various bonuses and promotions to attract and retain users. Technically, the site is built on WordPress with modern web technologies and includes multilingual support via Polylang. The use of Microsoft Clarity indicates moderate analytics and user tracking. Security posture is adequate with HTTPS enforced, but lacks explicit security headers and cookie consent mechanisms. Business credibility is supported by consistent WHOIS data and licensing information.

The website 8k8cas.com is currently inaccessible due to a Cloudflare error 521 indicating the origin web server is down. The domain is very recently registered in December 2024 with Spaceship, Inc. as the registrar and uses Cloudflare as a CDN and WAF. There is no visible business information, contact details, privacy or cookie policies, or any content beyond the error page. This severely limits the ability to assess the business or technical maturity of the site. The lack of DNSSEC and security headers further reduces the security posture. Overall, the site appears to be either under development or experiencing significant downtime, resulting in a low trust and credibility score.

B

Borming d.o.o

borming.hr

48

Borming d.o.o is a Croatian technology company specializing in custom web and mobile application development, with a strong focus on blockchain and Web3 technologies. Founded in 2001 and based in Zagreb, the company offers services including smart contract development on Ethereum and Polygon networks, custom CMS solutions, and traditional web development using modern stacks like React and Node.js. Their market position is that of an established local player with a growing emphasis on blockchain integration. Technically, the website is built with React and Node.js, hosted behind Cloudflare, and uses Google Analytics for tracking. The site is mobile optimized and performs moderately well, though accessibility features are basic. Security posture is good with HTTPS enforced, but lacks visible security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies and no consent mechanism. Business credibility is strong with consistent WHOIS data and professional content. Overall, the website is professional and trustworthy but would benefit from improved privacy and security disclosures.

Z

Zavičajni muzej Ogulin

zavicajni-muzej-ogulin.hr

47

Zavičajni muzej Ogulin is a Croatian cultural heritage museum focused on preserving and presenting the history and culture of the Ogulin region. The museum offers diverse collections including archaeological, ethnographic, and artistic exhibits, alongside educational programs and virtual tours. It serves a broad audience including local residents, tourists, and students, positioning itself as a key regional cultural institution. The website reflects a small-sized non-profit organization with a clear mission and consistent branding. Technically, the website is built on WordPress using the Enfold theme, hosted by Hostinger. It employs modern web technologies such as jQuery and integrates Facebook SDK for social media features. The site is mobile-optimized, accessible, and SEO-friendly, though performance is moderate. The presence of cookie consent and privacy policy pages indicates good digital maturity and compliance with GDPR. From a security perspective, the site uses HTTPS with excellent SSL configuration but lacks visible security headers which could enhance protection. No critical vulnerabilities or exposed sensitive data were detected. The absence of a security policy or incident response contact suggests room for improvement in security governance. The WHOIS data aligns well with the website's Croatian identity and business type, supporting legitimacy. Overall, the website is professional, trustworthy, and compliant with privacy regulations, suitable for its cultural and educational purpose. Strategic improvements in security headers and incident response readiness would further strengthen its security posture.

A

Aurora Colapis

aurora-experience.com

56

Aurora Colapis operates the Aurora River Experience, offering unique cultural and historic river boat tours on the traditional Žitna lađa Zora in Croatia. The business targets tourists and local groups seeking authentic river experiences, team building events, and private parties. The website is professionally designed using WordPress with WooCommerce and Elementor, integrating booking and e-commerce functionalities. The technical infrastructure is modern and includes Google Analytics and Ads for marketing and tracking. Security posture is adequate with HTTPS and reCAPTCHA, but lacks DNSSEC and some security headers. Privacy compliance is good with GDPR-aligned policies and cookie consent mechanisms. Overall, the business presents a trustworthy and niche tourism offering with solid digital presence.

N

Novena d.o.o.

novena.hr

52

Novena d.o.o. is a Croatian digital media studio specializing in multimedia solutions for cultural heritage, museums, interpretation centers, and tourist destinations. Established in 1997, the company offers a broad range of services including multimedia applications, web design and hosting, photo and video production, AR/VR, 3D modeling, and audio guides. Their market position is that of a specialized service provider with a focus on cultural and educational sectors. The website reflects a professional and consistent brand image targeting institutions and organizations in the cultural and tourism industries. Technically, the website uses a mix of legacy and modern JavaScript libraries such as jQuery, UIkit, Slick Carousel, and Splide.js, hosted behind Cloudflare. The site is HTTPS enabled with Google Analytics and reCAPTCHA integrated, indicating a moderate level of digital maturity. Performance and mobile optimization are adequate, though accessibility features are basic. SEO practices are implemented through meta tags and structured data. From a security perspective, the site benefits from HTTPS and anti-bot measures but lacks visible security headers and dedicated security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. Privacy compliance is weak due to the absence of privacy and cookie policies, which is a notable gap given GDPR requirements. Overall, the website is safe, professional, and trustworthy with a solid business foundation. However, improvements in privacy compliance and security best practices are recommended to enhance trust and regulatory adherence.

E

Exevio Ltd.

exevio.hr

55

Exevio Ltd. is a Croatian-based small technology company specializing in corporate IT solutions including web development, loyalty platforms, app and game development, and quality assurance services. Founded in 2013, the company positions itself as a quality-focused partner for businesses seeking tailored IT solutions. Their website reflects a professional and consistent brand image, supported by ISO 9001 and ISO 27001 certifications and EU funding partnerships, enhancing their credibility in the market. Technically, the website employs modern web technologies such as jQuery and integrates Google Analytics and Tag Manager for data insights. The site is mobile optimized with good SEO practices, though some improvements in accessibility and security headers could be made. Hosting details are limited but the domain is registered with NameCheap and secured with HTTPS. From a security perspective, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and visible security headers. No incident response or vulnerability disclosure policies are published, which could be improved to enhance trust. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website and business present a low-risk profile with strong business credibility and moderate technical maturity. Strategic improvements in security policies and technical hardening are recommended to further strengthen their posture.

F

Fakat

fakat.eu

41

Fakat is a Croatian event agency specializing in comprehensive ideation, organization, and production services for a wide range of events including campaigns, festivals, concerts, exhibitions, corporate events, conferences, and sports events. The company positions itself as a full-service partner offering turnkey solutions and hardware rental with professional staffing. The website is well-structured, professionally designed, and targets businesses and individuals seeking event management services. Technically, the site uses modern web technologies including HTML5, CSS3, JavaScript, jQuery, and the Gumby framework, with Google Analytics integrated for visitor tracking. However, there is no evidence of a CMS or hosting provider details. Security posture is moderate with no visible security headers or HTTPS verification, and privacy compliance is low due to missing privacy and cookie policies. Contact information is clearly presented, including company email and phone, along with active social media profiles. WHOIS data is unavailable due to EURid privacy policies, but no suspicious indicators are present. Overall, the site is functional and professional but would benefit from improved security and privacy compliance.

The website kera-term.hr is currently inaccessible due to a Cloudflare Turnstile security challenge page that blocks access to the actual content. As a result, no business information, contact details, or policies are available for analysis. The site appears to be protected by Cloudflare's security services, indicating an intent to prevent automated access or attacks. However, this also limits the ability to assess the site's content quality, technical infrastructure, or security posture comprehensively. The lack of visible metadata, forms, or external business links further restricts insight into the company's operations or market position. Overall, the site is currently in a state that prevents meaningful evaluation beyond the presence of a security mechanism.

W

Westgate

westgate.hr

46

Westgate.hr is the official website of Westgate, the largest shopping center in Croatia. The site provides comprehensive information about retail stores, restaurants, entertainment options, and services available at the mall. It targets a broad audience including families and shoppers seeking a variety of brands and leisure activities. The website is built on modern web technologies such as Vue.js and Nuxt.js, integrating analytics and marketing tools like Google Analytics and Facebook Pixel to monitor user engagement and optimize marketing efforts. The design is professional, mobile-optimized, and offers clear navigation, enhancing user experience. Security measures include HTTPS enforcement and standard security headers, though explicit privacy and terms of service policies are not published, which is a compliance gap. Overall, the site is trustworthy and well-maintained, with room for improvement in privacy transparency and direct contact information for security or incident response.

S

Suzuki

suzuki.hr

49

Suzuki.hr is the official Croatian website representing Suzuki automobiles and motorcycles. The site provides information about Suzuki vehicles with a focus on affordability and quality, targeting general consumers interested in transportation solutions. The website is built on WordPress with modern SEO practices, including structured data and social media integration, indicating a moderate level of digital maturity. Cookie consent is managed via Cookiebot, demonstrating awareness of privacy compliance requirements. However, the absence of a privacy policy and contact information limits full compliance and user trust. Security posture is adequate with HTTPS enforced but lacks advanced security headers and explicit incident response contacts. Overall, the site is legitimate and professionally maintained but would benefit from enhanced privacy and security disclosures.

T

Tokić d.d.

tokic.hr

52

Tokić d.d. is a leading regional distributor and retailer of auto parts and related equipment with over 35 years of tradition. The company operates a large network of physical stores across Croatia and Slovenia, complemented by a comprehensive online webshop. They also provide educational services through their certified training center and operate an Auto Check Center for vehicle servicing. The website reflects a mature business with a strong market position and a broad target audience including mechanics, drivers, and automotive enthusiasts. Technically, the site is built on WordPress with modern libraries and frameworks, offering good mobile optimization and SEO practices. Security posture is strong with HTTPS, reCAPTCHA integration, and cookie consent mechanisms, although some security headers could be improved. Privacy compliance is well addressed with clear policies and user consent. Overall, the website is professional, trustworthy, and well-aligned with the company's business model and market presence.

J

Jadranski naftovod, dioničko društvo

janaf.hr

10

Jadranski naftovod d.d. (JANAF) is a well-established Croatian company operating since 1998, specializing in the international transport of crude oil via pipeline infrastructure from the Terminal Omišalj to domestic and foreign refineries in Southeast and Central Europe. The company holds a leading market position in the energy transport sector, providing critical infrastructure services including pipeline operation, storage terminals, and environmental protection initiatives. The website reflects a professional corporate presence targeting investors, business partners, and job seekers, with detailed business and sustainability information. Technically, the website employs modern web technologies such as JavaScript ES modules and custom fonts, with a moderate performance profile and good mobile optimization. SEO and accessibility are adequately addressed, though some improvements could be made in accessibility and security headers. The hosting provider is not explicitly identified but the domain registrar is CARNET, a reputable Croatian academic network. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers, incident response information, and vulnerability disclosure mechanisms. Privacy compliance is supported by a comprehensive privacy policy and cookie policy, though no active cookie consent mechanism is detected. Social media presence is limited to official YouTube and LinkedIn channels, with no visible tracking or advertising scripts. Overall, the website is trustworthy, professionally maintained, and aligned with the company's business profile. Strategic recommendations include enhancing security headers, adding incident response and vulnerability disclosure pages, implementing cookie consent mechanisms, and improving accessibility features to strengthen compliance and security posture.

H

Hrvatske autoceste d.o.o.

hac.hr

57

Hrvatske autoceste d.o.o. is a Croatian state-owned company responsible for the management, construction, and maintenance of highways in Croatia. The website serves as an information portal for motorway users, offering details on tolls, traffic conditions, and related services. It targets both individual drivers and commercial transport operators, positioning itself as the primary authority for highway infrastructure in Croatia. The company provides electronic toll collection services and real-time traffic updates through dedicated mobile applications. Technically, the website is built using modern web technologies including Vue.js, with a responsive design optimized for mobile devices. Security measures include HTTPS enforcement and CSRF token implementation, alongside a comprehensive cookie consent mechanism. However, some security headers are not evident, and no explicit security or incident response policies are published. Overall, the site demonstrates a good balance of usability, compliance, and professionalism, supporting the company's role as a trusted public infrastructure provider.

H

Hrvatski olimpijski odbor

hoo.hr

37

Hrvatski olimpijski odbor (HOO) is the national Olympic committee and umbrella sports organization in Croatia, established in 1991. It serves as the central body for promoting Olympic sports, supporting athletes, and organizing sports events in Croatia. The website reflects a well-maintained digital presence with a focus on news, events, and organizational information relevant to the Croatian sports community. Technically, the site uses modern frameworks such as Next.js and React, with good mobile optimization and accessibility features. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place, although explicit privacy and terms of service pages are missing. Overall, the domain registration and WHOIS data align well with the organization's identity, supporting high legitimacy and trust. Strategic improvements include publishing comprehensive privacy and security policies and enhancing transparency on data protection roles.